daemontools/tcpserverによるデーモン管理

以下のテキストは、執筆時当時の情報を元に書いたものであり、 現在の情勢にそぐわないことを含む場合があるので注意されたい。 また、テキストは最終提出原稿で校正を経る前のものなので、実際にUNIXUSER 本誌に記載されたものとは異なる。誤字脱字等そのままである。

致命的な誤り以外は加筆修正等は行なわないので情報の鮮度に気をつけつつ 利用して欲しい。

目次


Part 2 

DJB


Part 2 daemontools 
 tcpserver 
Part3daemontools/tcpserver 



daemontools


daemontools

Unix

Web
1020



	
	  

	

	
	  

	
	  (kill)

OS



1
	
	

2
	 OpenSSH 

3
	 foo  HUP PID
	AIXPID
	

4
	 foo NetBSD foo 
	
	

5
	 foo  RedHat Linux, Solaris8, IRIX 
	

6
	 bar 
	
	FreeBSDHP-UX
	

7
	 baz 
	baz
	


ps 
syslogd
 /etc  grep  rc 

/etc/rc.local 
 start  stop 


Unix


	  


Unix

 daemontools 


	* // 
          
	* 
	* 
	* 





daemontools

daemontools



daemontools


---[ ]------------------------------------------------------------

    svscan
          
   +---- /service ----------------------------------+
   |                                                |
   | +------------------+  +-------------------+    |
   | | 	|  |       |    |
   | |  |  |   |    |
   | +------------------+  +-------------------+    |
   |    (supervise      (supervise	    |
   |     )         )    |
   +------------------------------------------------+

----------------------------------------------------------------------

 daemontools svscan 
/service 
()svscan 
 supervise supervise 
"run" 
svc 
run 


daemontools


	1. daemontools

	   

	2. 

	   daemontools
	   
	   "run" 
	   
	   

	3. svscan

	   svscan
	   	
	    /service 
	   svscan

	4.  /service 

	   /service 
	   
	    /service/ 
	   /usr/local/djbdns 
	   

	     # ln -s /usr/local/djbdns /service

	   svscan(5)
	   




daemontools

 daemontools-0.76 
http://cr.yp.to/daemontools/install.html
(CD-ROM)

(daemontools-0.76.tar.gz)
(1 ) 


-------[1 /package hierarchy ]----------------------------------

DJBWeb
DJB /package
hierarchy (URL)

http://cr.yp.to/unix.html (Filesystem layout)
http://cr.yp.to/slashpackage.html


daemontools 
0.76 /package hierarchy 
DJB

	# vi conf-cc
	  ()
	# make setup check



	# package/install

 /command 
 /usr/local/bin 
URL /package 

 /command 

DJBDJB /package hierarchy 

hierarchy 

DJB


 daemontools 


/package hierarchy 
http://cr.yp.to/daemontools/install.html 
/package
hierarchy  daemontools-0.76 

-------------------------------------------------------------------------


	# mkdir -p /package
     	# chmod 1755 /package
	# mv daemontool-0.76.tar.gz /package
	# cd /package
	# tar vzxpf daemontool-0.76.tar.gz
	# cd admin/daemontools-0.76
	# package/install

 /command, /package 
(/etc/inittab  
/etc/rc.local) daemontools (svscan)







	()
	% tar vzxpf daemontool-0.76.tar.gz
	% cd admin/daemontools-0.76
	% package/install

 /command, /package 
 ./package/commands 

 ./command 

 /usr/local/daemontools/bin 


	# mkdir -p /usr/local/daemontools/bin
	# cp command/* /usr/local/daemontools/bin

 svscan 
command/svscanboot 


: ---[ /etc/startsvscan ]----- 

#!/bin/sh
PATH=/usr/local/daemontools/bin:/usr/local/bin:/bin:/sbin:/usr/bin:/usr/sbin

exec </dev/null
exec >/dev/null
exec 2>/dev/null

/usr/local/daemontools/bin/svc -dx /service/* /service/*/log

env - PATH=$PATH svscan /service 2>&1 | \
env - PATH=$PATH readproctitle service errors: ................................................................................................................................................................................................................................................................................................................................................................................................................

----------------------------------------------------- 

2PATH
 daemontools 
svscan
()
400



(
)




	* /etc/inittab (SystemVUnix, Linux)

	  /etc/inittab (: 
	   package/boot.inittab )

	  ------------- inittab   ------------------
SV:123456:respawn:/etc/startsvscan
	  -------------   --------------------------------

	* /etc/rc.local (BSD)

	  /etc/rc.local (: 
	   package/boot.rclocal )

	  ------------- rc.local   ------------------
csh -cf '/etc/startsvscan &'
	  -------------   --------------------------------


 daemontools 
 /etc/startsvscan 


	# mkdir /service
	# chmod 755 /service

/service  / 



	* daemontools
	  / 
	* 
	  
	  
	* /service 
	  

daemontools() 
/service 


svscan

	# csh -cf '/usr/local/daemontools/bin/svscanboot &'


daemontools


 daemontools 
 daemontools 
 daemontools 

daemontools

	* DJB()
	* ()
	* 
	* 


fghack()daemontools
 /etc/rc* 
daemontools



 daemontools 


	1 
          ()

	2  run 
          

	3  log 
	   run 

	4 

	5  /service()
	  

 /usr/local/foo 
( ) daemontools 

---[ ]------------------------------------------------------------

       /usr/local/foo/
		   |
		   +--/bin/
		   |    +--- fooclient
		   |    +--- fooconfcheck
		   |    +--- foostat
		   |	+--- fookill
		   |
		   +--/sbin/
		   |    +---- food
		   |
		   +--/man/
		   :    +---/man1/
		   :	:    +--- fooclient.1
		   :	:    :
----------------------------------------------------------------------

--------------------------------------------------------------
foo() sbin/food 
-d 


----------------------------------------------------------------------


 15 

1. 

   
   /usr/local/foo/ 

	# mkdir /usr/local/foo/foo

2. run 

   /usr/local/foo/foo run 
    foo
   
   PATH run 
   

	# cd /usr/local/foo/foo
	# touch run
	# chmod +x run
	# vi run
	  (run)
---[ /usr/local/foo/foo/run ]-----------------------------------------
#!/bin/sh
PATH=/bin:/usr/bin:/usr/local/foo/bin:/usr/local/foo/sbin
exec 2>&1
exec food -d
----------------------------------------------------------------------

   
    exec 
   ID
   svc ()
   

3. 

   
   log run 
----
:
daemontools-0.70 sticky
(mode 1755)0.70log
chmod 1755
----
   daemontools  multilog 
   multilog()
   
   
   log/run 

	# mkdir /usr/local/foo/foo/log
	# cd /usr/local/foo/foo/log
	# touch run
	# chmod +x run
	# vi run
	  (run)
---[ /usr/local/foo/foo/run ]-----------------------------------------
#!/bin/sh
exec multilog t ./main
----------------------------------------------------------------------

   food
   /usr/local/foo/foo/log/main/current 

4. 

   run

	# cd /usr/local/foo/foo
	# ./run

   
   

5. 

   
   

	# ln -s /usr/local/foo/foo /service

   5foo



svc

 /service svscan
supervisesuperviserun
svc
/service
 /service/foo 


svc 

	# svc    





	-u  (Up)
	-d  (Down)
	-o  (Once)
	-p   STOP (Pause)
	-c   CONT 
	-h   HUP 
	-a   ALRM 
	-i   INT 
	-t   TERM 
	-k   KILL 
	-x  supervise (eXit)
	    
	    


HUP


	# svc -h /service/foo

(: root ($PATH)
daemontools)



