]>
Commit | Line | Data |
---|---|---|
dce94d0e WB |
1 | //! Helpers for daemons/services. |
2 | ||
3 | use std::ffi::CString; | |
083ff3fd | 4 | use std::future::Future; |
9c351a36 | 5 | use std::os::raw::{c_char, c_int}; |
620dccf1 | 6 | use std::os::unix::io::{AsRawFd, FromRawFd, IntoRawFd, RawFd}; |
dce94d0e WB |
7 | use std::os::unix::ffi::OsStrExt; |
8 | use std::panic::UnwindSafe; | |
083ff3fd WB |
9 | use std::pin::Pin; |
10 | use std::task::{Context, Poll}; | |
dce94d0e WB |
11 | |
12 | use failure::*; | |
4422ba2c | 13 | |
ca3c3ce9 WB |
14 | use proxmox::tools::io::{ReadExt, WriteExt}; |
15 | ||
e3f41f21 | 16 | use crate::server; |
620dccf1 | 17 | use crate::tools::{fd_change_cloexec, self}; |
dce94d0e WB |
18 | |
19 | // Unfortunately FnBox is nightly-only and Box<FnOnce> is unusable, so just use Box<Fn>... | |
620dccf1 | 20 | pub type BoxedStoreFunc = Box<dyn FnMut() -> Result<String, Error> + UnwindSafe + Send>; |
dce94d0e WB |
21 | |
22 | /// Helper trait to "store" something in the environment to be re-used after re-executing the | |
23 | /// service on a reload. | |
e4311382 | 24 | pub trait Reloadable: Sized { |
dce94d0e | 25 | fn restore(var: &str) -> Result<Self, Error>; |
620dccf1 | 26 | fn get_store_func(&self) -> Result<BoxedStoreFunc, Error>; |
dce94d0e WB |
27 | } |
28 | ||
29 | /// Manages things to be stored and reloaded upon reexec. | |
30 | /// Anything which should be restorable should be instantiated via this struct's `restore` method, | |
62ee2eb4 | 31 | #[derive(Default)] |
e4311382 | 32 | pub struct Reloader { |
dce94d0e WB |
33 | pre_exec: Vec<PreExecEntry>, |
34 | } | |
35 | ||
36 | // Currently we only need environment variables for storage, but in theory we could also add | |
37 | // variants which need temporary files or pipes... | |
38 | struct PreExecEntry { | |
39 | name: &'static str, // Feel free to change to String if necessary... | |
40 | store_fn: BoxedStoreFunc, | |
41 | } | |
42 | ||
e4311382 | 43 | impl Reloader { |
dce94d0e WB |
44 | pub fn new() -> Self { |
45 | Self { | |
46 | pre_exec: Vec::new(), | |
47 | } | |
48 | } | |
49 | ||
50 | /// Restore an object from an environment variable of the given name, or, if none exists, uses | |
51 | /// the function provided in the `or_create` parameter to instantiate the new "first" instance. | |
52 | /// | |
53 | /// Values created via this method will be remembered for later re-execution. | |
083ff3fd | 54 | pub async fn restore<T, F, U>(&mut self, name: &'static str, or_create: F) -> Result<T, Error> |
dce94d0e | 55 | where |
e4311382 | 56 | T: Reloadable, |
083ff3fd WB |
57 | F: FnOnce() -> U, |
58 | U: Future<Output = Result<T, Error>>, | |
dce94d0e WB |
59 | { |
60 | let res = match std::env::var(name) { | |
61 | Ok(varstr) => T::restore(&varstr)?, | |
083ff3fd | 62 | Err(std::env::VarError::NotPresent) => or_create().await?, |
dce94d0e WB |
63 | Err(_) => bail!("variable {} has invalid value", name), |
64 | }; | |
65 | ||
66 | self.pre_exec.push(PreExecEntry { | |
67 | name, | |
620dccf1 | 68 | store_fn: res.get_store_func()?, |
dce94d0e WB |
69 | }); |
70 | Ok(res) | |
71 | } | |
72 | ||
73 | fn pre_exec(self) -> Result<(), Error> { | |
620dccf1 | 74 | for mut item in self.pre_exec { |
dce94d0e WB |
75 | std::env::set_var(item.name, (item.store_fn)()?); |
76 | } | |
77 | Ok(()) | |
78 | } | |
79 | ||
80 | pub fn fork_restart(self) -> Result<(), Error> { | |
81 | // Get the path to our executable as CString | |
82 | let exe = CString::new( | |
83 | std::fs::read_link("/proc/self/exe")? | |
84 | .into_os_string() | |
85 | .as_bytes() | |
86 | )?; | |
87 | ||
88 | // Get our parameters as Vec<CString> | |
89 | let args = std::env::args_os(); | |
90 | let mut new_args = Vec::with_capacity(args.len()); | |
91 | for arg in args { | |
92 | new_args.push(CString::new(arg.as_bytes())?); | |
93 | } | |
94 | ||
5e5eed5c WB |
