[jira] Created: (QPID-1114) Improvements to daemon mode operations

["Ted Ross (JIRA)" <qp...@incubator.apache.org>]

Improvements to daemon mode operations
--------------------------------------

                 Key: QPID-1114
                 URL: https://issues.apache.org/jira/browse/QPID-1114
             Project: Qpid
          Issue Type: Improvement
          Components: C++ Broker
    Affects Versions: M3
            Reporter: Ted Ross
            Assignee: Ted Ross
            Priority: Minor
             Fix For: M3


This update improves daemon-mode operation of the C++ broker.

When run as a daemon (--daemon), the broker currently creates a PID file specific to the port the broker is listening on.  This allows multiple daemons to run simultaneously on the same system.  The PID file is stored in "/var/run" if the broker is running as root, otherwise, it is stored in "/tmp".

The problem with this is that since it is recommended that the broker not run as root for security reasons, installed/deployed brokers write their PID files to /tmp.  This is not the right place for such a file and may run afoul of the security policy on the system it is installed on.  It also means that root users can't use the --quit option to stop daemons that were started by non-root users.

This update does the following:

1) Removes the root/not-root distinction and always defaults to "/tmp".  This is useful for developers who run the broker from SVN and not as a service.

2) Provides a new option "--pid-dir" that allows the configuration (command line, file, or env-variables) to control the directory for PID file storage.

3) Adds a line to the default configuration file (/etc/qpidd.conf) that sets the pid-dir to "/var/run/qpidd".  This is useful for real deployment.

4) Adds commands in the install spec-file to create /var/run/qpidd with read and write access for user "qpidd"

Note that there is also a bug-fix in the qpidd startup script.  Instead of using the "daemon" command to spawn the service (which retrieves the PID of the qpidd parent process, not the child), the runuser command is used instead.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Resolved: (QPID-1114) Improvements to daemon mode operations

["Ted Ross (JIRA)" <qp...@incubator.apache.org>]

     [ https://issues.apache.org/jira/browse/QPID-1114?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ted Ross resolved QPID-1114.
----------------------------

    Resolution: Fixed

> Improvements to daemon mode operations
> --------------------------------------
>
>                 Key: QPID-1114
>                 URL: https://issues.apache.org/jira/browse/QPID-1114
>             Project: Qpid
>          Issue Type: Improvement
>          Components: C++ Broker
>    Affects Versions: M3
>            Reporter: Ted Ross
>            Assignee: Ted Ross
>            Priority: Minor
>             Fix For: M3
>
>
> This update improves daemon-mode operation of the C++ broker.
> When run as a daemon (--daemon), the broker currently creates a PID file specific to the port the broker is listening on.  This allows multiple daemons to run simultaneously on the same system.  The PID file is stored in "/var/run" if the broker is running as root, otherwise, it is stored in "/tmp".
> The problem with this is that since it is recommended that the broker not run as root for security reasons, installed/deployed brokers write their PID files to /tmp.  This is not the right place for such a file and may run afoul of the security policy on the system it is installed on.  It also means that root users can't use the --quit option to stop daemons that were started by non-root users.
> This update does the following:
> 1) Removes the root/not-root distinction and always defaults to "/tmp".  This is useful for developers who run the broker from SVN and not as a service.
> 2) Provides a new option "--pid-dir" that allows the configuration (command line, file, or env-variables) to control the directory for PID file storage.
> 3) Adds a line to the default configuration file (/etc/qpidd.conf) that sets the pid-dir to "/var/run/qpidd".  This is useful for real deployment.
> 4) Adds commands in the install spec-file to create /var/run/qpidd with read and write access for user "qpidd"

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (QPID-1114) Improvements to daemon mode operations

["Ted Ross (JIRA)" <qp...@incubator.apache.org>]

    [ https://issues.apache.org/jira/browse/QPID-1114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12602014#action_12602014 ] 

Ted Ross commented on QPID-1114:
--------------------------------

Please note that the commit log says the default is /home/ross/.qpidd.  It is not.  The command shell expanded the $HOME I typed and replaced it with my home directory.

The default is $HOME/.qpidd where $HOME expands to the home directory of the current user.

