Revision tags: 1.32.0-1, 1.32.0, 1.31.1-1, 1.31.1, 1.31.0-1, 1.31.0, 1.30.0-1, 1.30.0 |
|
#
2450:14277f21a722 |
| 08-May-2023 |
Zhidao HONG |
NJS: supported loadable modules.
|
#
2377:15ad23116ecc |
| 28-Feb-2023 |
Andrew Clayton |
Socket: Remove Unix domain listen sockets upon reconfigure.
Currently when using Unix domain sockets for requests, if unit is reconfigured then it will fail if it tries to bind(2) again to a Unix do
Socket: Remove Unix domain listen sockets upon reconfigure.
Currently when using Unix domain sockets for requests, if unit is reconfigured then it will fail if it tries to bind(2) again to a Unix domain socket with something like
2023/02/25 19:15:50 [alert] 35274#35274 bind(\"unix:/tmp/unit.sock\") failed (98: Address already in use)
When closing such a socket we really need to unlink(2) it. However that presents a problem in that when running as root, while the main process runs as root and creates the socket, it's the router process, that runs as an unprivileged user, e.g nobody, that closes the socket and would thus remove it, but couldn't due to not having permission, even if the socket is mode 0666, you need write permissions on the containing directory to remove a file.
There are several options to solve this, all with varying degrees of complexity and utility.
1) Give the user who the router process runs as write permission to the directory containing the listen sockets. These can then be unlink(2)'d from the router process.
Simple and would work, but perhaps not the most elegant.
2) Using capabilities(7). The router process could temporarily attain the CAP_DAC_OVERRIDE capability, unlink(7) the socket, then relinquish the capability until required again.
These are Linux specific (other systems may have similar mechanisms which would be extra work to support). There is also a, albeit small, window where the router process is running with elevated privileges.
3) Have the main process do the unlink(2), it is after all the process that created the socket.
This is what this commit implements.
We create a new port IPC message type of NXT_PORT_MSG_SOCKET_UNLINK, that is used by the router process to notify the main process about a Unix domain socket to unlink(2).
Upon doing a reconfigure the router process will call nxt_router_listen_socket_release() which will close the socket, we extend this function in the case of non-abstract Unix domain sockets, so that it will send a message to the main process containing a copy of the nxt_sockaddr_t structure that will contain the filename of the socket.
In the main process the handler that we have defined, nxt_main_port_socket_unlink_handler(), for this message type will run and allow us to look for the socket in question in the listen_sockets array and remove it and unlink(2) the socket.
This then allows the reconfigure to work if it tries to bind(2) again to a socket that previously existed.
Link: <https://github.com/nginx/unit/issues/669> Link: <https://github.com/nginx/unit/pull/735> Reviewed-by: Alejandro Colomar <alx@nginx.com> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
show more ...
|
Revision tags: 1.29.1-1, 1.29.1, 1.29.0-1, 1.29.0, 1.28.0-1, 1.28.0 |
|
#
2185:2227bdbb3c89 |
| 29-Aug-2022 |
Valentin Bartenev |
Implemented basic statistics API.
|
#
2126:8542c8141a13 |
| 07-Jun-2022 |
Max Romanov |
Removing unused tracking fields and functions.
The message tracking is unused since 1d84b9e4b459 commit.
This fixes the issue found by Coverity (CID 376263).
|
Revision tags: 1.27.0-1, 1.27.0, 1.26.1-1, 1.26.1, 1.26.0-1, 1.26.0 |
|
#
1998:c8790d2a89bb |
| 09-Nov-2021 |
Tiago Natel de Moura |
Introducing application prototype processes.
|
#
1997:a8a3f1d243ee |
| 09-Nov-2021 |
Tiago Natel de Moura |
Changed nxt_process_* for reuse.
This enables the reuse of process creation functions.
|
#
1996:35873fa78fed |
| 09-Nov-2021 |
Tiago Natel de Moura |
Introduced SCM_CREDENTIALS / SCM_CREDS in the socket control msgs.
|
#
1980:43553aa72111 |
| 28-Oct-2021 |
Max Romanov |
Moving request limit control to libunit.
Introducting application graceful stop. For now only used when application process reach request limit value.
This closes #585 issue on GitHub.
|
Revision tags: 1.25.0-1, 1.25.0 |
|
#
1926:6e85d6c0b8bb |
| 29-Jul-2021 |
Max Romanov |
Application restart introduced.
When processing a restart request, the router sends a QUIT message to all existing processes of the application. Then, a new shared application port is created to en
Application restart introduced.
When processing a restart request, the router sends a QUIT message to all existing processes of the application. Then, a new shared application port is created to ensure that new requests won't be handled by the old processes of the application.
show more ...
|
Revision tags: 1.24.0-1, 1.24.0, 1.23.0-1, 1.23.0, 1.22.0-1, 1.22.0, 1.21.0-1, 1.21.0 |
|
#
1666:c224d375d89b |
| 27-Oct-2020 |
Max Romanov |
Router: introducing the PORT_ACK message.
The PORT_ACK message is the router's response to the application's NEW_PORT message. After receiving PORT_ACK, the application is safe to process requests
Router: introducing the PORT_ACK message.
The PORT_ACK message is the router's response to the application's NEW_PORT message. After receiving PORT_ACK, the application is safe to process requests using this port.
This message avoids a racing condition when the application starts processing a request from the shared queue and sends REQ_HEADERS_ACK. The REQ_HEADERS_ACK message contains the application port ID as reply_port, which the router uses to send request data. When the application creates a new port, it immediately sends it to the main router thread. Because the request is processed outside the main thread, a racing condition can occur between the receipt of the new port in the main thread and the receipt of REQ_HEADERS_ACK in the worker router thread where the same port is specified as reply_port.
show more ...
|
Revision tags: 1.20.0-1, 1.20.0, 1.19.0-1, 1.19.0 |
|
#
1558:026e4b909b61 |
| 11-Aug-2020 |
Max Romanov |
Style fixes for 2 file descriptors transfer over port.
Two consecutive fd and fd2 fields replaced with array.
|
#
1555:1d84b9e4b459 |
| 11-Aug-2020 |
Max Romanov |
Introducing application and port shared memory queues.
The goal is to minimize the number of syscalls needed to deliver a message.
|
#
1553:c3fad601f58b |
| 11-Aug-2020 |
Max Romanov |
Port message extended to transfer 2 file descriptors.
|
#
1547:cbcd76704c90 |
| 11-Aug-2020 |
Max Romanov |
Introducing the shared application port.
This is the port shared between all application processes which use it to pass requests for processing. Using it significantly simplifies the request proces
Introducing the shared application port.
This is the port shared between all application processes which use it to pass requests for processing. Using it significantly simplifies the request processing code in the router. The drawback is 2 more file descriptors per each configured application and more complex libunit message wait/read code.
show more ...
|
#
1546:06017e6e3a5f |
| 11-Aug-2020 |
Max Romanov |
Changing router to application shared memory exchange protocol.
The application process needs to request the shared memory segment from the router instead of the latter pushing the segment before se
Changing router to application shared memory exchange protocol.
The application process needs to request the shared memory segment from the router instead of the latter pushing the segment before sending a request to the application. This is required to simplify the communication between the router and the application and to prepare the router for using the application shared port and then the queue.
show more ...
|
#
1545:78836321a126 |
| 11-Aug-2020 |
Max Romanov |
Changing router to application port exchange protocol.
The application process needs to request the port from the router instead of the latter pushing the port before sending a request to the applic
Changing router to application port exchange protocol.
The application process needs to request the port from the router instead of the latter pushing the port before sending a request to the application. This is required to simplify the communication between the router and the application and to prepare the router to use the application shared port and then the queue.
show more ...
|
Revision tags: 1.18.0-1, 1.18.0 |
|
#
1488:6976d36be926 |
| 09-Mar-2020 |
Tiago Natel de Moura |
Refactor of process management.
The process abstraction has changed to:
setup(task, process) start(task, process_data) prefork(task, process, mp)
The prefork() occurs in the main process rig
Refactor of process management.
