pool/haproxy
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 238588 from network:ha-clustering:Factory

Browse Source 
1

OBS-URL: https://build.opensuse.org/request/show/238588
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haproxy?expand=0&rev=6
This commit is contained in:
Stephan Kulow 2014-06-25 13:24:23 +00:00 committed by Git OBS Bridge
parent d02a0c91a8
commit 815be0e3e6
25 changed files with 345 additions and 1163 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
0001-MEDIUM-add-systemd-service.patch
View File

@ -1,56 +0,0 @@
From 88c70beb5a24cf200a32c70a8a95865c8e97efb6 Mon Sep 17 00:00:00 2001
From: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
Date: Fri, 22 Nov 2013 08:28:03 +0100
Subject: [PATCH 01/15] MEDIUM: add systemd service
---
.gitignore | 1 +
contrib/systemd/Makefile | 8 ++++++++
contrib/systemd/haproxy.service.in | 11 +++++++++++
3 files changed, 20 insertions(+)
create mode 100644 contrib/systemd/Makefile
create mode 100644 contrib/systemd/haproxy.service.in
diff --git a/.gitignore b/.gitignore
index 5d9576af102e..83d84083ca3e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -15,3 +15,4 @@ haproxy-*
make-*
dlmalloc.c
00*.patch
+*.service
diff --git a/contrib/systemd/Makefile b/contrib/systemd/Makefile
new file mode 100644
index 000000000000..e542c2387c79
--- /dev/null
+++ b/contrib/systemd/Makefile
@@ -0,0 +1,8 @@
+PREFIX = /usr/local
+SBINDIR = $(PREFIX)/sbin
+
+haproxy.service: haproxy.service.in
+ sed -e 's:@SBINDIR@:'$(strip $(SBINDIR))':' $< > $@
+
+clean:
+ rm -f haproxy.service
diff --git a/contrib/systemd/haproxy.service.in b/contrib/systemd/haproxy.service.in
new file mode 100644
index 000000000000..1a3d2c050f49
--- /dev/null
+++ b/contrib/systemd/haproxy.service.in
@@ -0,0 +1,11 @@
+[Unit]
+Description=HAProxy Load Balancer
+After=network.target
+
+[Service]
+ExecStart=@SBINDIR@/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
+ExecReload=/bin/kill -USR2 $MAINPID
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
--
1.8.4.5