	# svc -t /service/foo

-t TERM
supervise



	# svc -d 


 down svc -d 

	# touch /service/foo/down
	# svc -d /service/foo




	# cd /service/foo
	# rm /service/foo
	# svc -dx . log


daemontools

daemontools


svok

	# svok 

(
supervise)
0100

svstat

	# svstat 


daemontools


	# svstat /service/*


	/service/axfrdns: up (pid 229) 197662 seconds
	/service/dnscache: up (pid 232) 197662 seconds
	/service/ipopd: up (pid 224) 197663 seconds
	/service/smtpd: up (pid 226) 197663 seconds
	/service/tinydns: up (pid 231) 197662 seconds



	/service/axfrdns: up (pid 229) 197662 seconds
	/service/dnscache: up (pid 232) 0 seconds
	/service/ipopd: up (pid 224) 197663 seconds
	/service/smtpd: up (pid 226) 197663 seconds
	/service/tinydns: up (pid 231) 1 seconds

01
supervise
 run 
dnscache, tinydns 


	# touch /service/dnscache/down /service/tinydns/down
	# svc -dx /service/dnscache /service/tinydns

 down 


	# rm /service/dnscache/down /service/tinydns/down
	# svc -u /service/dnscache /service/tinydns

svscan
supervise
 /service 
svscanPATHdaemontools


fghack
 supervise  ./run 

supervise
(run)fghacksupervise
 run 

	#!/bin/sh
	echo Starting foo daemon...
	exec fghack food

supervise
fghack
close

close
fghack
0close

	#!/bin/sh
	exec fghack baddaemon <&-



fghack


pgrphack



svscanpgrphackrun


	#!/bin/sh
	echo starting foo daemon...
	exec pgrphack food



multilog
multilog supervise 
 /service/foo/log/run 

	multilog 



multilog

  

	* t

	 t TAI64N
	

	a
	b
	c

	multilog
	

	@400000003cbfe11501936b64 a
	@400000003cbfe11607ceb5ec b
	@400000003cbfe11619e52874 c

	@2416TAI64N
	tai64nlocal
	 t multilog
	

  

	* <>

	(.)
	multilog
	multilog
	current 
	current 
	 current 
	
	

	* s

	 s 
	multilog
	2000
	
	 40961677721599999
	

	* n

	 n 
	 n 
	 <> multilog
	current
	
	210

	* !

	 ! ()
	 current 
	
	
	 log/run 

	#!/bin/sh
	exec multilog !"cat -n" ./main

	(|)
	

  

	* -
	* +

	 - 
	 + 
	
	 * * 
	* * 
	()
	

	+hello

	 "hello" "hello world"
	 t 
	
	 

	fatal: out of memory

	

	@400000003b4a39c23294b13c fatal: out of memory

	
	

	multilog t '-*' '+* fatal: *' ./main

	+  "* " 
	


  

	* =

	 = 
	
	1000(+1)

	multilog -* +STAT* =log/status

	"STAT" 
	 log/status 

  

	* e

	 e (200)
	

 log/run 

	exec multilog t ./main

log  ./main 


readproctitle

ps

	# readproctitle () 



svscan


tai64n
TAI64N


tai64nlocal
TAI64N
@TAI64Ntai64nlocalISO
(YYYY-MM-DD HH:MM:SS.SSSSSSSSS)

setuidgid

	# setuidgid  

 UID, GID setuid/setgid 
daemontools
root
multilogroot


	#!/bin/sh
	exec setuidgid  multilog t ./main



envuidgid

	# envuidgid  

UIDGID
UID, GID

envdir

	# envdir  



0

softlimit

	# softlimit  




	-m N	-d N -s N -l N -a N 
	-d N	1N
	-s N	1N
	-l N	1N
		(*)
	-a N	1N(*)
	-o N	1N(*)
	-p N	1IDN

	-f N	N
	-c N	N


	-r N	N
		
	-t N	CPUNN SIGXCPU
		

	(*)OS

setlock

	# setlock   




	-n	setlock
		
	-N	()
		setlock
	-x	()
		setlock0exit
	-X	()
		setlock0exit
		()


daemontools

daemontools

	1. 
	2.  run 
	   run
	   * 
	   * exec run
	   * 
	     PATH
	3.  log 
	    run 
	4.  run 
	   
	4.  /service 

OS




tcpserver


tcpserver

tcpserverucspi-tcp ucspi-tcp 
UCSPI(UNIX Client-Server Program Interface) UNIX

()


tcpserver 

	% tcpserver 0 5555 ruby

rubytcp/5555
Ruby()



ucspi-tcp




tcpserver



 inetd inetd
/etc/inetd.conf 

 

---[ ]-----------------------------------------------------------------

                       
                                                     
  +-------------+--------------+----------------+-----------------+-----+
   inetd  | tcp/21(ftp)  | tcp/23(telnet) | tcp/110(pop3)   | ... |
                +--------------+----------------+-----------------+-----+
                                     
 inetd        ftpd          telnetd             pop3d
--------------------------------------------------------------------------


inetd

PC-UNIX
tcp_wrappers  libwrap inetd
/
OS
 inetd 
 tcpserver 

tcpserver
inetd
inetd
tcpservertcpserver
 

---[ ]-----------------------------------------------------------------

          
                               
  +-----------+ +-----------+ +-----------+
  |  tcp/21   | |  tcp/23   | | tcp/110   |
  |(tcpserver)| |(tcpserver)| |(tcpserver)|
  +-----------+ +-----------+ +-----------+
                               
      ftpd          telnetd       pop3d
---------------------------------------------------------------------------

tcpserver

 inetd+tcp_wrappers /etc/hosts.allow 

 inetd+tcp_wrappers tcpserver 
1tcpserver
tcpserver


	* 

	   inetd  libwrap 
	  tcp_wrappers 
	  make

	* 

	  tcpservercdb
	  (hosts.allowtcp_wrappers
	  )
	  (POP before SMTP)
	  
	  
	  tcpserver
	  

	*  vs. 

	  tcpserver
	  1MB
	  
	  

	* 

	  
	  tcpserver 0  
	  

daemontools
tcpserver 
daemontoolsrunsvc




ucspi-tcp

 ucspi-tcp  ucspi-tcp-0.88 
http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz


 conf-* 

	# gzip -dc ucspi-tcp-0.88.tar.gz | tar xvpf -
	# cd ucspi-tcp-0.88
	# head conf-*
	==> conf-cc <==
	gcc -O2
	
	This will be used to compile .c files.
	
	==> conf-home <==
	/usr/local
	
	This is the ucspi-tcp home directory. Programs will be installed in
	.../bin.
	
	==> conf-ld <==
	gcc -s
	
	This will be used to link .o files into an executable.

 conf-home conf-home 

/usr/local ucspi-tcp 
/usr/local/bin  conf-home 


 /usr/local/bin 

	
	! daemontools(svscan) 	!
	! ($PATH)!	!

svscan$PATH
/usr/local/bin ucspi-tcp 
 tcpserver  supervise run




	# make
	# make setup check

tcpserver

tcpserver

	# tcpserver []   


IP
IP
 0 

 
/etc/services 




tcpserver 

  
	-q		
	-Q		()
	-v		(verbose)
			

  
	-c 		
	-x cdb	tcprulescdb
			
			cdb
			tcpservertcprules
			
	-X		-x cdb
			
			-X cdb
			
	-B 	
			
	-g GID		ID
	-u UID		ID
	-U		-u $UID -g $GID 
	-1		
			
	-b 		TCP SYNOS
			5
			
	-o		IP
			
			()
	-O		IP
	-d		
			ON
			-d
	-D		-d

  
	-h		DNS
			 TCPREMOTEHOST 
			
	-H		-hDNSTCP53(DNS)
			
			
	-p		DNSIP
			DNSIP
			IP
			 TCPREMOTEHOST 
	-P		-p
	-l 	DNS
			 0 TCP
			53
			
	-r		 $TCPREMOTEINFO 
			
	-R		-rTCP53113(AUTH)
			
			
	-t 		$TCPREMOTEINFO
			26

tcpserver

tcpserver -x  
cdb()
tcprules
cdb

IP


	:



