DESIGN 7.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155
  1. Dinit Design
  2. ============
  3. NOTE: This document is intended to provide an overview. Specifics are generally included as
  4. comments/documentation within source files.
  5. Design philosophy
  6. -----------------
  7. Software design always involves balancing different concerns. Important concerns considered during
  8. development of Dinit include:
  9. - Usability. The software should be easy to use and understand. Dangerous actions should be
  10. guarded (eg stopping a service via dinitctl requires a "--force" argument if it would also cause
  11. dependent services to stop). Common use cases should be supported by the feature set.
  12. Documentation should be complete. Error messages should be useful. Traceability/debugging is
  13. important.
  14. - Compatibility and interopability. The software should work together with other pre-existing
  15. software; it is a piece of a larger puzzle. New interfaces should only be created when they
  16. provide a tangible benefit (eg Dinit supports the same readiness protocol as S6, and works with
  17. legacy processes that fork after launching via the bgprocess service type. It logs via the
  18. standard syslog mechanism).
  19. - Scope. The feature set is restricted, but is large enough to provide utility and usability.
  20. - Generality. Arbitrary restrictions should be avoided. Size is kept small and memory use low to
  21. make Dinit usable on systems with limited resources. Code remains portable across different
  22. operating systems.
  23. - Maintainability. Code should be readable and well-documented; it should leverage the compiler's
  24. optimisations to remove abstraction penalty, wherever possible, so that the code can be more
  25. expressive, and comments should clearly explain why optimisations live "in the code" in cases
  26. where it is otherwise necessary.
  27. Of course, there are always trade-offs, but I believe that Dinit strikes a good balance with
  28. regard to the concerns listed above.
  29. Design fundamentals
  30. -------------------
  31. The design is based around an event loop: events include process termination, signal reception,
  32. and I/O coming in from control sockets (used to issue service start/stop commands etc via
  33. dinitctl). The Dasynq library provides the backend event loop functionality; it is included
  34. with the Dinit source, but has a separate web page and documentation:
  35. http://davmac.org/projects/dasynq/
  36. In Dinit, service actions are often performed by setting "propagation" flags, inserting the
  37. service in a queue, and then processing the queues. Thus a lot of service actions are performed
  38. by first calling a function on a service and then draining the propagation queues. More
  39. information can be found in comments at the beginning of the includes/service.h header.
  40. The logging subsystem is designed to log to two different sinks - typically, one is the console
  41. and one is the syslog facility, but other arrangements are possible. It uses a circular buffer
  42. for each output sink, and if the buffer becomes full it discards additional messages to avoid
  43. blocking (though it flags that this has occurred and later outputs a message to the sink).
  44. Services may acquire the console and in this case output is discarded (though it will of
  45. course continue to be logged to the other sink).
  46. Control protocol handling uses a circular receive buffer, but allocates storage for outgoing
  47. packets dynamically. If allocation fails an "out of memory" flag is set and the connection is
  48. closed after writing an "out of memory" information packet.
  49. Services
  50. --------
  51. There are presently four service types: internal, process, bgprocess and scripted. The latter
  52. three share the fact that they execute external processes and so naturally share some
  53. implementation. The base service class is "service_record" - this directly supports "internal"
  54. services. The "base_process_service" class extends this and serves as a base class for the other
  55. three service types (which all manage external processes) and provides common functionality.
  56. Various functions in the service_record / base_process_service classes are virtual, so that they
  57. can be overridden by the subclasses.
  58. All execution of child processes related to services currently goes through
  59. service_record::run_child_proc() (after forking).
  60. Services are grouped in a "service_set". This provides the essential interface between the event
  61. loop and services.
  62. Key considerations
  63. ------------------
  64. Dinit's overall function is fairly straightforward but there are some considerations that cause
  65. its design to be more complicated than it might otherwise be. The heart of the issue is that
  66. Dinit should not stall on I/O and its essential operation should never fail, which means that many
  67. code paths cannot perform memory allocation for example, and that log messages all go through a
  68. buffer.
  69. Note that blocking actions are avoided: non-blocking I/O is used where possible; Dinit must
  70. remain responsive at all times.
  71. In general operation Dinit methods should avoid throwing exceptions and be declared as 'noexcept',
  72. or otherwise be clearly documented as throwing exceptions. Errors should always be handled as
  73. gracefully as possible and should not prevent Dinit's continued operation. Particular care is
  74. needed for dynamic allocations: C++ style allocations (including adding elements to C++
  75. containers, or appending to strings) will raise 'std::bad_alloc' if they cannot allocate memory,
  76. and this must be handled appropriately. Once it has started regular operation, dinit must not
  77. terminate due to an error condition, even if the error is an allocation failure or another
  78. exception.
  79. Source code organisation
  80. ------------------------
  81. Most function comments and general documentation can be found in header files rather than in the
  82. corresponding source files.
  83. dinit-main.cc - just a wrapper around the entry point; reports exceptions
  84. dinit.cc - main entry point, command line parsing, general initialisation, event loop processing,
  85. signal handling, system management (shutdown / reboot etc)
  86. service.cc - base service logic (see service.h)
  87. proc-service.cc, baseproc-service.cc - process-based service logic (see service.h, proc-service.h)
  88. This builds on functionality in service.cc
  89. run-child-proc.cc - contains service_record::run_child_proc(), used to run child processes.
  90. load-service.cc - service loading (see load-service.h)
  91. control.cc - control protocol handling
  92. dinit-log.cc - logging subsystem
  93. tests/ - various tests
  94. igr-tests/ - integration tests
  95. The utility sources are:
  96. dinitctl.cc - the control/status utility
  97. shutdown.cc - shutdown/halt/reboot utility
  98. Testing
  99. -------
  100. The unit tests work by mocking out parts of Dinit, and some system calls, in order to isolate
  101. functional units. In the src/tests/test-includes directory are three mock headers. When compiling
  102. tests, the src/tests/includes directory is populated with (linked) copies of the standard headers
  103. from src/include, but with mocked headers taken from src/tests/test-includes instead.
  104. Note that systems calls are not mocked directly, instead:
  105. - system calls are wrapped in the bp_sys namespace, as defined in the baseproc-sys.h header;
  106. - for testing, the header is replaced with a mock header.
  107. (This avoids problems that might arise from replacing important system calls, and in
  108. particular avoids interfering with the test harness itself).
  109. It is important when writing new code in Dinit to avoid calling system calls directly, and to
  110. instead call the wrapper in bp_sys.