varnish parent unable to send signals to child
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	• ema
	Jan 10 2020, 9:35 AM

Description

The architecture of varnish is based on a management process supervising its child. The child does all the actual work of handling requests, caching, and so forth.

In some unfortunate cases, the child process can crash. When that happens, the management process detects the event by failing to communicate with its child, and tries to kill it.

Due to CAP_KILL not being in the Capability Bounding Set defined in varnish-frontend systemd unit, sending such signal currently fails:

Jan 09 20:59:52 cp3062 varnishd[2836]: Failed to kill child with PID 112629: Operation not permitted

Details

	Subject	Repo	Branch	Lines +/-
	cache: add CAP_KILL to varnish-frontend capabilities	operations/puppet	production	+2 -7

Customize query in gerrit

Event Timeline

• ema created this task.Jan 10 2020, 9:35 AM

Restricted Application added a project: SRE. · View Herald TranscriptJan 10 2020, 9:35 AM

Restricted Application added a subscriber: Aklapper. · View Herald Transcript

• ema triaged this task as Medium priority.Jan 10 2020, 2:41 PM

• ema moved this task from Backlog to TLS on the Traffic board.

• ema moved this task from TLS to Caching on the Traffic board.

Paladox subscribed.Jan 10 2020, 3:01 PM

Change 564726 had a related patch set uploaded (by Ema; owner: Ema):
[operations/puppet@production] cache: add CAP_KILL to varnish-frontend capabilities

https://gerrit.wikimedia.org/r/564726

gerritbot added a project: Patch-For-Review.Jan 14 2020, 4:25 PM

Mentioned in SAL (#wikimedia-operations) [2020-01-15T10:08:18Z] <ema> cache: rolling varnish-frontend-restart to add CAP_KILL to varnish-frontend.service T242411

Capability added, all frontends restarted. Closing.

varnish parent unable to send signals to childClosed, ResolvedPublicActions

Description

Details

Event Timeline

varnish parent unable to send signals to child
Closed, ResolvedPublic
Actions