From 355d6a83810e1b7bb3bc2ccd3102141dbea63821 Mon Sep 17 00:00:00 2001 From: Laurent Bercot Date: Sun, 21 Aug 2022 02:37:46 +0000 Subject: Add upper limit to -c in s6-svscan Also document it, and document changes to s6-supervise Signed-off-by: Laurent Bercot --- doc/s6-supervise.html | 10 ++++++++-- doc/s6-svscan.html | 5 +++-- doc/servicedir.html | 31 ++++++++++++++++++++++--------- src/supervision/s6-supervise.c | 2 +- src/supervision/s6-svscan.c | 1 + 5 files changed, 35 insertions(+), 14 deletions(-) diff --git a/doc/s6-supervise.html b/doc/s6-supervise.html index 404e896..86d97a6 100644 --- a/doc/s6-supervise.html +++ b/doc/s6-supervise.html @@ -135,7 +135,12 @@ effective group id as the s6-supervise process. If it already exists, it uses it as is, without modifying the subscription rights.
  • It sends a 's' event to ./event.
  • If the default service state is up (i.e. there is no ./down file), -s6-supervise spawns ./run.
  • +s6-supervise spawns ./run. One argument is given to the ./run +program: servicedir, the name of the directory s6-supervise is being +run on. It is given exactly as given to s6-supervise, without recanonicalization. +In particular, if s6-supervise is being managed by s6-svscan, +servicedir is always of the form foo or foo/log, +and foo contains no slashes.
  • s6-supervise sends a 'u' event to ./event whenever it successfully spawns ./run.
  • If there is a ./notification-fd file in the service directory and, @@ -152,7 +157,8 @@ service for readiness.
  • It then spawns ./finish if it exists. ./finish will have ./run's exit code as first argument, or 256 if ./run was signaled; it will have the number of the signal that killed ./run -as second argument, or an undefined number if ./run was not signaled. +as second argument, or an undefined number if ./run was not signaled; +and it will have servicedir as third argument.
  • By default, ./finish must exit in less than 5 seconds. If it takes more than that, s6-supervise kills it with a SIGKILL. This can be configured via the ./timeout-finish file, see the description in the diff --git a/doc/s6-svscan.html b/doc/s6-svscan.html index 5c031c6..8b94cf4 100644 --- a/doc/s6-svscan.html +++ b/doc/s6-svscan.html @@ -76,10 +76,11 @@ where all error messages go to the s6-svscan-log catch-all logger servi default, except messages from this service itself, which fall back to consoleholder. If you're not sure what to use this option for, or how, you don't need it.
  • -c max : maintain services for up to max -service directories. Default is 500. Lower limit is 2. There is no upper limit, but: +service directories. Default is 500. Lower limit is 2. Upper limit is 90000. If +you're increasing this value from the default, please note that:
    • The higher max is, the more stack memory s6-svscan will use, -approximately 50 bytes per service.
    • +up to 100 bytes per service.
    • s6-svscan uses 2 file descriptors per logged service.
    It is the admin's responsibility to make sure that s6-svscan has enough available diff --git a/doc/servicedir.html b/doc/servicedir.html index 2ced33e..4ae06c2 100644 --- a/doc/servicedir.html +++ b/doc/servicedir.html @@ -45,11 +45,22 @@ file (such as a binary file or a link to any other executable file), but most of the time it will be a script, called run script. This file is the most important one in your service directory: it contains the commands that will setup and run your foo service. -It is forked and executed by s6-supervise +
      +
    • It is forked and executed by s6-supervise every time the service must be started, i.e. normally when s6-supervise starts, and whenever -the service goes down when it is supposed to be up. A run script -should normally: +the service goes down when it is supposed to be up.
    • +
    • It is given one argument, which is the same argument that the +s6-supervise process is running with, +i.e. the name of the service directory — or, if +s6-supervise is run under +s6-svscan, the name of the service directory +as seen by s6-svscan in its +scan directory. That is, foo +or foo/log, if foo is the name of the +symbolic link in the scan directory.
    + +

    A run script should normally:

    • adjust redirections for stdin, stdout and stderr. When a run script starts, it inherits its standard file descriptors from @@ -107,10 +118,12 @@ process has been killed. If the foo service is supposed to be up, script, not the finish script, should be running; the finish script should really be short-lived.) The maximum duration of a finish execution can be configured via the timeout-finish file, see below.
    • -
    • The finish script is -executed with two arguments: the exit code from the run script (resp. 256 if the -run script was killed by a signal), and an undefined number (resp. the number of -the signal that killed the run script).
    • +
    • The finish script is executed with three arguments: +
        +
      1. the exit code from the run script (resp. 256 if the run script was killed by a signal)
      2. +
      3. an undefined number (resp. the number of the signal that killed the run script)
      4. +
      5. the name of the service directory, the same that has been given to ./run.
      6. +
    • If the finish script exits 125, then s6-supervise interprets this as a permanent failure for the service, and does not restart it, as if an s6-svc -O command had been sent.
    • @@ -122,8 +135,8 @@ stdin and stdout pointing to /dev/null.
    • A directory named supervise. It is automatically created by s6-supervise if it does not exist. This is where -s6-supervise stores its information. The directory -must be writable.
    • +s6-supervise stores its internal information. +The directory must be writable.
    • An optional, empty, regular file named down. If such a file exists, the default state of the service is considered down, not up: s6-supervise will not diff --git a/src/supervision/s6-supervise.c b/src/supervision/s6-supervise.c index 881d29a..c377e32 100644 --- a/src/supervision/s6-supervise.c +++ b/src/supervision/s6-supervise.c @@ -456,7 +456,7 @@ static int uplastup_z (void) { char fmt0[UINT_FMT] ; char fmt1[UINT_FMT] ; - char *cargv[5] = { "finish", fmt0, fmt1, servicename, 0 } ; + char *cargv[5] = { "finish", fmt0, fmt1, (char *)servicename, 0 } ; selfpipe_finish() ; fmt0[uint_fmt(fmt0, WIFSIGNALED(status.wstat) ? 256 : WEXITSTATUS(status.wstat))] = 0 ; fmt1[uint_fmt(fmt1, WTERMSIG(status.wstat))] = 0 ; diff --git a/src/supervision/s6-svscan.c b/src/supervision/s6-svscan.c index 740df49..ae77ab4 100644 --- a/src/supervision/s6-svscan.c +++ b/src/supervision/s6-svscan.c @@ -560,6 +560,7 @@ int main (int argc, char const *const *argv) if (t) tain_from_millisecs(&defaulttimeout, t) ; else defaulttimeout = tain_infinite_relative ; if (max < 2) max = 2 ; + if (max > 90000) max = 90000 ; } if (notif >= 0) -- cgit v1.2.3