Watchdog—The Linux Software Daemon
Starting with version 1.3.51 the Linux kernel provides a watchdog driver. Not only does it take care of hardware watchdogs, but it also implements a software watchdog. It was created by Alan Cox, email@example.com, and modularized by Angelo Haritsis, firstname.lastname@example.org.
The Linux software watchdog is a timer that continuously counts down from a specified start value. Once it reaches zero a function named “watchdog_fire” is called that logs the event and initiates a hard reset. A watchdog daemon is therefore needed to refresh the timer. As long as the daemon is present the timer will never fire, but if the daemon stops working for some reason, the timer will fire and reboot the machine. However, with no additional hardware, the watchdog is not able to recover from every possible hang up. For instance, if the interrupt system itself hangs up, the software watchdog is no cure at all.
At start-up, the daemon opens the watchdog device (a character device with major number 10 and minor number 130) starting the watchdog process—an infinite loop in which the daemon alternately writes to the watchdog device to refresh the timer, then sleeps for 10 seconds. If the daemon is killed, the device file is closed, and the timer is disabled again.
Initially, I compiled the example given by Alan Cox in the source tree to be able to start, refresh and stop the software watchdog daemon. Since I always run the latest kernel and libc release and rely on the machine to be up and running for e-mail, even this simple version proved very useful for me.
As time went by, more features were added. First, WATCHDOG became a real daemon in that it automatically forks as a background process, tucking its process ID away. Then, since WATCHDOG is performing a critical job, logging to the standard syslog facility was implemented, as well as some user-friendly options:
Logging is done in verbose mode each time the process awakes.
The sleep interval can be set from the command line.
The file system is synchronized every time the process updates the timer.
The watchdog device name can be chosen on the command line.
This rudimentary version was then released as a Debian package to give more people the chance to use, and thereby, test it. The next step was to implement some enhancements, namely the ability to test the accessibility of a user-named file every time the process is awake. This ability allows WATCHDOG to catch problems with machines mounting most or all of their directory tree via NFS or similar means of remote file systems—this connection can hang despite the local machine functioning correctly. Since this hangup can cause huge problems, the WATCHDOG daemon tries to access one file on this mount every time it awakes. If the connection is down, it will not be able to refresh the timer, and the system will be rebooted. WATCHDOG can be instructed to initiate a soft-boot instead of the normal hard reset when any call returns an error message.
At this point in the development of WATCHDOG, I released the daemon as version 1.0 to all Debian archives and to tsx-11.mit.edu.
With more people using WATCHDOG some problems have been encountered and fixed, and I began working on the one problem that still worried me. From time to time the process table got so full that no more processes could be started, so I changed WATCHDOG to check the process table every time it is awake. If the table is full, the system is rebooted. Doing a hard reset in this case seemed a bad idea, so instead, WATCHDOG initiates a complete shutdown. This action also posed a problem, since the process table might stay full despite WATCHDOG's attempt to kill all processes. For example, it is not possible to start the shutdown binary when the process table is not empty. To take care of this situation WATCHDOG contains code for the complete shutdown process, including the following actions:
idles init, so nothing new can be started,
kills all processes,
writes a reboot record to wtmp,
turns off accounting,
turns off quota,
turns off swap,
unmounts all mounted partitions,
With this feature working correctly, version 2.0 was released on July 30, 1996 to tsx-11.mit.edu and every Debian mirror.
Of course, there are more ideas that need implementation. If anyone is in need of a check different from those described in this article, please write me at email@example.com.
Michael Meskes made first contact with Linux while working on his doctoral thesis. He has been involved in testing and bug fixing the kernel and the C library since 1994. Since 1995 he has maintained several packages for Debian GNU/Linux. He likes professional football, in particular, the San Francisco 49ers. He welcomes your comments sent to firstname.lastname@example.org.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- BitTorrent Inc.'s Sync
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- New Container Image Standard Promises More Portable Apps
- The Humble Hacker?
- The Death of RoboVM
- The US Government and Open-Source Software
- Open-Source Project Secretly Funded by CIA
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- Varnish Software's Hitch
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide