RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-02-16 02:26:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
d47a1bd1d7
haproxy/src/haproxy-systemd-wrapper.c

312 lines
7.4 KiB
C
Raw Normal View History

MEDIUM: add haproxy-systemd-wrapper Currently, to reload haproxy configuration, you have to use "-sf". There is a problem with this way of doing things. First of all, in the systemd world, reload commands should be "oneshot" ones, which means they should not be the new main process but rather a tool which makes a call to it and then exits. With the current approach, the reload command is the new main command and moreover, it makes the previous one exit. Systemd only tracks the main program, seeing it ending, it assumes it either finished or failed, and kills everything remaining as a grabage collector. We then end up with no haproxy running at all. This patch adds wrapper around haproxy, no changes at all have been made into it, so it's not intrusive and doesn't change anything for other hosts. What this wrapper does is basically launching haproxy as a child, listen to the SIGUSR2 (not to conflict with haproxy itself) signal, and spawing a new haproxy with "-sf" as a child to relay the first one. Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2013-02-12 09:53:53 +00:00
/*
* Wrapper to make haproxy systemd-compliant.
*
* Copyright 2013 Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*
*/
#include <errno.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/wait.h>
MINOR: systemd wrapper: re-execute on SIGUSR2 Re-execute the systemd wrapper on SIGUSR2 and before reloading HAProxy, making it possible to load a completely new version of HAProxy (including a new version of the systemd wrapper) gracefully. Since the wrapper accepts no command-line arguments of its own, re-execution is signaled using the HAPROXY_SYSTEMD_REEXEC environment variable. This is primarily intended to help seamless upgrades of distribution packages.
2014-04-17 13:39:28 +00:00
#define REEXEC_FLAG "HAPROXY_SYSTEMD_REEXEC"
MINOR: systemd wrapper: improve logging Use standard error for logging messages, as it seems that this gets messages to the systemd journal more reliably. Also use systemd's support for specifying log levels via stderr to apply different levels to messages.
2014-04-17 13:39:29 +00:00
#define SD_DEBUG "<7>"
#define SD_NOTICE "<5>"
MINOR: systemd wrapper: re-execute on SIGUSR2 Re-execute the systemd wrapper on SIGUSR2 and before reloading HAProxy, making it possible to load a completely new version of HAProxy (including a new version of the systemd wrapper) gracefully. Since the wrapper accepts no command-line arguments of its own, re-execution is signaled using the HAPROXY_SYSTEMD_REEXEC environment variable. This is primarily intended to help seamless upgrades of distribution packages.
2014-04-17 13:39:28 +00:00
MEDIUM: Improve signal handling in systemd wrapper. Move all code out of the signal handlers, since this is potentially dangerous. To make sure the signal handlers behave as expected, use sigaction() instead of signal(). That also obsoletes messing with the signal mask after restart. Signed-off-by: Conrad Hoffmann <conrad@soundcloud.com>
2014-07-28 21:52:20 +00:00
static volatile sig_atomic_t caught_signal;
MEDIUM: add haproxy-systemd-wrapper Currently, to reload haproxy configuration, you have to use "-sf". There is a problem with this way of doing things. First of all, in the systemd world, reload commands should be "oneshot" ones, which means they should not be the new main process but rather a tool which makes a call to it and then exits. With the current approach, the reload command is the new main command and moreover, it makes the previous one exit. Systemd only tracks the main program, seeing it ending, it assumes it either finished or failed, and kills everything remaining as a grabage collector. We then end up with no haproxy running at all. This patch adds wrapper around haproxy, no changes at all have been made into it, so it's not intrusive and doesn't change anything for other hosts. What this wrapper does is basically launching haproxy as a child, listen to the SIGUSR2 (not to conflict with haproxy itself) signal, and spawing a new haproxy with "-sf" as a child to relay the first one. Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2013-02-12 09:53:53 +00:00
static char *pid_file = "/run/haproxy.pid";
MINOR: systemd wrapper: re-execute on SIGUSR2 Re-execute the systemd wrapper on SIGUSR2 and before reloading HAProxy, making it possible to load a completely new version of HAProxy (including a new version of the systemd wrapper) gracefully. Since the wrapper accepts no command-line arguments of its own, re-execution is signaled using the HAPROXY_SYSTEMD_REEXEC environment variable. This is primarily intended to help seamless upgrades of distribution packages.
2014-04-17 13:39:28 +00:00
static int wrapper_argc;
static char **wrapper_argv;
MEDIUM: add haproxy-systemd-wrapper Currently, to reload haproxy configuration, you have to use "-sf". There is a problem with this way of doing things. First of all, in the systemd world, reload commands should be "oneshot" ones, which means they should not be the new main process but rather a tool which makes a call to it and then exits. With the current approach, the reload command is the new main command and moreover, it makes the previous one exit. Systemd only tracks the main program, seeing it ending, it assumes it either finished or failed, and kills everything remaining as a grabage collector. We then end up with no haproxy running at all. This patch adds wrapper around haproxy, no changes at all have been made into it, so it's not intrusive and doesn't change anything for other hosts. What this wrapper does is basically launching haproxy as a child, listen to the SIGUSR2 (not to conflict with haproxy itself) signal, and spawing a new haproxy with "-sf" as a child to relay the first one. Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2013-02-12 09:53:53 +00:00
BUG/MINOR: systemd: always restore signals before execve() Since signals are inherited, we must restore them before calling execve() and intercept them again after a failed execve(). In order to cleanly deal with the SIGUSR2/SIGHUP loops where we re-exec the wrapper, we ignore these two signals during a re-exec, and restore them to defaults when spawning haproxy. This should be backported to 1.6 and 1.5.
2016-10-25 14:49:31 +00:00
static void setup_signal_handler();
static void pause_signal_handler();
static void reset_signal_handler();
MEDIUM: systemd-wrapper: support multiple executable versions and names Having to use a hard-coded "haproxy" executable name next to the systemd wrapper is not always convenient, as it's sometimes desirable to run with multiple versions in parallel. Thus this patch performs a minor change to the wrapper : if the name ends with "-systemd-wrapper", then it trims that part off and what remains becomes the target haproxy executable. That makes it easy to have for example : haproxy-1.5.4-systemd-wrapper haproxy-1.5.4 haproxy-1.5.3-systemd-wrapper haproxy-1.5.3 and so on, in a same directory. This patch also fixes a rare bug caused by readlink() not adding the trailing zero and leaving possible existing contents, including possibly a randomly placed "/" which would make it unable to locate the correct binary. This case is not totally unlikely as I got a \177 a few times at the end of the executable names, so I could have got a '/' as well. Back-porting to 1.5 is desirable.
2014-09-19 13:42:30 +00:00
/* returns the path to the haproxy binary into <buffer>, whose size indicated
* in <buffer_size> must be at least 1 byte long.
*/
MEDIUM: haproxy-systemd-wrapper: Use haproxy in same directory Locate the wrapper and use a haproxy executable found in the same directory. This patch lets the wrapper work in openSUSE.
2013-11-22 10:06:34 +00:00
static void locate_haproxy(char *buffer, size_t buffer_size)
{
BUG/MEDIUM: systemd-wrapper: fix locating of haproxy binary OpenBSD complains this way due to strncat() : src/haproxy-systemd-wrapper.o(.text+0xd5): In function `spawn_haproxy': src/haproxy-systemd-wrapper.c:33: warning: strcat() is almost always misused, please use strlcat() In fact, the code before strncat() here is wrong, because it may dereference a NULL if /proc/self/exe is not readable. So fix it and get rid of strncat() at the same time. No backport is needed.
2014-04-14 13:34:34 +00:00
char *end = NULL;
MEDIUM: systemd-wrapper: support multiple executable versions and names Having to use a hard-coded "haproxy" executable name next to the systemd wrapper is not always convenient, as it's sometimes desirable to run with multiple versions in parallel. Thus this patch performs a minor change to the wrapper : if the name ends with "-systemd-wrapper", then it trims that part off and what remains becomes the target haproxy executable. That makes it easy to have for example : haproxy-1.5.4-systemd-wrapper haproxy-1.5.4 haproxy-1.5.3-systemd-wrapper haproxy-1.5.3 and so on, in a same directory. This patch also fixes a rare bug caused by readlink() not adding the trailing zero and leaving possible existing contents, including possibly a randomly placed "/" which would make it unable to locate the correct binary. This case is not totally unlikely as I got a \177 a few times at the end of the executable names, so I could have got a '/' as well. Back-porting to 1.5 is desirable.
2014-09-19 13:42:30 +00:00
int len;
len = readlink("/proc/self/exe", buffer, buffer_size - 1);
if (len == -1)
goto fail;
BUG/MEDIUM: systemd-wrapper: fix locating of haproxy binary OpenBSD complains this way due to strncat() : src/haproxy-systemd-wrapper.o(.text+0xd5): In function `spawn_haproxy': src/haproxy-systemd-wrapper.c:33: warning: strcat() is almost always misused, please use strlcat() In fact, the code before strncat() here is wrong, because it may dereference a NULL if /proc/self/exe is not readable. So fix it and get rid of strncat() at the same time. No backport is needed.
2014-04-14 13:34:34 +00:00
MEDIUM: systemd-wrapper: support multiple executable versions and names Having to use a hard-coded "haproxy" executable name next to the systemd wrapper is not always convenient, as it's sometimes desirable to run with multiple versions in parallel. Thus this patch performs a minor change to the wrapper : if the name ends with "-systemd-wrapper", then it trims that part off and what remains becomes the target haproxy executable. That makes it easy to have for example : haproxy-1.5.4-systemd-wrapper haproxy-1.5.4 haproxy-1.5.3-systemd-wrapper haproxy-1.5.3 and so on, in a same directory. This patch also fixes a rare bug caused by readlink() not adding the trailing zero and leaving possible existing contents, including possibly a randomly placed "/" which would make it unable to locate the correct binary. This case is not totally unlikely as I got a \177 a few times at the end of the executable names, so I could have got a '/' as well. Back-porting to 1.5 is desirable.
2014-09-19 13:42:30 +00:00
buffer[len] = 0;
end = strrchr(buffer, '/');
if (end == NULL)
goto fail;
BUG/MEDIUM: systemd-wrapper: fix locating of haproxy binary OpenBSD complains this way due to strncat() : src/haproxy-systemd-wrapper.o(.text+0xd5): In function `spawn_haproxy': src/haproxy-systemd-wrapper.c:33: warning: strcat() is almost always misused, please use strlcat() In fact, the code before strncat() here is wrong, because it may dereference a NULL if /proc/self/exe is not readable. So fix it and get rid of strncat() at the same time. No backport is needed.
2014-04-14 13:34:34 +00:00
MEDIUM: systemd-wrapper: support multiple executable versions and names Having to use a hard-coded "haproxy" executable name next to the systemd wrapper is not always convenient, as it's sometimes desirable to run with multiple versions in parallel. Thus this patch performs a minor change to the wrapper : if the name ends with "-systemd-wrapper", then it trims that part off and what remains becomes the target haproxy executable. That makes it easy to have for example : haproxy-1.5.4-systemd-wrapper haproxy-1.5.4 haproxy-1.5.3-systemd-wrapper haproxy-1.5.3 and so on, in a same directory. This patch also fixes a rare bug caused by readlink() not adding the trailing zero and leaving possible existing contents, including possibly a randomly placed "/" which would make it unable to locate the correct binary. This case is not totally unlikely as I got a \177 a few times at the end of the executable names, so I could have got a '/' as well. Back-porting to 1.5 is desirable.
2014-09-19 13:42:30 +00:00
if (strcmp(end + strlen(end) - 16, "-systemd-wrapper") == 0) {
end[strlen(end) - 16] = '\0';
BUG/MEDIUM: systemd-wrapper: fix locating of haproxy binary OpenBSD complains this way due to strncat() : src/haproxy-systemd-wrapper.o(.text+0xd5): In function `spawn_haproxy': src/haproxy-systemd-wrapper.c:33: warning: strcat() is almost always misused, please use strlcat() In fact, the code before strncat() here is wrong, because it may dereference a NULL if /proc/self/exe is not readable. So fix it and get rid of strncat() at the same time. No backport is needed.
2014-04-14 13:34:34 +00:00
return;
}
MEDIUM: systemd-wrapper: support multiple executable versions and names Having to use a hard-coded "haproxy" executable name next to the systemd wrapper is not always convenient, as it's sometimes desirable to run with multiple versions in parallel. Thus this patch performs a minor change to the wrapper : if the name ends with "-systemd-wrapper", then it trims that part off and what remains becomes the target haproxy executable. That makes it easy to have for example : haproxy-1.5.4-systemd-wrapper haproxy-1.5.4 haproxy-1.5.3-systemd-wrapper haproxy-1.5.3 and so on, in a same directory. This patch also fixes a rare bug caused by readlink() not adding the trailing zero and leaving possible existing contents, including possibly a randomly placed "/" which would make it unable to locate the correct binary. This case is not totally unlikely as I got a \177 a few times at the end of the executable names, so I could have got a '/' as well. Back-porting to 1.5 is desirable.
2014-09-19 13:42:30 +00:00
MEDIUM: haproxy-systemd-wrapper: Use haproxy in same directory Locate the wrapper and use a haproxy executable found in the same directory. This patch lets the wrapper work in openSUSE.
2013-11-22 10:06:34 +00:00
end[1] = '\0';
BUG/MEDIUM: systemd-wrapper: fix locating of haproxy binary OpenBSD complains this way due to strncat() : src/haproxy-systemd-wrapper.o(.text+0xd5): In function `spawn_haproxy': src/haproxy-systemd-wrapper.c:33: warning: strcat() is almost always misused, please use strlcat() In fact, the code before strncat() here is wrong, because it may dereference a NULL if /proc/self/exe is not readable. So fix it and get rid of strncat() at the same time. No backport is needed.
2014-04-14 13:34:34 +00:00
strncpy(end + 1, "haproxy", buffer + buffer_size - (end + 1));
buffer[buffer_size - 1] = '\0';
MEDIUM: systemd-wrapper: support multiple executable versions and names Having to use a hard-coded "haproxy" executable name next to the systemd wrapper is not always convenient, as it's sometimes desirable to run with multiple versions in parallel. Thus this patch performs a minor change to the wrapper : if the name ends with "-systemd-wrapper", then it trims that part off and what remains becomes the target haproxy executable. That makes it easy to have for example : haproxy-1.5.4-systemd-wrapper haproxy-1.5.4 haproxy-1.5.3-systemd-wrapper haproxy-1.5.3 and so on, in a same directory. This patch also fixes a rare bug caused by readlink() not adding the trailing zero and leaving possible existing contents, including possibly a randomly placed "/" which would make it unable to locate the correct binary. This case is not totally unlikely as I got a \177 a few times at the end of the executable names, so I could have got a '/' as well. Back-porting to 1.5 is desirable.
2014-09-19 13:42:30 +00:00
return;
fail:
strncpy(buffer, "/usr/sbin/haproxy", buffer_size);
buffer[buffer_size - 1] = '\0';
return;
MEDIUM: haproxy-systemd-wrapper: Use haproxy in same directory Locate the wrapper and use a haproxy executable found in the same directory. This patch lets the wrapper work in openSUSE.
