minisv (mini supervisor)
Service starter, easy start multiply services (for example in one docker
container or using systemd on regular system) with possibility to (gracefull)
restart them via http. Gracefull restart is used for services supporting
SO_REUSERPORT: new instance will started, waited X seconds to be sure that
everything is ok and only then SIGTERM will be send to old one; if old one
will not exit in Y time than SIGKILL also sent.
It's also possible to run "one-time" actions like a repository pull one
webhook and so on (need to have oneTime
setted to true
).
In last version it's possible to pass data on standart input of "one-time"
tasks (using POST method), for example, for creating configs before
adding new tasks.
Possibility to "rotate" logs using HUP signal, using logreload
variable
in config or rotate
command via http. Using logdate
it's possible to
add current date/time as log file name sufix (using class golang format).
This affects only permanent task, not oneTime
.
Also is possible to add/remove tasks online via HTTP-requests.
For restarting, sending signals and task add/remove next http schema used:
- GET
http://[addr]:[port]/
(return basic status on all tasks)
- GET
http://[addr]:[port]/[taskname]/[stop|restart|term|hup|kill|run|rotate]
- POST
http://[addr]:[port]/[taskname]/run
(run one-time task with data on standart input)
- POST
http://[addr]:[port]/[taskname]
(with json description of task as http body)
- DELETE
http://[addr]:[port]/[taskname]
for example:
curl -d '{"command": "/bin/sleep","args": ["1800"],"workdir": "/home"}' -H "Content-Type: application/json" -X 'POST' 'http://127.0.0.1:3443/sleep1800'
curl -i 'http://127.0.0.1:3443/sleep1800/kill'
curl -i 'http://127.0.0.1:3443/sleep1800/restart'
curl -X 'DELETE' 'http://127.0.0.1:3443/sleep3'
curl -i 'http://127.0.0.1:3443/pull/run'
curl -i -X 'POST' -d '@/tmp/image.jpeg' 'http://127.0.0.1:3443/imgsave/run'
Example Dockerfile for use with minisv:
FROM ubuntu:16.04
MAINTAINER somebody@service
RUN apt-get update && apt-get install -y nginx-light redis-server
RUN mkdir -p /var/log/nginx /var/log/minisv /opt
COPY minisv /opt
COPY minisv.json /opt
EXPOSE 80 443 3443 6379
ENTRYPOINT ["/opt/minisv"]
while minisv.json contains
{
"logdir": "/var/log/minisv",
"logfileprefix": "container1-",
"logreopen": "1h",
"logsuffixdate": "20060102.150405",
"logdate": "2006/01/02 15:04:05",
"tasks": {
"redis": {
"command": "/usr/bin/redis-server",
"args": ["--port", "6379"],
"workdir": "/tmp",
"wait": 60,
"restartPause":1,
"startTime": 10
},
"nginx": {
"command": "/usr/sbin/nginx",
"args": ["-g", "daemon off;"],
"wait": 60,
"restartPause":0,
"startTime": 3
},
"pull": {
"command": "/usr/bin/git",
"args": ["pull", "-f"],
"workdir": "/home/www/example.com",
"oneTime": true
}
},
"http": {
"address": "127.0.0.1",
"port": 3443
}
}
starting with
docker run -v '/var/log/minisv:/var/log/minisv' 'container1'
using different logfileprefix prevents mixing of logs from different containers
commands description:
- stop - stop task until restart or run command
- restart - start after stop OR graceful restart if running (start new instance, wait if not crashed and then terminate old one), not for ontime tasks
- term - send SIGTERM to process
- hup - send SIGHUP to process
- kill - send SIGKILL to process
- run - run onetime task
- rotate - close log and reopen (with different name while logsuffixdate is used), not for onetime tasks
- status - return current process status
HTTPS & Auth
if no user, password and certificate parameters are specified in config minisv will work with plain HTTP and no authentification (suitable for listening on localhost and no access of third people to server).
If user and password (bcrypted hash) specified in http session http-basic auth is on.
"http": {
"address": "0.0.0.0",
"port": 3443,
"user": "admin",
"password": "$2a$14$ajq8Q7fbtA0QvXpdCq7Jcuy.Rx1h/L4J60Otx.gyNLbAYctGMJ9tK"
}
For more security it's possible to turn on HTTPS:
"http": {
"address": "0.0.0.0",
"port": 3443,
"user": "admin",
"password": "$2a$14$ajq8Q7fbtA0QvXpdCq7Jcuy.Rx1h/L4J60Otx.gyNLbAYctGMJ9tK",
"servercert": "server.crt",
"serverkey": "server.key"
}
And as most-secure it's possible to turn on verifing of client certificate:
"http": {
"address": "0.0.0.0",
"port": 3443,
"user": "admin",
"password": "$2a$14$ajq8Q7fbtA0QvXpdCq7Jcuy.Rx1h/L4J60Otx.gyNLbAYctGMJ9tK",
"servercert": "server.crt",
"serverkey": "server.key",
"clientcert": "client.crt"
}
and yes, it's true - it's possible combinate https-client-auth with http-basic-auth in the same time and both will be required at once.
Resource limits
it's possible to set global limits (like calling ulimit just before minisv) by setting individual options on limits
array like this:
{
"logdir": "/var/log/minisv",
"limits": [
{
"type": "nofile",
"cur": 2048,
"max": 4096
},
{
"type": "nproc",
"cur": 16384,
"max": 16384
}
],
"tasks": {
......
}
}