Skip to content

Add a compile-time option for a daemon binary #46

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Oct 17, 2019
Merged

Add a compile-time option for a daemon binary #46

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 5 additions & 0 deletions Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ uuid = "0.7.4"
threadpool = "1.7.1"
std-semaphore = "0.1.0"
signal-hook = "0.1.10"
sd-notify = { version = "0.1.0", optional = true }

[dev-dependencies]
parsec-client-test = { git = "https://github.com/parallaxsecond/parsec-client-test", tag = "0.1.2" }
Expand All @@ -34,3 +35,7 @@ mbed-crypto-version = "mbedcrypto-1.1.0"
[features]
default = ["mbed"]
mbed = []

# Feature to compile the PARSEC binary to be executed as a systemd daemon.
# This feature is only available on Linux.
systemd-daemon = ["sd-notify"]
34 changes: 34 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,7 @@ This project uses the following third party crates:
* std-semaphore (MIT and Apache-2.0)
* num_cpus (MIT and Apache-2.0)
* signal-hook (MIT and Apache-2.0)
* sd-notify (Apache-2.0)

This project uses the following third party libraries:
* [Mbed Crypto](https://github.com/ARMmbed/mbed-crypto) (Apache-2.0)
Expand All @@ -160,6 +161,39 @@ You can execute unit tests with `cargo test --lib`.
The [test client](https://github.com/parallaxsecond/parsec-client-test) is used for integration
testing. Check that repository for more details.

# **Installing the PARSEC service (Linux only)**

PARSEC can be built and installed as a Linux daemon using systemd. The PARSEC daemon uses socket
activation which means that the daemon will be automatically started when a client request is
made on the socket. The daemon is a systemd user daemon run by the `parsec` user.

If your Linux system uses systemd to manage daemons, you can follow these steps.

* Create and log in to a new user named `parsec`
* In its home directory, pull and install PARSEC as a daemon
```bash
$ git pull https://github.com/parallaxsecond/parsec.git
$ cargo install --features "systemd-daemon" --path parsec
```
* Install the systemd unit files and activate the PARSEC socket
```bash
$ mkdir -p ~/.config/systemd/user
$ cp -r systemd-daemon/parsec.service systemd-daemon/parsec.socket ~/.config/systemd/user
$ systemctl --user enable parsec.socket
$ systemctl --user start parsec.socket
```

Every user on the system can now use PARSEC!

You can test it going inside the `parsec` directory and:
```bash
$ cargo test --test normal
```
Check the logs with:
```bash
$ journalclt --user -u parsec
```

# **Contributing**

Please check the [**Contributing**](CONTRIBUTING.md) to know more about the contribution process.
Expand Down
4 changes: 4 additions & 0 deletions src/bin/main.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,10 @@ fn main() -> Result<(), Error> {

let threadpool = Builder::new().build();

#[cfg(feature = "systemd-daemon")]
// Notify systemd that the daemon is ready, the start command will block until this point.
let _ = sd_notify::notify(true, &[sd_notify::NotifyState::Ready]);

loop {
if kill_signal.load(Ordering::Relaxed) {
println!("SIGTERM signal received.");
Expand Down
49 changes: 36 additions & 13 deletions src/front/domain_socket.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ use super::listener;

use listener::Listen;
use listener::ReadWrite;
use std::os::unix::io::FromRawFd;

static SOCKET_PATH: &str = "/tmp/security-daemon-socket";

Expand All @@ -43,23 +44,35 @@ impl DomainSocketListener {
/// fails
/// - if binding to the socket path fails
fn init(&mut self) {
let socket = Path::new(SOCKET_PATH);
if cfg!(feature = "systemd-daemon") {
// The PARSEC service is socket activated (see parsec.socket file).
// systemd creates the PARSEC service giving it an initialised socket as the file
// descriptor number 3 (see sd_listen_fds(3) man page).
// If an instance of PARSEC compiled with the "systemd-daemon" feature is run directly
// instead of by systemd, this call will still work but the next accept call on the
// UnixListener will generate a Linux error 9 (Bad file number), as checked below.
unsafe {
self.listener = Some(UnixListener::from_raw_fd(3));
}
} else {
let socket = Path::new(SOCKET_PATH);

if socket.exists() {
fs::remove_file(&socket).unwrap();
}
if socket.exists() {
fs::remove_file(&socket).unwrap();
}

let listener_val = match UnixListener::bind(SOCKET_PATH) {
Ok(listener) => listener,
Err(err) => panic!(err),
};
let listener_val = match UnixListener::bind(SOCKET_PATH) {
Ok(listener) => listener,
Err(err) => panic!(err),
};

// Set the socket as non-blocking.
listener_val
.set_nonblocking(true)
.expect("Could not set the socket as non-blocking");
// Set the socket as non-blocking.
listener_val
.set_nonblocking(true)
.expect("Could not set the socket as non-blocking");

self.listener = Some(listener_val);
self.listener = Some(listener_val);
}
}
}

Expand All @@ -84,6 +97,16 @@ impl Listen for DomainSocketListener {
}
}
Err(err) => {
if cfg!(feature = "systemd-daemon") {
// When run as a systemd daemon, a file descriptor mapping to the Domain Socket
// should have been passed to this process.
if let Some(os_error) = err.raw_os_error() {
// On Linux, 9 is EBADF (Bad file number)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it reasonable that we'll reach this point? if not => unreachable!();

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we reach this point, it is because the accept method failed and we check if the failure comes from the fact that it was given a bad file descriptor. We gave it 3 as a file descriptor but if the process was not launched by systemd, 3 will map to nothing and trigger this error.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's also possible that the user wants to run the application as a service instead of socket activation. TBH, using fd 3 directly feels a bit dirty.

