-
-
Notifications
You must be signed in to change notification settings - Fork 3.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
man pages, journald: document the relationship between journald restarts, stdout/stderr log stream termination and SIGPIPE #6620
Comments
Could you clarify why |
Since the service was automatically started anyway - I didn't see much difference. Please provide confirmation if I need to confirm the testcase with 'restart' instead of 'stop' and/or if you believe it is user error to use 'stop' here |
systemd/man/systemd.service.xml Lines 862 to 866 in 43ee6a8
I don't think you need to check whether systemd/test/TEST-04-JOURNAL/test-journal.sh Lines 54 to 68 in 43ee6a8
|
Thank you for clarification - I should agree that from abstract systemd point of view everything looks good. And I just verified for myself that 'restart' shows correct behavior and logging continues properly. But conceptually from OS point of view: is it expected that services will be muted if journalctl is stopped by human mistake, by some script bug or intentional attack? Do you see any security issue here? Any advice except 'dont stop it'? (Because e.g. I don't always control everything but am always interested in reliable logging). |
Everything might stop working suddenly, so to minimise the risk of data loss it probably makes sense to try sending messages to many different places such as |
On the other hand, in my opinion, a service with |
Unfortunately, by design it doesn't seem to be possible to connect a service directly to |
|
Thank you both for properly investigating this issue! |
So |
It is even sadder that the man page states the following Lines 779 to 785 in 43ee6a8
Talking of stopping services, maybe, something like |
I can think about new parameter |
By the way, even if |
Well, if you shut down the logging service fully, then all ongoing connections to it will be severed, that's expected and I don't think too surprising. Restarts are handled in a special way though: journald stores all fds of ongoing connections in PID 1, and they aren't flushed out unless a unit is fully stopped and no jobs are queued anymore for it. As during a restart that's never the case they aren't lost across a restart. But yeah, this needs better documentation, and we probably should add a restart mode which will flush out all saved fds before starting again. |
I filed #6697 as an RFE issue asking for a way to restart a service with flushing of the fdstore. |
/dev/log expects complete syslog datagrams. Applications otoh usually expect something free-form character based as stderr. i.e. lines written to stderr are usually not prefixed by syslog-compatibile date/hostname/priority/facility and so on, and might appear piecemeal, while syslog only accepts full records in each datagram, hence it's not possible connect this directly. Moreover, if the server side fd of /dev/log is closed, then all clients that used connect() on it earlier will also lose their communication for good, and if /dev/log is restored later on the old inode cannot be reused, a new one is created, which means there's really no improvement in this regard over the status quo with /dev/log |
I am not convinced this would be a good idea. I think if people in emergency mode (or something similarly minimal) should have every right to stop and start journald at any point in time they like, prohibiting that appears to heavy weight. In general, the same way as people probably generally understand that terminating httpd severs all ongoing HTTP downloads it's not too hard to grok that terminating the logging service severs all ongoing stdout/stderr log streams, and is hence not only expected but probably even the desired effect in this case.
Yes, definitely, we should add a comment about that somewhree. In fact I think we should turn this bug into a documentation bug about this I think. |
Note that systemd will by default disable SIGPIPE by default for all services it starts, so that journald terminating doesn't generate SIGPIPE all over the place, bringing the whole system down. If services unblock that again, then they have to do that explicitly, and hence it's kind on them to deal with it. (Note that there's very little point in unblocking SIGPIPE, it's only purpose are shell pipelines. Hence, unless your daemon is actually a shell it should never unblock it) But yeah, we really should document what it means to have stdout/stderr connected to the journald means regarding SIGPIPE |
note that using /dev/log is only more robust than logging to stdout/stderr regarding journald termination if you log using sendto(), i.e. each time specify the address to send your logs to anew. If you use connect()+send()/write() (i.e. only specify the address once, and not each time) you win very little. |
Anyway, summarizing: I think we need to document the following better:
Anything I forgot? |
@poettering my point is that those who care about their logs should probably send them not only to
I wrote about
I would probably document that the number of streams that can be handled by |
I also think that the documentation should make it clear that every service has to be ready to get |
Details about EPIPE/SIGPIPE handling, metadata and more. Fixes: systemd#6620
Fix waiting in #6839. |
Submission type
systemd version the issue has been seen with
Used distribution
In case of bug report: Expected behaviour you didn't see
In case of bug report: Unexpected behaviour you saw
In case of bug report: Steps to reproduce the problem
So I configured simple service above, started it as below and see expected messages every 5 sec in journal:
Now I restart journal and new messages are not arriving to journal until my custom service is restarted again:
The text was updated successfully, but these errors were encountered: