3 # Abstract class to implement Daemons
6 # * lock and write PID file /var/run/$name.pid to make sure onyl
7 # one instance is running.
8 # * keep lock open during restart
9 # * correctly daemonize (redirect STDIN/STDOUT)
10 # * restart by stop/start, exec, or signal HUP
11 # * daemon restart on error (option 'restart_on_error')
12 # * handle worker processes (option 'max_workers')
13 # * allow to restart while workers are still runningl
14 # (option 'leave_children_open_on_reload')
15 # * run as different user using setuid/setgid
24 use POSIX
":sys_wait_h";
26 use Socket
qw(IPPROTO_TCP TCP_NODELAY SOMAXCONN);
30 use Time
::HiRes qw
(gettimeofday
);
32 use base
qw(PVE::CLIHandler);
34 $ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin';
36 my $daemon_initialized = 0; # we only allow one instance
37 my $daemon_sockets = [];
39 my $close_daemon_lock = sub {
42 return if !$self->{daemon_lock_fh
};
44 close $self->{daemon_lock_fh
};
45 delete $self->{daemon_lock_fh
};
51 print STDERR
"$msg\n";
52 syslog
('err', "%s", $msg);
55 # call this if you fork() from child
56 # Note: we already call this for workers, so it is only required
57 # if you fork inside a simple daemon (max_workers == 0).
58 sub after_fork_cleanup
{
61 &$close_daemon_lock($self);
63 PVE
::INotify
::inotify_close
();
65 for my $sig (qw(CHLD HUP INT TERM QUIT)) {
66 $SIG{$sig} = 'DEFAULT'; # restore default handler
67 # AnyEvent signals only works if $SIG{XX} is
68 # undefined (perl event loop)
69 delete $SIG{$sig}; # so that we can handle events with AnyEvent
73 my $lockpidfile = sub {
76 my $lkfn = $self->{pidfile
} . ".lock";
80 if (my $fd = $self->{env_pve_lock_fd
}) {
82 $self->{daemon_lock_fh
} = IO
::Handle-
>new_from_fd($fd, "a");
87 $self->{daemon_lock_fh
} = IO
::File-
>new(">>$lkfn");
90 if (!$self->{daemon_lock_fh
}) {
91 die "can't open lock '$lkfn' - $!\n";
94 for (my $i = 0; $i < $waittime; $i ++) {
95 return if flock ($self->{daemon_lock_fh
}, LOCK_EX
|LOCK_NB
);
99 if (!flock ($self->{daemon_lock_fh
}, LOCK_EX
|LOCK_NB
)) {
100 &$close_daemon_lock($self);
103 my ($running, $pid) = $self->running();
105 die "can't aquire lock '$lkfn' - daemon already started (pid = $pid)\n";
107 die "can't aquire lock '$lkfn' - $err\n";
112 my $writepidfile = sub {
115 my $pidfile = $self->{pidfile
};
117 die "can't open pid file '$pidfile' - $!\n" if !open (PIDFH
, ">$pidfile");
123 my $server_cleanup = sub {
126 unlink $self->{pidfile
} . ".lock";
127 unlink $self->{pidfile
};
130 my $finish_workers = sub {
133 foreach my $id (qw(workers old_workers)) {
134 foreach my $cpid (keys %{$self->{$id}}) {
135 my $waitpid = waitpid($cpid, WNOHANG
);
136 if (defined($waitpid) && ($waitpid == $cpid)) {
137 delete ($self->{$id}->{$cpid});
138 syslog
('info', "worker $cpid finished");
144 my $start_workers = sub {
147 return if $self->{terminate
};
150 foreach my $cpid (keys %{$self->{workers
}}) {
154 my $need = $self->{max_workers
} - $count;
156 return if $need <= 0;
158 syslog
('info', "starting $need worker(s)");
163 if (!defined ($pid)) {
164 syslog
('err', "can't fork worker");
166 } elsif ($pid) { # parent
167 $self->{workers
}->{$pid} = 1;
168 syslog
('info', "worker $pid started");
171 $0 = "$self->{name} worker";
173 $self->after_fork_cleanup();
175 eval { $self->run(); };
178 sleep(5); # avoid fast restarts
181 syslog
('info', "worker exit");
187 my $terminate_old_workers = sub {
190 # if list is empty kill sends no signal, so no checks needed
191 kill 15, keys %{$self->{old_workers
}};
194 my $terminate_server = sub {
195 my ($self, $allow_open_children) = @_;
197 $self->{terminate
} = 1; # set flag to avoid worker restart
199 if (!$self->{max_workers
}) {
200 eval { $self->shutdown(); };
205 eval { $self->shutdown(); };
209 # if configured, leave children running on HUP
210 return if $allow_open_children && $self->{leave_children_open_on_reload
};
212 # else send TERM to all (old and current) child workers
213 kill 15, keys %{$self->@{'workers','old_workers'}};
215 # nicely shutdown childs (give them max 10 seconds to shut down)
216 my $previous_alarm = alarm(10);
218 local $SIG{ALRM
} = sub { die "timeout\n" };
220 while ((my $pid = waitpid (-1, 0)) > 0) {
221 foreach my $id (qw(workers old_workers)) {
222 if (defined($self->{$id}->{$pid})) {
223 delete($self->{$id}->{$pid});
224 syslog
('info', "worker $pid finished");
228 alarm(0); # avoid race condition
232 alarm ($previous_alarm);
235 syslog
('err', "error stopping workers (will kill them now) - $err");
236 foreach my $id (qw(workers old_workers)) {
237 foreach my $cpid (keys %{$self->{$id}}) {
238 # KILL childs still alive!
