Running Supervisor

This section makes reference to a BINDIR when explaining how to run the supervisord and supervisorctl commands. This is the “bindir” directory that your Python installation has been configured with. For example, for an installation of Python installed via ./configure --prefix=/usr/local/py; make; make install, BINDIR would be /usr/local/py/bin. Python interpreters on different platforms use a different BINDIR. Look at the output of setup.py install if you can’t figure out where yours is.

Adding a Program

Before supervisord will do anything useful for you, you’ll need to add at least one program section to its configuration. The program section will define a program that is run and managed when you invoke the supervisord command. To add a program, you’ll need to edit the supervisord.conf file.

One of the simplest possible programs to run is the UNIX cat program. A program section that will run cat when the supervisord process starts up is shown below.

[program:foo]
command=/bin/cat

This stanza may be cut and pasted into the supervisord.conf file. This is the simplest possible program configuration, because it only names a command. Program configuration sections have many other configuration options which aren’t shown here. See [program:x] Section Settings for more information.

Running supervisord

To start supervisord, run $BINDIR/supervisord. The resulting process will daemonize itself and detach from the terminal. It keeps an operations log at $CWD/supervisor.log by default.

You may start the supervisord executable in the foreground by passing the -n flag on its command line. This is useful to debug startup problems.

Warning

When supervisord starts up, it will search for its configuration file in default locations including the current working directory. If you are security-conscious you will probably want to specify a “-c” argument after the supervisord command specifying an absolute path to a configuration file to ensure that someone doesn’t trick you into running supervisor from within a directory that contains a rogue supervisord.conf file. A warning is emitted when supervisor is started as root without this -c argument.

To change the set of programs controlled by supervisord, edit the supervisord.conf file and kill -HUP or otherwise restart the supervisord process. This file has several example program definitions.

The supervisord command accepts a number of command-line options. Each of these command line options overrides any equivalent value in the configuration file.

supervisord Command-Line Options

-c FILE, --configuration=FILE

The path to a supervisord configuration file.

-n, --nodaemon

Run supervisord in the foreground.

-s, --silent

No output directed to stdout.

-h, --help

Show supervisord command help.

-u USER, --user=USER

UNIX username or numeric user id. If supervisord is started as the root user, setuid to this user as soon as possible during startup.

-m OCTAL, --umask=OCTAL

Octal number (e.g. 022) representing the umask that should be used by supervisord after it starts.

-d PATH, --directory=PATH

When supervisord is run as a daemon, cd to this directory before daemonizing.

-l FILE, --logfile=FILE

Filename path to use as the supervisord activity log.

-y BYTES, --logfile_maxbytes=BYTES

Max size of the supervisord activity log file before a rotation occurs. The value is suffix-multiplied, e.g “1” is one byte, “1MB” is 1 megabyte, “1GB” is 1 gigabyte.

-z NUM, --logfile_backups=NUM

Number of backup copies of the supervisord activity log to keep around. Each logfile will be of size logfile_maxbytes.

-e LEVEL, --loglevel=LEVEL

The logging level at which supervisor should write to the activity log. Valid levels are trace, debug, info, warn, error, and critical.

-j FILE, --pidfile=FILE

The filename to which supervisord should write its pid file.

-i STRING, --identifier=STRING

Arbitrary string identifier exposed by various client UIs for this instance of supervisor.

-q PATH, --childlogdir=PATH

A path to a directory (it must already exist) where supervisor will write its AUTO -mode child process logs.

-k, --nocleanup

Prevent supervisord from performing cleanup (removal of old AUTO process log files) at startup.

-a NUM, --minfds=NUM

The minimum number of file descriptors that must be available to the supervisord process before it will start successfully.

-t, --strip_ansi

Strip ANSI escape sequences from all child log process.

-v, --version

Print the supervisord version number out to stdout and exit.

--profile_options=LIST

Comma-separated options list for profiling. Causes supervisord to run under a profiler, and output results based on the options, which is a comma-separated list of the following: cumulative, calls, callers. E.g. cumulative,callers.

--minprocs=NUM

The minimum number of OS process slots that must be available to the supervisord process before it will start successfully.

Running supervisorctl

To start supervisorctl, run $BINDIR/supervisorctl. A shell will be presented that will allow you to control the processes that are currently managed by supervisord. Type “help” at the prompt to get information about the supported commands.

The supervisorctl executable may be invoked with “one time” commands when invoked with arguments from a command line. An example: supervisorctl stop all. If arguments are present on the command-line, it will prevent the interactive shell from being invoked. Instead, the command will be executed and supervisorctl will exit with a code of 0 for success or running and non-zero for error. An example: supervisorctl status all would return non-zero if any single process was not running.

