lse summer week 2016
play

LSE Summer Week 2016 16 July, 2016 Antoine Jacoutot - PowerPoint PPT Presentation

Aug 04, 2023 •537 likes •1.19k views

OpenBSD rc.d(8) LSE Summer Week 2016 16 July, 2016 Antoine Jacoutot <ajacoutot@openbsd.org> whoami(1) OpenBSD developer since 2006 ajacoutot@ aka aja@ sysmerge, rc.d, rcctl, libtool, stuff, other stuff >400 ports,

  1. OpenBSD rc.d(8) LSE Summer Week 2016 16 July, 2016 Antoine Jacoutot <ajacoutot@openbsd.org>

  2. whoami(1) ● OpenBSD developer since 2006 ● ajacoutot@ aka aja@ ● sysmerge, rc.d, rcctl, libtool, stuff, other stuff… ● >400 ports, GNOME (Foundation member) ● ftp.fr.openbsd.org

  3. rc.d(8) was brought to you by Robert Nagy <robert@openbsd.org> Ingo Schwarze <schwarze@openbsd.org> Antoine Jacoutot <ajacoutot@openbsd.org>

  4. Stuff we're going to talk about ● historical (& current) system boot process ● rc.d alternatives and requirements ● rc.d usage ● rc.subr internals ● rcctl

  6. I can has consistency? ● kill -HUP ● apachectl graceful ● rndc reload ● haproxy -sf $(cat /var/run/haproxy.pid)

  7. The 90's called... ● boot loader -> kernel -> init ● init(1) uses sh(1) to run /etc/rc ● dependable, predictive, sequential ● dependency-less

  8. Controlling the startup /etc/rc.conf, default configuration /etc/rc.conf.local, rc.conf(8) overrides daemon_flags=flags|NO service=YES|NO

  9. rc.d requirements ● current paradigm cannot change ● preserve existing behavior ● plug rc.d on top (!= replacement) ● only handle daemons ● small, simple, robust, comprehensive ● easily debuggable

  10. Alternatives at the time ● SMF, launchd ● OpenRC ● runit, daemontools ● Slackware Linux rc.d ● FreeBSD and NetBSD rc.d + rcorder ● ...

  11. !NIH ● small and targeted to our requirements ● no supervision ● no event driven / socket activated ● no parallelization ● no automatic startup ordering

  12. Initial landing ● October 2010: first implementation ● /etc/rc.d/rc.subr, /etc/rc.d/foobar ● designed for ports only ● base was the ultimate goal

  13. Initial implementation ● standard facility to signal daemons: kill(1) ● does not rely on PID files ● no start-stop-daemon(8)... ● good enough for ~95% of the ecosystem ● shell (ksh)

  14. Initial implementation ● rc.d scripts initially called from /etc/rc.local ○ no disruption to the existent ○ traditional way to start external daemons ○ naming ■ same name as the daemon it is referring to (some exceptions) ■ dash -> underscore (script used as a var by the framework)

  15. /etc/rc.local for _r in $rc_scripts; do [ -x /etc/rc.d/${_r} ] && \ /etc/rc.d/${_r} start && \ echo -n " ${_r}" done

  16. /etc/rc.d/rc.subr ● sourced by rc.d scripts ● provides all subroutines ● 54 LOC at that time

  17. “Who would need such a bloated interface?”

  18. We're in! ● one release later: base system daemons ● why the change of mind? ○ process not started in isolation ○ unexpected and/or dangerous behavior "su(1) -l" for environment sanitation

  19. Environment leakage su root -c 'apachectl2 start' versus su root -c '/etc/rc.d/apache2 start'

  20. “Too much information!”

  21. OpenBSD startup sequence ● do things -> start_daemon() -> do other things -> start_daemon() -> ... ● hostname.if, rc.securelevel, rc.local, rc.shutdown ● run_upgrade_script() (sysmerge, firsttime) rc.d = small subset of the startup sequence

  22. rc.d today ● rc.subr 224 LOC ● /etc/rc -150 LOC ○ source rc.subr (functions only) ○ start_daemon() ○ start/stop pkg_scripts (while loop) ● big feature gain for 70 LOC

  23. Features and usage ● 4+1 actions available ○ start the daemon (flags, timeout, user, class, rtable) ○ stop the daemon (SIGTERM) ○ reload the daemon (SIGHUP) ○ check if the daemon is running (pgrep) ○ restart the daemon (stop && start)

  24. Actions ● need to run as a privileged user (~!check) ● fully configurable and overridable ● main user interface: just a few knobs

  25. Minimal rc.d script #!/bin/sh # # $OpenBSD$ daemon="/path/to/daemon" . /etc/rc.d/rc.subr rc_cmd $1

  26. Actions ● 2 optional flags ○ -d debug mode ■ describe and display stdout/stderr ○ -f force mode ■ similar to onestart ■ no-op for packages rc.d scripts

  27. Enabling daemons ● daemon_flags ○ base system daemons ● pkg_scripts (ordered or reversed) ○ package daemons

  28. rc.d variables ● daemon_class ○ default: daemon ○ BSD login class the daemon will run under (resource limits, environment variables...)

