* Kedar Mhaswade <Kedar.Mhaswade at Sun.COM> [2006-06-09 10:41]:
> 1- Manifest has a "start" method and a "stop" method.
>
> This works great with "svcadm enable" and "svcadm
> disable", it also helps me bringing up the service
> on system restart.
> Where this fails is when the started server process gets
> a SIGQUIT/SIGSEGV etc. In that case, SMF
> attempts to call "stop" method and since that fails,
> the process is NOT restarted. Note that my stop
> method is "robust". In fact, that's the only way for
> an administrator to gracefully stop my server process.
> But the underlying processes themselves don't start
> gracefully at times because of many factors. I simulated
> that using "kill -9 pid".
>
> This is causing a trouble for me because I was under
> the impression that SMF watchdogs my processes.
>
> Why does SMF call "stop" method when it figures
> out that service processes are killed?
A "robust" stop method must be able to stop the execution of the
service instance regardless of its current condition--running, fully
failed, partially failed, whatever. This meaning of "stop instance
under any conditions" is what we mean when we apply the term to
robust.
Your stop method, as described, is not robust in this sense, as it
cannot handle the case where the service is partially failed. It may
be robust in some other senses, although I believe you mean that it is
a required (and perhaps exclusive) step for stopping the service
instance for some set of conditions, and that its interface is fixed.
SMF calls stop so that the remnants of a partially failed service
instance can be cleaned up--in particular, that exclusively bound
resources (like network ports and drivers) are released prior to any
attempt to restart the instance.
Your method probably needs to be augmented like
current_stop_command
if [ $? != 0 ]; then
# partial failures require blanket cleanup
# process cleanup
kill -TERM $(svcprop -p restarter/contract $SMF_FMRI)
kill -KILL $(svcprop -p restarter/contract $SMF_FMRI)
# any file or other persistent namespace cleanup
...
fi
# could test here that contract is actually empty; exit non-zero if so
exit 0
> 2- Manifest only has a "start" method.
> [First of all, manpage is confusing for "svc.startd" because
> it says "stop" method is required. I don't think it is.
> I created a manifest with only "start" method and imported
> it into SMF without any problem.]
>
> This works great with "svcadm enable" and system reboot,
> but fails with "svcadm disable" obviously because disabling
> the service does not find the "stop" method and only changes
> the visible "state" of the service as shown by svcs command.
>
> Thus, whereas this watchdogs my process, does not help me if
> I want to gracefully shut the service down.
>
> So, if SMF wouldn't be calling "stop" method on finding out
> that the service or processes thereof have been terminated,
> then that would have served my purpose.
>
> Shouldn't "stop" be called only on "svcadm disable service-name"?
Nope.
- Stephen