IP


	* tcpserver  -h ()
	* IP


(=)
FQDN


	
	=venus.example.com:allow
	=.example.net:deny		(*.example.net)

IPIP

(-)IP


	
	192.168.:allow			(192.168.*.*)
	172.16.9.10-20:allow		172.16.9.10, 172.16.9.11,
					172.16.9.20 
	10.0.3-5.:allow			10.0.3.*, 10,0.4.*, 10.0.5.*
					


allow()  deny() 

=""
=//






tcprules

cdbtcprules
tcprules

	# cat  | tcprules cdb 

tcprules 
cdb
cdbtcpserver
cdb

tcprulescheck

cdb
tcprulescheck

	# tcprulescheck cdb

 TCPREMOTEIP 
TCPREMOTEHOST cdb


	sh# TCPREMOTEIP=192.168.3.4 tcprulescheck foo.cdb



daemontools

djbdnsdaemontools run 

daemontools+tcpserver  run 
POPrun


POP

	---[ ]--------------------------------------------------
			110(POP3)
			/usr/local/etc/ipop3d
		LAN  INTRANET 
				LAN
	--------------------------------------------------------------

daemontools


	1. 
	2. tcpserver
	3. run
	4. /service 

 daemontools 
ucspi-tcp 


  

  daemontools
   /var/qmail/pop 
  

	# mkdir /var/qmail/pop

    
   poprule 

	# cd /var/qmail/pop
	# vi poprule
	  ()
---[ /var/qmail/pop/poprule ]-----------------------------------------
#INTRANET
127.0.0.:allow,INTRANET=""
#192.168.0.* INTRANET
192.168.0.:allow,INTRANET=""
#allow
:allow
----------------------------------------------------------------------

  cdb

	# cat poprule | tcprules poprule.cdb tmpfile

  
  Makefile

	# vi Makefile
	  ()
---[ /var/qmail/pop/Makefile ]-----------------------------------------
#ucspi-tcp
TCPDIR=/usr/local/bin
TR=${TCPDIR}/tcprules

all:	poprule.cdb

poprule.cdb:	poprule
	cat poprule | ${TR} $@ tmpfile
----------------------------------------------------------------------

  

   tcprulescheck 
  tcprulescheck  TCPREMOTEIP, TCPREMOTEHOST,
  TCPREMOTEINFO (cdb)
  tcpserver poprule.cdb 
   192.168.0.5  10.0.0.5 
  

	# TCPREMOTEIP=192.168.0.5 tcprulescheck poprule.cdb
	  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	rule 192.168.0.:
	set environment variable INTRANET=
	allow connection
	# TCPREMOTEIP=10.0.0.5 tcprulescheck poprule.cdb
	  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	rule :
	allow connection

  INTRANET
  TCPREMOTEHOSTtcpserver(-h
  )

  tcpserver

   poprule.cdb tcpserver

	# tcpserver -R -xpoprule.cdb 0 110 /usr/local/etc/ipop3d

  110

	% telnet  110

   tcpserver  C-c 

  run

   run 

	# vi Makefile
	  ()
---[ /var/qmail/pop/run ]-----------------------------------------
#!/bin/sh
# 
DAEMONTOOLS=/usr/local/daemontools/bin
UCSPI=/usr/local/bin
exec env - \
PATH=/bin:/usr/bin:/usr/sbin:$UCSPI\:$DAEMONTOOLS \
tcpserver -R -xpoprule.cdb 0 pop3 /usr/local/etc/ipop3d 2>&1
----------------------------------------------------------------------

  run svscanroot
  $PATH
  PATH

  runtcpserver
  

	# ./run

  110
  

  /service 

  svscan

	# ln -s /var/qmail/pop /service

  5pop

	# svstat /service/pop
	/service/pop: up (pid 66856) 7 seconds




daemontools
tcpserver




yuuji@gentei.org
Fingerprint16 = FF F9 FF CC E0 FE 5C F7 19 97 28 24 EC 5D 39 BA
HIROSE Yuuji - ASTROLOGY / BIKE / EPO / GUEST BOOK / YaTeX [Tweet]