Home Explore Help
Register Sign In
OWEALs
/
dinit
mirror of https://github.com/davmac314/dinit.git
2
0
Fork 0
Files Issues 1 Wiki
Branch: master
Branches Tags
dinit
/
doc
/
DESIGN

DESIGN 8.6 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174 
  1. Dinit Design
    2. 

  2. ============
    3. 

  3. 

  4. NOTE: This document is intended to provide an overview. Specifics are generally included as
    5. 

  5.       comments/documentation within source files.
    6. 

  6. 

  7. 

  8. Design philosophy
    9. 

  9. -----------------
    10. 

  10. 

  11. Software design always involves balancing different concerns. Important concerns considered during
    12. 

  12. development of Dinit include:
    13. 

  13. 

  14. - Usability. The software should be easy to use and understand. Dangerous actions should be
    15. 

  15.   guarded (eg stopping a service via dinitctl requires a "--force" argument if it would also cause
    16. 

  16.   dependent services to stop). Common use cases should be supported by the feature set.
    17. 

  17.   Documentation should be complete. Error messages should be useful. Traceability/debugging is
    18. 

  18.   important.
    19. 

  19. - Compatibility and interopability. The software should work together with other pre-existing
    20. 

  20.   software; it is a piece of a larger puzzle. New interfaces should only be created when they
    21. 

  21.   provide a tangible benefit (eg Dinit supports the same readiness protocol as S6, and works with
    22. 

  22.   legacy processes that fork after launching via the bgprocess service type. It logs via the
    23. 

  23.   standard syslog mechanism).
    24. 

  24. - Scope. The feature set is restricted, but is large enough to provide utility and usability.
    25. 

  25. - Generality. Arbitrary restrictions should be avoided. Size is kept small and memory use low to
    26. 

  26.   make Dinit usable on systems with limited resources. Code remains portable across different
    27. 

  27.   operating systems.
    28. 

  28. - Maintainability. Code should be readable and well-documented; it should leverage the compiler's
    29. 

  29.   optimisations to remove abstraction penalty, wherever possible, so that the code can be more
    30. 

  30.   expressive, and comments should clearly explain why optimisations live "in the code" in cases
    31. 

  31.   where it is otherwise necessary.
    32. 

  32. 

  33. Of course, there are always trade-offs, but I believe that Dinit strikes a good balance with
    34. 

  34. regard to the concerns listed above.
    35. 

  35. 

  36. 

  37. Design fundamentals
    38. 

  38. -------------------
    39. 

  39. 

  40. The design is based around an event loop: events include process termination, signal reception,
    41. 

  41. and I/O coming in from control sockets (used to issue service start/stop commands etc via
    42. 

  42. dinitctl). The Dasynq library provides the backend event loop functionality; it is included
    43. 

  43. with the Dinit source, but has a separate web page and documentation:
    44. 

  44. 

  45.     http://davmac.org/projects/dasynq/ 
    46. 

  46. 

  47. In Dinit, service actions are often performed by setting "propagation" flags, inserting the
    48. 

  48. service in a queue, and then processing the queues. Thus a lot of service actions are performed
    49. 

  49. by first calling a function on a service and then draining the propagation queues. More
    50. 

  50. information can be found in comments at the beginning of the includes/service.h header.
    51. 

  51. 

  52. The logging subsystem is designed to log to two different sinks - typically, one is the console
    53. 

  53. and one is the syslog facility, but other arrangements are possible. It uses a circular buffer
    54. 

  54. for each output sink, and if the buffer becomes full it discards additional messages to avoid
    55. 

  55. blocking (though it flags that this has occurred and later outputs an overflow indication to the
    56. 

  56. sink). Services may acquire the console for their exclusive use, and in this case dinit's own
    57. 

  57. logging output is discarded and no longer buffered (though it will of course continue to be logged
    58. 

  58. to the other sink).
    59. 

  59. 

  60. Control protocol handling uses a circular receive buffer, but allocates storage for outgoing
    61. 

  61. packets dynamically. If allocation fails an "out of memory" flag is set and the connection is
    62. 

  62. closed after writing an "out of memory" information packet.
    63. 

  63. 

  64. 

  65. Key considerations
    66. 

  66. ------------------
    67. 

  67. 

  68. Dinit's overall function is fairly straightforward but there are some considerations that cause
    69. 

  69. its design to be more complicated than it might otherwise be.  The heart of the issue is that
    70. 

  70. Dinit should not stall on I/O and its essential operation should never fail, which means that many
    71. 

  71. code paths cannot perform memory allocation for example, and that log messages all go through a
    72. 

  72. buffer.
    73. 

  73. 

  74. Note that blocking actions are avoided: non-blocking I/O is used where possible; Dinit must
    75. 

  75. remain responsive at all times.
    76. 

  76. 

  77. In general operation Dinit methods should avoid throwing exceptions and be declared as 'noexcept',
    78. 

  78. or otherwise be clearly documented as throwing particular exceptions. Errors should always be
    79. 

  79. handled as gracefully as possible and should not prevent Dinit's continued operation. Particular
    80. 

