[pkg-lighttpd] Bug#504315: lighttpd: Debian "graceful" restart isn't

Adrian Irving-Beer wisq-deb at wisq.net
Sun Nov 2 19:08:08 UTC 2008 

Package: lighttpd
Version: 1.4.19-5
Severity: normal

When lightttpd receives a SIGINT, it immediately closes the listener
socket for new connections.  While it continues to serve old
connections (including keepalive sessions), any new incoming
connections will be refused.

    http://blog.lighttpd.net/articles/2005/09/02/graceful-restart

The correct approach to graceful restart in lighttpd is to send a SIGINT
to the existing lighttpd, and then very quickly launch a new one to
resume listening for new connections.

With the current Debian initscript behaviour, graceful restart on a
busy server is arguably less graceful than a "hard" restart, since
many clients are affected by refused connections, all for the sake of
not interrupting the lucky few clients that had existing connections.
(Many of those connections are just unused keepalives that will time
out anyway.)

In the upstream stock rc.lighttpd script, they start a new lighttpd
immediately after sending the SIGINT to the old one.  See line 120:

http://redmine.lighttpd.net/repositories/entry/lighttpd/trunk/doc/rc.lighttpd

(My understanding is that killproc is like killall and does not wait
for the process to terminate.)

I would tend to assume the time it takes to start lighttpd (to the
point where it wants to bind on the listening port) far exceeds the
time it takes for an existing one to respond to the SIGINT and free up
the port.  However, if the existing lighttpd is heavily swapped out or
very busy, I could see this being a race condition.

If the risk of a race condition is high enough to prevent this
behaviour being adopted in Debian, then I guess this should be
forwarded as an upstream bug.

Ideally, to avoid a race condition, the new lighttpd would get to the
point where it's ready to bind to the ports, then wait for some
indication that it should proceed.  Perhaps the best approach would be
a special graceful-restart command-line parameter to lighttpd that
triggers behaviour like so:

	1. New: Start up, parse config files, get ready to bind.
	2. New: Read the PID of the old lighttpd from the pidfile.
	3. New: Update the pidfile with the new PID.
	4. New: Issue a graceful-stop signal to the old PID.

	5. Old: Read the PID of the new lighttpd from the pidfile.
	6. Old: Unbind ports.
	7. Old: Issue a graceful-start signal to the new PID.

	8. New: Bind to listening ports and resume startup process.

A less ideal approach is just to have the initscript not start the new
lighttpd until it has some indication that the listeners have been
closed.  Downtime is increased but should still be fairly short,
especially compared to the current behaviour.


P.S.:

    Please also note related bug #419:

	http://redmine.lighttpd.net/issues/show/419

    Bug #419 is currently suppressed by the existing Debian initscript
    behaviour, but may come up when this bug is fixed.

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages lighttpd depends on:
ii  libattr1               1:2.4.43-1        Extended attribute shared library
ii  libbz2-1.0             1.0.5-1           high-quality block-sorting file co
ii  libc6                  2.7-14            GNU C Library: Shared libraries
ii  libfam0                2.7.0-13.3        Client library to control the FAM 
ii  libldap-2.4-2          2.4.11-1          OpenLDAP libraries
ii  libpcre3               7.6-2.1           Perl 5 Compatible Regular Expressi
ii  libssl0.9.8            0.9.8g-13         SSL shared libraries
ii  libterm-readline-perl- 1.0302-1          Perl implementation of Readline li
ii  lsb-base               3.2-20            Linux Standard Base 3.2 init scrip
ii  mime-support           3.44-1            MIME files 'mime.types' & 'mailcap
ii  zlib1g                 1:1.2.3.3.dfsg-12 compression library - runtime

lighttpd recommends no packages.

Versions of packages lighttpd suggests:
ii  apache2-utils                 2.2.9-10   utility programs for webservers
ii  openssl                       0.9.8g-13  Secure Socket Layer (SSL) binary a
pn  rrdtool                       <none>     (no description available)

-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-lighttpd-maintainers/attachments/20081102/72209950/attachment.pgp

More information about the pkg-lighttpd-maintainers mailing list