Ticket #22872 (new defect)
aiccu - daemondo automatically restarts it, the reason why it exists is because something is broken.....
| Reported by: | jeroen@… | Owned by: | cr@… |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | ports | Version: | 1.8.1 |
| Keywords: | Cc: | lists@…, george@… | |
| Port: | aiccu |
Description
"daemondo launches the daemon directly, rather than indirectly via a script, and therefore it automatically knows how to monitor a daemon process and restart it if it dies."
And thus, when aiccu exits because there is an unresolvable error case daemondo automatically restarts it, aiccu exists, daemondo restarts it, aiccu exits..... ad infinitum.
Otherwise said: daemondo is not the proper tool for running AICCU in this way as it clearly avoids to check the exit code of AICCU, which exits because there is an error condition, which means it can't do anything else and that user intervention is needed.
A couple of solutions that should be applied in this case and most likely in the cases of many other daemons which will abort on startup:
- don't use it specifically for AICCU
- rate limit the number of 'startups', if it fails X times, then don't start it any more.
- If it fails after the first startup, tell the user, and don't start it again.
- etc etc etc.
From the 'README' file in the AICCU distribution: 8<------------------------------- WARNING: never run AICCU from DaemonTools or a similar automated 'restart' tool/script. When AICCU does not start, it has a reason not to start which it gives on either the stdout or in the (sys)log file. The TIC server *will* automatically disable accounts which are detected to run in this mode. Use 'verbose true' to see more information which is especially handy when starting fails.
Oh and as clearly logging is not configured properly, nor the user ever cares to look at it they will never figure this problem out.
Most likely the same goes for a lot of other daemons.
In this case it is especially annoying as it will contact the TIC servers of SixXS, which will then have to rate limit the client and disable them, as per the above. Still, the client, which gets repeatedly restarted by daemondo will keep on trying to hammer those TIC servers. Thank you macport folks for another attempt at DDoSSing them. (attempt, as it fails due to the ratelimmitting and fortunately also the limited number of clients of which we had to tell and explain the users that they had a broken client....)
But lets solve this properly, as macports is where the problem happens. Please resolve this.
Additionally "startupitem.netchange" which is described as "Cause the daemon to be restarted when a change in network state is detected." is completely ridiculous in the case of AICCU as AICCU already KNOWS how to handle network changes, that is why there are "specialized" protocols called heartbeat and AYIYA which AICCU supports. Thus that option can also go to /dev/null for AICCU.
Change History
comment:1 Changed 3 years ago by jmr@…
- Owner changed from macports-tickets@… to cr@…
- Keywords aiccu daemondo broken ddos repeat no-logging useraware removed
- Priority changed from High to Normal
comment:5 follow-up: ↓ 6 Changed 5 months ago by jinn.koriech@…
Please merge the following solution to resolve this bug.
Currently the plist definition configures daemondo to launch in mode 2, causing aiccu to be restarted indefinitely.
$ /opt/local/bin/daemondo --help ... daemondo runs in one of two modes: (1) If no stop-cmd is given, daemondo executes start-cmd asyncronously, and tracks the process id; that process id is used to signal the daemon for later stop and/or restart. (2) If stop-cmd is given, then both start-cmd and stop-cmd are issued syncronously, and are assumed to do all the work of controlling the daemon. In such cases there is no process id to track. In either mode, restart-cmd, if present, is used to restart the daemon. If in mode 1, restart-cmd must not disrupt the process id. If restart-cmd is not provided, the daemon is restarted via a stop/start sequence. ... In mode 1 only, daemondo will exit when it detects that the daemon being monitored has exited.
Therefore by removing the --stop-cmd and --restart-cmd we can ensure daemondo will only start the aiccu daemon once, however if a netchange event is detected daemondo should correctly restart aiccu.
$ pwd /opt/local/etc/LaunchDaemons/org.macports.aiccu $ diff org.macports.aiccu.plist.orig org.macports.aiccu.plist 15,22d14 < <string>--stop-cmd</string> < <string>/opt/local/etc/LaunchDaemons/org.macports.aiccu/aiccu.wrapper</string> < <string>stop</string> < <string>;</string> < <string>--restart-cmd</string> < <string>/opt/local/etc/LaunchDaemons/org.macports.aiccu/aiccu.wrapper</string> < <string>restart</string> < <string>;</string>
Above diff is against aiccu @20070115.
$ sudo port info aiccu
aiccu @20070115, Revision 2 (net, ipv6)
Variants: gnutls
Description: AICCU makes it very easy for SixXS users to get IPv6 connectivity everywhere they
want. It uses the TIC (Tunnel Information & Control) protocol to request the
information needed to setup a tunnel through which the connectivity is created. It
supports 6in4 static (RFC 2893), 6in4 heartbeat (RFC 2893 +
draft-massar-v6ops-heartbeat) and AYIYA (draft-massar-v6ops-ayiya) tunnel
protocols.
Homepage: http://www.sixxs.net/tools/aiccu/
Library Dependencies: tuntaposx
Platforms: darwin
License: unknown
Maintainers: cr@23bit.net
comment:6 in reply to: ↑ 5 Changed 5 months ago by jeroen@…
Replying to jinn.koriech@…:
As also mentioned per email, but apparently one cannot just reply to the bug email that is sent out...
Therefore by removing the --stop-cmd and --restart-cmd we can ensure daemondo will only start the aiccu daemon once,
That is correct.
however if a netchange event is detected daemondo should correctly restart aiccu.
That is *NOT* correct. AICCU must *NEVER be restarted*
Network changes is something that AICCU, or actually the protocols that it implements will handle and it does not need any restarts for network changes.