saving pidfiles

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

saving pidfiles

Sebastian-2
Hi,

I'm downstream and upstream maintainer of a software which consists of
many python modules, which are started individually and are non-root.
Previously, we used /opt, but we'd like to drop this now and use LSB-paths.

But I'm facing problems with the pidfiles, which should be saved under
`/run/name/component.pid`*. But the unprivileged programs can't create
the directory or change permissions, so root must do this. I now see
these possibilities:
1) Use /opt/name/ - kind of fishy
2) Use /tmp - Better than the solution above and still simple.
3) Saved them somewhere in /var/lib/name, which is writable to the users.
4) Start all components as root, create /run/name if needed and then
drop privileges. Has unnecessary complexity in the software, which I'd
like to avoid
5) Allow the programs to create the directory /run/name via sudoers

Are there other possibilites or best practices? Does systemd has a
solution here? Note that units need the pidfiles, not services. I know
that systemd can handle the pidfile of the latter. But then I'd again
need root to create it.

Any ideas are appreciated,
Sebastian

* as far as I understand non-existing guidelines. But it seems to be
handled so by other progams. Some hints that this should be done, can be
found here:
https://en.opensuse.org/openSUSE:Systemd_services#dnscrypt
https://en.opensuse.org/SDB:LXC#Populate_the_container_filesystem
https://en.opensuse.org/openSUSE:Packaging_init_scripts#Status_Functions

--
python programming - mail server - photo - video - https://sebix.at
cryptographic key at https://sebix.at/DC9B463B.asc and on public keyservers



signature.asc (841 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: saving pidfiles

Yamaban
On Fri, 23 Sep 2016 20:41, Sebastian wrote:

> Hi,
>
> I'm downstream and upstream maintainer of a software which consists of
> many python modules, which are started individually and are non-root.
> Previously, we used /opt, but we'd like to drop this now and use LSB-paths.
>
> But I'm facing problems with the pidfiles, which should be saved under
> `/run/name/component.pid`*. But the unprivileged programs can't create
> the directory or change permissions, so root must do this. I now see
> these possibilities:
> 1) Use /opt/name/ - kind of fishy
> 2) Use /tmp - Better than the solution above and still simple.
> 3) Saved them somewhere in /var/lib/name, which is writable to the users.
> 4) Start all components as root, create /run/name if needed and then
> drop privileges. Has unnecessary complexity in the software, which I'd
> like to avoid
> 5) Allow the programs to create the directory /run/name via sudoers
>
> Are there other possibilites or best practices? Does systemd has a
> solution here? Note that units need the pidfiles, not services. I know
> that systemd can handle the pidfile of the latter. But then I'd again
> need root to create it.
>
> Any ideas are appreciated,
> Sebastian
>
> * as far as I understand non-existing guidelines. But it seems to be
> handled so by other progams. Some hints that this should be done, can be
> found here:
> https://en.opensuse.org/openSUSE:Systemd_services#dnscrypt
> https://en.opensuse.org/SDB:LXC#Populate_the_container_filesystem
> https://en.opensuse.org/openSUSE:Packaging_init_scripts#Status_Functions

AFAIK, you can create the needed dirs with the needed (user writeable)
permissions by dropping a snippet in /etc/tmpdirs.d/ (for files use
/etc/tmpfiles.d/) and they will be created after boot by
systemd-tmpfiles-setup.service.

Docu: man:tmpfiles.d(5) man:systemd-tmpfiles(8)

This /could/ be what you want (use /run/name/blah.pid)
without forceing extra tricks.

Otherwise using /var/lib/name/blah.pid would also be a valid,
traceable, accountable, and comprehensible solution.

Please make note of the why and how of the solution in
the man-page / readme / docu of your program, that
spares many headaches later.


   - Yamaban.
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: saving pidfiles

Sebastian-2
Hi,

On 09/23/2016 09:26 PM, Yamaban wrote:
> AFAIK, you can create the needed dirs with the needed (user writeable)
> permissions by dropping a snippet in /etc/tmpdirs.d/ (for files use
> /etc/tmpfiles.d/) and they will be created after boot by
> systemd-tmpfiles-setup.service.
>
> Docu: man:tmpfiles.d(5) man:systemd-tmpfiles(8)
>
> This /could/ be what you want (use /run/name/blah.pid)
> without forceing extra tricks.
Yes, this seems to be very good!

But I found out that /etc/tmpdirs.d has been obsoleted by /etc/tmpfiles.d[1]
The tmpdirs.d directory exists on tumbleweed (at least here, may be not
a fresh install) but is not read anymore by systemd-tmpfiles. This
caused me some headache to find out.
Also, the filename has to end with .conf, this is not mentioned on older
blog posts (e.g. from 2010)
> Otherwise using /var/lib/name/blah.pid would also be a valid,
> traceable, accountable, and comprehensible solution.
Okay, I will use this on other/older platforms where the above method is
not available.

