From owner-freebsd-hackers@freebsd.org Sun Feb 10 15:43:38 2019 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DC03414D0478 for ; Sun, 10 Feb 2019 15:43:37 +0000 (UTC) (envelope-from yaneurabeya@gmail.com) Received: from mail-pg1-x52d.google.com (mail-pg1-x52d.google.com [IPv6:2607:f8b0:4864:20::52d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C83EE84D4E; Sun, 10 Feb 2019 15:43:36 +0000 (UTC) (envelope-from yaneurabeya@gmail.com) Received: by mail-pg1-x52d.google.com with SMTP id m1so3795958pgq.8; Sun, 10 Feb 2019 07:43:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=waQX1cNxSYtj1eyGEcYkhbH3qLbvm/2Sy1bNMYfoK8Y=; b=IPLQKc0ZQPNrxoHX4/ma3/edMmEEJqNNpbq/7LdlADf8ZVHoaCKU+HkgYifaNwmuaD ClvEPb24JSSpMdFgCkWI+b8sWux9JbJGrED/w3j12w7JL331KsoVBHwm72OrMbORtVDw pkbFPKCPMYM4CGxkYTZBOQ9olrMyKH1B9ivXCwGy0GJxJn1jiajU1DQXj5uCD4t0RYCi sNcNytaXrcp/m5DI+KnYwV+2WysLvq+EPBDS7IeG2pS+aT5Y7COPMgS7A6vhgb+yApi0 pe724IO2hnrMaocoSgRwQMIq5RfJJckMOtecaEPfQsmUwIvzL7emiCVxWOzlADWKQVGN OVTw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=waQX1cNxSYtj1eyGEcYkhbH3qLbvm/2Sy1bNMYfoK8Y=; b=fvMKPxVKxg0EnvcD2TaadB4LNbcTf2l8jqC3KN5N4wCjDry8FQuC8f3UEpK9rnU+wH nesxz12QYff2yU0bhPoI+IrWdpSUaDEMp9ayJBfuaT1G7/bRVsfpuC3VK9EiGuIuzY9N 1zhXyqRQbmXhq7oPgQiCPGJ3OMsIaPllrUyPitRDlQFPPr+XDEDDCr+T/F4n8yzzGtfW SwTtgNVEBg755E5mSkxOY2CYdkgDyXwIOToW4rc3suaXSyVlfniuv6sACOiG1ovzHcgy spaXiIz6+QlzZ8Q7ujhGBcwsmWMGqCRhzDhGWX+BdDjWbV8Zc3urL/739hoVdYQ0h5+g wJXw== X-Gm-Message-State: AHQUAubWu6p6CsxQhyqmijrOvQdNEbbj4mxAfgoOs0jdSnpwUyb3WU7T eY3rqGZR/Sep+n3ZFW27mMs+JGqa X-Google-Smtp-Source: AHgI3IZphPKUSokKv6l2AZ1nWj2LtVUFgq1oLTE6NllMmDg1Yz/UHh9QciEJPjVLs1tM2YHc/mPUAA== X-Received: by 2002:a63:134f:: with SMTP id 15mr29601693pgt.19.1549813415217; Sun, 10 Feb 2019 07:43:35 -0800 (PST) Received: from ?IPv6:2607:fb90:822b:cb2a:585b:33aa:30e0:3e12? ([2607:fb90:822b:cb2a:585b:33aa:30e0:3e12]) by smtp.gmail.com with ESMTPSA id n10sm11971679pfj.14.2019.02.10.07.43.34 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 10 Feb 2019 07:43:34 -0800 (PST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (1.0) Subject: Re: nosh init system From: Enji Cooper X-Mailer: iPhone Mail (16C104) In-Reply-To: <201902100420.x1A4KSxA064573@pdx.rh.CN85.dnsmgr.net> Date: Sun, 10 Feb 2019 07:43:32 -0800 Cc: Cy Schubert , "freebsd-hackers@freebsd.org" , cem@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <43C091FC-18ED-49DF-A488-784DC2329D52@gmail.com> References: <201902100420.x1A4KSxA064573@pdx.rh.CN85.dnsmgr.net> To: "Rodney W. Grimes" X-Rspamd-Queue-Id: C83EE84D4E X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=IPLQKc0Z; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of yaneurabeya@gmail.com designates 2607:f8b0:4864:20::52d as permitted sender) smtp.mailfrom=yaneurabeya@gmail.com X-Spamd-Result: default: False [-5.88 / 15.00]; TO_DN_EQ_ADDR_SOME(0.00)[]; TO_DN_SOME(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; MV_CASE(0.50)[]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; NEURAL_HAM_SHORT(-0.69)[-0.691,0]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; IP_SCORE(-2.68)[ip: (-8.89), ipnet: 2607:f8b0::/32(-2.46), asn: 15169(-1.95), country: US(-0.07)]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[d.2.