Comments (5)
Agree to both points.
I have written some research I made about the subject and what I think we should be doing:
There seems to be two kinds of daemons:
- "traditional" SysV daemons which contain a double-forking mechanism to separate themselves from their parent process and the TTY they are linked to. They redirect themselves their standard file descriptors to a file or system wide logging. The crate
daemonize
works like that. - "modern" systemd daemons where systemd itself manages the daemons which do not have to do anything special apart from having a graceful shutdown mechanism. This can be done by implementing a
SIGTERM
signal handler (signal that is sent to the daemon when systemd wants to close it.) systemd needs a service file that describe the service type and its logging mechanism. Logs can be redirected easily so that they can be viewed with thejournalctl
, something likejournalctl -u parsecd.service
. There are also advanced features of systemd to automatically start-up the daemon whenever a connection is received on the socket, and not have it running all the time.
I am mostly inclined to follow the modern, systemd, process of daemonization and I see for that the following tasks:
- Create a
.service
file and put it at the root of this repo (same way ascontainerd
does) - Implement a handler of the
SIGTERM
signal to cleanly shutdown PARSEC (send to all thread a message through a channel for them to return andjoin
them) - Adds CI tests where PARSEC is run as a daemon, with
systemctl
commands.
Separate but linked tasks:
- With #36, replace all
println
calls with a real logging system (log
+env_logger
for example). (Possibly add log tests?) - Investigate socket activation of PARSEC
Note: systemd is a Linux only daemon manager, which is not on MacOS. The service will need to have OS dependant (#[cfg]
?) code and still work by just running cargo run
on other OSes. We will need to investigate daemon manager on the other OSes we want PARSEC to run on.
Ressources: simple description, daemon man page, types of services, Go example
from parsec.
logging to stdout is the normal way for daemons to run now; systemd or whatever will handle redirecting logs to wherever, so it is not necessary to change that. We should have a clean shutdown.
from parsec.
The points above seem good, but I have a few questions/points:
- Log tests are probably overkill. Manual checking should suffice
- Given the architecture of PARSEC, how will the socket activation fit into it? I agree that it's a nifty tool, but only as long as it doesn't open us up to someone tricking the system
- We should future-proof at least a tiny bit, in case we need to make PARSEC a Windows service too :)
from parsec.
Agree to all points.
I think socket activation is an advanced topic that will need more look into once a basic service is working. Will look into simple
and notify
services at first, with no socket activation (the service will initialise its own socket). Socket activation will also be socket dependant and I don't know how it would interact if we have other kinds of listeners.
I will make sure that the normal behaviour cargo run
, still works on other OS.
from parsec.
CC @paulhowardarm for your information
from parsec.
Related Issues (20)
- Can we have a single "latest" Quickstart release package?
- Parsec fails to compile for arm32 HOT 4
- Vulnerability in SQLite HOT 3
- Investigate using Arm Virtual Hardware in CI
- Suggest using `/dev/tpmrm0` over `/dev/tpm`
- Parsec 1.1 fails to build with meta-security master branch HOT 4
- Parsec Quickstart - Docker: Pull access denied for parallaxsecond/parsec-quickstart, repository does not exist HOT 1
- Update cryptoki version to `0.4.1` HOT 1
- parsec 1.1.0/1.2.0-rc1 fail to build with gcc13 HOT 3
- Generate arm64 quickstart package
- Provide details of built-in providers
- Investigate e2e_tests failure on RasberryPi for PKCS11 backend
- Investigate e2e_tests failure on RasberryPi for TPM backend
- Migrate away from using users crate HOT 1
- Format check errors should only appear in one CI job
- parsec-quickstart container on arm64 HOT 1
- Improve PKCS11 failure mode HOT 1
- e2e_tests/stress.rs: Signature Verification fails sporadically with PsaErrorInvalidArgument
- parsec-cli-tests.sh error: The CSR does not contain the serialNumber field of the Distinguished Name HOT 3
- PKCS11/SoftHSM/RSA issue: Decryption with a different key to the one used for Encryption is allowed HOT 16
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from parsec.