haproxy/admin/systemd/haproxy.service.in
William Lallemand 9def1425ce BUG/MINOR: systemd: must check the configuration using -Ws
When doing a reload with a configuration which requires the
master-worker mode, the configuration check will fail because the check
is not done with -W/-Ws.

Example:
	wla@kikyo:~/haproxy$ ./haproxy -Ws -c -f haproxy.cfg
	Configuration file is valid
	wla@kikyo:~/haproxy$ ./haproxy -c -f haproxy.cfg
	[NOTICE]   (13153) : haproxy version is 2.5-dev2-4567b3-16
	[NOTICE]   (13153) : path to executable is ./haproxy
	[ALERT]    (13153) : config : Can't use a 'program' section without master worker mode.
	[ALERT]    (13153) : config : Fatal errors found in configuration.

This patch fixes the issue by adding -Ws on the check command line.

Must be backported in all stable branches. (The file was previously in
contrib/systemd/haproxy.service.in).
2021-07-26 11:03:54 +02:00

39 lines
1.4 KiB
SYSTEMD

[Unit]
Description=HAProxy Load Balancer
After=network-online.target
Wants=network-online.target
[Service]
EnvironmentFile=-/etc/default/haproxy
EnvironmentFile=-/etc/sysconfig/haproxy
Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy.pid" "EXTRAOPTS=-S /run/haproxy-master.sock"
ExecStartPre=@SBINDIR@/haproxy -f $CONFIG -c -q $EXTRAOPTS
ExecStart=@SBINDIR@/haproxy -Ws -f $CONFIG -p $PIDFILE $EXTRAOPTS
ExecReload=@SBINDIR@/haproxy -Ws -f $CONFIG -c -q $EXTRAOPTS
ExecReload=/bin/kill -USR2 $MAINPID
KillMode=mixed
Restart=always
SuccessExitStatus=143
Type=notify
# The following lines leverage SystemD's sandboxing options to provide
# defense in depth protection at the expense of restricting some flexibility
# in your setup (e.g. placement of your configuration files) or possibly
# reduced performance. See systemd.service(5) and systemd.exec(5) for further
# information.
# NoNewPrivileges=true
# ProtectHome=true
# If you want to use 'ProtectSystem=strict' you should whitelist the PIDFILE,
# any state files and any other files written using 'ReadWritePaths' or
# 'RuntimeDirectory'.
# ProtectSystem=true
# ProtectKernelTunables=true
# ProtectKernelModules=true
# ProtectControlGroups=true
# If your SystemD version supports them, you can add: @reboot, @swap, @sync
# SystemCallFilter=~@cpu-emulation @keyring @module @obsolete @raw-io
[Install]
WantedBy=multi-user.target