Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 10 Sep 2015 15:02:46 -0700
From:      Adrian Chadd <adrian@freebsd.org>
To:        John-Mark Gurney <jmg@funkthat.com>
Cc:        Eric van Gyzen <vangyzen@freebsd.org>, Warner Losh <imp@bsdimp.com>, Ed Maste <emaste@freebsd.org>,  "src-committers@freebsd.org" <src-committers@freebsd.org>,  "svn-src-all@freebsd.org" <svn-src-all@freebsd.org>,  "svn-src-head@freebsd.org" <svn-src-head@freebsd.org>
Subject:   Re: svn commit: r287606 - head/sys/kern
Message-ID:  <CAJ-Vmo=uNzSYpApanf%2BriLTL9WnLYakP=734dOLA57pkuySewA@mail.gmail.com>
In-Reply-To: <20150910211417.GY33167@funkthat.com>
References:  <201509100405.t8A45xrJ070199@repo.freebsd.org> <CAPyFy2DjD3Dv6VYjd_6CKe3_2ZuMC5ayMKnzATLb=a4yZUYyLw@mail.gmail.com> <CANCZdfoBN9keiZCUpJ_v5y6mUpKcY_26Y_2=xCLwJovz%2B8a_xQ@mail.gmail.com> <CAJ-VmonUm5Sf8TPLnciouyiJjLUndtNJX368US5_hgQwzYBdkQ@mail.gmail.com> <20150910175324.GW33167@funkthat.com> <55F1E06F.7000008@FreeBSD.org> <20150910211417.GY33167@funkthat.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
I'd love for rc.subr to grow the ability to set per-daemon cpuset,
class, environment, etc. We have some of that in the rc script
already.

What I have so far for local hacking is this, which at least gets the
default login class bits and runs things as user daemon.
Yes, there are issues with inheriting the environment and other things
from the callee - I think that's a separate issue to solve.

Thanks,


-a

adrian@hulk:~/work/freebsd/head/src % svn diff etc

Index: etc/login.conf
===================================================================
--- etc/login.conf (revision 28758)
+++ etc/login.conf (working copy)
@@ -36,7 +36,8 @@
  :memoryuse=unlimited:\
  :filesize=unlimited:\
  :coredumpsize=unlimited:\
- :openfiles=unlimited:\
+ :openfiles-cur=4096:\
+ :openfiles-max=65536:\
  :maxproc=unlimited:\
  :sbsize=unlimited:\
  :vmemoryuse=unlimited:\
@@ -61,6 +62,8 @@
  :tc=default:
 daemon:\
  :memorylocked=128M:\
+ :openfiles-cur=32768:\
+ :openfiles-max=65536:\
  :tc=default:
 news:\
  :tc=default:
Index: etc/rc.subr
===================================================================
--- etc/rc.subr (revision 287580)
+++ etc/rc.subr (working copy)
@@ -768,6 +768,8 @@
 #
 # ${name}_prepend n Command added before ${command}.
 #
+# ${name}_login_class n Login class to use, else "daemon".
+#
 # ${rc_arg}_cmd n If set, use this as the method when invoked;
 # Otherwise, use default command (see below)
 #

@@ -942,8 +944,13 @@
      _nice=\$${name}_nice _user=\$${name}_user \
      _group=\$${name}_group _groups=\$${name}_groups \
      _fib=\$${name}_fib _env=\$${name}_env \
-     _prepend=\$${name}_prepend
+     _prepend=\$${name}_prepend _login_class=\$${name}_login_class

+ # Default to 'daemon' if no login class is provided
+ if [ -n "$_login_class" ]; then
+ _login_class="daemon"
+ fi
+
  if [ -n "$_user" ]; then # unset $_user if running as that user
  if [ "$_user" = "$(eval $IDCMD)" ]; then
  unset _user
@@ -1050,6 +1057,9 @@
  fi
  fi

