summaryrefslogtreecommitdiffhomepage
path: root/src/nxt_runtime.c (unfollow)
AgeCommit message (Collapse)AuthorFilesLines
2024-02-19Allow to set the permissions of the Unix domain control socketAndrew Clayton1-0/+55
Several users in GitHub have asked for the ability to set the permissions of the unitd UNIX Domain control socket. This can of course be done externally, but can be done much cleaner by Unit itself. This commit adds three new options --control-mode Set the mode of the socket, e.g 644 --control-user Set the user/owner of the socket, e.g unit --control-group Set the group of the socket, e.g unit Of course these only have an affect when using a UNIX Domain Socket for the control socket. Requested-by: michaelkosir <https://github.com/michaelkosir> Requested-by: chopanovv <https://github.com/chopanovv> Link: <https://github.com/nginx/unit/issues/254> Link: <https://github.com/nginx/unit/issues/980> Closes: https://github.com/nginx/unit/issues/840 Tested-by: Liam Crilly <liam.crilly@nginx.com> Reviewed-by: Zhidao Hong <z.hong@f5.com> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
2023-05-21Added back deprecated options to unitd.Alejandro Colomar1-0/+31
We renamed the options recently, with the intention of keeping the old names as supported but deprecated for some time, before removal. This was done with the configure script options, but in the unitd binary, we accidentally removed the old names, causing some unintended breakage. Keep support for the old names, albeit with a deprecation message to stderr, for some time, until we decide to remove them. Fixes: 5a37171f733f ("Added default values for pathnames.") Closes: <https://github.com/nginx/unit/issues/876> Reported-by: El RIDO <elrido@gmx.net> Acked-by: Liam Crilly <liam@nginx.com> Acked-by: Artem Konev <a.konev@f5.com> Acked-by: Timo Stark <t.stark@nginx.com> Reviewed-by: Andrew Clayton <a.clayton@nginx.com> Cc: Andrei Zeliankou <zelenkov@nginx.com> Signed-off-by: Alejandro Colomar <alx@nginx.com>
2023-05-08NJS: supported loadable modules.Zhidao HONG1-0/+17
2023-03-29Renamed --libstatedir to --statedir.Alejandro Colomar1-5/+5
In BSD systems, it's usually </var/db> or some other dir under </var> that is not </var/lib>, so $statedir is a more generic name. See hier(7). Reported-by: Andrei Zeliankou <zelenkov@nginx.com> Reported-by: Zhidao Hong <z.hong@f5.com> Reviewed-by: Konstantin Pavlov <thresh@nginx.com> Reviewed-by: Andrew Clayton <a.clayton@nginx.com> Cc: Liam Crilly <liam@nginx.com> Signed-off-by: Alejandro Colomar <alx@nginx.com>
2023-03-17Socket: Remove Unix domain listen sockets at shutdown.Andrew Clayton1-0/+17
If we don't remove the Unix domain listen socket file then when Unit restarts it get an error like 2023/02/25 23:10:11 [alert] 36388#36388 bind(\"unix:/tmp/unit.sock\") failed (98: Address already in use) This patch makes use of the listen_sockets array, that is already allocated in the main process but never populated, to place the Unix domain listen sockets into. At shutdown we can then loop through this array and unlink(2) any Unix domain sockets found therein. Closes: <https://github.com/nginx/unit/issues/792> Reviewed-by: Alejandro Colomar <alx@nginx.com> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
2023-01-31Added default values for pathnames.Alejandro Colomar1-15/+16
This allows one to simply run `./configure` and expect it to produce sane defaults for an install. Previously, without specifying `--prefix=...