2b61bbee11
- Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14
290 lines
10 KiB
Diff
290 lines
10 KiB
Diff
From 10e635167418fdf7a896b2cb3d095fd345053103 Mon Sep 17 00:00:00 2001
|
|
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
Date: Sun, 8 May 2016 14:46:25 +0200
|
|
Subject: [PATCH 26/39] MONITOR: Remove the no longer used kill_service command
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
After introducing the watchdog, the force_timeout option is no longer
|
|
used.
|
|
|
|
Resolves:
|
|
https://fedorahosted.org/sssd/ticket/3052
|
|
|
|
Reviewed-by: Petr Čech <pcech@redhat.com>
|
|
(cherry picked from commit fa93cd0f0fc75a6d635079e67788f8a9fe183c3c)
|
|
---
|
|
src/confdb/confdb.h | 1 -
|
|
src/man/sssd.conf.5.xml | 33 ------------
|
|
src/monitor/monitor.c | 141 ------------------------------------------------
|
|
3 files changed, 175 deletions(-)
|
|
|
|
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
|
|
index 58a085ba954cf75a5c756d6f8fbd04e6fa49a687..401e5fbf7ed6bb9e8d7158dfab378c8159aa03db 100644
|
|
--- a/src/confdb/confdb.h
|
|
+++ b/src/confdb/confdb.h
|
|
@@ -58,7 +58,6 @@
|
|
#define CONFDB_SERVICE_DEBUG_TIMESTAMPS "debug_timestamps"
|
|
#define CONFDB_SERVICE_DEBUG_MICROSECONDS "debug_microseconds"
|
|
#define CONFDB_SERVICE_DEBUG_TO_FILES "debug_to_files"
|
|
-#define CONFDB_SERVICE_FORCE_TIMEOUT "force_timeout"
|
|
#define CONFDB_SERVICE_RECON_RETRIES "reconnection_retries"
|
|
#define CONFDB_SERVICE_FD_LIMIT "fd_limit"
|
|
#define CONFDB_SERVICE_ALLOWED_UIDS "allowed_uids"
|
|
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
|
|
index e95a7e7e213e07c15e79185730d481e5afceb69c..ae291e0fc8f2f9afabcdf32f18a5ec12252bbbbf 100644
|
|
--- a/src/man/sssd.conf.5.xml
|
|
+++ b/src/man/sssd.conf.5.xml
|
|
@@ -549,22 +549,6 @@
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
- <term>force_timeout (integer)</term>
|
|
- <listitem>
|
|
- <para>
|
|
- If a service is not responding to ping checks (see
|
|
- the <quote>timeout</quote> option), it is first sent
|
|
- the SIGTERM signal that instructs it to quit gracefully.
|
|
- If the service does not terminate after <quote>force_timeout</quote>
|
|
- seconds, the monitor will forcibly shut it down by
|
|
- sending a SIGKILL signal.
|
|
- </para>
|
|
- <para>
|
|
- Default: 60
|
|
- </para>
|
|
- </listitem>
|
|
- </varlistentry>
|
|
- <varlistentry>
|
|
<term>offline_timeout (integer)</term>
|
|
<listitem>
|
|
<para>
|
|
@@ -1453,23 +1437,6 @@ pam_account_locked_message = Account locked, please contact help desk.
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
- <term>force_timeout (integer)</term>
|
|
- <listitem>
|
|
- <para>
|
|
- If a service is not responding to ping checks (see
|
|
- the <quote>timeout</quote> option), it is first sent
|
|
- the SIGTERM signal that instructs it to quit gracefully.
|
|
- If the service does not terminate after <quote>force_timeout</quote>
|
|
- seconds, the monitor will forcibly shut it down by
|
|
- sending a SIGKILL signal.
