summaryrefslogtreecommitdiff
path: root/doc/notifywhenup.html
diff options
context:
space:
mode:
Diffstat (limited to 'doc/notifywhenup.html')
-rw-r--r--doc/notifywhenup.html18
1 files changed, 13 insertions, 5 deletions
diff --git a/doc/notifywhenup.html b/doc/notifywhenup.html
index 40b0593..f73e2aa 100644
--- a/doc/notifywhenup.html
+++ b/doc/notifywhenup.html
@@ -54,21 +54,29 @@ is reliably up - because only they know when it is the case.
<li> Daemons can use the <tt>ftrigw_notify()</tt> function, provided in
<a href="libftrigw.html">the ftrigw library</a>. This is extremely
simple and efficient, but requires specific s6 support in the daemon. </li>
- <li> Daemons can write something to a file descriptor of their choice,
+ <li> Daemons can write a line to a file descriptor of their choice,
then close that file descriptor, when they're ready to serve. This is
a generic mechanism that some daemons already implement, and does not
require anything specific in the daemon's code. The administrator can
then run the daemon under <a href="s6-notifywhenup.html">s6-notifywhenup</a>,
which will properly catch the daemon's message and notify all the subscribers
-with a 'U' event, meaning that the service is now up with no possible race
-condition. </li>
+with a 'U' event, meaning that the service is now up. <br /> <br />
+ Note that there is <em>still</em> a small race condition remaining:
+if the daemon writes a line then instantly dies, and the supervisor
+picks up the death before the <a href="s6-notifywhenup.html">s6-notifywhenup</a>
+program picks up the line, it is possible for the event sequence written
+to the fifodir to be wrong - 'd' before 'U'. This should be extremely
+rare, but unfortunately the race condition is unavoidable. The only
+way to be absolutely race-free is to have the daemon perform its
+readiness notification itself, which requires specific support.
+ </li>
</ol>
<p>
The second method should really be implemented in every long-running
program providing a service. When it is not the case, it's impossible
-to provide race-free startup notifications, and subscribers should be
-content with the unreliable 'u' events provided by s6-supervise.
+to provide reliable startup notifications, and subscribers should then
+be content with the unreliable 'u' events provided by s6-supervise.
</p>
</body>