[stunnel-users] Question about "forground = yes" and "output = FILE" combined options
mgebis at countertack.com
Wed Oct 14 23:21:32 CEST 2015
Maybe you'll indulge me and let me make a final argument in favor of
making a control widget that allows us to run in "foreground" but have
the messages only go to a file.
The reason for this request: We're wrapping stunnel startup for
inclusion as a custom Cloudera service--we want to be able to control
stunnel startup/shutdown/restart through the Cloudera management
tools. The Cloudera control script "glue" requires that processes run
in the foreground. This is because they use supervisord which
requires the stunnel process to be rooted under supervisord's process
So we are in the position of having to use "foreground = true".
However, the Cloudera service also captures all of the stderr/stdout
of the managed process, and makes this available through the Cloudera
management console. If this output is just errors/startup/shutdown
messages, that's about the right volume of messages, but we have a
very busy stunnel with lots of connections, and the Cloudera UI
quickly chokes on the volume of text.
Our current setup redirects stdout/stderr to /dev/null to avoid
overwhelming the Cloudera UI. But this means that errors during
startup (such as a bad config file) are not available through the
Cloudera interface. We are living with this right now, and it's not
terrible, but I figured I might as well share my wishlist. :)
I understand that our use case may be rather obscure, and are probably
outside the scope of what you would like to do with stunnel. But I
just wanted to explain. Thanks for reading!
On Wed, Oct 14, 2015 at 1:34 PM, Michael Gebis <mgebis at countertack.com> wrote:
> Thank you for the speedy response!
> On Wed, Oct 14, 2015 at 1:19 PM, Michal Trojnara
> <Michal.Trojnara at mirt.net> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>> On 14.10.2015 21:42, Michael Gebis wrote:
>>> I have a question about the combination of the "foreground = yes"
>>> option combined with the "output = FILE" option.
>>> This implies that if you set both "foreground = yes" and "output =
>>> FILE", the log messages will not be sent to stderr and will instead
>>> be sent to the log file only.
>> The implementation was modified in version 4.22 to allow logging to
>> multiple destinations, but apparently I never updated the manual to
>> reflect this change.
>>> We'd like this behavior--it makes it easier for our scripts to
>>> distinguish startup errors parsing the config file (which are sent
>>> to stderr, since the log file isn't configured yet) vs. normal
>>> operation after the config file is parsed and the log file is
>> This is close to the way it works without "foreground = yes".
>>> I guess I'm asking: is the documentation in conflict with the
>>> behavior, and if so, which is correct?
>> The software works as intended. I need to update the documentation.
>> Best regards,
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v2
>> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>> -----END PGP SIGNATURE-----
>> stunnel-users mailing list
>> stunnel-users at stunnel.org
More information about the stunnel-users