`, `make install` would simply fail, recommending to set `--prefix` or `DESTDIR`, but that recommendation was incomplete at best, since it didn't set many of the subdirs needed for a good organization. Setting `DESTDIR` was even worse, since that shouldn't even affect an installation (it is required to be transparent to the installation). /usr/local is the historic Unix standard path to use for installations from source made manually by the admin of the system. Some package managers (Homebrew, I'm looking specifically at you) have abused that path to install their things, but 1) it's not our fault that someone else incorrectly abuses that path (and they seem to be fixing it for newer archs; e.g., they started using /opt/homebrew for Apple Silicon), 2) there's no better path than /usr/local, 3) we still allow changing it for systems where this might not be the desired path (MacOS Intel with hombrew), and 4) it's _the standard_. See a related conversation with Ingo (OpenBSD maintainer): On 7/27/22 16:16, Ingo Schwarze wrote: > Hi Alejandro, [...] > > Alejandro Colomar wrote on Sun, Jul 24, 2022 at 07:07:18PM +0200: >> On 7/24/22 16:57, Ingo Schwarze wrote: >>> Alejandro Colomar wrote on Sun, Jul 24, 2022 at 01:20:46PM +0200: > >>>> /usr/local is for sysadmins to build from source; > >>> Doing that is *very* strongly discouraged on OpenBSD. > >> I guess that's why the directory was reused in the BSDs to install ports >> (probably ports were installed by the sysadmin there, and by extension, >> ports are now always installed there, but that's just a guess). > > Maybe. In any case, the practice of using /usr/local for packages > created from ports is significantly older than the recommendation > to refrain from using upstream "make install" outside the ports > framework. > > * The FreeBSD ports framework was started by Jordan Hubbard in 1993. > * The ports framework was ported from FreeBSD to OpenBSD > by Niklas Hallqvist in 1996. > * NetBSD pkgsrc was forked from FreeBSD ports by Alistair G. Crooks > and Hubert Feyrer in 1997. > > I failed to quickly find Jordan's original version, but rev. 1.1 > of /usr/ports/infrastructure/mk/bsd.port.mk in OpenBSD (dated Jun 3 > 22:47:10 1996 UTC) already said > > LOCALBASE ?= /usr/local > PREFIX ?= ${LOCALBASE} > [...] >> I had a discussion in NGINX Unit about it, and >> the decission for now has been: "support prefix=/usr/local for default >> manual installation through the Makefile, and let BSD users adjust to >> their preferred path". > > That's an *excellent* solution for the task, thanks for doing it > the right way. By setting PREFIX=/usr/local by default in the > upstream Makefile, you are minimizing the work for *BSD porters. > > The BSD ports frameworks will typically run the upstreak "make install" > with the variable DESTDIR set to a custom value, for example > > DESTDIR=/usr/ports/pobj/groff-1.23.0/fake-amd64 > > so if the upstream Makefile sets PREFIX=/usr/local , > that's perfect, everything gets installed to the right place > without an intervention by the person doing the porting. > > Of course, if the upstream Makefile would use some other PREFIX, > that would not be a huge obstacle. All we have to do in that case > is pass the option --prefix=/usr/local to the ./configure script, > or something equivalent if the software isn't using GNU configure. > >> We were concerned that we might get collisions >> with the BSD port also installing in /usr/local, but that's the least >> evil (and considering BSD users don't typically run `make install`, it's >> not so bad). > > It's not bad at all. It's perfect. > > Of course, if a user wants to install *without* the ports framework, > they have to provide their own --prefix. But that's not an issue > because it is easy to do, and installing without a port is discouraged > anyway. === Directory variables should never contain a trailing slash (I've learned that the hard way, where some things would break unexpectedly). Especially, make(1) is likely to have problems when things have double slashes or a trailing slash, since it treats filenames as text strings. I've removed the trailing slash from the prefix, and added it to the derivate variables just after the prefix. pkg-config(1) also expects directory variables to have no trailing slash. === I also removed the code that would set variables as depending on the prefix if they didn't start with a slash, because that is a rather non-obvious behavior, and things should