On 07/09/2017 09:16, Gert Doering wrote:
> Hi,
>
> On Thu, Sep 07, 2017 at 01:52:02AM +0200, David Sommerseth wrote:
>> @@ -18,6 +18,8 @@ DeviceAllow=/dev/net/tun rw
>> ProtectSystem=true
>> ProtectHome=true
>> KillMode=process
>> +RestartSec=5s
>> +Restart=on-failure
>
> Is there a way to get exponential backoff on restart?
>
> Restarting is good, but if there is something faulty that leads to
> "the process always dies right away", this can lead to very quickly
> filling disks with not-so-useful logging...
>
> (Otherwise, yes, restarting is good :-) )
>
Hi,
>From systemd.unit man-page[1]:
StartLimitIntervalSec=, StartLimitBurst=
Configure unit start rate limiting. By default, units which are
started more than 5 times within 10 seconds are not permitted to
start any more times until the 10 second interval ends.
I verified this behavior on CentOS 7 using another daemon (monit) by
setting "Restart=on-failure" for it, breaking its config file and
forcibly killing it. Note that RestartSec is the default, i.e. 100ms:
---
Sep 07 09:55:37 centos-7 systemd[1]: monit.service: control process
exited, code=exited status=1
Sep 07 09:55:37 centos-7 systemd[1]: Unit monit.service entered failed
state.
Sep 07 09:55:37 centos-7 systemd[1]: monit.service holdoff time over,
scheduling restart.
Sep 07 09:55:37 centos-7 systemd[1]: Stopping Pro-active monitoring
utility for unix systems...
Sep 07 09:55:37 centos-7 systemd[1]: Starting Pro-active monitoring
utility for unix systems...
Sep 07 09:55:37 centos-7 systemd[1]: monit.service start request
repeated too quickly, refusing to start.
Sep 07 09:55:37 centos-7 systemd[1]: Failed to start Pro-active
monitoring utility for unix systems.
Sep 07 09:55:37 centos-7 systemd[1]: Unit monit.service entered failed
state.
---
As you can see, systemd quickly realizes that monit will not come back
up and stops trying.
However, when I added "RestartSec=5s" the StartLimit* thresholds were
never triggered. This meant that systemd never ceased trying to restart
the monit service.
David: any particular reason why you added RestartSec? Why not just let
it be the default (100ms)?
--
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc
irc freenode net: mattock
[1] <https://www.freedesktop.org/software/systemd/man/systemd.unit.html>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
