Friday, June 30, 2017

Periodic services with SMF

Periodic services with SMF

Solaris 11.3 extended SMF to support periodic and scheduled services. It was done mostly to ease IPS packagers because you can't just drop a file in /etc/cron.d and it will magically self-assemble to a cronjob (unlike e.g. /etc/logadm.d).

What's the difference between periodic and scheduled? You want a periodic service for tasks that have to run say every 15 minutes.

Each invocation of a periodic service instance start method occurs at a time relative to the last invocation.

And a scheduled service for tasks that have to run at a specific time.

Each invocation of a scheduled service instance start method occurs at a specific absolute time. Use a scheduled service when the task must run at a certain time, such as during off-peak hours.

The svcbundle command was extended as well to create periodic and scheduled service manifests.

For the periodic example we'll use fetchmail to check for new mails every 15 minutes (== 900s).

$ echo $(( 15 * 60 ))
900
$ svcbundle -o periodic_fetchmail.xml -s service-name=site/periodic/fetchmail \
  -s start-method='/usr/bin/fetchmail -s' -s period=900
# cp periodic_fetchmail.xml /lib/svc/manifest/site/
# svcadm restart svc:/system/manifest-import:default
$ svcs -o NRUN svc:/site/periodic/fetchmail:default
NRUN
22:15:27

We could also use a method_credential (see svc.periodicd(8)) so that the manifest runs as the specified user.

Let's create a scheduled service that runs every night around 00:00 o'clock now.

The crontab entry would look like the following.

0 0 * * * /usr/sbin/audit -n

Let's convert that to SMF with svcbundle.

$ svcbundle -o scheduled_auditrotate.xml -s service-name=site/scheduled/auditrotate \
  -s start-method='/usr/sbin/audit -n' \
  -s hour=0 -s minute=0 \
  -s interval=day
# cp scheduled_auditrotate.xml /lib/svc/manifest/site/
# svcadm restart svc:/system/manifest-import:default
$ svcs -o NRUN svc:/site/scheduled/auditrotate:default
NRUN
 0:00:51

We should edit the manifest and remove the dependency on vc:/milestone/multi-user and instead depend on svc:/system/auditd:default and fill in common_name and description.

For the last example we'll follow Oracle's advice and do a monthly scrub of our disks. See Recommended Storage Pool Practices.

Scrub your ZFS storage pools routinely, such as monthly, if you are using datacenter quality services.

Let's do another scheduled service which runs every month.

$ svcbundle -o scheduled_rpoolscrub.xml -s service-name=site/scheduled/rpoolscrub \
  -s start-method='/usr/sbin/zpool scrub rpool' \
  -s day_of_month=13 -s hour=4 \
  -s interval=month
# cp scheduled_rpoolscrub.xml /lib/svc/manifest/site/
# svcadm restart svc:/system/manifest-import:default

... wait till it executed

$ svcs -o LRUN svc:/site/scheduled/rpoolscrub:default
LRUN
 4:17:49
$ svcs -o NRUN svc:/site/scheduled/rpoolscrub:default
NRUN
Jul_13

Also note there are log files in /var/svc/log in case something goes wrong.

$ svcs -Lv site/scheduled/rpoolscrub
svc:/site/scheduled/rpoolscrub:default (Monthly rpool scrub)
Logfile not found for svc:/site/scheduled/rpoolscrub:default. Error: unknown error.

$ tail /var/svc/log/site-scheduled-rpoolscrub:default
Jun 13 04:17:49/6:Executing start method ("/usr/sbin/zpool scrub rpool")
Jun 13 04:17:55/5:Method "start" exited with status 0.

When you're an IPS packager, don't forget to mogrify your SMF manifests.

<transform dir path=lib/svc/manifest -> set group sys>
<transform file path=lib/svc/manifest -> set group sys>
<transform file path=lib/svc/method/.* -> set mode 0555>
<transform file path=(var|lib)/svc/manifest/.*\.xml$ -> \
    default restart_fmri svc:/system/manifest-import:default>

Links

No comments:

Post a Comment

389 Directory Server 1.3.x LDAP client authentication

389 Directory Server 1.3.x LDAP client authentication Last time we did a multi-master replication setup, see 389 Directory Server 1.3.x Repl...