prong: keep your daemons alive and report if they are fataly wounded.
Hi, This is my idea of how to implement this functionality. Rather simple and transparent. If you like the idea but think you can make a better implementation feel free to make it.. Yes there are other implementations that can do about the same, but I wanted to write something the OpenBSD way. I hope the OpenBSD team at least likes the idea enough to implement something like this for one of the next releases. Download: http://homepage.boetes.org/software/prong.tgz The README: WHY PRONG? Since the introduction of the initscript in /etc/rc.d only one functionality has been missing: the option to automatically restart failed services and to report on them incase they won't come up again. Now for some useless info: Why prong? 1) It's one of my favourite bands. 2) The item that chucky is holding in his hands is a prong. It's used to prod on daemons! HOW IT WORKS: First read and then run ./setup, it creates symlinks for all running daemons in the prong.d directory. Then create a cronjob for prong. So add a line like */3 * * * * /etc/prong.d/prong with crontab -e to make prong run once in the three minutes. And then test everything by disabling a not so important daemon: /etc/rc.d/ntpd stop and notice how it automatically revives and that the name of the symlink is changed temporarily. WORKING WITH PRONG: The status command for prong is: ls -l /etc/prong.d/*.* All symlinks in this directory that start with d. are disabled. All symlinks in this directory that start with e. are enabled. All symlinks in this directory that start with f. have failed. So the idea is that if you want to temporarily prevent prong from restarting a daemon -- for maintainance purposes -- you'd: mv e.daemon d.daemon You can edit all scripts to do what you please. I think the only script you will really want to edit is the alert script. But do take a look at all scripts and read them and try to understand how they work. Start with prong itself. Notice that at the moment nothing is done with failed and disabled daemons? That's by design, but in your case you might want to change it. LICENSE: Public domain! Go away! Leave me alone! # Han
Re: prong: keep your daemons alive and report if they are fataly wounded.
On Fri, Aug 24, 2012 at 08:53:55PM +0200, Han Boetes wrote: Hi, Hi Han, This is my idea of how to implement this functionality. Rather simple and transparent. If you like the idea but think you can make a better implementation feel free to make it.. For what it's worth, I had a similar project: https://poolp.org/~gilles/projects/procstated/ I don't know if it's a better implementation, but it used to do the job quite well for my needs back then ;-) Yes there are other implementations that can do about the same, but I wanted to write something the OpenBSD way. I hope the OpenBSD team at least likes the idea enough to implement something like this for one of the next releases. Unless things have changed, I was told in 2008 that this kind of tools is not going to hit our tree because it's not unix ;-) -- Gilles Chehade https://www.poolp.org @poolpOrg
Re: prong: keep your daemons alive and report if they are fataly wounded.
Gilles Chehade gilles at poolp.org writes: Also, restarting a daemon that has crashed because of an exploit means you expose it again with maybe less luck next time (kindly reminded by mail Right, that's a valid point. In that case you'd only want an email to be sent. Either way, my script is from experience in production environments where daemons usually died for silly reasons which had nothing to do with break in attempts. A script like this is the difference between angry customers calling you out of bed in the middle of the night and waking up in the morning reading emails about services which stopped for no good reasons and nobody but me noticing while still being able to analyse and fix the problem. I'll ponder on your remarks and see if I come up with something. # Han