Supervisor

------------------

- 3.0a3 broke Python 2.3 backwards compatibility.

- On Debian Sarge, one user reported that a call to
options.mktempfile would fail with an "[Errno 9] Bad file
descriptor" at supervisord startup time. I was unable to
reproduce this, but we found a workaround that seemed to work for
him and it's included in this release. See
http://www.plope.com/software/collector/252 for more information.
Thanks to William Dode.

- The fault ``ALREADY_TERMINATED`` has been removed. It was only raised by
supervisor.sendProcessStdin(). That method now returns ``NOT_RUNNING``
for parity with the other methods. (Mike Naberezny)

- The fault TIMED_OUT has been removed. It was not used.

- Supervisor now depends on meld3 0.6.4, which does not compile its
C extensions by default, so there is no more need to faff around
with NO_MELD3_EXTENSION_MODULES during installation if you don't
have a C compiler or the Python development libraries on your
system.

- Instead of making a user root around for the sample.conf file,
provide a convenience command "echo_supervisord_conf", which he can
use to echo the sample.conf to his terminal (and redirect to a file
appropriately). This is a new user convenience (especially one who
has no Python experience).

- Added ``numprocs_start`` config option to ``[program:x]`` and
``[eventlistener:x]`` sections. This is an offset used to compute
the first integer that ``numprocs`` will begin to start from.
Contributed by Antonio Beamud Montero.

- Added capability for ``[include]`` config section to config format.
This section must contain a single key "files", which must name a
space-separated list of file globs that will be included in
supervisor's configuration. Contributed by Ian Bicking.

- Invoking the ``reload`` supervisorctl command could trigger a bug in
supervisord which caused it to crash. See
http://www.plope.com/software/collector/253 . Thanks to William Dode for
a bug report.

- The ``pidproxy`` script was made into a console script.

- The ``password`` value in both the ``[inet_http_server]`` and
``[unix_http_server]`` sections can now optionally be specified as a SHA
hexdigest instead of as cleartext. Values prefixed with ``{SHA}`` will be
considered SHA hex digests. To encrypt a password to a form suitable for
pasting into the configuration file using Python, do, e.g.::

>>> import sha
>>> '{SHA}' + sha.new('thepassword').hexdigest()
'{SHA}82ab876d1387bfafe46cc1c8a2ef074eae50cb1d'

- The subtypes of the events PROCESS_STATE_CHANGE (and
PROCESS_STATE_CHANGE itself) have been removed, replaced with a
simpler set of PROCESS_STATE subscribable event types.

The new event types are:

PROCESS_STATE_STOPPED
PROCESS_STATE_EXITED
PROCESS_STATE_STARTING
PROCESS_STATE_STOPPING
PROCESS_STATE_BACKOFF
PROCESS_STATE_FATAL
PROCESS_STATE_RUNNING
PROCESS_STATE_UNKNOWN
PROCESS_STATE abstract

PROCESS_STATE_STARTING replaces:

PROCESS_STATE_CHANGE_STARTING_FROM_STOPPED
PROCESS_STATE_CHANGE_STARTING_FROM_BACKOFF
PROCESS_STATE_CHANGE_STARTING_FROM_EXITED
PROCESS_STATE_CHANGE_STARTING_FROM_FATAL

PROCESS_STATE_RUNNING replaces
PROCESS_STATE_CHANGE_RUNNING_FROM_STARTED

PROCESS_STATE_BACKOFF replaces
PROCESS_STATE_CHANGE_BACKOFF_FROM_STARTING

PROCESS_STATE_STOPPING replaces:

PROCESS_STATE_CHANGE_STOPPING_FROM_RUNNING
PROCESS_STATE_CHANGE_STOPPING_FROM_STARTING

PROCESS_STATE_EXITED replaces
PROCESS_STATE_CHANGE_EXITED_FROM_RUNNING

PROCESS_STATE_STOPPED replaces
PROCESS_STATE_CHANGE_STOPPED_FROM_STOPPING

PROCESS_STATE_FATAL replaces
PROCESS_STATE_CHANGE_FATAL_FROM_BACKOFF

PROCESS_STATE_UNKNOWN replaces PROCESS_STATE_CHANGE_TO_UNKNOWN

PROCESS_STATE replaces PROCESS_STATE_CHANGE

The PROCESS_STATE_CHANGE_EXITED_OR_STOPPED abstract event is gone.