The process abstraction has changed to:
setup(task, process) start(task, process_data) prefork(task, process, mp)
The prefork() occurs in the main process right before fork.
The file src/nxt_main_process.c is completely free of process specific logic.
The creation of a process now supports a PROCESS_CREATED state. The The setup() function of each process can set its state to either created or ready. If created, a MSG_PROCESS_CREATED is sent to main process, where external setup can be done (required for rootfs under container).
The core processes (discovery, controller and router) doesn't need external setup, then they all proceeds to their start() function straight away.
In the case of applications, the load of the module happens at the process setup() time and The module's init() function has changed to be the start() of the process.
The module API has changed to:
setup(task, process, conf) start(task, data)
As a direct benefit of the PROCESS_CREATED message, the clone(2) of processes using pid namespaces now doesn't need to create a pipe to make the child block until parent setup uid/gid mappings nor it needs to receive the child pid.
show more ...
|
Revision tags: 1.17.0-1, 1.17.0, 1.16.0-1, 1.16.0, 1.15.0-1, 1.15.0, 1.14.0-1, 1.14.0 |
|
#
1321:2c7f79bf0a1f |
| 24-Dec-2019 |
Max Romanov |
Introducing port messages to notify about out of shared memory.
- OOSM (out of shared memory). Sent by application process to router when application reaches the limit of allocated shared memory
Introducing port messages to notify about out of shared memory.
- OOSM (out of shared memory). Sent by application process to router when application reaches the limit of allocated shared memory and needs more. - SHM_ACK. Sent by router to application when the application's shared memory is released and the OOSM flag is enabled for the segment.
This implements blocking mode (the library waits for SHM_ACK in case of out of shared memory condition and retries allocating the required memory amount) and non-blocking mode (the library notifies the application that it's out of shared memory and returns control to the application module that sets up the output queue and puts SHM_ACK in the main message loop).
show more ...
|
#
1302:d4c6a91f7091 |
| 26-Nov-2019 |
Tiago Natel |
Refactor of process init.
Introduces the functions nxt_process_init_create() and nxt_process_init_creds_set().
|
Revision tags: 1.13.0-1, 1.13.0, 1.12.0-1, 1.12.0, 1.11.0-2, 1.11.0-1, 1.11.0, 1.10.0-2, 1.10.0-1, 1.10.0 |
|
#
1131:ec7d924d8dfb |
| 20-Aug-2019 |
Max Romanov |
Introducing websocket support in router and libunit.
|
#
1125:f92f3cd41257 |
| 15-Aug-2019 |
Max Romanov |
Fixing multi-thread port write racing conditions.
|
Revision tags: 1.9.0-1, 1.9.0, 1.8.0-1, 1.8.0, 1.7.1-1, 1.7.1, 1.7-1, 1.7, 1.6-1, 1.6, 1.5-1, 1.5, 1.4-2, 1.4 |
|
#
774:b21709350c49 |
| 20-Sep-2018 |
Valentin Bartenev |
Controller: certificates storage interface.
|
Revision tags: 1.3, 1.2, 1.1, 1.0 |
|
#
630:a7f8c9b7a6af |
| 11-Apr-2018 |
Valentin Bartenev |
Initial access log support.
|
#
613:e5dd7bc63d59 |
| 05-Apr-2018 |
Valentin Bartenev |
Style.
|
Revision tags: 0.7, 0.6, 0.5 |
|
#
507:fa714d76592b |
| 29-Jan-2018 |
Max Romanov |
Introducing extended app process management.
- Pre-fork 'processes.spare' application processes; - fork more processes to keep 'processes.spare' idle processes; - fork on-demand up to 'processes.max
Introducing extended app process management.
- Pre-fork 'processes.spare' application processes; - fork more processes to keep 'processes.spare' idle processes; - fork on-demand up to 'processes.max' count; - scale down idle application processes above 'processes.spare' after 'processes.idle_timeout'; - number of concurrently started application processes also limited by 'processes.spare' (or 1, if spare is 0).
show more ...
|