module Mixlib::ShellOut::Unix
def attempt_buffer_read
def attempt_buffer_read ready = IO.select(open_pipes, nil, nil, READ_WAIT_TIME) if ready && ready.first.include?(child_stdout) read_stdout_to_buffer end if ready && ready.first.include?(child_stderr) read_stderr_to_buffer end ready end
def attempt_reap
def attempt_reap if results = Process.waitpid2(@child_pid, Process::WNOHANG) @reaped = true @status = results.last else nil end end
def child_process_status
def child_process_status @process_status_pipe[0] end
def child_stderr
def child_stderr @stderr_pipe[0] end
def child_stdin
def child_stdin @stdin_pipe[1] end
def child_stdout
def child_stdout @stdout_pipe[0] end
def clean_parent_file_descriptors
number could be made to be configurable or updated based on
limit in a chef environment. If we have issues in the future this
descriptors upto 256. We believe this is a reasonable upper
NOTE: After some discussions we've decided to iterate on file
is killed.
coming from the parent to prevent unintended locking if parent
descriptors of the parent. We clean the file descriptors
When a new process is started with chef, it shares the file
def clean_parent_file_descriptors # Don't clean $stdin, $stdout, $stderr, process_status_pipe. 3.upto(256) do |n| # We are checking the fd for error pipe before attempting to # create a file because error pipe will auto close when we # try to create a file since it's set to CLOEXEC. if n != @process_status_pipe.last.to_i begin fd = File.for_fd(n) fd.close if fd rescue end end end end
def close_all_pipes
def close_all_pipes child_stdin.close unless child_stdin.closed? child_stdout.close unless child_stdout.closed? child_stderr.close unless child_stderr.closed? child_process_status.close unless child_process_status.closed? end
def configure_parent_process_file_descriptors
def configure_parent_process_file_descriptors # Close the sides of the pipes we don't care about stdin_pipe.first.close stdin_pipe.last.close unless input stdout_pipe.last.close stderr_pipe.last.close process_status_pipe.last.close # Get output as it happens rather than buffered child_stdin.sync = true if input child_stdout.sync = true child_stderr.sync = true true end
def configure_subprocess_file_descriptors
If there is no input, close STDIN so when we exec,
reader side of the error marshaling side channel.
Replace stdout, and stderr with pipes to the parent, and close the
def configure_subprocess_file_descriptors process_status_pipe.first.close # HACK: for some reason, just STDIN.close isn't good enough when running # under ruby 1.9.2, so make it good enough: stdin_pipe.last.close STDIN.reopen stdin_pipe.first stdin_pipe.first.close unless input stdout_pipe.first.close STDOUT.reopen stdout_pipe.last stdout_pipe.last.close stderr_pipe.first.close STDERR.reopen stderr_pipe.last stderr_pipe.last.close STDOUT.sync = STDERR.sync = true STDIN.sync = true if input end
def fork_subprocess
def fork_subprocess initialize_ipc fork do configure_subprocess_file_descriptors clean_parent_file_descriptors set_group set_user set_environment set_umask set_cwd begin command.kind_of?(Array) ? exec(*command) : exec(command) raise 'forty-two' # Should never get here rescue Exception => e Marshal.dump(e, process_status_pipe.last) process_status_pipe.last.flush end process_status_pipe.last.close unless (process_status_pipe.last.closed?) exit! end end
def initialize_ipc
def initialize_ipc @stdin_pipe, @stdout_pipe, @stderr_pipe, @process_status_pipe = IO.pipe, IO.pipe, IO.pipe, IO.pipe @process_status_pipe.last.fcntl(Fcntl::F_SETFD, Fcntl::FD_CLOEXEC) end
def open_pipes
Some patch levels of ruby in wide use (in particular the ruby 1.8.6 on OSX)
def open_pipes @open_pipes ||= [child_stdout, child_stderr] end
def propagate_pre_exec_failure
If it's there, un-marshal it and raise. If it's not there,
Attempt to get a Marshaled error from the side-channel.