All process state changes have at least "processname",
"groupname", and "from_state" (the name of the previous state) in
their serializations.

PROCESS_STATE_EXITED additionally has "expected" (1 or 0) and "pid"
(the process id) in its serialization.

PROCESS_STATE_RUNNING, PROCESS_STATE_STOPPING,
PROCESS_STATE_STOPPED additionally have "pid" in their
serializations.

PROCESS_STATE_STARTING and PROCESS_STATE_BACKOFF have "tries" in
their serialization (initially "0", bumped +1 each time a start
retry happens).

- Remove documentation from README.txt, point people to
http://supervisord.org/manual/ .

- The eventlistener request/response protocol has changed. OK/FAIL
must now be wrapped in a RESULT envelope so we can use it for more
specialized communications.

Previously, to signify success, an event listener would write the string
``OK\n`` to its stdout. To signify that the event was seen but couldn't
be handled by the listener and should be rebuffered, an event listener
would write the string ``FAIL\n`` to its stdout.

In the new protocol, the listener must write the string::

RESULT {resultlen}\n{result}

For example, to signify OK::

RESULT 2\nOK

To signify FAIL::

RESULT 4\nFAIL

See the scripts/sample_eventlistener.py script for an example.

- To provide a hook point for custom results returned from event
handlers (see above) the [eventlistener:x] configuration sections
now accept a "result_handler=" parameter,
e.g. "result_handler=supervisor.dispatchers:default_handler" (the
default) or "handler=mypackage:myhandler". The keys are pkgutil
"entry point" specifications (importable Python function names).
Result handlers must be callables which accept two arguments: one
named "event" which represents the event, and the other named
"result", which represents the listener's result. A result
handler either executes successfully or raises an exception. If
it raises a supervisor.dispatchers.RejectEvent exception, the
event will be rebuffered, and the eventhandler will be placed back
into the ACKNOWLEDGED state. If it raises any other exception,
the event handler will be placed in the UNKNOWN state. If it does
not raise any exception, the event is considered successfully
processed. A result handler's return value is ignored. Writing a
result handler is a "in case of emergency break glass" sort of
thing, it is not something to be used for arbitrary business code.
In particular, handlers *must not block* for any appreciable
amount of time.

The standard eventlistener result handler
(supervisor.dispatchers:default_handler) does nothing if it receives an
"OK" and will raise a supervisor.dispatchers.RejectEvent exception if it
receives any other value.

- Supervisord now emits TICK events, which happen every N seconds.
Three types of TICK events are available: TICK_5 (every five
seconds), TICK_60 (every minute), TICK_3600 (every hour). Event
listeners may subscribe to one of these types of events to perform
every-so-often processing. TICK events are subtypes of the EVENT
type.

- Get rid of OSX platform-specific memory monitor and replace with
memmon.py, which works on both Linux and Mac OS. This script is
now a console script named "memmon".

- Allow "web handler" (the handler which receives http requests from
browsers visiting the web UI of supervisor) to deal with POST requests.

- RPC interface methods stopProcess(), stopProcessGroup(), and
stopAllProcesses() now take an optional "wait" argument that defaults
to True for parity with the start methods.

------------------

- Supervisorctl now reports a better error message when the main supervisor
XML-RPC namespace is not registered. Thanks to Mike Orr for reporting
this. (Mike Naberezny)

- Create ``scripts`` directory within supervisor package, move
``pidproxy.py`` there, and place sample event listener and comm event
programs within the directory.

- When an event notification is buffered (either because a listener rejected
it or because all listeners were busy when we attempted to send it
originally), we now rebuffer it in a way that will result in it being
retried earlier than it used to be.

- When a listener process exits (unexpectedly) before transitioning from the
BUSY state, rebuffer the event that was being processed.

- supervisorctl ``tail`` command now accepts a trailing specifier: ``stderr``
or ``stdout``, which respectively, allow a user to tail the stderr or
stdout of the named process. When this specifier is not provided, tail
defaults to stdout.

- supervisor ``clear`` command now clears both stderr and stdout logs for the
given process.

