| Date | Commit message (Collapse) |
|---|
|
Mostly internal cleanups and documentation updates. Irrelevant
stacktraces from client disconnects/errors while reading
"rack.input" are now cleared to avoid unnecessary noise. If
user switching in workers is used, ownership of logs is now
preserved when reopening worker logs (send USR1 only to the the
master in this case). The timeout config no longer affects long
after_fork hooks or application startups.
New features include the addition of the :umask option for the
"listen" config directive and error reporting for non-portable
socket options.
No ponies have ever been harmed in our development.
Eric Wong (28):
unicorn.1: document RACK_ENV changes in 0.94.0
HACKING: update with "gmake" in examples
don't nuke children for long after_fork and app loads
local.mk.sample: steal some updates from Rainbows!
Load Unicorn constants when building app
tee_input: fix RDoc argument definition for tee
Add FAQ
FAQ: fix links to Configurator docs
tee_input: better premature disconnect handling
tee_input: don't shadow struct members
raise Unicorn::ClientShutdown if client aborts in TeeInput
tee_input: fix comment from an intermediate commit
FAQ: additional notes on getting HTTPS redirects right
configurator: update RDoc and comments in examples
bump version to 0.95.0pre
configurator: listen :umask parameter for UNIX sockets
preserve user/group ownership when reopening logs
old_rails/static: avoid freezing strings
old_rails: autoload Static
const: no need to freeze HTTP_EXPECT
test_server: ensure stderr is written to before reading
tee_input: expand client error handling
replace "rescue => e" with "rescue Object => e"
socket_helper: do not hide errors when setting socket options
socket_helper: RDoc for constants
ClientShutdown: RDoc
Rakefile: add raa_update task
tee_input: client_error always raises
|
|
We do not hide unforseen exceptions, as that could cause us to
waste precious time attempting to continue processing after
errors.
|
|
|
|
|
|
Since they're all optional, make them non-fatal, but make sure
we log them so we can diagnose what (if anything) is going
wrong.
|
|
"Object" is needless noise and some folks are annoyed by
seeing it.
|
|
First move it to a separate method, this allows subclasses to
reuse our error handler. Additionally, capture HttpParserError
as well since backtraces are worthless when a client sends us
a bad request, too.
|
|
We never set this as a hash key, so there's no performance
gain from having a frozen string.
|
|
It makes life easier for people writing config.ru files for use
with Rails.
|
|
No need to freeze them unless we're assigning new hash
values (PATH_INFO is already hashed when we assign it).
|
|
This is only supported when SIGUSR1 is sent only to the master
process (which then resends SIGUSR1 to the workers).
Since we only added support for user/group switching in the
workers, we now chown any log files upon switching users so the
master can pick up and chown the log files later on. Thus
we can avoid having to restart workers because they fail to
rotate log files on their own.
|
|
Typically UNIX domain sockets are created with more liberal
file permissions than the rest of the application. By default,
we create UNIX domain sockets to be readable and writable by
all local users to give them the same accessibility as
locally-bound TCP listeners.
This only has an effect on UNIX domain sockets.
This was inspired by Suraj Kurapati in
cfbcd2f00911121536rd0582b8u961f7f2a8c6e546a@mail.gmail.com
|
|
We need a minor version since we will expose
Unicorn::ClientDisconnect.
|
|
Some of this based on Suraj Kurapati's comments on
the mailing list.
|
|
|
|
Leaving the EOFError exception as-is bad because most
applications/frameworks run an application-wide exception
handler to pretty-print and/or log the exception with a huge
backtrace.
Since there's absolutely nothing we can do in the server-side
app to deal with clients prematurely shutting down, having a
backtrace does not make sense. Having a backtrace can even be
harmful since it creates unnecessary noise for application
engineers monitoring or tracking down real bugs.
|
|
It's confusing when a local variable reuses the same name
as a struct member.
|
|
Just let the error bubble all the way up to where Unicorn calls
process_client where it'll be appropriately handled.
