Hi Dave,
----- Original Message -----
> [...]
> This code tries to make sure that pmlogger is running by attempting to
> connect using pmlc. Without the updated access controls, pmlogger
> correctly rejects each connection attempt and the loop logic does work
> as intended, decrementing $delay toward zero. The problem is that $delay
> gets set to 25100, and each connection attempt takes about 1 second. As
Hmm, that seems alot (the 1 sec to fail a local connection part). *shrug*
> a result we wait for a looooong time, making repeated failed connection
> attempts.
>
> A few observations:
>
> * Even if $delay is intended to 10ths of a second, as the pmsleep
> implies, 2510 seconds is still a long time.
IIRC, it originates from /etc/pcp/pmlogger/control ...
# for remote loggers running over a WAN with potentially long delays
$PMCD_CONNECT_TIMEOUT=150
$PMCD_REQUEST_TIMEOUT=120
> * The comment says that a max of 20 requests will be made, but I can't
> figure out how that is represented by $delay. This could probably be
> better represented by a connection counter.
> * $delay for the loop was set this high because the original $delay
> and $x were set to 150 and 120 respectively. i.e. it looks like the
> $PMCD_* defaults kicked in. Is this as intended?
Ah, right (from above file). Yes, I think so - pmlogger may take a very
long time to start, so pmlc has to be prepared to wait for an equally (or
slightly longer) very long time.
> * For this case where the response is "Unable to connect: ...
> Connection refused", the loop should exit immediately.
That doesn't sound right - did you mean "Permission denied"? We expect
to get connection refused (i.e. pmlogger is not yet listening) for some
time, for pmlogger processes logging far-away hosts in particular.
At the end of the day, none of this is acceptable behaviour for someone
upgrading a perfectly working system of course. We can also expect that
some people will continue to use existing configuration files - we can't
assume any change there (via pmlogconf), it needs to Just Work (and it'd
be preferable to improve security for those folks with unchanged configs
too, but that may not be possible & that's fine). There are people who
generate or otherwise supply pmlogger config files of their own crafting
- e.g. predating pmlogconf - those environments need to continue working
after the upgrade.
cheers.
--
Nathan
|