239 if (kill (0, $cpid)) {
240 delete($self->{$id}->{$cpid});
241 syslog
("err", "kill worker $cpid");
253 initlog
($self->{name
});
255 my $restart = $ENV{RESTART_PVE_DAEMON
};
256 delete $ENV{RESTART_PVE_DAEMON
};
257 $self->{env_restart_pve_daemon
} = $restart;
259 my $lockfd = $ENV{PVE_DAEMON_LOCK_FD
};
260 delete $ENV{PVE_DAEMON_LOCK_FD
};
261 if (defined($lockfd)) {
262 die "unable to parse lock fd '$lockfd'\n"
263 if $lockfd !~ m/^(\d+)$/;
264 $lockfd = $1; # untaint
266 $self->{env_pve_lock_fd
} = $lockfd;
268 die "please run as root\n" if !$restart && ($> != 0);
270 die "can't create more that one PVE::Daemon" if $daemon_initialized;
271 $daemon_initialized = 1;
273 PVE
::INotify
::inotify_init
();
275 if (my $gidstr = $self->{setgid
}) {
276 my $gid = getgrnam($gidstr) || die "getgrnam failed - $!\n";
277 POSIX
::setgid
($gid) || die "setgid $gid failed - $!\n";
278 $EGID = "$gid $gid"; # this calls setgroups
280 die "detected strange gid\n" if !($GID eq "$gid $gid" && $EGID eq "$gid $gid");
283 if (my $uidstr = $self->{setuid
}) {
284 my $uid = getpwnam($uidstr) || die "getpwnam failed - $!\n";
285 POSIX
::setuid
($uid) || die "setuid $uid failed - $!\n";
287 die "detected strange uid\n" if !($UID == $uid && $EUID == $uid);
290 if ($restart && $self->{max_workers
}) {
291 if (my $wpids = $ENV{PVE_DAEMON_WORKER_PIDS
}) {
292 foreach my $pid (split(':', $wpids)) {
293 if ($pid =~ m/^(\d+)$/) {
294 $self->{old_workers
}->{$1} = 1;
300 $self->{nodename
} = PVE
::INotify
::nodename
();
303 my $server_run = sub {
304 my ($self, $debug) = @_;
306 # fixme: handle restart lockfd
307 &$lockpidfile($self);
309 # remove FD_CLOEXEC bit to reuse on exec
310 $self->{daemon_lock_fh
}->fcntl(Fcntl
::F_SETFD
(), 0);
312 $ENV{PVE_DAEMON_LOCK_FD
} = $self->{daemon_lock_fh
}->fileno;
317 $self->{debug
} = 1 if $debug;
322 open STDIN
, '</dev/null' || die "can't read /dev/null";
323 open STDOUT
, '>/dev/null' || die "can't write /dev/null";
326 if (!$self->{env_restart_pve_daemon
} && !$debug) {
327 PVE
::INotify
::inotify_close
();
329 if (!defined ($spid)) {
330 die "can't put server into background - fork failed";
331 } elsif ($spid) { # parent
334 PVE
::INotify
::inotify_init
();
337 if ($self->{env_restart_pve_daemon
}) {
338 syslog
('info' , "restarting server");
340 &$writepidfile($self);
341 syslog
('info' , "starting server");
346 open STDERR
, '>&STDOUT' || die "can't close STDERR\n";
348 my $old_sig_term = $SIG{TERM
};
349 local $SIG{TERM
} = sub {
350 local ($@, $!, $?); # do not overwrite error vars
351 syslog
('info', "received signal TERM");
352 &$terminate_server($self, 0);
353 &$server_cleanup($self);
354 &$old_sig_term(@_) if $old_sig_term;
357 my $old_sig_quit = $SIG{QUIT
};
358 local $SIG{QUIT
} = sub {
359 local ($@, $!, $?); # do not overwrite error vars
360 syslog
('info', "received signal QUIT");
361 &$terminate_server($self, 0);
362 &$server_cleanup($self);
363 &$old_sig_quit(@_) if $old_sig_quit;
366 my $old_sig_int = $SIG{INT
};
367 local $SIG{INT
} = sub {
368 local ($@, $!, $?); # do not overwrite error vars
369 syslog
('info', "received signal INT");
370 $SIG{INT
} = 'DEFAULT'; # allow to terminate now
371 &$terminate_server($self, 0);
372 &$server_cleanup($self);
373 &$old_sig_int(@_) if $old_sig_int;
