[Zeek-Dev] Zeek Supervisor Command-Line Client
Jon Siwek
jsiwek at corelight.com
Thu Jun 18 13:00:44 PDT 2020
On Thu, Jun 18, 2020 at 12:11 AM Robin Sommer <robin at corelight.com> wrote:
> For (1), the above applies: we'll rely on standard sysadmin processes
> for updating. That means you'd use "zeekcl" to shutdown the cluster
> processes, then run "yum update" (or whatever), then use "zeekcl"
> again to start things up again. (The Zeek supervisor will be running
> already at that point, managaged through systemd or whatever you're
> using).
I have a slightly different take: isn't it more common to expect
"start" and "stop" operations here to be done by the service-manager
rather than Zeek client? I'm assuming "update/deploy Zeek
installation" could involve a change in the `zeek` binary and that
implements the supervisor process itself, so you'd want, at the level
of system services, to stop the entire Zeek process tree, including
the root supervisor.
That doesn't exclude the possibility of the client having operations
like "start" (spawn `zeek -j <config>`), "stop" (kill the root `zeek`
supervisor process), or even others that dynamically add/remove
cluster nodes from the tree, but that's probably not the
common/expected usage to prioritize since it's again back to model of
the process tree being managed manually by the user, independent from
a system's service-manager.
- Jon
More information about the Zeek-Dev
mailing list