This post is by from Igor Minar's Blog
Click here to view on the original site: Original Post
One of the features of Solaris that we heavily rely on in our production environment at work is Service Management Facility or SMF for short. SMF can start/stop/restart services, track dependencies between services and use that to optimize the boot process and lots more. Often handy in production environment is that SMF keeps track of processes that a particular service started and if a process dies, SMF restarts its services.
One gripe I have with SMF is that its process monitoring capabilities are rather simple. A process associated with a contract (service) must die in order for SMF to get the idea that something is wrong and that the service should be restarted. In practice, more often than not a process gets into a weird state that prevents it from working properly, yet it doesn’t die. Failures might include excessive cpu or memory usage or even application level failures that can be detected only by interacting with the application (e.g. http health check). SMF in its current implementation is incapable of detecting these failures. And this is where Satan comes into the play.
Satan a small ruby script that monitors a process and following the Crash-only Software philosophy, kills it when a problem is detected. It then relies on SMF to detect the process death(s) and restart the given service. I fell in love with the simplicity of Satan (which was inspired by God) and started exploring the feasibility of using it to improve the reliability of SMF on our production servers.
Upon a code review of the script, I noticed several things that I wished were implemented differently. Here are some:
- Satan watches processes rather than services as defined via SMF
- One Satan instance is designed to watch many different processes for different services, which adds unnecessary complexity and lacks isolation
- Satan is merciless (what a surprise! 🙂 ) and uses
kill -9without a warning
- Satan has no test suite!!! 🙁 (i.e. I must presume that it doesn’t work)
Thankfully the source code was out there on GitHub and licensed under BSD license so it was just a matter of a few keystrokes to fork it (open source FTW!). By the time I was done with my changes, there wasn’t much of the original source code left, but oh well 🙂
I’m happy to present to you http://github.com/IgorMinar/satan for review and comments. The main changes I made are the following:
- One Satan instance watches single SMF service and its one or more processes
- The single service to monitor design allows for automatic monitoring suspension via SMF dependencies while the monitored service is being started, restarted or disabled
- Several bugfixes around how rule failures and recoveries are counted before a service is deemed unhealthy
- At first Satan tries to invoke
svcadm restartand only if that doesn’t occur within a specified grace period, it uses
kill -9to kill all processes for the given contract (service)
- Satan now has decent RSpec test suite (more on that in my previous post)
- Improved HTTP condition with a timeout setting
- New JVM free heap space condition to monitor those pesky JVM memory leaks
- Extensible design now allows for new monitoring conditions (rules) to be defined outside of the main Satan source code
As always there are more things to improve and extend but, I’m hoping that my Satan fork will be a decent version that will allow us to keep our services running more reliably. If you have suggestions, or comments feel free to leave feedback.