| 1 |
On Wed, Apr 1, 2015 at 4:04 AM, Canek Peláez Valdés <caneko@×××××.com> wrote: |
| 2 |
|
| 3 |
> # If you have cgroups turned on in your kernel, this switch controls |
| 4 |
> # whether or not a group for each controller is mounted under |
| 5 |
> # /sys/fs/cgroup. |
| 6 |
> [...] |
| 7 |
> # Set this to YES if yu want all of the processes in a service's cgroup |
| 8 |
> # killed when the service is stopped or restarted. |
| 9 |
> # This should not be set globally because it kills all of the service's |
| 10 |
> # child processes, and most of the time this is undesirable. Please set |
| 11 |
> # it in /etc/conf.d/<service>. |
| 12 |
> # To perform this cleanup manually for a stopped service, you can |
| 13 |
> # execute cgroup_cleanup with /etc/init.d/<service> cgroup_cleanup or |
| 14 |
> # rc-service <service> cgroup_cleanup. |
| 15 |
> # rc_cgroup_cleanup="NO" |
| 16 |
|
| 17 |
As pointed out in the comments, using this feature is apparently |
| 18 |
unrecommended - probably because most init.d scripts were never |
| 19 |
written with it in mind. A few notes that might be helpful for |
| 20 |
anybody trying this out, based on my systemd experiences (where this |
| 21 |
is standard functionality, but units are written with this in mind). |
| 22 |
Please note that I'm not 100% sure about how this is implemented in |
| 23 |
openrc, so some potential issues below may be mitigated. |
| 24 |
|
| 25 |
Also note, I'm not trying to make any value statements here (foo is |
| 26 |
better than bar) - the purpose of my email is to help educate |
| 27 |
sysadmins about some of the possible unintended consequences of using |
| 28 |
features like these. |
| 29 |
|
| 30 |
1. As far as I'm aware, openrc still doesn't have any concept of |
| 31 |
scripts stopping/failing unless you explicitly tell it to stop them. |
| 32 |
With systemd if the main process dies, the unit stops (and possibly |
| 33 |
fails), and the child processes are killed automatically if this is |
| 34 |
not overridden. So, don't expect the behavior to be exactly the same. |
| 35 |
|
| 36 |
2. Some scripts like apache might attempt to do graceful shutdowns. |
| 37 |
I have no idea how the kill behavior of openrc interacts with this. |
| 38 |
With systemd care had to be taken in the script to ensure that kills |
| 39 |
were only sent after a suitable timeout to allow graceful shutdown a |
| 40 |
chance to complete - otherwise an apache2 graceful completes instantly |
| 41 |
and SIGTERMs get sent almost immediately afterwards. The openrc |
| 42 |
init.d script already does its own attempts at polling/killing for a |
| 43 |
restart, so you might get issues with how these features interact. |
| 44 |
|
| 45 |
3. Sometimes leaving orphan processes around might be considered |
| 46 |
intended behavior. Any screen launched from an ssh session is going |
| 47 |
to be a child of sshd and in its cgroup. If you completely kill the |
| 48 |
cgroup, then you'll kill any user sessions inside unless they were |
| 49 |
given some kind of special handling. I'm actually not 100% sure how |
| 50 |
this is done in systemd (logind may put these in a different cgroup |
| 51 |
already), but you'll certainly want to think about things like this. |
| 52 |
|
| 53 |
4. Not really an issue for openrc, but if you're running systemd |
| 54 |
timer units keep in mind that anything you fork from the main process |
| 55 |
dies when the main process dies, so be careful about a cron shell |
| 56 |
scripts that runs stuff in the background without waiting at the end. |
| 57 |
|
| 58 |
I'd think that this is a feature openrc would want to make the default |
| 59 |
at some point. However, for that transition to be made maintainers |
| 60 |
need to take another look at their scripts to make sure they still |
| 61 |
work correctly. That was never an issue for systemd since the |
| 62 |
behavior was there from the start. |
| 63 |
|
| 64 |
One thing I will say is that doing this sort of thing in the service |
| 65 |
manager makes a LOT more sense than doing it in individual scripts. |
| 66 |
Look at the apache2 init.d script sometime and compare it to the |
| 67 |
systemd unit. Most of the complexity in the init.d script is just |
| 68 |
implementing stuff that systemd does natively, like graceful restarts |
| 69 |
with cleanup of orphans and all that. I'm not criticizing the apache2 |
| 70 |
script, but rather pointing out that one of the advantages of systemd |
| 71 |
is that all of its units benefit from that kind of care without the |
| 72 |
need to implement it in each script. And, of course, killing child |
| 73 |
processes can be configured per-service or even globally (though doing |
| 74 |
it globally probably isn't advisable, since many units probably depend |
| 75 |
on systemd to just send SIGTERMs followed by SIGKILLs as its default |
| 76 |
action and stuff wouldn't stop at all without this). |
| 77 |
|
| 78 |
-- |
| 79 |
Rich |
Archives