Additionally, we'l just check the return value of tee() in
ensure_length and avoid it if it nils on us.
|
|
|
|
This will benefit users of a copy-on-write-friendly memory
manager provided with Ruby Enterprise Edition. Additionally,
this will the reduce maintenance impact on Rainbows! in the future
since load/require are not thread-safe under 1.9.
|
|
Sometimes app loads and after_fork hooks can take a long time,
even longer than shorter timeouts. Since timeouts are only
meant for application processing when clients are involved,
we won't nuke workers that have never chmodded before.
|
|
The HTTP parser is fix for oddly-aligned reads of trailers (this
technically affects headers, too, but is highly unlikely due to
our non-support of slow clients). This allows our HTTP parser
to better support very slow clients when used by other servers
(like Rainbows!). Fortunately this bug does not appear to lead
to any invalid memory accesses (and potential arbitrary code
execution).
FreeBSD (and possibly other *BSDs) support is improved and and
all the test cases pass under FreeBSD 7.2. Various flavors of
GNU/Linux remains our primary platform for development and
production.
New features added include the "working_directory" directive in
the configurator . Even without specifying a
"working_directory", symlink-aware detection of the current path
no longer depends on /bin/sh so it should work out-of-the-box on
FreeBSD and Solaris and not just systems where /bin/sh is dash,
ksh93 or bash.
User-switching support is finally supported but only intended
for use in the after_fork hook of worker processes. Putting it
in the after_fork hook allows allows users to set things like
CPU affinity[1] on a per-worker basis before dropping
privileges. The master process retains all privileges it
started with.
The ENV["RACK_ENV"] (process-wide) environment variable is now
both read and set for `unicorn' in the same way RAILS_ENV is
used by `unicorn_rails'. This allows the Merb launcher to read
ENV["RACK_ENV"] in config.ru. Other web servers already set
this and there may be applications or libraries that already
rely on this de facto standard.
Eric Wong (26):
cleanup: avoid redundant error checks for fstat
test_helper: connect(2) may fail with EINVAL
GNUmakefile: fix non-portable tar(1) usage
tests: provide a pure Ruby setsid(8) equivalent
more portable symlink awareness for START_CTX[:cwd]
test_signals: avoid portability issues with fchmod(2)
cleanup error handling and make it less noisy
Do not override Dir.chdir in config files
configurator: add "working_directory" directive
configurator: working_directory is expanded
configurator: set ENV["PWD"] with working_directory, too
configurator: working_directory affects pid, std{err,out}_paths
configurator: update documentation for working_directory
TODO: remove working_directory bit, done
Util.reopen_logs: remove needless Range
worker: user/group switching for after_fork hooks
Fix autoload of Etc in Worker for Ruby 1.9
bin/unicorn: allow RACK_ENV to be passed from parent
tests for RACK_ENV preservation
http: allow headers/trailers to be written byte-wise
http: extra test for bytewise chunked bodies
tee_input: do not clobber trailer buffer on partial uploads
test_exec: ensure master is killed after test
Util::tmpio returns a TmpIO that responds to #size
TODO: remove user-switching bit, done
unicorn 0.94.0
Wayne Larsen (1):
bin/unicorn: set ENV["RACK_ENV"] on startup
[1] - Unicorn does not support CPU affinity directly, but it is
possible to load code that allows it inside after_fork hooks,
or even just call sched_tool(8).
|
|
Subclass off the core File class so we don't have to
worry about #size being defined. This will mainly
be useful to Rainbows! but allows us to simplify
our TeeInput implementation a little, too.
|
|
Found in Rainbows! testing. Reusing the buffer when finalizing
input for headers could be problematic because it would lead
to the @buf2 instance variable being clobbered; allowing the
trailers to "leak" into the body.
|
|
Constant scoping appears to be a bit different under 1.9
|
|
This must be called in the after_fork hook because there may be
Ruby modules that'll allow things such as CPU affinity and
scheduling class/priority to be set on a per-worker basis. So
we give the user the ability to change users at any time during
the after_fork hook.
