[Puppet-dev] With Mongrel, external node script inherits listen socket, leading to problems

Jos Backus Mon, 21 Jul 2008 21:09:31 -0700

    Hi all,

I'm using Puppet with Mongrel and the Apache proxy_balancer_module. The
puppetmasterd process listens on port 28140.


It seems that when using Mongrel, the external node script is run with the
puppetmasterd listen socket being passed in as Mongrel doesn't set
close-on-exec on the listen socket, unlike the Webrick wrapper in Puppet. This
occasionally creates problems as it appears that Apache will sometimes connect
to the socket in the external node script instead of the puppetmasterd. I
accidentally found this because my external node script got stuck and I saw
Apache connect to it.

Observe the following lsof output of the external node script, taken at the
end of its run:

Without the close-on-exec in Mongrel:

COMMAND     PID   USER   FD   TYPE     DEVICE     SIZE       NODE NAME
lw-puppet 32042 puppet  cwd    DIR        8,6     4096    2731042 
/var/service/puppetmaster-mongrel-1
lw-puppet 32042 puppet  rtd    DIR        8,5     4096          2 /
lw-puppet 32042 puppet  txt    REG        8,5     3508     830133 /usr/bin/ruby
lw-puppet 32042 puppet  mem    REG        8,5   911912     823589 
/usr/lib/libruby.so.1.8.5
lw-puppet 32042 puppet  mem    REG        8,5   206336    2541714 
/lib/libm-2.5.so
lw-puppet 32042 puppet  mem    REG        8,5  1598720    2541699 
/lib/libc-2.5.so
lw-puppet 32042 puppet  mem    REG        8,5    25992    2541702 
/lib/libcrypt-2.5.so
lw-puppet 32042 puppet  mem    REG        8,5    43036     934412 
/usr/lib/ruby/1.8/i386-linux/socket.so
lw-puppet 32042 puppet  mem    REG        8,5   113480     934415 
/usr/lib/ruby/1.8/i386-linux/syck.so
lw-puppet 32042 puppet  mem    REG        8,5   119212    2541726 
/lib/libpthread-2.5.so
lw-puppet 32042 puppet  mem    REG        8,5   120368    2539715 /lib/ld-2.5.so
lw-puppet 32042 puppet  mem    REG        8,5    14644    2541712 
/lib/libdl-2.5.so
lw-puppet 32042 puppet  mem    REG        8,5    17376     934413 
/usr/lib/ruby/1.8/i386-linux/stringio.so
lw-puppet 32042 puppet  mem    REG        8,6   217016    2158472 
/var/db/nscd/hosts
lw-puppet 32042 puppet    0r   CHR        1,3                1178 /dev/null
lw-puppet 32042 puppet    1u   REG        8,5        0   22036510 
/tmp/puppet.29537.0
lw-puppet 32042 puppet    2u   REG        8,5        0   22036510 
/tmp/puppet.29537.0
lw-puppet 32042 puppet    3w   REG        8,6 23690777    1994973 
/var/log/puppet/puppetmaster.log
lw-puppet 32042 puppet    4u  IPv4 1871182332                 TCP 
localhost.localdomain:51554->localhost.localdomain:8141 (CLOSE_WAIT)
lw-puppet 32042 puppet    5u  IPv4 1871182334                 TCP 
localhost.localdomain:51555->localhost.localdomain:8141 (CLOSE_WAIT)
lw-puppet 32042 puppet    6w   REG        8,5        0   22036514 /tmp/lwn.out
lw-puppet 32042 puppet    7u  IPv4 1871174582                 TCP 
localhost.localdomain:28140 (LISTEN)
lw-puppet 32042 puppet    8r  FIFO        0,6          1871182337 pipe
lw-puppet 32042 puppet    9u  IPv4 1871182327                 TCP 
localhost.localdomain:28140->localhost.localdomain:42951 (ESTABLISHED)
lw-puppet 32042 puppet   10u   REG        8,5        0   22036510 
/tmp/puppet.29537.0

With the close-on-exec in Mongrel (see attached patch):

