On Mon, Jul 28, 2008 at 12:22:33PM -0700, Jordan Brown wrote: > Renaud Manus wrote: > > The current behavior when we disable an instance is to stop the instance > > first then notify the dependents (that have restart_on set to restart or > > refresh) so they can be stopped and transition to the 'offline' state. > > This is the correct behavior with respect to the specs of SMF states > > graph. > > I'm quite surprised at this behavior; it seems completely wrong. > Services should never be running when the services that they depend on > are not running.
"Never" is a strong word :) > (I suppose that that rule must be violated when a service dies, when you Exactly. > have no choice but to shut down dependents after the dependency, but I > would say that it should never be violated in non-failure cases.) Well, no, SMF shouldn't stop dependents just because a dependency died. It *may* restart the dependents when the dead service is restarted, depending on their setting of restart_on for the given dependency. Because of this I don't think the difference in the current and requested SMF behaviors should make as big an actual difference. That said, I agree that the requested behavior makes more sense than the current behavor, and I doubt that the change would result in any incompatibilities. Nico --
