Hello.
I have a question about the combination of the "foreground = yes" option combined with the "output = FILE" option.
The man page says this:
foreground = yes | no (Unix only) foreground mode
Stay in foreground (don’t fork) and log to stderr instead of via syslog (unless output is specified).
This implies that if you set both "foreground = yes" and "output = FILE", the log messages will not be sent to stderr and will instead be sent to the log file only. We'd like this behavior--it makes it easier for our scripts to distinguish startup errors parsing the config file (which are sent to stderr, since the log file isn't configured yet) vs. normal operation after the config file is parsed and the log file is established.
However, it appears that if you specify "foreground = yes" and "output = FILE", log messages will go to *both* stderr and the output file.
I guess I'm asking: is the documentation in conflict with the behavior, and if so, which is correct?
It's possible I'm just misreading the man page. But in any case, here is a simple patch which changes the behavior to match our reading of the man page. It is against stunnel-5.22 but I believe it should be applicable to later versions as well.
Thank you,
Michael
diff -ru stunnel-5.22.orig/src/log.c stunnel-5.22-foreground-outfile/src/log.c --- stunnel-5.22.orig/src/log.c 2015-06-16 06:16:35.000000000 -0700 +++ stunnel-5.22-foreground-outfile/src/log.c 2015-10-14 11:54:58.998254974 -0700 @@ -243,7 +243,8 @@ level<=opt->log_level #else (level<=opt->log_level && - global_options.option.foreground) + global_options.option.foreground && + !outfile) #endif ) ui_new_log(line);
Hi Michael,
On Wed, Oct 14, 2015 at 9:42 PM, Michael Gebis mgebis@countertack.com wrote:
I have a question about the combination of the "foreground = yes" option combined with the "output = FILE" option.
I was tricked by the combination of the options foreground, output and syslog some time ago: https://www.stunnel.org/pipermail/stunnel-users/2014-November/004864.html This might help you out or just be confusing.
We have removed "output = FILE" to avoid the duplicates.
Kind regards,
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 14.10.2015 21:42, Michael Gebis wrote:
I have a question about the combination of the "foreground = yes" option combined with the "output = FILE" option.
[cut]
This implies that if you set both "foreground = yes" and "output = FILE", the log messages will not be sent to stderr and will instead be sent to the log file only.
The implementation was modified in version 4.22 to allow logging to multiple destinations, but apparently I never updated the manual to reflect this change.
We'd like this behavior--it makes it easier for our scripts to distinguish startup errors parsing the config file (which are sent to stderr, since the log file isn't configured yet) vs. normal operation after the config file is parsed and the log file is established.
This is close to the way it works without "foreground = yes".
I guess I'm asking: is the documentation in conflict with the behavior, and if so, which is correct?
The software works as intended. I need to update the documentation.
Best regards, Mike
Michal,
Thank you for the speedy response!
Michael
On Wed, Oct 14, 2015 at 1:19 PM, Michal Trojnara Michal.Trojnara@mirt.net wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 14.10.2015 21:42, Michael Gebis wrote:
I have a question about the combination of the "foreground = yes" option combined with the "output = FILE" option.
[cut]
This implies that if you set both "foreground = yes" and "output = FILE", the log messages will not be sent to stderr and will instead be sent to the log file only.
The implementation was modified in version 4.22 to allow logging to multiple destinations, but apparently I never updated the manual to reflect this change.
We'd like this behavior--it makes it easier for our scripts to distinguish startup errors parsing the config file (which are sent to stderr, since the log file isn't configured yet) vs. normal operation after the config file is parsed and the log file is established.
This is close to the way it works without "foreground = yes".
I guess I'm asking: is the documentation in conflict with the behavior, and if so, which is correct?
The software works as intended. I need to update the documentation.