|
|
?/ avoids allocating a String in 1.8 and in 1.9 short String
objects are cheap.
|
|
We follow the principle of least surprise now, so less
documentation is better documentation.
|
|
It makes more sense this way since users usually expect config
file directives to be order-independent.
|
|
Just in case anything depends on it, we'll have it set
correctly because it's usually set by the $SHELL
|
|
Allow people to use "~" and relative paths, like all
of our other paths.
|
|
This basically a prettier way of saying:
Dir.chdir(Unicorn::HttpServer::START_CTX[:cwd] = path)
In the config file. Unfortunately, this is configuration
directive where order matters and you should specify it
before any other path[1] directives if you're using relative
paths (relative paths are not recommended anyways)
[1] pid, stderr_path, stdout_path
|
|
Even if START_CTX[:cwd] is pointing to another directory,
avoid overriding the user's decision to Dir.chdir if they
do it in either the Unicorn config file or the config.ru.
|
|
split out uncommon code from the common path
|
|
`sh -c pwd` doesn't reliably read ENV["PWD"] on all platforms,
this means that directories that are symlinks may be ignored
and the real path is resolved. This can be problematic when
doing upgrades for common deployment systems such as Capistrano
which rely on the working directory being a symlink.
|
|
If fstat() fails on an open file descriptor in the master,
something is seriously wrong (like your kernel is broken/buggy)
and trying to restart the worker that owned that file descriptor
is likely masking the symptoms. Instead let the error propagate
up to the main loop to avoid wasting cycles to restart broken
workers.
|
|
This release fixes a regression introduced in 0.93.3 where
timed-out worker processes run a chance of not being killed off
at all if they're hung. While it's not ever advisable to have
requests take a long time, we realize it's easy to fix
everything :)
Eric Wong (3):
TODO: remove --kill
fix reliability of timeout kills
TODO: update for next version (possibly 1.0-pre)
|
|
The method introduced in commit
6c8a3d3c55997978bacaecc5dbbb7d03c2fee345 to avoid killing
workers after suspend/hibernate interacted badly with the change
for OpenBSD fchmod(2) compatibility introduced with the 0.93.3
release. This interaction lead to workers with files stuck in
the zero state to never be murdered off for timeout violations.
Additionally, the method to avoid killing processes off was
never completely reliable and has been reworked even if we
entered suspend/hibernate/STOP during client processing.
This regression was discovered during continued development of the
Rainbows! test suite (which we will bring over as it becomes ready).
|
|
This release mainly works around BSD stdio compatibility issues
that affect at least FreeBSD and OS X. While this issues was
documented and fixed in [ruby-core:26300][1], no production
release of MRI 1.8 has it, and users typically upgrade MRI more
slowly than gems. This issue does NOT affect 1.9 users. Thanks
to Vadim Spivak for reporting and testing this issue and Andrey
Stikheev for the fix.
Additionally there are small documentation bits, one error
handling improvement, and one minor change that should improve
reliability of signal delivery.
Andrey Stikheev (1):
workaround FreeBSD/OSX IO bug for large uploads
Eric Wong (7):
DESIGN: address concerns about on-demand and thundering herd
README: alter reply conventions for the mailing list
configurator: stop testing for non-portable listens
KNOWN_ISSUES: document Rack gem issue w/Rails 2.3.2
stop continually resends signals during shutdowns
add news bodies to site NEWS.atom.xml
configurator: fix broken example in RDoc
Suraj N. Kurapati (1):
show configuration file path in errors instead of '(eval)'
[1] http://redmine.ruby-lang.org/issues/show/2267
|
|
Under FreeBSD writing to the file in sync mode does not change current
position, so change position to the end of the file. Without this patch
multipart post requests with large data (image uploading) does not work
correctly:
Status: 500 Internal Server Error
bad content body
/usr/local/lib/ruby/gems/1.8/gems/rack-1.0.0/lib/rack/utils.rb:347:in `parse_multipart'
/usr/local/lib/ruby/gems/1.8/gems/rack-1.0.0/lib/rack/utils.rb:319:in `loop'
/usr/local/lib/ruby/gems/1.8/gems/rack-1.0.0/lib/rack/utils.rb:319:in `parse_multipart'
File position behavior under FreeBSD :
ruby -v
ruby 1.8.7 (2009-04-08 patchlevel 160) [i386-freebsd7]
irb(main):001:0> b = File.new("abc", "w+")
=> #<File:abc>
irb(main):002:0> b.sync = true
=> true
irb(main):004:0> b.write("abc")
=> 3
irb(main):005:0> b.pos
=> 0
Acked-by: Eric Wong <normalperson@yhbt.net>
|
|
Thanks to Greg Melton for reporting.
