3 # Abstract class to implement Daemons
6 # * lock and write PID file /var/run/$name.pid to make sure onyl
7 # one instance is running.
8 # * keep lock open during restart
9 # * correctly daemonize (redirect STDIN/STDOUT)
10 # * restart by stop/start, exec, or signal HUP
11 # * daemon restart on error (option 'restart_on_error')
12 # * handle worker processes (option 'max_workers')
13 # * allow to restart while workers are still runningl
14 # (option 'leave_children_open_on_reload')
15 # * run as different user using setuid/setgid
24 use POSIX
":sys_wait_h";
26 use Socket
qw(IPPROTO_TCP TCP_NODELAY SOMAXCONN);
30 use Time
::HiRes qw
(gettimeofday
);
32 use base
qw(PVE::CLIHandler);
34 $ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin';
36 my $daemon_initialized = 0; # we only allow one instance
37 my $daemon_sockets = [];
39 my $close_daemon_lock = sub {
42 return if !$self->{daemon_lock_fh
};
44 close $self->{daemon_lock_fh
};
45 delete $self->{daemon_lock_fh
};
51 print STDERR
"$msg\n";
52 syslog
('err', "%s", $msg);
55 # call this if you fork() from child
56 # Note: we already call this for workers, so it is only required
57 # if you fork inside a simple daemon (max_workers == 0).
58 sub after_fork_cleanup
{
61 &$close_daemon_lock($self);
63 PVE
::INotify
::inotify_close
();
65 for my $sig (qw(CHLD HUP INT TERM QUIT)) {
66 $SIG{$sig} = 'DEFAULT'; # restore default handler
67 # AnyEvent signals only works if $SIG{XX} is
68 # undefined (perl event loop)
69 delete $SIG{$sig}; # so that we can handle events with AnyEvent
73 my $lockpidfile = sub {
76 my $lkfn = $self->{pidfile
} . ".lock";
80 if (my $fd = $self->{env_pve_lock_fd
}) {
82 $self->{daemon_lock_fh
} = IO
::Handle-
>new_from_fd($fd, "a");
87 $self->{daemon_lock_fh
} = IO
::File-
>new(">>$lkfn");
90 if (!$self->{daemon_lock_fh
}) {
91 die "can't open lock '$lkfn' - $!\n";
94 for (my $i = 0; $i < $waittime; $i ++) {
95 return if flock ($self->{daemon_lock_fh
}, LOCK_EX
|LOCK_NB
);
99 if (!flock ($self->{daemon_lock_fh
}, LOCK_EX
|LOCK_NB
)) {
100 &$close_daemon_lock($self);
103 my ($running, $pid) = $self->running();
105 die "can't aquire lock '$lkfn' - daemon already started (pid = $pid)\n";
107 die "can't aquire lock '$lkfn' - $err\n";
112 my $writepidfile = sub {
115 my $pidfile = $self->{pidfile
};
117 die "can't open pid file '$pidfile' - $!\n" if !open (PIDFH
, ">$pidfile");
123 my $server_cleanup = sub {
126 unlink $self->{pidfile
} . ".lock";
127 unlink $self->{pidfile
};
130 my $finish_workers = sub {
133 foreach my $id (qw(workers old_workers)) {
134 foreach my $cpid (keys %{$self->{$id}}) {
135 my $waitpid = waitpid($cpid, WNOHANG
);
136 if (defined($waitpid) && ($waitpid == $cpid)) {
137 delete ($self->{$id}->{$cpid});
138 syslog
('info', "worker $cpid finished");
144 my $start_workers = sub {
147 return if $self->{terminate
};
149 my $count = scalar keys %{$self->{workers
}};
150 my $need = $self->{max_workers
} - $count;
152 return if $need <= 0;
154 syslog
('info', "starting $need worker(s)");
159 if (!defined ($pid)) {
160 syslog
('err', "can't fork worker");
162 } elsif ($pid) { # parent
163 $self->{workers
}->{$pid} = 1;
164 syslog
('info', "worker $pid started");
167 $0 = "$self->{name} worker";
169 $self->after_fork_cleanup();
171 eval { $self->run(); };
174 sleep(5); # avoid fast restarts
177 syslog
('info', "worker exit");
183 my $terminate_old_workers = sub {
186 # if list is empty kill sends no signal, so no checks needed
187 kill 15, keys %{$self->{old_workers
}};
190 my $terminate_server = sub {
191 my ($self, $allow_open_children) = @_;
193 $self->{terminate
} = 1; # set flag to avoid worker restart
195 eval { $self->shutdown(); };
198 return if !$self->{max_workers
}; # if we have no workers we're done here
200 # if configured, leave children running on HUP
201 return if $allow_open_children && $self->{leave_children_open_on_reload
};
203 # else send TERM to all (old and current) child workers
204 kill 15, keys %{$self->@{'workers','old_workers'}};
206 # nicely shutdown childs (give them max 10 seconds to shut down)
207 my $previous_alarm = alarm(10);
209 local $SIG{ALRM
} = sub { die "timeout\n" };
211 while ((my $pid = waitpid (-1, 0)) > 0) {
212 foreach my $id (qw(workers old_workers)) {
213 if (defined($self->{$id}->{$pid})) {
214 delete($self->{$id}->{$pid});
215 syslog
('info', "worker $pid finished");
219 alarm(0); # avoid race condition
223 alarm ($previous_alarm);
226 syslog
('err', "error stopping workers (will kill them now) - $err");
227 foreach my $id (qw(workers old_workers)) {
228 foreach my $cpid (keys %{$self->{$id}}) {
229 # KILL childs still alive!
