Solaris SMF?

[aemadrid]

For some reason I could not get LS to restart on OpenSolaris so I was trying to get it going under the SMF. I tried this SMF recipe but it doesn't work either:

<?xml version='1.0'?>
<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
<service_bundle type='manifest' name='PMpackages:lsws'>
  <service name='network/lsws' type='service' version='0'>
    <create_default_instance enabled='true'/>
    <single_instance/>   
    <dependency name='fs' grouping='require_all' restart_on='none' type='service'>
      <service_fmri value='svc:/system/filesystem/local'/>
    </dependency>
    <dependency name='net' grouping='require_all' restart_on='none' type='service'>
      <service_fmri value='svc:/network/loopback'/>
      <service_fmri value='svc:/network/nfs/client'/>
    </dependency>
    <exec_method name='start' type='method' exec='/opt/lsws/bin/lswsctrl start' timeout_seconds='60'>
      <method_context/>
    </exec_method>
    <exec_method name='stop' type='method' exec='/opt/lsws/bin/lswsctrl stop' timeout_seconds='60'>
      <method_context/>
    </exec_method>
    <exec_method name='reload' type='method' exec='/opt/lsws/bin/lswsctrl reload' timeout_seconds='60'>
      <method_context/>
    </exec_method>
  </service>
</service_bundle>

I have impoted it and ran it but it does not work as expected:

# svcs -a|grep lsws
offline        22:21:11 svc:/network/lsws:default
# svcadm enable lsws
# svcs -p lsws
STATE          STIME    FMRI
offline        22:21:11 svc:/network/lsws:default

Has anybody have an SMF manifest that works?

Thanks in advance,


Adrian Madrid

 

[aemadrid]

Solution

Forget it. I figured out I needed to remove the nfs client requirement. For anybody that is interested or knows more about Solaris SMF here is the final working version:

<?xml version='1.0'?>
<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
<service_bundle type='manifest' name='PMpackages:lsws'>
  <service name='network/lsws' type='service' version='0'>
    <create_default_instance enabled='true'/>
    <single_instance/>   
    <dependency name='fs' grouping='require_all' restart_on='none' type='service'>
      <service_fmri value='svc:/system/filesystem/local'/>
    </dependency>
    <dependency name='net' grouping='require_all' restart_on='none' type='service'>
      <service_fmri value='svc:/network/loopback'/>
    </dependency>
    <exec_method name='start' type='method' exec='/opt/lsws/bin/lswsctrl start' timeout_seconds='60'>
      <method_context/>
    </exec_method>
    <exec_method name='stop' type='method' exec='/opt/lsws/bin/lswsctrl stop' timeout_seconds='60'>
      <method_context/>
    </exec_method>
    <exec_method name='reload' type='method' exec='/opt/lsws/bin/lswsctrl reload' timeout_seconds='60'>
      <method_context/>
    </exec_method>
  </service>
</service_bundle>

Sincerely,

Adrian Madrid

 

[jrmarino]

Hi Adrian,
I created an SMF almost identical to that a few days ago. The only real difference is that I make the presence of the configuration file a pre-requisite.

The "graceful restart" option doesn't seem to work for me (solaris 10 11/06), so I just use "svcadm restart litespeed" from the command line.

 

[aemadrid]

Mind posting it?

I would love to see how you do that. I'm barely learning Solaris and I must say I love how the SMF works. It surely beats init scripts.

AEM

 

[jrmarino]

I'm new to solaris myself, and I also am very much impressed with SMF.

Here's my litespeed manifest:

<?xml version="1.0"?>
<!--Litespeed Manifest - Synsport marino, April 14, 2007 -->
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<service_bundle type="manifest" name="synsport:litespeed">
	<service name="application/litespeed" type="service" version="1">
		<create_default_instance enabled="false"/>
		<single_instance/>
		<dependency name="config-file" grouping="require_all" restart_on="none" type="path">
			<service_fmri value="file:///opt/lsws/conf/httpd_config.xml"/>
		</dependency>
		<dependency name="loopback" grouping="require_all" restart_on="error" type="service">
			<service_fmri value="svc:/network/loopback:default"/>
		</dependency>
		<dependency name="physical" grouping="require_all" restart_on="error" type="service">
			<service_fmri value="svc:/network/physical:default"/>
		</dependency>
		<dependency name="fs-local" grouping="require_all" restart_on="none" type="service">
			<service_fmri value="svc:/system/filesystem/local"/>
		</dependency>
		<exec_method type="method" name="start" exec="/opt/lsws/bin/lswsctrl start" timeout_seconds="60"/>
		<exec_method type="method" name="stop" exec="/opt/lsws/bin/lswsctrl stop" timeout_seconds="60"/>
		<exec_method type="method" name="refresh" exec="/opt/lsws/bin/lswsctrl restart" timeout_seconds="60"/>
		<stability value="Unstable"/>
		<template>
			<common_name>
				<loctext xml:lang="C">Litespeed Server</loctext>
			</common_name>
			<documentation>
				<doc_link name="litespeedtech.com" uri="http://litespeedtech.com/docs/webserver/"/>
			</documentation>
		</template>
	</service>
</service_bundle>

Since I launch my LSAPI PHP processes remotely, I created an SMF it, and a script to launch it. Here is the manifest and code:

<?xml version="1.0"?>
<!--Spawn Fastcgi Manifest - Synsport marino, April 14, 2007 -->
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<service_bundle type="manifest" name="synsport:spawn-lsapi">
	<service name="application/spawn-lsapi" type="service" version="1">
		<create_default_instance enabled="false"/>
		<single_instance/>
		<dependency name="loopback" grouping="require_all" restart_on="error" type="service">
			<service_fmri value="svc:/network/loopback:default"/>
		</dependency>
		<dependency name="fs-local" grouping="require_all" restart_on="none" type="service">
			<service_fmri value="svc:/system/filesystem/local"/>
		</dependency>
		<exec_method type="method" name="start" exec="/opt/csw/sbin/spawn_lsphp.sh" timeout_seconds="60">
			<method_context>
				<method_credential user="webservd" group="webservd"/>
			</method_context>
		</exec_method>
		<exec_method type="method" name="stop" exec=":kill" timeout_seconds="60"/>
		<exec_method type="method" name="refresh" exec=":kill -HUP" timeout_seconds="60"/>
		<stability value="Unstable"/>
		<template>
			<common_name>
				<loctext xml:lang="C">LS API Spawner for PHP</loctext>
			</common_name>
			<documentation>
				<doc_link name="litespeedtech.com" uri="http://litespeedtech.com/docs/"/>
			</documentation>
		</template>
	</service>
</service_bundle>

/opt/csw/sbin/spawn_lsapi.sh

#!/sbin/sh
#
#  Solaris wrapper for lsapi version of PHP
#
# Socket has more priority than port, so if port binds are
# preferred, then the socket variable needs to be set to an 
# empty string
#


lsphp_bin_path="/opt/csw/bin/lsphp"	# absolute path to PHP
lsphp_port="8008"			# bind to tcp-port on localhost
lsphp_socket=""				# bind to unix domain socket
lsphp_env="SHELL PATH USER"		# allowed environment variables separated by spaces 
lsphp_max_requests="1000"		# number of requests by a single PHP-process before it's restarted
lsphp_children="45"			# maximum number of PHP children to spawn
lsphp_idle_kids="15"			# controls how many idle children processes are allowed
lsphp_max_idle_time="300"		# controls how long a idle child process will wait for a new request before it exits.
lsphp_max_process_time="600"		# controls the maximum processing time allowed when processing a request.
lsphp_pgrp_max_idle="-1"		# controls how long the parent process will wait before exiting when there is no child process.
lsphp_ppid_no_check="1"			# should be set when you want to disable the checking of existence of parent process.
#lsphp_addr="10.0.0.106"			# addresses where PHP should access server connections from
lsphp_addr="*"

LSAPI_CHILDREN=$lsphp_children
LSAPI_MAX_REQUESTS=$lsphp_max_requests
LSAPI_MAX_IDLE=$lsphp_max_idle_time
LSAPI_MAX_IDLE_CHILDREN=$lsphp_idle_kids
LSAPI_MAX_PROCESS_TIME=$lsphp_max_process_time
LSAPI_PGRP_MAX_IDLE=$lsphp_pgrp_max_idle
LSAPI_PPID_NO_CHECK=$lsphp_ppid_no_check

export LSAPI_CHILDREN
export LSAPI_MAX_REQUESTS
export LSAPI_MAX_IDLE
export LSAPI_MAX_IDLE_CHILDREN
export LSAPI_MAX_PROCESS_TIME
#export LSAPI_PGRP_MAX_IDLE
export LSAPI_PPID_NO_CHECK


allowed_env="${lsphp_env} LSAPI_CHILDREN LSAPI_MAX_REQUESTS LSAPI_MAX_IDLE LSAPI_MAX_IDLE_CHILDREN LSAPI_MAX_PROCESS_TIME LSAPI_PPID_NO_CHECK"

E=""
for i in $allowed_env; do
	eval "x=\$$i"
	E="$E $i=$x"
done
command="env -$E"


if [ -n "${lsphp_socket}" ]; then
	${command} ${lsphp_bin_path} -b ${lsphp_socket} &
elif [ -n "${lsphp_port}" ]; then
	${command} ${lsphp_bin_path} -b ${lsphp_addr}:${lsphp_port} & 
else
	echo "socket or port must be specified!"
	exit
fi

 

[mistwang]

Hi Guys, thank you for sharing your scripts!
For restart LSWS, just do a restart, reload has actually became a graceful restart in 3.0.2 .
LSWS support graceful reload long time ago, but since we implemented the zero downtime graceful restart, reload is no long maintained. So, just do a restart when need, no downtime.

 

[aemadrid]

Thanks!

jmarino: Thanks for sharing your scripts. You lost me on the LSAPI PHP processes (don't do much PHP these days) but the LS manifest looks better than mine. I'll add your stuff to mine.

mistwang: Thanks for the info! It is good to know that a restart is graceful. That is certainly good news.

Thanks again,

Adrian Madrid

 

[thbar]

Thanks for sharing all this !

I have a security related question: under Solaris, what would be the most secure way to install litespeed ?

Is it fine to log as root to install, then to have a dedicated user (like: litesped/webservd) to run the server ?

When installing a Rails application afterwards, should it have its own user account ? (I believe yes ?)


nb: for those at Joyent, there is a wiki page under way. I'm asking those questions to add the answers over there.

Thanks for sharing your tips.

-- Thibaut

 

[thbar]

I'll add this question: are there issues if we install LSWS on port 81 first to test things out (and keep Apache serving current traffic during the test) then switch LSWS to port 80 and shutdown Apache once everything is properly running ?

I'm concerned about meeting permissions issues when switching from a given port to 80.

 

[vivek]

I'll add this question: are there issues if we install LSWS on port 81 first to test things out (and keep Apache serving current traffic during the test) then switch LSWS to port 80 and shutdown Apache once everything is properly running ?

I'm concerned about meeting permissions issues when switching from a given port to 80.

Hi

No, there is no issues for running LSWS on other port. Actually when you install litespeed,it will install to the port number 2080 by default. You need to change this to 80 after verifying everything is fine after the installation.

I do not recommed disabling/uninstalling Apache fully, but you can turn it off and start litespeed.


Vivek