  29. rc.d variables ● daemon_flags ○ default: NO|<empty> (from /etc/rc.conf) ○ flags passed to the daemon

  30. rc.d variables ● daemon_rtable ○ default: 0 ○ routing table to run the daemon under

  31. rc.d variables ● daemon_timeout ○ default: 30 ○ maximum time in seconds to start/stop/reload

  32. rc.d variables ● daemon_user ○ default: root ○ user the daemon will run as

  33. rc.d variables ● variables are overridable by ○ the rc.d script itself ○ /etc/rc.conf ○ /etc/rc.conf.local

  34. rc.d variables ● /etc/rc.d/netsnmpd ○ daemon_flags="-u _netsnmp -I -ipv6" ● rc.conf.local ○ netsnmpd_flags=-u _netsnmp -a override: rc.d script name is substituted to daemon in the variable name

  35. daemon_class ● set to a login class of the same name as the rc.d script ● netsnmpd_class=myclass netsnmpd:\ :openfiles-cur=512:\ :tc=daemon:

  36. rc.conf.local example apmd_flags=-A hotplugd_flags= saned_flags=-s128 ntpd_flags=NO pkg_scripts=messagebus saned cupsd

  37. Special cases ● meta rc.d script ○ /etc/rc.d/samba start ○ /etc/rc.d/smdb start && \ /etc/rc.d/nmbd start

  38. Special cases ● multiple instances of the same daemon ○ ln -s /etc/rc.d/foobar /etc/rc.d/foobar2 ○ pgrep(1) much match the correct one! ○ foobar2_flags, foobar2_user...

  39. /etc/rc.d/rc.subr ● entry point ● where the whole framework is defined ● sourced by rc.d scripts ○ to get std functions and default vars ○ functions can be overridden by the script itself

  40. rc_start() ${rcexec} "${daemon} ${daemon_flags} ${_bg}" rcexec="su -l -c ${daemon_class} -s /bin/sh ${daemon_user} -c" [ "${daemon_rtable}" -eq 0 ] || \ rcexec="route -T ${daemon_rtable} exec ${rcexec}" rc_bg=YES -> “&” e.g. su -l -c daemon -s /bin/sh root -c "/usr/sbin/sshd –flags"

  41. rc_stop() pkill -T "${daemon_rtable}" -xf "${pexp}" pexp="${daemon}${daemon_flags:+ ${daemon_flags}}" At shutdown: base system daemons scripts are not run (SIGTERM)

  42. rc_reload() pkill -HUP -T "${daemon_rtable}" \ -xf "${pexp}"

  43. rc_check() pgrep -T "${daemon_rtable}" -q -xf "${pexp}"

  44. Optional function: rc_pre() ● start will invoke rc_pre() before starting a daemon ● pre-launch time requirements ○ e.g. create a directory to store a socket

  45. Optional function: rc_post() ● invoked by stop after a daemon process has been killed ● cleanup ○ remove dangling lock files ○ putting the system back into a pristine state (e. g. cups)

  46. rc_cmd() ● main function ● last command called by an rc.d script ● 1 of 5 arguments

  47. rc_cmd() start ● check that the daemon is enabled ● check it is not already running ● run rc_pre() ● run rc_start() ● daemon variables in /var/run/rc.d/${rcscriptname} ● wait up to ${daemon_timeout} seconds

  48. rc_cmd() stop ● check that the daemon is running ● run rc_stop() ● wait up to ${daemon_timeout} seconds ● run rc_post() ● rm /var/run/rc.d/${rcscriptname}

  49. rc_cmd() restart ● /etc/rc.d/daemon stop ● /etc/rc.d/daemon start

  50. rc_cmd() reload ● check that the daemon is running ● run rc_reload()

  51. rc_cmd() check ● rc_check()

  52. Unsupported actions ● some daemons do not support an action ○ turn function into a variable set to “NO” ■ e.g. rc_reload=NO

