From Port389
Contents |
Purpose
The daemontools package from Dan Bernstein provides UNIX style process supervision (watchdog) and logging functionality. This document explains how to run directory server and administration server with daemontools on linux. Other UNIX style operating systems which are able to run FDS should be able to use this howto as well.
NOTE: Daemontools does not work with win32. It is for UNIX style operating systems only.
What you will gain from this Howto
After you have followed the steps in this howto, directory server and administratin server will be automatically started at system startup and will be automatically restarted during runtime in the event that it should die for some reason. As well, daemontools will take over the logging functionality for directory server.
Requirements
This document assumes that you already have Fedora Directory Server or Redhat Directory Server installed and running on some variant of UNIX or linux.
- Root Access - you must be root throughout this entire howto
- Internet Access
- C compiler
Daemontools Installation
Save the following script to your disk, set the executable bit, and execute it.
#!/bin/sh # # install daemontools on fedora/redhat linux # # Mike Jackson <mj@sci.fi> 5 NOV 2005 # # mkdir /package chmod 1755 /package cd /package wget http://cr.yp.to/daemontools/daemontools-0.76.tar.gz tar xzvf daemontools-0.76.tar.gz rm -f daemontools-0.76.tar.gz cd admin/daemontools-0.76/src wget http://www.qmailrocks.org/downloads/patches/daemontools-0.76.errno.patch patch < daemontools-0.76.errno.patch cd .. package/install
The daemontools installation adds a line to /etc/inittab to start and restart svscan. Svscan is the process which supervises all processes which are configured to run under daemontools. The svscan process should now be running. Check it with the following command:
ps -ef | grep svscan
You should see output similar to this:
root 17695 1 0 Nov05 ? 00:00:00 /bin/sh /command/svscanboot root 17697 17695 0 Nov05 ? 00:00:00 svscan /service
Runit Installation
Runit is a replacement package for init(8). The runit package includes a tool called svwaitup, which checks if another service which is supervised by svscan is up or not. This is required by the admininstration server start script, since the administration server has a runtime dependency to the directory server.
Save the following script to your disk, set the executable bit, and execute it.
#!/bin/sh # # install runit on fedora/redhat linux # # Mike Jackson <mj@sci.fi> 19 Feb 2005 # # mkdir /package chmod 1755 /package cd /package wget http://smarden.org/runit/runit-1.3.3.tar.gz tar xzvf runit-1.3.3.tar.gz rm -f runit-1.3.3.tar.gz cd admin/runit-1.3.3 package/install
Directory Server
Configuration Changes
Directory Server only requires one small configuration change: changing the access logfile location to /dev/stdout. This is required so that the daemontools logger, multilog, can take over the logging. Save the following to disk, set the executable bit, and execute it.
#!/bin/sh # # modify directory server to log to stdout # # Mike Jackson <mj@sci.fi> 5 NOV 2005 # # cd /opt/fedora-ds/slapd-* ./stop-slapd cd config perl -i -pe 's/^nsslapd-accesslog:.+$/nsslapd-accesslog: \/dev\/stdout/' dse.ldif
Creating Daemontools Run Scripts
In order to have svscan start and supervise a process, a small directory structure with two run scripts and some logging variables must be created. Save the following to disk, set the executable bit, and execute it.
NOTE: Change the PRODUCT and INSTANCE variables at the top to match your setup before executing the script.