2013-11-22 10:06:34 +00:00
}
BUG/MEDIUM: systemd: let the wrapper know that haproxy has completed or failed Pierre Cheynier found that there's a persistent issue with the systemd wrapper. Too fast reloads can lead to certain old processes not being signaled at all and continuing to run. The problem was tracked down as a race between the startup and the signal processing : nothing prevents the wrapper from starting new processes while others are still starting, and the resulting pid file will only contain the latest pids in this case. This can happen with large configs and/or when a lot of SSL certificates are involved. In order to solve this we want the wrapper to wait for the new processes to complete their startup. But we also want to ensure it doesn't wait for nothing in case of error. The solution found here is to create a pipe between the wrapper and the sub-processes. The wrapper waits on the pipe and the sub-processes are expected to close this pipe once they completed their startup. That way we don't queue up new processes until the previous ones have registered their pids to the pid file. And if anything goes wrong, the wrapper is immediately released. The only thing is that we need the sub-processes to know the pipe's file descriptor. We pass it in an environment variable called HAPROXY_WRAPPER_FD. It was confirmed both by Pierre and myself that this completely solves the "zombie" process issue so that only the new processes continue to listen on the sockets. It seems that in the future this stuff could be moved to the haproxy master process, also getting rid of an environment variable. This fix needs to be backported to 1.6 and 1.5.
2016-10-25 15:20:24 +00:00
/* Note: this function must not exit in case of error (except in the child), as
* it is only dedicated the starting a new haproxy process. By keeping the
* process alive it will ensure that future signal delivery may get rid of
* the issue. If the first startup fails, the wrapper will notice it and
* return an error thanks to wait() returning ECHILD.
*/
BUG/MEDIUM: systemd-wrapper: don't leak zombie processes Formerly, if A was replaced by B, and then B by C before A finished exiting, we didn't wait for B to finish so it ended up as a zombie process. Fix this by waiting randomly every child we spawn. Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2013-04-02 11:53:21 +00:00
static void spawn_haproxy(char **pid_strv, int nb_pid)
MEDIUM: add haproxy-systemd-wrapper Currently, to reload haproxy configuration, you have to use "-sf". There is a problem with this way of doing things. First of all, in the systemd world, reload commands should be "oneshot" ones, which means they should not be the new main process but rather a tool which makes a call to it and then exits. With the current approach, the reload command is the new main command and moreover, it makes the previous one exit. Systemd only tracks the main program, seeing it ending, it assumes it either finished or failed, and kills everything remaining as a grabage collector. We then end up with no haproxy running at all. This patch adds wrapper around haproxy, no changes at all have been made into it, so it's not intrusive and doesn't change anything for other hosts. What this wrapper does is basically launching haproxy as a child, listen to the SIGUSR2 (not to conflict with haproxy itself) signal, and spawing a new haproxy with "-sf" as a child to relay the first one. Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2013-02-12 09:53:53 +00:00
{
MEDIUM: haproxy-systemd-wrapper: Use haproxy in same directory Locate the wrapper and use a haproxy executable found in the same directory. This patch lets the wrapper work in openSUSE.
2013-11-22 10:06:34 +00:00
char haproxy_bin[512];
pid_t pid;
MINOR: systemd wrapper: re-execute on SIGUSR2 Re-execute the systemd wrapper on SIGUSR2 and before reloading HAProxy, making it possible to load a completely new version of HAProxy (including a new version of the systemd wrapper) gracefully. Since the wrapper accepts no command-line arguments of its own, re-execution is signaled using the HAPROXY_SYSTEMD_REEXEC environment variable. This is primarily intended to help seamless upgrades of distribution packages.
2014-04-17 13:39:28 +00:00
int main_argc;
char **main_argv;
BUG/MEDIUM: systemd: let the wrapper know that haproxy has completed or failed Pierre Cheynier found that there's a persistent issue with the systemd wrapper. Too fast reloads can lead to certain old processes not being signaled at all and continuing to run. The problem was tracked down as a race between the startup and the signal processing : nothing prevents the wrapper from starting new processes while others are still starting, and the resulting pid file will only contain the latest pids in this case. This can happen with large configs and/or when a lot of SSL certificates are involved. In order to solve this we want the wrapper to wait for the new processes to complete their startup. But we also want to ensure it doesn't wait for nothing in case of error. The solution found here is to create a pipe between the wrapper and the sub-processes. The wrapper waits on the pipe and the sub-processes are expected to close this pipe once they completed their startup. That way we don't queue up new processes until the previous ones have registered their pids to the pid file. And if anything goes wrong, the wrapper is immediately released. The only thing is that we need the sub-processes to know the pipe's file descriptor. We pass it in an environment variable called HAPROXY_WRAPPER_FD. It was confirmed both by Pierre and myself that this completely solves the "zombie" process issue so that only the new processes continue to listen on the sockets. It seems that in the future this stuff could be moved to the haproxy master process, also getting rid of an environment variable. This fix needs to be backported to 1.6 and 1.5.
2016-10-25 15:20:24 +00:00
int pipefd[2];
char fdstr[20];
int ret;
MINOR: systemd wrapper: re-execute on SIGUSR2 Re-execute the systemd wrapper on SIGUSR2 and before reloading HAProxy, making it possible to load a completely new version of HAProxy (including a new version of the systemd wrapper) gracefully. Since the wrapper accepts no command-line arguments of its own, re-execution is signaled using the HAPROXY_SYSTEMD_REEXEC environment variable. This is primarily intended to help seamless upgrades of distribution packages.
2014-04-17 13:39:28 +00:00
main_argc = wrapper_argc - 1;
main_argv = wrapper_argv + 1;
MEDIUM: haproxy-systemd-wrapper: Use haproxy in same directory Locate the wrapper and use a haproxy executable found in the same directory. This patch lets the wrapper work in openSUSE.
2013-11-22 10:06:34 +00:00
BUG/MEDIUM: systemd: let the wrapper know that haproxy has completed or failed Pierre Cheynier found that there's a persistent issue with the systemd wrapper. Too fast reloads can lead to certain old processes not being signaled at all and continuing to run. The problem was tracked down as a race between the startup and the signal processing : nothing prevents the wrapper from starting new processes while others are still starting, and the resulting pid file will only contain the latest pids in this case. This can happen with large configs and/or when a lot of SSL certificates are involved. In order to solve this we want the wrapper to wait for the new processes to complete their startup. But we also want to ensure it doesn't wait for nothing in case of error. The solution found here is to create a pipe between the wrapper and the sub-processes. The wrapper waits on the pipe and the sub-processes are expected to close this pipe once they completed their startup. That way we don't queue up new processes until the previous ones have registered their pids to the pid file. And if anything goes wrong, the wrapper is immediately released. The only thing is that we need the sub-processes to know the pipe's file descriptor. We pass it in an environment variable called HAPROXY_WRAPPER_FD. It was confirmed both by Pierre and myself that this completely solves the "zombie" process issue so that only the new processes continue to listen on the sockets. It seems that in the future this stuff could be moved to the haproxy master process, also getting rid of an environment variable. This fix needs to be backported to 1.6 and 1.5.
2016-10-25 15:20:24 +00:00
if (pipe(pipefd) != 0) {
fprintf(stderr, SD_NOTICE "haproxy-systemd-wrapper: failed to create a pipe, please try again later.\n");
return;
}
BUG/MEDIUM: remove debugging code from systemd-wrapper Kristoffer Grnlund reported that after my recent update to the systemd-wrapper, I accidentely left the debugging code which consists in disabling the fork :-( The fix needs to be backported to 1.5 as well since I pushed it there as well.
2014-09-24 10:59:25 +00:00
pid = fork();
MEDIUM: add haproxy-systemd-wrapper Currently, to reload haproxy configuration, you have to use "-sf". There is a problem with this way of doing things. First of all, in the systemd world, reload commands should be "oneshot" ones, which means they should not be the new main process but rather a tool which makes a call to it and then exits. With the current approach, the reload command is the new main command and moreover, it makes the previous one exit. Systemd only tracks the main program, seeing it ending, it assumes it either finished or failed, and kills everything remaining as a grabage collector. We then end up with no haproxy running at all. This patch adds wrapper around haproxy, no changes at all have been made into it, so it's not intrusive and doesn't change anything for other hosts. What this wrapper does is basically launching haproxy as a child, listen to the SIGUSR2 (not to conflict with haproxy itself) signal, and spawing a new haproxy with "-sf" as a child to relay the first one. Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2013-02-12 09:53:53 +00:00
if (!pid) {
BUG/MINOR: systemd: check return value of calloc() The wrapper is not the best reliable thing in the universe, so start by adding at least the minimum expected controls :-/ To be backported to 1.5 and 1.6.
2016-10-25 15:05:56 +00:00
char **argv;
MEDIUM: add haproxy-systemd-wrapper Currently, to reload haproxy configuration, you have to use "-sf". There is a problem with this way of doing things. First of all, in the systemd world, reload commands should be "oneshot" ones, which means they should not be the new main process but rather a tool which makes a call to it and then exits. With the current approach, the reload command is the new main command and moreover, it makes the previous one exit. Systemd only tracks the main program, seeing it ending, it assumes it either finished or failed, and kills everything remaining as a grabage collector. We then end up with no haproxy running at all. This patch adds wrapper around haproxy, no changes at all have been made into it, so it's not intrusive and doesn't change anything for other hosts. What this wrapper does is basically launching haproxy as a child, listen to the SIGUSR2 (not to conflict with haproxy itself) signal, and spawing a new haproxy with "-sf" as a child to relay the first one. Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2013-02-12 09:53:53 +00:00
int i;
int argno = 0;
BUG/MINOR: systemd: always restore signals before execve() Since signals are inherited, we must restore them before calling execve() and intercept them again after a failed execve(). In order to cleanly deal with the SIGUSR2/SIGHUP loops where we re-exec the wrapper, we ignore these two signals during a re-exec, and restore them to defaults when spawning haproxy. This should be backported to 1.6 and 1.5.
2016-10-25 14:49:31 +00:00
BUG/MINOR: systemd: check return value of calloc() The wrapper is not the best reliable thing in the universe, so start by adding at least the minimum expected controls :-/ To be backported to 1.5 and 1.6.
2016-10-25 15:05:56 +00:00
/* 3 for "haproxy -Ds -sf" */
argv = calloc(4 + main_argc + nb_pid + 1, sizeof(char *));
if (!argv) {
fprintf(stderr, SD_NOTICE "haproxy-systemd-wrapper: failed to calloc(), please try again later.\n");
exit(1);
}
BUG/MINOR: systemd: always restore signals before execve() Since signals are inherited, we must restore them before calling execve() and intercept them again after a failed execve(). In order to cleanly deal with the SIGUSR2/SIGHUP loops where we re-exec the wrapper, we ignore these two signals during a re-exec, and restore them to defaults when spawning haproxy. This should be backported to 1.6 and 1.5.
2016-10-25 14:49:31 +00:00
reset_signal_handler();
BUG/MEDIUM: systemd: let the wrapper know that haproxy has completed or failed Pierre Cheynier found that there's a persistent issue with the systemd wrapper. Too fast reloads can lead to certain old processes not being signaled at all and continuing to run. The problem was tracked down as a race between the startup and the signal processing : nothing prevents the wrapper from starting new processes while others are still starting, and the resulting pid file will only contain the latest pids in this case. This can happen with large configs and/or when a lot of SSL certificates are involved. In order to solve this we want the wrapper to wait for the new processes to complete their startup. But we also want to ensure it doesn't wait for nothing in case of error. The solution found here is to create a pipe between the wrapper and the sub-processes. The wrapper waits on the pipe and the sub-processes are expected to close this pipe once they completed their startup. That way we don't queue up new processes until the previous ones have registered their pids to the pid file. And if anything goes wrong, the wrapper is immediately released. The only thing is that we need the sub-processes to know the pipe's file descriptor. We pass it in an environment variable called HAPROXY_WRAPPER_FD. It was confirmed both by Pierre and myself that this completely solves the "zombie" process issue so that only the new processes continue to listen on the sockets. It seems that in the future this stuff could be moved to the haproxy master process, also getting rid of an environment variable. This fix needs to be backported to 1.6 and 1.5.
2016-10-25 15:20:24 +00:00
close(pipefd[0]); /* close the read side */
snprintf(fdstr, sizeof(fdstr), "%d", pipefd[1]);
if (setenv("HAPROXY_WRAPPER_FD", fdstr, 1) != 0) {
fprintf(stderr, SD_NOTICE "haproxy-systemd-wrapper: failed to setenv(), please try again later.\n");
exit(1);
}
MEDIUM: haproxy-systemd-wrapper: Use haproxy in same directory Locate the wrapper and use a haproxy executable found in the same directory. This patch lets the wrapper work in openSUSE.
2013-11-22 10:06:34 +00:00
locate_haproxy(haproxy_bin, 512);
argv[argno++] = haproxy_bin;
MEDIUM: add haproxy-systemd-wrapper Currently, to reload haproxy configuration, you have to use "-sf". There is a problem with this way of doing things. First of all, in the systemd world, reload commands should be "oneshot" ones, which means they should not be the new main process but rather a tool which makes a call to it and then exits. With the current approach, the reload command is the new main command and moreover, it makes the previous one exit. Systemd only tracks the main program, seeing it ending, it assumes it either finished or failed, and kills everything remaining as a grabage collector. We then end up with no haproxy running at all. This patch adds wrapper around haproxy, no changes at all have been made into it, so it's not intrusive and doesn't change anything for other hosts. What this wrapper does is basically launching haproxy as a child, listen to the SIGUSR2 (not to conflict with haproxy itself) signal, and spawing a new haproxy with "-sf" as a child to relay the first one. Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2013-02-12 09:53:53 +00:00
for (i = 0; i < main_argc; ++i)
argv[argno++] = main_argv[i];
argv[argno++] = "-Ds";
if (nb_pid > 0) {
argv[argno++] = "-sf";
for (i = 0; i < nb_pid; ++i)
argv[argno++] = pid_strv[i];
}
argv[argno] = NULL;
LOW: systemd-wrapper: Write debug information to stdout Write the command line used to call haproxy to stdout, as well as the return code returned by the haproxy process.
2013-11-22 10:11:54 +00:00
MINOR: systemd wrapper: improve logging Use standard error for logging messages, as it seems that this gets messages to the systemd journal more reliably. Also use systemd's support for specifying log levels via stderr to apply different levels to messages.
2014-04-17 13:39:29 +00:00
fprintf(stderr, SD_DEBUG "haproxy-systemd-wrapper: executing ");
LOW: systemd-wrapper: Write debug information to stdout Write the command line used to call haproxy to stdout, as well as the return code returned by the haproxy process.
2013-11-22 10:11:54 +00:00
for (i = 0; argv[i]; ++i)
MINOR: systemd wrapper: improve logging Use standard error for logging messages, as it seems that this gets messages to the systemd journal more reliably. Also use systemd's support for specifying log levels via stderr to apply different levels to messages.
2014-04-17 13:39:29 +00:00
fprintf(stderr, "%s ", argv[i]);
fprintf(stderr, "\n");
LOW: systemd-wrapper: Write debug information to stdout Write the command line used to call haproxy to stdout, as well as the return code returned by the haproxy process.
2013-11-22 10:11:54 +00:00
MEDIUM: add haproxy-systemd-wrapper Currently, to reload haproxy configuration, you have to use "-sf". There is a problem with this way of doing things. First of all, in the systemd world, reload commands should be "oneshot" ones, which means they should not be the new main process but rather a tool which makes a call to it and then exits. With the current approach, the reload command is the new main command and moreover, it makes the previous one exit. Systemd only tracks the main program, seeing it ending, it assumes it either finished or failed, and kills everything remaining as a grabage collector. We then end up with no haproxy running at all. This patch adds wrapper around haproxy, no changes at all have been made into it, so it's not intrusive and doesn't change anything for other hosts. What this wrapper does is basically launching haproxy as a child, listen to the SIGUSR2 (not to conflict with haproxy itself) signal, and spawing a new haproxy with "-sf" as a child to relay the first one. Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2013-02-12 09:53:53 +00:00
execv(argv[0], argv);
MINOR: systemd: report it when execve() fails It's important to know that a signal sent to the wrapper had no effect because something failed during execve(). Ideally more info (strerror) should be reported. It would be nice to backport this to 1.6 and 1.5.
