<p dir="ltr">You can use cgroups on linux to ensure that everything is shut down. See systemd.</p>
<p dir="ltr">Alexander</p>
<div class="gmail_quote">On Sep 14, 2013 9:21 PM, "Michael Xavier" <<a href="mailto:michael@michaelxavier.net">michael@michaelxavier.net</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Hey Cafe,<div><br></div><div>I am the maintainer of Angel, the process monitoring daemon. Angel's job is to start a configured set of processes and restart them when they go away. I was responding to a ticket and realized that the correct functionality is not obvious in one case, so I figured I'd ask the stakeholders: people who use Angel. From what I know, most people who use Angel are Haskellers so this seemed like the place.</div>
<div><br></div><div>When Angel is terminated, it tries to cleanly shut down any processes it is monitoring. It also shuts down processes that it spawned when they are removed from the config and the config is reloaded via the HUP signal. It uses terminateProcess from System.Process which sends a SIGTERM to the program on *nix systems.</div>
<div><br></div><div>The trouble is that SIGTERM can be intercepted and a process can still fail to shut down. Currently Angel issues the SIGTERM and hopes for the best. It also cleans pidfiles if there were any, which may send a misleading message. There are a couple of routes I could take:</div>
<div><br></div><div>1. Leave it how it is. Leave it to the user to make sure stubborn processes go away. I don't like this solution so much as it makes Angel harder to reason about from a user's perspective.</div>
<div>2. Send a TERM signal then wait for a certain number of seconds, then send an uninterruptable signal like SIGKILL.</div><div><br></div><div>There are some caveats with #2. I think I'd prefer the timeout to be configurable per-process. I think I'd also prefer that if no timeout is specified, we assume the user does not want us to use a SIGKILL. SIGKILL can be very dangerous for some processes like databases. I want explicit user permission to do something like this. If Angel generated a pidfile for the process, if it should only be cleaned if Angel can confirm the process is dead. Otherwise they should be left so the user can handle it.</div>
<div><br></div><div>So the real question: is the extra burden of an optional configuration flag per process worth this feature? Are my assumptions about path #2 reasonable.</div><div><br></div><div>Thanks for your feedback!</div>
<div><div><br></div>-- <br>Michael Xavier<br><a href="http://www.michaelxavier.net" target="_blank">http://www.michaelxavier.net</a>
</div></div>
<br>_______________________________________________<br>
Haskell-Cafe mailing list<br>
<a href="mailto:Haskell-Cafe@haskell.org">Haskell-Cafe@haskell.org</a><br>
<a href="http://www.haskell.org/mailman/listinfo/haskell-cafe" target="_blank">http://www.haskell.org/mailman/listinfo/haskell-cafe</a><br>
<br></blockquote></div>