  53. The rc_usercheck variable ● if rc_check() requires higher privileges ○ rc_usercheck=NO

  54. /var/run/rc.d/${rcdscriptname} ● match currently running process in case configuration changed ● e.g. /var/run/rc.d/ntpd daemon_class=daemon daemon_flags=-s daemon_rtable=0 daemon_timeout=30 daemon_user=root pexp=/usr/sbin/ntpd -s

  55. full rc.d script template daemon="/path/to/bin/foobar --daemonize" #daemon_flags= #daemon_rtable="0" #daemon_timeout="30" #daemon_user="root" . /etc/rc.d/rc.subr #pexp="${daemon}${daemon_flags:+ ${daemon_flags}}" #rc_bg= #rc_reload= #rc_usercheck=YES #rc_pre() { } #rc_start() { ${rcexec} "${daemon} ${daemon_flags} ${_bg}" } #rc_check() { pgrep -T "${daemon_rtable}" -q -xf "${pexp}" } #rc_reload() { pkill -HUP -T "${daemon_rtable}" -xf "${pexp}" } #rc_stop() { pkill -T "${daemon_rtable}" -xf "${pexp}" } #rc_post() { } rc_cmd $1

  56. rcctl(8) ● rc.conf.local "editor" (sorting) ● configure & control daemons and services ● ala service(8) + chkconfig(8) + sysconfig ● syntax not compatible with service(8) ● alternative, not an $EDITOR replacement

  57. rcctl - confusion achieved multicast=YES sshd=YES multicast= sshd_flags= multicast_flags=NO sshd_flags=NO

  58. rcctl - coherence ● unified interface ● abstraction ● daemon versus service ● regular versus meta script ● rcctl support in Puppet, Ansible and Salt ○ puppet: 120 additions and 441 deletions

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Medusa A disassembler and something more... Angelin Njakasoa BOOZ LSE Summer Week 2016

Medusa A disassembler and something more... Angelin Njakasoa BOOZ LSE Summer Week 2016

Medusa A disassembler and something more... Angelin Njakasoa BOOZ LSE Summer Week 2016 Quarkslab Angelin Njakasoa BOOZ (LSE Summer Week 2016) Medusa LSE Week 2016 1 / 20 Presentation Whoami? Where do I work? What do I do? Angelin

453 views • 20 slides
July 16 August 16, 2016 An Introduction to the VSP The Vancouver Summer Program (VSP) is a

July 16 August 16, 2016 An Introduction to the VSP The Vancouver Summer Program (VSP) is a

UB UBC Vancouver Summer Program July 16 August 16, 2016 An Introduction to the VSP The Vancouver Summer Program (VSP) is a four week academic program offered by various Faculties at the University of British Columbia, Canada for cohorts of

268 views • 22 slides
July 16 August 16, 2016 1 An Introduction to the VSP The Vancouver Summer Program (VSP) is a

July 16 August 16, 2016 1 An Introduction to the VSP The Vancouver Summer Program (VSP) is a

UBC Vancouver Summer Program July 16 August 16, 2016 1 An Introduction to the VSP The Vancouver Summer Program (VSP) is a four week academic program offered by various Faculties at the University of British Columbia, Canada for cohorts of

420 views • 22 slides
(Hildenborough) Wolf Cubs 2016-17 Welcome.. Downe Summer Camp June 2016 Downe Summer

(Hildenborough) Wolf Cubs 2016-17 Welcome.. Downe Summer Camp June 2016 Downe Summer

8 th Tonbridge (Hildenborough) Wolf Cubs 2016-17 Welcome.. Downe Summer Camp June 2016 Downe Summer Camp June 2016 Downe Summer Camp June 2016 Pets at Home Visit July 2016 Pond Dipping at Bough Beach July 2016 District Water

549 views • 27 slides
SUMMER ECONOMIC STATEMENT 2016 June 2016 Economic recovery continues to strengthen 2 | Summer

SUMMER ECONOMIC STATEMENT 2016 June 2016 Economic recovery continues to strengthen 2 | Summer

SUMMER ECONOMIC STATEMENT 2016 June 2016 Economic recovery continues to strengthen 2 | Summer Economic Statement 2016 14 th successive quarter of employment growth 3 | Summer Economic Statement 2016 Excessive deficit corrected in 2015

343 views • 8 slides
Weekly Maths YEAR 4 * WEEK 2 Summer 2 This term we are going to focus on Time and Money. We

Weekly Maths YEAR 4 * WEEK 2 Summer 2 This term we are going to focus on Time and Money. We