#!/bin/sh # # run fedora/redhat DS under daemontools # # Mike Jackson <michael.jackson@netauth.com> 5 NOV 2005 # # http://www.netauth.com/ldap # -------------------------------------------------------- # #PRODUCT=redhat-ds PRODUCT=fedora-ds BASEDIR=/opt/$PRODUCT INSTANCE=slapd-foo # cd $BASEDIR mkdir -p supervise/log cd supervise # cat > run <<EOM #!/bin/sh exec 2>&1 echo "Starting Directory Server..." unset LD_LIBRARY_PATH cd $BASEDIR/bin/slapd/server exec \ ./ns-slapd \ -D $BASEDIR/$INSTANCE \ -d 0 EOM # chmod +x run cd log # cat > run <<EOM #!/bin/sh exec \ setuidgid multilog \ envdir ./env \ sh -c ' exec \ multilog \ t \ ${MAXFILESIZE+"s$MAXFILESIZE"} \ ${MAXLOGFILES+"n$MAXLOGFILES"} \ ${PROCESSOR+"!$PROCESSOR"} \ /var/multilog/fedora-ds ' EOM # chmod +x run mkdir env chmod +s env cd env echo 1000000 > MAXFILESIZE echo 10 > MAXLOGFILES touch PROCESSOR useradd -g nobody -M multilog mkdir -p /var/multilog/fedora-ds chown -R multilog:nobody /var/multilog/fedora-ds
Stop Directory Server
/opt/fedora-ds/slapd-`hostname`/stop-slapd
NOTE: substitute `hostname` with the instance name, if the instance name is not the hostname.
Start Directory Server with svscan
For Fedora Directory Server:
ln -s /opt/fedora-ds/supervise /service/fedora-ds
Check the status of the new service:
svstat /service/fedora-ds
Output should look similar to:
/service/fedora-ds: up (pid 20578) 12 seconds
If the output looks similar to this, then there is a problem:
/service/fedora-ds: up (pid 20578) 0 seconds
Using the Daemontools Logging System
Logfiles are stored in /var/multilog/fedora-ds or /var/multilog/redhat-ds, depending on the installed product. The current logging information is stored in the file named "current". Rotated logs will be stored in the same directory.
Multilog uses the tai64n high-resolution time system for logfile timestamps, which are not human readable. To convert the timestamps to human readable format, the daemontools tool "tai64nlocal" must be used.
To tail a logfile:
tail -f current | tai64nlocal
To browse a logfile with less:
tai64nlocal < current | less
To change the max logfile size and max number of logfiles which are kept, change the environment files and restart multilog. The MAXFILESIZE variable is specified in bytes. The following steps would change the logfile size to 50MB:
cd /opt/fedora-ds/supervise/log/env echo 50000000 > MAXFILESIZE
Now you need to find the process id of multilog so that you can kill it:
ps -ef | grep multilog
You can see multilog for fedora-ds running as process 17717:
multilog 17717 17716 0 Nov05 ? 00:00:00 multilog t s1000000 n10 /var/multilog/fedora-ds
Kill the process 17717, and svscan will automatically restart multilog with the new environment variables:
kill 17717
To check that multilog has been restarted, as well as inspect it's command line:
ps -ef | grep multilog
Now you can see that the size of the logfile has been increased:
multilog 9138 17716 0 14:37 ? 00:00:00 multilog t s50000000 n10 /var/multilog/fedora-ds
Administration Server
Configuration Changes
None required until runtime logging for Administration Server is added to this section of the howto.
Installing fedora-ds-admin as a service
Copy this into /etc/init.d/fedora-ds-admin
#! /bin/bash
#
# fedora-ds-admin Start/Stop the fedora-ds-admin.
#
# chkconfig: - 99 1
# description: Fedora Directory Server Admin service \
# Script version 0.1 contributed by Sorin Sbarnea \
# Tested with fedora-ds-admin 1.0.x
# processname: fedora-ds-admin
# config: /etc/crontab
# pidfile: /opt/fedora-ds/admin-serv/logs/pid
# Source function library.
. /etc/init.d/functions
#. /etc/sysconfig/fedora-ds-admin
t=${CRON_VALIDATE_MAILRCPTS:-UNSET}
[ "$t" != "UNSET" ] && export CRON_VALIDATE_MAILRCPTS="$t"