377 local ($@, $!, $?); # do not overwrite error vars
378 syslog
('info', "received signal HUP");
379 $self->{got_hup_signal
} = 1;
380 if ($self->{max_workers
}) {
381 &$terminate_server($self, 1);
382 } elsif ($self->can('hup')) {
383 eval { $self->hup() };
389 if ($self->{max_workers
}) {
390 my $old_sig_chld = $SIG{CHLD
};
391 local $SIG{CHLD
} = sub {
392 local ($@, $!, $?); # do not overwrite error vars
393 &$finish_workers($self);
394 &$old_sig_chld(@_) if $old_sig_chld;
397 # now loop forever (until we receive terminate signal)
399 &$start_workers($self);
401 &$terminate_old_workers($self);
402 &$finish_workers($self);
403 last if $self->{terminate
};
413 syslog
('err', "ERROR: $err");
415 &$terminate_server($self, 1);
417 if (my $wait_time = $self->{restart_on_error
}) {
418 $self->restart_daemon($wait_time);
420 $self->exit_daemon(-1);
424 if ($self->{got_hup_signal
}) {
425 $self->restart_daemon();
427 $self->exit_daemon(0);
432 my ($this, $name, $cmdline, %params) = @_;
434 $name = 'daemon' if !$name; # should not happen
439 my $class = ref($this) || $this;
443 pidfile
=> "/var/run/${name}.pid",
449 foreach my $opt (keys %params) {
450 my $value = $params{$opt};
451 if ($opt eq 'restart_on_error') {
452 $self->{$opt} = $value;
453 } elsif ($opt eq 'stop_wait_time') {
454 $self->{$opt} = $value;
455 } elsif ($opt eq 'pidfile') {
456 $self->{$opt} = $value;
457 } elsif ($opt eq 'max_workers') {
458 $self->{$opt} = $value;
459 } elsif ($opt eq 'leave_children_open_on_reload') {
460 $self->{$opt} = $value;
461 } elsif ($opt eq 'setgid') {
462 $self->{$opt} = $value;
463 } elsif ($opt eq 'setuid') {
464 $self->{$opt} = $value;
466 die "unknown daemon option '$opt'\n";
472 $self->{cmdline
} = [map { /^(.*)$/ } @$cmdline];
485 my ($self, $status) = @_;
487 syslog
("info", "server stopped");
489 &$server_cleanup($self);
495 my ($self, $waittime) = @_;
497 syslog
('info', "server shutdown (restart)");
499 $ENV{RESTART_PVE_DAEMON
} = 1;
501 foreach my $ds (@$daemon_sockets) {
502 $ds->fcntl(Fcntl
::F_SETFD
(), 0);
505 if ($self->{max_workers
}) {
506 my @workers = keys %{$self->{workers
}};
507 push @workers, keys %{$self->{old_workers
}};
508 $ENV{PVE_DAEMON_WORKER_PIDS
} = join(':', @workers);
511 sleep($waittime) if $waittime; # avoid high server load due to restarts
513 PVE
::INotify
::inotify_close
();
515 exec (@{$self->{cmdline
}});
517 exit (-1); # never reached?
520 # please overwrite in subclass
521 # this is called at startup - before forking
527 # please overwrite in subclass
531 syslog
('info' , "server closing");
533 if (!$self->{max_workers
}) {
535 1 while (waitpid(-1, POSIX
::WNOHANG
()) > 0);
539 # please define in subclass
543 # syslog('info' , "received signal HUP (restart)");
546 # please overwrite in subclass
551 syslog
('info' , "server is running");
557 my ($self, $debug) = @_;
561 &$server_run($self, $debug);
564 &$log_err("start failed - $err");
572 my $pid_str = PVE
::Tools
::file_read_firstline
($self->{pidfile
});
574 return 0 if !$pid_str;
576 return 0 if $pid_str !~ m/^(\d+)$/; # untaint
583 # checks if the process was started by systemd
584 my $init_ppid = sub {
586 if (getppid() == 1) {
596 my $pid = &$read_pid($self);
599 my $res = PVE
::ProcFSTools
::check_process_running
($pid) ?