not always depend on prefix, but other dirs such as $(runstatedir), so if we keep a similar behavior it would be very unreliable. Better keep variables intact if set, or use the default if unset. === Print the real defaults for ./configure --help, rather than the actual values. === I used a subdirectory under the standard /var/lib for NXT_STATE, instead of a homemade "state" dir that does the same thing. === Modified the Makefile to create some dirs that weren't being created, and also remove those that weren't being removed in uninstall, probably because someone forgot to add them. === Add new options for setting the new variables, and rename some to be consistent with the standard names. Keep the old ones at configuration time for compatibility, but mark them as deprecated. Don't keep the old ones at exec time. === A summary of the default config is: Unit configuration summary: bin directory: ............. "/usr/local/bin" sbin directory: ............ "/usr/local/sbin" lib directory: ............. "/usr/local/lib" include directory: ......... "/usr/local/include" man pages directory: ....... "/usr/local/share/man" modules directory: ......... "/usr/local/lib/unit/modules" state directory: ........... "/usr/local/var/lib/unit" tmp directory: ............. "/tmp" pid file: .................. "/usr/local/var/run/unit/unit.pid" log file: .................. "/usr/local/var/log/unit/unit.log" control API socket: ........ "unix:/usr/local/var/run/unit/control.unit.sock" Link: <https://www.gnu.org/prep/standards/html_node/Directory-Variables.html> Link: <https://refspecs.linuxfoundation.org/FHS_3.0/fhs/index.html> Reviewed-by: Artem Konev <a.konev@f5.com> Reviewed-by: Andrew Clayton <a.clayton@nginx.com> Tested-by: Andrew Clayton <a.clayton@nginx.com> Reviewed-by: Konstantin Pavlov <thresh@nginx.com> Signed-off-by: Alejandro Colomar <alx@nginx.com>
2022-10-03Socket: Created control socket & pid file directories.Andrew Clayton1-0/+2
@alejandro-colomar reported an issue on GitHub whereby Unit would fail to start due to not being able to create the control socket (a Unix Domain Socket) 2022/08/05 20:12:22 [alert] 21613#21613 bind(6, unix:/opt/local/unit/var/run/unit/control.unit.sock.tmp) failed (2: No such file or directory) This could happen if the control socket was set to a directory that doesn't exist. A common place to put the control socket would be under /run/unit, and while /run will exist, /run/unit may well not (/run is/should be cleared on each boot). The pid file would also generally go under /run/unit, though this is created after the control socket, however it could go someplace else so we should also ensure its directory exists. This commit will try to create the pid file and control sockets parent directory. In some cases the user will need to ensure that the rest of the path already exists. This adds a new nxt_fs_mkdir_parent() function that given a full path to a file (or directory), strips the last component off before passing the remaining directory path to nxt_fs_mkdir(). Cc: Konstantin Pavlov <thresh@nginx.com> Closes: <https://github.com/nginx/unit/issues/742> Reported-by: Alejandro Colomar <alx@nginx.com> Reviewed-by: Alejandro Colomar <alx@nginx.com> Tested-by: Alejandro Colomar <alx@nginx.com> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
2022-08-11Fixing isolated process PID manipulation.Max Romanov1-5/+8
Registering an isolated PID in the global PID hash is wrong because it can be duplicated. Isolated processes are stored only in the children list until the response for the WHOAMI message is processed and the global PID is discovered. To remove isolated siblings, a pointer to the children list is introduced in the nxt_process_init_t struct. This closes #633 issue on GitHub.
2021-11-09Introducing application prototype processes.Tiago Natel de Moura1-3/+16
2021-11-09Changed nxt_process_* for reuse.Tiago Natel de Moura1-26/+3
This enables the reuse of process creation functions.