Thanks for your advice!
Sebastian

[1]:
https://en.opensuse.org/openSUSE:Systemd_status#Short_list_of_differences_with_integration_of_systemd_compared_to_SysVinit

--
python programming - mail server - photo - video - https://sebix.at
cryptographic key at https://sebix.at/DC9B463B.asc and on public keyservers




signature.asc (841 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: saving pidfiles

Bruno Friedmann-2
On samedi, 24 septembre 2016 09.58:12 h CEST Sebastian wrote:

> Hi,
>
> On 09/23/2016 09:26 PM, Yamaban wrote:
> > AFAIK, you can create the needed dirs with the needed (user writeable)
> > permissions by dropping a snippet in /etc/tmpdirs.d/ (for files use
> > /etc/tmpfiles.d/) and they will be created after boot by
> > systemd-tmpfiles-setup.service.
> >
> > Docu: man:tmpfiles.d(5) man:systemd-tmpfiles(8)
> >
> > This /could/ be what you want (use /run/name/blah.pid)
> > without forceing extra tricks.
>
> Yes, this seems to be very good!
>
> But I found out that /etc/tmpdirs.d has been obsoleted by /etc/tmpfiles.d[1]
> The tmpdirs.d directory exists on tumbleweed (at least here, may be not a
> fresh install) but is not read anymore by systemd-tmpfiles. This caused me
> some headache to find out.
> Also, the filename has to end with .conf, this is not mentioned on older
> blog posts (e.g. from 2010)
>
> > Otherwise using /var/lib/name/blah.pid would also be a valid,
> > traceable, accountable, and comprehensible solution.
>
> Okay, I will use this on other/older platforms where the above method is
> not available.
>
> Thanks for your advice!
> Sebastian
>
> [1]:
> https://en.opensuse.org/openSUSE:Systemd_status#Short_list_of_differences_wi
> th_integration_of_systemd_compared_to_SysVinit

And better if you package it make that droplet in /usr/lib/tempfiles.d
Making administrator able to overrides your defaults by their on specific
systems.

 ;-)

--

Bruno Friedmann
 Ioda-Net Sàrl www.ioda-net.ch
 Bareos Partner, openSUSE Member, fsfe fellowship
 GPG KEY : D5C9B751C4653227
 irc: tigerfoot


--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: saving pidfiles

Jan Engelhardt-4
In reply to this post by Sebastian-2

On Saturday 2016-09-24 09:58, Sebastian wrote:
>On 09/23/2016 09:26 PM, Yamaban wrote:
>> AFAIK, you can create the needed dirs with the needed (user writeable)
>> permissions by dropping a snippet in /etc/tmpdirs.d/ (for files use
>> /etc/tmpfiles.d/) and they will be created after boot by
>> systemd-tmpfiles-setup.service.
>> Otherwise using /var/lib/name/blah.pid would also be a valid,
>> traceable, accountable, and comprehensible solution.
>Okay, I will use this on other/older platforms where the above method is
>not available.

If your service is of the Type=simple, then pidfiles will be ignored altogether
because they are not needed, which means you need not bother trying to put it
in any particular spot.
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: saving pidfiles

Sebastian-2
In reply to this post by Bruno Friedmann-2
On 09/24/2016 10:03 AM, Bruno Friedmann wrote
> And better if you package it make that droplet in /usr/lib/tempfiles.d
> Making administrator able to overrides your defaults by their on specific
> systems.
Yes, that's even clearly mentioned in the manpage :) And I also found
out about %{_tmpfilesdir} by just trying if it exists, and it does!

Sebastian

--
python programming - mail server - photo - video - https://sebix.at
cryptographic key at https://sebix.at/DC9B463B.asc and on public keyservers



signature.asc (841 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: saving pidfiles

Sebastian-2
In reply to this post by Jan Engelhardt-4
On 09/24/2016 10:07 AM, Jan Engelhardt wrote:
> If your service is of the Type=simple, then pidfiles will be ignored altogether
> because they are not needed, which means you need not bother trying to put it
> in any particular spot.
Thanks for this hint, I will keep it in mind for future releases!

--
python programming - mail server - photo - video - https://sebix.at
cryptographic key at https://sebix.at/DC9B463B.asc and on public keyservers



signature.asc (841 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: saving pidfiles

Cristian Rodríguez-2
In reply to this post by Sebastian-2
On Fri, Sep 23, 2016 at 3:41 PM, Sebastian <[hidden email]> wrote:

> Are there other possibilites or best practices? Does systemd has a
> solution here? Note that units need the pidfiles, not services. I know
> that systemd can handle the pidfile of the latter. But then I'd again
> need root to create it.

Your options are:

- Do not use pidfiles, This is the suggested way forward..
-  if you do want to continue using them ensure that they are created
as explained in daemon(7). pay attention to the "race free" part.
- Store them only in a directory under /run .. i.e
/run/yourmainprogram/component.pid. to create the directory, use a
tmpfiles.d snippet.
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]