|
|
- </para>
|
|
- <para>
|
|
- Default: 60
|
|
- </para>
|
|
- </listitem>
|
|
- </varlistentry>
|
|
-
|
|
- <varlistentry>
|
|
<term>entry_cache_timeout (integer)</term>
|
|
<listitem>
|
|
<para>
|
|
diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c
|
|
index f97b2a960b1835540357714b608feac54c2d72c5..1f89c5a79feab8a921ce2f9132763b37ab506596 100644
|
|
--- a/src/monitor/monitor.c
|
|
+++ b/src/monitor/monitor.c
|
|
@@ -114,8 +114,6 @@ struct mt_svc {
|
|
|
|
int kill_time;
|
|
|
|
- struct tevent_timer *kill_timer;
|
|
-
|
|
bool svc_started;
|
|
|
|
int restarts;
|
|
@@ -176,8 +174,6 @@ static int monitor_service_init(struct sbus_connection *conn, void *data);
|
|
|
|
static int service_signal_reset_offline(struct mt_svc *svc);
|
|
|
|
-static int monitor_kill_service (struct mt_svc *svc);
|
|
-
|
|
static int get_service_config(struct mt_ctx *ctx, const char *name,
|
|
struct mt_svc **svc_cfg);
|
|
static int get_provider_config(struct mt_ctx *ctx, const char *name,
|
|
@@ -542,95 +538,6 @@ static int monitor_dbus_init(struct mt_ctx *ctx)
|
|
}
|
|
|
|
static void monitor_restart_service(struct mt_svc *svc);
|
|
-static void mt_svc_sigkill(struct tevent_context *ev,
|
|
- struct tevent_timer *te,
|
|
- struct timeval t, void *ptr);
|
|
-static int monitor_kill_service (struct mt_svc *svc)
|
|
-{
|
|
- int ret;
|
|
- struct timeval tv;
|
|
-
|
|
- ret = kill(svc->pid, SIGTERM);
|
|
- if (ret == -1) {
|
|
- ret = errno;
|
|
- DEBUG(SSSDBG_FATAL_FAILURE,
|
|
- "Sending signal to child (%s:%d) failed: [%d]: %s! "
|
|
- "Ignore and pretend child is dead.\n",
|
|
- svc->name, svc->pid, ret, strerror(ret));
|
|
- /* The only thing we can try here is to launch a new process
|
|
- * and hope that it works.
|
|
- */
|
|
- monitor_restart_service(svc);
|
|
- return EOK;
|
|
- }
|
|
-
|
|
- /* Set up a timer to send SIGKILL if this process
|
|
- * doesn't exit within the configured interval
|
|
- */
|
|
- tv = tevent_timeval_current_ofs(svc->kill_time, 0);
|
|
- svc->kill_timer = tevent_add_timer(svc->mt_ctx->ev,
|
|
- svc,
|
|
- tv,
|
|
- mt_svc_sigkill,
|
|
- svc);
|
|
- if (svc->kill_timer == NULL) {
|
|
- /* Nothing much we can do */
|
|
- DEBUG(SSSDBG_CRIT_FAILURE,
|
|
- "Failed to allocate timed event: mt_svc_sigkill.\n");
|
|
- /* We'll just have to hope that the SIGTERM succeeds */
|
|
- }
|
|
- return EOK;
|
|
-}
|
|
-
|
|
-static void mt_svc_sigkill(struct tevent_context *ev,
|
|
- struct tevent_timer *te,
|
|
- struct timeval t, void *ptr)
|
|
-{
|
|
- int ret;
|
|
- struct mt_svc *svc = talloc_get_type(ptr, struct mt_svc);
|
|
-
|
|
- DEBUG(SSSDBG_FATAL_FAILURE,
|
|
- "[%s][%d] is not responding to SIGTERM. Sending SIGKILL.\n",
|
|
- svc->name, svc->pid);
|
|
- sss_log(SSS_LOG_ERR,
|
|
- "[%s][%d] is not responding to SIGTERM. Sending SIGKILL.\n",
|
|
- svc->name, svc->pid);
|
|
-
|
|
- /* timer was succesfully executed and it will be released by tevent */
|
|
- svc->kill_timer = NULL;
|
|
-
|
|
- ret = kill(svc->pid, SIGKILL);
|
|
- if (ret != EOK) {
|
|
- ret = errno;
|
|
- DEBUG(SSSDBG_FATAL_FAILURE,
|
|
- "Sending signal to child (%s:%d) failed! "
|
|
- "Ignore and pretend child is dead.\n",
|
|
- svc->name, svc->pid);
|
|
-
|
|
- if (ret == ESRCH) {
|
|
- /* The process doesn't exist
|
|
- * This most likely means we hit a race where
|
|
- * the SIGTERM concluded just after the timer
|
|
- * fired but before we called kill() here.
|
|
- * We'll just do nothing, since the
|
|
- * mt_svc_exit_handler() should be doing the
|
|
- * necessary work.
