LighttpdOnSolaris » History » Revision 13
Revision 12 (alexs77, 2008-09-11 09:53) → Revision 13/16 (alexs77, 2008-09-11 09:54)
= Running lighttpd on Solaris Service Management Facility (SMF) =
If you want to use native Solaris management facility (SMF), you have to create two files describing lighttpd service:
== Manifest file: /var/svc/manifest/network/lighttpd.xml ==
{{{
#!text/xml
<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<!--
Copyright 2005 Sergiusz Pawlowicz. All rights reserved.
http://pawlowicz.name/
Use is subject to license terms.
ident "0.1"
Modified by Shanti Subramanyam to restrict privileges
-->
<service_bundle type='manifest' name='lighttpd'>
<service
name='network/lighttpd'
type='service'
version='1'>
<!--
Because we may have multiple instances of network/lighttpd
provided by different implementations, we keep dependencies
and methods within the instance.
-->
<instance name='lighttpd' enabled='false'>
<dependency name='loopback'
grouping='require_all'
restart_on='error'
type='service'>
<service_fmri value='svc:/network/loopback:default'/>
</dependency>
<dependency name='physical'
grouping='optional_all'
restart_on='error'
type='service'>
<service_fmri value='svc:/network/physical:default'/>
</dependency>
<dependency name='multiuser-server'
grouping='require_all'
restart_on='error'
type='service'>
<service_fmri value='svc:/milestone/multi-user-server:default'/>
</dependency>
<!-- restrict privileges and run as user webservd -->
<method_context>
<method_credential
user='webservd' group='webservd'
privileges='basic,!proc_session,!proc_info,!file_link_any,net_privaddr' />
</method_context>
<exec_method
type='method'
name='start'
exec='/lib/svc/method/http-lighttpd start'
timeout_seconds='60' />
<exec_method
type='method'
name='stop'
exec='/lib/svc/method/http-lighttpd stop'
timeout_seconds='60' />
<exec_method
type='method'
name='refresh'
exec='/lib/svc/method/http-lighttpd refresh'
timeout_seconds='60' />
<property_group name='startd' type='framework'>
<!-- sub-process core dumps shouldn't restart
session -->
<propval name='ignore_error' type='astring'
value='core,signal' />
</property_group>
</instance>
<template>
<common_name>
<loctext xml:lang='C'>
Lighttpd HTTP server
</loctext>
</common_name>
<documentation>
<manpage title='lighttpd' section='1M' />
<doc_link name='lighttpd.net'
uri='http://www.lighttpd.net/' />
</documentation>
</template>
</service>
</service_bundle>
}}}
== init file: /lib/svc/method/http-lighttpd ==
{{{
#!sh
#!/sbin/sh
#
# Copyright 2005 Sergiusz Pawlowicz All rights reserved.
# Use is subject to license terms.
#
# ident "0.1"
#
LIGHTTPD_HOME=/global/lighttpd
CONF_FILE=/etc/lighttpd/lighttpd.conf
PIDFILE=/var/run/lighttpd.pid
HTTPD="${LIGHTTPD_HOME}/sbin/lighttpd"
[ ! -f ${CONF_FILE} ] && exit $CONF_FILE
case "$1" in
start)
/bin/rm -f ${PIDFILE}
# Enable NCA:
NCAKMODCONF=/etc/nca/ncakmod.conf
if [ -f $NCAKMODCONF ]; then
. $NCAKMODCONF
if [ "x$status" = "xenabled" ]; then
HTTPD="env LD_PRELOAD=/usr/lib/ncad_addr.so $HTTPD"
fi
fi
exec $HTTPD -f ${CONF_FILE} 2>&1
;;
refresh)
if [ -f "$PIDFILE" ]; then
/usr/bin/kill -HUP `/usr/bin/cat $PIDFILE`
fi
;;
stop)
if [ -f "$PIDFILE" ]; then
/usr/bin/kill -QUIT `/usr/bin/cat $PIDFILE`
fi
;;
*)
echo "Usage: $0 {start|stop|refresh}"
exit 1
;;
esac
}}}
== Making use of this ==
=== Import ===
Now import the file into SMF database:
{{{
#!ShellExample
# svccfg -v import /var/svc/manifest/network/lighttpd.xml
}}}
=== Enable ===
{{{
#!ShellExample
# svcadm enable network/lighttpd
}}}
=== Check ===
{{{
#!ShellExample
# svcs -l network/lighttpd
fmri svc:/network/lighttpd:lighttpd
name Lighttpd HTTP server
enabled true
state online
next_state none
state_time Sun Sep 25 14:21:49 2005
logfile /var/svc/log/network-lighttpd:lighttpd.log
restarter svc:/system/svc/restarter:default
contract_id 143
dependency require_all/error svc:/network/loopback:default (online)
dependency optional_all/error svc:/network/physical:default (online)
dependency require_all/error svc:/milestone/multi-user-server:default (online)
}}}
Of course it is simple example of such a service, if you have better one, please cut and paste it here.
=== Caution! ===
If you experience high CPU load after enabling this service, you might want to read the [http://blogs.sun.com/mandy/entry/lighttpd_smf_troubles Lighttpd SMF troubles] blog entry. It advises to '''NOT''' have SMF set the username/groupname and instead use the [wiki:server.usernameDetails server.username] and [wiki:server.groupnameDetails server.groupname] settings in the configuration file. To do so, the following section should be replaced in the lighttpd.xml file:
{{{
#!text/xml
<!-- restrict privileges and run as user webservd -->
<method_context>
<method_credential
user='webservd' group='webservd'
privileges='basic,!proc_session,!proc_info,!file_link_any,net_privaddr' />
</method_context>
}}}
Replace that with:
{{{
#!text/xml
<method_context/>
}}}