#2582 Restart HTTP daemon without restarting SFCB

New_Feature
pending-fixed
sfcb (1090)
5
2014-08-28
2012-12-20
Dave Heller
No

There are situations where it is useful to be able to restart the SFCB HTTP daemon(s) without restarting SFCB entirely. For example, the user may wish to update SSL certificates on-the-fly when the system's identity is modified. It is only necessary to the HTTP daemons to accomplish this, and this is faster that restarting SFCB and all associated provider processes. This patch allows restart of all running HTTP daemons by sending SIGUSR2 to the SFCB Main process.

If the user wishes to update SSL certificates (i.e. server.pem, file.pem, client.pem) this should be done prior to HTTP Daemon restart. The user may update the files or update the corresponding entries in sfcb.cfg to point to new files.

To restart HTTP Daemon the user must send SIGUSR2 to the SFCB Main process (i.e. Provider Mgr process). The pid number of this process is identified by a syslog (M_INFO) message at startup:

--- sfcbd V1.x.xx started - <pidnum>

The Main process can also be identified using the "sfcb-ps" utility, available from the "extra" directory in SFCB v1.4. For testing, the following command will send the appropriate signal to the Main process:

$ kill -USR2 $(sfcb-ps | grep Main | sed 's/^ *//' | cut -d' ' -f1)

Note it is not recommended to use "sfcb-ps" for this purpose in a production environment since the script cannot guarantee to correctly identify Main in all cases. Instead the user should record the pid of Main at startup via the above syslog message.

Note also it is not recommended (and not necessary) to send SIGUSR2 within the first few seconds of SFCB startup.

This is LTC# 85531

Discussion

  • Dave Heller
    Dave Heller
    2012-12-30

    • status: open --> pending-fixed
     
  • Dave Heller
    Dave Heller
    2012-12-30

    Committed to git master