227
0002-MEDIUM-add-haproxy-systemd-wrapper.patch
View File

@ -1,227 +0,0 @@
From 3fe5ee78e8ff11fc477a979df79c678720e042ea Mon Sep 17 00:00:00 2001
From: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
Date: Fri, 22 Nov 2013 08:29:29 +0100
Subject: [PATCH 02/15] MEDIUM: add haproxy-systemd-wrapper
Currently, to reload haproxy configuration, you have to use "-sf".
There is a problem with this way of doing things. First of all, in the systemd world,
reload commands should be "oneshot" ones, which means they should not be the new main
process but rather a tool which makes a call to it and then exits. With the current approach,
the reload command is the new main command and moreover, it makes the previous one exit.
Systemd only tracks the main program, seeing it ending, it assumes it either finished or failed,
and kills everything remaining as a grabage collector. We then end up with no haproxy running
at all.
This patch adds wrapper around haproxy, no changes at all have been made into it,
so it's not intrusive and doesn't change anything for other hosts. What this wrapper does
is basically launching haproxy as a child, listen to the SIGUSR2 (not to conflict with
haproxy itself) signal, and spawing a new haproxy with "-sf" as a child to relay the
first one.
Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
---
.gitignore | 1 +
Makefile | 16 +++++-
src/haproxy-systemd-wrapper.c | 114 ++++++++++++++++++++++++++++++++++++++++++
3 files changed, 129 insertions(+), 2 deletions(-)
create mode 100644 src/haproxy-systemd-wrapper.c
diff --git a/.gitignore b/.gitignore
index 83d84083ca3e..ec1545a7a3df 100644
--- a/.gitignore
+++ b/.gitignore
@@ -12,6 +12,7 @@ src/*.o
*.log*
*.trace*
haproxy-*
+!src/*.c
make-*
dlmalloc.c
00*.patch
diff --git a/Makefile b/Makefile
index 60267e2e2b1a..658716a60a80 100644
--- a/Makefile
+++ b/Makefile
@@ -519,7 +519,7 @@ all:
@echo
@exit 1
else
-all: haproxy
+all: haproxy haproxy-systemd-wrapper
endif
OBJS = src/haproxy.o src/sessionhash.o src/base64.o src/protocols.o \
@@ -537,12 +537,17 @@ EBTREE_OBJS = $(EBTREE_DIR)/ebtree.o \
$(EBTREE_DIR)/ebmbtree.o $(EBTREE_DIR)/ebsttree.o \
$(EBTREE_DIR)/ebimtree.o $(EBTREE_DIR)/ebistree.o
+WRAPPER_OBJS = src/haproxy-systemd-wrapper.o
+
# Not used right now
LIB_EBTREE = $(EBTREE_DIR)/libebtree.a
haproxy: $(OBJS) $(OPTIONS_OBJS) $(EBTREE_OBJS)
$(LD) $(LDFLAGS) -o $@ $^ $(LDOPTS)
+haproxy-systemd-wrapper: $(WRAPPER_OBJS)
+ $(LD) $(LDFLAGS) -o $@ $^ $(LDOPTS)
+
$(LIB_EBTREE): $(EBTREE_OBJS)
$(AR) rv $@ $^
@@ -562,6 +567,11 @@ src/haproxy.o: src/haproxy.c
-DBUILD_OPTIONS='"$(strip $(BUILD_OPTIONS))"' \
-c -o $@ $<
+src/haproxy-systemd-wrapper.o: src/haproxy-systemd-wrapper.c
+ $(CC) $(COPTS) \
+ -DSBINDIR='"$(strip $(SBINDIR))"' \
+ -c -o $@ $<
+
src/dlmalloc.o: $(DLMALLOC_SRC)
$(CC) $(COPTS) -DDEFAULT_MMAP_THRESHOLD=$(DLMALLOC_THRES) -c -o $@ $<
@@ -575,9 +585,10 @@ install-doc:
install -m 644 doc/$$x.txt $(DESTDIR)$(DOCDIR) ; \
done
-install-bin: haproxy
+install-bin: haproxy haproxy-systemd-wrapper
install -d $(DESTDIR)$(SBINDIR)
install haproxy $(DESTDIR)$(SBINDIR)
+ install haproxy-systemd-wrapper $(DESTDIR)$(SBINDIR)
install: install-bin install-man install-doc
@@ -586,6 +597,7 @@ clean:
for dir in . src include/* doc ebtree; do rm -f $$dir/*~ $$dir/*.rej $$dir/core; done
rm -f haproxy-$(VERSION).tar.gz haproxy-$(VERSION)$(SUBVERS).tar.gz
rm -f haproxy-$(VERSION) haproxy-$(VERSION)$(SUBVERS) nohup.out gmon.out
+ rm -f haproxy-systemd-wrapper
tags:
find src include \( -name '*.c' -o -name '*.h' \) -print0 | \
diff --git a/src/haproxy-systemd-wrapper.c b/src/haproxy-systemd-wrapper.c
new file mode 100644
index 000000000000..596801591b9e
--- /dev/null
+++ b/src/haproxy-systemd-wrapper.c
@@ -0,0 +1,114 @@
+/*
+ * Wrapper to make haproxy systemd-compliant.
+ *
+ * Copyright 2013 Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ */
+
+#include <errno.h>
+#include <signal.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/wait.h>
+
+static pid_t pid = 0;
+static char *pid_file = "/run/haproxy.pid";
+static int main_argc;
+static char **main_argv;
+
+static pid_t spawn_haproxy(char **pid_strv, int nb_pid)
+{
+ pid_t pid = fork();
+ if (!pid) {
+ /* 3 for "haproxy -Ds -sf" */
+ char **argv = calloc(4 + main_argc + nb_pid + 1, sizeof(char *));
+ int i;
+ int argno = 0;
+ argv[argno++] = SBINDIR"/haproxy";
+ for (i = 0; i < main_argc; ++i)
+ argv[argno++] = main_argv[i];
+ argv[argno++] = "-Ds";
+ if (nb_pid > 0) {
+ argv[argno++] = "-sf";
+ for (i = 0; i < nb_pid; ++i)
+ argv[argno++] = pid_strv[i];
+ }
+ argv[argno] = NULL;
+ execv(argv[0], argv);
+ exit(0);
+ }
+ return pid;
+}
+
+static int read_pids(char ***pid_strv)
+{
+ FILE *f = fopen(pid_file, "r");
+ int read = 0, allocated = 8;
+ char pid_str[10];
+
+ if (!f)
+ return 0;
+
+ *pid_strv = malloc(allocated * sizeof(char *));
+ while (1 == fscanf(f, "%s\n", pid_str)) {
+ if (read == allocated) {
+ allocated *= 2;
+ *pid_strv = realloc(*pid_strv, allocated * sizeof(char *));
+ }
+ (*pid_strv)[read++] = strdup(pid_str);
+ }
+
+ fclose(f);
+
+ return read;
+}
+
+static void signal_handler(int signum __attribute__((unused)))
+{
+ int i;
+ char **pid_strv = NULL;
+ int nb_pid = read_pids(&pid_strv);
+
+ pid = spawn_haproxy(pid_strv, nb_pid);
+
+ for (i = 0; i < nb_pid; ++i)
+ free(pid_strv[i]);
+ free(pid_strv);
+}
+
+static void init(int argc, char **argv)
+{
+ while (argc > 1) {
+ if (**argv == '-') {
+ char *flag = *argv + 1;
+ --argc; ++argv;
+ if (*flag == 'p')
+ pid_file = *argv;
+ }
+ --argc; ++argv;
+ }
+}
+
+int main(int argc, char **argv)
+{
+ --argc; ++argv;
+ main_argc = argc;
+ main_argv = argv;
+
+ init(argc, argv);
+
+ signal(SIGUSR2, &signal_handler);
+
+ pid = spawn_haproxy(NULL, 0);
+ while (-1 != waitpid(pid, NULL, 0) || errno == EINTR);
+
+ return EXIT_SUCCESS;
+}
--
1.8.4.5

157
0003-MEDIUM-New-cli-option-Ds-for-systemd-compatibility.patch
View File

@ -1,157 +0,0 @@
From 44c4c476fac6efccb07c419873bb6c8d12d565a7 Mon Sep 17 00:00:00 2001
From: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
Date: Fri, 22 Nov 2013 08:34:52 +0100
Subject: [PATCH 03/15] MEDIUM: New cli option -Ds for systemd compatibility
This patch adds a new option "-Ds" which is exactly like "-D", but instead of
forking n times to get n jobs running and then exiting, prefers to wait for all the
children it just created. With this done, haproxy becomes more systemd-compliant,
without changing anything for other systems.
Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
---
doc/haproxy.1 | 4 ++++
include/types/global.h | 1 +
src/haproxy.c | 35 +++++++++++++++++++++++------------
3 files changed, 28 insertions(+), 12 deletions(-)
diff --git a/doc/haproxy.1 b/doc/haproxy.1
index 0150aa753475..26e35a21f0e2 100644
--- a/doc/haproxy.1
+++ b/doc/haproxy.1
@@ -57,6 +57,10 @@ starting up.
Start in daemon mode.
.TP
+\fB\-Ds\fP
+Start in systemd daemon mode, keeping a process in foreground.
+
+.TP
\fB\-q\fP
Disable messages on output.
diff --git a/include/types/global.h b/include/types/global.h
index 7c5346b00b2d..d871939db21d 100644
--- a/include/types/global.h
+++ b/include/types/global.h
@@ -38,6 +38,7 @@
#define MODE_VERBOSE 0x10
#define MODE_STARTING 0x20
#define MODE_FOREGROUND 0x40
+#define MODE_SYSTEMD 0x80
/* list of last checks to perform, depending on config options */
#define LSTCHK_CAP_BIND 0x00000001 /* check that we can bind to any port */
diff --git a/src/haproxy.c b/src/haproxy.c
index 748c5535b37d..67e29b8bc8cc 100644
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -42,6 +42,7 @@
#include <signal.h>
#include <stdarg.h>
#include <sys/resource.h>
+#include <sys/wait.h>
#include <time.h>
#include <syslog.h>
#include <grp.h>
@@ -488,8 +489,11 @@ void init(int argc, char **argv)
arg_mode |= MODE_DEBUG;
else if (*flag == 'c')
arg_mode |= MODE_CHECK;
- else if (*flag == 'D')
+ else if (*flag == 'D') {
arg_mode |= MODE_DAEMON;
+ if (flag[1] == 's') /* -Ds */
+ arg_mode |= MODE_SYSTEMD;
+ }
else if (*flag == 'q')
arg_mode |= MODE_QUIET;
else if (*flag == 's' && (flag[1] == 'f' || flag[1] == 't')) {
@@ -541,7 +545,7 @@ void init(int argc, char **argv)
}
global.mode = MODE_STARTING | /* during startup, we want most of the alerts */
- (arg_mode & (MODE_DAEMON | MODE_FOREGROUND | MODE_VERBOSE
+ (arg_mode & (MODE_DAEMON | MODE_SYSTEMD | MODE_FOREGROUND | MODE_VERBOSE
| MODE_QUIET | MODE_CHECK | MODE_DEBUG));
if (LIST_ISEMPTY(&cfg_cfgfiles))
@@ -649,24 +653,24 @@ void init(int argc, char **argv)
if (arg_mode & (MODE_DEBUG | MODE_FOREGROUND)) {
/* command line debug mode inhibits configuration mode */
- global.mode &= ~(MODE_DAEMON | MODE_QUIET);
+ global.mode &= ~(MODE_DAEMON | MODE_SYSTEMD | MODE_QUIET);
global.mode |= (arg_mode & (MODE_DEBUG | MODE_FOREGROUND));
}
- if (arg_mode & MODE_DAEMON) {
+ if (arg_mode & (MODE_DAEMON | MODE_SYSTEMD)) {
/* command line daemon mode inhibits foreground and debug modes mode */
global.mode &= ~(MODE_DEBUG | MODE_FOREGROUND);
- global.mode |= (arg_mode & MODE_DAEMON);
+ global.mode |= (arg_mode & (MODE_DAEMON | MODE_SYSTEMD));
}
global.mode |= (arg_mode & (MODE_QUIET | MODE_VERBOSE));
- if ((global.mode & MODE_DEBUG) && (global.mode & (MODE_DAEMON | MODE_QUIET))) {
- Warning("<debug> mode incompatible with <quiet> and <daemon>. Keeping <debug> only.\n");
- global.mode &= ~(MODE_DAEMON | MODE_QUIET);
+ if ((global.mode & MODE_DEBUG) && (global.mode & (MODE_DAEMON | MODE_SYSTEMD | MODE_QUIET))) {
+ Warning("<debug> mode incompatible with <quiet>, <daemon> and <systemd>. Keeping <debug> only.\n");
+ global.mode &= ~(MODE_DAEMON | MODE_SYSTEMD | MODE_QUIET);
}
- if ((global.nbproc > 1) && !(global.mode & MODE_DAEMON)) {
+ if ((global.nbproc > 1) && !(global.mode & (MODE_DAEMON | MODE_SYSTEMD))) {
if (!(global.mode & (MODE_FOREGROUND | MODE_DEBUG)))
Warning("<nbproc> is only meaningful in daemon mode. Setting limit to 1 process.\n");
global.nbproc = 1;
@@ -1133,7 +1137,7 @@ int main(int argc, char **argv)
}
/* open log & pid files before the chroot */
- if (global.mode & MODE_DAEMON && global.pidfile != NULL) {
+ if (global.mode & (MODE_DAEMON | MODE_SYSTEMD) && global.pidfile != NULL) {
int pidfd;
unlink(global.pidfile);
pidfd = open(global.pidfile, O_CREAT | O_WRONLY | O_TRUNC, 0644);
@@ -1223,9 +1227,10 @@ int main(int argc, char **argv)
argv[0], (int)limit.rlim_cur, global.maxconn, global.maxsock, global.maxsock);
}
- if (global.mode & MODE_DAEMON) {
+ if (global.mode & (MODE_DAEMON | MODE_SYSTEMD)) {
struct proxy *px;
int ret = 0;
+ int *children = calloc(global.nbproc, sizeof(int));
int proc;
/* the father launches the required number of processes */
@@ -1238,6 +1243,7 @@ int main(int argc, char **argv)
}
else if (ret == 0) /* child breaks here */
break;
+ children[proc] = ret;
if (pidfile != NULL) {
fprintf(pidfile, "%d\n", ret);
fflush(pidfile);
@@ -1263,8 +1269,13 @@ int main(int argc, char **argv)
px = px->next;
}
- if (proc == global.nbproc)
+ if (proc == global.nbproc) {
+ if (global.mode & MODE_SYSTEMD) {
+ for (proc = 0; proc < global.nbproc; proc++)
+ while (waitpid(children[proc], NULL, 0) == -1 && errno == EINTR);
+ }
exit(0); /* parent must leave */
+ }
/* if we're NOT in QUIET mode, we should now close the 3 first FDs to ensure
* that we can detach from the TTY. We MUST NOT do it in other cases since
--
1.8.4.5

