Re: [systemd-devel] [PATCH] service: kill processes with SIGKILL on watchdog failure

2013-06-06 Thread Lennart Poettering
On Tue, 21.05.13 15:27, Zbigniew Jędrzejewski-Szmek (zbys...@in.waw.pl) wrote:

 
 On Sun, May 19, 2013 at 12:10:55PM +0200, Michael Olbrich wrote:
  Just calling service_enter_dead() does not kill any processes.
  As a result, the old process may still be running when the new one is
  started.
  After a watchdog failure the service is in an undefined state.
  Using the normal shutdown mechanism makes no sense. Instead all processes
  are just killed and the service can try to restart.
 Applied.
 
 (I thought for a while whether we should allow normal shutdown for
 watchdog-failed services. Sometimes that could be useful, but for
 the majority of cases just killing the process is probably the right
 option.)

Hmm, I am pretty sure we should still execute the ExecStopPost=
commands, since their purpose might be to clean up things. If the
watchdog timeout is hit we can assume that a clean shutdown won't work,
so we shouldn't try to execute ExecStop= or try SIGTERM and go directly
to SIGKILL, but ExecStopPre= afterwards we should execute, I am pretty
sure.

I have changed git now to enter STOP_SIGKILL rather than FINAL_SIGKILL
hence. 

I hope this makes sense?

Lennart

-- 
Lennart Poettering - Red Hat, Inc.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] [PATCH] service: kill processes with SIGKILL on watchdog failure

2013-06-06 Thread Zbigniew Jędrzejewski-Szmek
On Thu, Jun 06, 2013 at 09:13:48AM +0200, Lennart Poettering wrote:
 On Tue, 21.05.13 15:27, Zbigniew Jędrzejewski-Szmek (zbys...@in.waw.pl) wrote:
 
  
  On Sun, May 19, 2013 at 12:10:55PM +0200, Michael Olbrich wrote:
   Just calling service_enter_dead() does not kill any processes.
   As a result, the old process may still be running when the new one is
   started.
   After a watchdog failure the service is in an undefined state.
   Using the normal shutdown mechanism makes no sense. Instead all processes
   are just killed and the service can try to restart.
  Applied.
  
  (I thought for a while whether we should allow normal shutdown for
  watchdog-failed services. Sometimes that could be useful, but for
  the majority of cases just killing the process is probably the right
  option.)
 
 Hmm, I am pretty sure we should still execute the ExecStopPost=
 commands, since their purpose might be to clean up things. If the
 watchdog timeout is hit we can assume that a clean shutdown won't work,
 so we shouldn't try to execute ExecStop= or try SIGTERM and go directly
 to SIGKILL, but ExecStopPre= afterwards we should execute, I am pretty
 sure.
 
 I have changed git now to enter STOP_SIGKILL rather than FINAL_SIGKILL
 hence. 
 
 I hope this makes sense?
Yeah, that seems like a better choice. We should make sure to document
this in the man pages at some point.

Zbyszek
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] [PATCH] service: kill processes with SIGKILL on watchdog failure

2013-05-24 Thread Hoyer, Marko (ADITG/SW2)
 Just calling service_enter_dead() does not kill any processes.
  As a result, the old process may still be running when the new one is 
started.

Thx for the fast response and alternative patch. I tested it in my 
environment as well and it works as expected killing the processes 
without executing the stop stuff.

  After a watchdog failure the service is in an undefined state.
  Using the normal shutdown mechanism makes no sense. Instead all 
processes are
  just killed and the service can try to restart.

This might depend a bit on how one sees the intention of the stop stuff. 
You regard ExecStop and ExecStopPost as mechanism to support stopping a 
service using any thinkable way.

If you use ExecStopPost to do things (cleaning up or whatever) whenever 
the process has been stopped, this functionality might even make sense 
when the process is killed due to a missed watchdog notification.

Btw: ExecStopPost and ExecStop are called, when a process is killed by 
an external kill or even when it exits itsself properly. So this is 
somehow similar to the watchdog case, isn't it?

Best regards

Marko Hoyer

Advanced Driver Information Technology GmbH
Software Group II (ADITG/SW2)
Robert-Bosch-Str. 200
31139 Hildesheim
Germany

Tel. +49 5121 49 6948
Fax +49 5121 49 6999
mho...@de.adit-jv.com

ADIT is a joint venture company of Robert Bosch GmbH/Robert Bosch Car 
Multimedia GmbH and DENSO Corporation
Sitz: Hildesheim, Registergericht: Amtsgericht Hildesheim HRB 3438
Geschaeftsfuehrung: Wilhelm Grabow, Katsuyoshi Maeda
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] [PATCH] service: kill processes with SIGKILL on watchdog failure

2013-05-21 Thread Zbigniew Jędrzejewski-Szmek
On Sun, May 19, 2013 at 12:10:55PM +0200, Michael Olbrich wrote:
 Just calling service_enter_dead() does not kill any processes.
 As a result, the old process may still be running when the new one is
 started.
 After a watchdog failure the service is in an undefined state.
 Using the normal shutdown mechanism makes no sense. Instead all processes
 are just killed and the service can try to restart.
Applied.

(I thought for a while whether we should allow normal shutdown for
watchdog-failed services. Sometimes that could be useful, but for
the majority of cases just killing the process is probably the right
option.)

Zbyszek
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel