diff options
-rw-r--r-- | src/confdb/confdb.h | 1 | ||||
-rw-r--r-- | src/config/SSSDConfig.py | 1 | ||||
-rwxr-xr-x | src/config/SSSDConfigTest.py | 1 | ||||
-rw-r--r-- | src/config/etc/sssd.api.conf | 1 | ||||
-rw-r--r-- | src/man/sssd.conf.5.xml | 16 | ||||
-rw-r--r-- | src/monitor/monitor.c | 26 |
6 files changed, 43 insertions, 3 deletions
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index 83a0fea90..c31966b90 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -54,6 +54,7 @@ #define CONFDB_SERVICE_DEBUG_MICROSECONDS "debug_microseconds" #define CONFDB_SERVICE_DEBUG_TO_FILES "debug_to_files" #define CONFDB_SERVICE_TIMEOUT "timeout" +#define CONFDB_SERVICE_FORCE_TIMEOUT "force_timeout" #define CONFDB_SERVICE_RECON_RETRIES "reconnection_retries" #define CONFDB_SERVICE_FD_LIMIT "fd_limit" diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py index f49879972..20cd2a28a 100644 --- a/src/config/SSSDConfig.py +++ b/src/config/SSSDConfig.py @@ -41,6 +41,7 @@ option_strings = { 'debug_microseconds' : _('Include microseconds in timestamps in debug logs'), 'debug_to_files' : _('Write debug messages to logfiles'), 'timeout' : _('Ping timeout before restarting service'), + 'force_timeout' : _('Timeout between three failed ping checks and forcibly killing the service'), 'command' : _('Command to start service'), 'reconnection_retries' : _('Number of times to attempt connection to Data Providers'), 'fd_limit' : _('The number of file descriptors that may be opened by this responder'), diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py index 000c7dbaa..2d3cd8587 100755 --- a/src/config/SSSDConfigTest.py +++ b/src/config/SSSDConfigTest.py @@ -263,6 +263,7 @@ class SSSDConfigTestSSSDService(unittest.TestCase): 'services', 'domains', 'timeout', + 'force_timeout', 'sbus_timeout', 're_expression', 'full_name_format', diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index 155b8efef..7b238ffdf 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -16,6 +16,7 @@ fd_limit = int, None, false services = list, str, true, nss, pam domains = list, str, true timeout = int, None, false +force_timeout = int, None, false sbus_timeout = int, None, false re_expression = str, None, false full_name_format = str, None, false diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index c164d1215..efc7dfa97 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -206,6 +206,22 @@ </para> </listitem> </varlistentry> + <varlistentry> + <term>force_timeout (integer)</term> + <listitem> + <para> + If a service is not responding to ping checks (see + the <quote>timeout</quote> option), it is first sent + the SIGTERM signal that instructs it to quit gracefully. + If the service does not terminate after <quote>force_timeout</quote> + seconds, the monitor will forcibly shut it down by + sending a SIGKILL signal. + </para> + <para> + Default: 60 + </para> + </listitem> + </varlistentry> </variablelist> </para> </refsect2> diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index a93b23460..cadc27fe3 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -59,6 +59,9 @@ /* ping time cannot be less then once every few seconds or the * monitor will get crazy hammering children with messages */ #define MONITOR_DEF_PING_TIME 10 +/* terminate the child after this interval by default if it + * doesn't shutdown on receiving SIGTERM */ +#define MONITOR_DEF_FORCE_TIME 60 /* Special value to leave the Kerberos Replay Cache set to use * the libkrb5 defaults @@ -93,6 +96,7 @@ struct mt_svc { pid_t pid; int ping_time; + int kill_time; bool svc_started; @@ -568,7 +572,7 @@ static int monitor_kill_service (struct mt_svc *svc) /* Set up a timer to send SIGKILL if this process * doesn't exit within sixty seconds */ - tv = tevent_timeval_current_ofs(60, 0); + tv = tevent_timeval_current_ofs(svc->kill_time, 0); svc->sigkill_ev = tevent_add_timer(svc->mt_ctx->ev, svc, tv, mt_svc_sigkill, svc); @@ -936,7 +940,8 @@ static int get_service_config(struct mt_ctx *ctx, const char *name, CONFDB_SERVICE_TIMEOUT, MONITOR_DEF_PING_TIME, &svc->ping_time); if (ret != EOK) { - DEBUG(0,("Failed to start service '%s'\n", svc->name)); + DEBUG(SSSDBG_CRIT_FAILURE, + ("Failed to get ping timeout for %s\n", svc->name)); talloc_free(svc); return ret; } @@ -946,6 +951,21 @@ static int get_service_config(struct mt_ctx *ctx, const char *name, svc->ping_time = MONITOR_DEF_PING_TIME; } + ret = confdb_get_int(ctx->cdb, path, + CONFDB_SERVICE_FORCE_TIMEOUT, + MONITOR_DEF_FORCE_TIME, &svc->kill_time); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("Failed to get kill timeout for %s\n", svc->name)); + talloc_free(svc); + return ret; + } + + /* 'force_timeout = 0' should be translated to the default */ + if (svc->kill_time == 0) { + svc->kill_time = MONITOR_DEF_FORCE_TIME; + } + svc->last_restart = now; *svc_cfg = svc; @@ -2072,7 +2092,7 @@ static int monitor_service_init(struct sbus_connection *conn, void *data) mini->ctx = ctx; mini->conn = conn; - /* 5 seconds should be plenty */ + /* 10 seconds should be plenty */ tv = tevent_timeval_current_ofs(10, 0); mini->timeout = tevent_add_timer(ctx->ev, mini, tv, init_timeout, mini); |