-
Notifications
You must be signed in to change notification settings - Fork 134
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ability to pass SIGUSR1 & SIGHUP to main process #195
Comments
Right, not from outside the container. You'd need to use |
I think we are considering ContainerPilot (CP) from a different point of view. My vision is that CP has infrastructure qualities, and is not part of my application. It should therefore stay transparent. When sending an UNIX signal via Docker, I mean to interact with my application, not CP, hence the need to forward all signals from CP to the application. That said, putting the service node in maintenance mode can be frightfully needed in some situations (e.g. draining currently executing long requests before shutting down the container). I can't think of any other solution than to putting into CP configuration which (if any) signal should mean "maintenance mode" and "configuration reload" (with current default values; empty signal == disable the functionality). I do not have a specific use case in mind, but I've seen such diverse behaviors in my professional life that I'm really looking to use flexible solutions. I know I'll have to send one of those signals one day, and I want to be ready when that's the case. CP fits my current needs, this is why I'm pushing for it! :-) |
The thing is that if you're sending that signal to do a reconfiguration then you already have either a) entered the container to replace a configuration file, or b) have just triggered one of the event hooks. Otherwise you're HUP'ing the application w/o any changes for it to pick up. So why not take advantage of those options? I'm trying to avoid configuration sprawl here. "One more config flag" is a genuine usability problem and ContainerPilot already has a lot of configuration options so each new one we add has that much larger of a hurdle to overcome. |
Very true, let's try to keep CP configuration is simple as possible and options to a minimum. If we consider that reloading CP configuration ( I have more strong feelings about |
If the application has no SIGHUP handler then it'll crash. So we really can't always re-transmit that either.
Ok but think about the combinations here:
What do we then expect the behavior is for all other subprocesses? i.e. the 7 user-defined hooks. Should they also receive the SIGUSR1? In all 4 of the configuration combinations described above? I've suggested workarounds using the user-defined hooks ("So why not take advantage of those options?", above). Was there a use case in transmitting these signals that prevents us from using the existing hooks as I've asked here? |
This is getting hairy… :-) The main "problem" here is that we have a single canal of communication (UNIX signals) for 2 different purposes:
If we have to extend CP's commands panel, I would suggest we use the already-existing HTTP server (used for telemetry) to send orders to CP. In the meantime, as you previously exposed, and unless we change configuration options, it should be documented that all signals are passed-throu except |
@javabean can you say more about why you think of ContainerPilot as an infrastructure component? We're developing it and I certainly think of it as part of the application. That question is probably part of the confusion here, but I'd love to learn more about it. |
@misterbisson very simple: I see CP having the same kind of functions as Docker: orchestrate, manage and handle my applications, by opposition to servicing user requests. The services offered by CP could be integrated into Docker without looking shocking. IMHO the frontier between infrastructure and applications is in the code we write to bind them together (e.g. |
@misterbisson @javabean I honestly think trying to ascertain philosophical purity for an application like ContainerPilot which is really designed to fill the cracks in application/infra behaviors is not terribly constructive.
Let's start with the understanding that without reaching into the container process space (via So the only things under consideration really are (in order):
Handling HTTP POST expands the ContainerPilot surface area considerably. How would we authenticate and authorize these requests? I would very much like to avoid this kind of expansion of scope.
That's not accurate. Unhandled signals are not passed-thru but instead hit ContainerPilot, which generally means killing the container as it does with any other process that receives an unhandled signal. |
#244 has been opened as a proposal to cover this issue as a 3.x enhancement. |
Unless I am confused, there is currently no way to pass
SIGUSR1
&SIGHUP
to the main process (SIGUSR1
being used to put the service node in maintenance mode, andSIGHUP
to reload ContainerPilot's configuration).Could we please have an optional configuration to disable this, and pass all signals to the main application? (in which case one can still able to enable maintenance mode with a
docker exec xxx kill -SIGUSR1 1
)The text was updated successfully, but these errors were encountered: