如何让脚本在linux中一直运行? [英] How to keep a script running all the time in linux?
问题描述
我试图一直运行一个简单的python脚本。我希望它在启动时自动启动,并能够从故障中恢复。也就是说,如果有一个失败导致脚本停止,我不在乎,只是希望它再次开始运行。如果整个设备重新启动,我可以。
我刚刚测试了一个工作脚本使用init.d ,但不知道如何从失败中恢复?有一个cronjob检查pid的存在?
我也想检查完整性。也就是说,我想确保脚本不会被其他进程意外修改。我听说过根据已知的值检查脚本的CRC32,但不知道如何获取任何类型的md5正在执行的文件。
这是一个超级简单的python脚本btw(一个文件,〜20lines)。我不知道是否真的改变了任何东西。
Ghost博客平台安装说明 [license:CC-BY-3.0]有一节介绍如何使用 supervisord 部署nodejs脚本(运行博客),以便它会在失败和系统重新启动时重新启动。
主管( http:// supervisord。 org / )流行的Linux发行版 - 例如Fedora,Debian和Ubuntu的
- 为Supervisor维护一个软件包:A
过程控制系统,允许您在启动时运行Ghost
而不使用init脚本。与init脚本不同,Supervisor是在Linux发行版和版本之间移植的
。
根据您的Linux发行版的需要安装Supervisor。通常,
这将是:
Debian / Ubuntu:apt-get安装主管
Fedora :yum install supervisor
大多数其他发行版本:easy_install supervisor
通过运行$ b确保Supervisor正在运行$ b
服务主管启动
创建Ghost安装的启动脚本。通常,这将
在
/etc/supervisor/conf.d/ghost.conf
例如:
[program:ghost]
command = node /path/to/ghost/index.js
directory = / path / to / ghost
user = ghost
autostart = true
autorestart = true
stdout_logfile = /var/log/supervisor/ghost.log
stderr_logfile = /var/log/supervisor/ghost_err.log
environment = NODE_ENV =production
$ b b
要停止Ghost:supervisorctl stop ghost
确定,如果您的脚本名为 myscript.py
,并且属于用户 snake
/ home / snake
),应适当设置用户(我们假设您希望以用户蛇运行) autos保持不变,并且日志文件应该重命名。 环境设置脚本所需的任何ENV变量。
- 如上所述安装supervisord,但不要使用它们。设置ghost的任何内容
- 而是创建
/etc/supervisor/conf.d/myscript
,如下所示: - supervisorctl start myscript
/etc/supervisor/conf.d/myscript
[program:myscript]
command = python /home/snake/myscript.py
directory = / home / snake
user = snake
autostart = true
autorestart = true
stdout_logfile = /var/log/supervisor/myscript.log
stderr_logfile = /var/log/supervisor/myscript_err.log
应该正在运行,即使重新启动也会重新启动。
关于您的安全问题,这是有问题的。如果假设攻击者对包含脚本的文件系统具有读/写访问权限,则他们还可以更改安全散列。公钥签名是一个更好一点,因为攻击者不知道什么改变签名,因为他缺乏私钥。但是,再一次,攻击者可以简单地重写测试签名的代码并绕过它,或者替换脚本以在验证后运行脚本,从而总是运行其他命令。
I'm trying to run a simple python script all the time. I want it to start automatically on bootup and be able to recover from failures. That is, if there is a failure that causes the script to stop, I don't really care and just want it to start running again. I'm OK if the whole device restarts.
I just tested a working script using init.d, but am not sure how to recover from a failure? Have a cronjob check for the existence of a pid?
I'd also like to check for integrity. That is, I'd like to make sure the script was not modified accidentally by some other process. I've heard of checking a CRC32 of the script against a known value but am not sure how to get any kind of md5 on a file that's being executed.
This is a super simple python script btw (one file, ~20lines). I'm not sure if that really changes anything.
The Ghost blogging platform installation instructions [license: CC-BY-3.0] has a section showing how to use supervisord to deploy a nodejs script (which runs the blog) so that it will restart when it fails and on system reboot.
Supervisor (http://supervisord.org/) Popular Linux distributions—such as Fedora, Debian, and Ubuntu—maintain a package for Supervisor: A process control system which allows you to run Ghost at startup without using init scripts. Unlike an init script, Supervisor is portable between Linux distributions and versions.
Install Supervisor as required for your Linux distribution. Typically, this will be:
Debian/Ubuntu: apt-get install supervisor
Fedora: yum install supervisor
Most other distributions: easy_install supervisor
Ensure that Supervisor is running, by running
service supervisor start
Create the startup script for your Ghost installation. Typically this will go in/etc/supervisor/conf.d/ghost.conf
For example:
[program:ghost]
command = node /path/to/ghost/index.js
directory = /path/to/ghost
user = ghost
autostart = true
autorestart = true
stdout_logfile = /var/log/supervisor/ghost.log
stderr_logfile = /var/log/supervisor/ghost_err.log
environment = NODE_ENV="production"
Start Ghost using Supervisor: supervisorctl start ghost
To stop Ghost: supervisorctl stop ghost
OK, so if your script is called myscript.py
and it belongs to user snake and lives in /home/snake
.
Then the command should be python /home/snake/myscript.py
, the directory should be wherever you want to run this (we'll assume this is /home/snake
), the user should be set appropriately (we'll assume you want to run as user snake), the autos stay the same, and the logfiles should be renamed.
The environment sets any ENV variables that are needed by the script. Typically you won't need any unless you are using them to control aspects of your script.
- Install supervisord as above, but don't set up anything for ghost
- Instead, Create
/etc/supervisor/conf.d/myscript
as follows: - supervisorctl start myscript
/etc/supervisor/conf.d/myscript
[program:myscript]
command = python /home/snake/myscript.py
directory = /home/snake
user = snake
autostart = true
autorestart = true
stdout_logfile = /var/log/supervisor/myscript.log
stderr_logfile = /var/log/supervisor/myscript_err.log
Should be running, and will restart even on reboot.
Regarding your security question, this is problematic. If you assume an attacker has read/write access to the file system containing the script, they can also change the security hash. Public key signatures are a little better, because the attacker won't know what to change the signature to as he lacks the private key. But once again, the attacker might simply rewrite the code that tests the signature and bypass it or replace the script to run a script after verification to run some other command always.
这篇关于如何让脚本在linux中一直运行?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!