Running Supervisor¶

This section makes reference to a BINDIR when explaining how to run the supervisord and supervisorctl commands. This is the “bindir” directory that your Python installation has been configured with. For example, for an installation of Python installed via ./configure --prefix=/usr/local/py; make; make install, BINDIR would be /usr/local/py/bin. Python interpreters on different platforms use a different BINDIR. Look at the output of setup.py install if you can’t figure out where yours is.

Adding a Program¶

Before supervisord will do anything useful for you, you’ll need to add at least one program section to its configuration. The program section will define a program that is run and managed when you invoke the supervisord command. To add a program, you’ll need to edit the supervisord.conf file.

One of the simplest possible programs to run is the UNIX cat program. A program section that will run cat when the supervisord process starts up is shown below.

[program:foo]
command=/bin/cat

This stanza may be cut and pasted into the supervisord.conf file. This is the simplest possible program configuration, because it only names a command. Program configuration sections have many other configuration options which aren’t shown here. See [program:x] Section Settings for more information.

Running supervisord¶

To start supervisord, run $BINDIR/supervisord. The resulting process will daemonize itself and detach from the terminal. It keeps an operations log at $CWD/supervisor.log by default.

You may start the supervisord executable in the foreground by passing the -n flag on its command line. This is useful to debug startup problems.

Warning

When supervisord starts up, it will search for its configuration file in default locations including the current working directory. If you are security-conscious you will probably want to specify a “-c” argument after the supervisord command specifying an absolute path to a configuration file to ensure that someone doesn’t trick you into running supervisor from within a directory that contains a rogue supervisord.conf file. A warning is emitted when supervisor is started as root without this -c argument.

To change the set of programs controlled by supervisord, edit the supervisord.conf file and kill -HUP or otherwise restart the supervisord process. This file has several example program definitions.

The supervisord command accepts a number of command-line options. Each of these command line options overrides any equivalent value in the configuration file.

supervisord Command-Line Options¶

-c FILE, --configuration=FILE: The path to a supervisord configuration file.
-n, --nodaemon: Run supervisord in the foreground.
-s, --silent: No output directed to stdout.
-h, --help: Show supervisord command help.
-u USER, --user=USER: UNIX username or numeric user id. If supervisord is started as the root user, setuid to this user as soon as possible during startup.
-m OCTAL, --umask=OCTAL: Octal number (e.g. 022) representing the umask that should be used by supervisord after it starts.
-d PATH, --directory=PATH: When supervisord is run as a daemon, cd to this directory before daemonizing.
-l FILE, --logfile=FILE: Filename path to use as the supervisord activity log.
-y BYTES, --logfile_maxbytes=BYTES: Max size of the supervisord activity log file before a rotation occurs. The value is suffix-multiplied, e.g “1” is one byte, “1MB” is 1 megabyte, “1GB” is 1 gigabyte.
-z NUM, --logfile_backups=NUM: Number of backup copies of the supervisord activity log to keep around. Each logfile will be of size logfile_maxbytes.
-e LEVEL, --loglevel=LEVEL: The logging level at which supervisor should write to the activity log. Valid levels are trace, debug, info, warn, error, and critical.
-j FILE, --pidfile=FILE: The filename to which supervisord should write its pid file.
-i STRING, --identifier=STRING: Arbitrary string identifier exposed by various client UIs for this instance of supervisor.
-q PATH, --childlogdir=PATH: A path to a directory (it must already exist) where supervisor will write its AUTO -mode child process logs.
-k, --nocleanup: Prevent supervisord from performing cleanup (removal of old AUTO process log files) at startup.
-a NUM, --minfds=NUM: The minimum number of file descriptors that must be available to the supervisord process before it will start successfully.
-t, --strip_ansi: Strip ANSI escape sequences from all child log process.
-v, --version: Print the supervisord version number out to stdout and exit.
--profile_options=LIST: Comma-separated options list for profiling. Causes supervisord to run under a profiler, and output results based on the options, which is a comma-separated list of the following: cumulative, calls, callers. E.g. cumulative,callers.
--minprocs=NUM: The minimum number of OS process slots that must be available to the supervisord process before it will start successfully.

Running supervisorctl¶

To start supervisorctl, run $BINDIR/supervisorctl. A shell will be presented that will allow you to control the processes that are currently managed by supervisord. Type “help” at the prompt to get information about the supported commands.

The supervisorctl executable may be invoked with “one time” commands when invoked with arguments from a command line. An example: supervisorctl stop all. If arguments are present on the command-line, it will prevent the interactive shell from being invoked. Instead, the command will be executed and supervisorctl will exit with a code of 0 for success or running and non-zero for error. An example: supervisorctl status all would return non-zero if any single process was not running.

