© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
I see your point Simon, and I agree thats what I expect too. I think a case can be made that sometimes "failing safe" means doing something non-intuitive, though in doing something like that, there has to be a good reason.
There is no pre-restart stanza, and upon looking at upstart's code, it simply changes the "goal" state of the job to STOP, then to START, so this makes sense, though it could be added, it would not be a simple, natural hook like the pre-stop and pre-start.
About the only way I can think of to retain the expected behavior of always stopping (which I think is important) and avoid silently disappearing (even falsely returning 0 on initctl restart) is to simply warn via the console, when stopping with a broken config, and then fail in pre-start with the -t check.
Unfortunately, there is some resistance to using 'output console', which is currently the only way for upstart jobs to communicate with the user other than daemon.log, which is pretty far removed from a sysadmin in crisis mode trying to fix their ssh service.
I'm having some trouble even getting restart to work if there are any pre-stop scripts, so I will continue to look into this.