65
0004-BUG-MEDIUM-systemd-wrapper-don-t-leak-zombie-process.patch
View File

@ -1,65 +0,0 @@
From f0eb767ac292c24ed37e5cec2a9a86d773df75d0 Mon Sep 17 00:00:00 2001
From: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
Date: Fri, 22 Nov 2013 08:36:01 +0100
Subject: [PATCH 04/15] BUG/MEDIUM: systemd-wrapper: don't leak zombie
processes
Formerly, if A was replaced by B, and then B by C before
A finished exiting, we didn't wait for B to finish so it
ended up as a zombie process.
Fix this by waiting randomly every child we spawn.
Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
---
src/haproxy-systemd-wrapper.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/src/haproxy-systemd-wrapper.c b/src/haproxy-systemd-wrapper.c
index 596801591b9e..8499b35188c5 100644
--- a/src/haproxy-systemd-wrapper.c
+++ b/src/haproxy-systemd-wrapper.c
@@ -19,12 +19,11 @@
#include <unistd.h>
#include <sys/wait.h>
-static pid_t pid = 0;
static char *pid_file = "/run/haproxy.pid";
static int main_argc;
static char **main_argv;
-static pid_t spawn_haproxy(char **pid_strv, int nb_pid)
+static void spawn_haproxy(char **pid_strv, int nb_pid)
{
pid_t pid = fork();
if (!pid) {
@@ -45,7 +44,6 @@ static pid_t spawn_haproxy(char **pid_strv, int nb_pid)
execv(argv[0], argv);
exit(0);
}
- return pid;
}
static int read_pids(char ***pid_strv)
@@ -77,7 +75,7 @@ static void signal_handler(int signum __attribute__((unused)))
char **pid_strv = NULL;
int nb_pid = read_pids(&pid_strv);
- pid = spawn_haproxy(pid_strv, nb_pid);
+ spawn_haproxy(pid_strv, nb_pid);
for (i = 0; i < nb_pid; ++i)
free(pid_strv[i]);
@@ -107,8 +105,8 @@ int main(int argc, char **argv)
signal(SIGUSR2, &signal_handler);
- pid = spawn_haproxy(NULL, 0);
- while (-1 != waitpid(pid, NULL, 0) || errno == EINTR);
+ spawn_haproxy(NULL, 0);
+ while (-1 != wait(NULL) || errno == EINTR);
return EXIT_SUCCESS;
}
--
1.8.4.5

25
0005-BUILD-stdbool-is-not-portable-again.patch
View File

@ -1,25 +0,0 @@
From b369ce63274ae800b76d45aed2d451557ac33499 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Fri, 22 Nov 2013 08:37:33 +0100
Subject: [PATCH 05/15] BUILD: stdbool is not portable (again)
Another build issue on Solaris without c99. Please don't use stdbool.
---
src/haproxy-systemd-wrapper.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/haproxy-systemd-wrapper.c b/src/haproxy-systemd-wrapper.c
index 8499b35188c5..fb1a7fd92724 100644
--- a/src/haproxy-systemd-wrapper.c
+++ b/src/haproxy-systemd-wrapper.c
@@ -12,7 +12,6 @@
#include <errno.h>
#include <signal.h>
-#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
--
1.8.4.5

54
0006-MEDIUM-haproxy-systemd-wrapper-Use-haproxy-in-same-d.patch
View File

@ -1,54 +0,0 @@
From 1c9ed41d4cdfdb31381e89f1a8b93df01220fe07 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kristoffer=20Gr=C3=B6nlund?= <krig@koru.se>
Date: Fri, 22 Nov 2013 11:06:34 +0100
Subject: [PATCH 06/15] MEDIUM: haproxy-systemd-wrapper: Use haproxy in same
directory
Locate the wrapper and use a haproxy executable found in the
same directory.
This patch lets the wrapper work in openSUSE.
---
src/haproxy-systemd-wrapper.c | 19 +++++++++++++++++--
1 file changed, 17 insertions(+), 2 deletions(-)
diff --git a/src/haproxy-systemd-wrapper.c b/src/haproxy-systemd-wrapper.c
index fb1a7fd92724..6546616b79ee 100644
--- a/src/haproxy-systemd-wrapper.c
+++ b/src/haproxy-systemd-wrapper.c
@@ -22,15 +22,30 @@ static char *pid_file = "/run/haproxy.pid";
static int main_argc;
static char **main_argv;
+static void locate_haproxy(char *buffer, size_t buffer_size)
+{
+ char* end;
+ readlink("/proc/self/exe", buffer, buffer_size);
+ end = strrchr(buffer, '/');
+ if (end == NULL)
+ strncpy(buffer, "/usr/sbin/haproxy", buffer_size);
+ end[1] = '\0';
+ strncat(buffer, "haproxy", buffer_size);
+}
+
static void spawn_haproxy(char **pid_strv, int nb_pid)
{
- pid_t pid = fork();
+ char haproxy_bin[512];
+ pid_t pid;
+
+ pid = fork();
if (!pid) {
/* 3 for "haproxy -Ds -sf" */
char **argv = calloc(4 + main_argc + nb_pid + 1, sizeof(char *));
int i;
int argno = 0;
- argv[argno++] = SBINDIR"/haproxy";
+ locate_haproxy(haproxy_bin, 512);
+ argv[argno++] = haproxy_bin;
for (i = 0; i < main_argc; ++i)
argv[argno++] = main_argv[i];
argv[argno++] = "-Ds";
--
1.8.4.5

61
0007-MEDIUM-systemd-wrapper-Kill-child-processes-when-int.patch
View File

@ -1,61 +0,0 @@
From e2f3c212072dcf1e9b809fc2cb774946eaba665f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kristoffer=20Gr=C3=B6nlund?= <krig@koru.se>
Date: Fri, 22 Nov 2013 11:09:39 +0100
Subject: [PATCH 07/15] MEDIUM: systemd-wrapper: Kill child processes when
interrupted
Send SIGINT to child processes when killed. This ensures that
the haproxy process managed by the systemd-wrapper is stopped
when "systemctl stop haproxy.service" is called.
---
src/haproxy-systemd-wrapper.c | 20 ++++++++++++++++++--
1 file changed, 18 insertions(+), 2 deletions(-)
diff --git a/src/haproxy-systemd-wrapper.c b/src/haproxy-systemd-wrapper.c
index 6546616b79ee..d337f4c0d44e 100644
--- a/src/haproxy-systemd-wrapper.c
+++ b/src/haproxy-systemd-wrapper.c
@@ -83,7 +83,7 @@ static int read_pids(char ***pid_strv)
return read;
}
-static void signal_handler(int signum __attribute__((unused)))
+static void sigusr2_handler(int signum __attribute__((unused)))
{
int i;
char **pid_strv = NULL;
@@ -96,6 +96,21 @@ static void signal_handler(int signum __attribute__((unused)))
free(pid_strv);
}
+static void sigint_handler(int signum __attribute__((unused)))
+{
+ int i, pid;
+ char **pid_strv = NULL;
+ int nb_pid = read_pids(&pid_strv);
+ for (i = 0; i < nb_pid; ++i) {
+ pid = atoi(pid_strv[i]);
+ if (pid > 0) {
+ kill(pid, SIGINT);
+ free(pid_strv[i]);
+ }
+ }
+ free(pid_strv);
+}
+
static void init(int argc, char **argv)
{
while (argc > 1) {
@@ -117,7 +132,8 @@ int main(int argc, char **argv)
init(argc, argv);
- signal(SIGUSR2, &signal_handler);
+ signal(SIGINT, &sigint_handler);
+ signal(SIGUSR2, &sigusr2_handler);
spawn_haproxy(NULL, 0);
while (-1 != wait(NULL) || errno == EINTR);
--
1.8.4.5