# See how we were called.
# Source our configuration file for these variables.
FLAGS=
RETVAL=0
# Set up some common variables before we launch into what might be
# considered boilerplate by now.
path_start=/opt/fedora-ds/start-admin
path_restart=/opt/fedora-ds/restart-admin
path_stop=/opt/fedora-ds/stop-admin
path=./ns-httpd
prog="Fedora-DS Admin"
pidfile=/opt/fedora-ds/admin-serv/logs/pid
start() {
echo -n $"Starting $prog: "
if [ -e /var/lock/subsys/fedora-ds-admin ]; then
if [ -e $pidfile ] && [ -e /proc/`cat $pidfile` ]; then
echo -n $"cannot start fedora-ds-admin: fedora-ds-admin is already running.";
failure $"cannot start fedora-ds-admin: fedora-ds-admin already running.";
echo
return 1
fi
fi
daemon $path_start
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/fedora-ds-admin;
return $RETVAL
}
stop() {
echo -n $"Stopping $prog: "
if [ ! -e /var/lock/subsys/fedora-ds-admin ]; then
echo -n $"cannot stop fedora-ds-admin: fedora-ds-admin is not running."
failure $"cannot stop fedora-ds-admin: fedora-ds-admin is not running."
echo
rm -f $pidfile
return 1;
fi
# killproc fedora-ds-admin
$path_stop
RETVAL=$?
if [ -e /var/run/fedora-ds-admin.pid ] && [ -e /proc/`cat /var/run/fedora-ds-admin.pid` ]; then
echo -n $"not stoped? we'll kill it!";
kill `cat $pidfile`;
rm -f $pidfile
fi
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/fedora-ds-admin;
return $RETVAL
}
rhstatus() {
status fedora-ds-admin
}
restart() {
stop
start
}
reload() {
echo -n $"Reloading cron daemon configuration: "
killproc fedora-ds-admin -HUP
RETVAL=$?
echo
return $RETVAL
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
reload)
reload
;;
status)
rhstatus
;;
condrestart)
[ -f /var/lock/subsys/fedora-ds-admin ] && restart || :
;;
*)
echo $"Usage: $0 {start|stop|status|reload|restart|condrestart}"
exit 1
esac
Now execute:
chkconfig --add fedora-ds-admin chkconfig fedora-ds-admin on service fedora-ds-admin start
Monitoring script for monit (optional)
If you want to monitor the fedora-ds-service install monit and put the following content in <tt>/etc/monit.d/fedora-ds-admin
check process fedora-ds-admin with pidfile /opt/fedora-ds/admin-serv/logs/pid group ldap start program = "/etc/init.d/fedora-ds-admin start" stop program = "/etc/init.d/fedora-ds-admin stop" if failed host localhost port 14791 protocol http then restart if 5 restarts within 5 cycles then timeout
Creating Daemontools Run Scripts
In order to have svscan start and supervise a process, a small directory structure with two run scripts and some logging variables must be created. Save the following to disk, set the executable bit, and execute it.
NOTE: Change the PRODUCT and INSTANCE variables at the top to match your setup before executing the script.
#!/bin/sh # # run fedora/redhat DS admin server under daemontools # # Mike Jackson <michael.jackson@netauth.com> 19 Feb 2006 # # http://www.netauth.com # ----------------------------------- # # change to match product #PRODUCT=redhat-ds PRODUCT=fedora-ds # BASEDIR=/opt/$PRODUCT # # env variables ADMSERV_ROOT=${BASEDIR}/admin-serv HTTPD=/usr/sbin/httpd.worker LD_LIBRARY_PATH="${BASEDIR}/bin/admin/lib:${BASEDIR}/lib:${LD_LIBRARY_PATH}" LD_PRELOAD="${BASEDIR}/bin/admin/lib/libssl3.so ${BASEDIR}/bin/admin/lib/libldap50.so" NETSITE_ROOT=${BASEDIR} NS_SERVER_HOME=${BASEDIR} PATH=${BASEDIR}/bin/admin/bin:${PATH} SERVER_ROOT=${BASEDIR} # cd $BASEDIR mkdir -p supervise/${PRODUCT}-admin/env mkdir -p supervise/${PRODUCT}-admin/log cd supervise/${PRODUCT}-admin chmod +s env # cat > run <<EOM #!