> Improvements to daemon mode operations
> --------------------------------------
>
>                 Key: QPID-1114
>                 URL: https://issues.apache.org/jira/browse/QPID-1114
>             Project: Qpid
>          Issue Type: Improvement
>          Components: C++ Broker
>    Affects Versions: M3
>            Reporter: Ted Ross
>            Assignee: Ted Ross
>            Priority: Minor
>             Fix For: M3
>
>
> This update improves daemon-mode operation of the C++ broker.
> When run as a daemon (--daemon), the broker currently creates a PID file specific to the port the broker is listening on.  This allows multiple daemons to run simultaneously on the same system.  The PID file is stored in "/var/run" if the broker is running as root, otherwise, it is stored in "/tmp".
> The problem with this is that since it is recommended that the broker not run as root for security reasons, installed/deployed brokers write their PID files to /tmp.  This is not the right place for such a file and may run afoul of the security policy on the system it is installed on.  It also means that root users can't use the --quit option to stop daemons that were started by non-root users.
> This update does the following:
> 1) Removes the root/not-root distinction and always defaults to "/tmp".  This is useful for developers who run the broker from SVN and not as a service.
> 2) Provides a new option "--pid-dir" that allows the configuration (command line, file, or env-variables) to control the directory for PID file storage.
> 3) Adds a line to the default configuration file (/etc/qpidd.conf) that sets the pid-dir to "/var/run/qpidd".  This is useful for real deployment.
> 4) Adds commands in the install spec-file to create /var/run/qpidd with read and write access for user "qpidd"

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (QPID-1114) Improvements to daemon mode operations

["Ted Ross (JIRA)" <qp...@incubator.apache.org>]

    [ https://issues.apache.org/jira/browse/QPID-1114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12602010#action_12602010 ] 

Ted Ross commented on QPID-1114:
--------------------------------

There is one more issue that arose from these changes...

The data directory (--data-dir option) defaults to /var/lib/qpidd.  The installation script creates this directory and sets its owner to qpidd:qpidd.  If a user installs qpidd and then runs the broker from the command line, the broker will fail because the user does not have write access to the data directory.

I will shortly commit a change that addresses this problem by:

1) Using $HOME/.qpidd as the default data directory (and creating it if it doesn't exist)
2) Using the same as the default PID directory
3) Adding --data-dir /var/lib/qpidd to the command line in the startup script



> Improvements to daemon mode operations
> --------------------------------------
>
>                 Key: QPID-1114
>                 URL: https://issues.apache.org/jira/browse/QPID-1114
>             Project: Qpid
>          Issue Type: Improvement
>          Components: C++ Broker
>    Affects Versions: M3
>            Reporter: Ted Ross
>            Assignee: Ted Ross
>            Priority: Minor
>             Fix For: M3
>
>
> This update improves daemon-mode operation of the C++ broker.
> When run as a daemon (--daemon), the broker currently creates a PID file specific to the port the broker is listening on.  This allows multiple daemons to run simultaneously on the same system.  The PID file is stored in "/var/run" if the broker is running as root, otherwise, it is stored in "/tmp".
> The problem with this is that since it is recommended that the broker not run as root for security reasons, installed/deployed brokers write their PID files to /tmp.  This is not the right place for such a file and may run afoul of the security policy on the system it is installed on.  It also means that root users can't use the --quit option to stop daemons that were started by non-root users.
> This update does the following:
> 1) Removes the root/not-root distinction and always defaults to "/tmp".  This is useful for developers who run the broker from SVN and not as a service.
> 2) Provides a new option "--pid-dir" that allows the configuration (command line, file, or env-variables) to control the directory for PID file storage.
> 3) Adds a line to the default configuration file (/etc/qpidd.conf) that sets the pid-dir to "/var/run/qpidd".  This is useful for real deployment.
> 4) Adds commands in the install spec-file to create /var/run/qpidd with read and write access for user "qpidd"

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (QPID-1114) Improvements to daemon mode operations

["Ted Ross (JIRA)" <qp...@incubator.apache.org>]

     [ https://issues.apache.org/jira/browse/QPID-1114?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ted Ross updated QPID-1114:
---------------------------

    Description: 
This update improves daemon-mode operation of the C++ broker.

When run as a daemon (--daemon), the broker currently creates a PID file specific to the port the broker is listening on.  This allows multiple daemons to run simultaneously on the same system.  The PID file is stored in "/var/run" if the broker is running as root, otherwise, it is stored in "/tmp".

The problem with this is that since it is recommended that the broker not run as root for security reasons, installed/deployed brokers write their PID files to /tmp.  This is not the right place for such a file and may run afoul of the security policy on the system it is installed on.  It also means that root users can't use the --quit option to stop daemons that were started by non-root users.

This update does the following:

1) Removes the root/not-root distinction and always defaults to "/tmp".  This is useful for developers who run the broker from SVN and not as a service.

2) Provides a new option "--pid-dir" that allows the configuration (command line, file, or env-variables) to control the directory for PID file storage.

3) Adds a line to the default configuration file (/etc/qpidd.conf) that sets the pid-dir to "/var/run/qpidd".  This is useful for real deployment.

4) Adds commands in the install spec-file to create /var/run/qpidd with read and write access for user "qpidd"


  was:
This update improves daemon-mode operation of the C++ broker.

