shepherd.scm 24 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588
  1. ;;; GNU Guix --- Functional package management for GNU
  2. ;;; Copyright © 2013, 2014, 2015, 2016, 2018, 2019, 2020, 2021 Ludovic Courtès <ludo@gnu.org>
  3. ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
  4. ;;; Copyright © 2018 Carlo Zancanaro <carlo@zancanaro.id.au>
  5. ;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
  6. ;;; Copyright © 2021 Maxime Devos <maximedevos@telenet.be>
  7. ;;;
  8. ;;; This file is part of GNU Guix.
  9. ;;;
  10. ;;; GNU Guix is free software; you can redistribute it and/or modify it
  11. ;;; under the terms of the GNU General Public License as published by
  12. ;;; the Free Software Foundation; either version 3 of the License, or (at
  13. ;;; your option) any later version.
  14. ;;;
  15. ;;; GNU Guix is distributed in the hope that it will be useful, but
  16. ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
  17. ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  18. ;;; GNU General Public License for more details.
  19. ;;;
  20. ;;; You should have received a copy of the GNU General Public License
  21. ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
  22. (define-module (gnu services shepherd)
  23. #:use-module (guix ui)
  24. #:use-module (guix sets)
  25. #:use-module (guix gexp)
  26. #:use-module (guix store)
  27. #:use-module (guix records)
  28. #:use-module (guix derivations) ;imported-modules, etc.
  29. #:use-module (guix utils)
  30. #:use-module (gnu services)
  31. #:use-module (gnu services herd)
  32. #:use-module (gnu packages admin)
  33. #:use-module (ice-9 match)
  34. #:use-module (ice-9 vlist)
  35. #:use-module (srfi srfi-1)
  36. #:use-module (srfi srfi-26)
  37. #:use-module (srfi srfi-34)
  38. #:use-module (srfi srfi-35)
  39. #:export (shepherd-configuration
  40. shepherd-configuration?
  41. shepherd-configuration-shepherd
  42. shepherd-configuration-services
  43. shepherd-root-service-type
  44. %shepherd-root-service
  45. shepherd-service-type
  46. shepherd-service
  47. shepherd-service?
  48. shepherd-service-documentation
  49. shepherd-service-provision
  50. shepherd-service-canonical-name
  51. shepherd-service-requirement
  52. shepherd-service-one-shot?
  53. shepherd-service-respawn?
  54. shepherd-service-start
  55. shepherd-service-stop
  56. shepherd-service-auto-start?
  57. shepherd-service-modules
  58. shepherd-action
  59. shepherd-action?
  60. shepherd-action-name
  61. shepherd-action-documentation
  62. shepherd-action-procedure
  63. %default-modules
  64. shepherd-service-file
  65. shepherd-service-lookup-procedure
  66. shepherd-service-back-edges
  67. shepherd-service-upgrade
  68. user-processes-service-type))
  69. ;;; Commentary:
  70. ;;;
  71. ;;; Instantiating system services as a shepherd configuration file.
  72. ;;;
  73. ;;; Code:
  74. (define-record-type* <shepherd-configuration>
  75. shepherd-configuration make-shepherd-configuration
  76. shepherd-configuration?
  77. (shepherd shepherd-configuration-shepherd
  78. (default shepherd)) ; package
  79. (services shepherd-configuration-services
  80. (default '()))) ; list of <shepherd-service>
  81. (define (shepherd-boot-gexp config)
  82. "Return a gexp starting the shepherd service."
  83. (let ((shepherd (shepherd-configuration-shepherd config))
  84. (services (shepherd-configuration-services config)))
  85. #~(begin
  86. ;; Keep track of the booted system.
  87. (false-if-exception (delete-file "/run/booted-system"))
  88. (symlink (readlink "/run/current-system")
  89. "/run/booted-system")
  90. ;; Close any remaining open file descriptors to be on the safe
  91. ;; side. This must be the very last thing we do, because
  92. ;; Guile has internal FDs such as 'sleep_pipe' that need to be
  93. ;; alive.
  94. (let loop ((fd 3))
  95. (when (< fd 1024)
  96. (false-if-exception (close-fdes fd))
  97. (loop (+ 1 fd))))
  98. ;; Start shepherd.
