| 1 |
On Tue, February 18, 2014 12:54, Mark David Dumlao wrote: |
| 2 |
> On Tue, Feb 18, 2014 at 5:52 PM, J. Roeleveld <joost@××××××××.org> wrote: |
| 3 |
>> On Tue, February 18, 2014 10:47, Alan McKinnon wrote: |
| 4 |
>>> On 18/02/2014 05:46, Mark David Dumlao wrote: |
| 5 |
>>>> I used to use cherokee. Fast, light, awesome, and with a web admin. |
| 6 |
>>>> The init script always failed me. /etc/init.d/cherokee stop was not a |
| 7 |
>>>> guaranteed stop to all forked cherokee processes - the parent pid |
| 8 |
>>>> dies, but some forked process or something, usually related to |
| 9 |
>>>> rrdtool, doesn't. Or the parent does exit and erases the pid file but |
| 10 |
>>>> it returns control immediately and its not yet done exiting. Something |
| 11 |
>>>> like that or other. Point is, I've several times had to ps aux|grep |
| 12 |
>>>> ... kill; zap; start - on production servers. |
| 13 |
>>> |
| 14 |
>>> |
| 15 |
>>> Valid point. Other than vixie-cron (damn thing just never seems to die |
| 16 |
>>> properly on any platform so restarts always fail) I don't really run |
| 17 |
>>> into these issues |
| 18 |
>> |
| 19 |
>> Interesting, I have never had issues with restarting vixie-cron using |
| 20 |
>> the |
| 21 |
>> supplied init-scripts. |
| 22 |
>> |
| 23 |
>>> What I do run into is daemons that drop privs on start up, like |
| 24 |
>>> tac_plus. Unwary new sysadmins always try start/stop it as root, |
| 25 |
>>> causing |
| 26 |
>>> an unholy mess. Root the owns the log and pid files, when tac_plus |
| 27 |
>>> drops |
| 28 |
>>> privs it can't record it's state so continues to service requests but |
| 29 |
>>> fails to log any of them. For an auth daemon, that's a serious issue. |
| 30 |
>> |
| 31 |
>> Shouldn't sysadmins use the init-scripts for that? |
| 32 |
>> If done correctly, permissions should not be an issue. |
| 33 |
>> |
| 34 |
>> Restarting services without keeping file ownership into account will |
| 35 |
>> always cause issues. Regardless of the init-system used. |
| 36 |
>> |
| 37 |
> |
| 38 |
> That's just the thing though. As a sysadmin, how do you debug a service |
| 39 |
> that isn't starting to begin with? |
| 40 |
|
| 41 |
This isn't what Alan was talking about. |
| 42 |
He was talking about restarting an existing, working service. |
| 43 |
|
| 44 |
> Let's say your new to the service. |
| 45 |
> You're |
| 46 |
> not even sure if you got the config right the first time around. Or maybe |
| 47 |
> you're adjusting a setting somewhere, and you're confused why it |
| 48 |
> isn't taking effect. |
| 49 |
|
| 50 |
In an environment where Alan works, I wouldn't be the only person around. |
| 51 |
There should be someone on call who knows. |
| 52 |
|
| 53 |
> All the /upstream documentation/, all the /man pages/, all the |
| 54 |
> /usr/share/doc |
| 55 |
> stuff will tell you to start it _raw_. The init script obscures the |
| 56 |
> starting options, |
| 57 |
> environment variables, and sometimes even the running user from you. What |
| 58 |
> are |
| 59 |
> you gonna do, play a human shell script parser? Nobody's perfect, do it |
| 60 |
> enough times and you're going to casually gloss over the line where |
| 61 |
> --safe-mode is appended to the string depending on the phase of |
| 62 |
> the moon... |
| 63 |
> |
| 64 |
> If you're lucky, you've never had to start an unfamiliar service, or debug |
| 65 |
> someone else's unfamiliar config under time pressure... |
| 66 |
|
| 67 |
I have been on both ends of this. |
| 68 |
|
| 69 |
I have multiple times been in a situation where I was under time-pressure |
| 70 |
to get services running again on unfamiliar systems. Talking untrained |
| 71 |
admins through the process by phone-communication only. |
| 72 |
It is not easy, but by staying calm and focused, mistakes are avoided. |
| 73 |
Also, in my experience, a calm systematic approach is usually faster then |
| 74 |
the cowboy-method of trying everything I can find on Google. |
| 75 |
|
| 76 |
I have also, too often, had to clean up the mess caused by these cowboy |
| 77 |
tactics. |
| 78 |
|
| 79 |
-- |
| 80 |
Joost |
Archives