  80. care is needed for dynamic allocations: C++ style allocations (including adding elements to C++
    81. 

  81. containers, or appending to strings) will raise 'std::bad_alloc' if they cannot allocate memory,
    82. 

  82. and this must be handled appropriately. Functions in 'std::vector' and 'std::string' are also able
    83. 

  83. to raise 'std::length_error' and it should probably be assumed that other containers can do so as
    84. 

  84. well (the C++ language specification is annoyingly unspecific) - although we don't expect to see
    85. 

  85. 'length_error' in practice, it should be handled anyway.
    86. 

  86. 

  87. Repeating for emphasis: Once it has started regular operation, dinit must not terminate due to an
    88. 

  88. error condition, even if the error is an allocation failure or another exception.
    89. 

  89. 

  90. 

  91. Services
    92. 

  92. --------
    93. 

  93. 

  94. There are presently five "exposed" service types: internal, triggered, process, bgprocess and
    95. 

  95. scripted. The latter three share the fact that they execute external processes and so naturally
    96. 

  96. share some implementation. The base service class is "service_record" - this directly supports
    97. 

  97. "internal" services (triggered services differ only slightly, but are still implemented via a
    98. 

  98. subclass, "triggered_service"). 
    99. 

  99. 

  100. The "base_process_service" class extends service_record and serves as a base class for the
    101. 

  101. remaining three service types (which all manage external processes) and provides common
    102. 

  102. functionality.
    103. 

  103. 

  104. Various functions in the service_record / base_process_service classes are virtual, so that they
    105. 

  105. can be overridden by the subclasses.
    106. 

  106. 

  107. All execution of child processes related to services currently goes through
    108. 

  108. service_record::run_child_proc() (after forking).
    109. 

  109. 

  110. Services are grouped in a "service_set". This provides the essential interface between the event
    111. 

  111. loop and services.
    112. 

  112. 

  113. A "placeholder_service" service type also exists; it is used as a placeholder for when a service
    114. 

  114. needs to maintain a link to another service but that other service has not yet been loaded (this
    115. 

  115. is used for example for "after" and "before" service ordering, since those don't require loading
    116. 

  116. the linked service, and "consumer-of" for similar reasons). When any service is loaded, it
    117. 

  117. replaces any placeholder service that already exists for it (and links from other services to the
    118. 

  118. placeholder are updated to refer to the newly loaded service instead). In a similar way, a service
    119. 

  119. which is unloaded but that still has persistent links from other services can be replaced with a
    120. 

  120. placeholder. 
    121. 

  121. 

  122. 

  123. Source code organisation
    124. 

  124. ------------------------
    125. 

  125. 

  126. Most function comments and general documentation can be found in header files rather than in the
    127. 

  127. corresponding source files.
    128. 

  128. 

  129. dinit-main.cc - just a wrapper around the entry point; reports exceptions
    130. 

  130. 

  131. dinit.cc - main entry point, command line parsing, general initialisation, event loop processing,
    132. 

  132.         signal handling, system management (shutdown / reboot etc)
    133. 

  133. 

  134. service.cc - base service logic (see service.h)
    135. 

  135. 

  136. proc-service.cc, baseproc-service.cc - process-based service logic (see service.h, proc-service.h)
    137. 

  137.         This builds on functionality in service.cc
    138. 

  138.     
    139. 

  139. run-child-proc.cc - contains service_record::run_child_proc(), used to run child processes.
    140. 

  140. 

  141. load-service.cc - service loading (see load-service.h)
    142. 

  142. 

  143. control.cc - control protocol handling
    144. 

  144. 

  145. dinit-log.cc - logging subsystem
    146. 

  146. 

  147. dinit-env.cc - mainly a function to read an environment file into an "environment" wrapper (as
    148. 

  148.         defined in dinit-env.h)
    149. 

  149. 

  150. tests/ - various tests
    151. 

  151. igr-tests/ - integration tests
    152. 

  152. 

  153. The utility sources are:
    154. 

  154. 

  155. dinitctl.cc - the control/status utility
    156. 

  156. dinitcheck.cc - dinitcheck utility
    157. 

  157. dinit-monitor.cc - the dinit-monitor utility
    158. 

  158. shutdown.cc - shutdown/halt/reboot utility
    159. 

  159. 

  160. 

  161. Testing
    162. 

  162. -------
    163. 

  163. 

  164. The unit tests work by mocking out parts of Dinit, and some system calls, in order to isolate
    165. 

  165. functional units. In the src/tests/test-includes directory are some mock headers. When compiling
    166. 

  166. tests, these headers are put on the include path before the regular includes directory. 
    167. 

  167. 

  168. Note that systems calls are not mocked directly, instead, system calls are wrapped in the bp_sys
    169. 

  169. namespace, as defined in the baseproc-sys.h header; this header is one of the headers mocked
    170. 

  170. for tests. (This avoids problems that might arise from replacing important system calls, and in
    171. 

  171. particular avoids interfering with the test harness itself).
    172. 

  172. 

  173. It is important when writing new code in Dinit to avoid calling system calls directly, and to
    174. 

  174. instead call the wrapper in bp_sys.
    175.