230 if (kill (0, $cpid)) {
231 delete($self->{$id}->{$cpid});
232 syslog
("err", "kill worker $cpid");
244 initlog
($self->{name
});
246 my $restart = $ENV{RESTART_PVE_DAEMON
};
247 delete $ENV{RESTART_PVE_DAEMON
};
248 $self->{env_restart_pve_daemon
} = $restart;
250 my $lockfd = $ENV{PVE_DAEMON_LOCK_FD
};
251 delete $ENV{PVE_DAEMON_LOCK_FD
};
252 if (defined($lockfd)) {
253 die "unable to parse lock fd '$lockfd'\n"
254 if $lockfd !~ m/^(\d+)$/;
255 $lockfd = $1; # untaint
257 $self->{env_pve_lock_fd
} = $lockfd;
259 die "please run as root\n" if !$restart && ($> != 0);
261 die "can't create more that one PVE::Daemon" if $daemon_initialized;
262 $daemon_initialized = 1;
264 PVE
::INotify
::inotify_init
();
266 if (my $gidstr = $self->{setgid
}) {
267 my $gid = getgrnam($gidstr) || die "getgrnam failed - $!\n";
268 POSIX
::setgid
($gid) || die "setgid $gid failed - $!\n";
269 $EGID = "$gid $gid"; # this calls setgroups
271 die "detected strange gid\n" if !($GID eq "$gid $gid" && $EGID eq "$gid $gid");
274 if (my $uidstr = $self->{setuid
}) {
275 my $uid = getpwnam($uidstr) || die "getpwnam failed - $!\n";
276 POSIX
::setuid
($uid) || die "setuid $uid failed - $!\n";
278 die "detected strange uid\n" if !($UID == $uid && $EUID == $uid);
281 if ($restart && $self->{max_workers
}) {
282 if (my $wpids = $ENV{PVE_DAEMON_WORKER_PIDS
}) {
283 $self->{old_workers
}->{$_} = 1 foreach (split(':', $wpids));
287 $self->{nodename
} = PVE
::INotify
::nodename
();
290 my $server_run = sub {
291 my ($self, $debug) = @_;
293 # fixme: handle restart lockfd
294 &$lockpidfile($self);
296 # remove FD_CLOEXEC bit to reuse on exec
297 $self->{daemon_lock_fh
}->fcntl(Fcntl
::F_SETFD
(), 0);
299 $ENV{PVE_DAEMON_LOCK_FD
} = $self->{daemon_lock_fh
}->fileno;
304 $self->{debug
} = 1 if $debug;
309 open STDIN
, '</dev/null' || die "can't read /dev/null";
310 open STDOUT
, '>/dev/null' || die "can't write /dev/null";
313 if (!$self->{env_restart_pve_daemon
} && !$debug) {
314 PVE
::INotify
::inotify_close
();
316 if (!defined ($spid)) {
317 die "can't put server into background - fork failed";
318 } elsif ($spid) { # parent
321 PVE
::INotify
::inotify_init
();
324 if ($self->{env_restart_pve_daemon
}) {
325 syslog
('info' , "restarting server");
327 &$writepidfile($self);
328 syslog
('info' , "starting server");
333 open STDERR
, '>&STDOUT' || die "can't close STDERR\n";
335 my $old_sig_term = $SIG{TERM
};
336 local $SIG{TERM
} = sub {
337 local ($@, $!, $?); # do not overwrite error vars
338 syslog
('info', "received signal TERM");
339 &$terminate_server($self, 0);
340 &$server_cleanup($self);
341 &$old_sig_term(@_) if $old_sig_term;
344 my $old_sig_quit = $SIG{QUIT
};
345 local $SIG{QUIT
} = sub {
346 local ($@, $!, $?); # do not overwrite error vars
347 syslog
('info', "received signal QUIT");
348 &$terminate_server($self, 0);
349 &$server_cleanup($self);
350 &$old_sig_quit(@_) if $old_sig_quit;
353 my $old_sig_int = $SIG{INT
};
354 local $SIG{INT
} = sub {
355 local ($@, $!, $?); # do not overwrite error vars
356 syslog
('info', "received signal INT");
357 $SIG{INT
} = 'DEFAULT'; # allow to terminate now
358 &$terminate_server($self, 0);
359 &$server_cleanup($self);
360 &$old_sig_int(@_) if $old_sig_int;