Best regards, Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJWHrjcAAoJEC78f/DUFuAUi5AQAIAwfUNhcRI3pXD2qDcXBFgP GVgJdeZn5wRlsoE/p6rCoFJ9+7vgw0Rh/7pIWKkzgoDfVDRDI2/TUlV0SPBJyyQw jY9F4M82QP3vIJSGYmJF2AWcZEY0z+Mc17Bm+HIvqiUIBmzMS+5N/O+4u/rZr0SO yibtfpowjAnqA3cNAZNJkhncjmc3GbsXqsYOvIUoZhNzoaOML0RC6DBrPLFhZQ+w ZiMUPRByR17sX37uuy8fBRph62tvU2a+mON1AuozW0dZvdjPNnxXYsIdHbOkS1CK XSQWlHVkBar/gUoHbN8AEkBTFl90FQI1y5sTVJqYpEb/ciy8gL5Eo1ZuhM2/RDPN mncB1Pe8H0kBDxzOGcdwppk4+qj2jEPKRm3KhivO+Jwq0bpgmprMecWsUrvGxojL N+kPcPSW14JIeZOWhSrf706fAUSmQQOTxkuXD1mfpxlkW/gVUwAiI4Vceo8i6f/1 uQ86g7oJlYaqz5g3cqAOxT4+uwgp1UEtBbsb2rq0K848IYFlK5fVFTkjxl06iGKF NvTUCdXdLmXNP3nYZu2lo67owCqsROOrA5oh83cCf6s5zMqAd7eErUeeWi25fooK YI5CP5YLP/h51SS8P0fGXq7DoSGPJEb3ZLBd4FP82X/d0LE+lrKgcLLNKPMY1jOT Lu3dwlit/2KWwnjeR2f3 =OaRE -----END PGP SIGNATURE----- _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
Maybe you'll indulge me and let me make a final argument in favor of making a control widget that allows us to run in "foreground" but have the messages only go to a file.
The reason for this request: We're wrapping stunnel startup for inclusion as a custom Cloudera service--we want to be able to control stunnel startup/shutdown/restart through the Cloudera management tools. The Cloudera control script "glue" requires that processes run in the foreground. This is because they use supervisord which requires the stunnel process to be rooted under supervisord's process tree.
So we are in the position of having to use "foreground = true".
However, the Cloudera service also captures all of the stderr/stdout of the managed process, and makes this available through the Cloudera management console. If this output is just errors/startup/shutdown messages, that's about the right volume of messages, but we have a very busy stunnel with lots of connections, and the Cloudera UI quickly chokes on the volume of text.
Our current setup redirects stdout/stderr to /dev/null to avoid overwhelming the Cloudera UI. But this means that errors during startup (such as a bad config file) are not available through the Cloudera interface. We are living with this right now, and it's not terrible, but I figured I might as well share my wishlist. :)
I understand that our use case may be rather obscure, and are probably outside the scope of what you would like to do with stunnel. But I just wanted to explain. Thanks for reading!
On Wed, Oct 14, 2015 at 1:34 PM, Michael Gebis mgebis@countertack.com wrote:
Michal,
Thank you for the speedy response!
Michael
On Wed, Oct 14, 2015 at 1:19 PM, Michal Trojnara Michal.Trojnara@mirt.net wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 14.10.2015 21:42, Michael Gebis wrote:
I have a question about the combination of the "foreground = yes" option combined with the "output = FILE" option.
[cut]
This implies that if you set both "foreground = yes" and "output = FILE", the log messages will not be sent to stderr and will instead be sent to the log file only.
The implementation was modified in version 4.22 to allow logging to multiple destinations, but apparently I never updated the manual to reflect this change.
We'd like this behavior--it makes it easier for our scripts to distinguish startup errors parsing the config file (which are sent to stderr, since the log file isn't configured yet) vs. normal operation after the config file is parsed and the log file is established.
This is close to the way it works without "foreground = yes".
I guess I'm asking: is the documentation in conflict with the behavior, and if so, which is correct?
The software works as intended. I need to update the documentation.