2016-10-25 14:51:40 +00:00
fprintf(stderr, SD_NOTICE "haproxy-systemd-wrapper: execv(%s) failed, please try again later.\n", argv[0]);
BUG/MINOR: systemd: make the wrapper return a non-null status code on error When execv() fails to execute the haproxy executable, it's important to return an error instead of pretending everything is cool. This fix should be backported to 1.6 and 1.5 in order to improve the overall reliability under systemd.
2016-10-25 13:50:47 +00:00
exit(1);
MEDIUM: add haproxy-systemd-wrapper Currently, to reload haproxy configuration, you have to use "-sf". There is a problem with this way of doing things. First of all, in the systemd world, reload commands should be "oneshot" ones, which means they should not be the new main process but rather a tool which makes a call to it and then exits. With the current approach, the reload command is the new main command and moreover, it makes the previous one exit. Systemd only tracks the main program, seeing it ending, it assumes it either finished or failed, and kills everything remaining as a grabage collector. We then end up with no haproxy running at all. This patch adds wrapper around haproxy, no changes at all have been made into it, so it's not intrusive and doesn't change anything for other hosts. What this wrapper does is basically launching haproxy as a child, listen to the SIGUSR2 (not to conflict with haproxy itself) signal, and spawing a new haproxy with "-sf" as a child to relay the first one. Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2013-02-12 09:53:53 +00:00
}
MINOR: systemd: report it when execve() fails It's important to know that a signal sent to the wrapper had no effect because something failed during execve(). Ideally more info (strerror) should be reported. It would be nice to backport this to 1.6 and 1.5.
2016-10-25 14:51:40 +00:00
else if (pid == -1) {
fprintf(stderr, SD_NOTICE "haproxy-systemd-wrapper: failed to fork(), please try again later.\n");
}
BUG/MEDIUM: systemd: let the wrapper know that haproxy has completed or failed Pierre Cheynier found that there's a persistent issue with the systemd wrapper. Too fast reloads can lead to certain old processes not being signaled at all and continuing to run. The problem was tracked down as a race between the startup and the signal processing : nothing prevents the wrapper from starting new processes while others are still starting, and the resulting pid file will only contain the latest pids in this case. This can happen with large configs and/or when a lot of SSL certificates are involved. In order to solve this we want the wrapper to wait for the new processes to complete their startup. But we also want to ensure it doesn't wait for nothing in case of error. The solution found here is to create a pipe between the wrapper and the sub-processes. The wrapper waits on the pipe and the sub-processes are expected to close this pipe once they completed their startup. That way we don't queue up new processes until the previous ones have registered their pids to the pid file. And if anything goes wrong, the wrapper is immediately released. The only thing is that we need the sub-processes to know the pipe's file descriptor. We pass it in an environment variable called HAPROXY_WRAPPER_FD. It was confirmed both by Pierre and myself that this completely solves the "zombie" process issue so that only the new processes continue to listen on the sockets. It seems that in the future this stuff could be moved to the haproxy master process, also getting rid of an environment variable. This fix needs to be backported to 1.6 and 1.5.
2016-10-25 15:20:24 +00:00
/* The parent closes the write side and waits for the child to close it
* as well. Also deal the case where the fd would unexpectedly be 1 or 2
* by silently draining all data.
*/
close(pipefd[1]);
do {
char c;
ret = read(pipefd[0], &c, sizeof(c));
} while ((ret > 0) || (ret == -1 && errno == EINTR));
/* the child has finished starting up */
close(pipefd[0]);
MEDIUM: add haproxy-systemd-wrapper Currently, to reload haproxy configuration, you have to use "-sf". There is a problem with this way of doing things. First of all, in the systemd world, reload commands should be "oneshot" ones, which means they should not be the new main process but rather a tool which makes a call to it and then exits. With the current approach, the reload command is the new main command and moreover, it makes the previous one exit. Systemd only tracks the main program, seeing it ending, it assumes it either finished or failed, and kills everything remaining as a grabage collector. We then end up with no haproxy running at all. This patch adds wrapper around haproxy, no changes at all have been made into it, so it's not intrusive and doesn't change anything for other hosts. What this wrapper does is basically launching haproxy as a child, listen to the SIGUSR2 (not to conflict with haproxy itself) signal, and spawing a new haproxy with "-sf" as a child to relay the first one. Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2013-02-12 09:53:53 +00:00
}
static int read_pids(char ***pid_strv)
{
FILE *f = fopen(pid_file, "r");
int read = 0, allocated = 8;
char pid_str[10];
if (!f)
return 0;
*pid_strv = malloc(allocated * sizeof(char *));
while (1 == fscanf(f, "%s\n", pid_str)) {
if (read == allocated) {
allocated *= 2;
*pid_strv = realloc(*pid_strv, allocated * sizeof(char *));
}
(*pid_strv)[read++] = strdup(pid_str);
}
fclose(f);
return read;
}
MEDIUM: Improve signal handling in systemd wrapper. Move all code out of the signal handlers, since this is potentially dangerous. To make sure the signal handlers behave as expected, use sigaction() instead of signal(). That also obsoletes messing with the signal mask after restart. Signed-off-by: Conrad Hoffmann <conrad@soundcloud.com>
2014-07-28 21:52:20 +00:00
static void signal_handler(int signum)
{
MINOR: systemd: ensure a reload doesn't mask a stop If a SIGHUP/SIGUSR2 is sent immediately after a SIGTERM/SIGINT and before wait() is notified, it will mask it since there's no queue, only a copy of the last received signal. Let's add a special check before overwriting the signal so that SIGTERM/SIGINT are not masked.
2016-02-27 07:26:14 +00:00
if (caught_signal != SIGINT && caught_signal != SIGTERM)
caught_signal = signum;
MEDIUM: Improve signal handling in systemd wrapper. Move all code out of the signal handlers, since this is potentially dangerous. To make sure the signal handlers behave as expected, use sigaction() instead of signal(). That also obsoletes messing with the signal mask after restart. Signed-off-by: Conrad Hoffmann <conrad@soundcloud.com>
2014-07-28 21:52:20 +00:00
}
BUG/MINOR: systemd: always restore signals before execve() Since signals are inherited, we must restore them before calling execve() and intercept them again after a failed execve(). In order to cleanly deal with the SIGUSR2/SIGHUP loops where we re-exec the wrapper, we ignore these two signals during a re-exec, and restore them to defaults when spawning haproxy. This should be backported to 1.6 and 1.5.
2016-10-25 14:49:31 +00:00
static void setup_signal_handler()
{
struct sigaction sa;
memset(&sa, 0, sizeof(struct sigaction));
sa.sa_handler = &signal_handler;
sigaction(SIGUSR2, &sa, NULL);
sigaction(SIGHUP, &sa, NULL);
sigaction(SIGINT, &sa, NULL);
sigaction(SIGTERM, &sa, NULL);
}
static void pause_signal_handler()
{
signal(SIGUSR2, SIG_IGN);
signal(SIGHUP, SIG_IGN);
signal(SIGINT, SIG_DFL);
signal(SIGTERM, SIG_DFL);
}
static void reset_signal_handler()
{
signal(SIGUSR2, SIG_DFL);
signal(SIGHUP, SIG_DFL);
signal(SIGINT, SIG_DFL);
signal(SIGTERM, SIG_DFL);
}
BUG/MINOR: systemd: report the correct signal in debug message output Commit c54bdd2 ("MINOR: Also accept SIGHUP/SIGTERM in systemd-wrapper") added support for extra signals but did not adapt the debug message, which continues to report incorrect signal types. Let's pass the signal number to the do_restart() and do_shutdown() functions so that the output matches the signal that was received.