If supervisorctl is invoked in interactive mode against a supervisord that requires authentication, you will be asked for authentication credentials.

supervisorctl Command-Line Options

-c, --configuration

Configuration file path (default /etc/supervisord.conf)

-h, --help

Print usage message and exit

-i, --interactive

Start an interactive shell after executing commands

-s, --serverurl URL

URL on which supervisord server is listening (default “http://localhost:9001”).

-u, --username

Username to use for authentication with server

-p, --password

Password to use for authentication with server

-r, --history-file

Keep a readline history (if readline is available)

action [arguments]

Actions are commands like “tail” or “stop”. If -i is specified or no action is specified on the command line, a “shell” interpreting actions typed interactively is started. Use the action “help” to find out about available actions.

supervisorctl Actions

help

Print a list of available actions

help <action>

Print help for <action>

add <name> […]

Activates any updates in config for process/group

remove <name> […]

Removes process/group from active config

update

Reload config and add/remove as necessary, and will restart affected programs

update all

Reload config and add/remove as necessary, and will restart affected programs

update <gname> […]

Update specific groups, and will restart affected programs

clear <name>

Clear a process’ log files.

clear <name> <name>

Clear multiple process’ log files

clear all

Clear all process’ log files

fg <process>

Connect to a process in foreground mode Press Ctrl+C to exit foreground

pid

Get the PID of supervisord.

pid <name>

Get the PID of a single child process by name.

pid all

Get the PID of every child process, one per line.

reload

Restarts the remote supervisord

reread

Reload the daemon’s configuration files, without add/remove (no restarts)

restart <name>

Restart a process Note: restart does not reread config files. For that, see reread and update.

restart <gname>:*

Restart all processes in a group Note: restart does not reread config files. For that, see reread and update.

restart <name> <name>

Restart multiple processes or groups Note: restart does not reread config files. For that, see reread and update.

restart all

Restart all processes Note: restart does not reread config files. For that, see reread and update.

signal

No help on signal

start <name>

Start a process

start <gname>:*

Start all processes in a group

start <name> <name>

Start multiple processes or groups

start all

Start all processes

status

Get all process status info.

status <name>

Get status on a single process by name.

status <name> <name>

Get status on multiple named processes.

stop <name>

Stop a process

stop <gname>:*

Stop all processes in a group

stop <name> <name>

Stop multiple processes or groups

stop all

Stop all processes

tail [-f] <name> [stdout|stderr] (default stdout)

Output the last part of process logs Ex: tail -f <name> Continuous tail of named process stdout Ctrl-C to exit. tail -100 <name> last 100 bytes of process stdout tail <name> stderr last 1600 bytes of process stderr

Signals

The supervisord program may be sent signals which cause it to perform certain actions while it’s running.

You can send any of these signals to the single supervisord process id. This process id can be found in the file represented by the pidfile parameter in the [supervisord] section of the configuration file (by default it’s $CWD/supervisord.pid).

Signal Handlers

SIGTERM

supervisord and all its subprocesses will shut down. This may take several seconds.

SIGINT

supervisord and all its subprocesses will shut down. This may take several seconds.

SIGQUIT

supervisord and all its subprocesses will shut down. This may take several seconds.

SIGHUP

supervisord will stop all processes, reload the configuration from the first config file it finds, and start all processes.

SIGUSR2

supervisord will close and reopen the main activity log and all child log files.

Runtime Security

The developers have done their best to assure that use of a supervisord process running as root cannot lead to unintended privilege escalation. But caveat emptor. Supervisor is not as paranoid as something like DJ Bernstein’s daemontools, inasmuch as supervisord allows for arbitrary path specifications in its configuration file to which data may be written. Allowing arbitrary path selections can create vulnerabilities from symlink attacks. Be careful when specifying paths in your configuration. Ensure that the supervisord configuration file cannot be read from or written to by unprivileged users and that all files installed by the supervisor package have “sane” file permission protection settings. Additionally, ensure that your PYTHONPATH is sane and that all Python standard library files have adequate file permission protections.

Running supervisord automatically on startup

If you are using a distribution-packaged version of Supervisor, it should already be integrated into the service management infrastructure of your distribution.

There are user-contributed scripts for various operating systems at: https://github.com/Supervisor/initscripts

There are some answers at Serverfault in case you get stuck: How to automatically start supervisord on Linux (Ubuntu)