From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id 8HhoBmZwwl+FUgAA0tVLHw (envelope-from ) for ; Sat, 28 Nov 2020 15:44:38 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id qPJEAmZwwl+9VwAAB5/wlQ (envelope-from ) for ; Sat, 28 Nov 2020 15:44:38 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 9A3DE9404CF for ; Sat, 28 Nov 2020 15:44:37 +0000 (UTC) Received: from localhost ([::1]:48190 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kj2Oq-0007bj-KY for larch@yhetil.org; Sat, 28 Nov 2020 10:44:36 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:52672) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kj2Oi-0007bd-5V for help-guix@gnu.org; Sat, 28 Nov 2020 10:44:28 -0500 Received: from mira.cbaines.net ([2a01:7e00:e000:2f8:fd4d:b5c7:13fb:3d27]:48861) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kj2Oc-0004mW-RZ for help-guix@gnu.org; Sat, 28 Nov 2020 10:44:27 -0500 Received: from localhost (188.28.112.52.threembb.co.uk [188.28.112.52]) by mira.cbaines.net (Postfix) with ESMTPSA id E95AB27BBF8; Sat, 28 Nov 2020 15:44:20 +0000 (GMT) Received: from capella (localhost [127.0.0.1]) by localhost (OpenSMTPD) with ESMTP id b3538871; Sat, 28 Nov 2020 15:44:18 +0000 (UTC) References: <87k0u5msuc.fsf@euandre.org> User-agent: mu4e 1.4.13; emacs 27.1 From: Christopher Baines To: EuAndreh Subject: Re: Manual: why not restart service over killing the process In-reply-to: <87k0u5msuc.fsf@euandre.org> Date: Sat, 28 Nov 2020 15:44:15 +0000 Message-ID: <87blfhtrjk.fsf@cbaines.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Received-SPF: pass client-ip=2a01:7e00:e000:2f8:fd4d:b5c7:13fb:3d27; envelope-from=mail@cbaines.net; helo=mira.cbaines.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: help-guix@gnu.org Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: "Help-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-Spam-Score: -4.37 X-Scanner: ns3122888.ip-94-23-21.eu Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of help-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=help-guix-bounces@gnu.org X-TUID: XBJikCvkl2Ac --=-=-= Content-Type: text/plain EuAndreh writes: > Hi! > > The manual suggests a deploy-hook for the certbot-service-type that > looks like this: > > (define %nginx-deploy-hook > (program-file > "nginx-deploy-hook" > #~(let ((pid (call-with-input-file "/var/run/nginx/pid" read))) > (kill pid SIGHUP)))) > > Instead of requiring the deploy-hook to know the path of the PID file, > why not restart the Shepherd service instead? Something like this: > > (define %nginx-deploy-hook > (program-file > "nginx-deploy-hook" > (with-imported-modules '((gnu services herd)) > #~(begin > (use-modules (gnu services herd)) > (restart-service 'nginx))))) > > If I understood correctly, those would result in equivalent outcomes, > and I tend to find the latter a more elegant approach. It is a bit > longer, but I like more restarting the service rather than killing the > process. Is there any downside I'm missing? You're sort of right, but you've got the downsides the wrong way around. The key bit with the kill call is the SIGHUP but, not that it's not SIGKILL. The current situation won't kill the NGinx process, but instead just get it to reload the certificate (at least that's the intention). The restart action would "kill" the process, in that it would send it SIGTERM and the the shepherd would start a new NGinx process, and this has the potential of interrupting whatever is using NGinx. Does that make sense? --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQKlBAEBCgCPFiEEPonu50WOcg2XVOCyXiijOwuE9XcFAl/CcE9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcRHG1haWxAY2Jh aW5lcy5uZXQACgkQXiijOwuE9XfZGRAAlJx/cWzZDjiusVmV07AiNYcZ80CxOtMh f5zlL2V7InhXVLGu8bew+s2Wb3fIA+zM8dD9dzbeyEiVkekJzsU3QWC6orOCTKVj b9AcZMYbj0weInxKhSZk5kY0CRhpjrJSzyrTXcsOC7W90vA72QI678hyenzSafoK rTUUc1+HWBEMf3flW4w9ZyKlG7Qyzp/jdlZUDQA/awYhzc961xQZa4tQm2BINs2U iD/zwUz80uhegbeyL2/6NJ1WQG5koukmBfML94pcR1E1+IO+YlmT9vgbTkY5tRvm jg5xKhNK/DF4C5vow6wJ2leklCAiUzYbh+s+Rf/UcGKgfiz+Clw1KPMZD7GCKFcG vzgP7n8/lBtvN5lJJnrDYWVQxRSKZuQOZL77NOyoPvkO8jQbVMk6bgh0oBXCLtYf /B4N16nrRfov5xIrRbyfuFeCoxlCG26OLmwJKH6FbY3mE1XtfiY7Rq0gNKfdKRvQ mhr9H5EImZK/d4+DJR0sLXOB6Ogmsbai3Ztn2roznWgeXnVwKyNi6y8e88DAWkeN ol8SMTRw+7WLvLCFnxqLyR9iASsSmTenQoZnGVB++HSF833Mt300xUzrcmFMdMVb ah/ERM7Drga3ZvUtyC4oTLuUDCiVaFmeEIRPOXSffy11HG9y8YmEZQLSYutp9BNF PA9dWSSUWzk= =tv+N -----END PGP SIGNATURE----- --=-=-=--