65
0008-LOW-systemd-wrapper-Write-debug-information-to-stdou.patch
View File

@ -1,65 +0,0 @@
From d581d9a037bfffe7900a1e5a1ec740e67002f974 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kristoffer=20Gr=C3=B6nlund?= <krig@koru.se>
Date: Fri, 22 Nov 2013 11:11:54 +0100
Subject: [PATCH 08/15] LOW: systemd-wrapper: Write debug information to stdout
Write the command line used to call haproxy to stdout, as
well as the return code returned by the haproxy process.
---
src/haproxy-systemd-wrapper.c | 18 +++++++++++++++---
1 file changed, 15 insertions(+), 3 deletions(-)
diff --git a/src/haproxy-systemd-wrapper.c b/src/haproxy-systemd-wrapper.c
index d337f4c0d44e..4ca86dd3b8c0 100644
--- a/src/haproxy-systemd-wrapper.c
+++ b/src/haproxy-systemd-wrapper.c
@@ -55,6 +55,12 @@ static void spawn_haproxy(char **pid_strv, int nb_pid)
argv[argno++] = pid_strv[i];
}
argv[argno] = NULL;
+
+ printf("%s", "haproxy-systemd-wrapper: executing ");
+ for (i = 0; argv[i]; ++i)
+ printf("%s ", argv[i]);
+ puts("");
+
execv(argv[0], argv);
exit(0);
}
@@ -104,6 +110,7 @@ static void sigint_handler(int signum __attribute__((unused)))
for (i = 0; i < nb_pid; ++i) {
pid = atoi(pid_strv[i]);
if (pid > 0) {
+ printf("haproxy-systemd-wrapper: SIGINT -> %d\n", pid);
kill(pid, SIGINT);
free(pid_strv[i]);
}
@@ -126,9 +133,11 @@ static void init(int argc, char **argv)
int main(int argc, char **argv)
{
+ int status;
+
--argc; ++argv;
- main_argc = argc;
- main_argv = argv;
+ main_argc = argc;
+ main_argv = argv;
init(argc, argv);
@@ -136,7 +145,10 @@ int main(int argc, char **argv)
signal(SIGUSR2, &sigusr2_handler);
spawn_haproxy(NULL, 0);
- while (-1 != wait(NULL) || errno == EINTR);
+ status = -1;
+ while (-1 != wait(&status) || errno == EINTR)
+ ;
+ printf("haproxy-systemd-wrapper: exit, haproxy RC=%d\n", status);
return EXIT_SUCCESS;
}
--
1.8.4.5

45
0009-openSUSE-Configure-haproxy-user.patch
View File

@ -1,45 +0,0 @@
From cb214d574a4d0474427fca9c05ac1a72d075c45e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kristoffer=20Gr=C3=B6nlund?= <krig@koru.se>
Date: Tue, 6 May 2014 08:43:11 +0200
Subject: [PATCH 09/15] openSUSE: Configure haproxy user
---
examples/examples.cfg | 4 ++--
examples/haproxy.cfg | 6 +++---
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/examples/examples.cfg b/examples/examples.cfg
index 3499e7bd76b0..ed75c758952f 100644
--- a/examples/examples.cfg
+++ b/examples/examples.cfg
@@ -3,8 +3,8 @@ global
# log 127.0.0.1 local1
maxconn 4000
ulimit-n 8000
- uid 0
- gid 0
+ user haproxy
+ group haproxy
# chroot /tmp
# nbproc 2
# daemon
diff --git a/examples/haproxy.cfg b/examples/haproxy.cfg
index 1c71d617716e..6f8a4ac51d0b 100644
--- a/examples/haproxy.cfg
+++ b/examples/haproxy.cfg
@@ -5,9 +5,9 @@ global
log 127.0.0.1 local1 notice
#log loghost local0 info
maxconn 4096
- chroot /usr/share/haproxy
- uid 99
- gid 99
+ chroot /var/lib/haproxy
+ user haproxy
+ group haproxy
daemon
#debug
#quiet
--
1.8.4.5

25
0010-openSUSE-Fix-path-to-PCRE-library.patch
View File

@ -1,25 +0,0 @@
From 9f7b45fa88460a20da5d6c907694f2d07eb1a90c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kristoffer=20Gr=C3=B6nlund?= <krig@koru.se>
Date: Tue, 6 May 2014 08:44:24 +0200
Subject: [PATCH 10/15] openSUSE: Fix path to PCRE library
---
Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
index 658716a60a80..99516a819e28 100644
--- a/Makefile
+++ b/Makefile
@@ -460,7 +460,7 @@ ifneq ($(USE_PCRE)$(USE_STATIC_PCRE),)
PCREDIR := $(shell pcre-config --prefix 2>/dev/null || echo /usr/local)
ifneq ($(PCREDIR),)
PCRE_INC := $(PCREDIR)/include
-PCRE_LIB := $(PCREDIR)/lib
+PCRE_LIB := $(PCREDIR)/$(LIB)
endif
ifeq ($(USE_STATIC_PCRE),)
--
1.8.4.5