|
|
Since our :QUIT and :TERM signal handlers are idempotent, we can
safely retry sending signals in case workers don't/can't handle
them them the first time around. This appears to be a problem
with the Thread-based concurrency models in Rainbows! not
behaving well (no surprise, though, since pthreads and signals
are difficult to manage/mix properly).
|
|
also __FILE__ did not reflect configuration file path
|
|
This release fixes compatibility with OpenBSD (and possibly
other Unices with stricter fchmod(2) implementations) thanks to
Jeremy Evans. Additionally there are small documentation
changes all around.
Eric Wong (11):
doc: expand on the SELF_PIPE description
fchmod heartbeat flips between 0/1 for compatibility
examples/init.sh: remove "set -u"
configurator: update with nginx fail_timeout=0 example
PHILOSOPHY: clarify experience other deployments
PHILOSOPHY: plug the Rainbows! spin-off project
README: remove unnecessary and extraneous dash
DESIGN: clarification and possibly improve HTML validity
README: remove the "non-existent" part
README: emphasize the "fast clients"-only part
drop the whitespace cleaner for Ragel->C
|
|
It has come to our attention that this setting is not very
well-known to the rest of the world...
|
|
This removes the Time.now.to_i comparison that was used to avoid
multiple, no-op fchmod() syscalls[1] within the same second.
This should allow us to run on OpenBSD where it can raise EINVAL
when Time.now.to_i is passed to it.
Reported-by: Jeremy Evans <jeremyevans0@gmail.com>
[1] - gettimeofday() from Time.now is not a real syscall on
VDSO-enabled x86_64 GNU/Linux systems where Unicorn is primarily
developed.
|
|
There seems to be a small amount of confusion regarding how it's
used (and some of the code is not very obvious). So explain our
usage of it and distinguish its use in the master vs worker(s).
|
|
Avoid truncated POST bodies from with URL-encoded forms in Rails
by switching TeeInput to use read-in-full semantics (only) when
a Content-Length: header exists. Chunked request bodies
continue to exhibit readpartial semantics to support
simultaneous bidirectional chunking.
The lack of return value checking in Rails to protect against a
short ios.read(length) is entirely reasonable even if not
pedantically correct. Most ios.read(length) implementations
return the full amount requested except right before EOF.
Also there are some minor documentation improvements.
Eric Wong (7):
Fix NEWS generation on single-paragraph tag messages
Include GPLv2 in docs
doc: make it clear contributors retain copyrights
TODO: removed Rainbows! (see rainbows.rubyforge.org)
Document the START_CTX hash contents
more-compatible TeeInput#read for POSTs with Content-Length
tests for read-in-full vs readpartial semantics
|
|
There are existing applications and libraries that don't check
the return value of env['rack.input'].read(length) (like Rails
:x). Those applications became broken under the IO#readpartial
semantics of TeeInput#read when handling larger request bodies.
We'll preserve the IO#readpartial semantics _only_ when handling
chunked requests (as long as Rack allows it, it's useful for
real-time processing of audio/video streaming uploads,
especially with Rainbows! and mobile clients) but use
read-in-full semantics for TeeInput#read on requests with a
known Content-Length.
|
|
Modifying this can be useful for esoteric cases like switching
entire Ruby installations or if the app was originally started
in a no-longer-existent directory and we can't upgrade because
we can't chdir to it.
|