  99. (execl #$(file-append shepherd "/bin/shepherd")
  100. "shepherd" "--config"
  101. #$(shepherd-configuration-file services shepherd)))))
  102. (define shepherd-packages
  103. (compose list shepherd-configuration-shepherd))
  104. (define shepherd-root-service-type
  105. (service-type
  106. (name 'shepherd-root)
  107. ;; Extending the root shepherd service (aka. PID 1) happens by
  108. ;; concatenating the list of services provided by the extensions.
  109. (compose concatenate)
  110. (extend (lambda (config extra-services)
  111. (shepherd-configuration
  112. (inherit config)
  113. (services (append (shepherd-configuration-services config)
  114. extra-services)))))
  115. (extensions (list (service-extension boot-service-type
  116. shepherd-boot-gexp)
  117. (service-extension profile-service-type
  118. shepherd-packages)))
  119. (default-value (shepherd-configuration))
  120. (description
  121. "Run the GNU Shepherd as PID 1---i.e., the operating system's first
  122. process. The Shepherd takes care of managing services such as daemons by
  123. ensuring they are started and stopped in the right order.")))
  124. (define %shepherd-root-service
  125. ;; The root shepherd service, aka. PID 1. Its parameter is a
  126. ;; <shepherd-configuration>.
  127. (service shepherd-root-service-type))
  128. (define-syntax shepherd-service-type
  129. (syntax-rules (description)
  130. "Return a <service-type> denoting a simple shepherd service--i.e., the type
  131. for a service that extends SHEPHERD-ROOT-SERVICE-TYPE and nothing else. When
  132. DEFAULT is given, use it as the service's default value."
  133. ((_ service-name proc default (description text))
  134. (service-type
  135. (name service-name)
  136. (extensions
  137. (list (service-extension shepherd-root-service-type
  138. (compose list proc))))
  139. (default-value default)
  140. (description text)))
  141. ((_ service-name proc (description text))
  142. (service-type
  143. (name service-name)
  144. (extensions
  145. (list (service-extension shepherd-root-service-type
  146. (compose list proc))))
  147. (description text)))))
  148. (define %default-imported-modules
  149. ;; Default set of modules imported for a service's consumption.
  150. '((guix build utils)
  151. (guix build syscalls)))
  152. (define %default-modules
  153. ;; Default set of modules visible in a service's file.
  154. `((shepherd service)
  155. (oop goops)
  156. ((guix build utils) #:hide (delete))
  157. (guix build syscalls)))
  158. (define-record-type* <shepherd-service>
  159. shepherd-service make-shepherd-service
  160. shepherd-service?
  161. (documentation shepherd-service-documentation ;string
  162. (default "[No documentation.]"))
  163. (provision shepherd-service-provision) ;list of symbols
  164. (requirement shepherd-service-requirement ;list of symbols
  165. (default '()))
  166. (one-shot? shepherd-service-one-shot? ;Boolean
  167. (default #f))
  168. (respawn? shepherd-service-respawn? ;Boolean
  169. (default #t))
  170. (start shepherd-service-start) ;g-expression (procedure)
  171. (stop shepherd-service-stop ;g-expression (procedure)
  172. (default #~(const #f)))
  173. (actions shepherd-service-actions ;list of <shepherd-action>
  174. (default '()))
  175. (auto-start? shepherd-service-auto-start? ;Boolean
  176. (default #t))
  177. (modules shepherd-service-modules ;list of module names
  178. (default %default-modules)))
  179. (define-record-type* <shepherd-action>
  180. shepherd-action make-shepherd-action
  181. shepherd-action?
  182. (name shepherd-action-name) ;symbol
  183. (procedure shepherd-action-procedure) ;gexp
  184. (documentation shepherd-action-documentation)) ;string
  185. (define (shepherd-service-canonical-name service)
  186. "Return the 'canonical name' of SERVICE."
  187. (first (shepherd-service-provision service)))
  188. (define (assert-valid-graph services)
  189. "Raise an error if SERVICES does not define a valid shepherd service graph,
  190. for instance if a service requires a nonexistent service, or if more than one
  191. service uses a given name.
  192. These are constraints that shepherd's 'register-service' verifies but we'd
  193. better verify them here statically than wait until PID 1 halts with an
  194. assertion failure."
  195. (define provisions
  196. ;; The set of provisions (symbols). Bail out if a symbol is given more
  197. ;; than once.
