1 |
On Tue, February 18, 2014 12:54, Mark David Dumlao wrote: |
2 |
> On Tue, Feb 18, 2014 at 5:52 PM, J. Roeleveld <joost@××××××××.org> wrote: |
3 |
>> On Tue, February 18, 2014 10:47, Alan McKinnon wrote: |
4 |
>>> On 18/02/2014 05:46, Mark David Dumlao wrote: |
5 |
>>>> I used to use cherokee. Fast, light, awesome, and with a web admin. |
6 |
>>>> The init script always failed me. /etc/init.d/cherokee stop was not a |
7 |
>>>> guaranteed stop to all forked cherokee processes - the parent pid |
8 |
>>>> dies, but some forked process or something, usually related to |
9 |
>>>> rrdtool, doesn't. Or the parent does exit and erases the pid file but |
10 |
>>>> it returns control immediately and its not yet done exiting. Something |
11 |
>>>> like that or other. Point is, I've several times had to ps aux|grep |
12 |
>>>> ... kill; zap; start - on production servers. |
13 |
>>> |
14 |
>>> |
15 |
>>> Valid point. Other than vixie-cron (damn thing just never seems to die |
16 |
>>> properly on any platform so restarts always fail) I don't really run |
17 |
>>> into these issues |
18 |
>> |
19 |
>> Interesting, I have never had issues with restarting vixie-cron using |
20 |
>> the |
21 |
>> supplied init-scripts. |
22 |
>> |
23 |
>>> What I do run into is daemons that drop privs on start up, like |
24 |
>>> tac_plus. Unwary new sysadmins always try start/stop it as root, |
25 |
>>> causing |
26 |
>>> an unholy mess. Root the owns the log and pid files, when tac_plus |
27 |
>>> drops |
28 |
>>> privs it can't record it's state so continues to service requests but |
29 |
>>> fails to log any of them. For an auth daemon, that's a serious issue. |
30 |
>> |
31 |
>> Shouldn't sysadmins use the init-scripts for that? |
32 |
>> If done correctly, permissions should not be an issue. |
33 |
>> |
34 |
>> Restarting services without keeping file ownership into account will |
35 |
>> always cause issues. Regardless of the init-system used. |
36 |
>> |
37 |
> |
38 |
> That's just the thing though. As a sysadmin, how do you debug a service |
39 |
> that isn't starting to begin with? |
40 |
|
41 |
This isn't what Alan was talking about. |
42 |
He was talking about restarting an existing, working service. |
43 |
|
44 |
> Let's say your new to the service. |
45 |
> You're |
46 |
> not even sure if you got the config right the first time around. Or maybe |
47 |
> you're adjusting a setting somewhere, and you're confused why it |
48 |
> isn't taking effect. |
49 |
|
50 |
In an environment where Alan works, I wouldn't be the only person around. |
51 |
There should be someone on call who knows. |
52 |
|
53 |
> All the /upstream documentation/, all the /man pages/, all the |
54 |
> /usr/share/doc |
55 |
> stuff will tell you to start it _raw_. The init script obscures the |
56 |
> starting options, |
57 |
> environment variables, and sometimes even the running user from you. What |
58 |
> are |
59 |
> you gonna do, play a human shell script parser? Nobody's perfect, do it |
60 |
> enough times and you're going to casually gloss over the line where |
61 |
> --safe-mode is appended to the string depending on the phase of |
62 |
> the moon... |
63 |
> |
64 |
> If you're lucky, you've never had to start an unfamiliar service, or debug |
65 |
> someone else's unfamiliar config under time pressure... |
66 |
|
67 |
I have been on both ends of this. |
68 |
|
69 |
I have multiple times been in a situation where I was under time-pressure |
70 |
to get services running again on unfamiliar systems. Talking untrained |
71 |
admins through the process by phone-communication only. |
72 |
It is not easy, but by staying calm and focused, mistakes are avoided. |
73 |
Also, in my experience, a calm systematic approach is usually faster then |
74 |
the cowboy-method of trying everything I can find on Google. |
75 |
|
76 |
I have also, too often, had to clean up the mess caused by these cowboy |
77 |
tactics. |
78 |
|
79 |
-- |
80 |
Joost |