s6

Mirror/fork of https://skarnet.org/software/s6/
git clone https://ccx.te2000.cz/git/s6
Log | Files | Refs | README | LICENSE

commit 355d6a83810e1b7bb3bc2ccd3102141dbea63821
parent 6920ddc814d709bc60c162c1fef794b108940e95
Author: Laurent Bercot <ska-skaware@skarnet.org>
Date:   Sun, 21 Aug 2022 02:37:46 +0000

 Add upper limit to -c in s6-svscan

 Also document it, and document changes to s6-supervise

Signed-off-by: Laurent Bercot <ska@appnovation.com>

Diffstat:
Mdoc/s6-supervise.html | 10++++++++--
Mdoc/s6-svscan.html | 5+++--
Mdoc/servicedir.html | 31++++++++++++++++++++++---------
Msrc/supervision/s6-supervise.c | 2+-
Msrc/supervision/s6-svscan.c | 1+
5 files changed, 35 insertions(+), 14 deletions(-)

diff --git a/doc/s6-supervise.html b/doc/s6-supervise.html @@ -135,7 +135,12 @@ effective group id as the s6-supervise process. If it already exists, it uses it as is, without modifying the subscription rights. </li> <li> It <a href="libs6/ftrigw.html">sends</a> a <tt>'s'</tt> event to <tt>./event</tt>. </li> <li> If the default service state is up (i.e. there is no <tt>./down</tt> file), -s6-supervise spawns <tt>./run</tt>. </li> +s6-supervise spawns <tt>./run</tt>. One argument is given to the <tt>./run</tt> +program: <em>servicedir</em>, the name of the directory s6-supervise is being +run on. It is given exactly as given to s6-supervise, without recanonicalization. +In particular, if s6-supervise is being managed by <a href="s6-svscan.html">s6-svscan</a>, +<em>servicedir</em> is always of the form <tt><em>foo</em></tt> or <tt><em>foo</em>/log</tt>, +and <em>foo</em> contains no slashes. </li> <li> s6-supervise sends a <tt>'u'</tt> event to <tt>./event</tt> whenever it successfully spawns <tt>./run</tt>. </li> <li> If there is a <tt>./notification-fd</tt> file in the service directory and, @@ -152,7 +157,8 @@ service for readiness. </li> It then spawns <tt>./finish</tt> if it exists. <tt>./finish</tt> will have <tt>./run</tt>'s exit code as first argument, or 256 if <tt>./run</tt> was signaled; it will have the number of the signal that killed <tt>./run</tt> -as second argument, or an undefined number if <tt>./run</tt> was not signaled. </li> +as second argument, or an undefined number if <tt>./run</tt> was not signaled; +and it will have <em>servicedir</em> as third argument. </li> <li> By default, <tt>./finish</tt> must exit in less than 5 seconds. If it takes more than that, s6-supervise kills it with a SIGKILL. This can be configured via the <tt>./timeout-finish</tt> file, see the description in the diff --git a/doc/s6-svscan.html b/doc/s6-svscan.html @@ -76,10 +76,11 @@ where all error messages go to the <tt>s6-svscan-log</tt> catch-all logger servi default, except messages from this service itself, which fall back to <em>consoleholder</em>. If you're not sure what to use this option for, or how, you don't need it. </li> <li> <tt>-c&nbsp;<em>max</em></tt>&nbsp;: maintain services for up to <em>max</em> -service directories. Default is 500. Lower limit is 2. There is no upper limit, but: +service directories. Default is 500. Lower limit is 2. Upper limit is 90000. If +you're increasing this value from the default, please note that: <ul> <li> The higher <em>max</em> is, the more stack memory s6-svscan will use, -approximately 50 bytes per service. </li> +up to 100 bytes per service. </li> <li> s6-svscan uses 2 file descriptors per logged service. </li> </ul> It is the admin's responsibility to make sure that s6-svscan has enough available diff --git a/doc/servicedir.html b/doc/servicedir.html @@ -45,11 +45,22 @@ file (such as a binary file or a link to any other executable file), but most of the time it will be a script, called <em>run script</em>. This file is the most important one in your service directory: it contains the commands that will setup