364 local ($@, $!, $?); # do not overwrite error vars
365 syslog
('info', "received signal HUP");
366 $self->{got_hup_signal
} = 1;
367 if ($self->{max_workers
}) {
368 &$terminate_server($self, 1);
369 } elsif ($self->can('hup')) {
370 eval { $self->hup() };
376 if ($self->{max_workers
}) {
377 my $old_sig_chld = $SIG{CHLD
};
378 local $SIG{CHLD
} = sub {
379 local ($@, $!, $?); # do not overwrite error vars
380 &$finish_workers($self);
381 &$old_sig_chld(@_) if $old_sig_chld;
384 # now loop forever (until we receive terminate signal)
386 &$start_workers($self);
388 &$terminate_old_workers($self);
389 &$finish_workers($self);
390 last if $self->{terminate
};
400 syslog
('err', "ERROR: $err");
402 &$terminate_server($self, 1);
404 if (my $wait_time = $self->{restart_on_error
}) {
405 $self->restart_daemon($wait_time);
407 $self->exit_daemon(-1);
411 if ($self->{got_hup_signal
}) {
412 $self->restart_daemon();
414 $self->exit_daemon(0);
419 my ($this, $name, $cmdline, %params) = @_;
421 $name = 'daemon' if !$name; # should not happen
426 my $class = ref($this) || $this;
430 pidfile
=> "/var/run/${name}.pid",
436 foreach my $opt (keys %params) {
437 my $value = $params{$opt};
438 if ($opt eq 'restart_on_error') {
439 $self->{$opt} = $value;
440 } elsif ($opt eq 'stop_wait_time') {
441 $self->{$opt} = $value;
442 } elsif ($opt eq 'pidfile') {
443 $self->{$opt} = $value;
444 } elsif ($opt eq 'max_workers') {
445 $self->{$opt} = $value;
446 } elsif ($opt eq 'leave_children_open_on_reload') {
447 $self->{$opt} = $value;
448 } elsif ($opt eq 'setgid') {
449 $self->{$opt} = $value;
450 } elsif ($opt eq 'setuid') {
451 $self->{$opt} = $value;
453 die "unknown daemon option '$opt'\n";
459 $self->{cmdline
} = [map { /^(.*)$/ } @$cmdline];
472 my ($self, $status) = @_;
474 syslog
("info", "server stopped");
476 &$server_cleanup($self);
482 my ($self, $waittime) = @_;
484 syslog
('info', "server shutdown (restart)");
486 $ENV{RESTART_PVE_DAEMON
} = 1;
488 foreach my $ds (@$daemon_sockets) {
489 $ds->fcntl(Fcntl
::F_SETFD
(), 0);
492 if ($self->{max_workers
}) {
493 my @workers = (keys %{$self->{workers
}}, keys %{$self->{old_workers
}});
494 $ENV{PVE_DAEMON_WORKER_PIDS
} = join(':', @workers);
497 sleep($waittime) if $waittime; # avoid high server load due to restarts
499 PVE
::INotify
::inotify_close
();
501 exec (@{$self->{cmdline
}});
503 exit (-1); # never reached?
506 # please overwrite in subclass
507 # this is called at startup - before forking
513 # please overwrite in subclass
517 syslog
('info' , "server closing");
519 if (!$self->{max_workers
}) {
521 1 while (waitpid(-1, POSIX
::WNOHANG
()) > 0);
525 # please define in subclass
529 # syslog('info' , "received signal HUP (restart)");
532 # please overwrite in subclass
537 syslog
('info' , "server is running");
543 my ($self, $debug) = @_;
547 &$server_run($self, $debug);
550 &$log_err("start failed - $err");
558 my $pid_str = PVE
::Tools
::file_read_firstline
($self->{pidfile
});
560 return 0 if !$pid_str;
562 return 0 if $pid_str !~ m/^(\d+)$/; # untaint
569 # checks if the process was started by systemd
570 my $init_ppid = sub {
572 if (getppid() == 1) {
582 my $pid = &$read_pid($self);
585 my $res = PVE
::ProcFSTools
::check_process_running
($pid) ?