- When a process encounters a spawn error as a result of a failed execve or
when it cannot setuid to a given uid, it now puts this info into the
process' stderr log rather than its stdout log.

- The event listener protocol header now contains the ``server`` identifier,
the ``pool`` that the event emanated from, and the ``poolserial`` as well
as the values it previously contained (version, event name, serial, and
length). The server identifier is taken from the config file options value
``identifier``, the ``pool`` value is the name of the listener pool that
this event emanates from, and the ``poolserial`` is a serial number
assigned to the event local to the pool that is processing it.

- The event listener protocol header is now a sequence of key-value
pairs rather than a list of positional values. Previously, a
representative header looked like::

SUPERVISOR3.0 PROCESS_COMMUNICATION_STDOUT 30 22\n

Now it looks like::

ver:3.0 server:supervisor serial:21 ...

- Specific event payload serializations have changed. All event
types that deal with processes now include the pid of the process
that the event is describing. In event serialization "header"
values, we've removed the space between the header name and the
value and headers are now separated by a space instead of a line
feed. The names of keys in all event types have had underscores
removed.

- Abandon the use of the Python stdlib ``logging`` module for speed
and cleanliness purposes. We've rolled our own.

- Fix crash on start if AUTO logging is used with a max_bytes of
zero for a process.

- Improve process communication event performance.

- The process config parameters ``stdout_capturefile`` and
``stderr_capturefile`` are no longer valid. They have been replaced with
the ``stdout_capture_maxbytes`` and ``stderr_capture_maxbytes`` parameters,
which are meant to be suffix-multiplied integers. They both default to
zero. When they are zero, process communication event capturing is not
performed. When either is nonzero, the value represents the maximum number
of bytes that will be captured between process event start and end tags.
This change was to support the fact that we no longer keep capture data in
a separate file, we just use a FIFO in RAM to maintain capture info. For
users whom don't care about process communication events, or whom haven't
changed the defaults for ``stdout_capturefile`` or ``stderr_capturefile``,
they needn't do anything to their configurations to deal with this change.

- Log message levels have been normalized. In particular, process
stdin/stdout is now logged at ``debug`` level rather than at ``trace``
level (``trace`` level is now reserved for output useful typically for
debugging supervisor itself). See "Supervisor Log Levels" in the
documentation for more info.

- When an event is rebuffered (because all listeners are busy or a
listener rejected the event), the rebuffered event is now inserted
in the head of the listener event queue. This doesn't guarantee
event emission in natural ordering, because if a listener rejects
an event or dies while it's processing an event, it can take an
arbitrary amount of time for the event to be rebuffered, and other
events may be processed in the meantime. But if pool listeners
never reject an event or don't die while processing an event, this
guarantees that events will be emitted in the order that they were
received because if all listeners are busy, the rebuffered event
will be tried again "first" on the next go-around.

- Removed EVENT_BUFFER_OVERFLOW event type.

- The supervisorctl xmlrpc proxy can now communicate with
supervisord using a persistent HTTP connection.

- A new module "supervisor.childutils" was added. This module
provides utilities for Python scripts which act as children of
supervisord. Most notably, it contains an API method
"getRPCInterface" allows you to obtain an xmlrpclib ServerProxy
that is willing to communicate with the parent supervisor. It
also contains utility functions that allow for parsing of
supervisor event listener protocol headers. A pair of scripts
(loop_eventgen.py and loop_listener.py) were added to the script
directory that serve as examples about how to use the childutils
module.

- A new envvar is added to child process environments:
SUPERVISOR_SERVER_URL. This contains the server URL for the
supervisord running the child.

- An ``OK`` URL was added at ``/ok.html`` which just returns the string
``OK`` (can be used for up checks or speed checks via plain-old-HTTP).

- An additional command-line option ``--profile_options`` is accepted
by the supervisord script for developer use::

supervisord -n -c sample.conf --profile_options=cumulative,calls

The values are sort_stats options that can be passed to the
standard Python profiler's PStats sort_stats method.

When you exit supervisor, it will print Python profiling output to
stdout.

- If cElementTree is installed in the Python used to invoke
supervisor, an alternate (faster, by about 2X) XML parser will be
used to parse XML-RPC request bodies. cElementTree was added as
an "extras_require" option in setup.py.

