[repo-coord] rpm scripts for daemons, advice please

Florin Andrei florin at andrei.myip.org
Mon Jul 19 19:05:58 CEST 2004 

On Mon, 2004-07-19 at 00:53, Bent Terp wrote:

> >  Don't stop daemons (at least, not when upgrading),
> 
> Is that normal? To keep version X of a daemon running and in memory,
> while version X+1 is on disk?

If you do not stop it, the system might be left hanging in a "limbo"
state, i.e. an older daemon running on top of newer config files and
libraries, etc. A restart later might have unwanted consequences. Or the
daemon might just start acting strange.

I think i see why some people believe it's better to not stop the daemon
while upgrading - they're concerned about having a "smooth transition"
and about not upsetting the normal functioning. But an upgrade is an
intrusive operation, it has a large potential of disrupting things
anyway; to claim you are doing it in an "unintrusive, smooth" fashion
would be unwise (not to mention unrealistic).

Since you're upgrading anyway, it's better to advertise the event to all
users, shut down the service manually, then upgrade, then verify
everything is fine, and only after that make the service available to
users again. This way you are going from one controlled state to
another.

If you upgrade without stopping the daemon, there is a time interval
when the system is unpredictable. That is not good.

> Would it be wrong to stop the service in %preun, and resume it in %post?

That is best.

> There will be a short disruption of service while files are being
> replaced, but it sort of makes sense to me that while it is undefined
> which version of files are in place, we don't really want to use them.

Upgrade is an operation with a high disruptive potential. Better
stop/start the service in a controlled fashion than letting it acting
weird.

> Or should I just leave it running and do either a start or a restart in
> %post?

No.

If someone is worried about the service going down during an update,
i.e. if the service is so hugely important that it cannot stop even
during an update, not stopping the service during the update is the
wrong solution.
The right solution in that case is to use high-availability techniques,
redirect the users to another machine that provides the service during
the transition, etc. There are well-known methods to deal with this type
of situation.

At least that's what "best practices" in a corporate environment usually
recommend.

Bottom-line:

if (service_is_running) {
  stop_service;
  update;
  start_service;
} else {
  update;
};

-- 
Florin Andrei

http://florin.myip.org/

More information about the repo-coord mailing list