According to http://0pointer.de/blog/projects/socket-activation.html, sd_listen_fds would be a better solution, but my sd-notify crate doesn't support that (yet?).

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @lnicola!
Currently we only have the compile-time flag systemd-daemon to differentiate between a binary to be launched by systemd or by the command line. If compiled as a daemon and launched on the command line by the user, it will trigger this error.

I agree that a better way would be to do it at runtime, the way shown in your link below and assuming that we can also do runtime checks on other daemon-dependant parts of our application and remove the compile-time flag.
For example, what would be the effect of sd-notify if not run as a daemon?
The crate systemd has Rust wrappers around this function and other very useful functions that would allow us to do that. It is licensed under LGPL-2.1+ so we would have to check for compatibility with our Apache 2.0 license.

Copy link
Contributor

@lnicola lnicola Oct 18, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Currently we only have the compile-time flag systemd-daemon to differentiate between a binary to be launched by systemd or by the command line. If compiled as a daemon and launched on the command line by the user, it will trigger this error.

That shouldn't be needed in general, IMHO.

For example, what would be the effect of sd-notify if not run as a daemon?

Do you mean sd_notify::notify? I haven't checked the implementation of sd_listen_fds, but readiness notification works like this:

  • if systemd or a compatible service manager starts the daemon, it sets an well-known environment variable (NOTIFY_SOCKET) with a Unix Domain Socket address
  • applications can check whether the variable is set, and can send messages and control systemd by writing to that socket
  • applications should unset the variable before spawning child processes

In the case of notify, if the program is not launched by systemd, the variable won't be set, and the function will return Ok(()), so the whole thing is a no-op.

The crate systemd has Rust wrappers around this function and other very useful functions that would allow us to do that. It is licensed under LGPL-2.1+ so we would have to check for compatibility with our Apache 2.0 license.

I don't think they're compatible. I can look into adding more functionality to the sd-notify crate. If you want an alternative to sd-notify, there's https://github.com/lucab/libsystemd-rs, which is licensed under MIT/Apache 2.0. The reason I started sd-notify is lucab/libsystemd-rs#24 (i.e. having ~15 transitive dependencies, including serde).

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That shouldn't be needed in general, IMHO.

I agree now with this philosophy to make one binary that works both when run as an user or by systemd but something I forgot as well: ideally (for now) we would like parsec to work on as many OSes as possible. The compile-time flag is a way to make it work also on OSes that do not have systemd. And just having conditional compilation and target Linux only might not be enough if some Linux distributions do not have systemd?

In the case of notify, if the program is not launched by systemd, the variable won't be set, and the function will return Ok(()), so the whole thing is a no-op.

Thanks for the explanation, that is very good to know!

I can look into adding more functionality to the sd-notify crate. If you want an alternative to sd-notify, there's https://github.com/lucab/libsystemd-rs, which is licensed under MIT/Apache 2.0. The reason I started sd-notify is lucab/libsystemd-rs#24.

Even if we end up keeping the compile-time flag, it would be more robust and less dirty to call sd_listen_fds as done on the blog post. Like this, even if the flag is set the binary can be launched both ways.
I checked the docs of libsystemd-rs and it does not seem to have the function.
If you were to add a sd_listen_fds function to your crate, we would use it for sure 😋 !!

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And just having conditional compilation and target Linux only might not be enough if some Linux distributions do not have systemd?

It's totally fine to run such a binary on a non-systemd distro -- unless you're linking to the C libsystemd, which might prove problematic (and you also want to avoid it because of the licensing issue?).

If you were to add a sd_listen_fds function to your crate, we would use it for sure yum !!

No promises, but I'll take a look to see what it would imply. I didn't implement FD passing in sd-notify because it's quite complex, and it's probably using the same mechanism.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's totally fine to run such a binary on a non-systemd distro -- unless you're linking to the C libsystemd, which might prove problematic (and you also want to avoid it because of the licensing issue?).

Oh, just got it, I did not know you could implement the function in Rust only without any systemd dependency, as you did for notify. In that case, the only conditional compilation checks would be on the OS which is good!

No promises, but I'll take a look to see what it would imply. I didn't implement FD passing in sd-notify because it's quite complex, and it's probably using the same mechanism.

Great, please ping me if you ever do 😃 !

if os_error == 9 {
panic!("The Unix Domain Socket file descriptor (number 3) should have been given to this process.");
}
}
}
// Check if the error is because no connections are currently present.
if err.kind() != ErrorKind::WouldBlock {
// Only log the real errors.
Expand Down
8 changes: 8 additions & 0 deletions systemd-daemon/parsec.service
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
[Unit]
Description=PARSEC Service
Documentation=https://github.com/parallaxsecond/parsec

[Service]
Type=notify
NonBlocking=true
ExecStart=/home/parsec/.cargo/bin/parsec
9 changes: 9 additions & 0 deletions systemd-daemon/parsec.socket
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
[Unit]
Description=PARSEC Socket
Documentation=https://github.com/parallaxsecond/parsec

[Socket]
ListenStream=/home/parsec/parsec.sock

[Install]
WantedBy=sockets.target