95 | // Synchronisation pipe: |
96 | let (pin, pout) = super::pipe()?; | |
97 | ||
dce94d0e WB |
98 | // Start ourselves in the background: |
99 | use nix::unistd::{fork, ForkResult}; | |
100 | match fork() { | |
101 | Ok(ForkResult::Child) => { | |
5e5eed5c WB |
102 | // Double fork so systemd can supervise us without nagging... |
103 | match fork() { | |
104 | Ok(ForkResult::Child) => { | |
105 | std::mem::drop(pin); | |
106 | // At this point we call pre-exec helpers. We must be certain that if they fail for | |
107 | // whatever reason we can still call `_exit()`, so use catch_unwind. | |
108 | match std::panic::catch_unwind(move || { | |
109 | let mut pout = unsafe { | |
110 | std::fs::File::from_raw_fd(pout.into_raw_fd()) | |
111 | }; | |
112 | let pid = nix::unistd::Pid::this(); | |
ca3c3ce9 | 113 | if let Err(e) = unsafe { pout.write_host_value(pid.as_raw()) } { |
5e5eed5c WB |
114 | log::error!("failed to send new server PID to parent: {}", e); |
115 | unsafe { | |
116 | libc::_exit(-1); | |
117 | } | |
118 | } | |
119 | std::mem::drop(pout); | |
120 | self.do_exec(exe, new_args) | |
121 | }) | |
122 | { | |
123 | Ok(_) => eprintln!("do_exec returned unexpectedly!"), | |
124 | Err(_) => eprintln!("panic in re-exec"), | |
125 | } | |
126 | } | |
127 | Ok(ForkResult::Parent { child }) => { | |
128 | std::mem::drop((pin, pout)); | |
129 | log::debug!("forked off a new server (second pid: {})", child); | |
130 | } | |
131 | Err(e) => log::error!("fork() failed, restart delayed: {}", e), | |
dce94d0e WB |
132 | } |
133 | // No matter how we managed to get here, this is the time where we bail out quickly: | |
134 | unsafe { | |
135 | libc::_exit(-1) | |
136 | } | |
137 | } | |
138 | Ok(ForkResult::Parent { child }) => { | |
5e5eed5c WB |
139 | log::debug!("forked off a new server (first pid: {}), waiting for 2nd pid", child); |
140 | std::mem::drop(pout); | |
141 | let mut pin = unsafe { | |
142 | std::fs::File::from_raw_fd(pin.into_raw_fd()) | |
143 | }; | |
ca3c3ce9 | 144 | let child = nix::unistd::Pid::from_raw(match unsafe { pin.read_le_value() } { |
5e5eed5c WB |
145 | Ok(v) => v, |
146 | Err(e) => { | |
147 | log::error!("failed to receive pid of double-forked child process: {}", e); | |
148 | // systemd will complain but won't kill the service... | |
149 | return Ok(()); | |
150 | } | |
151 | }); | |
152 | ||
d98c9a7a WB |
153 | if let Err(e) = systemd_notify(SystemdNotify::MainPid(child)) { |
154 | log::error!("failed to notify systemd about the new main pid: {}", e); | |
155 | } | |
dce94d0e WB |
156 | Ok(()) |
157 | } | |
158 | Err(e) => { | |
5e5eed5c | 159 | log::error!("fork() failed, restart delayed: {}", e); |
dce94d0e WB |
160 | Ok(()) |
161 | } | |
162 | } | |
163 | } | |
164 | ||
165 | fn do_exec(self, exe: CString, args: Vec<CString>) -> Result<(), Error> { | |
166 | self.pre_exec()?; | |
167 | nix::unistd::setsid()?; | |
168 | nix::unistd::execvp(&exe, &args)?; | |
169 | Ok(()) | |
170 | } | |
171 | } | |
4422ba2c | 172 | |
af70c181 | 173 | // For now all we need to do is store and reuse a tcp listening socket: |
e4311382 | 174 | impl Reloadable for tokio::net::TcpListener { |
af70c181 WB |
175 | // NOTE: The socket must not be closed when the store-function is called: |
176 | // FIXME: We could become "independent" of the TcpListener and its reference to the file | |
177 | // descriptor by `dup()`ing it (and check if the listener still exists via kcmp()?) | |
620dccf1 WB |
178 | fn get_store_func(&self) -> Result<BoxedStoreFunc, Error> { |
179 | let mut fd_opt = Some(tools::Fd( | |
180 | nix::fcntl::fcntl(self.as_raw_fd(), nix::fcntl::FcntlArg::F_DUPFD_CLOEXEC(0))? | |
181 | )); | |
182 | Ok(Box::new(move || { | |
183 | let fd = fd_opt.take().unwrap(); | |
184 | fd_change_cloexec(fd.as_raw_fd(), false)?; | |
185 | Ok(fd.into_raw_fd().to_string()) | |
186 | })) | |
af70c181 WB |
187 | } |
188 | ||
189 | fn restore(var: &str) -> Result<Self, Error> { | |
190 | let fd = var.parse::<u32>() | |
191 | .map_err(|e| format_err!("invalid file descriptor: {}", e))? | |
192 | as RawFd; | |
193 | fd_change_cloexec(fd, true)?; | |
194 | Ok(Self::from_std( | |
195 | unsafe { std::net::TcpListener::from_raw_fd(fd) }, | |
af70c181 WB |
196 | )?) |
197 | } | |
198 | } | |
a690ecac | 199 | |
083ff3fd WB |
200 | pub struct NotifyReady; |
201 | ||
202 | impl Future for NotifyReady { | |
203 | type Output = Result<(), Error>; | |
204 | ||
205 | fn poll(self: Pin<&mut Self>, _cx: &mut Context) -> Poll<Result<(), Error>> { | |
206 | systemd_notify(SystemdNotify::Ready)?; | |
207 | Poll::Ready(Ok(())) | |
208 | } | |
209 | } | |
210 | ||
a690ecac WB |
211 | /// This creates a future representing a daemon which reloads itself when receiving a SIGHUP. |
212 | /// If this is started regularly, a listening socket is created. In this case, the file descriptor | |
213 | /// number will be remembered in `PROXMOX_BACKUP_LISTEN_FD`. | |
214 | /// If the variable already exists, its contents will instead be used to restore the listening | |
215 | /// socket. The finished listening socket is then passed to the `create_service` function which | |
216 | /// can be used to setup the TLS and the HTTP daemon. | |
083ff3fd | 217 | pub async fn create_daemon<F, S>( |
a690ecac WB |
218 | address: std::net::SocketAddr, |
219 | create_service: F, | |
083ff3fd | 220 | ) -> Result<(), Error> |
a690ecac | 221 | where |
083ff3fd | 222 | F: FnOnce(tokio::net::TcpListener, NotifyReady) -> Result<S, Error>, |
0f5856ac | 223 | S: Future<Output = ()>, |
a690ecac WB |
224 | { |
225 | let mut reloader = Reloader::new(); | |
226 | ||
227 | let listener: tokio::net::TcpListener = reloader.restore( | |
228 | "PROXMOX_BACKUP_LISTEN_FD", | |
083ff3fd WB |
229 | move || async move { Ok(tokio::net::TcpListener::bind(&address).await?) }, |
230 | ).await?; | |
a690ecac | 231 | |
083ff3fd | 232 | create_service(listener, NotifyReady)?.await; |
a690ecac | 233 | |
a690ecac WB |
234 | let mut reloader = Some(reloader); |
235 | ||
083ff3fd WB |
236 | crate::tools::request_shutdown(); // make sure we are in shutdown mode |
237 | if server::is_reload_request() { | |
238 | log::info!("daemon reload..."); | |
239 | if let Err(e) = systemd_notify(SystemdNotify::Reloading) { | |
240 | log::error!("failed to notify systemd about the state change: {}", e); | |
241 | } | |
242 | if let Err(e) = reloader.take().unwrap().fork_restart() { | |
243 | log::error!("error during reload: {}", e); | |
62ee2eb4 | 244 | let _ = systemd_notify(SystemdNotify::Status("error during reload".to_string())); |
083ff3fd WB |
245 | } |
246 | } else { | |
247 | log::info!("daemon shutting down..."); | |
248 | } | |
249 | Ok(()) | |
a690ecac | 250 | } |
9c351a36 WB |
251 | |
252 | #[link(name = "systemd")] | |
253 | extern "C" { | |
254 | fn sd_notify(unset_environment: c_int, state: *const c_char) -> c_int; | |
255 | } | |
256 | ||
257 | pub enum SystemdNotify { | |
258 | Ready, | |
259 | Reloading, | |
260 | Stopping, | |
261 | Status(String), | |
262 | MainPid(nix::unistd::Pid), | |
263 | } | |
264 | ||
265 | pub fn systemd_notify(state: SystemdNotify) -> Result<(), Error> { | |
266 | let message = match state { | |
267 | SystemdNotify::Ready => CString::new("READY=1"), | |
268 | SystemdNotify::Reloading => CString::new("RELOADING=1"), | |
269 | SystemdNotify::Stopping => CString::new("STOPPING=1"), | |
270 | SystemdNotify::Status(msg) => CString::new(format!("STATUS={}", msg)), | |
271 | SystemdNotify::MainPid(pid) => CString::new(format!("MAINPID={}", pid)), | |
272 | }?; | |
273 | let rc = unsafe { sd_notify(0, message.as_ptr()) }; | |
274 | if rc < 0 { | |
275 | bail!( | |
276 | "systemd_notify failed: {}", | |
277 | std::io::Error::from_raw_os_error(-rc), | |
278 | ); | |
279 | } | |
280 | Ok(()) | |
281 | } |