Supervising the Radiusd Daemon
+==============================
-0. INTRODUCTION
+Introduction
+------------
- We all hope that our radius daemons won't die in the middle of the
- nite stranding customer and beeping beepers. But, alas, it's going
- to happen, and when you least expect it. That's why you want a
- another process watching your radius daemon, restarting it if and
- when it dies.
+We all hope that our radius daemons won't die in the middle of the
+nite stranding customer and beeping beepers. But, alas, it's going to
+happen, and when you least expect it. That's why you want a another
+process watching your radius daemon, restarting it if and when it
+dies.
- This text describes how to setup both the free radius daemon so that
- it is automatically restarted upon death. To do this, we'll use
- either Dan Bernstein's 'daemontools' package or the inittab file.
+This text describes how to setup both the free radius daemon so that
+it is automatically restarted if the process quits unexpectedly. To
+do this, we'll use either Dan Bernstein's 'daemontools' package or the
+inittab file. Note: The radwatch script that used to be part of this
+distribution, is depreciated and SHOULD NOT BE USED.
- Note: The radwatch script that used to be part of this distribution,
- is depreciated and SHOULD NOT BE USED.
+Setting Up Daemontools
+----------------------
-1. SETTING UP DAEMONTOOLS
+First, download (and install) daemontools from:
- First, download (and install) daemontools from:
+ http://cr.yp.to/daemontools.html
- http://cr.yp.to/daemontools.html
+The latest version as of this writing is 0.70. It would be well worth
+your while to read all the documentation at that site too, as you can
+do much more with daemontools than I describe here.
- The latest version as of this writing is 0.70. It would be well
- worth your while to read all the documentation at that site too,
- as you can do much more with daemontools than I describe here.
+Next, we'll need a directory for the radius 'service' to use with
+daemontools. I usually create a dir '/var/svc' to hold all my
+daemontool supervised services. i.e.::
- Next, we'll need a directory for the radius 'service' to use with
- daemontools. I usually create a dir '/var/svc' to hold all my
- daemontool supervised services. Ie:
+ $ mkdir /var/svc
+ $ mkdir /var/svc/radiusd
- # mkdir /var/svc
- # mkdir /var/svc/radiusd
+Now we just need a short shell script called 'run' in our new service
+directory that will start our daemon. The following should get you
+started::
- Now we just need a short shell script called 'run' in our new
- service directory that will start our daemon. The following should
- get you started:
+ #!/bin/sh
+ # Save as /var/svc/radiusd/run
+ exec /usr/local/sbin/radiusd -s -f
- /var/svc/radiusd/run:
- ---------------------
- #!/bin/sh
- exec /usr/local/sbin/radiusd -s -f
+Of course you'll want to make that 'run' file executable::
- Of course you'll want to make that 'run' file executable:
+ $ chmod +x /var/svc/radiusd/run
- # chmod +x /var/svc/radiusd/run
+Note, you *MUST* use the '-f' option when supervising. That option
+tells radiusd not to detach from the tty when starting. If you don't
+use that option, the daemontools will always think that radiusd has
+just died and will (try to) restart it. Not good.
- Note, you *MUST* use the '-f' option when supervising. That option
- tells radiusd not to detach from the tty when starting. If you don't
- use that option, the daemontools will always think that radiusd has
- just died and will (try to) restart it. Not good.
+Now the only left to do is to start the 'supervise' command that came
+with daemontools. Do that like so::
- Now the only left to do is to start the 'supervise' command that
- came with daemontools. Do that like so:
+ $ supervise /var/svc/radiusd
- # supervise /var/svc/radiusd
+Maintenance With Daemontools
+----------------------------
-2. MAINTENANCE WITH DAEMONTOOLS
+ Any maintenance you need to do with almost certainly be done with the
+ 'svc' program in the deamontools package. i.e.::
- Any maintenance you need to do with almost certainly be done with the
- 'svc' program in the deamontools package. Ie:
+ Shutdown radiusd:
+ $ svc -d /var/svc/radiusd
+
+ Start it back up:
+ $ svc -u /var/svc/radiusd
+
+ Send HUP to radiusd:
+ $ svc -h /var/svc/radiusd
+
+ Shutdown and stop supervising radiusd:
+ $ svc -dx /var/svc/radiusd
- Shutdown radiusd:
- # svc -d /var/svc/radiusd
+Supervising With Inittab
+------------------------
- Start it back up:
- # svc -u /var/svc/radiusd
+This is really pretty easy, but it is system dependent. I strongly
+suggest you read the man pages for your 'init' before playing with
+this. You can seriously hose your system if you screw up your
+inittab.
+
+Add this line (or something similar to it) to your inittab::
- Send HUP to radiusd:
- # svc -h /var/svc/radiusd
+ fr:23:respawn:/usr/local/sbin/radiusd -f -s &> /dev/null
- Shutdown and stop supervising radiusd:
- # svc -dx /var/svc/radiusd
+Now all that's left is to have the system reread the inittab. Usually
+that's done with one of the following::
-3. SUPERVISING WITH INITTAB
+ $ telinit Q
- This is really pretty easy, but it is system dependent. I strongly
- suggest you read the man pages for your 'init' before playing with
- this. You can seriously hose your system if you screw up your
- inittab.