2021-10-09Configuration: automatic migration to the new "share" behavior.Zhidao HONG1-0/+15
2021-01-28Removing unused mutex from nxt_process_t.Max Romanov1-2/+0
2020-11-17Router: matching regular expressions support.Axel Duch1-3/+1
2020-08-20Isolation: mount tmpfs by default.Tiago Natel de Moura1-1/+5
2020-08-13Basic variables support.Valentin Bartenev1-0/+8
2020-08-11Process structures refactoring in runtime and libunit.Max Romanov1-3/+0
Generic process-to-process shared memory exchange is no more required. Here, it is transformed into a router-to-application pattern. The outgoing shared memory segments collection is now the property of the application structure. The applications connect to the router only, and the process only needs to group the ports.
2020-08-11Changing router to application port exchange protocol.Max Romanov1-7/+0
The application process needs to request the port from the router instead of the latter pushing the port before sending a request to the application. This is required to simplify the communication between the router and the application and to prepare the router to use the application shared port and then the queue.
2020-07-23Fixing various router crashes on exit caused by runtime pool free.Max Romanov1-7/+18
Currently, the router exits without waiting for the worker threads to stop. There is a short gap between the runtime memory pool's free and the exit, during which a worker thread may try to access a runtime structure. In turn, this may cause a crash. For now, it is better to keep this memory allocated.
2020-05-28Added "rootfs" feature.Tiago Natel de Moura1-0/+1
2020-03-09Refactor of process management.Tiago Natel de Moura1-4/+56
The process abstraction has changed to: setup(task, process) start(task, process_data) prefork(task, process, mp) The prefork() occurs in the main process right before fork. The file src/nxt_main_process.c is completely free of process specific logic. The creation of a process now supports a PROCESS_CREATED state. The The setup() function of each process can set its state to either created or ready. If created, a MSG_PROCESS_CREATED is sent to main process, where external setup can be done (required for rootfs under container). The core processes (discovery, controller and router) doesn't need external setup, then they all proceeds to their start() function straight away. In the case of applications, the load of the module happens at the process setup() time and The module's init() function has changed to be the start() of the process. The module API has changed to: setup(task, process, conf) start(task, data) As a direct benefit of the PROCESS_CREATED message, the clone(2) of processes using pid namespaces now doesn't need to create a pipe to make the child block until parent setup uid/gid mappings nor it needs to receive the child pid.
2020-05-28Moving nxt_stream_ident to shared memory.Max Romanov1-0/+4
This aims to avoid stream id clashes after router restart.
2020-04-08Controller: improved handling of unix domain control socket.Valentin Bartenev1-1/+1
One of the ways to detect Unit's startup and subsequent readiness to accept commands relies on waiting for the control socket file to be created. Earlier, it was unreliable due to a race condition between the client's connect() and the daemon's listen() calls after the socket's bind() call. Now, unix domain listening sockets are created with a nxt_listen_socket_create() call as follows: s = socket(); unlink("path/to/socket.tmp") bind(s, "path/to/socket.tmp"); listen(s); rename("path/to/socket.tmp", "path/to/socket"); This eliminates a time-lapse when the socket file is already created but nobody is listening on it yet, which therefore prevents the condition described above. Also, it allows reliably detecting whether the socket is being used or simply wasn't cleaned after the daemon stopped abruptly. A successful connection to the socket file means the daemon has been started; otherwise, the file can be overwritten.
2020-04-08Removed unused code related to testing of address binding.Valentin Bartenev1-1/+1
2020-03-12Using disk file to store large request body.Max Romanov1-0/+18
This closes #386 on GitHub.
2019-12-06Moved credential-related code to nxt_credential.c.Tiago Natel1-1/+1
This is required to avoid include cycles, as some nxt_clone_* functions depend on the credential structures, but nxt_process depends on clone structures.
2019-11-26Refactor of process init.Tiago Natel1-2/+5
Introduces the functions nxt_process_init_create() and nxt_process_init_creds_set().
