What are your rules for checking for a long running process?
If the ns_proxy command is for isolating badly behaved code, it seems
to me there could usefully be a few more built in checks for bad
behaviour, rather than having to implement these checks manually.
For example, how about a switch which defines the maximum running time
for the command? You can handle this now as Zoran points out by
waiting for the result with a timeout. But this is awkward to handle
if you have a 'detached' proxy job.
Explicitly passing the runtime-timeout would also eliminate some race
conditions. Let's say you start a job, then in some other thread get a
list of jobs including pid, figure out a job has taken too long, then
kill the pid. The job could exit between the time you get the pid and
the time your decide to kill it. Pid's recycle (eventualy), and you
kill some completely unrelated proces.
Runtime limits could be implemented with a timer and signal handler in
the proxy process.
One common bad behaviour other than lack of thread safety is memory
leaks. How about some switches which set rlimits for the process,
maximum heap memory and such? This would also be a nice safety
feature -- say you're converting images or movies uploaded by some
untrusted source and you want to ensure a flaw in your converter
library doesn't compromise your server.
Maybe a chroot switch would be useful?
On 9/14/06, Vlad Seryakov <[EMAIL PROTECTED]> wrote:
Can i do this from other thread, spawn in one and check in another,
actually this is what i need. I can have multiple processes running,
then according to some rules i will check which one is taking too long
and kill it.
Zoran Vasiljevic wrote:
> On 14.09.2006, at 19:50, Vlad Seryakov wrote:
>
>> The only immediate request i would have for ns_proxy to be able to
>> query
>> pid for active proxies, may be ns_proxy active could return pid or
>> other
>> command, that will be useful for forcing process exit if necessary.
>
> You can do:
>
> ns_proxy clear ?pool?
>
> to forcefully clear _all_ slave processes (or just
> ones for the given pool).
>
> But look here:
>
> server1:nscp 1> set proxy [ns_proxy get pool]
>
> zvpb:~ zoran$ ps -ax | grep proxy
> 13423 p0 S+ 0:00.02 /usr/local/ns/bin/nsproxy pool pool-7
> 13425 p2 S+ 0:00.01 grep proxy
>
> Now we have a slave process running. So:
>
> server1:nscp 2> ns_proxy send $proxy "exec sleep 10000"
> server1:nscp 3> ns_proxy wait $proxy 1000
> could not wait for proxy "pool-7": timeout waiting for evaluation
>
> zvpb:~ zoran$ ps -ax | grep proxy
> 13423 p0 S+ 0:00.02 /usr/local/ns/bin/nsproxy pool pool-7 {exec
> sleep 10000}
>
> Now you have the slave "gone wild". How to get rid
> of it? Simply:
>
> server1:nscp 4> ns_proxy put $proxy
>
> and hopla:
>
> [14/Sep/2006:19:58:11][13419.41968128][-nsproxy:reap-] Warning:
> [pool]: pid 13423 won't die, send signal 15
> [14/Sep/2006:19:58:12][13419.41968128][-nsproxy:reap-] Error: process
> 13423 killed with signal 15 (Terminated)
>
> and:
>
> zvpb:~ zoran$ ps -ax | grep proxy
> 13430 p2 R+ 0:00.00 grep proxy
>
> This is NEW in the code. If your proxy is just taking too
> much time, you return it back to the pool. The code will
> see that you are returning an non-idle proxy back to pool
> and will assure to kill the slave.
>
> Is this what you are looking for?
>
> Cheers,
> Zoran
>
>
>
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> naviserver-devel mailing list
> naviserver-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/naviserver-devel
>
--
Vlad Seryakov
571 262-8608 office
[EMAIL PROTECTED]
http://www.crystalballinc.com/vlad/
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
naviserver-devel mailing list
naviserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/naviserver-devel
