I'm filing this case as self-reviewed, as I believe it makes obvious and minor
changes to SMF to achieve an architecture already approved in 2008/580. The
other contract holder (Sun Cluster) already agreed to the change that affects
them. Please just speak up if you'd like this converted to a fasttrack and Tony
and I will be happy to do so.
liane
---
1. Introduction
1.1. Project/Component Working Name:
SMF - improved maintenance diagnosis
1.2. Name of Document Author/Supplier:
Author: Tony Nguyen (Truong.Q.Nguyen at sun.com)
1.3. Date of This Document:
Monday Nov 24 2008
4. Technical Description
4.1 Description
Implementation of Solaris host-based firewall (PSARC 2008/580), requires
two supporting changes to the SMF framework, a new consolidation private
addition to the existing private restarter interface and a modification to
an existing contracted interface :
- The new private interface provides correct diagnosis for service whose
maintenance state is requested by another service. Currently, when a
service is placed in maintenance via svcadm mark maintenance, the
explanation for maintenance state is "Requested by an administrator"
which is incorrect if svcadm was programmatically executed. This issue
is captured in
6762307 SMF - expressing a service's maintenance state by request of
another service
Host-based firewall requires a mechanism to explain that a service is
placed in maintenance by request of another service (specified by a
FMRI). This case proposes such mechanism.
Currently, a typical information flow for svcadm command is
restarter_actions pg -> startd -> restarter -> restarter pg -> svcs -x
- svcadm places request in restarter_actions pg
- startd picks up the request and sends corresponding admin event to
restarters
- restarters processes the requested event and generates state
information in restarter pg
- svcs consumes restarter pg to communicate instance state
information to user
For svcadm maintenance request events, startd and restarter assume the
events are requested only by administrator thus the restarter always
sets restarter/auxiliary_state to "administrative_request". In short,
restarters currently lack information to correctly determine
maintenance cause for services.
The proposed case adds two more properties, auxiliary_fmri and
auxiliary_tty, to restarter_actions property group to help restarters
determine and provide correct diagnosis.
auxiliary_fmri - FMRI from contract owning the running process
auxiliary_tty - boolean value indicating whether the running process
has a control terminal
svcadm generates auxiliary_fmri and auxiliary_tty in restarter_actions
property group. Upon processing a maintenance event, restarters will
diagnose maintenance state to "administrator_request" if auxiliary_tty
is TRUE or "service_request" if auxiliary_tty is FALSE. If it's a
service request action, restarters also validates and populates the
FMRI in restarter/auxiliary_fmri. svcs -x will use both auxiliary_state
and auxiliary_fmri in restarter property group to inform user the
correct reason for the maintenance state.
An example to clarify; network/ipfilter is reponsible for configuring
IPfilter rules for network services based on each service's firewall
policy. If a service's firewall policy is misconfigured,
network/ipfilter will place the service into maintenance and user can
use 'svcs -x' to find out the correct reason for a service's maintenance
state.
svc:/network/telnet:default (Telnet server)
State: maintenance since Thu Nov 13 18:16:07 2008
Reason: Maintenance requested by "svc:/network/ipfilter:default"
See: /var/svc/log/network-ipfilter:default.log
See: http://sun.com/msg/SMF-8000-R4
See: in.telnetd(1M)
See: telnetd(1M)
Impact: This service is not running.
This enhanced svcs -x output gives user the correct explanation and log
files, making it easier to debug and address the real problem.
- In order to implement the above feature, it's necessary to modify the
behavior of an existing private interface restarter_set_states(),
currently contracted to Sun Cluster. The proposed change also addresses
an existing bug
6236609 svc.startd resets auxiliary state on svcadm mark maintenance
Currently, restarter_set_states() sets restarter/aux_state property to
"none" if its aux parameter is NULL. The proposed fix modifies this
behavior, restarter_set_states() will require caller to explicitly
pass in a value for aux parameter and do nothing if the aux parameter
is NULL. Essentially, the change allows optionally setting/resetting
the reason when updating state.
Existing restarter_set_states() consumers can explicitly passing "none"
to retain the current behavior. Sun Cluster is notified of the proposed
fix and will modify their code once the fix is integrated.
4.2 Proposed Interfaces
auxiliary_fmri Property Consolidation Private
auxiliary_tty Property Consolidation Private
restarter_set_states() Contracted Private
4.3 Release Binding
Minor binding is requested.
6. Resources and Schedule
6.4. Steering Committee requested information
6.4.1. Consolidation C-team Name:
ON
6.5. ARC review type: Automatic
6.6. ARC Exposure: open