  198. (fold (lambda (service set)
  199. (define (assert-unique symbol)
  200. (when (set-contains? set symbol)
  201. (raise (condition
  202. (&message
  203. (message
  204. (format #f (G_ "service '~a' provided more than once")
  205. symbol)))))))
  206. (for-each assert-unique (shepherd-service-provision service))
  207. (fold set-insert set (shepherd-service-provision service)))
  208. (setq 'shepherd)
  209. services))
  210. (define (assert-satisfied-requirements service)
  211. ;; Bail out if the requirements of SERVICE aren't satisfied.
  212. (for-each (lambda (requirement)
  213. (unless (set-contains? provisions requirement)
  214. (raise (condition
  215. (&message
  216. (message
  217. (format #f (G_ "service '~a' requires '~a', \
  218. which is not provided by any service")
  219. (match (shepherd-service-provision service)
  220. ((head . _) head)
  221. (_ service))
  222. requirement)))))))
  223. (shepherd-service-requirement service)))
  224. (for-each assert-satisfied-requirements services))
  225. (define %store-characters
  226. ;; Valid store characters; see 'checkStoreName' in the daemon.
  227. (string->char-set
  228. "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+-._?="))
  229. (define (shepherd-service-file-name service)
  230. "Return the file name where the initialization code for SERVICE is to be
  231. stored."
  232. (let ((provisions (string-join (map symbol->string
  233. (shepherd-service-provision service)))))
  234. (string-append "shepherd-"
  235. (string-map (lambda (chr)
  236. (if (char-set-contains? %store-characters chr)
  237. chr
  238. #\-))
  239. provisions)
  240. ".scm")))
  241. (define (shepherd-service-file service)
  242. "Return a file defining SERVICE."
  243. (scheme-file (shepherd-service-file-name service)
  244. (with-imported-modules %default-imported-modules
  245. #~(begin
  246. (use-modules #$@(shepherd-service-modules service))
  247. (make <service>
  248. #:docstring '#$(shepherd-service-documentation service)
  249. #:provides '#$(shepherd-service-provision service)
  250. #:requires '#$(shepherd-service-requirement service)
  251. ;; The 'one-shot?' slot is new in Shepherd 0.6.0.
  252. ;; Older versions ignore it.
  253. #:one-shot? '#$(shepherd-service-one-shot? service)
  254. #:respawn? '#$(shepherd-service-respawn? service)
  255. #:start #$(shepherd-service-start service)
  256. #:stop #$(shepherd-service-stop service)
  257. #:actions
  258. (make-actions
  259. #$@(map (match-lambda
  260. (($ <shepherd-action> name proc doc)
  261. #~(#$name #$doc #$proc)))
  262. (shepherd-service-actions service))))))))
  263. (define (scm->go file shepherd)
  264. "Compile FILE, which contains code to be loaded by shepherd's config file,
  265. and return the resulting '.go' file. SHEPHERD is used as shepherd package."
  266. (let-system (system target)
  267. (with-extensions (list shepherd)
  268. (computed-file (string-append (basename (scheme-file-name file) ".scm")
  269. ".go")
  270. #~(begin
  271. (use-modules (system base compile)
  272. (system base target))
  273. ;; Do the same as the Shepherd's 'load-in-user-module'.
  274. (let ((env (make-fresh-user-module)))
  275. (module-use! env (resolve-interface '(oop goops)))
  276. (module-use! env (resolve-interface '(shepherd service)))
  277. (with-target #$(or target #~%host-type)
  278. (lambda _
  279. (compile-file #$file #:output-file #$output
  280. #:env env)))))
  281. ;; It's faster to build locally than to download.
  282. #:options '(#:local-build? #t
  283. #:substitutable? #f)))))
  284. (define (shepherd-configuration-file services shepherd)
  285. "Return the shepherd configuration file for SERVICES. SHEPHERD is used
  286. as shepherd package."
  287. (assert-valid-graph services)
  288. (let ((files (map shepherd-service-file services))
  289. (scm->go (cute scm->go <> shepherd)))
  290. (define config
  291. #~(begin
  292. (use-modules (srfi srfi-34)
  293. (system repl error-handling))
  294. ;; Specify the default environment visible to all the services.
  295. ;; Without this statement, all the environment variables of PID 1
  296. ;; are inherited by child services.
  297. (default-environment-variables
  298. '("PATH=/run/current-system/profile/bin"))
  299. ;; Booting off a DVD, especially on a slow machine, can make
  300. ;; everything slow. Thus, increase the timeout compared to the
  301. ;; default 5s in the Shepherd 0.7.0. See
  302. ;; <https://bugs.gnu.org/40572>.
  303. (default-pid-file-timeout 30)
  304. ;; Arrange to spawn a REPL if something goes wrong. This is better
  305. ;; than a kernel panic.
  306. (call-with-error-handling
  307. (lambda ()
  308. (apply register-services
  309. (parameterize ((current-warning-port
  310. (%make-void-port "w")))
  311. (map load-compiled '#$(map scm->go files))))))
  312. (format #t "starting services...~%")
  313. (for-each (lambda (service)
  314. ;; In the Shepherd 0.3 the 'start' method can raise
  315. ;; '&action-runtime-error' if it fails, so protect
  316. ;; against it. (XXX: 'action-runtime-error?' is not
  317. ;; exported is 0.3, hence 'service-error?'.)
  318. (guard (c ((service-error? c)
  319. (format (current-error-port)
  320. "failed to start service '~a'~%"
  321. service)))
  322. (start service)))
  323. '#$(append-map shepherd-service-provision
  324. (filter shepherd-service-auto-start?
  325. services)))
  326. ;; Hang up stdin. At this point, we assume that 'start' methods
  327. ;; that required user interaction on the console (e.g.,
  328. ;; 'cryptsetup open' invocations, post-fsck emergency REPL) have
  329. ;; completed. User interaction becomes impossible after this
  330. ;; call; this avoids situations where services wrongfully lead
  331. ;; PID 1 to read from stdin (the console), which users may not
  332. ;; have access to (see <https://bugs.gnu.org/23697>).
  333. (redirect-port (open-input-file "/dev/null")
  334. (current-input-port))))
  335. (scheme-file "shepherd.conf" config)))
  336. (define* (shepherd-service-lookup-procedure services
  337. #:optional
  338. (provision
  339. shepherd-service-provision))
  340. "Return a procedure that, when passed a symbol, return the item among
  341. SERVICES that provides this symbol. PROVISION must be a one-argument
  342. procedure that takes a service and returns the list of symbols it provides."
  343. (let ((services (fold (lambda (service result)
  344. (fold (cut vhash-consq <> service <>)
  345. result
  346. (provision service)))
  347. vlist-null
  348. services)))
  349. (lambda (name)
  350. (match (vhash-assq name services)
  351. ((_ . service) service)
  352. (#f #f)))))
  353. (define* (shepherd-service-back-edges services
  354. #:key
  355. (provision shepherd-service-provision)
  356. (requirement shepherd-service-requirement))
  357. "Return a procedure that, when given a <shepherd-service> from SERVICES,
  358. returns the list of <shepherd-service> that depend on it.
  359. Use PROVISION and REQUIREMENT as one-argument procedures that return the
  360. symbols provided/required by a service."
  361. (define provision->service
  362. (shepherd-service-lookup-procedure services provision))
  363. (define edges
  364. (fold (lambda (service edges)
  365. (fold (lambda (requirement edges)
  366. (vhash-consq (provision->service requirement) service
  367. edges))
  368. edges
  369. (requirement service)))
  370. vlist-null
  371. services))
  372. (lambda (service)
  373. (vhash-foldq* cons '() service edges)))
  374. (define (shepherd-service-upgrade live target)
  375. "Return two values: the subset of LIVE (a list of <live-service>) that needs
  376. to be unloaded, and the subset of TARGET (a list of <shepherd-service>) that
  377. need to be restarted to complete their upgrade."
  378. (define (essential? service)
  379. (memq (first (live-service-provision service))
  380. '(root shepherd)))
  381. (define lookup-target
  382. (shepherd-service-lookup-procedure target
  383. shepherd-service-provision))
  384. (define lookup-live
  385. (shepherd-service-lookup-procedure live
  386. live-service-provision))
  387. (define (running? service)
  388. (and=> (lookup-live (shepherd-service-canonical-name service))
  389. live-service-running))
  390. (define live-service-dependents
  391. (shepherd-service-back-edges live
  392. #:provision live-service-provision
  393. #:requirement live-service-requirement))
  394. (define (obsolete? service)
  395. (match (lookup-target (first (live-service-provision service)))
  396. (#f (every obsolete? (live-service-dependents service)))
  397. (_ #f)))
  398. (define to-restart
  399. ;; Restart services that are currently running.
  400. (filter running? target))
  401. (define to-unload
  402. ;; Unload services that are no longer required.
  403. (remove essential? (filter obsolete? live)))
  404. (values to-unload to-restart))
  405. ;;;
  406. ;;; User processes.