2016-02-27 07:18:04 +00:00
/* handles SIGUSR2 and SIGHUP only */
static void do_restart(int sig)
MEDIUM: add haproxy-systemd-wrapper Currently, to reload haproxy configuration, you have to use "-sf". There is a problem with this way of doing things. First of all, in the systemd world, reload commands should be "oneshot" ones, which means they should not be the new main process but rather a tool which makes a call to it and then exits. With the current approach, the reload command is the new main command and moreover, it makes the previous one exit. Systemd only tracks the main program, seeing it ending, it assumes it either finished or failed, and kills everything remaining as a grabage collector. We then end up with no haproxy running at all. This patch adds wrapper around haproxy, no changes at all have been made into it, so it's not intrusive and doesn't change anything for other hosts. What this wrapper does is basically launching haproxy as a child, listen to the SIGUSR2 (not to conflict with haproxy itself) signal, and spawing a new haproxy with "-sf" as a child to relay the first one. Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2013-02-12 09:53:53 +00:00
{
MINOR: systemd wrapper: re-execute on SIGUSR2 Re-execute the systemd wrapper on SIGUSR2 and before reloading HAProxy, making it possible to load a completely new version of HAProxy (including a new version of the systemd wrapper) gracefully. Since the wrapper accepts no command-line arguments of its own, re-execution is signaled using the HAPROXY_SYSTEMD_REEXEC environment variable. This is primarily intended to help seamless upgrades of distribution packages.
2014-04-17 13:39:28 +00:00
setenv(REEXEC_FLAG, "1", 1);
BUG/MINOR: systemd: report the correct signal in debug message output Commit c54bdd2 ("MINOR: Also accept SIGHUP/SIGTERM in systemd-wrapper") added support for extra signals but did not adapt the debug message, which continues to report incorrect signal types. Let's pass the signal number to the do_restart() and do_shutdown() functions so that the output matches the signal that was received.
2016-02-27 07:18:04 +00:00
fprintf(stderr, SD_NOTICE "haproxy-systemd-wrapper: re-executing on %s.\n",
sig == SIGUSR2 ? "SIGUSR2" : "SIGHUP");
MEDIUM: add haproxy-systemd-wrapper Currently, to reload haproxy configuration, you have to use "-sf". There is a problem with this way of doing things. First of all, in the systemd world, reload commands should be "oneshot" ones, which means they should not be the new main process but rather a tool which makes a call to it and then exits. With the current approach, the reload command is the new main command and moreover, it makes the previous one exit. Systemd only tracks the main program, seeing it ending, it assumes it either finished or failed, and kills everything remaining as a grabage collector. We then end up with no haproxy running at all. This patch adds wrapper around haproxy, no changes at all have been made into it, so it's not intrusive and doesn't change anything for other hosts. What this wrapper does is basically launching haproxy as a child, listen to the SIGUSR2 (not to conflict with haproxy itself) signal, and spawing a new haproxy with "-sf" as a child to relay the first one. Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2013-02-12 09:53:53 +00:00
BUG/MINOR: systemd: always restore signals before execve() Since signals are inherited, we must restore them before calling execve() and intercept them again after a failed execve(). In order to cleanly deal with the SIGUSR2/SIGHUP loops where we re-exec the wrapper, we ignore these two signals during a re-exec, and restore them to defaults when spawning haproxy. This should be backported to 1.6 and 1.5.
2016-10-25 14:49:31 +00:00
/* don't let the other process take one of those signals by accident */
pause_signal_handler();
MINOR: systemd wrapper: re-execute on SIGUSR2 Re-execute the systemd wrapper on SIGUSR2 and before reloading HAProxy, making it possible to load a completely new version of HAProxy (including a new version of the systemd wrapper) gracefully. Since the wrapper accepts no command-line arguments of its own, re-execution is signaled using the HAPROXY_SYSTEMD_REEXEC environment variable. This is primarily intended to help seamless upgrades of distribution packages.
2014-04-17 13:39:28 +00:00
execv(wrapper_argv[0], wrapper_argv);
BUG/MINOR: systemd: always restore signals before execve() Since signals are inherited, we must restore them before calling execve() and intercept them again after a failed execve(). In order to cleanly deal with the SIGUSR2/SIGHUP loops where we re-exec the wrapper, we ignore these two signals during a re-exec, and restore them to defaults when spawning haproxy. This should be backported to 1.6 and 1.5.
2016-10-25 14:49:31 +00:00
/* failed, let's reinstall the signal handler and continue */
setup_signal_handler();
MINOR: systemd: report it when execve() fails It's important to know that a signal sent to the wrapper had no effect because something failed during execve(). Ideally more info (strerror) should be reported. It would be nice to backport this to 1.6 and 1.5.
2016-10-25 14:51:40 +00:00
fprintf(stderr, SD_NOTICE "haproxy-systemd-wrapper: re-exec(%s) failed.\n", wrapper_argv[0]);
MEDIUM: add haproxy-systemd-wrapper Currently, to reload haproxy configuration, you have to use "-sf". There is a problem with this way of doing things. First of all, in the systemd world, reload commands should be "oneshot" ones, which means they should not be the new main process but rather a tool which makes a call to it and then exits. With the current approach, the reload command is the new main command and moreover, it makes the previous one exit. Systemd only tracks the main program, seeing it ending, it assumes it either finished or failed, and kills everything remaining as a grabage collector. We then end up with no haproxy running at all. This patch adds wrapper around haproxy, no changes at all have been made into it, so it's not intrusive and doesn't change anything for other hosts. What this wrapper does is basically launching haproxy as a child, listen to the SIGUSR2 (not to conflict with haproxy itself) signal, and spawing a new haproxy with "-sf" as a child to relay the first one. Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2013-02-12 09:53:53 +00:00
}
BUG/MINOR: systemd: report the correct signal in debug message output Commit c54bdd2 ("MINOR: Also accept SIGHUP/SIGTERM in systemd-wrapper") added support for extra signals but did not adapt the debug message, which continues to report incorrect signal types. Let's pass the signal number to the do_restart() and do_shutdown() functions so that the output matches the signal that was received.
2016-02-27 07:18:04 +00:00
/* handles SIGTERM and SIGINT only */
static void do_shutdown(int sig)
MEDIUM: systemd-wrapper: Kill child processes when interrupted Send SIGINT to child processes when killed. This ensures that the haproxy process managed by the systemd-wrapper is stopped when "systemctl stop haproxy.service" is called.
2013-11-22 10:09:39 +00:00
{
int i, pid;
char **pid_strv = NULL;
int nb_pid = read_pids(&pid_strv);
for (i = 0; i < nb_pid; ++i) {
pid = atoi(pid_strv[i]);
if (pid > 0) {
BUG/MINOR: systemd: report the correct signal in debug message output Commit c54bdd2 ("MINOR: Also accept SIGHUP/SIGTERM in systemd-wrapper") added support for extra signals but did not adapt the debug message, which continues to report incorrect signal types. Let's pass the signal number to the do_restart() and do_shutdown() functions so that the output matches the signal that was received.
2016-02-27 07:18:04 +00:00
fprintf(stderr, SD_DEBUG "haproxy-systemd-wrapper: %s -> %d.\n",
sig == SIGTERM ? "SIGTERM" : "SIGINT", pid);
BUG/MINOR: systemd: propagate the correct signal to haproxy Some people report that sometimes there's a collection of old processes after a restart of the systemd wrapper. It's not surprizing when reading the code, the SIGTERM is propagated as a SIGINT which asks for a graceful stop instead. If people ask for termination, we should terminate.
2016-02-27 07:20:17 +00:00
kill(pid, sig);
MEDIUM: systemd-wrapper: Kill child processes when interrupted Send SIGINT to child processes when killed. This ensures that the haproxy process managed by the systemd-wrapper is stopped when "systemctl stop haproxy.service" is called.