If supervisorctl is invoked in interactive mode against a supervisord that requires authentication, you will be asked for authentication credentials.

supervisorctl Command-Line Options¶

-c, --configuration: Configuration file path (default /etc/supervisord.conf)
-h, --help: Print usage message and exit
-i, --interactive: Start an interactive shell after executing commands
-s, --serverurl URL: URL on which supervisord server is listening (default “http://localhost:9001”).
-u, --username: Username to use for authentication with server
-p, --password: Password to use for authentication with server
-r, --history-file: Keep a readline history (if readline is available)

action [arguments]

Actions are commands like “tail” or “stop”. If -i is specified or no action is specified on the command line, a “shell” interpreting actions typed interactively is started. Use the action “help” to find out about available actions.

supervisorctl Actions¶

help

Print a list of available actions

help <action>

Print help for <action>

add <name> […]

Activates any updates in config for process/group

remove <name> […]

Removes process/group from active config

update

Reload config and add/remove as necessary, and will restart affected programs

update all

Reload config and add/remove as necessary, and will restart affected programs

update <gname> […]

Update specific groups, and will restart affected programs

clear <name>

Clear a process’ log files.

clear <name> <name>

Clear multiple process’ log files

clear all

Clear all process’ log files

fg <process>

Connect to a process in foreground mode Press Ctrl+C to exit foreground

pid

Get the PID of supervisord.

pid <name>

Get the PID of a single child process by name.

pid all

Get the PID of every child process, one per line.

reload

Restarts the remote supervisord

reread

Reload the daemon’s configuration files, without add/remove (no restarts)

restart <name>

Restart a process Note: restart does not reread config files. For that, see reread and update.

restart <gname>:*

Restart all processes in a group Note: restart does not reread config files. For that, see reread and update.

restart <name> <name>

Restart multiple processes or groups Note: restart does not reread config files. For that, see reread and update.

restart all

Restart all processes Note: restart does not reread config files. For that, see reread and update.

signal

No help on signal

start <name>

Start a process

start <gname>:*

Start all processes in a group

start <name> <name>

Start multiple processes or groups

start all

Start all processes

status

Get all process status info.

status <name>

Get status on a single process by name.

status <name> <name>

Get status on multiple named processes.

stop <name>

Stop a process

stop <gname>:*

Stop all processes in a group

stop <name> <name>

Stop multiple processes or groups

stop all

Stop all processes

tail [-f] <name> [stdout|stderr] (default stdout)

Output the last part of process logs Ex: tail -f <name> Continuous tail of named process stdout Ctrl-C to exit. tail -100 <name> last 100 bytes of process stdout tail <name> stderr last 1600 bytes of process stderr

Signals¶

The supervisord program may be sent signals which cause it to perform certain actions while it’s running.

You can send any of these signals to the single supervisord process id. This process id can be found in the file represented by the pidfile parameter in the [supervisord] section of the configuration file (by default it’s $CWD/supervisord.pid).

Signal Handlers¶

SIGTERM

supervisord and all its subprocesses will shut down. This may take several seconds.

SIGINT

supervisord and all its subprocesses will shut down. This may take several seconds.

SIGQUIT

supervisord and all its subprocesses will shut down. This may take several seconds.

SIGHUP

supervisord will stop all processes, reload the configuration from the first config file it finds, and start all processes.

SIGUSR2

supervisord will close and reopen the main activity log and all child log files.

Runtime Security¶

The developers have done their best to assure that use of a supervisord process running as root cannot lead to unintended privilege escalation. But caveat emptor. Supervisor is not as paranoid as something like DJ Bernstein’s daemontools, inasmuch as supervisord allows for arbitrary path specifications in its configuration file to which data may be written. Allowing arbitrary path selections can create vulnerabilities from symlink attacks. Be careful when specifying paths in your configuration. Ensure that the supervisord configuration file cannot be read from or written to by unprivileged users and that all files installed by the supervisor package have “sane” file permission protection settings. Additionally, ensure that your PYTHONPATH is sane and that all Python standard library files have adequate file permission protections.

Running supervisord automatically on startup¶

If you are using a distribution-packaged version of Supervisor, it should already be integrated into the service management infrastructure of your distribution.

There are user-contributed scripts for various operating systems at: https://github.com/Supervisor/initscripts

There are some answers at Serverfault in case you get stuck: How to automatically start supervisord on Linux (Ubuntu)