On 13 May 2016 at 20:30, Terry Burton <
[hidden email]> wrote:
>
> So currently there are no trap handlers for SIGTERM or SIGINT and
> therefore no cleanup whatsoever at exit.
>
> There is a compiled-out option ENABLE_GENTLE_SHUTDOWN which installs
> handlers for these signals but when this was activated it implemented
> the harmful semantics of putting the server through a
> recovery+partner-down transition which isn't useful for a quick
> configuration reload:
>
> /* Enable the gentle shutdown signal handling. Currently this
> means that on SIGINT or SIGTERM a client will release its
> address and a server in a failover pair will go through
> partner down. Both of which can be undesireable in some
> situations. We plan to revisit this feature and may
> make non-backwards compatible changes including the
> removal of this define. Use at your own risk. */
> /* #define ENABLE_GENTLE_SHUTDOWN */
>
> #if defined(ENABLE_GENTLE_SHUTDOWN)
> /* no signal handlers until we deal with the side effects */
> /* install signal handlers */
> signal(SIGINT, dhcp_signal_handler); /* control-c */
> signal(SIGTERM, dhcp_signal_handler); /* kill */
> #endif
>
> Having a more basic signal handler that defers the exit in order to
> continue to write out an outstanding lease seems better. Perhaps once
> could even differentiate these exit semantics based on SIGINT vs
> SIGTERM.
>
> If someone who can speak for ISC is able to indicate whether this
> would be a sensible approach then I am happy to work up a patch.
Dear ISC DHCP devs,
Please could you review and if suitable pull the following:
https://github.com/terryburton/isc-dhcp/commit/90f6e8617f13b7bc9575d275bd37b7a418b6139dAs a patch (also attached):
https://github.com/terryburton/isc-dhcp/commit/90f6e8617f13b7bc9575d275bd37b7a418b6139d.diffSummary below...
Many thanks,
Terry
----
Safely shutdown dhcpd when signalled.
This patch reintroduces signal handlers to ensure that dhcpd safely exits when
signalled mitigating the existing risk that the leases file is truncated at
shutdown.
It provides the expected behaviour that SIGTERM and SIGINT will cause a safe
shutdown that does not place a failover pair into recovery on restart, so they
remain suitable for a basic configuration reload - only safer.
Using OMAPI to set the state of a control object to shutdown (2) retains the
existing behaviour of placing the peer into partner-down and performing a
recovery on restart. Equivalently, SIGUSR2 will now shutdown dhcpd and perform
a recovery on restart.
SIGTERM, SIGINT - Clean shutdown, suitable for a configuration reload.
SIGUSR2, OMAPI - Put failover peer into partner-down state and exit performing
a recovery on startup, suitable for an extended outage.
Since this is intended to be a sane set of defaults the GENTLE_SHUTDOWN define
no longer applies to dhcpd, i.e. safe handling of signals for selectable
operational semantics is provided by default.
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Locked
dhcpd.diff (5K)