COMMAND     PID   USER   FD   TYPE     DEVICE     SIZE       NODE NAME
lw-puppet 19703 puppet  cwd    DIR        8,6     4096    2731042 
/var/service/puppetmaster-mongrel-1
lw-puppet 19703 puppet  rtd    DIR        8,5     4096          2 /
lw-puppet 19703 puppet  txt    REG        8,5     3508     830133 /usr/bin/ruby
lw-puppet 19703 puppet  mem    REG        8,5    14644    2541712 
/lib/libdl-2.5.so
lw-puppet 19703 puppet  mem    REG        8,5   113480     934415 
/usr/lib/ruby/1.8/i386-linux/syck.so
lw-puppet 19703 puppet  mem    REG        8,5   120368    2539715 /lib/ld-2.5.so
lw-puppet 19703 puppet  mem    REG        8,5  1598720    2541699 
/lib/libc-2.5.so
lw-puppet 19703 puppet  mem    REG        8,5    43036     934412 
/usr/lib/ruby/1.8/i386-linux/socket.so
lw-puppet 19703 puppet  mem    REG        8,5    25992    2541702 
/lib/libcrypt-2.5.so
lw-puppet 19703 puppet  mem    REG        8,5   911912     823589 
/usr/lib/libruby.so.1.8.5
lw-puppet 19703 puppet  mem    REG        8,5    17376     934413 
/usr/lib/ruby/1.8/i386-linux/stringio.so
lw-puppet 19703 puppet  mem    REG        8,5   206336    2541714 
/lib/libm-2.5.so
lw-puppet 19703 puppet  mem    REG        8,5   119212    2541726 
/lib/libpthread-2.5.so
lw-puppet 19703 puppet  mem    REG        8,6   217016    2158472 
/var/db/nscd/hosts
lw-puppet 19703 puppet    0r   CHR        1,3                1178 /dev/null
lw-puppet 19703 puppet    1u   REG        8,5        0   22036510 
/tmp/puppet.14976.0
lw-puppet 19703 puppet    2u   REG        8,5        0   22036510 
/tmp/puppet.14976.0
lw-puppet 19703 puppet    3w   REG        8,6 23693843    1994973 
/var/log/puppet/puppetmaster.log
lw-puppet 19703 puppet    4u  IPv4 1871248672                 TCP 
localhost.localdomain:55953->localhost.localdomain:8141 (CLOSE_WAIT)
lw-puppet 19703 puppet    5u  IPv4 1871248674                 TCP 
localhost.localdomain:55954->localhost.localdomain:8141 (CLOSE_WAIT)
lw-puppet 19703 puppet    6w   REG        8,5     7700   22036514 /tmp/lwn.out
lw-puppet 19703 puppet    7r  FIFO        0,6          1871248676 pipe
lw-puppet 19703 puppet    9u  IPv4 1871248662                 TCP 
localhost.localdomain:28140->localhost.localdomain:42850 (ESTABLISHED)
lw-puppet 19703 puppet   10u   REG        8,5        0   22036510 
/tmp/puppet.14976.0

Note the absence of the `localhost.localdomain:28140 (LISTEN)' socket in the
second case.

I don't see a way to add this change to the Puppet code easily because unlike
in the Webrick situation, the Mongrel wrapper doesn't seem to expose the
listen socket.

-- 
Jos Backus
jos at catnook.com

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Puppet Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-dev?hl=en
-~----------~----~----~----~------~----~------~--~---

--- lib/mongrel.rb.orig 2008-07-17 17:44:42.000000000 -0400
+++ lib/mongrel.rb      2008-07-17 17:44:53.000000000 -0400
@@ -92,7 +92,8 @@
       
       tries = 0
       @socket = TCPServer.new(host, port) 
-      
+      @socket.fcntl(Fcntl::F_SETFD, Fcntl::FD_CLOEXEC)
+
       @classifier = URIClassifier.new
       @host = host
       @port = port

[Puppet-dev] With Mongrel, external node script inherits listen socket, leading to problems

Reply via email to