#3675 KCM/Secrets: Differentiate when a process is explicitly started or socket-activated

Created 4 months ago by fidencio
Modified 4 months ago

Currently there's no way to differentiate whether kcm/secrets were explicitly started by systemctl start sssd-{kcm,secrets} or due to some socket activity.

This differentiation is needed as we do not want the responder shutting itself down due to inactivity when it's explicitly started.

This issue is not faced by any other socket-activated responders as they cannot be explicitly started (which is not the case of kcm/secrets).

After talking with systemd folks I've learned that it's not possible, which brings me to the following question:
- Do we want kcm and secrets responders to follow the responders' timeout?

@jhrozek, what's your opinion here?

Are you sure the detection is not possible? Looking at activate_unix_sockets, it should be enough to call sd_listen_fds() and record the result somewhere

Are you sure the detection is not possible? Looking at activate_unix_sockets, it should be enough to call sd_listen_fds() and record the result somewhere

Not that easy, actually. Consider the situation where the admin has the socket enabled (by default, as it's supposed to be at some point) and even though it does a systemctl start sssd-kcm.
As far as I understand won't be possible to distinguish then whether the service was socket-activated or explicitly started.

As my memory is far from its best shape, let me ask you, what was the problem about having the responder shutting itself down? it's related to performance, right? Or is there something else behind that I'm not able to remember?

Anyways, I'll get back to this issue and do a better investigation at some point next week.

Login to comment on this ticket.

cancel