add systemd unit file, add mini auth protocol to local connector

config/systemd.m4

@@ -0,0 +1,47 @@
+dnl Probe for systemd libraries and installation paths.
+dnl
+dnl Provides the RRA_WITH_SYSTEMD_UNITDIR macro, which adds the
+dnl --with-systemdsystemunitdir configure flag, sets the systemdsystemunitdir
+dnl substitution variable, and provides the HAVE_SYSTEMD Automake conditional
+dnl to use to control whether to install unit files.
+dnl
+dnl Provides the RRA_LIB_SYSTEMD_DAEMON_OPTIONAL macro, which sets
+dnl SYSTEMD_CFLAGS and SYSTEMD_LIBS substitution variables if
+dnl libsystemd-daemon is available and defines HAVE_SD_NOTIFY.  pkg-config
+dnl support for libsystemd-daemon is required for it to be detected.
+dnl
+dnl Depends on the Autoconf macros that come with pkg-config.
+dnl
+dnl The canonical version of this file is maintained in the rra-c-util
+dnl package, available at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+dnl
+dnl Written by Russ Allbery <[email protected]>
+dnl Copyright 2013, 2014
+dnl     The Board of Trustees of the Leland Stanford Junior University
+dnl
+dnl This file is free software; the authors give unlimited permission to copy
+dnl and/or distribute it, with or without modifications, as long as this
+dnl notice is preserved.
+
+dnl Determine the systemd system unit directory, along with a configure flag
+dnl to override, and sets @systemdsystemunitdir@.  Provides the Automake
+dnl HAVE_SYSTEMD Automake conditional.
+AC_DEFUN([RRA_WITH_SYSTEMD_UNITDIR],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])
+ AS_IF([test x"$PKG_CONFIG" = x], [PKG_CONFIG=false])
+ AC_ARG_WITH([systemdsystemunitdir],
+    [AS_HELP_STRING([--with-systemdsystemunitdir=DIR],
+        [Directory for systemd service files])],
+    [],
+    [with_systemdsystemunitdir=$($PKG_CONFIG --variable=systemdsystemunitdir systemd)])
+ AS_IF([test x"$with_systemdsystemunitdir" != xno],
+    [AC_SUBST([systemdsystemunitdir], [$with_systemdsystemunitdir])])
+ AM_CONDITIONAL([HAVE_SYSTEMD],
+    [test -n "$with_systemdsystemunitdir" -a x"$with_systemdsystemunitdir" != xno])])
+
+dnl Check for libsystemd-daemon and define SYSTEMD_DAEMON_{CFLAGS,LIBS} if it
+dnl is available.
+AC_DEFUN([RRA_LIB_SYSTEMD_DAEMON_OPTIONAL],
+[PKG_CHECK_EXISTS([libsystemd-daemon],
+    [PKG_CHECK_MODULES([SYSTEMD_DAEMON], [libsystemd-daemon])
+     AC_DEFINE([HAVE_SD_NOTIFY], 1, [Define if sd_notify is available.])])])

configure.ac

@@ -180,6 +180,11 @@ if test "$enable_caliper" = "yes"; then
     AC_DEFINE([HAVE_CALIPER], [1], [Define if you have libcaliper])
 fi
 
+##
+# Check for systemd
+##
+RRA_WITH_SYSTEMD_UNITDIR
+
 
 ##
 # Embedded libev
@@ -280,6 +285,7 @@ AC_CONFIG_FILES( \
   etc/Makefile \
   etc/flux-core.pc \
   etc/flux-pmi.pc \
+  etc/flux.service \
   doc/Makefile \
   doc/man1/Makefile \
   doc/man3/Makefile \

doc/man1/flux-module.adoc

@@ -43,18 +43,69 @@ inferred from the name specified on the command line.
 *list* ['OPTIONS'] ['service']::
 List modules loaded by 'service', or by flux-broker(1) if 'service' is unspecified.
 
+*stats* ['OPTIONS'] ['name']::
+Request statistics from module 'name'.  A JSON object containing a set of
+counters for each type of Flux message is returned by default, however
+the object may be customized on a module basis.
+
+*debug* ['OPTIONS'] ['name']::
+Manipulate debug flags in module 'name'.  The interpretation of debug
+flag bits is private to the module and its test drivers.
 
 OPTIONS
 -------
 *-r, --rank*'=NODESET'::
 Specify which ranks to apply the command to.  See NODESET FORMAT below
-for more information.
+for more information.  The 'stats' and 'debug' commands accept only
+a single rank here.
 
 *-x, --exclude*'=NODESET'::
 Specify ranks to exclude the command from.  See NODESET FORMAT below
-for more information.
+for more information.  This option is not accepted by the 'stats'
+and 'debug' commands.
+
+STATS OPTIONS
+-------------
+*-p, --parse*'=OBJNAME'::
+OBJNAME is a period delimited list of field names that should be walked
+to obtain a specific value or object in the returned JSON.
+
+*-t, --type*'=int|double'::
+Force the returned value to be converted to int or double.
+
+*-s, --scale*'=N'::
+Multiply the returned (int or double) value by the specified
+floating point value.
+
+*-R, --rusage*::
+Return a JSON object representing an 'rusage' structure
+returned by getrusage(2).
+
+*-c, --clear*::
+Send a request message to clear statistics in the target module.
+
+*-C, --clear-all*::
+Broadcast an event message to clear statistics in the target module
+on all ranks.
+
+DEBUG OPTIONS
+-------------
+
+*-c, --clear*::
+Set debug flags to zero.
+
+*-S, --set*'=MASK'::
+Set debug flags to MASK.
+The value may be prefixed with 0x to indicate hexadecimal or 0
+to indicate octal, otherwise the value is interpreted as decimal.
 
+*-c, --clearbit*'=MASK'::
+Clear the debug bits specified in MASK without disturbing other bits.
+The value is interpreted as above.
 
+*-s, --setbit*'=MASK'::
+Set the debug bits specified in MASK without disturbing other bits.
+The value is interpreted as above.
 
 LIST OUTPUT
 -----------

etc/Makefile.am

@@ -1,3 +1,7 @@
+#if HAVE_SYSTEMD
+systemdsystemunit_SCRIPTS = flux.service
+#endif
+
 noinst_DATA = \
 	flux/curve
 
@@ -30,4 +34,5 @@ pkgconfig_DATA = flux-core.pc flux-pmi.pc
 endif
 
 EXTRA_DIST = \
-	gen-cmdhelp.pl
+	gen-cmdhelp.pl \
+	flux.service

etc/flux.service.in

@@ -0,0 +1,12 @@
+[Unit]
+Description=Flux message broker
+
+[Service]
+ExecStart=@X_BINDIR@/flux start -o,-Sbroker.rundir=%t/flux,-Ssession-id=%H sleep inf
+User=flux
+Group=flux
+RuntimeDirectory=flux
+RuntimeDirectoryMode=0755
+
+[Install]
+WantedBy=multi-user.target

src/broker/broker.c

@@ -180,7 +180,6 @@ static void broker_add_services (broker_ctx_t *ctx);
 static void load_modules (broker_ctx_t *ctx, const char *default_modules);
 
 static void update_proctitle (broker_ctx_t *ctx);
-static void update_pidfile (broker_ctx_t *ctx);
 static void runlevel_cb (runlevel_t *r, int level, int rc, double elapsed,
                          const char *state, void *arg);
 static void runlevel_io_cb (runlevel_t *r, const char *name,
@@ -556,7 +555,6 @@ int main (int argc, char *argv[])
     }
 
     update_proctitle (&ctx);
-    update_pidfile (&ctx);
 
     if (ctx.rank == 0) {
         const char *rc1, *rc3, *pmi, *uri;
@@ -806,25 +804,6 @@ static void update_proctitle (broker_ctx_t *ctx)
     ctx->proctitle = s;
 }
 
-static void update_pidfile (broker_ctx_t *ctx)
-{
-    const char *rundir;
-    char *pidfile;
-    FILE *f;
-
-    if (attr_get (ctx->attrs, "broker.rundir", &rundir, NULL) < 0)
-        log_msg_exit ("broker.rundir attribute is not set");
-    pidfile = xasprintf ("%s/broker.pid", rundir);
-    if (!(f = fopen (pidfile, "w+")))
-        log_err_exit ("%s", pidfile);
-    if (fprintf (f, "%u", ctx->pid) < 0)
-        log_err_exit ("%s", pidfile);
-    if (fclose (f) < 0)
-        log_err_exit ("%s", pidfile);
-    cleanup_push_string (cleanup_file, pidfile);
-    free (pidfile);
-}
-
 /* Handle line by line output on stdout, stderr of runlevel subprocess.
  */
 static void runlevel_io_cb (runlevel_t *r, const char *name,

src/broker/modservice.c

@@ -177,6 +177,43 @@ static void shutdown_cb (flux_t *h, flux_msg_handler_t *w,
     flux_reactor_stop (flux_get_reactor (h));
 }
 