42
0011-BUILD-MINOR-systemd-fix-compiler-warning-about-unuse.patch
View File

@ -1,42 +0,0 @@
From 6bc058f3417b98d3c4c8766d50db4dc22a23e550 Mon Sep 17 00:00:00 2001
From: Lukas Tribus <luky-37@hotmail.com>
Date: Tue, 10 Dec 2013 07:32:56 +0100
Subject: [PATCH 11/15] BUILD/MINOR: systemd: fix compiler warning about unused
result
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
BUILD/MINOR: systemd: fix compiler warning about unused result
There is a compiler warning after commit 1b6e75fa84 ("MEDIUM: haproxy-
systemd-wrapper: Use haproxy in same directory"):
src/haproxy-systemd-wrapper.c: In function ‘locate_haproxy’:
src/haproxy-systemd-wrapper.c:28:10: warning: ignoring return value of ‘readlink’, declared with attribute warn_unused_result [-Wunused-result]
Fix the compiler warning by checking the return value of readlink().
---
src/haproxy-systemd-wrapper.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/haproxy-systemd-wrapper.c b/src/haproxy-systemd-wrapper.c
index 4ca86dd3b8c0..c63f41ff7df6 100644
--- a/src/haproxy-systemd-wrapper.c
+++ b/src/haproxy-systemd-wrapper.c
@@ -24,9 +24,9 @@ static char **main_argv;
static void locate_haproxy(char *buffer, size_t buffer_size)
{
- char* end;
- readlink("/proc/self/exe", buffer, buffer_size);
- end = strrchr(buffer, '/');
+ char* end = NULL;
+ if (readlink("/proc/self/exe", buffer, buffer_size) > 0)
+ end = strrchr(buffer, '/');
if (end == NULL)
strncpy(buffer, "/usr/sbin/haproxy", buffer_size);
end[1] = '\0';
--
1.8.4.5

51
0012-BUG-MEDIUM-systemd-wrapper-fix-locating-of-haproxy-b.patch
View File

@ -1,51 +0,0 @@
From e8dcf678f2b3fafd18c09eb957e4d4a83e792d54 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Mon, 14 Apr 2014 13:34:34 +0200
Subject: [PATCH 12/15] BUG/MEDIUM: systemd-wrapper: fix locating of haproxy
binary
BUG/MEDIUM: systemd-wrapper: fix locating of haproxy binary
OpenBSD complains this way due to strncat() :
src/haproxy-systemd-wrapper.o(.text+0xd5): In function `spawn_haproxy':
src/haproxy-systemd-wrapper.c:33: warning: strcat() is almost always misused, please use strlcat()
In fact, the code before strncat() here is wrong, because it may
dereference a NULL if /proc/self/exe is not readable. So fix it
and get rid of strncat() at the same time.
No backport is needed.
---
src/haproxy-systemd-wrapper.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/src/haproxy-systemd-wrapper.c b/src/haproxy-systemd-wrapper.c
index c63f41ff7df6..8485dcd11da8 100644
--- a/src/haproxy-systemd-wrapper.c
+++ b/src/haproxy-systemd-wrapper.c
@@ -24,13 +24,18 @@ static char **main_argv;
static void locate_haproxy(char *buffer, size_t buffer_size)
{
- char* end = NULL;
+ char *end = NULL;
+
if (readlink("/proc/self/exe", buffer, buffer_size) > 0)
end = strrchr(buffer, '/');
- if (end == NULL)
+
+ if (end == NULL) {
strncpy(buffer, "/usr/sbin/haproxy", buffer_size);
+ return;
+ }
end[1] = '\0';
- strncat(buffer, "haproxy", buffer_size);
+ strncpy(end + 1, "haproxy", buffer + buffer_size - (end + 1));
+ buffer[buffer_size - 1] = '\0';
}
static void spawn_haproxy(char **pid_strv, int nb_pid)
--
1.8.4.5

117
0013-MINOR-systemd-wrapper-re-execute-on-SIGUSR2.patch
View File

@ -1,117 +0,0 @@
From 07d130730feffcf64ab0709273f09c5374588b85 Mon Sep 17 00:00:00 2001
From: Apollon Oikonomopoulos <apoikos@debian.org>
Date: Thu, 17 Apr 2014 13:39:28 +0300
Subject: [PATCH 13/15] MINOR: systemd wrapper: re-execute on SIGUSR2
MINOR: systemd wrapper: re-execute on SIGUSR2
Re-execute the systemd wrapper on SIGUSR2 and before reloading HAProxy,
making it possible to load a completely new version of HAProxy
(including a new version of the systemd wrapper) gracefully.
Since the wrapper accepts no command-line arguments of its own,
re-execution is signaled using the HAPROXY_SYSTEMD_REEXEC environment
variable.
This is primarily intended to help seamless upgrades of distribution
packages.
---
src/haproxy-systemd-wrapper.c | 54 ++++++++++++++++++++++++++++++++-----------
1 file changed, 40 insertions(+), 14 deletions(-)
diff --git a/src/haproxy-systemd-wrapper.c b/src/haproxy-systemd-wrapper.c
index 8485dcd11da8..e373483d5085 100644
--- a/src/haproxy-systemd-wrapper.c
+++ b/src/haproxy-systemd-wrapper.c
@@ -18,9 +18,11 @@
#include <unistd.h>
#include <sys/wait.h>
+#define REEXEC_FLAG "HAPROXY_SYSTEMD_REEXEC"
+
static char *pid_file = "/run/haproxy.pid";
-static int main_argc;
-static char **main_argv;
+static int wrapper_argc;
+static char **wrapper_argv;
static void locate_haproxy(char *buffer, size_t buffer_size)
{
@@ -42,6 +44,11 @@ static void spawn_haproxy(char **pid_strv, int nb_pid)
{
char haproxy_bin[512];
pid_t pid;
+ int main_argc;
+ char **main_argv;
+
+ main_argc = wrapper_argc - 1;
+ main_argv = wrapper_argv + 1;
pid = fork();
if (!pid) {
@@ -96,15 +103,10 @@ static int read_pids(char ***pid_strv)
static void sigusr2_handler(int signum __attribute__((unused)))
{
- int i;
- char **pid_strv = NULL;
- int nb_pid = read_pids(&pid_strv);
+ setenv(REEXEC_FLAG, "1", 1);
+ printf("haproxy-systemd-wrapper: re-executing\n");
- spawn_haproxy(pid_strv, nb_pid);
-
- for (i = 0; i < nb_pid; ++i)
- free(pid_strv[i]);
- free(pid_strv);
+ execv(wrapper_argv[0], wrapper_argv);
}
static void sigint_handler(int signum __attribute__((unused)))
@@ -140,16 +142,40 @@ int main(int argc, char **argv)
{
int status;
+ wrapper_argc = argc;
+ wrapper_argv = argv;
+
--argc; ++argv;
- main_argc = argc;
- main_argv = argv;
-
init(argc, argv);
signal(SIGINT, &sigint_handler);
signal(SIGUSR2, &sigusr2_handler);
- spawn_haproxy(NULL, 0);
+ if (getenv(REEXEC_FLAG) != NULL) {
+ /* We are being re-executed: restart HAProxy gracefully */
+ int i;
+ char **pid_strv = NULL;
+ int nb_pid = read_pids(&pid_strv);
+ sigset_t sigs;
+
+ unsetenv(REEXEC_FLAG);
+ spawn_haproxy(pid_strv, nb_pid);
+
+ /* Unblock SIGUSR2 which was blocked by the signal handler
+ * before re-exec */
+ sigprocmask(SIG_BLOCK, NULL, &sigs);
+ sigdelset(&sigs, SIGUSR2);
+ sigprocmask(SIG_SETMASK, &sigs, NULL);
+
+ for (i = 0; i < nb_pid; ++i)
+ free(pid_strv[i]);
+ free(pid_strv);
+ }
+ else {
+ /* Start a fresh copy of HAProxy */
+ spawn_haproxy(NULL, 0);
+ }
+
status = -1;
while (-1 != wait(&status) || errno == EINTR)
;
--
1.8.4.5

