Hi, On Thu, Oct 12, 2017 at 01:19:58PM +0300, Apollon Oikonomopoulos wrote: > The biggest issue here is that we are using a signal to trigger the > reload (which is a complex, non-atomic operation) and let things settle > on their own. Systemd assumes that as soon as the signal is delivered > (i.e. the ExecReload command is done), the reload is finished, while in > our case the reload is finished when the old haproxy process is really > dead. Using a signal to trigger the reload is handy, so we could keep > that, but the wrapper would need some changes to make reloads more > robust: > > 1. It should use sd_notify(3) to communicate the start/stop/reload > status to systemd (that would also mean converting the actual > service to Type=notify). This way no other operation will be > performed on the unit until the reload is finished and the process > group is in a known-good state. > > 2. It should handle the old process better: apart from relying on the > new haproxy process for killing the old one, it should explicitly > SIGKILL it after a given timeout if it's not dead yet and make sure > reloads are timeboxed. > > IIUC, in 1.8 the wrapper has been replaced by the master process which > seems to do point 2 above, but point 1 is something that should still be > handled IMHO.
One helpful feature I read in the documentation is the usage of the sd_notify(.. "READY=1"). It can be useful for configuration files that takes time to process, for example those with a lot of ssl frontends. This signal could be send once the children has been forked. It's difficult to know when a reload is completely finished (old processes killed) in case of long TCP sessions. So, if we use this system there is a risk to trigger a timeout in systemd on the reload isn't it? If we want to use this feature for the reload, it should be done after the fork of the new processes, not after the leaving of the old processes, because the processes are ready to receive traffic at this stage. However I'm not sure it's that useful, you can know when a process is ready using the logs, and it will add specific code for systemd and a dependency. Are there really advantages to letting know systemd when a reload is finished or when a process is ready? Cheers, -- William Lallemand
