| #
2015:4570130dd183 |
| 24-Nov-2021 |
Max Romanov |
Fixing alerts on router restart.
Splitting the process type connectivity matrix to 'keep ports' and 'send
ports'; the 'keep ports' matrix is used to clean up unnecessary ports after
forking a new pr
Fixing alerts on router restart.
Splitting the process type connectivity matrix to 'keep ports' and 'send
ports'; the 'keep ports' matrix is used to clean up unnecessary ports after
forking a new process, and the 'send ports' matrix determines which process
types expect to get created process ports.
Unfortunately, the original single connectivity matrix no longer works because
of an application stop delay caused by prototypes. Existing applications
should not get the new router port at the moment.
show more ...
|
|
Revision tags: 1.26.0-1, 1.26.0 |
|
| #
1998:c8790d2a89bb |
| 09-Nov-2021 |
Tiago Natel de Moura |
Introducing application prototype processes.
|
| #
1997:a8a3f1d243ee |
| 09-Nov-2021 |
Tiago Natel de Moura |
Changed nxt_process_* for reuse.
This enables the reuse of process creation functions.
|
|
Revision tags: 1.25.0-1, 1.25.0, 1.24.0-1, 1.24.0, 1.23.0-1, 1.23.0, 1.22.0-1, 1.22.0 |
|
| #
1781:e1f459d7469b |
| 28-Jan-2021 |
Max Romanov |
Removing unused mutex from nxt_process_t.
|
|
Revision tags: 1.21.0-1, 1.21.0 |
|
| #
1708:4463c1fc26fd |
| 16-Nov-2020 |
Tiago Natel de Moura |
Isolation: added option to disable "procfs" mount.
Now users can disable the default procfs mount point
in the rootfs.
{
"isolation": {
"automount": {
"procfs": false
Isolation: added option to disable "procfs" mount.
Now users can disable the default procfs mount point
in the rootfs.
{
"isolation": {
"automount": {
"procfs": false
}
}
}
show more ...
|
| #
1704:6a003e0f3a6e |
| 13-Nov-2020 |
Tiago Natel de Moura |
Isolation: added option to disable tmpfs mount.
Now users can disable the default tmpfs mount point
in the rootfs.
{
"isolation": {
"automount": {
"tmpfs": false
Isolation: added option to disable tmpfs mount.
Now users can disable the default tmpfs mount point
in the rootfs.
{
"isolation": {
"automount": {
"tmpfs": false
}
}
}
show more ...
|
| #
1673:883f2f79c2f6 |
| 29-Oct-2020 |
Tiago Natel de Moura |
Isolation: mounting of procfs by default when using "rootfs".
|
|
Revision tags: 1.20.0-1, 1.20.0 |
|
| #
1585:e941d77852d1 |
| 25-Aug-2020 |
Tiago Natel de Moura |
Isolation: added "automount" option.
Now it's possible to disable default bind mounts of
languages by setting:
{
"isolation": {
"automount": {
"language_deps": fal
Isolation: added "automount" option.
Now it's possible to disable default bind mounts of
languages by setting:
{
"isolation": {
"automount": {
"language_deps": false
}
}
}
In this case, the user is responsible to provide a "rootfs"
containing the language libraries and required files for
the application.
show more ...
|
| #
1579:c80e692dc644 |
| 20-Aug-2020 |
Tiago Natel de Moura |
Moved isolation related code to "nxt_isolation.c".
|
|
Revision tags: 1.19.0-1, 1.19.0 |
|
| #
1548:a745db447e56 |
| 11-Aug-2020 |
Max Romanov |
Process structures refactoring in runtime and libunit.
Generic process-to-process shared memory exchange is no more required. Here,
it is transformed into a router-to-application pattern. The outg
Process structures refactoring in runtime and libunit.
Generic process-to-process shared memory exchange is no more required. Here,
it is transformed into a router-to-application pattern. The outgoing shared
memory segments collection is now the property of the application structure.
The applications connect to the router only, and the process only needs to group
the ports.
show more ...
|
| #
1545:78836321a126 |
| 11-Aug-2020 |
Max Romanov |
Changing router to application port exchange protocol.
The application process needs to request the port from the router instead of the
latter pushing the port before sending a request to the applic
Changing router to application port exchange protocol.
The application process needs to request the port from the router instead of the
latter pushing the port before sending a request to the application. This is
required to simplify the communication between the router and the application
and to prepare the router to use the application shared port and then the queue.
show more ...
|
|
Revision tags: 1.18.0-1, 1.18.0 |
|
| #
1489:4a3ec07f4b19 |
| 28-May-2020 |
Tiago Natel de Moura |
Added "rootfs" feature.
|
| #
1488:6976d36be926 |
| 09-Mar-2020 |
Tiago Natel de Moura |
Refactor of process management.
The process abstraction has changed to:
setup(task, process)
start(task, process_data)
prefork(task, process, mp)
The prefork() occurs in the main process rig
Refactor of process management.
The process abstraction has changed to:
setup(task, process)
start(task, process_data)
prefork(task, process, mp)
The prefork() occurs in the main process right before fork.
The file src/nxt_main_process.c is completely free of process
specific logic.
The creation of a process now supports a PROCESS_CREATED state. The
The setup() function of each process can set its state to either
created or ready. If created, a MSG_PROCESS_CREATED is sent to main
process, where external setup can be done (required for rootfs under
container).
The core processes (discovery, controller and router) doesn't need
external setup, then they all proceeds to their start() function
straight away.
In the case of applications, the load of the module happens at the
process setup() time and The module's init() function has changed
to be the start() of the process.