Weekly Maths YEAR 4 * WEEK 2 Summer 2 This term we are going to focus on Time and Money. We will continue to use the same structure for the week but change the focus from arithmetic. This week we will be focusing on adding money. Day 1 YEAR

391 views • 27 slides
Summer 2016- Schedule Update Summer 2016 Fleet : 1 Destination with Decreased Frequencies :

Summer 2016- Schedule Update Summer 2016 Fleet : 1 Destination with Decreased Frequencies :

As at 30 Mar 16 Summer 2016- Schedule Update Summer 2016 Fleet : 1 Destination with Decreased Frequencies : Operating : 1x A332; 2x A320; 8x A319; 5x ATR; Warsaw -3 (4) 1xCR9 Charter : 3x B733 1 Destination suspended : Spare

515 views • 13 slides
Presentation Week 7 Hanan Alnizami CRA-W DMP Summer 2008 Mentor: Dr. Tiffany Barnes Graduate

Presentation Week 7 Hanan Alnizami CRA-W DMP Summer 2008 Mentor: Dr. Tiffany Barnes Graduate

Presentation Week 7 Hanan Alnizami CRA-W DMP Summer 2008 Mentor: Dr. Tiffany Barnes Graduate Supervisor: Evie Powell Thursday July 09,2008 sdsa Plans for week 7: Study old Dance Tool Interface Design new interface Java code

464 views • 15 slides
Introducing the LSE-PC Schematics PCB LSE Summer Week 2015 FPGA Code execution Pierre Surply

Introducing the LSE-PC Schematics PCB LSE Summer Week 2015 FPGA Code execution Pierre Surply

Introducing the LSE-PC Pierre Surply Introduction Introducing the LSE-PC Schematics PCB LSE Summer Week 2015 FPGA Code execution Pierre Surply Application Conclusion EPITA 2016 July 18, 2015 Pierre Surply (EPITA 2016) Introducing

1.03k views • 53 slides
SUMMER 16 Whats new ? LETS GIVE OUR GM A SUMMER 2016 WITHOUT CONSTRAINTS AND NOT OR ! NEW

SUMMER 16 Whats new ? LETS GIVE OUR GM A SUMMER 2016 WITHOUT CONSTRAINTS AND NOT OR ! NEW

Sales Opening SUMMER 16 Whats new ? LETS GIVE OUR GM A SUMMER 2016 WITHOUT CONSTRAINTS AND NOT OR ! NEW BUSINESS WEAPONS TO HELP YOU REACH YOUR S16 OBJECTIVES 1. Your top priorities 2. Think about diversification 3. NEW EBB formula ! 4.

1.2k views • 94 slides
Summer 2016 Recreation Preview Summer Program Guide 48 pages Printed 44,000 Mailed

Summer 2016 Recreation Preview Summer Program Guide 48 pages Printed 44,000 Mailed

Summer 2016 Recreation Preview Summer Program Guide 48 pages Printed 44,000 Mailed 42,000 Also posted at www.playmedford.com Core Programs Summer day camps Park N Play (mobile recreation) Swim lessons/aquatics

428 views • 9 slides
RECURSION Lecture 9 CS2110 Summer 2019 Since Michael is leaving for a week I will take

RECURSION Lecture 9 CS2110 Summer 2019 Since Michael is leaving for a week I will take

Its turtles all the way down RECURSION Lecture 9 CS2110 Summer 2019 Since Michael is leaving for a week I will take over the next three lectures (Mon, Tue, Fri) 2 About Me: Luming Tang Current First-year CS PhD student@Cornell

569 views • 43 slides
2015 Vancouver Summer Program 2 An Introduction to the VSP The Vancouver Summer Program (VSP) is

2015 Vancouver Summer Program 2 An Introduction to the VSP The Vancouver Summer Program (VSP) is

2015 Vancouver Summer Program 2 An Introduction to the VSP The Vancouver Summer Program (VSP) is a four week academic program offered by various Faculties at the University of British Columbia, Canada for cohorts of students from partner

537 views • 18 slides
Week 2 Housekeeping: You did amazing things this Summer! Thanks for sharing. Keep website

Week 2 Housekeeping: You did amazing things this Summer! Thanks for sharing. Keep website

Welcome back to [occ]! Online Communities &amp; Crowds Welcome back to [occ]! Week 2 Housekeeping: 2014-09-29 You did amazing things this Summer! Thanks for sharing. Keep website bug reports coming! Thank you. Plan for the

831 views • 28 slides
Two Week Summer Sale! $ 19 98 $ 12 98 $ 23 98 $ 39 98 Budweiser, Bud Light Captain Jameson