-
- Add this line (or something similar to it) to your inittab:
+or::
- fr:23:respawn:/usr/local/sbin/radiusd -f -s &> /dev/null
+ $ init q
- Now all that's left is to have the system reread the inittab. Usually
- that's done with one of the following:
+Now you should see a 'radiusd' process when you issue a 'ps'. If you
+don't, try to run the radiusd command you put in inittab manually. If
+it works, that means you didn't tell the system to reread inittab
+properly. If it doesn't work, that means your radius start command is
+bad and you need to fix it.
- # telinit Q
- <or>
- # init q
+Acknowledgements
+----------------
- Now you should see a 'radiusd' process when you issue a 'ps'. If you
- don't, try to run the radiusd command you put in inittab manually.
- If it works, that means you didn't tell the system to reread inittab
- properly. If it doesn't work, that means your radius start command
- is bad and you need to fix it.
+ Document author : Jeff Carneal
+ daemontools auther : Dan Bernstein
+ Further daemontool notes (below): Antonio Dias
+ Radwatch note : Andrey Melnikov
-4. ACKNOWLEDGEMENTS
-
- Document author: Jeff Carneal
- daemontools auther: Dan Bernstein
- Further daemontool notes (below): Antonio Dias
- Radwatch note: Andrey Melnikov
+Further Daemontools notes
+=========================
-5. FURTHER DAEMONTOOLS NOTES
+Here are some notes by Antonia Dias sent to the free radius mailing
+list. Some of you may find this useful after reading the above and the
+docs for daemontools.
- Here are some notes by Antonia Dias sent to the free radius mailing list.
- Some of you may find this useful after reading the above and the docs for
- daemontools.
-
- -------------------------------------------------------------------------
-
- daemontools instructions
-
- I am running radiusd under supervise from daemontools without problems.
- The only thing I am missing right now is an option to force radiusd to
- send log to stderr so I can manage logs better with multilog (also
- included in daemontools package). Here is the procedure I've been
- following (for Cistron RADIUS):
-
- root@storm:~> groupadd log
- root@storm:~> useradd -g log log
- root@storm:~> mkdir /etc/radiusd
- root@storm:~> mkdir /etc/radiusd/log
- root@storm:~> mkdir /etc/radiusd/log/main
- root@storm:~> chmod +t+s /etc/radiusd /etc/radiusd/log
- root@storm:~> chown log.log /etc/radiusd/log/main
+Daemontools Instructions
+------------------------
- Here are the contents of run files from /etc/radiusd and /etc/radiusd/log
+I am running radiusd under supervise from daemontools without
+problems. The only thing I am missing right now is an option to force
+radiusd to send log to stderr so I can manage logs better with
+multilog (also included in daemontools package). Here is the procedure
+I've been following (for Cistron RADIUS)::
+
+ $ groupadd log
+ $ useradd -g log log
+ $ mkdir /etc/radiusd
+ $ mkdir /etc/radiusd/log
+ $ mkdir /etc/radiusd/log/main
+ $ chmod +t+s /etc/radiusd /etc/radiusd/log
+ $ chown log.log /etc/radiusd/log/main
- root@storm:~> cd /etc/radiusd
- root@storm:/etc/radiusd> cat run
- #!/bin/sh
- exec 2>&1
- exec /usr/sbin/radiusd -fyzx
- root@storm:/etc/radiusd> cd /etc/radiusd/log
- root@storm:/etc/radiusd/log> cat run
- #!/bin/sh
- exec setuidgid log multilog t ./main
+Here are the contents of run files from '/etc/radiusd' and '/etc/radiusd/log'::
+
+ $ cd /etc/radiusd
+ $ cat run
+ #!/bin/sh
+ exec 2>&1
+ exec /usr/sbin/radiusd -fyzx
+ $ cd /etc/radiusd/log
+ $ cat run
+ #!/bin/sh
+ exec setuidgid log multilog t ./main
- To make service wake-up do:
- root@storm:~> ln -sf /etc/radiusd /service
-
- Hang-up (to reload config) it using:
- root@storm:~> svc -h /service/radiusd
-
- Disable (down) it using:
- root@storm:~> svc -d /service/radiusd
+ To make service wake-up do::
+
+ $ ln -sf /etc/radiusd /service
- Reenable (up) it using:
- root@storm:~> svc -u /service/radiusd
+ Hang-up (to reload config) it using::
+
+ $ svc -h /service/radiusd
- --
- Antonio Dias
+Disable (down) it using::
+
+ $ svc -d /service/radiusd
+Reenable (up) it using::
+
+ $ svc -u /service/radiusd
projects / freeradius.git / blobdiff