Project

General

Profile

Actions

Running lighttpd on Solaris Service Management Facility (SMF)

If you want to use native Solaris management facility (SMF), you have to create two files describing lighttpd service:

Manifest file: /var/svc/manifest/network/lighttpd.xml


#!text/xml
<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<!--
    Copyright 2005 Sergiusz Pawlowicz.  All rights reserved.
    http://pawlowicz.name/
    Use is subject to license terms.

    ident       "0.1" 

    Modified by Shanti Subramanyam to restrict privileges
-->

<service_bundle type='manifest' name='lighttpd'>

<service
        name='network/lighttpd'
        type='service'
        version='1'>

        <!--
          Because we may have multiple instances of network/lighttpd
          provided by different implementations, we keep dependencies
          and methods within the instance.
        -->

        <instance name='lighttpd' enabled='false'>
                <dependency name='loopback'
                    grouping='require_all'
                    restart_on='error'
                    type='service'>
                        <service_fmri value='svc:/network/loopback:default'/>
                </dependency>

                <dependency name='physical'
                    grouping='optional_all'
                    restart_on='error'
                    type='service'>
                        <service_fmri value='svc:/network/physical:default'/>
                </dependency>

                <dependency name='multiuser-server'
                    grouping='require_all'
                    restart_on='error'
                    type='service'>
                        <service_fmri value='svc:/milestone/multi-user-server:default'/>
                </dependency>

                <!-- restrict privileges and run as user webservd -->
                <method_context>
                       <method_credential
                                user='webservd' group='webservd'
                                privileges='basic,!proc_session,!proc_info,!file_link_any,net_privaddr' />
                </method_context>

                <exec_method
                        type='method'
                        name='start'
                        exec='/lib/svc/method/http-lighttpd start'
                        timeout_seconds='60' />

                <exec_method
                        type='method'
                        name='stop'
                        exec='/lib/svc/method/http-lighttpd stop'
                        timeout_seconds='60' />

                <exec_method
                        type='method'
                        name='refresh'
                        exec='/lib/svc/method/http-lighttpd refresh'
                        timeout_seconds='60' />

                <property_group name='startd' type='framework'>
                        <!-- sub-process core dumps shouldn't restart
                                session -->
                        <propval name='ignore_error' type='astring'
                                value='core,signal' />
                </property_group>

        </instance>

        <template>
                <common_name>
                        <loctext xml:lang='C'>
                                Lighttpd HTTP server
                        </loctext>
                </common_name>
                <documentation>
                        <manpage title='lighttpd' section='1M' />
                        <doc_link name='lighttpd.net'
                                uri='http://www.lighttpd.net/' />
                </documentation>
        </template>
</service>

</service_bundle>

init file: /lib/svc/method/http-lighttpd


#!sh
#!/sbin/sh
#
# Copyright 2005 Sergiusz Pawlowicz  All rights reserved.
# Use is subject to license terms.
#
# ident "0.1" 
#

LIGHTTPD_HOME=/global/lighttpd
CONF_FILE=/etc/lighttpd/lighttpd.conf
PIDFILE=/var/run/lighttpd.pid
HTTPD="${LIGHTTPD_HOME}/sbin/lighttpd" 

[ ! -f ${CONF_FILE} ] &&  exit $CONF_FILE

case "$1" in
start)
        /bin/rm -f ${PIDFILE}
# Enable NCA:
        NCAKMODCONF=/etc/nca/ncakmod.conf
        if [ -f $NCAKMODCONF ]; then
            . $NCAKMODCONF
            if [ "x$status" = "xenabled" ]; then
                 HTTPD="env LD_PRELOAD=/usr/lib/ncad_addr.so $HTTPD" 
            fi
        fi
        exec $HTTPD -f ${CONF_FILE} 2>&1
        ;;
refresh)
        if [ -f "$PIDFILE" ]; then
                /usr/bin/kill -HUP `/usr/bin/cat $PIDFILE`
        fi
        ;;
stop)
        if [ -f "$PIDFILE" ]; then
                /usr/bin/kill -QUIT `/usr/bin/cat $PIDFILE`
        fi
        ;;
*)
        echo "Usage: $0 {start|stop|refresh}" 
        exit 1
        ;;
esac

Making use of this

Import

Now import the file into SMF database:


#!ShellExample
# svccfg -v import /var/svc/manifest/network/lighttpd.xml

Enable


#!ShellExample
# svcadm enable network/lighttpd

Check


#!ShellExample
# svcs -l network/lighttpd
fmri         svc:/network/lighttpd:lighttpd
name         Lighttpd HTTP server
enabled      true
state        online
next_state   none
state_time   Sun Sep 25 14:21:49 2005
logfile      /var/svc/log/network-lighttpd:lighttpd.log
restarter    svc:/system/svc/restarter:default
contract_id  143
dependency   require_all/error svc:/network/loopback:default (online)
dependency   optional_all/error svc:/network/physical:default (online)
dependency   require_all/error svc:/milestone/multi-user-server:default (online)

Of course it is simple example of such a service, if you have better one, please cut and paste it here.

Caution!

If you experience high CPU load after enabling this service, you might want to read the Lighttpd SMF troubles blog entry. It advises to NOT have SMF set the username/groupname and instead use the server.username and server.groupname settings in the configuration file. To do so, the following section should be replaced in the lighttpd.xml file:


#!text/xml
                <!-- restrict privileges and run as user webservd -->
                <method_context>
                       <method_credential
                                user='webservd' group='webservd'
                                privileges='basic,!proc_session,!proc_info,!file_link_any,net_privaddr' />
                </method_context>

Replace that with:


#!text/xml
                <method_context/>

Updated by gstrauss over 2 years ago · 16 revisions