| Date | Commit message (Collapse) |
|---|
|
commit 6e238ee3396719e578d6a90e177a71ce9f8c1ca0
("nntp: respect 3 minute idle time for shutdown")
was incomplete, and needed this change to Daemon
to be effective.
In the future, there will be more common code between
NNTP.pm and HTTP.pm
|
|
As far as most process managers are concerned (e.g. systemd),
they should already start in '/'. So avoid making our daemon
more complex to run by requiring absolute paths during
development.
|
|
This allows systemd users to use SIGWINCH to temporarily
(and gracefully) stop an instance of a service without
doing a code reload to bring it back up:
# start temporary new service code
systemctl start public-inbox-nntpd@2.service
# momentarily paralyze original service
systemctl kill -s WINCH public-inbox-nntpd@1.service
if new_code_at_2_sucks
then
# restart original workers
systemctl kill -s HUP public-inbox-nntpd@1.service
else # new is better than old, replace original instance
systemctl restart public-inbox-nntpd@1.service
fi
# cleanup the temporary service
systemctl stop public-inbox-nntpd@2.service
This partially reverts commit 73d274e83b7d300f31e0cc1ceeacbf73c6c2a1e4
("daemon: disable SIGWINCH unless explicitly daemonized")
|
|
If using a master/worker setup, a careless user could be trying
to signal all processes using "killall". This may trigger bad
side-effects; but try to limit the side-effects as much as
possible.
|
|
Checking stdin/stdout/stderr is not sufficient as the daemon
without setsid can still be under the control of a terminal.
Unfortunately this means systemd users cannot use SIGWINCH,
either.
|
|
We do not need to count the httpd.async object
against our running client count, that is tied to
the socket of the actual client.
This prevents misleading sysadmins about connected
clients during shutdown.
|
|
They're effectively noops anyways, and we don't want to be
holding a reference to the read end of the parent pipe.
|
|
Users may change terminal sizes if the process is connected to a
terminal, so we can't reasonably expect SIGWINCH to work as
intended.
|
|
We shouldn't need sigprocmask unless we're running multiple
native threads or using vfork, neither of which is the case,
here.
|
|
This hopefully makes the intent of the code clearer, too.
The the HTTP use of the numeric reference for getline
caused problems in Git.pm, already.
|
|
git clones may take longer than 30s, much longer... So prepare
to wait almost indefinitely for sockets to timeout and document
the second signal behavior for immediate shutdown.
While we're at it, move parent death handling to a separate
class to avoid Danga::Socket->AddOtherFds, since that does not
allow proper handling the parent pipe being closed and would
actually misterminate a worker prematurely. t/nntpd.t is update
to illustrate the failure with workers enabled.
We will work to keep memory usage low and let clients take their
time without interrupting them.
|
|
We also require --stdout/--stderr/--pid-file to be absolute
paths for USR2 usage. However, allow PSGI files for -httpd
to be relative paths for ease-of-use.
|
|
We need to ensure $sock_pkg is preserved outside of the loop.
The variable passed to "for" or "foreach" is implicitly local
and restores the previous value when the loop exits. This is
documented in the perlsyn manpage in the "Foreach Loops"
section.
Fixes: ea1b6cbd422b ("daemon: allow using IO::Socket::IP over INET6")
|
|
IO::Socket::IP is bundled with newer versions of Perl,
so it is more likely to be available. There should
be no differences between these with our use cases.
|
|
This means we can avoid false-positives when inheriting multiple
Unix domain sockets.
|
|
Non-socket activation users will want to install Net::Server
for daemonization, pid file writing, and user/group switching.
|
|
No need to create a new sub which kill ourselves $$ when we can
invoke worker_quit directly.
|
|
Not that these subs are repeatedly created, but this makes
the code easier-to-review and these callbacks are idempotent
anyways.
|
|
We do not want to be accepting connections during graceful
shutdown because another new process is likely taking over.
This also allows us to free up the listener case another
(independent) process wants to claim it.
|
|
IO::Handle->new_from_fd has existed since at least 1996,
so it should be safe to depend on at this point.
|
|
Listening on Unix domain sockets can be convenient for running
behind reverse proxies, avoiding port conflicts, limiting access,
or avoiding the overhead (if any) of TCP over loopback.
|
|
This allows us to share more code between daemons and avoids
having to make additional syscalls for preparing REMOTE_HOST
and REMOTE_PORT in the PSGI env in -httpd.
This will also make supporting HTTP (and NNTP) over Unix sockets
easier in a future commit.
|
|
We've distilled the daemon code into one public function ("run"),
so avoid polluting the main namespace and just have users
prefix with the full package name for this rarely-used class.
|
|
For error messages intended to show user error (e.g. giving
invalid options), we add a newline ("\n") at the end to
polluting the output with location information.
However, for diagnosing non-user-triggered errors, we should
show the location of where the error occured.
|
|
This means we always load the PSGI server code early for
-httpd. This may make things less compatible with existing
PSGI/Plack apps, but we prioritize our httpd for the uses
of public-inbox itself, first.
And any existing PSGI/Plack app which wants to may adapt
themselves to being preload-friendly.
|
|
Writing a read-only IMAP server isn't out-of-scope, either,
but I've never studiied the IMAP protocol, much, unlike HTTP/1.x
or even NNTP.
|
|
Users may log output to a pipe, so ensure these outputs are
unbuffered in userspace and go to the operating system ASAP
for other processes to pick up.
|
|
When using user-switching in a single process, we must be
careful to not inadvertantly create new Msgmap sqlite3 files.
We must also ensure we set proper permissions on any files
we create.
Additionally, our refactoring was broken as we failed to
actually daemonize or preserve the parent FD in a worker
process.
Finally, default to one worker process since our code may
be fatally broken and it's nice to be able to scale to multiple
cores via SIGTTIN if needed.
|
|
We'll probably be supporting read-only IMAP, or maybe
we'll just implement a custom HTTP server so users can
manage/upgrade the same way as the nntpd while being
immune to slow clients.
|