def propagate_pre_exec_failure begin e = Marshal.load child_process_status raise(Exception === e ? e : "unknown failure: #{e.inspect}") rescue EOFError # If we get an EOF error, then the exec was successful true ensure child_process_status.close end end
def read_stderr_to_buffer
def read_stderr_to_buffer while chunk = child_stderr.read_nonblock(READ_SIZE) @stderr << chunk end rescue Errno::EAGAIN rescue EOFError open_pipes.delete(child_stderr) end
def read_stdout_to_buffer
def read_stdout_to_buffer while chunk = child_stdout.read_nonblock(READ_SIZE) @stdout << chunk @live_stream << chunk if @live_stream end rescue Errno::EAGAIN rescue EOFError open_pipes.delete(child_stdout) end
def reap
def reap results = Process.waitpid2(@child_pid) @reaped = true @status = results.last end
def reap_errant_child
def reap_errant_child return if attempt_reap @terminate_reason = "Command execeded allowed execution time, killed by TERM signal." logger.error("Command execeded allowed execution time, sending TERM") if logger Process.kill(:TERM, @child_pid) sleep 3 return if attempt_reap @terminate_reason = "Command execeded allowed execution time, did not respond to TERM. Killed by KILL signal." logger.error("Command did not exit from TERM, sending KILL") if logger Process.kill(:KILL, @child_pid) reap # Should not hit this but it's possible if something is calling waitall # in a separate thread. rescue Errno::ESRCH nil end
def run_command
* Chef::Exceptions::CommandTimeout when the command does not complete
in the current $PATH)
* Errno::ENOENT when the command is not available on the system (or not
* Errno::EACCES when you are not privileged to execute the command
=== Raises
populated with results of the command
returns +self+; +stdout+, +stderr+, +status+, and +exitstatus+ will be
=== Returns
to +stdout+ and +stderr+, and saving its exit status object to +status+
Run the command, writing the command's standard out and standard error
def run_command @child_pid = fork_subprocess @reaped = false configure_parent_process_file_descriptors # Ruby 1.8.7 and 1.8.6 from mid 2009 try to allocate objects during GC # when calling IO.select and IO#read. Some OS Vendors are not interested # in updating their ruby packages (Apple, *cough*) and we *have to* # make it work. So I give you this epic hack: GC.disable # CHEF-3390: Marshall.load on Ruby < 1.8.7p369 also has a GC bug related # to Marshall.load, so try disabling GC first. propagate_pre_exec_failure @result = nil @execution_time = 0 write_to_child_stdin until @status ready_buffers = attempt_buffer_read unless ready_buffers @execution_time += READ_WAIT_TIME if @execution_time >= timeout && !@result # kill the bad proccess reap_errant_child # read anything it wrote when we killed it attempt_buffer_read # raise raise CommandTimeout, "Command timed out after #{@execution_time.to_i}s:\n#{format_for_exception}" end end attempt_reap end self rescue Errno::ENOENT # When ENOENT happens, we can be reasonably sure that the child process # is going to exit quickly, so we use the blocking variant of waitpid2 reap raise ensure reap_errant_child if should_reap? # make one more pass to get the last of the output after the # child process dies attempt_buffer_read # no matter what happens, turn the GC back on, and hope whatever busted # version of ruby we're on doesn't allocate some objects during the next # GC run. GC.enable close_all_pipes end
def set_cwd
def set_cwd Dir.chdir(cwd) if cwd end
def set_environment
def set_environment environment.each do |env_var,value| ENV[env_var] = value end end
def set_group
def set_group if group Process.egid = gid Process.gid = gid end end
def set_umask
def set_umask File.umask(umask) if umask end
def set_user
def set_user if user Process.euid = uid Process.uid = uid end end
def should_reap?
def should_reap? # if we fail to fork, no child pid so nothing to reap @child_pid && !@reaped end
def validate_options(opts)
def validate_options(opts) # No options to validate, raise exceptions here if needed end
def write_to_child_stdin
def write_to_child_stdin return unless input child_stdin << input child_stdin.close # Kick things off end