- Added the ability to start, stop, and restart process groups to
supervisorctl. To start a group, use ``start groupname:*``. To start
multiple groups, use ``start groupname1:* groupname2:*``. Equivalent
commands work for "stop" and "restart". You can mix and match short
processnames, fully-specified group:process names, and groupsplats on the
same line for any of these commands.

- Added ``directory`` option to process config. If you set this
option, supervisor will chdir to this directory before executing
the child program (and thus it will be the child's cwd).

- Added ``umask`` option to process config. If you set this option,
supervisor will set the umask of the child program. (Thanks to
Ian Bicking for the suggestion).

- A pair of scripts ``osx_memmon_eventgen.py`` and `osx_memmon_listener.py``
have been added to the scripts directory. If they are used together as
described in their comments, processes which are consuming "too much"
memory will be restarted. The ``eventgen`` script only works on OSX (my
main development platform) but it should be trivially generalizable to
other operating systems.

- The long form ``--configuration`` (-c) command line option for
supervisord was broken. Reported by Mike Orr. (Mike Naberezny)

- New log level: BLAT (blather). We log all
supervisor-internal-related debugging info here. Thanks to Mike
Orr for the suggestion.

- We now allow supervisor to listen on both a UNIX domain socket and an inet
socket instead of making them mutually exclusive. As a result, the options
"http_port", "http_username", "http_password", "sockchmod" and "sockchown"
are no longer part of the ``[supervisord]`` section configuration. These
have been supplanted by two other sections: ``[unix_http_server]`` and
``[inet_http_server]``. You'll need to insert one or the other (depending
on whether you want to listen on a UNIX domain socket or a TCP socket
respectively) or both into your supervisord.conf file. These sections have
their own options (where applicable) for port, username, password, chmod,
and chown. See README.txt for more information about these sections.

- All supervisord command-line options related to "http_port",
"http_username", "http_password", "sockchmod" and "sockchown" have
been removed (see above point for rationale).

- The option that *used* to be ``sockchown`` within the ``[supervisord]``
section (and is now named ``chown`` within the ``[unix_http_server]``
section) used to accept a dot-separated user.group value. The separator
now must be a colon ":", e.g. "user:group". Unices allow for dots in
usernames, so this change is a bugfix. Thanks to Ian Bicking for the bug
report.

- If a '-c' option is not specified on the command line, both supervisord and
supervisorctl will search for one in the paths ``./supervisord.conf`` ,
``./etc/supervisord.conf`` (relative to the current working dir when
supervisord or supervisorctl is invoked) or in ``/etc/supervisord.conf``
(the old default path). These paths are searched in order, and supervisord
and supervisorctl will use the first one found. If none are found,
supervisor will fail to start.

- The Python string expression ``%(here)s`` (referring to the directory in
which the configuration file was found) can be used within the
following sections/options within the config file::

unix_http_server:file
supervisor:directory
supervisor:logfile
supervisor:pidfile
supervisor:childlogdir
supervisor:environment
program:environment
program:stdout_logfile
program:stderr_logfile
program:process_name
program:command

- The ``--environment`` aka ``-b`` option was removed from the list of
available command-line switches to supervisord (use "A=1 B=2
bin/supervisord" instead).

- If the socket filename (the tail-end of the unix:// URL) was
longer than 64 characters, supervisorctl would fail with an
encoding error at startup.

- The ``identifier`` command-line argument was not functional.

- Fixed http://www.plope.com/software/collector/215 (bad error
message in supervisorctl when program command not found on PATH).

- Some child processes may not have been shut down properly at
supervisor shutdown time.

- Move to ZPL-derived (but not ZPL) license available from
http://www.repoze.org/LICENSE.txt; it's slightly less restrictive
than the ZPL (no servicemark clause).

- Spurious errors related to unclosed files ("bad file descriptor",
typically) were evident at supervisord "reload" time (when using
the "reload" command from supervisorctl).

- We no longer bundle ez_setup to bootstrap setuptools installation.

------------------

- Fixed the README.txt example for defining the supervisor RPC
interface in the configuration file. Thanks to Drew Perttula.

