View Issue Details

IDProjectCategoryView StatusLast Update
0007209Talerdeployment and operationspublic2022-07-17 17:03
Reporterms-mantis Assigned Tosebasjm  
PrioritynormalSeverityminorReproducibilityhave not tried
Status resolvedResolutionfixed 
Target Version0.9Fixed in Version0.9 
Summary0007209: Consider using SystemD 'slice' for taler-local.
DescriptionPlease document the advantages of this solution before proceeding with the implementation.
TagsNo tags attached.

Activities

sebasjm

2022-04-13 18:30

developer   ~0018869

To use the slice feature of systemd we need a .slice definition (or more than one) based on the service resource usage and limits.

We may have one global taler.service definition which limits the CPU, memory and IO but the correct approach will be to take some time an check any of the systemd options and generate a reference implementation for the services.

This configuration heavly depends on the destination hardware and deployment strategy but maybe we can create a reference implementation with some general rules for example: *-secmod should not be using network, greater CPU priority for exchange than merchant-backend

https://www.freedesktop.org/software/systemd/man/systemd.resource-control.html#
https://www.freedesktop.org/software/systemd/man/systemd.slice.html


For the case of 'taler-local':
 * .slice files need to be created
 * the body of the function `unit_file_content` (line 1054) should add the reference to the `.slice`
 * `unit_file_content` should receive the name of the slice for the service


Slice example:

file: taler-exchange.slice
content:
[Unit]
Description=Slice for taler exchange
Before=slices.target

[Slice]
CPUAccounting=true
CPUShares=1000
CPUWeight=1000

file: taler-secmod.slice
content:
[Unit]
Description=Slice for taler secmod rsa,edd
Before=slices.target

[Slice]
IPAccounting=true
IPAddressDeny=any


Then the services need to reference the slice config


file: taler-local-exchange-httpd.service
content:
[Unit]
Description=Taler Exchange HTTP daemon
[Service]
ExecStart=/bin/taler-exchange-httpd
Slice=taler-exchange.slice

file: taler-local-exchange-secmod-rsa.service
content:
[Unit]
Description=Taler Exchange RSA security module
[Service]
ExecStart=/bin/taler-exchange-secmod-rsa
Slice=taler-secmod.slice

sebasjm

2022-04-26 04:11

developer   ~0018895

do we need more info?

Christian Grothoff

2022-07-17 17:03

manager   ~0018958

Fixed in acb9cfec..93b45e62

Issue History

Date Modified Username Field Change
2022-03-27 21:57 ms-mantis New Issue
2022-04-12 21:01 Christian Grothoff Assigned To => sebasjm
2022-04-12 21:01 Christian Grothoff Status new => assigned
2022-04-13 18:30 sebasjm Note Added: 0018869
2022-04-26 04:11 sebasjm Status assigned => feedback
2022-04-26 04:11 sebasjm Note Added: 0018895
2022-07-17 17:03 Christian Grothoff Note Added: 0018958
2022-07-17 17:03 Christian Grothoff Status feedback => resolved
2022-07-17 17:03 Christian Grothoff Resolution open => fixed
2022-07-17 17:03 Christian Grothoff Fixed in Version => 0.9
2022-07-17 17:03 Christian Grothoff Target Version => 0.9