The module API has changed to:
setup(task, process, conf)
start(task, data)
As a direct benefit of the PROCESS_CREATED message, the clone(2) of
processes using pid namespaces now doesn't need to create a pipe
to make the child block until parent setup uid/gid mappings nor it
needs to receive the child pid.
show more ...
|
|
Revision tags: 1.17.0-1, 1.17.0 |
|
| #
1452:e95c10330013 |
| 10-Apr-2020 |
Max Romanov |
Resolving a racing condition while adding ports on the app's side.
An earlier attempt (ad6265786871) to resolve this condition on the
router's side added a new issue: the app could get a request bef
Resolving a racing condition while adding ports on the app's side.
An earlier attempt (ad6265786871) to resolve this condition on the
router's side added a new issue: the app could get a request before
acquiring a port.
show more ...
|
| #
1446:ad6265786871 |
| 06-Apr-2020 |
Max Romanov |
Fixing 'find & add' racing condition in connected ports hash.
Missing error log messages added.
|
|
Revision tags: 1.16.0-1, 1.16.0, 1.15.0-1, 1.15.0, 1.14.0-1, 1.14.0 |
|
| #
1306:3604d05e48be |
| 06-Dec-2019 |
Tiago Natel |
Isolation: allowed the use of credentials with unpriv userns.
The setuid/setgid syscalls requires root capabilities but if the kernel
supports unprivileged user namespace then the child process has
Isolation: allowed the use of credentials with unpriv userns.
The setuid/setgid syscalls requires root capabilities but if the kernel
supports unprivileged user namespace then the child process has the full
set of capabilities in the new namespace, then we can allow setting "user"
and "group" in such cases (this is a common security use case).
Tests were added to ensure user gets meaningful error messages for
uid/gid mapping misconfigurations.
show more ...
|
| #
1305:966d691dab2c |
| 06-Dec-2019 |
Tiago Natel |
Moved credential-related code to nxt_credential.c.
This is required to avoid include cycles, as some nxt_clone_* functions
depend on the credential structures, but nxt_process depends on clone
struc
Moved credential-related code to nxt_credential.c.
This is required to avoid include cycles, as some nxt_clone_* functions
depend on the credential structures, but nxt_process depends on clone
structures.
show more ...
|
| #
1302:d4c6a91f7091 |
| 26-Nov-2019 |
Tiago Natel |
Refactor of process init.
Introduces the functions nxt_process_init_create() and
nxt_process_init_creds_set().
|
|
Revision tags: 1.13.0-1, 1.13.0 |
|
| #
1254:aae6699f4eee |
| 29-Oct-2019 |
Hong Zhi Dao |
Process port refactoring.
- Introduced nxt_runtime_process_port_create().
- Moved nxt_process_use() into nxt_process.c from nxt_runtime.c.
- Renamed nxt_runtime_process_remove_pid() as nxt_runtime_p
Process port refactoring.
- Introduced nxt_runtime_process_port_create().
- Moved nxt_process_use() into nxt_process.c from nxt_runtime.c.
- Renamed nxt_runtime_process_remove_pid() as nxt_runtime_process_remove().
- Some public functions transformed to static.
This closes #327 issue on GitHub.
show more ...
|
|
Revision tags: 1.12.0-1, 1.12.0, 1.11.0-2, 1.11.0-1, 1.11.0 |
|
| #
1182:325b315e48c4 |
| 19-Sep-2019 |
Tiago de Bem Natel de Moura |
Initial applications isolation support using Linux namespaces.
|
|
Revision tags: 1.10.0-2, 1.10.0-1, 1.10.0, 1.9.0-1, 1.9.0, 1.8.0-1, 1.8.0, 1.7.1-1, 1.7.1, 1.7-1, 1.7, 1.6-1, 1.6, 1.5-1, 1.5, 1.4-2, 1.4 |
|
| #
761:43683916898a |
| 07-Sep-2018 |
Max Romanov |
Misspelled variable names fixed.
|
|
Revision tags: 1.3, 1.2, 1.1, 1.0, 0.7, 0.6, 0.5, 0.4, 0.3, 0.2 |
|
| #
368:55fcd76e9caf |
| 19-Oct-2017 |
Valentin Bartenev |
Fixed controller restarting.
Previously, stored configuration wasn't reread on controller
process restart, which resulted in segmentation fault.
|
| #
366:f50d61c93a7c |
| 19-Oct-2017 |
Max Romanov |
Filtering process to keep connection.
- Main process should be connected to all other processes.
- Controller should be connected to Router.
- Router should be connected to Controller and all Worker
Filtering process to keep connection.
- Main process should be connected to all other processes.
- Controller should be connected to Router.
- Router should be connected to Controller and all Workers.
- Workers should be connected to Router worker thread ports only.
This filtering helps to avoid unnecessary communication and various errors
during massive application workers stop / restart.
show more ...
|
| #
364:742e5c203c6d |
| 19-Oct-2017 |
Max Romanov |
Supporting concurrent shared memory fd receive in router.
Two different router threads may send different requests to single
application worker. In this case shared memory fds from worker
to router
Supporting concurrent shared memory fd receive in router.
Two different router threads may send different requests to single
application worker. In this case shared memory fds from worker
to router will be send over 2 different router ports. These fds
will be received and processed by different threads in any order.
This patch made possible to add incoming shared memory segments in
arbitrary order. Additionally, array and memory pool are no longer
used to store segments because of pool's single threaded nature.
Custom array-like structure nxt_port_mmaps_t introduced.
show more ...
|
| #
349:ae438f16b44e |
| 04-Oct-2017 |
Max Romanov |
Introducing process use counter.
This helps to decouple process removal from port memory pool cleanups.
|