Two Week Summer Sale! $ 19 98 $ 12 98 $ 23 98 $ 39 98 Budweiser, Bud Light Captain Jameson

Prices Good 5-10 thru 5-23-20 www.captainliquor.com Two Week Summer Sale! $ 19 98 $ 12 98 $ 23 98 $ 39 98 Budweiser, Bud Light Captain Jameson Irish Bud Select, Select 55, Seltzer Morgan Whiskey Bud Light, Coors, Rum 12 Pack Cans

373 views • 8 slides
Hayfield Summer Rec 2016 Presented by Johanna Bungum Summer Recreation Program Coordinator

Hayfield Summer Rec 2016 Presented by Johanna Bungum Summer Recreation Program Coordinator

Hayfield Summer Rec 2016 Presented by Johanna Bungum Summer Recreation Program Coordinator Morning Camps SUMMER REC NUMBERS 2015 2016 40 37 35 35 34 35 30 30 25 24 24 24 25 21 20 18 20 15 15 15 15 9 10 5 0 0 0

96 views • 6 slides
Treebanking for the grammar Acquisitionist my goldfish convinced me that linguists drive more

Treebanking for the grammar Acquisitionist my goldfish convinced me that linguists drive more

The learning problem A child exposed to sentences acquires a Treebanking for the grammar Acquisitionist my goldfish convinced me that linguists drive more expensive cars than banjo players (or: some times I wished I had a treebank) what did

341 views • 11 slides
Resilience, Service-Discovery and Z-D Deployment Bodo Junglas,

Resilience, Service-Discovery and Z-D Deployment Bodo Junglas,

Resilience, Service-Discovery and Z-D Deployment Bodo Junglas, York Xylander Who is leanovate? 2 100 25 people, HQ in Kreuzberg Mission: Build learning organizaIons

554 views • 39 slides
Multiplayer Computer Games Multiplayer Computer Games knowledge on the basic concepts of

Multiplayer Computer Games Multiplayer Computer Games knowledge on the basic concepts of

Course Syllabus Course Syllabus credits: 4 cp (2 cu) credits: 4 cp (2 cu) prerequisites: prerequisites: Algorithms for Computer Games Algorithms for Computer Games Multiplayer Computer Games Multiplayer Computer

89 views • 4 slides
Improving Tor using a TCP-over-DTLS Tunnel Joel Reardon Ian Goldberg Google Zurich University

Improving Tor using a TCP-over-DTLS Tunnel Joel Reardon Ian Goldberg Google Zurich University

Improving Tor using a TCP-over-DTLS Tunnel Joel Reardon Ian Goldberg Google Zurich University of Waterloo 18th USENIX Security Symposium August 12th, 2009 Tor: Internet anonymity tool 2 Problem 3 Tor Network 4 Tor: circuit construction

828 views • 33 slides
LibreCores Free and Open Digital Hardware Requirements Design Implementation Hardware

LibreCores Free and Open Digital Hardware Requirements Design Implementation Hardware

Digital hardware design What can we learn from software development and what not? Philipp Wagner @ FOSDEM 2017 LibreCores Free and Open Digital Hardware Requirements Design Implementation Hardware Verification Development Maintenance

523 views • 23 slides
IRQs: the Hard, the Soft, the Threaded and the Preemptible Alison Chaiken http://she-devel.com

IRQs: the Hard, the Soft, the Threaded and the Preemptible Alison Chaiken http://she-devel.com

IRQs: the Hard, the Soft, the Threaded and the Preemptible Alison Chaiken http://she-devel.com alison@she-devel.com Embedded Linux Conference Europe Oct 11, 2016 Example code Agenda Why do IRQs exist? About kinds of hard IRQs

712 views • 59 slides
Page 1 Linker Operation Linker Operation Classify all program symbols as either: A strong

Page 1 Linker Operation Linker Operation Classify all program symbols as either: A strong

Assignment for Tues Last Time Read Getting the Least out of Your C Looked at ColdFire and ARM in depth Compiler linked to course web page Today m.c a.c Compiler Compiler Tools and toolchains for embedded m.o a.o

279 views • 6 slides
Reverse Engineering NAND Flash Adapted from Josh m0nk

Reverse Engineering NAND Flash Adapted from Josh m0nk

Reverse Engineering NAND Flash Adapted from Josh m0nk Thomass Black Hat PresentaBon Andrew bunnie Huang &amp; Sean xobs Cross 30c3 PresentaBon

1.02k views • 30 slides

More recommend