when going into reboot mos_sysvol ot the volmgr should umount the volumes just before the system stops #1

New issue

Open

opened 2026-03-27 18:56:02 +00:00 by delandtj · 5 comments

delandtj commented 2026-03-27 18:56:02 +00:00

Owner

Copy link

No description provided.

delandtj commented 2026-03-27 19:08:35 +00:00

Author

Owner

Copy link

Implementation Spec for Issue #1: Unmount Volumes on Reboot/Shutdown

Objective

Ensure that MOS storage volumes (both sysvol-managed system volumes and volmgrd-managed dynamic volumes) are cleanly unmounted during system reboot or shutdown, just before the system stops.

Architecture (Current State)

• my_init_pid1 (PID 1): receives SIGINT (reboot) / SIGTERM (poweroff), calls do_shutdown() → stops services → reaps zombies → sync() → reboot() syscall
• mos_sysvol: oneshot boot service that mounts system storage. Already has mos_sysvol::unmount() library function — currently unused at shutdown
• mos_volmgrd: long-running daemon (Unix socket JSON-RPC) managing dynamic mounts. No signal handling — loops forever on accept()

Gap: Neither sysvol unmount nor volmgrd unmount is called during shutdown.

Requirements

• On reboot/shutdown, all MOS volumes must be cleanly unmounted before the reboot syscall
• Dynamic mounts (volmgrd registry) unmounted when daemon receives SIGTERM
• System volumes unmounted after services stop but before sync() + reboot()
• Correct order: dynamic mounts first → subvolumes (reverse) → EFI → boot → swap off
• Errors logged as warnings, must not prevent reboot

Files to Modify/Create

File	Action	Description
mos_volmgrd/src/main.rs	Modify	Add SIGTERM handler, graceful shutdown with registry unmount
mos_volmgrd/src/rpc/server.rs	Modify	Add shutdown channel to run_server accept loop
mos_volmgrd/Cargo.toml	Modify	Add tokio signal feature
mos_sysvol/src/main.rs	Modify	Add --unmount subcommand
my_init_pid1/src/main.rs	Modify	Call mos_sysvol --unmount in do_shutdown()
my_init/etc/my_init/system/volmgrd.toml	Create	Service definition for volmgrd

Implementation Plan

Step 1: Graceful shutdown for mos_volmgrd

• Add tokio signal feature to Cargo.toml
• Modify run_server to accept a shutdown receiver and use tokio::select!
• Add SIGTERM handler in main.rs that unmounts all registry mounts then exits

Step 2: Add --unmount subcommand to mos_sysvol binary

• Modify mos_sysvol main.rs to accept --unmount flag
• When called with --unmount, call mos_sysvol::unmount() and exit

Step 3: Add sysvol unmount to PID 1 shutdown

• In do_shutdown(), after services stopped and zombies reaped, spawn mos_sysvol --unmount
• Log errors as warnings, continue to sync + reboot regardless

Step 4: Add volmgrd service definition

• Create volmgrd.toml with dependency on sysvol
• Ensures correct startup/shutdown ordering

Acceptance Criteria

• mos_volmgrd handles SIGTERM: stops connections, unmounts registry mounts, exits cleanly
• PID 1 calls mos_sysvol --unmount after services stop, before sync/reboot
• Unmount errors logged but don't block reboot
• Correct unmount ordering maintained
• All existing tests pass

Notes

• Using mos_sysvol --unmount binary approach (recommended) to avoid cross-workspace dependency
• mos_sysvol::unmount() already exists and handles correct ordering
• PID 1's do_shutdown() already has a tokio runtime available