  407. ;;;
  408. (define %do-not-kill-file
  409. ;; Name of the file listing PIDs of processes that must survive when halting
  410. ;; the system. Typical example is user-space file systems.
  411. "/etc/shepherd/do-not-kill")
  412. (define (user-processes-shepherd-service requirements)
  413. "Return the 'user-processes' Shepherd service with dependencies on
  414. REQUIREMENTS (a list of service names).
  415. This is a synchronization point used to make sure user processes and daemons
  416. get started only after crucial initial services have been started---file
  417. system mounts, etc. This is similar to the 'sysvinit' target in systemd."
  418. (define grace-delay
  419. ;; Delay after sending SIGTERM and before sending SIGKILL.
  420. 4)
  421. (list (shepherd-service
  422. (documentation "When stopped, terminate all user processes.")
  423. (provision '(user-processes))
  424. (requirement requirements)
  425. (start #~(const #t))
  426. (stop #~(lambda _
  427. (define (kill-except omit signal)
  428. ;; Kill all the processes with SIGNAL except those listed
  429. ;; in OMIT and the current process.
  430. (let ((omit (cons (getpid) omit)))
  431. (for-each (lambda (pid)
  432. (unless (memv pid omit)
  433. (false-if-exception
  434. (kill pid signal))))
  435. (processes))))
  436. (define omitted-pids
  437. ;; List of PIDs that must not be killed.
  438. (if (file-exists? #$%do-not-kill-file)
  439. (map string->number
  440. (call-with-input-file #$%do-not-kill-file
  441. (compose string-tokenize
  442. (@ (ice-9 rdelim) read-string))))
  443. '()))
  444. (define (now)
  445. (car (gettimeofday)))
  446. (define (sleep* n)
  447. ;; Really sleep N seconds.
  448. ;; Work around <http://bugs.gnu.org/19581>.
  449. (define start (now))
  450. (let loop ((elapsed 0))
  451. (when (> n elapsed)
  452. (sleep (- n elapsed))
  453. (loop (- (now) start)))))
  454. (define lset= (@ (srfi srfi-1) lset=))
  455. (display "sending all processes the TERM signal\n")
  456. (if (null? omitted-pids)
  457. (begin
  458. ;; Easy: terminate all of them.
  459. (kill -1 SIGTERM)
  460. (sleep* #$grace-delay)
  461. (kill -1 SIGKILL))
  462. (begin
  463. ;; Kill them all except OMITTED-PIDS. XXX: We would
  464. ;; like to (kill -1 SIGSTOP) to get a fixed list of
  465. ;; processes, like 'killall5' does, but that seems
  466. ;; unreliable.
  467. (kill-except omitted-pids SIGTERM)
  468. (sleep* #$grace-delay)
  469. (kill-except omitted-pids SIGKILL)
  470. (delete-file #$%do-not-kill-file)))
  471. (let wait ()
  472. ;; Reap children, if any, so that we don't end up with
  473. ;; zombies and enter an infinite loop.
  474. (let reap-children ()
  475. (define result
  476. (false-if-exception
  477. (waitpid WAIT_ANY (if (null? omitted-pids)
  478. 0
  479. WNOHANG))))
  480. (when (and (pair? result)
  481. (not (zero? (car result))))
  482. (reap-children)))
  483. (let ((pids (processes)))
  484. (unless (lset= = pids (cons 1 omitted-pids))
  485. (format #t "waiting for process termination\
  486. (processes left: ~s)~%"
  487. pids)
  488. (sleep* 2)
  489. (wait))))
  490. (display "all processes have been terminated\n")
  491. #f))
  492. (respawn? #f))))
  493. (define user-processes-service-type
  494. (service-type
  495. (name 'user-processes)
  496. (extensions (list (service-extension shepherd-root-service-type
  497. user-processes-shepherd-service)))
  498. (compose concatenate)
  499. (extend append)
  500. ;; The value is the list of Shepherd services 'user-processes' depends on.
  501. ;; Extensions can add new services to this list.
  502. (default-value '())
  503. (description "The @code{user-processes} service is responsible for
  504. terminating all the processes so that the root file system can be re-mounted
  505. read-only, just before rebooting/halting. Processes still running after a few
  506. seconds after @code{SIGTERM} has been sent are terminated with
  507. @code{SIGKILL}.")))
  508. ;;; shepherd.scm ends here