1 : 0;
586 return wantarray ?
($res, $pid) : $res;
589 return wantarray ?
(0, 0) : 0;
595 my $pid = &$read_pid($self);
599 if (PVE
::ProcFSTools
::check_process_running
($pid)) {
600 kill(15, $pid); # send TERM signal
602 my $wait_time = $self->{stop_wait_time
} || 5;
604 for (my $i = 0; $i < $wait_time; $i++) {
605 $running = PVE
::ProcFSTools
::check_process_running
($pid);
610 syslog
('err', "server still running - send KILL") if $running;
617 if (-f
$self->{pidfile
}) {
619 # try to get the lock
620 &$lockpidfile($self);
621 &$server_cleanup($self);
624 &$log_err("cleanup failed - $err");
629 sub register_start_command
{
630 my ($self, $description) = @_;
632 my $class = ref($self);
634 $class->register_method({
638 description
=> $description || "Start the daemon.",
640 additionalProperties
=> 0,
643 description
=> "Debug mode - stay in foreground",
650 returns
=> { type
=> 'null' },
655 if (&$init_ppid() || $param->{debug
}) {
656 $self->start($param->{debug
});
658 PVE
::Tools
::run_command
(['systemctl', 'start', $self->{name
}]);
665 my $reload_daemon = sub {
666 my ($self, $use_hup) = @_;
668 if ($self->{env_restart_pve_daemon
}) {
671 my ($running, $pid) = $self->running();
676 syslog
('info', "send HUP to $pid");
686 sub register_restart_command
{
687 my ($self, $use_hup, $description) = @_;
689 my $class = ref($self);
691 $class->register_method({
695 description
=> $description || "Restart the daemon (or start if not running).",
697 additionalProperties
=> 0,
700 returns
=> { type
=> 'null' },
706 &$reload_daemon($self, $use_hup);
708 PVE
::Tools
::run_command
(['systemctl', $use_hup ?
'reload-or-restart' : 'restart', $self->{name
}]);
715 sub register_reload_command
{
716 my ($self, $description) = @_;
718 my $class = ref($self);
720 $class->register_method({
724 description
=> $description || "Reload daemon configuration (or start if not running).",
726 additionalProperties
=> 0,
729 returns
=> { type
=> 'null' },
734 &$reload_daemon($self, 1);
740 sub register_stop_command
{
741 my ($self, $description) = @_;
743 my $class = ref($self);
745 $class->register_method({
749 description
=> $description || "Stop the daemon.",
751 additionalProperties
=> 0,
754 returns
=> { type
=> 'null' },
762 PVE
::Tools
::run_command
(['systemctl', 'stop', $self->{name
}]);
769 sub register_status_command
{
770 my ($self, $description) = @_;
772 my $class = ref($self);
774 $class->register_method({
778 description
=> "Get daemon status.",
780 additionalProperties
=> 0,
785 enum
=> ['stopped', 'running'],
790 return $self->running() ?
'running' : 'stopped';
796 sub create_reusable_socket
{
797 my ($self, $port, $host, $family) = @_;
799 die "no port specifed" if !$port;
801 my ($socket, $sockfd);
803 if (defined($sockfd = $ENV{"PVE_DAEMON_SOCKET_$port"}) &&
804 $self->{env_restart_pve_daemon
}) {
806 die "unable to parse socket fd '$sockfd'\n"
807 if $sockfd !~ m/^(\d+)$/;
808 $sockfd = $1; # untaint
810 $socket = IO
::Socket
::IP-
>new;
811 $socket->fdopen($sockfd, 'w') ||
812 die "cannot fdopen file descriptor '$sockfd' - $!\n";
814 $socket->fcntl(Fcntl
::F_SETFD
(), Fcntl
::FD_CLOEXEC
);
817 $socket = IO
::Socket
::IP-
>new(
823 GetAddrInfoFlags
=> 0,
825 die "unable to create socket - $@\n";
827 # we often observe delays when using Nagle algorithm,
828 # so we disable that to maximize performance
829 setsockopt($socket, IPPROTO_TCP
, TCP_NODELAY
, 1);
831 $ENV{"PVE_DAEMON_SOCKET_$port"} = $socket->fileno;
834 push @$daemon_sockets, $socket;