Hi,
Javier Fernandez-Sanguino wrote:
> On 14 April 2014 08:34, Manuel Riel <manu_...@snapdragon.cc> wrote:
> Already users can use 'checkrestart' to determine which services to restart
> after upgrading OpenSSL. I've used this succesfully in a few servers I had
> to update due to last week's heartbleed bug.
I did that mostly with the "libs" test of the hobbit-plugins package.
We found a few issue while doing so, so that one isn't perfect either.
(Didn't really expect anything else. :-)
> Automatically restarting all services is dangerous (as mentioned by Axel in
> this bug report) and should be done with care.
That's one of the reasons why I think that such functionality should
be in its own package, i.e. we should not deploy an APT hook for
restart-services.
> I personally would prefer administrators to carefully review checkrestart
> output and take action rather than blindly run a script. I do see the
> value of the script (for those managing many machines) howerver.
needrestart by default shows a list of services via a debconf-like
TUI interface and you can decided which of the proposed services
should be really restarted.
> In any case, since 'needrestart' already exists, isn't it possible to join
> both tools?
I fear not. needrestart was written with the knowledge that
checkrestart exists, but works differently. From it's package
description:
It is inspired by checkrestart from the debian-goodies package. It
does not rely on lsof as checkrestart does.
Similarily, the hobbit-plugins test "libs" is written in Perl as it
relies on a Perl-written client library for the Hobbit/Xymon
monitoring system.
Needrestart is written in Perl, too, but using a common library is not
an option either, as the hobbit tests don't run as root and lsof is
called via sudo which needrestart doesn't use lsof and needs to be run
as root as far as I can see.
So to make the hobbit libs test be build on top of checkrestart, a
hobbit client library in Python needs to be written. (And I must
admit, I do prefer Perl over Python as programming language, so I
won't rewrite a Perl written tool which I maintain in Python.)
Alternatively checkrestart needs a clear API to be properly used by
other tools.
> As this approach (automatically restarting services) is prone
> to bugs (just look at [1]) in the long run it would make more sense to have
> 1 tool than to duplicate the functionality and, consequently, the bugs that
> might arise.
Agreed, but I currently don't see a chance for that unless there's a
documented and stable API.
Regards, Axel
--
,''`. | Axel Beckert <a...@debian.org>, http://people.debian.org/~abe/
: :' : | Debian Developer, ftp.ch.debian.org Admin
`. `' | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
`- | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