/bin/sh # # run the fedora/redhat DS administration server # exec 2>&1 echo "*** Checking service dependency for $PRODUCT ..." svwaitup -s 3 /service/$PRODUCT || exit 1 echo "***Starting $PRODUCT Administration Server ..." exec \ envdir ./env \ sh -c ' NS_SERVER_HOME="$NS_SERVER_HOME" \ PATH="$PATH" \ SERVER_ROOT="$SERVER_ROOT" \ NETSITE_ROOT="$NETSITE_ROOT" \ ADMSERV_ROOT="$ADMSERV_ROOT" \ LD_LIBRARY_PATH="$LD_LIBRARY_PATH" \ LD_PRELOAD="$LD_PRELOAD" \ exec \ "$HTTPD" \ -d "$ADMSERV_ROOT" \ -f "$ADMSERV_ROOT/config/httpd.conf" \ -D FOREGROUND ' EOM # chmod +x run # cd env echo ${ADMSERV_ROOT} > ADMSERV_ROOT echo ${HTTPD} > HTTPD echo ${LD_LIBRARY_PATH} > LD_LIBRARY_PATH echo ${LD_PRELOAD} > LD_PRELOAD echo ${NETSITE_ROOT} > NETSITE_ROOT echo ${NS_SERVER_HOME} > NS_SERVER_HOME echo ${PATH} > PATH echo ${SERVER_ROOT} > SERVER_ROOT # cd ../log # cat > run <<EOM #!/bin/sh exec \ setuidgid multilog \ envdir ./env \ sh -c ' exec \ multilog \ t \ ${MAXFILESIZE+"s$MAXFILESIZE"} \ ${MAXLOGFILES+"n$MAXLOGFILES"} \ ${PROCESSOR+"!$PROCESSOR"} \ /var/multilog/fedora-ds-admin ' EOM # chmod +x run mkdir env chmod +s env cd env echo 1000000 > MAXFILESIZE echo 10 > MAXLOGFILES touch PROCESSOR useradd -g nobody -M multilog mkdir -p /var/multilog/fedora-ds-admin chown -R multilog:nobody /var/multilog/fedora-ds-admin
Stop Administration Server
/opt/fedora-ds/stop-admin
Start Administration Server with svscan
For Fedora DS:
ln -s /opt/fedora-ds/supervise/fedora-ds-admin /service/fedora-ds-admin
Check the status of the new service:
svstat /service/fedora-ds-admin
Output should look similar to:
/service/fedora-ds-admin: up (pid 20578) 12 seconds
If the output looks similar to this, then there is a problem:
/service/fedora-ds-admin: up (pid 20578) 0 seconds
Using the Daemontools Logging System
Logfiles are stored in /var/multilog/fedora-ds-admin or /var/multilog/redhat-ds-admin, depending on the installed product. The current logging information is stored in the file named "current". Rotated logs will be stored in the same directory.
Multilog uses the tai64n high-resolution time system for logfile timestamps, which are not human readable. To convert the timestamps to human readable format, the daemontools tool "tai64nlocal" must be used.
To tail a logfile:
tail -f current | tai64nlocal
To browse a logfile with less:
tai64nlocal < current | less
To change the max logfile size and max number of logfiles which are kept, change the environment files and restart multilog. The MAXFILESIZE variable is specified in bytes. The following steps would change the logfile size to 50MB:
cd /opt/fedora-ds-admin/supervise/log/env echo 50000000 > MAXFILESIZE
Now you need to find the process id of multilog so that you can kill it:
ps -ef | grep multilog
You can see multilog for fedora-ds-admin running as process 17718:
multilog 17718 17716 0 Nov05 ? 00:00:00 multilog t s1000000 n10 /var/multilog/fedora-ds-admin
Kill the process 17718, and svscan will automatically restart multilog with the new environment variables:
kill 17718
To check that multilog has been restarted, as well as inspect it's command line:
ps -ef | grep multilog
Now you can see that the size of the logfile has been increased:
multilog 9138 17716 0 14:37 ? 00:00:00 multilog t s50000000 n10 /var/multilog/fedora-ds-admin
