svn commit: r287606 - head/sys/kern

Thu Sep 10 22:11:40 UTC 2015

Hi,

Fixed a couple of bugs, and:

https://reviews.freebsd.org/D3630

-adrian

On 10 September 2015 at 15:02, Adrian Chadd <adrian at freebsd.org> wrote:
> I'd love for rc.subr to grow the ability to set per-daemon cpuset,
> class, environment, etc. We have some of that in the rc script
> already.
>
> What I have so far for local hacking is this, which at least gets the
> default login class bits and runs things as user daemon.
> Yes, there are issues with inheriting the environment and other things
> from the callee - I think that's a separate issue to solve.
>
> Thanks,
>
>
> -a
>
> adrian at hulk:~/work/freebsd/head/src % svn diff etc
>
> Index: etc/login.conf
> ===================================================================
> --- etc/login.conf (revision 28758)
> +++ etc/login.conf (working copy)
> @@ -36,7 +36,8 @@
>   :memoryuse=unlimited:\
>   :filesize=unlimited:\
>   :coredumpsize=unlimited:\
> - :openfiles=unlimited:\
> + :openfiles-cur=4096:\
> + :openfiles-max=65536:\
>   :maxproc=unlimited:\
>   :sbsize=unlimited:\
>   :vmemoryuse=unlimited:\
> @@ -61,6 +62,8 @@
>   :tc=default:
>  daemon:\
>   :memorylocked=128M:\
> + :openfiles-cur=32768:\
> + :openfiles-max=65536:\
>   :tc=default:
>  news:\
>   :tc=default:
> Index: etc/rc.subr
> ===================================================================
> --- etc/rc.subr (revision 287580)
> +++ etc/rc.subr (working copy)
> @@ -768,6 +768,8 @@
>  #
>  # ${name}_prepend n Command added before ${command}.
>  #
> +# ${name}_login_class n Login class to use, else "daemon".
> +#
>  # ${rc_arg}_cmd n If set, use this as the method when invoked;
>  # Otherwise, use default command (see below)
>  #
>
> @@ -942,8 +944,13 @@
>       _nice=\$${name}_nice _user=\$${name}_user \
>       _group=\$${name}_group _groups=\$${name}_groups \
>       _fib=\$${name}_fib _env=\$${name}_env \
> -     _prepend=\$${name}_prepend
> +     _prepend=\$${name}_prepend _login_class=\$${name}_login_class
>
> + # Default to 'daemon' if no login class is provided
> + if [ -n "$_login_class" ]; then
> + _login_class="daemon"
> + fi
> +
>   if [ -n "$_user" ]; then # unset $_user if running as that user
>   if [ "$_user" = "$(eval $IDCMD)" ]; then
>   unset _user
> @@ -1050,6 +1057,9 @@
>   fi
>   fi
>
> + # Prepend default limits
> + _doit="limits -C $_login_class $_doit"
> +
>   # run the full command
>   #
>   if ! _run_rc_doit "$_doit"; then
>
> On 10 September 2015 at 14:14, John-Mark Gurney <jmg at funkthat.com> wrote:
>> Eric van Gyzen wrote this message on Thu, Sep 10, 2015 at 14:56 -0500:
>>> On 09/10/2015 12:53, John-Mark Gurney wrote:
>>> > Adrian Chadd wrote this message on Thu, Sep 10, 2015 at 09:18 -0700:
>>> >> On 10 September 2015 at 09:04, Warner Losh <imp at bsdimp.com> wrote:
>>> >>>
>>> >>>
>>> >>> On Thu, Sep 10, 2015 at 9:53 AM, Ed Maste <emaste at freebsd.org> wrote:
>>> >>>>
>>> >>>> On 10 September 2015 at 04:05, Adrian Chadd <adrian at freebsd.org> wrote:
>>> >>>>> Author: adrian
>>> >>>>> Date: Thu Sep 10 04:05:58 2015
>>> >>>>> New Revision: 287606
>>> >>>>> URL: https://svnweb.freebsd.org/changeset/base/287606
>>> >>>>>
>>> >>>>> Log:
>>> >>>>>   Also make kern.maxfilesperproc a boot time tunable.
>>> >>>>> ...
>>> >>>>>   TODO:
>>> >>>>
>>> >>>> Also "we" should
>>> >>>> * Submit patches upstream or to the ports tree to use closefrom
>>> >>>
>>> >>>
>>> >>> I thought the consensus was that we'd fix things to have fewer FDs
>>> >>> by default, but instead allow individual processes to raise it via the
>>> >>> usual methods.
>>>
>>> We could--and should--do both, because they're both good ideas.
>>>
>>> >> I'm looking at how to do this in a somewhat sensible fashion. Right
>>> >> now we just have openfiles=unlimited; in /etc/login.conf which seems a
>>> >> little odd. I don't know yet if that affects the default set that
>>> >> services started via /etc/rc get - init gets the whole default
>>> >> maxfilesperproc and stuff seems to inherit from that unless told
>>> >> otherwise.
>>> >>
>>> >> I think the more sensible default would be:
>>> >>
>>> >> * set  /etc/login.conf to some much lower values - say, 4k soft, 64k hard;
>>> >> * root can always override its settings up to kern.maxfilesperproc;
>>> >> * modify /etc/rc to set some default rlimits as appropriate;
>>> >
>>> > We should probably just use the daemon class from login.conf... Do we
>>> > have a program that will set the current limits to a specified class?
>>>
>>> See limits(1).  The apache rc.d script uses it, along with some related
>>> rc.conf variables.
>>
>> So, one issue w/ limits is that it only does the limits side of
>> things, not environment or cpusets...  see:
>> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=161401
>>
>> limits doesn't address PATH and other environment variables...
>>
>> We should have rc.subr setup the environment completely when executing
>> the daemon/scripts instead of depending upon any of this..
>>
>> It turns out that init doesn't setup the environment vars provided by
>> login.config either...
>>
>>> >> * introduce configuration options ({daemon_rlimit_XXX}?) in
>>> >> /etc/rc.conf that lets someone override what the default rlimits
>>> >> should be for a given process,, as (and I'm not making this up) if you
>>> >> run 'service XXX restart' from a root login you get the rlimits from
>>> >> the shell, which may differ from the system startup.
>>> >
>>> > Why not daemon_login_class w/ the above?
>>> >
>>> >> That way we can setup various services to have higher openfile limits
>>> >> via /etc/rc.conf entries for those services rather than having to hack
>>> >> each startup script. It also means that no matter what is running
>>> >> 'service XXX YYY' as root, you'll get the 'correct'(er) rlimits.
>>> >
>>> > Then service would just use the above program to get sane defaults...
>>
>> --
>>   John-Mark Gurney                              Voice: +1 415 225 5579
>>
>>      "All that I will do, has been done, All that I have, has not."