and run your <em>foo</em> service. -It is forked and executed by <a href="s6-supervise.html">s6-supervise</a> + <ul> + <li> It is forked and executed by <a href="s6-supervise.html">s6-supervise</a> every time the service must be started, i.e. normally when <a href="s6-supervise.html">s6-supervise</a> starts, and whenever -the service goes down when it is supposed to be up. A run script -should normally: +the service goes down when it is supposed to be up. </li> + <li> It is given one argument, which is the same argument that the +<a href="s6-supervise.html">s6-supervise</a> process is running with, +i.e. the name of the service directory &mdash; or, if +<a href="s6-supervise.html">s6-supervise</a> is run under +<a href="s6-svscan.html">s6-svscan</a>, the name of the service directory +as seen by <a href="s6-svscan.html">s6-svscan</a> in its +<a href="scandir.html">scan directory</a>. That is, <tt><em>foo</em></tt> +or <tt><em>foo</em>/log</tt>, if <em>foo</em> is the name of the +<em>symbolic link</em> in the scan directory. </li> </ul> + +<p> A run script should normally: </p> <ul> <li> adjust redirections for stdin, stdout and stderr. When a run script starts, it inherits its standard file descriptors from @@ -107,10 +118,12 @@ process has been killed. If the <em>foo</em> service is supposed to be up, script, not the finish script, should be running; the finish script should really be short-lived.) The maximum duration of a <tt>finish</tt> execution can be configured via the <tt>timeout-finish</tt> file, see below. </li> - <li> The finish script is -executed with two arguments: the exit code from the run script (resp. 256 if the -run script was killed by a signal), and an undefined number (resp. the number of -the signal that killed the run script). </li> + <li> The finish script is executed with three arguments: + <ol> + <li> the exit code from the run script (resp. 256 if the run script was killed by a signal) </li> + <li> an undefined number (resp. the number of the signal that killed the run script) </li> + <li> the name of the service directory, the same that has been given to <tt>./run</tt>. </li> + </ol> <li> If the finish script exits 125, then <a href="s6-supervise.html">s6-supervise</a> interprets this as a permanent failure for the service, and does not restart it, as if an <a href="s6-svc.html">s6-svc -O</a> command had been sent. </li> @@ -122,8 +135,8 @@ stdin and stdout pointing to <tt>/dev/null</tt>. </li> <li style="margin-bottom:1em"> A directory named <tt>supervise</tt>. It is automatically created by <a href="s6-supervise.html">s6-supervise</a> if it does not exist. This is where -<a href="s6-supervise.html">s6-supervise</a> stores its information. The directory -must be writable. </li> +<a href="s6-supervise.html">s6-supervise</a> stores its internal information. +The directory must be writable. </li> <li style="margin-bottom:1em"> An optional, empty, regular file named <tt>down</tt>. If such a file exists, the default state of the service is considered down, not up: s6-supervise will not diff --git a/src/supervision/s6-supervise.c b/src/supervision/s6-supervise.c @@ -456,7 +456,7 @@ static int uplastup_z (void) { char fmt0[UINT_FMT] ; char fmt1[UINT_FMT] ; - char *cargv[5] = { "finish", fmt0, fmt1, servicename, 0 } ; + char *cargv[5] = { "finish", fmt0, fmt1, (char *)servicename, 0 } ; selfpipe_finish() ; fmt0[uint_fmt(fmt0, WIFSIGNALED(status.wstat) ? 256 : WEXITSTATUS(status.wstat))] = 0 ; fmt1[uint_fmt(fmt1, WTERMSIG(status.wstat))] = 0 ; diff --git a/src/supervision/s6-svscan.c b/src/supervision/s6-svscan.c @@ -560,6 +560,7 @@ int main (int argc, char const *const *argv) if (t) tain_from_millisecs(&defaulttimeout, t) ; else defaulttimeout = tain_infinite_relative ; if (max < 2) max = 2 ; + if (max > 90000) max = 90000 ; } if (notif >= 0)