- Fixed a bug where process communication events would not have the
proper payload if the payload data was very short.

- when supervisord attempted to kill a process with SIGKILL after
the process was not killed within "stopwaitsecs" using a "normal"
kill signal, supervisord would crash with an improper
AssertionError. Thanks to Calvin Hendryx-Parker.

- On Linux, Supervisor would consume too much CPU in an effective
"busywait" between the time a subprocess exited and the time at
which supervisor was notified of its exit status. Thanks to Drew
Perttula.

- RPC interface behavior change: if the RPC method
"sendProcessStdin" is called against a process that has closed its
stdin file descriptor (e.g. it has done the equivalent of
"sys.stdin.close(); os.close(0)"), we return a NO_FILE fault
instead of accepting the data.

- Changed the semantics of the process configuration ``autorestart``
parameter with respect to processes which move between the RUNNING and
EXITED state. ``autorestart`` was previously a boolean. Now it's a
trinary, accepting one of ``false``, ``unexpected``, or ``true``. If it's
``false``, a process will never be automatically restarted from the EXITED
state. If it's ``unexpected``, a process that enters the EXITED state will
be automatically restarted if it exited with an exit code that was not
named in the process config's ``exitcodes`` list. If it's ``true``, a
process that enters the EXITED state will be automatically restarted
unconditionally. The default is now ``unexpected`` (it was previously
``true``). The readdition of this feature is a reversion of the behavior
change note in the changelog notes for 3.0a1 that asserted we never cared
about the process' exit status when determining whether to restart it or
not.

- setup.py develop (and presumably setup.py install) would fail under Python
2.3.3, because setuptools attempted to import ``splituser`` from urllib2,
and it didn't exist.

- It's now possible to use ``setup.py install`` and ``setup.py develop`` on
systems which do not have a C compiler if you set the environment variable
"NO_MELD3_EXTENSION_MODULES=1" in the shell in which you invoke these
commands (versions of meld3 > 0.6.1 respect this envvar and do not try to
compile optional C extensions when it's set).

- The test suite would fail on Python versions <= 2.3.3 because
the "assertTrue" and "assertFalse" methods of unittest.TestCase
didn't exist in those versions.

- The ``supervisorctl`` and ``supervisord`` wrapper scripts were disused in
favor of using setuptools' ``console_scripts`` entry point settings.

- Documentation files and the sample configuration file are put into
the generated supervisor egg's ``doc`` directory.

- Using the web interface would cause fairly dramatic memory
leakage. We now require a version of meld3 that does not appear
to leak memory from its C extensions (0.6.3).

------------------

- Default config file comment documented 10 secs as default for ``startsecs``
value in process config, in reality it was 1 sec. Thanks to Christoph
Zwerschke.

- Make note of subprocess environment behavior in README.txt.
Thanks to Christoph Zwerschke.

- New "strip_ansi" config file option attempts to strip ANSI escape
sequences from logs for smaller/more readable logs (submitted by
Mike Naberezny).

- The XML-RPC method supervisor.getVersion() has been renamed for
clarity to supervisor.getAPIVersion(). The old name is aliased
for compatibility but is deprecated and will be removed in a
future version (Mike Naberezny).

- Improved web interface styling (Mike Naberezny, Derek DeVries)

- The XML-RPC method supervisor.startProcess() now checks that
the file exists and is executable (Mike Naberezny).

- Two environment variables, "SUPERVISOR_PROCESS_NAME" and
"SUPERVISOR_PROCESS_GROUP" are set in the environment of child
processes, representing the name of the process and group in
supervisor's configuration.

- Process state map change: a process may now move directly from the
STARTING state to the STOPPING state (as a result of a stop
request).

- Behavior change: if ``autorestart`` is true, even if a process exits with
an "expected" exit code, it will still be restarted. In the immediately
prior release of supervisor, this was true anyway, and no one complained,
so we're going to consider that the "officially correct" behavior from now
on.

- Supervisor now logs subprocess stdout and stderr independently.
The old program config keys "logfile", "logfile_backups" and
"logfile_maxbytes" are superseded by "stdout_logfile",
"stdout_logfile_backups", and "stdout_logfile_maxbytes". Added
keys include "stderr_logfile", "stderr_logfile_backups", and
"stderr_logfile_maxbytes". An additional "redirect_stderr" key is
used to cause program stderr output to be sent to its stdout
channel. The keys "log_stderr" and "log_stdout" have been
removed.