2019-10-29Process port refactoring.Hong Zhi Dao1-29/+42
- Introduced nxt_runtime_process_port_create(). - Moved nxt_process_use() into nxt_process.c from nxt_runtime.c. - Renamed nxt_runtime_process_remove_pid() as nxt_runtime_process_remove(). - Some public functions transformed to static. This closes #327 issue on GitHub.
2019-10-29Allocating process init struct from runtime memory pool.Max Romanov1-0/+4
This avoids memory leak reports from the address sanitizer.
2019-10-28Releasing the memory of removed thread pools at exit.Tiago Natel1-0/+2
2019-10-22Fixing idle connection close function.Max Romanov1-1/+1
There was a typo: nxt_queue_head() used instead of nxt_queue_first() in connection iteration loop. This prevents idle connection close on quit. This closes #334 issue on GitHub. Thanks to 洪志道 (Hong Zhi Dao).
2019-09-19Initial applications isolation support using Linux namespaces.Tiago de Bem Natel de Moura1-1/+13
2019-03-22Destroying pool in case of error.Max Romanov1-2/+1
This closes #233 issue on GitHub. Thanks to 洪志道 (Hong Zhi Dao).
2018-10-23Removed unused "--upstream" command line option.Valentin Bartenev1-14/+0
2018-10-09Renamed "go" application type to "external".Valentin Bartenev1-2/+2
There's nothing specific to Go language. This type of application object can be used to run any external application that utilizes libunit API.
2018-09-20Controller: certificates storage interface.Valentin Bartenev1-0/+17
2018-08-10Stopping all application processes if router process dies.Max Romanov1-1/+1
Unit master process restarts the router if the router accidentally dies. New router process receives the configuration from controller and starts configured applications. The information of running applications cannot be transferred to router because currently there is no persistent application identifier. To avoid orphan application processes started by died router, master process stops all currently running applications once it receives SIGCHLD for router process.
2018-06-25Removed '\r' and '\n' artifact macros.Igor Sysoev1-1/+1
2018-06-25Introduced nxt_length() macro.Valentin Bartenev1-11/+11
2018-06-18Fixed exit status on start failure.Igor Sysoev1-9/+12
This and previous commit close #131 issue on GitHub.
2018-06-18Removing Unix control socket on start failure.Igor Sysoev1-2/+2
The bug had appeared in 5cc5002a788e when process type has been converted to bitmask. This commit reverts the type back to a number. This commit is related to #131 issue on GitHub.
2018-06-18Removed unused single process type.Igor Sysoev1-31/+1
2018-04-18Removed duplicating socket address parsing function.Valentin Bartenev1-279/+3
This also fixes #101 issue on GitHub. The function previously used to parse IPv6 address of control socket was broken. Now the working function is used instead.
2018-04-13Improved "unitd" command line help.Valentin Bartenev1-2/+5
2018-03-29nxt_lvlhsh_each() refactoring and nxt_lvlhsh_each_init().Igor Sysoev1-3/+1
2018-03-29Using nxt_lvlhsh_peek() for port hashes.Igor Sysoev1-8/+4
2018-03-29Removed unused macros and functions.Igor Sysoev1-7/+0
2018-03-05Reduced number of critical log levels.Valentin Bartenev1-20/+16
2018-01-24Fixed formatting in nxt_sprintf() and logging.Sergey Kandaurov1-1/+1
2017-11-20Fixing Coverity warnings.Max Romanov1-0/+3
CID 200496 CID 200494 CID 200490 CID 200489 CID 200483 CID 200482 CID 200472 CID 200465
2017-10-19Supporting concurrent shared memory fd receive in router.Max Romanov1-6/+6
Two different router threads may send different requests to single application worker. In this case shared memory fds from worker to router will be send over 2 different router ports. These fds will be received and processed by different threads in any order. This patch made possible to add incoming shared memory segments in arbitrary order. Additionally, array and memory pool are no longer used to store segments because of pool's single threaded nature. Custom array-like structure nxt_port_mmaps_t introduced.