+ # Prepend default limits
+ _doit="limits -C $_login_class $_doit"
+
  # run the full command
  #
  if ! _run_rc_doit "$_doit"; then

On 10 September 2015 at 14:14, John-Mark Gurney <jmg@funkthat.com> wrote:
> Eric van Gyzen wrote this message on Thu, Sep 10, 2015 at 14:56 -0500:
>> On 09/10/2015 12:53, John-Mark Gurney wrote:
>> > Adrian Chadd wrote this message on Thu, Sep 10, 2015 at 09:18 -0700:
>> >> On 10 September 2015 at 09:04, Warner Losh <imp@bsdimp.com> wrote:
>> >>>
>> >>>
>> >>> On Thu, Sep 10, 2015 at 9:53 AM, Ed Maste <emaste@freebsd.org> wrote:
>> >>>>
>> >>>> On 10 September 2015 at 04:05, Adrian Chadd <adrian@freebsd.org> wrote:
>> >>>>> Author: adrian
>> >>>>> Date: Thu Sep 10 04:05:58 2015
>> >>>>> New Revision: 287606
>> >>>>> URL: https://svnweb.freebsd.org/changeset/base/287606
>> >>>>>
>> >>>>> Log:
>> >>>>>   Also make kern.maxfilesperproc a boot time tunable.
>> >>>>> ...
>> >>>>>   TODO:
>> >>>>
>> >>>> Also "we" should
>> >>>> * Submit patches upstream or to the ports tree to use closefrom
>> >>>
>> >>>
>> >>> I thought the consensus was that we'd fix things to have fewer FDs
>> >>> by default, but instead allow individual processes to raise it via the
>> >>> usual methods.
>>
>> We could--and should--do both, because they're both good ideas.
>>
>> >> I'm looking at how to do this in a somewhat sensible fashion. Right
>> >> now we just have openfiles=unlimited; in /etc/login.conf which seems a
>> >> little odd. I don't know yet if that affects the default set that
>> >> services started via /etc/rc get - init gets the whole default
>> >> maxfilesperproc and stuff seems to inherit from that unless told
>> >> otherwise.
>> >>
>> >> I think the more sensible default would be:
>> >>
>> >> * set  /etc/login.conf to some much lower values - say, 4k soft, 64k hard;
>> >> * root can always override its settings up to kern.maxfilesperproc;
>> >> * modify /etc/rc to set some default rlimits as appropriate;
>> >
>> > We should probably just use the daemon class from login.conf... Do we
>> > have a program that will set the current limits to a specified class?
>>
>> See limits(1).  The apache rc.d script uses it, along with some related
>> rc.conf variables.
>
> So, one issue w/ limits is that it only does the limits side of
> things, not environment or cpusets...  see:
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=161401
>
> limits doesn't address PATH and other environment variables...
>
> We should have rc.subr setup the environment completely when executing
> the daemon/scripts instead of depending upon any of this..
>
> It turns out that init doesn't setup the environment vars provided by
> login.config either...
>
>> >> * introduce configuration options ({daemon_rlimit_XXX}?) in
>> >> /etc/rc.conf that lets someone override what the default rlimits
>> >> should be for a given process,, as (and I'm not making this up) if you
>> >> run 'service XXX restart' from a root login you get the rlimits from
>> >> the shell, which may differ from the system startup.
>> >
>> > Why not daemon_login_class w/ the above?
>> >
>> >> That way we can setup various services to have higher openfile limits
>> >> via /etc/rc.conf entries for those services rather than having to hack
>> >> each startup script. It also means that no matter what is running
>> >> 'service XXX YYY' as root, you'll get the 'correct'(er) rlimits.
>> >
>> > Then service would just use the above program to get sane defaults...
>
> --
>   John-Mark Gurney                              Voice: +1 415 225 5579
>
>      "All that I will do, has been done, All that I have, has not."

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJ-Vmo=uNzSYpApanf%2BriLTL9WnLYakP=734dOLA57pkuySewA>