- ``[program:x]`` config file sections now represent "homogeneous process
groups" instead of single processes. A "numprocs" key in the section
represents the number of processes that are in the group. A "process_name"
key in the section allows composition of the each process' name within the
homogeneous group.

- A new kind of config file section, ``[group:x]`` now exists, allowing users
to group heterogeneous processes together into a process group that can be
controlled as a unit from a client.

- Supervisord now emits "events" at certain points in its normal
operation. These events include supervisor state change events,
process state change events, and "process communication events".

- A new kind of config file section ``[eventlistener:x]`` now exists. Each
section represents an "event listener pool", which is a special kind of
homogeneous process group. Each process in the pool is meant to receive
supervisor "events" via its stdin and perform some notification (e.g. send
a mail, log, make an http request, etc.)

- Supervisord can now capture data between special tokens in
subprocess stdout/stderr output and emit a "process communications
event" as a result.

- Supervisor's XML-RPC interface may be extended arbitrarily by programmers.
Additional top-level namespace XML-RPC interfaces can be added using the
``[rpcinterface:foo]`` declaration in the configuration file.

- New ``supervisor``-namespace XML-RPC methods have been added:
getAPIVersion (returns the XML-RPC API version, the older
"getVersion" is now deprecated), "startProcessGroup" (starts all
processes in a supervisor process group), "stopProcessGroup"
(stops all processes in a supervisor process group), and
"sendProcessStdin" (sends data to a process' stdin file
descriptor).

- ``supervisor``-namespace XML-RPC methods which previously accepted
ony a process name as "name" (startProcess, stopProcess,
getProcessInfo, readProcessLog, tailProcessLog, and
clearProcessLog) now accept a "name" which may contain both the
process name and the process group name in the form
``groupname:procname``. For backwards compatibility purposes,
"simple" names will also be accepted but will be expanded
internally (e.g. if "foo" is sent as a name, it will be expanded
to "foo:foo", representing the foo process within the foo process
group).

- 2.X versions of supervisorctl will work against supervisor 3.0
servers in a degraded fashion, but 3.X versions of supervisorctl
will not work at all against supervisor 2.X servers.

------------------

- Individual program configuration sections can now specify an
environment.

- Added a 'version' command to supervisorctl. This returns the
version of the supervisor2 package which the remote supervisord
process is using.

----------------

- When supervisord was invoked more than once, and its configuration
was set up to use a UNIX domain socket as the HTTP server, the
socket file would be erased in error. The symptom of this was
that a subsequent invocation of supervisorctl could not find the
socket file, so the process could not be controlled (it and all of
its subprocesses would need to be killed by hand).

- Close subprocess file descriptors properly when a subprocess exits
or otherwise dies. This should result in fewer "too many open
files to spawn foo" messages when supervisor is left up for long
periods of time.

- When a process was not killable with a "normal" signal at shutdown
time, too many "INFO: waiting for x to die" messages would be sent
to the log until we ended up killing the process with a SIGKILL.
Now a maximum of one every three seconds is sent up until SIGKILL
time. Thanks to Ian Bicking.

- Add an assertion: we never want to try to marshal None to XML-RPC
callers. Issue 223 in the collector from vgatto indicates that
somehow a supervisor XML-RPC method is returning None (which
should never happen), but I cannot identify how. Maybe the
assertion will give us more clues if it happens again.

- Supervisor would crash when run under Python 2.5 because the
xmlrpclib.Transport class in Python 2.5 changed in a
backward-incompatible way. Thanks to Eric Westra for the bug
report and a fix.

- Tests now pass under Python 2.5.

- Better supervisorctl reporting on stop requests that have a FAILED
status.

- Removed duplicated code (readLog/readMainLog), thanks to Mike
Naberezny.

- Added tailProcessLog command to the XML-RPC API. It provides a
more efficient way to tail logs than readProcessLog(). Use
readProcessLog() to read chunks and tailProcessLog() to tail.
(thanks to Mike Naberezny).