Best regards, Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJWHrjcAAoJEC78f/DUFuAUi5AQAIAwfUNhcRI3pXD2qDcXBFgP GVgJdeZn5wRlsoE/p6rCoFJ9+7vgw0Rh/7pIWKkzgoDfVDRDI2/TUlV0SPBJyyQw jY9F4M82QP3vIJSGYmJF2AWcZEY0z+Mc17Bm+HIvqiUIBmzMS+5N/O+4u/rZr0SO yibtfpowjAnqA3cNAZNJkhncjmc3GbsXqsYOvIUoZhNzoaOML0RC6DBrPLFhZQ+w ZiMUPRByR17sX37uuy8fBRph62tvU2a+mON1AuozW0dZvdjPNnxXYsIdHbOkS1CK XSQWlHVkBar/gUoHbN8AEkBTFl90FQI1y5sTVJqYpEb/ciy8gL5Eo1ZuhM2/RDPN mncB1Pe8H0kBDxzOGcdwppk4+qj2jEPKRm3KhivO+Jwq0bpgmprMecWsUrvGxojL N+kPcPSW14JIeZOWhSrf706fAUSmQQOTxkuXD1mfpxlkW/gVUwAiI4Vceo8i6f/1 uQ86g7oJlYaqz5g3cqAOxT4+uwgp1UEtBbsb2rq0K848IYFlK5fVFTkjxl06iGKF NvTUCdXdLmXNP3nYZu2lo67owCqsROOrA5oh83cCf6s5zMqAd7eErUeeWi25fooK YI5CP5YLP/h51SS8P0fGXq7DoSGPJEb3ZLBd4FP82X/d0LE+lrKgcLLNKPMY1jOT Lu3dwlit/2KWwnjeR2f3 =OaRE -----END PGP SIGNATURE----- _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 14.10.2015 23:21, Michael Gebis wrote:
So we are in the position of having to use "foreground = true".
Maybe I could add "foreground = quiet", or a new option to control logging to stderr. What do you think?
Mike
Michal,
A "foreground = quiet" option sounds great!
Michael
On Thu, Oct 15, 2015 at 12:39 AM, Michal Trojnara Michal.Trojnara@mirt.net wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 14.10.2015 23:21, Michael Gebis wrote:
So we are in the position of having to use "foreground = true".
Maybe I could add "foreground = quiet", or a new option to control logging to stderr. What do you think?
Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCAAGBQJWH1gjAAoJEC78f/DUFuAUlr8P/3/BSMVFQ/b7nC7sMh3n8La4 9YFhQ1idcmjrVSBXKcpVl4MPSICRZCmE1Ra+R7nQr9NWG8Xy6+3myfiPbiqYPdsz HinuSErsXcqrmozk/jLDguhEfPOS/4b2OaQBZoce33JnWPUFhvONr1hKg9HjzTOW OkOUUXXttFQY7CF8amIy50hzVDFed5eqZbECUCOUC30azvGILsgYcXYFuI2QSEU/ rhoGQ9YFCg+ntCjDNfHwsl7k+6ssqCmhaiRT8in9yu5Jz5VnWAJHFsaT9tanda7R S9IdLbEshWPMaIuvlf3Ad2N2aY2WGCWqzFHoFeD9S/rRMiZpsYbnk9awG1B66RiB eGCZNzxmVMi62qpXR3YSvPeGQHUfKBF2SQ2kanmMK+9fRSQebQzbiS/ygHpMYWq6 m5zZL0/sPjWY7OeC+SDRsa8HXkJtZNyIaFIiEonP4La6JU1qZXVQUXhPGh6hnR+S 7qT9FhgvkddCYqXWmMspSetP8oelQk4K+Tks8RRDVCJWysjHTEUlWDyWy4KsLOVX 7tZ8huMV5tAhKfHuhYNslg1tSyxTHfgWp1jtPCUc33SAVGHIqEwCaIAtpNiVDY/w IEWsc6wvzbbzHq2DVlvNMdIn6cP3vJ6Uk41t0ak3tHujT/mFIkgYTBqgYfSJnKnn RRVuKQXrIYrvqNZOS9RV =+6zt -----END PGP SIGNATURE----- _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Michael,
I've included this feature in stunnel-5.25b5. Feel free to test it.
Best regards, Mike
On 15.10.2015 21:51, Michael Gebis wrote:
Michal,
A "foreground = quiet" option sounds great!
Michael
On Thu, Oct 15, 2015 at 12:39 AM, Michal Trojnara Michal.Trojnara@mirt.net wrote: On 14.10.2015 23:21, Michael Gebis wrote:
So we are in the position of having to use "foreground = true".
Maybe I could add "foreground = quiet", or a new option to control logging to stderr. What do you think?
Mike
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
-
Casper Thomsen -
Michael Gebis -
Michal Trojnara