## Implementation Spec for Issue #1: Unmount Volumes on Reboot/Shutdown ### Objective Ensure that MOS storage volumes (both sysvol-managed system volumes and volmgrd-managed dynamic volumes) are cleanly unmounted during system reboot or shutdown, just before the system stops. ### Architecture (Current State) - **my_init_pid1** (PID 1): receives SIGINT (reboot) / SIGTERM (poweroff), calls `do_shutdown()` → stops services → reaps zombies → `sync()` → `reboot()` syscall - **mos_sysvol**: oneshot boot service that mounts system storage. Already has `mos_sysvol::unmount()` library function — currently unused at shutdown - **mos_volmgrd**: long-running daemon (Unix socket JSON-RPC) managing dynamic mounts. No signal handling — loops forever on `accept()` **Gap:** Neither sysvol unmount nor volmgrd unmount is called during shutdown. ### Requirements - On reboot/shutdown, all MOS volumes must be cleanly unmounted before the reboot syscall - Dynamic mounts (volmgrd registry) unmounted when daemon receives SIGTERM - System volumes unmounted after services stop but before `sync()` + `reboot()` - Correct order: dynamic mounts first → subvolumes (reverse) → EFI → boot → swap off - Errors logged as warnings, must not prevent reboot ### Files to Modify/Create | File | Action | Description | |------|--------|-------------| | `mos_volmgrd/src/main.rs` | Modify | Add SIGTERM handler, graceful shutdown with registry unmount | | `mos_volmgrd/src/rpc/server.rs` | Modify | Add shutdown channel to `run_server` accept loop | | `mos_volmgrd/Cargo.toml` | Modify | Add tokio `signal` feature | | `mos_sysvol/src/main.rs` | Modify | Add `--unmount` subcommand | | `my_init_pid1/src/main.rs` | Modify | Call `mos_sysvol --unmount` in `do_shutdown()` | | `my_init/etc/my_init/system/volmgrd.toml` | Create | Service definition for volmgrd | ### Implementation Plan #### Step 1: Graceful shutdown for mos_volmgrd - Add tokio `signal` feature to Cargo.toml - Modify `run_server` to accept a shutdown receiver and use `tokio::select!` - Add SIGTERM handler in `main.rs` that unmounts all registry mounts then exits #### Step 2: Add `--unmount` subcommand to mos_sysvol binary - Modify mos_sysvol `main.rs` to accept `--unmount` flag - When called with `--unmount`, call `mos_sysvol::unmount()` and exit #### Step 3: Add sysvol unmount to PID 1 shutdown - In `do_shutdown()`, after services stopped and zombies reaped, spawn `mos_sysvol --unmount` - Log errors as warnings, continue to sync + reboot regardless #### Step 4: Add volmgrd service definition - Create `volmgrd.toml` with dependency on `sysvol` - Ensures correct startup/shutdown ordering ### Acceptance Criteria - [ ] mos_volmgrd handles SIGTERM: stops connections, unmounts registry mounts, exits cleanly - [ ] PID 1 calls `mos_sysvol --unmount` after services stop, before sync/reboot - [ ] Unmount errors logged but don't block reboot - [ ] Correct unmount ordering maintained - [ ] All existing tests pass ### Notes - Using `mos_sysvol --unmount` binary approach (recommended) to avoid cross-workspace dependency - `mos_sysvol::unmount()` already exists and handles correct ordering - PID 1's `do_shutdown()` already has a tokio runtime available

delandtj commented 2026-03-27 19:16:57 +00:00

Author

Owner

Copy link

there is of course some dependencies to be verified... imagine a process managed by my_init didn't get shut down properly because of ... reasons.. the fs can't really be umounted (except lazy umount) we shouldn't dwell on that and if that happens do a sync before reboot

there is of course some dependencies to be verified... imagine a process managed by my_init didn't get shut down properly because of ... reasons.. the fs can't really be umounted (except lazy umount) we shouldn't dwell on that and if that happens do a sync before reboot

delandtj commented 2026-03-27 19:28:00 +00:00

Author

Owner

Copy link

Test Results

• cargo check (mos_volmgr): PASS
• cargo test (mos_volmgr): 33 passed, 0 failed
• cargo clippy (mos_volmgr): PASS (0 warnings)
• cargo check (my_init): PASS
• cargo test (my_init): 3 passed, 1 failed
• cargo clippy (my_init): PASS (0 warnings)

Failure Details

my_init — harness::tests::test_harness_starts_and_stops

The integration test harness failed because the my_init_server binary was not found. The test expects the binary to be pre-built with cargo build --features server --release or the MY_INIT_SERVER_BIN env var to be set. This is an environment/setup issue, not a code bug.

## Test Results - **cargo check (mos_volmgr):** PASS - **cargo test (mos_volmgr):** 33 passed, 0 failed - **cargo clippy (mos_volmgr):** PASS (0 warnings) - **cargo check (my_init):** PASS - **cargo test (my_init):** 3 passed, 1 failed - **cargo clippy (my_init):** PASS (0 warnings) ### Failure Details **my_init** — `harness::tests::test_harness_starts_and_stops` The integration test harness failed because the `my_init_server` binary was not found. The test expects the binary to be pre-built with `cargo build --features server --release` or the `MY_INIT_SERVER_BIN` env var to be set. This is an environment/setup issue, not a code bug.

delandtj commented 2026-03-27 19:28:38 +00:00

Author

Owner

Copy link

Implementation Summary

Changes Made

mos_volmgrd — Graceful shutdown with SIGTERM handling

• crates/mos_volmgrd/Cargo.toml: Added tokio signal and sync features
• crates/mos_volmgrd/src/rpc/server.rs: run_server now accepts a shutdown channel; uses tokio::select! to stop accepting connections on shutdown
• crates/mos_volmgrd/src/main.rs: Registers SIGTERM handler. On signal: sends shutdown to server, iterates registry entries in reverse, unmounts each (with lazy unmount fallback), cleans up socket file

mos_sysvol — --unmount subcommand

• crates/mos_sysvol/src/main.rs: Added --unmount flag. When invoked, calls mos_sysvol::unmount(), logs result, exits cleanly even on failure

my_init_pid1 — Shutdown integration

• crates/my_init_pid1/src/main.rs: In do_shutdown(), after zombie reaping and before sync(), invokes /usr/bin/mos_sysvol --unmount (non-container mode only). Failures logged as warnings, never block reboot.

Service definition

• etc/my_init/system/volmgrd.toml: New service definition for mos_volmgrd daemon, depends on sysvol

Shutdown Sequence (after changes)

1. PID 1 receives SIGINT/SIGTERM
2. my_init_server stops all services (reverse dependency order)
3. volmgrd receives SIGTERM → unmounts dynamic mounts → exits
4. PID 1 reaps zombies
5. PID 1 runs mos_sysvol --unmount → unmounts system volumes
6. sync()
7. reboot() syscall

Design: Resilient unmount

• Normal unmount attempted first
• Lazy unmount (MNT_DETACH) as fallback
• All errors logged as warnings, never block shutdown
• sync() always runs before reboot regardless

Test Results

• mos_volmgr: 33 passed, 0 failed, 0 clippy warnings
• my_init: 3 passed, 1 pre-existing failure (unrelated), 0 clippy warnings

## Implementation Summary ### Changes Made **mos_volmgrd — Graceful shutdown with SIGTERM handling** - `crates/mos_volmgrd/Cargo.toml`: Added tokio `signal` and `sync` features - `crates/mos_volmgrd/src/rpc/server.rs`: `run_server` now accepts a shutdown channel; uses `tokio::select!` to stop accepting connections on shutdown - `crates/mos_volmgrd/src/main.rs`: Registers SIGTERM handler. On signal: sends shutdown to server, iterates registry entries in reverse, unmounts each (with lazy unmount fallback), cleans up socket file **mos_sysvol — `--unmount` subcommand** - `crates/mos_sysvol/src/main.rs`: Added `--unmount` flag. When invoked, calls `mos_sysvol::unmount()`, logs result, exits cleanly even on failure **my_init_pid1 — Shutdown integration** - `crates/my_init_pid1/src/main.rs`: In `do_shutdown()`, after zombie reaping and before `sync()`, invokes `/usr/bin/mos_sysvol --unmount` (non-container mode only). Failures logged as warnings, never block reboot. **Service definition** - `etc/my_init/system/volmgrd.toml`: New service definition for mos_volmgrd daemon, depends on `sysvol` ### Shutdown Sequence (after changes) 1. PID 1 receives SIGINT/SIGTERM 2. my_init_server stops all services (reverse dependency order) 3. volmgrd receives SIGTERM → unmounts dynamic mounts → exits 4. PID 1 reaps zombies 5. PID 1 runs `mos_sysvol --unmount` → unmounts system volumes 6. `sync()` 7. `reboot()` syscall ### Design: Resilient unmount - Normal unmount attempted first - Lazy unmount (MNT_DETACH) as fallback - All errors logged as warnings, never block shutdown - `sync()` always runs before reboot regardless ### Test Results - mos_volmgr: 33 passed, 0 failed, 0 clippy warnings - my_init: 3 passed, 1 pre-existing failure (unrelated), 0 clippy warnings

delandtj referenced this issue from a commit 2026-03-27 19:31:27 +00:00

feat: graceful shutdown with volume unmount on SIGTERM

delandtj referenced this issue from a commit 2026-03-27 19:31:44 +00:00

feat(pid1): unmount MOS volumes during shutdown sequence

delandtj commented 2026-03-27 19:32:01 +00:00

Author

Owner

Copy link

Implementation Committed

mos_volmgr (main branch):

• Commit: 8895ab0
• Browse: 8895ab0

my_init (development branch):

• Commit: cc806aa
• Browse: geomind_code/my_init@cc806aa

Both commits reference this issue.

## Implementation Committed **mos_volmgr** (main branch): - Commit: `8895ab0` - Browse: https://forge.ourworld.tf/geomind_code/mos_volmgr/commit/8895ab0 **my_init** (development branch): - Commit: `cc806aa` - Browse: https://forge.ourworld.tf/geomind_code/my_init/commit/cc806aa Both commits reference this issue.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

feat/os-server-prd-volmgr-prerequisites

No results found.

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

geomind_code/mos_volmgr#1

No description provided.