2013-11-22 10:09:39 +00:00
free(pid_strv[i]);
}
}
free(pid_strv);
}
MEDIUM: add haproxy-systemd-wrapper Currently, to reload haproxy configuration, you have to use "-sf". There is a problem with this way of doing things. First of all, in the systemd world, reload commands should be "oneshot" ones, which means they should not be the new main process but rather a tool which makes a call to it and then exits. With the current approach, the reload command is the new main command and moreover, it makes the previous one exit. Systemd only tracks the main program, seeing it ending, it assumes it either finished or failed, and kills everything remaining as a grabage collector. We then end up with no haproxy running at all. This patch adds wrapper around haproxy, no changes at all have been made into it, so it's not intrusive and doesn't change anything for other hosts. What this wrapper does is basically launching haproxy as a child, listen to the SIGUSR2 (not to conflict with haproxy itself) signal, and spawing a new haproxy with "-sf" as a child to relay the first one. Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2013-02-12 09:53:53 +00:00
static void init(int argc, char **argv)
{
while (argc > 1) {
BUG/MINOR: Fix search for -p argument in systemd wrapper. Searching for the pid file in the list of arguments did not take flags without parameters into account, like e.g. -de. Because of this, the wrapper would use a different pid file than haproxy if such an argument was specified before -p. The new version can still yield a false positive for some crazy situations, like your config file name starting with "-p", but I think this is as good as it gets without using getopt or some library. Signed-off-by: Conrad Hoffmann <conrad@soundcloud.com>
2014-07-28 21:22:43 +00:00
if ((*argv)[0] == '-' && (*argv)[1] == 'p') {
pid_file = *(argv + 1);
MEDIUM: add haproxy-systemd-wrapper Currently, to reload haproxy configuration, you have to use "-sf". There is a problem with this way of doing things. First of all, in the systemd world, reload commands should be "oneshot" ones, which means they should not be the new main process but rather a tool which makes a call to it and then exits. With the current approach, the reload command is the new main command and moreover, it makes the previous one exit. Systemd only tracks the main program, seeing it ending, it assumes it either finished or failed, and kills everything remaining as a grabage collector. We then end up with no haproxy running at all. This patch adds wrapper around haproxy, no changes at all have been made into it, so it's not intrusive and doesn't change anything for other hosts. What this wrapper does is basically launching haproxy as a child, listen to the SIGUSR2 (not to conflict with haproxy itself) signal, and spawing a new haproxy with "-sf" as a child to relay the first one. Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2013-02-12 09:53:53 +00:00
}
--argc; ++argv;
}
}
int main(int argc, char **argv)
{
LOW: systemd-wrapper: Write debug information to stdout Write the command line used to call haproxy to stdout, as well as the return code returned by the haproxy process.
2013-11-22 10:11:54 +00:00
int status;
BUG/MINOR: systemd: always restore signals before execve() Since signals are inherited, we must restore them before calling execve() and intercept them again after a failed execve(). In order to cleanly deal with the SIGUSR2/SIGHUP loops where we re-exec the wrapper, we ignore these two signals during a re-exec, and restore them to defaults when spawning haproxy. This should be backported to 1.6 and 1.5.
2016-10-25 14:49:31 +00:00
setup_signal_handler();
LOW: systemd-wrapper: Write debug information to stdout Write the command line used to call haproxy to stdout, as well as the return code returned by the haproxy process.
2013-11-22 10:11:54 +00:00
MINOR: systemd wrapper: re-execute on SIGUSR2 Re-execute the systemd wrapper on SIGUSR2 and before reloading HAProxy, making it possible to load a completely new version of HAProxy (including a new version of the systemd wrapper) gracefully. Since the wrapper accepts no command-line arguments of its own, re-execution is signaled using the HAPROXY_SYSTEMD_REEXEC environment variable. This is primarily intended to help seamless upgrades of distribution packages.
2014-04-17 13:39:28 +00:00
wrapper_argc = argc;
wrapper_argv = argv;
MEDIUM: add haproxy-systemd-wrapper Currently, to reload haproxy configuration, you have to use "-sf". There is a problem with this way of doing things. First of all, in the systemd world, reload commands should be "oneshot" ones, which means they should not be the new main process but rather a tool which makes a call to it and then exits. With the current approach, the reload command is the new main command and moreover, it makes the previous one exit. Systemd only tracks the main program, seeing it ending, it assumes it either finished or failed, and kills everything remaining as a grabage collector. We then end up with no haproxy running at all. This patch adds wrapper around haproxy, no changes at all have been made into it, so it's not intrusive and doesn't change anything for other hosts. What this wrapper does is basically launching haproxy as a child, listen to the SIGUSR2 (not to conflict with haproxy itself) signal, and spawing a new haproxy with "-sf" as a child to relay the first one. Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2013-02-12 09:53:53 +00:00
MINOR: systemd wrapper: re-execute on SIGUSR2 Re-execute the systemd wrapper on SIGUSR2 and before reloading HAProxy, making it possible to load a completely new version of HAProxy (including a new version of the systemd wrapper) gracefully. Since the wrapper accepts no command-line arguments of its own, re-execution is signaled using the HAPROXY_SYSTEMD_REEXEC environment variable. This is primarily intended to help seamless upgrades of distribution packages.
2014-04-17 13:39:28 +00:00
--argc; ++argv;
MEDIUM: add haproxy-systemd-wrapper Currently, to reload haproxy configuration, you have to use "-sf". There is a problem with this way of doing things. First of all, in the systemd world, reload commands should be "oneshot" ones, which means they should not be the new main process but rather a tool which makes a call to it and then exits. With the current approach, the reload command is the new main command and moreover, it makes the previous one exit. Systemd only tracks the main program, seeing it ending, it assumes it either finished or failed, and kills everything remaining as a grabage collector. We then end up with no haproxy running at all. This patch adds wrapper around haproxy, no changes at all have been made into it, so it's not intrusive and doesn't change anything for other hosts. What this wrapper does is basically launching haproxy as a child, listen to the SIGUSR2 (not to conflict with haproxy itself) signal, and spawing a new haproxy with "-sf" as a child to relay the first one. Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2013-02-12 09:53:53 +00:00
init(argc, argv);
MINOR: systemd wrapper: re-execute on SIGUSR2 Re-execute the systemd wrapper on SIGUSR2 and before reloading HAProxy, making it possible to load a completely new version of HAProxy (including a new version of the systemd wrapper) gracefully. Since the wrapper accepts no command-line arguments of its own, re-execution is signaled using the HAPROXY_SYSTEMD_REEXEC environment variable. This is primarily intended to help seamless upgrades of distribution packages.
2014-04-17 13:39:28 +00:00
if (getenv(REEXEC_FLAG) != NULL) {
/* We are being re-executed: restart HAProxy gracefully */
int i;
char **pid_strv = NULL;
int nb_pid = read_pids(&pid_strv);
unsetenv(REEXEC_FLAG);
spawn_haproxy(pid_strv, nb_pid);
for (i = 0; i < nb_pid; ++i)
free(pid_strv[i]);
free(pid_strv);
}
else {
/* Start a fresh copy of HAProxy */
spawn_haproxy(NULL, 0);
}
LOW: systemd-wrapper: Write debug information to stdout Write the command line used to call haproxy to stdout, as well as the return code returned by the haproxy process.
2013-11-22 10:11:54 +00:00
status = -1;
BUG/MINOR: systemd: ensure we don't miss signals There's a race condition in the systemd wrapper. People who restart it too fast report old processes remaining there. Here if the signal is caught before entering the "while" loop we block indefinitely on the wait() call. Let's check the caught signal before calling wait(). It doesn't completely close the race, a window still exists between the test of the flag and the call to wait(), but it's much smaller. A safer solution could involve pselect() to wait for the signal delivery.
2016-02-27 06:58:50 +00:00
while (caught_signal || wait(&status) != -1 || errno == EINTR) {
BUG/MINOR: systemd: report the correct signal in debug message output Commit c54bdd2 ("MINOR: Also accept SIGHUP/SIGTERM in systemd-wrapper") added support for extra signals but did not adapt the debug message, which continues to report incorrect signal types. Let's pass the signal number to the do_restart() and do_shutdown() functions so that the output matches the signal that was received.