1 : 0;
600 return wantarray ?
($res, $pid) : $res;
603 return wantarray ?
(0, 0) : 0;
609 my $pid = &$read_pid($self);
613 if (PVE
::ProcFSTools
::check_process_running
($pid)) {
614 kill(15, $pid); # send TERM signal
616 my $wait_time = $self->{stop_wait_time
} || 5;
618 for (my $i = 0; $i < $wait_time; $i++) {
619 $running = PVE
::ProcFSTools
::check_process_running
($pid);
624 syslog
('err', "server still running - send KILL") if $running;
631 if (-f
$self->{pidfile
}) {
633 # try to get the lock
634 &$lockpidfile($self);
635 &$server_cleanup($self);
638 &$log_err("cleanup failed - $err");
643 sub register_start_command
{
644 my ($self, $description) = @_;
646 my $class = ref($self);
648 $class->register_method({
652 description
=> $description || "Start the daemon.",
654 additionalProperties
=> 0,
657 description
=> "Debug mode - stay in foreground",
664 returns
=> { type
=> 'null' },
669 if (&$init_ppid() || $param->{debug
}) {
670 $self->start($param->{debug
});
672 PVE
::Tools
::run_command
(['systemctl', 'start', $self->{name
}]);
679 my $reload_daemon = sub {
680 my ($self, $use_hup) = @_;
682 if ($self->{env_restart_pve_daemon
}) {
685 my ($running, $pid) = $self->running();
690 syslog
('info', "send HUP to $pid");
700 sub register_restart_command
{
701 my ($self, $use_hup, $description) = @_;
703 my $class = ref($self);
705 $class->register_method({
709 description
=> $description || "Restart the daemon (or start if not running).",
711 additionalProperties
=> 0,
714 returns
=> { type
=> 'null' },
720 &$reload_daemon($self, $use_hup);
722 PVE
::Tools
::run_command
(['systemctl', $use_hup ?
'reload-or-restart' : 'restart', $self->{name
}]);
729 sub register_reload_command
{
730 my ($self, $description) = @_;
732 my $class = ref($self);
734 $class->register_method({
738 description
=> $description || "Reload daemon configuration (or start if not running).",
740 additionalProperties
=> 0,
743 returns
=> { type
=> 'null' },
748 &$reload_daemon($self, 1);
754 sub register_stop_command
{
755 my ($self, $description) = @_;
757 my $class = ref($self);
759 $class->register_method({
763 description
=> $description || "Stop the daemon.",
765 additionalProperties
=> 0,
768 returns
=> { type
=> 'null' },
776 PVE
::Tools
::run_command
(['systemctl', 'stop', $self->{name
}]);
783 sub register_status_command
{
784 my ($self, $description) = @_;
786 my $class = ref($self);
788 $class->register_method({
792 description
=> "Get daemon status.",
794 additionalProperties
=> 0,
799 enum
=> ['stopped', 'running'],
804 return $self->running() ?
'running' : 'stopped';
810 sub create_reusable_socket
{
811 my ($self, $port, $host, $family) = @_;
813 die "no port specifed" if !$port;
815 my ($socket, $sockfd);
817 if (defined($sockfd = $ENV{"PVE_DAEMON_SOCKET_$port"}) &&
818 $self->{env_restart_pve_daemon
}) {
820 die "unable to parse socket fd '$sockfd'\n"
821 if $sockfd !~ m/^(\d+)$/;
822 $sockfd = $1; # untaint
824 $socket = IO
::Socket
::IP-
>new;
825 $socket->fdopen($sockfd, 'w') ||
826 die "cannot fdopen file descriptor '$sockfd' - $!\n";
828 $socket->fcntl(Fcntl
::F_SETFD
(), Fcntl
::FD_CLOEXEC
);
831 $socket = IO
::Socket
::IP-
>new(
837 GetAddrInfoFlags
=> 0,
839 die "unable to create socket - $@\n";
841 # we often observe delays when using Nagle algorithm,
842 # so we disable that to maximize performance
843 setsockopt($socket, IPPROTO_TCP
, TCP_NODELAY
, 1);
845 $ENV{"PVE_DAEMON_SOCKET_$port"} = $socket->fileno;
848 push @$daemon_sockets, $socket;