WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-api

RE: [Xen-API] [PATCH] Cope with the stunnel zombie process issue

To: 'Zheng Li' <dev@xxxxxxxx>, "xen-api@xxxxxxxxxxxxxxxxxxx" <xen-api@xxxxxxxxxxxxxxxxxxx>
Subject: RE: [Xen-API] [PATCH] Cope with the stunnel zombie process issue
From: Dave Scott <Dave.Scott@xxxxxxxxxxxxx>
Date: Wed, 21 Apr 2010 11:36:44 +0100
Accept-language: en-US
Acceptlanguage: en-US
Cc:
Delivery-date: Wed, 21 Apr 2010 03:40:29 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <09806785f1ae3dba0c0d.1271787901@lambda>
List-help: <mailto:xen-api-request@lists.xensource.com?subject=help>
List-id: Discussion of API issues surrounding Xen <xen-api.lists.xensource.com>
List-post: <mailto:xen-api@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-api>, <mailto:xen-api-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-api>, <mailto:xen-api-request@lists.xensource.com?subject=unsubscribe>
References: <09806785f1ae3dba0c0d.1271787901@lambda>
Sender: xen-api-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcrgtvMpLp0Nw7t5QsGl79PVjIevxgAhxYYw
Thread-topic: [Xen-API] [PATCH] Cope with the stunnel zombie process issue
Hi Zheng,

Thanks for this.

> Some versions of stunnel (old versions, or some new ones bulit with
> some particular Linux distribution versions) have the zombie process
> issue when called from xe. When it happens, the main stunnel process
> won't exit for long time after xe closing its communication channel,
> seems to be waiting for its children processes which are however
> staying in "defunct" status. The issue was also reported on the server
> side when stunnel is called by xapi daemon, so it would be useful to
> set the Stunnel.disconnect arguments properly there as well. However
> this demands more work to identify which setting is safe for each
> occurrence, so I'll leave it for future. Moreover, currently xe doesn't
> wait for the second stunnel connection process (HTTP Get/Put), this
> should also be fixed in the future. The question is: does xe really
> needs to care about the status of stunnel in most cases? If not, why
> not using the double fork tricks everywhere; if yes, a SSL library
> might be more appropriate than  3rd party tools such as stunnel.

I think that xe doesn't really care about the status of stunnel in most cases: 
it only really cares about the error messages sent over SSL from the server. It 
does care about what happened to stunnel if the connection dies... but then 
stunnel has already gone away :)

Cheers,
Dave
> 
> 
> Signed-off-by: Zheng Li <dev@xxxxxxxx>
> 
> 
>  ocaml/xe-cli/newcli.ml |  24 +++++++++++-------------
>  1 files changed, 11 insertions(+), 13 deletions(-)
> 
> 
> diff -r aadacd259d22 -r 09806785f1ae ocaml/xe-cli/newcli.ml
> --- a/ocaml/xe-cli/newcli.ml  Sat Apr 10 12:42:44 2010 +0100
> +++ b/ocaml/xe-cli/newcli.ml  Tue Apr 20 19:18:53 2010 +0100
> @@ -115,11 +115,10 @@
>      with End_of_file ->
>        error "Error: password file format: expecting username on the
> first line, password on the second line\n";
>        exit 1
> -  with
> -    | _ ->
> -     error "Error opening password file '%s'\n" !xapipasswordfile;
> -     exit 1
> -
> +  with _ ->
> +    error "Error opening password file '%s'\n" !xapipasswordfile;
> +    exit 1
> +
> 
>  let parse_port (x: string) =
>    try
> @@ -337,9 +336,9 @@
>                       doit url
>               with
>               | ClientSideError msg ->
> -                       marshal ofd (Response Failed);
> -                       Printf.fprintf stderr "Operation failed. Error:
> %s\n" msg;
> -                       exit 1
> +              marshal ofd (Response Failed);
> +              Printf.fprintf stderr "Operation failed. Error: %s\n"
> msg;
> +              exit_code := Some 1
>               | e ->
>                         debug "HttpPut failure: %s\n%!"
> (Printexc.to_string e);
>                         (* Assume the server will figure out what's wrong
> and tell us over @@ -401,9 +400,9 @@
>                 doit url
>               with
>               | ClientSideError msg ->
> -                       marshal ofd (Response Failed);
> -                       Printf.fprintf stderr "Operation failed. Error:
> %s\n" msg;
> -                       exit 1
> +              marshal ofd (Response Failed);
> +              Printf.fprintf stderr "Operation failed. Error: %s\n"
> msg;
> +              exit_code := Some 1
>               | e ->
>                         debug "HttpGet failure: %s\n%!"
> (Printexc.to_string e);
>                         marshal ofd (Response Failed) @@ -508,8 +507,7 @@
>               with e -> debug "%s\n" (Printexc.to_string e));
>            try Unix.unlink p.Stunnel.logfile with _ -> ()
>          end;
> -      (try Stunnel.disconnect p
> -       with Unix.Unix_error(Unix.ECHILD, _, _) -> ())
> +      Stunnel.disconnect ~wait:false ~force:true p
>    | None -> ()
>    end;
>    begin match !debug_file, !debug_channel with

_______________________________________________
xen-api mailing list
xen-api@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/mailman/listinfo/xen-api

<Prev in Thread] Current Thread [Next in Thread>