Package: lighttpd Version: 1.4.19-5 Severity: normal When lightttpd receives a SIGINT, it immediately closes the listener socket for new connections. While it continues to serve old connections (including keepalive sessions), any new incoming connections will be refused.
http://blog.lighttpd.net/articles/2005/09/02/graceful-restart
The correct approach to graceful restart in lighttpd is to send a SIGINT
to the existing lighttpd, and then very quickly launch a new one to
resume listening for new connections.
With the current Debian initscript behaviour, graceful restart on a
busy server is arguably less graceful than a "hard" restart, since
many clients are affected by refused connections, all for the sake of
not interrupting the lucky few clients that had existing connections.
(Many of those connections are just unused keepalives that will time
out anyway.)
In the upstream stock rc.lighttpd script, they start a new lighttpd
immediately after sending the SIGINT to the old one. See line 120:
http://redmine.lighttpd.net/repositories/entry/lighttpd/trunk/doc/rc.lighttpd
(My understanding is that killproc is like killall and does not wait
for the process to terminate.)
I would tend to assume the time it takes to start lighttpd (to the
point where it wants to bind on the listening port) far exceeds the
time it takes for an existing one to respond to the SIGINT and free up
the port. However, if the existing lighttpd is heavily swapped out or
very busy, I could see this being a race condition.
If the risk of a race condition is high enough to prevent this
behaviour being adopted in Debian, then I guess this should be
forwarded as an upstream bug.
Ideally, to avoid a race condition, the new lighttpd would get to the
point where it's ready to bind to the ports, then wait for some
indication that it should proceed. Perhaps the best approach would be
a special graceful-restart command-line parameter to lighttpd that
triggers behaviour like so:
1. New: Start up, parse config files, get ready to bind.
2. New: Read the PID of the old lighttpd from the pidfile.
3. New: Update the pidfile with the new PID.
4. New: Issue a graceful-stop signal to the old PID.
5. Old: Read the PID of the new lighttpd from the pidfile.
6. Old: Unbind ports.
7. Old: Issue a graceful-start signal to the new PID.
8. New: Bind to listening ports and resume startup process.
A less ideal approach is just to have the initscript not start the new
lighttpd until it has some indication that the listeners have been
closed. Downtime is increased but should still be fairly short,
especially compared to the current behaviour.
P.S.:
Please also note related bug #419:
http://redmine.lighttpd.net/issues/show/419
Bug #419 is currently suppressed by the existing Debian initscript
behaviour, but may come up when this bug is fixed.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages lighttpd depends on:
ii libattr1 1:2.4.43-1 Extended attribute shared library
ii libbz2-1.0 1.0.5-1 high-quality block-sorting file co
ii libc6 2.7-14 GNU C Library: Shared libraries
ii libfam0 2.7.0-13.3 Client library to control the FAM
ii libldap-2.4-2 2.4.11-1 OpenLDAP libraries
ii libpcre3 7.6-2.1 Perl 5 Compatible Regular Expressi
ii libssl0.9.8 0.9.8g-13 SSL shared libraries
ii libterm-readline-perl- 1.0302-1 Perl implementation of Readline li
ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip
ii mime-support 3.44-1 MIME files 'mime.types' & 'mailcap
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
lighttpd recommends no packages.
Versions of packages lighttpd suggests:
ii apache2-utils 2.2.9-10 utility programs for webservers
ii openssl 0.9.8g-13 Secure Socket Layer (SSL) binary a
pn rrdtool <none> (no description available)
-- no debconf information
signature.asc
Description: Digital signature