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Feb 2019 15:43:38 -0000 On Feb 9, 2019, at 20:20, Rodney W. Grimes wrote: >> In message > il.com> >> , Conrad Meyer writes: >>> Hi Cy, >>>=20 >>>> On Sat, Feb 9, 2019 at 3:35 PM Cy Schubert w= rote: >>>> I don't see what's so "incredibly fragile" about rc(8). That's not to >>>> say there aren't better solutions, like SMF. >>>=20 >>> Maybe "incredibly" as a choice of adjective is inappropriate. I think >>> we (you, me, and ngie@) can all agree it is somewhat fragile, and >>> there are things SMF/systemd/nosh get right that rc(8) does not >>> (today). Anyway, your next paragraph goes on to be a good start at >>> describing some of rc's fragility. :-) >>>=20 >>>> Where rc(8) falls down is any port or a customer's (user of FreeBSD) rc= >>>> script could fail hosing the boot or worse hosing the system*. Where a >>>> solution like SMF solves the problem is that should a service which >>>> other services depend on fail, only that branch of the startup tree >>>> would fail. >>>=20 >>> Right; that's a great example. >>>=20 >>>> In that scenario, if a service fails but sshd start, a >>>> sysadmin would still be able to login remotely to resolve the problem. >>>> So in this regard rc(8) is at a disadvantage. >>>>=20 >>>> We could address the above paragraph by starting sshd earlier during >>>> boot thereby allowing the opportunity to fix remotely. >>>=20 >>> I don't think that is really sufficient without substantially >>> modifying init+rc to be closer to something like systemd or SMF, >>> anyway. And then we'd rather just have something like SMF :-). >>=20 >> I'd rather see SMF but a number felt a CDDL licensed init was=20 >> unacceptable -- except for the fact that SMF doesn't replace init. >>=20 >>>=20 >>> As soon as *any* rc service fails to start (signal, non-zero exit, >>> stop_boot), rc(8) exits non-zero, causing init(8) to go to single >>> user. All service state is thrown away with rc(8) exit, but any rc.d >>> "services" that managed to start before boot failed are not >>> terminated. Even if an admin manages to log in and fix the >>> configuration, re-starting rc(8) restarts the runcom process from >>> scratch, as if nothing had already been done, without first stopping >>> anything that was already running. The only safe, reproducible way to >>> re-start rc(8) is to fully reboot the system. >=20 > It -should- be safe to restart rc, as rc scripts should check to > see if the item they are being requested to start is already running, > rc scripts that fail to have this check are defective and should be > fixed. You should be able to invate /etc/rc.d/foo start as many > times as you want in a row and only get 1 instance of foo, with the > other starts returning "foo already running" Same with stop. I=E2=80=99m not sure if Conrad is referring to the isilon way of restarting s= ervices. If so, the isilon parallel start process would effectively wipe the= slate clean and restart everything if interrupted, which (because of the na= ture of cleanvar, etc), would wipe out any and all pidfiles, resulting in in= weird set of services which fail to start on next run through. In short, I think the fact that isilon didn=E2=80=99t mount tmpfs to /var/ru= n was begging for pain, as it=E2=80=99s a directory one should only setup on= ce at boot. That being said, there are other pseudo services that aren=E2=80=99t necessa= rily idempotent. If they run twice, the second run could result in breakage t= o other dependent services run after them. Thanks, -Enji=