The following describes a debugging session to narrow down a systemd's watchdog timeout in a process which apparently behaves correctly and sends its watchdog refresh on a regular period.
The systemd service starts a process supposed to refresh the systemd watchdog at least every 30 seconds:
[Unit]
Description=XXX Manager SERVICE
Wants=...
After=...
Requires=...
[Service]
User=power
Group=power
Type=notify
AmbientCapabilities=CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_ADMIN
RemainAfterExit=no
ExecStart= /usr/bin/XXX-Manager
Restart=on-failure
TimeoutStartSec=30s
WatchdogSec=30s
[Install]
WantedBy=network.target
WantedBy=multi-user.target
|
The source code of the process calls sd_notify() every 15 seconds (the systemd's documentation recommends to refresh the watchdog every half period to make sure to be on time). Hence the following loop in the main function of the source code:
[...]
// man systemd.service recommends notifying every half time of max
watchdogNotifyIntervalUsec = watchdogNotifyIntervalUsec / 2;
[...]
do{
[...]
notif_state_count ++;
if( notif_state_count == (watchdogNotifyIntervalUsec/1000000)) //Count until WatchDogTime/2
{
notif_state_count = 0 ;
[...]
sd_notify(0, "WATCHDOG=1");
}
}
sleep(1);
}while(...);
[...]
|
The above source code does not check the returned code from sd_notify() as recommended in the "Return value" paragraph of the documentation: "In order to support both service managers that implement this scheme and those which do not, it is generally recommended to ignore the return value of this call". The possible returned codes are not documented at all.
Despite the above correct source code, after some minutes, systemd kills the process with a SIGABRT signal claiming that it did not received a watchdog refresh message:
[ 1186.549392] systemd[1]: XXX-Manager.service: Watchdog timeout (limit 30s)! |
It is possible to spy the watchdog refresh messages received by systemd with strace tool. The message is sent over a Unix socket with UCRED ancillary data containing the pid of the sender process. Hence, we can capture the refresh messages received by systemd (pid = 1) from the process with something like this:
# pidof XXX-Manager 13118 # strace -tt -p1 2>&1 | grep "pid=13118" [root@sa415m system]# strace -tt -p1 2>&1 | grep "pid=13118" 21:11:14.039993 recvmsg(15, {msg_name(0)=NULL, msg_iov(1)=[{"WATCHDOG=1", 4096}], msg_controllen=24, [{cmsg_len=24, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS, {pid=13118, uid=2936, gid=2936}}], msg_flags=MSG_CMSG_CLOEXEC}, MSG_TRUNC|MSG_DONTWAIT|MSG_CMSG_CLOEXEC) = 10 21:11:29.040413 recvmsg(15, {msg_name(0)=NULL, msg_iov(1)=[{"WATCHDOG=1", 4096}], msg_controllen=24, [{cmsg_len=24, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS, {pid=13118, uid=2936, gid=2936}}], msg_flags=MSG_CMSG_CLOEXEC}, MSG_TRUNC|MSG_DONTWAIT|MSG_CMSG_CLOEXEC) = 10 21:11:44.041183 recvmsg(15, {msg_name(0)=NULL, msg_iov(1)=[{"WATCHDOG=1", 4096}], msg_controllen=24, [{cmsg_len=24, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS, {pid=13118, uid=2936, gid=2936}}], msg_flags=MSG_CMSG_CLOEXEC}, MSG_TRUNC|MSG_DONTWAIT|MSG_CMSG_CLOEXEC) = 10 21:11:59.041363 recvmsg(15, {msg_name(0)=NULL, msg_iov(1)=[{"WATCHDOG=1", 4096}], msg_controllen=24, [{cmsg_len=24, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS, {pid=13118, uid=2936, gid=2936}}], msg_flags=MSG_CMSG_CLOEXEC}, MSG_TRUNC|MSG_DONTWAIT|MSG_CMSG_CLOEXEC) = 10 21:12:14.039749 recvmsg(15, {msg_name(0)=NULL, msg_iov(1)=[{"WATCHDOG=1", 4096}], msg_controllen=24, [{cmsg_len=24, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS, {pid=13118, uid=2936, gid=2936}}], msg_flags=MSG_CMSG_CLOEXEC}, MSG_TRUNC|MSG_DONTWAIT|MSG_CMSG_CLOEXEC) = 10 21:12:29.039450 recvmsg(15, {msg_name(0)=NULL, msg_iov(1)=[{"WATCHDOG=1", 4096}], msg_controllen=24, [{cmsg_len=24, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS, {pid=13118, uid=2936, gid=2936}}], msg_flags=MSG_CMSG_CLOEXEC}, MSG_TRUNC|MSG_DONTWAIT|MSG_CMSG_CLOEXEC) = 10 21:12:44.040138 recvmsg(15, {msg_name(0)=NULL, msg_iov(1)=[{"WATCHDOG=1", 4096}], msg_controllen=24, [{cmsg_len=24, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS, {pid=13118, uid=2936, gid=2936}}], msg_flags=MSG_CMSG_CLOEXEC}, MSG_TRUNC|MSG_DONTWAIT|MSG_CMSG_CLOEXEC) = 10 [ 2325.018719] systemd[1]: XXX-Manager.service: Watchdog timeout (limit 30s)! 21:13:20.264686 waitid(P_ALL, 0, {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=13118, si_uid=2936, si_status=SIGABRT, si_utime=0, si_stime=0}, WNOHANG|WEXITED|WNOWAIT, NULL) = 0 21:13:20.560058 waitid(P_PID, 13118, {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=13118, si_uid=2936, si_status=SIGABRT, si_utime=0, si_stime=0}, WEXITED, NULL) = 0 |