When run as a daemon (--daemon), the broker currently creates a PID file specific to the port the broker is listening on.  This allows multiple daemons to run simultaneously on the same system.  The PID file is stored in "/var/run" if the broker is running as root, otherwise, it is stored in "/tmp".

The problem with this is that since it is recommended that the broker not run as root for security reasons, installed/deployed brokers write their PID files to /tmp.  This is not the right place for such a file and may run afoul of the security policy on the system it is installed on.  It also means that root users can't use the --quit option to stop daemons that were started by non-root users.

This update does the following:

1) Removes the root/not-root distinction and always defaults to "/tmp".  This is useful for developers who run the broker from SVN and not as a service.

2) Provides a new option "--pid-dir" that allows the configuration (command line, file, or env-variables) to control the directory for PID file storage.

3) Adds a line to the default configuration file (/etc/qpidd.conf) that sets the pid-dir to "/var/run/qpidd".  This is useful for real deployment.

4) Adds commands in the install spec-file to create /var/run/qpidd with read and write access for user "qpidd"

Note that there is also a bug-fix in the qpidd startup script.  Instead of using the "daemon" command to spawn the service (which retrieves the PID of the qpidd parent process, not the child), the runuser command is used instead.


> Improvements to daemon mode operations
> --------------------------------------
>
>                 Key: QPID-1114
>                 URL: https://issues.apache.org/jira/browse/QPID-1114
>             Project: Qpid
>          Issue Type: Improvement
>          Components: C++ Broker
>    Affects Versions: M3
>            Reporter: Ted Ross
>            Assignee: Ted Ross
>            Priority: Minor
>             Fix For: M3
>
>
> This update improves daemon-mode operation of the C++ broker.
> When run as a daemon (--daemon), the broker currently creates a PID file specific to the port the broker is listening on.  This allows multiple daemons to run simultaneously on the same system.  The PID file is stored in "/var/run" if the broker is running as root, otherwise, it is stored in "/tmp".
> The problem with this is that since it is recommended that the broker not run as root for security reasons, installed/deployed brokers write their PID files to /tmp.  This is not the right place for such a file and may run afoul of the security policy on the system it is installed on.  It also means that root users can't use the --quit option to stop daemons that were started by non-root users.
> This update does the following:
> 1) Removes the root/not-root distinction and always defaults to "/tmp".  This is useful for developers who run the broker from SVN and not as a service.
> 2) Provides a new option "--pid-dir" that allows the configuration (command line, file, or env-variables) to control the directory for PID file storage.
> 3) Adds a line to the default configuration file (/etc/qpidd.conf) that sets the pid-dir to "/var/run/qpidd".  This is useful for real deployment.
> 4) Adds commands in the install spec-file to create /var/run/qpidd with read and write access for user "qpidd"

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (QPID-1114) Improvements to daemon mode operations

["Ted Ross (JIRA)" <qp...@incubator.apache.org>]

    [ https://issues.apache.org/jira/browse/QPID-1114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12601970#action_12601970 ] 

Ted Ross commented on QPID-1114:
--------------------------------

An update is coming that moves the pid-dir (/var/run/qpidd) from the config file to the command line in the startup script.  This will make qpidd more friendly to users who run qpidd from the command line by not causing access privilege problems when accessing /var/run/qpidd.


> Improvements to daemon mode operations
> --------------------------------------
>
>                 Key: QPID-1114
>                 URL: https://issues.apache.org/jira/browse/QPID-1114
>             Project: Qpid
>          Issue Type: Improvement
>          Components: C++ Broker
>    Affects Versions: M3
>            Reporter: Ted Ross
>            Assignee: Ted Ross
>            Priority: Minor
>             Fix For: M3
>
>
> This update improves daemon-mode operation of the C++ broker.
> When run as a daemon (--daemon), the broker currently creates a PID file specific to the port the broker is listening on.  This allows multiple daemons to run simultaneously on the same system.  The PID file is stored in "/var/run" if the broker is running as root, otherwise, it is stored in "/tmp".
> The problem with this is that since it is recommended that the broker not run as root for security reasons, installed/deployed brokers write their PID files to /tmp.  This is not the right place for such a file and may run afoul of the security policy on the system it is installed on.  It also means that root users can't use the --quit option to stop daemons that were started by non-root users.
> This update does the following:
> 1) Removes the root/not-root distinction and always defaults to "/tmp".  This is useful for developers who run the broker from SVN and not as a service.
> 2) Provides a new option "--pid-dir" that allows the configuration (command line, file, or env-variables) to control the directory for PID file storage.
> 3) Adds a line to the default configuration file (/etc/qpidd.conf) that sets the pid-dir to "/var/run/qpidd".  This is useful for real deployment.
> 4) Adds commands in the install spec-file to create /var/run/qpidd with read and write access for user "qpidd"

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.