LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6506 Commits
1 Branch
46 MiB
Tree: 13f9c9d648
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '13f9c9d648'
${ noResults }
openwrt-packages-dist/net/haproxy/patches/0016-BUG-MEDIUM-systemd-let...

144 lines
5.0 KiB
Raw Normal View History

haproxy: bump to version 1.6.9 mainline and pending patches Signed-off-by: heil <heil@terminal-consulting.de>
8 years ago
 
  1. From ff81ac47267c4e0227d1e3fbc5b1dedfd81a2a2f Mon Sep 17 00:00:00 2001
  2. From: Willy Tarreau <w@1wt.eu>
  3. Date: Tue, 25 Oct 2016 17:20:24 +0200
  4. Subject: [PATCH 16/26] BUG/MEDIUM: systemd: let the wrapper know that haproxy
  5.  has completed or failed
  6. 

  7. Pierre Cheynier found that there's a persistent issue with the systemd
  8. wrapper. Too fast reloads can lead to certain old processes not being
  9. signaled at all and continuing to run. The problem was tracked down as
  10. a race between the startup and the signal processing : nothing prevents
  11. the wrapper from starting new processes while others are still starting,
  12. and the resulting pid file will only contain the latest pids in this
  13. case. This can happen with large configs and/or when a lot of SSL
  14. certificates are involved.
  15. 

  16. In order to solve this we want the wrapper to wait for the new processes
  17. to complete their startup. But we also want to ensure it doesn't wait for
  18. nothing in case of error.
  19. 

  20. The solution found here is to create a pipe between the wrapper and the
  21. sub-processes. The wrapper waits on the pipe and the sub-processes are
  22. expected to close this pipe once they completed their startup. That way
  23. we don't queue up new processes until the previous ones have registered
  24. their pids to the pid file. And if anything goes wrong, the wrapper is
  25. immediately released. The only thing is that we need the sub-processes
  26. to know the pipe's file descriptor. We pass it in an environment variable
  27. called HAPROXY_WRAPPER_FD.
  28. 

  29. It was confirmed both by Pierre and myself that this completely solves
  30. the "zombie" process issue so that only the new processes continue to
  31. listen on the sockets.
  32. 

  33. It seems that in the future this stuff could be moved to the haproxy
  34. master process, also getting rid of an environment variable.
  35. 

  36. This fix needs to be backported to 1.6 and 1.5.
  37. (cherry picked from commit b957109727f7fed556c049d40bacf45f0df211db)
  38. ---

  39.  src/haproxy-systemd-wrapper.c | 36 ++++++++++++++++++++++++++++++++++++
  40.  src/haproxy.c                 | 10 ++++++++++
  41.  2 files changed, 46 insertions(+)
  42. 

  43. diff --git a/src/haproxy-systemd-wrapper.c b/src/haproxy-systemd-wrapper.c

  44. index f4fcab1..b426f96 100644

  45. --- a/src/haproxy-systemd-wrapper.c

  46. +++ b/src/haproxy-systemd-wrapper.c

  47. @@ -65,16 +65,30 @@ static void locate_haproxy(char *buffer, size_t buffer_size)

  48.  	return;
  49.  }
  50.  
  51. +/* Note: this function must not exit in case of error (except in the child), as

  52. + * it is only dedicated the starting a new haproxy process. By keeping the

  53. + * process alive it will ensure that future signal delivery may get rid of

  54. + * the issue. If the first startup fails, the wrapper will notice it and

  55. + * return an error thanks to wait() returning ECHILD.

  56. + */

  57.  static void spawn_haproxy(char **pid_strv, int nb_pid)
  58.  {
  59.  	char haproxy_bin[512];
  60.  	pid_t pid;
  61.  	int main_argc;
  62.  	char **main_argv;
  63. +	int pipefd[2];

  64. +	char fdstr[20];

  65. +	int ret;

  66.  
  67.  	main_argc = wrapper_argc - 1;
  68.  	main_argv = wrapper_argv + 1;
  69.  
  70. +	if (pipe(pipefd) != 0) {

  71. +		fprintf(stderr, SD_NOTICE "haproxy-systemd-wrapper: failed to create a pipe, please try again later.\n");

  72. +		return;

  73. +	}

  74. +

  75.  	pid = fork();
  76.  	if (!pid) {
  77.  		char **argv;
  78. @@ -89,6 +103,15 @@ static void spawn_haproxy(char **pid_strv, int nb_pid)

  79.  		}
  80.  
  81.  		reset_signal_handler();
  82. +

  83. +		close(pipefd[0]); /* close the read side */

  84. +

  85. +		snprintf(fdstr, sizeof(fdstr), "%d", pipefd[1]);

  86. +		if (setenv("HAPROXY_WRAPPER_FD", fdstr, 1) != 0) {

  87. +			fprintf(stderr, SD_NOTICE "haproxy-systemd-wrapper: failed to setenv(), please try again later.\n");

  88. +			exit(1);

  89. +		}

  90. +

  91.  		locate_haproxy(haproxy_bin, 512);
  92.  		argv[argno++] = haproxy_bin;
  93.  		for (i = 0; i < main_argc; ++i)
  94. @@ -113,6 +136,19 @@ static void spawn_haproxy(char **pid_strv, int nb_pid)

  95.  	else if (pid == -1) {
  96.  		fprintf(stderr, SD_NOTICE "haproxy-systemd-wrapper: failed to fork(), please try again later.\n");
  97.  	}
  98. +

  99. +	/* The parent closes the write side and waits for the child to close it

  100. +	 * as well. Also deal the case where the fd would unexpectedly be 1 or 2

  101. +	 * by silently draining all data.

  102. +	 */

  103. +	close(pipefd[1]);

  104. +

  105. +	do {

  106. +		char c;

  107. +		ret = read(pipefd[0], &c, sizeof(c));

  108. +	} while ((ret > 0) || (ret == -1 && errno == EINTR));

  109. +	/* the child has finished starting up */

  110. +	close(pipefd[0]);

  111.  }
  112.  
  113.  static int read_pids(char ***pid_strv)
  114. diff --git a/src/haproxy.c b/src/haproxy.c

  115. index a657dc4..2d476f2 100644

  116. --- a/src/haproxy.c

  117. +++ b/src/haproxy.c

  118. @@ -1843,6 +1843,7 @@ int main(int argc, char **argv)

  119.  		int ret = 0;
  120.  		int *children = calloc(global.nbproc, sizeof(int));
  121.  		int proc;
  122. +		char *wrapper_fd;

  123.  
  124.  		/* the father launches the required number of processes */
  125.  		for (proc = 0; proc < global.nbproc; proc++) {
  126. @@ -1879,6 +1880,15 @@ int main(int argc, char **argv)

  127.  			close(pidfd);
  128.  		}
  129.  
  130. +		/* each child must notify the wrapper that it's ready by closing the requested fd */

  131. +		wrapper_fd = getenv("HAPROXY_WRAPPER_FD");

  132. +		if (wrapper_fd) {

  133. +			int pipe_fd = atoi(wrapper_fd);

  134. +

  135. +			if (pipe_fd >= 0)

  136. +				close(pipe_fd);

  137. +		}

  138. +

  139.  		/* We won't ever use this anymore */
  140.  		free(oldpids);        oldpids = NULL;
  141.  		free(global.chroot);  global.chroot = NULL;
  142. -- 

  143. 2.7.3
  144.