From 0d6d3e1f265609e8e74bf970a5d578300c465617 Mon Sep 17 00:00:00 2001 From: "Alex Xu (Hello71)" Date: Thu, 18 Oct 2018 19:54:49 -0400 Subject: [PATCH 1/2] Notify systemd of ShutdownWaitLength --- changes/ticket28113 | 3 +++ src/or/hibernate.c | 20 ++++++++++++++++++++ 2 files changed, 23 insertions(+) create mode 100644 changes/ticket28113 diff --git a/changes/ticket28113 b/changes/ticket28113 new file mode 100644 index 0000000000..2585514b8a --- /dev/null +++ b/changes/ticket28113 @@ -0,0 +1,3 @@ + o Minor bugfixes (relay shutdown, systemd): + - Notify systemd of ShutdownWaitLength so it can be set to longer than + systemd's TimeoutStopSec. Fixes bug 28113; bugfix on 0.2.6.2-alpha. diff --git a/src/or/hibernate.c b/src/or/hibernate.c index e3c80b5f14..a59d52f3d8 100644 --- a/src/or/hibernate.c +++ b/src/or/hibernate.c @@ -837,6 +837,26 @@ hibernate_begin(hibernate_state_t new_state, time_t now) "connections, and will shut down in %d seconds. Interrupt " "again to exit now.", options->ShutdownWaitLength); shutdown_time = time(NULL) + options->ShutdownWaitLength; +#ifdef HAVE_SYSTEMD + /* tell systemd that we may need more than the default 90 seconds to shut + * down so they don't kill us. add some extra time to actually finish + * shutting down, otherwise systemd will kill us immediately after the + * EXTEND_TIMEOUT_USEC expires. this is an *upper* limit; tor will probably + * only take one or two more seconds, but assume that maybe we got swapped + * out and it takes a little while longer. + * + * as of writing, this is a no-op with all-defaults: ShutdownWaitLength is + * 30 seconds, so this will extend the timeout to 60 seconds. + * default systemd DefaultTimeoutStopSec is 90 seconds, so systemd will + * wait (up to) 90 seconds anyways. + * + * 2^31 usec = ~2147 sec = ~35 min. probably nobody will actually set + * ShutdownWaitLength to more than that, but use a longer type so we don't + * need to think about UB on overflow + */ + sd_notifyf(0, "EXTEND_TIMEOUT_USEC=%" PRIu64, + ((uint64_t)(options->ShutdownWaitLength) + 30) * TOR_USEC_PER_SEC); +#endif } else { /* soft limit reached */ hibernate_end_time = interval_end_time; } From bd0e38dcfeb63303af83069e4e1e4c70982c56d7 Mon Sep 17 00:00:00 2001 From: teor Date: Mon, 5 Nov 2018 11:23:55 +1000 Subject: [PATCH 2/2] systemd: allow tor some time to shut down after ShutdownWaitLength expires This commit upstreams the Debian package setting of 60 seconds for TimeoutStopSec, but applies it to startup and shutdown. Part of 28113. --- changes/ticket28113 | 4 +++- contrib/dist/tor.service.in | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/changes/ticket28113 b/changes/ticket28113 index 2585514b8a..30dd825a9b 100644 --- a/changes/ticket28113 +++ b/changes/ticket28113 @@ -1,3 +1,5 @@ o Minor bugfixes (relay shutdown, systemd): - Notify systemd of ShutdownWaitLength so it can be set to longer than - systemd's TimeoutStopSec. Fixes bug 28113; bugfix on 0.2.6.2-alpha. + systemd's TimeoutStopSec. In tor's systemd service file, set + TimeoutSec to 60 seconds, to allow tor some time to shut down. + Fixes bug 28113; bugfix on 0.2.6.2-alpha. diff --git a/contrib/dist/tor.service.in b/contrib/dist/tor.service.in index 9c1a255b2e..e857a8664e 100644 --- a/contrib/dist/tor.service.in +++ b/contrib/dist/tor.service.in @@ -15,7 +15,7 @@ ExecStartPre=@BINDIR@/tor -f @CONFDIR@/torrc --verify-config ExecStart=@BINDIR@/tor -f @CONFDIR@/torrc ExecReload=/bin/kill -HUP ${MAINPID} KillSignal=SIGINT -TimeoutSec=30 +TimeoutSec=60 Restart=on-failure WatchdogSec=1m LimitNOFILE=32768