72
0014-MINOR-systemd-wrapper-improve-logging.patch
View File

@ -1,72 +0,0 @@
From 21fef94beeba672fff22406d863a5423a27bed23 Mon Sep 17 00:00:00 2001
From: Apollon Oikonomopoulos <apoikos@debian.org>
Date: Thu, 17 Apr 2014 13:39:29 +0300
Subject: [PATCH 14/15] MINOR: systemd wrapper: improve logging
MINOR: systemd wrapper: improve logging
Use standard error for logging messages, as it seems that this gets
messages to the systemd journal more reliably. Also use systemd's
support for specifying log levels via stderr to apply different levels
to messages.
---
src/haproxy-systemd-wrapper.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/src/haproxy-systemd-wrapper.c b/src/haproxy-systemd-wrapper.c
index e373483d5085..d4baa90c266e 100644
--- a/src/haproxy-systemd-wrapper.c
+++ b/src/haproxy-systemd-wrapper.c
@@ -19,6 +19,8 @@
#include <sys/wait.h>
#define REEXEC_FLAG "HAPROXY_SYSTEMD_REEXEC"
+#define SD_DEBUG "<7>"
+#define SD_NOTICE "<5>"
static char *pid_file = "/run/haproxy.pid";
static int wrapper_argc;
@@ -68,10 +70,10 @@ static void spawn_haproxy(char **pid_strv, int nb_pid)
}
argv[argno] = NULL;
- printf("%s", "haproxy-systemd-wrapper: executing ");
+ fprintf(stderr, SD_DEBUG "haproxy-systemd-wrapper: executing ");
for (i = 0; argv[i]; ++i)
- printf("%s ", argv[i]);
- puts("");
+ fprintf(stderr, "%s ", argv[i]);
+ fprintf(stderr, "\n");
execv(argv[0], argv);
exit(0);
@@ -104,7 +106,7 @@ static int read_pids(char ***pid_strv)
static void sigusr2_handler(int signum __attribute__((unused)))
{
setenv(REEXEC_FLAG, "1", 1);
- printf("haproxy-systemd-wrapper: re-executing\n");
+ fprintf(stderr, SD_NOTICE "haproxy-systemd-wrapper: re-executing\n");
execv(wrapper_argv[0], wrapper_argv);
}
@@ -117,7 +119,7 @@ static void sigint_handler(int signum __attribute__((unused)))
for (i = 0; i < nb_pid; ++i) {
pid = atoi(pid_strv[i]);
if (pid > 0) {
- printf("haproxy-systemd-wrapper: SIGINT -> %d\n", pid);
+ fprintf(stderr, SD_DEBUG "haproxy-systemd-wrapper: SIGINT -> %d\n", pid);
kill(pid, SIGINT);
free(pid_strv[i]);
}
@@ -180,6 +182,7 @@ int main(int argc, char **argv)
while (-1 != wait(&status) || errno == EINTR)
;
- printf("haproxy-systemd-wrapper: exit, haproxy RC=%d\n", status);
+ fprintf(stderr, SD_NOTICE "haproxy-systemd-wrapper: exit, haproxy RC=%d\n",
+ status);
return EXIT_SUCCESS;
}
--
1.8.4.5

28
0015-MINOR-systemd-wrapper-propagate-exit-status.patch
View File

@ -1,28 +0,0 @@
From 27b806b87289b403728d373020c4aeb5f79eb4bc Mon Sep 17 00:00:00 2001
From: Apollon Oikonomopoulos <apoikos@debian.org>
Date: Thu, 17 Apr 2014 13:39:30 +0300
Subject: [PATCH 15/15] MINOR: systemd wrapper: propagate exit status
MINOR: systemd wrapper: propagate exit status
Use HAProxy's exit status as the systemd wrapper's exit status instead
of always returning EXIT_SUCCESS, permitting the use of systemd's
`Restart = on-failure' logic.
---
src/haproxy-systemd-wrapper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/haproxy-systemd-wrapper.c b/src/haproxy-systemd-wrapper.c
index d4baa90c266e..ba07ebe01ccc 100644
--- a/src/haproxy-systemd-wrapper.c
+++ b/src/haproxy-systemd-wrapper.c
@@ -184,5 +184,5 @@ int main(int argc, char **argv)
fprintf(stderr, SD_NOTICE "haproxy-systemd-wrapper: exit, haproxy RC=%d\n",
status);
- return EXIT_SUCCESS;
+ return status;
}
--
1.8.4.5