|
|
- */
|
|
- return;
|
|
- }
|
|
-
|
|
- /* Something went really wrong.
|
|
- * The only thing we can try here is to launch a new process
|
|
- * and hope that it works.
|
|
- */
|
|
- monitor_restart_service(svc);
|
|
- }
|
|
-
|
|
- /* The process should terminate immediately and then be
|
|
- * restarted by the mt_svc_exit_handler()
|
|
- */
|
|
- return;
|
|
-}
|
|
|
|
static void reload_reply(DBusPendingCall *pending, void *data)
|
|
{
|
|
@@ -708,7 +615,6 @@ static int service_signal(struct mt_svc *svc, const char *svc_signal)
|
|
DEBUG(SSSDBG_FATAL_FAILURE,
|
|
"Out of memory trying to allocate memory to invoke: %s\n",
|
|
svc_signal);
|
|
- monitor_kill_service(svc);
|
|
return ENOMEM;
|
|
}
|
|
|
|
@@ -992,32 +898,6 @@ static int get_monitor_config(struct mt_ctx *ctx)
|
|
return EOK;
|
|
}
|
|
|
|
-static errno_t get_kill_config(struct mt_ctx *ctx, const char *path,
|
|
- struct mt_svc *svc)
|
|
-{
|
|
- errno_t ret;
|
|
-
|
|
- ret = confdb_get_int(ctx->cdb, path,
|
|
- CONFDB_SERVICE_FORCE_TIMEOUT,
|
|
- MONITOR_DEF_FORCE_TIME, &svc->kill_time);
|
|
- if (ret != EOK) {
|
|
- DEBUG(SSSDBG_CRIT_FAILURE,
|
|
- "Failed to get kill timeout for %s\n", svc->name);
|
|
- return ret;
|
|
- }
|
|
-
|
|
- /* 'force_timeout = 0' should be translated to the default */
|
|
- if (svc->kill_time == 0) {
|
|
- svc->kill_time = MONITOR_DEF_FORCE_TIME;
|
|
- }
|
|
-
|
|
- DEBUG(SSSDBG_CONF_SETTINGS,
|
|
- "Time between SIGTERM and SIGKILL for [%s]: [%d]\n",
|
|
- svc->name, svc->kill_time);
|
|
-
|
|
- return EOK;
|
|
-}
|
|
-
|
|
/* This is a temporary function that returns false if the service
|
|
* being started was only tested when running as root.
|
|
*/
|
|
@@ -1154,14 +1034,6 @@ static int get_service_config(struct mt_ctx *ctx, const char *name,
|
|
}
|
|
}
|
|
|
|
- ret = get_kill_config(ctx, path, svc);
|
|
- if (ret != EOK) {
|
|
- DEBUG(SSSDBG_CRIT_FAILURE,
|
|
- "Failed to get kill timeouts for %s\n", svc->name);
|
|
- talloc_free(svc);
|
|
- return ret;
|
|
- }
|
|
-
|
|
svc->last_restart = now;
|
|
|
|
*svc_cfg = svc;
|
|
@@ -1249,14 +1121,6 @@ static int get_provider_config(struct mt_ctx *ctx, const char *name,
|
|
return ret;
|
|
}
|
|
|
|
- ret = get_kill_config(ctx, path, svc);
|
|
- if (ret != EOK) {
|
|
- DEBUG(SSSDBG_CRIT_FAILURE,
|
|
- "Failed to get kill timeouts for %s\n", svc->name);
|
|
- talloc_free(svc);
|
|
- return ret;
|
|
- }
|
|
-
|
|
talloc_free(path);
|
|
|
|
/* if no provider is present do not run the domain */
|
|
@@ -2540,11 +2404,6 @@ static void mt_svc_exit_handler(int pid, int wait_status, void *pvt)
|
|
"SIGCHLD handler of service %s called\n", svc->name);
|
|
svc_child_info(svc, wait_status);
|
|
|
|
- /* Clear the kill_timer so we don't try to SIGKILL it after it's
|
|
- * already gone.
|
|
- */
|
|
- talloc_zfree(svc->kill_timer);
|
|
-
|
|
/* Check the number of restart tries and relaunch the service */
|
|
monitor_restart_service(svc);
|
|
|
|
--
|
|
2.9.3
|
|
|