Bug 809360 – sd_notifyf doesn't work as expected for httpd

Bug 809360 - sd_notifyf doesn't work as expected for httpd

Summary:	sd_notifyf doesn't work as expected for httpd

Status:	CLOSED WORKSFORME

Aliases:	None

Product:	Fedora
Classification:	Fedora
Component:	systemd (Show other bugs)
Sub Component:
Version:	rawhide
Hardware:	Unspecified Unspecified

Priority	unspecified Severity unspecified
Target Milestone:	---
Target Release:	---
Assigned To:	Michal Sekletar
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2012-04-03 04:06 EDT by Jan Kaluža
Modified:	2013-01-15 17:49 EST (History)
CC List:	9 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2013-01-15 17:49:45 EST
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
mod_systemd (7.35 KB, application/gzipped-tar) 2012-04-03 04:06 EDT, Jan Kaluža	no flags	Details
simple reproducer (1.41 KB, text/plain) 2012-09-06 05:11 EDT, Jan Kaluža	no flags	Details
reproducer for second problem (1.56 KB, text/plain) 2012-09-06 06:14 EDT, Jan Kaluža	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Jan Kaluža 2012-04-03 04:06:35 EDT

Created attachment 574773 [details]
mod_systemd

Description of problem:
I'm trying to use sd_notifyf in httpd to overcome issues with the PID file creation (see Bug #728465) and possibly start using some more advanced systemd features.

To achieve it, I'm trying to write mod_systemd httpd module (attached). It works like this:

1. It calls getpid() to get and store the PID in main httpd process. The pid_file is not written that time yet.
2. When the Apache forks and creates the children processes, it calls sd_notifyf with the PID of main process from the child process. The reason why to do it here is that pid_file is already written that time.

The problem is that if I run "httpd" command without systemd, I see the following in the httpd log meaning that it got to my systemd related code (please ignore logging debug messages as "error", it's only for my convenience):

[Mon Apr 02 15:16:05.678043 2012] [core:notice] [pid 24112:tid 140255251499008] SELinux policy enabled; httpd running as context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[Mon Apr 02 15:16:05.679088 2012] [suexec:notice] [pid 24112:tid 140255251499008] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Mon Apr 02 15:16:06.000579 2012] [ssl:notice] [pid 24112:tid 140255251499008] AH01886: SSL FIPS mode disabled
[Mon Apr 02 15:16:06.030958 2012] [:error] [pid 24112:tid 140255251499008] AH00521: init_module
[Mon Apr 02 15:16:06.051324 2012] [auth_digest:notice] [pid 24113:tid 140255251499008] AH01757: generating secret for digest authentication ...
[Mon Apr 02 15:16:07.000118 2012] [lbmethod_heartbeat:notice] [pid 24113:tid 140255251499008] AH02282: No slotmem from mod_heartmonitor
[Mon Apr 02 15:16:07.000315 2012] [ssl:notice] [pid 24113:tid 140255251499008] AH01886: SSL FIPS mode disabled
[Mon Apr 02 15:16:07.043374 2012] [:error] [pid 24113:tid 140255251499008] AH00521: systemd_post_config
[Mon Apr 02 15:16:07.043424 2012] [:error] [pid 24113:tid 140255251499008] AH00521: got pid 24113
[Mon Apr 02 15:16:07.045062 2012] [:error] [pid 24115:tid 140255251499008] AH00521: using pid 24113

But if I start it using systemd, it looks like httpd is stopped/killed before it even tries to call sd_notify:

[Mon Apr 02 15:22:33.448722 2012] [core:notice] [pid 24437:tid 139748586375168] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Mon Apr 02 15:22:33.449712 2012] [suexec:notice] [pid 24437:tid 139748586375168] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Mon Apr 02 15:22:34.000216 2012] [ssl:notice] [pid 24437:tid 139748586375168] AH01886: SSL FIPS mode disabled
[Mon Apr 02 15:22:34.035757 2012] [:error] [pid 24437:tid 139748586375168] AH00521: init_module
[Mon Apr 02 15:22:34.055171 2012] [auth_digest:notice] [pid 24438:tid 139748586375168] AH01757: generating secret for digest authentication ...

Service file I currently use looks like this:
> [Unit]
> Description=The Apache HTTP Server
> After=syslog.target network.target remote-fs.target nss-lookup.target
> 
> [Service]
> Type=notify
> PIDFile=/var/run/httpd/httpd.pid
> EnvironmentFile=/etc/sysconfig/httpd
> ExecStart=/usr/sbin/httpd $OPTIONS
> ExecReload=/usr/sbin/httpd $OPTIONS -t
> ExecReload=/usr/sbin/httpd -HUP $MAINPID
> ExecStop=/usr/sbin/httpd $OPTIONS -k graceful-stop
> PrivateTmp=true
> NotifyAccess=all
> 
> [Install]
> WantedBy=multi-user.target


Version-Release number of selected component (if applicable):
systemd 37-17.fc16

Steps to Reproduce:
1. Compile and install attached mod_systemd and enable it in httpd's configuration file.
2. Start httpd using systemd


Maybe it's caused by my misconfiguration or misunderstanding of the way how it's supposed to work. But I was trying to configure it differently for long time, so I think it's worth reporting.

Comment 1 Jan Kaluža 2012-09-06 05:09:17 EDT

Adding reproducer. I believe this should work with sd_notifyf, shouldn't it?

Comment 2 Jan Kaluža 2012-09-06 05:11:14 EDT

Created attachment 610232 [details]
simple reproducer

Comment 3 Jan Kaluža 2012-09-06 06:13:36 EDT

There is also variation of this reproducer showing different problem. If I keep parent process running and try to update STATUS from child process, it is not reflected in systemctl status output. I still see "Status: "Processing requests..." there.

From the documentation I would expect it will work even called from the child:
If the unset_environment parameter is non-zero sd_notify() will unset the $NOTIFY_SOCKET environment variable before returning (regardless whether the function call itself succeeded or not). Further calls to sd_notify() will then fail, but the variable is no longer inherited by child processes.

Comment 4 Jan Kaluža 2012-09-06 06:14:21 EDT

Created attachment 610248 [details]
reproducer for second problem

Comment 5 Jan Kaluža 2012-09-06 06:22:35 EDT

For the first reproducer I would expect that systemd will wait some time for sd_notify call and it will not care from which children process it comes. I thought that's exactly why sd_notify exists. Currently it kills children when main process terminates.

Comment 6 Lennart Poettering 2012-09-14 11:04:28 EDT

Hmm, you set Type=notify, but you actually have a forking process, right?

You need to set Type=forking in that case, otherwise systemd will assume your main process is dead and terminate you immediately. You also need to set NotifyAccess=all if it is not the original process that sends off the message

Comment 7 Jan Kaluža 2013-01-15 03:17:56 EST

Hm, I think we could close this bug. I remember having discussion about this with someone from systemd community and find out the current systemd behaviour is good.

In httpd we've fixed it by using -DFOREGROUND httpd option, so httpd does not fork and Type=notify can be used.

Feel free to close this bug.

Comment 8 Lennart Poettering 2013-01-15 17:49:45 EST

Cool, thanks!

Note You need to log in before you can comment on or make changes to this bug.