2016-02-27 07:18:04 +00:00
int sig = caught_signal;
MINOR: Also accept SIGHUP/SIGTERM in systemd-wrapper My proposal is to let haproxy-systemd-wrapper also accept normal SIGHUP/SIGTERM signals to play nicely with other process managers besides just systemd. In my use case, this will be for using with runit which has to ability to change the signal used for a "reload" or "stop" command. It also might be worth renaming this bin to just haproxy-wrapper or something of that sort to separate itself away from systemd. But that's a different discussion. :)
2014-09-11 05:19:30 +00:00
if (caught_signal == SIGUSR2 || caught_signal == SIGHUP) {
MEDIUM: Improve signal handling in systemd wrapper. Move all code out of the signal handlers, since this is potentially dangerous. To make sure the signal handlers behave as expected, use sigaction() instead of signal(). That also obsoletes messing with the signal mask after restart. Signed-off-by: Conrad Hoffmann <conrad@soundcloud.com>
2014-07-28 21:52:20 +00:00
caught_signal = 0;
BUG/MINOR: systemd: report the correct signal in debug message output Commit c54bdd2 ("MINOR: Also accept SIGHUP/SIGTERM in systemd-wrapper") added support for extra signals but did not adapt the debug message, which continues to report incorrect signal types. Let's pass the signal number to the do_restart() and do_shutdown() functions so that the output matches the signal that was received.
2016-02-27 07:18:04 +00:00
do_restart(sig);
MEDIUM: Improve signal handling in systemd wrapper. Move all code out of the signal handlers, since this is potentially dangerous. To make sure the signal handlers behave as expected, use sigaction() instead of signal(). That also obsoletes messing with the signal mask after restart. Signed-off-by: Conrad Hoffmann <conrad@soundcloud.com>
2014-07-28 21:52:20 +00:00
}
MINOR: Also accept SIGHUP/SIGTERM in systemd-wrapper My proposal is to let haproxy-systemd-wrapper also accept normal SIGHUP/SIGTERM signals to play nicely with other process managers besides just systemd. In my use case, this will be for using with runit which has to ability to change the signal used for a "reload" or "stop" command. It also might be worth renaming this bin to just haproxy-wrapper or something of that sort to separate itself away from systemd. But that's a different discussion. :)
2014-09-11 05:19:30 +00:00
else if (caught_signal == SIGINT || caught_signal == SIGTERM) {
MEDIUM: Improve signal handling in systemd wrapper. Move all code out of the signal handlers, since this is potentially dangerous. To make sure the signal handlers behave as expected, use sigaction() instead of signal(). That also obsoletes messing with the signal mask after restart. Signed-off-by: Conrad Hoffmann <conrad@soundcloud.com>
2014-07-28 21:52:20 +00:00
caught_signal = 0;
BUG/MINOR: systemd: report the correct signal in debug message output Commit c54bdd2 ("MINOR: Also accept SIGHUP/SIGTERM in systemd-wrapper") added support for extra signals but did not adapt the debug message, which continues to report incorrect signal types. Let's pass the signal number to the do_restart() and do_shutdown() functions so that the output matches the signal that was received.
2016-02-27 07:18:04 +00:00
do_shutdown(sig);
MEDIUM: Improve signal handling in systemd wrapper. Move all code out of the signal handlers, since this is potentially dangerous. To make sure the signal handlers behave as expected, use sigaction() instead of signal(). That also obsoletes messing with the signal mask after restart. Signed-off-by: Conrad Hoffmann <conrad@soundcloud.com>
2014-07-28 21:52:20 +00:00
}
}
MEDIUM: add haproxy-systemd-wrapper Currently, to reload haproxy configuration, you have to use "-sf". There is a problem with this way of doing things. First of all, in the systemd world, reload commands should be "oneshot" ones, which means they should not be the new main process but rather a tool which makes a call to it and then exits. With the current approach, the reload command is the new main command and moreover, it makes the previous one exit. Systemd only tracks the main program, seeing it ending, it assumes it either finished or failed, and kills everything remaining as a grabage collector. We then end up with no haproxy running at all. This patch adds wrapper around haproxy, no changes at all have been made into it, so it's not intrusive and doesn't change anything for other hosts. What this wrapper does is basically launching haproxy as a child, listen to the SIGUSR2 (not to conflict with haproxy itself) signal, and spawing a new haproxy with "-sf" as a child to relay the first one. Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2013-02-12 09:53:53 +00:00
BUG/MEDIUM: systemd-wrapper: return correct exit codes Gabriele Cerami reported the the exit codes of the systemd-wrapper are wrong. In short, it directly returns the output of the wait syscall's status, which is a composite value made of error code an signal numbers. In general it contains the signal number on the lower bits and the error code on the higher bits, but exit() truncates it to the lowest 8 bits, causing config validations to incorrectly report a success. Example : $ ./haproxy-systemd-wrapper -c -f /dev/null <7>haproxy-systemd-wrapper: executing /tmp/haproxy -c -f /dev/null -Ds Configuration file has no error but will not start (no listener) => exit(2). <5>haproxy-systemd-wrapper: exit, haproxy RC=512 $ echo $? 0 If the process is killed however, the signal number is directly reported in the exit code. Let's fix all this to ensure that the exit code matches what the shell does, which means that codes 0..127 are for exit codes, codes 128..254 for signals, and code 255 for unknown exit code. Now the return code is correct : $ ./haproxy-systemd-wrapper -c -f /dev/null <7>haproxy-systemd-wrapper: executing /tmp/haproxy -c -f /dev/null -Ds Configuration file has no error but will not start (no listener) => exit(2). <5>haproxy-systemd-wrapper: exit, haproxy RC=2 $ echo $? 2 $ ./haproxy-systemd-wrapper -f /tmp/cfg.conf <7>haproxy-systemd-wrapper: executing /tmp/haproxy -f /dev/null -Ds ^C <5>haproxy-systemd-wrapper: exit, haproxy RC=130 $ echo $? 130 This fix must be backported to 1.6 and 1.5.
2016-11-03 19:31:40 +00:00
/* return either exit code or signal+128 */
if (WIFEXITED(status))
status = WEXITSTATUS(status);
else if (WIFSIGNALED(status))
status = 128 + WTERMSIG(status);
else if (WIFSTOPPED(status))
status = 128 + WSTOPSIG(status);
else
status = 255;
MINOR: systemd wrapper: improve logging Use standard error for logging messages, as it seems that this gets messages to the systemd journal more reliably. Also use systemd's support for specifying log levels via stderr to apply different levels to messages.
2014-04-17 13:39:29 +00:00
fprintf(stderr, SD_NOTICE "haproxy-systemd-wrapper: exit, haproxy RC=%d\n",
status);
MINOR: systemd wrapper: propagate exit status Use HAProxy's exit status as the systemd wrapper's exit status instead of always returning EXIT_SUCCESS, permitting the use of systemd's `Restart = on-failure' logic.
2014-04-17 13:39:30 +00:00
return status;
MEDIUM: add haproxy-systemd-wrapper Currently, to reload haproxy configuration, you have to use "-sf". There is a problem with this way of doing things. First of all, in the systemd world, reload commands should be "oneshot" ones, which means they should not be the new main process but rather a tool which makes a call to it and then exits. With the current approach, the reload command is the new main command and moreover, it makes the previous one exit. Systemd only tracks the main program, seeing it ending, it assumes it either finished or failed, and kills everything remaining as a grabage collector. We then end up with no haproxy running at all. This patch adds wrapper around haproxy, no changes at all have been made into it, so it's not intrusive and doesn't change anything for other hosts. What this wrapper does is basically launching haproxy as a child, listen to the SIGUSR2 (not to conflict with haproxy itself) signal, and spawing a new haproxy with "-sf" as a child to relay the first one. Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2013-02-12 09:53:53 +00:00
}
Reference in New Issue Copy Permalink