+static void debug_cb (flux_t *h, flux_msg_handler_t *w,
+                      const flux_msg_t *msg, void *arg)
+{
+    int flags;
+    int *debug_flags;
+    const char *op;
+
+    if (flux_request_decodef (msg, NULL, "{s:s s:i}", "op", &op,
+                                                    "flags", &flags) < 0)
+        goto error;
+    if (!(debug_flags = flux_aux_get (h, "flux::debug_flags"))) {
+        if (!(debug_flags = calloc (1, sizeof (*debug_flags)))) {
+            errno = ENOMEM;
+            goto error;
+        }
+        flux_aux_set (h, "flux::debug_flags", debug_flags, free);
+    }
+    if (!strcmp (op, "setbit"))
+        *debug_flags |= flags;
+    else if (!strcmp (op, "clrbit"))
+        *debug_flags &= ~flags;
+    else if (!strcmp (op, "set"))
+        *debug_flags = flags;
+    else if (!strcmp (op, "clr"))
+        *debug_flags = 0;
+    else {
+        errno = EPROTO;
+        goto error;
+    }
+    if (flux_respondf (h, msg, "{s:i}", "flags", *debug_flags) < 0)
+        flux_log_error (h, "%s: flux_respond", __FUNCTION__);
+    return;
+error:
+    if (flux_respond (h, msg, errno, NULL) < 0)
+        flux_log_error (h, "%s: flux_respond", __FUNCTION__);
+}
+
 /* Reactor loop is about to block.
  */
 static void prepare_cb (flux_reactor_t *r, flux_watcher_t *w,
@@ -244,6 +281,7 @@ void modservice_register (flux_t *h, module_t *p)
     register_request (ctx, "stats.get", stats_get_cb);
     register_request (ctx, "stats.clear", stats_clear_request_cb);
     register_request (ctx, "rusage", rusage_cb);
+    register_request (ctx, "debug", debug_cb);
 
     register_event   (ctx, "stats.clear", stats_clear_event_cb);
 

src/cmd/Makefile.am

@@ -71,7 +71,6 @@ fluxcmd_PROGRAMS = \
 	flux-event \
 	flux-module \
 	flux-comms \
-	flux-comms-stats \
 	flux-kvs \
 	flux-start \
 	flux-jstat

src/cmd/builtin/proxy.c

@@ -683,13 +683,19 @@ static int check_cred (proxy_ctx_t *ctx, int fd)
     if (ucred.uid != ctx->session_owner) {
         flux_log (ctx->h, LOG_ERR, "connect by uid=%d pid=%d denied",
                   ucred.uid, (int)ucred.pid);
+        errno = EPERM;
         goto done;
     }
     rc = 0;
 done:
     return rc;
 }
 
+static int send_auth_response (int fd, unsigned char e)
+{
+    return write (fd, &e, 1);
+}
+
 /* Accept a connection from new client.
  */
 static void listener_cb (flux_reactor_t *r, flux_watcher_t *w,
@@ -708,9 +714,11 @@ static void listener_cb (flux_reactor_t *r, flux_watcher_t *w,
             goto done;
         }
         if (check_cred (ctx, cfd) < 0) {
+            send_auth_response (cfd, errno);
             close (cfd);
             goto done;
         }
+        send_auth_response (cfd, 0);
         if (!(c = client_create (ctx, cfd, cfd))) {
             close (cfd);
             goto done;
@@ -894,7 +902,6 @@ static int cmd_proxy (optparse_t *p, int ac, char *av[])
     const char *tmpdir = getenv ("TMPDIR");
     char workpath[PATH_MAX + 1];
     char sockpath[PATH_MAX + 1];
-    char pidfile[PATH_MAX + 1];
     const char *job;
     const char *optarg;
     int optindex;
@@ -954,16 +961,6 @@ static int cmd_proxy (optparse_t *p, int ac, char *av[])
             log_err_exit ("error creating proxy socket directory");
         cleanup_push_string(cleanup_directory, workpath);
 
-        /* Write proxy pid to broker.pid file.
-         * Local connector expects this.
-         */
-        n = snprintf (pidfile, sizeof (pidfile), "%s/broker.pid", workpath);
-        assert (n < sizeof (pidfile));
-        FILE *f = fopen (pidfile, "w");
-        if (!f || fprintf (f, "%d", getpid ()) < 0 || fclose (f) == EOF)
-            log_err_exit ("%s", pidfile);
-        cleanup_push_string(cleanup_file, pidfile);
-
         /* Listen on socket
          */
         n = snprintf (sockpath, sizeof (sockpath), "%s/local", workpath);