Each `service` should run in a separate process

fxbox / foxbox

The FoxBox daemon

Mozilla Public License 2.0

29 stars 29 forks source link

Each `service` should run in a separate process #31

Open samgiles opened 8 years ago

samgiles commented 8 years ago

A service should probably run in a separate process - easy upgrades, safety from crashes etc. See brief discussion on #22.

We should use https://github.com/servo/ipc-channel, it probably needs extending though:

Servers only accept one client at a time.

These processes probably need some sort of supervisor to keep them alive. As will the tunnel_controller, which will control the lifecycle of the tunnel process.

[x] Generic process supervisor API
[ ] One process per service
[ ] IPC protocol between service and controller - probably CSP based on ipc-channel

fabricedesre commented 8 years ago

It's likely overkill to have a process per service or per adapter in all cases. For instance, why would you do that for a service that only needs to do http calls? There's no inherent security issue.

But some will be OOP, as will the tunnel_controller. ipc-channel needs to be updated to support something like: the foxbox daemon opens a fd, launches the tunnel_controller with the fd as an argument, and establishes the ipc over this fd. That's similar to how we manage external daemons for hw access on b2g.

samgiles commented 8 years ago

Agreed, it probably is overkill for most things - would be nice to support zero-downtime upgrades of services though; if that's something we want to support.

We should have a generic API though regardless of OOP or not, but it should support the OOP case.

ipc-channel supports fd passing already:

file descriptor passing over Unix sockets on Linux

The tunnel_controller will be slightly different as we'll be launching a completely different binary written in Go and the requirement for IPC here is practically none - at this early stage, in the most basic of senses, we just need to make sure this external process is in one of two states: running/!running :)

Yoric commented 8 years ago

Just to be sure, a service is basically a driver, right?

If so, it would probably make sense to at least put them all in a process we can easily restart.

fabricedesre commented 8 years ago

Adapters are responsible for discovery, and services and instances of things that are discovered. I can foresee different setup where the adapter could run oop, or the services themselves. I don't think it's important yet to focus on that, except for processes like the tunnel controller.

Yoric commented 8 years ago

I don't think it's important yet to focus on that, except for processes like the tunnel controller.

Fair enough.