32
haproxy-1.2.16_config_haproxy_user.patch Normal file
View File

@ -0,0 +1,32 @@
Index: examples/examples.cfg
===================================================================
--- examples/examples.cfg.orig
+++ examples/examples.cfg
@@ -3,8 +3,8 @@
# log 127.0.0.1 local1
maxconn 4000
ulimit-n 8000
- uid 0
- gid 0
+ user haproxy
+ group haproxy
# chroot /tmp
# nbproc 2
# daemon
Index: examples/haproxy.cfg
===================================================================
--- examples/haproxy.cfg.orig
+++ examples/haproxy.cfg
@@ -5,9 +5,9 @@
log 127.0.0.1 local1 notice
#log loghost local0 info
maxconn 4096
- chroot /usr/share/haproxy
- uid 99
- gid 99
+ chroot /var/lib/haproxy
+ user haproxy
+ group haproxy
daemon
#debug
#quiet

3
haproxy-1.4.25.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:84408ec1e37bf308c6b45ae3c7e66f2a9d2f762cb689ab6d322c67bba691db62
size 838775

3
haproxy-1.5.1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:69b54be39247b4a7556b4a7d3bd90ffd4acf35799ffa7125bbadebab8e5df5b4
size 1329710

12
haproxy-1.5_check_config_before_start.patch Normal file
View File

@ -0,0 +1,12 @@
diff --git a/contrib/systemd/haproxy.service.in b/contrib/systemd/haproxy.service.in
index 1a3d2c0..9b3b72a 100644
--- a/contrib/systemd/haproxy.service.in
+++ b/contrib/systemd/haproxy.service.in
@@ -3,6 +3,7 @@ Description=HAProxy Load Balancer
After=network.target
[Service]
+ExecStartPre=@SBINDIR@/haproxy -f /etc/haproxy/haproxy.cfg -c -q
ExecStart=@SBINDIR@/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID
Restart=always

13
haproxy-makefile_lib.patch Normal file
View File

@ -0,0 +1,13 @@
Index: Makefile
===================================================================
--- Makefile.orig
+++ Makefile
@@ -567,7 +567,7 @@ ifneq ($(USE_PCRE)$(USE_STATIC_PCRE)$(US
PCREDIR := $(shell pcre-config --prefix 2>/dev/null || echo /usr/local)
ifneq ($(PCREDIR),)
PCRE_INC := $(PCREDIR)/include
-PCRE_LIB := $(PCREDIR)/lib
+PCRE_LIB := $(PCREDIR)/$(LIB)
endif
ifeq ($(USE_STATIC_PCRE),)

123
haproxy.changes
View File

@ -1,3 +1,126 @@
-------------------------------------------------------------------
Tue Jun 24 15:55:48 UTC 2014 - mrueckert@suse.de
- install the vim file into the versioned directory and dont cover
the current symlink with a directory
-------------------------------------------------------------------
Tue Jun 24 13:00:39 UTC 2014 - mrueckert@suse.de
- add Requires to vim to make the ownership of the vim directory
clear and not break any symlink handling the vim package might
use.
-------------------------------------------------------------------
Tue Jun 24 12:23:55 UTC 2014 - mrueckert@suse.de
- update to 1.5.1
- BUG/MINOR: config: http-request replace-header arg typo
- BUG/MINOR: ssl: rejects OCSP response without nextupdate.
- BUG/MEDIUM: ssl: Fix to not serve expired OCSP responses.
- BUG/MINOR: ssl: Fix OCSP resp update fails with the same
certificate configured twice. (cherry picked from commit
1d3865b096b43b9a6d6a564ffb424ffa6f1ef79f)
- BUG/MEDIUM: Consistently use 'check' in process_chk
- BUG/MAJOR: session: revert all the crappy client-side timeout
changes
- BUG/MINOR: logs: properly initialize and count log sockets
- drop haproxy-1.5.0_consistently_use_check.patch:
included upstream
-------------------------------------------------------------------
Tue Jun 24 09:51:25 UTC 2014 - kgronlund@suse.com
- Install vim file to a more appropriate location
-------------------------------------------------------------------
Mon Jun 23 09:19:04 UTC 2014 - kgronlund@suse.com
- added pre macro for systemd service file
-------------------------------------------------------------------
Mon Jun 23 08:28:06 UTC 2014 - kgronlund@suse.com
- Use better systemd detection consistently
-------------------------------------------------------------------
Sun Jun 22 19:48:11 UTC 2014 - mrueckert@suse.de
- pull commit 9ac7cabaf9945fb92c96cb92f5ea85235f54f7d6:
Consistently use 'check' in process_chk
I am not entirely sure that this is a bug, but it seems
to me that it may cause a problem if there agent-check is
configured and there is some kind of error making a connection
for it.
adds patch haproxy-1.5.0_consistently_use_check.patch
-------------------------------------------------------------------
Fri Jun 20 14:37:21 UTC 2014 - mrueckert@suse.de
- update to 1.5.0
For people who don't follow the development versions, 1.5 expands
1.4 with many new features and performance improvements,
including native SSL support on both sides with SNI/NPN/ALPN and
OCSP stapling, IPv6 and UNIX sockets are supported everywhere,
full HTTP keep-alive for better support of NTLM and improved
efficiency in static farms, HTTP/1.1 compression (deflate, gzip)
to save bandwidth, PROXY protocol versions 1 and 2 on both sides,
data sampling on everything in request or response, including
payload, ACLs can use any matching method with any input sample
maps and dynamic ACLs updatable from the CLI stick-tables support
counters to track activity on any input sample custom format for
logs, unique-id, header rewriting, and redirects, improved health
checks (SSL, scripted TCP, check agent, ...), much more scalable
configuration supports hundreds of thousands of backends and
certificates without sweating.
For all the details see /usr/share/doc/packages/haproxy/CHANGELOG
- enable tcp fast open if the kernel is recent enough
- enable PCRE JIT if PCRE is recent enough
- enable openssl support!
- haproxy can finally terminate ssl itself and also talk SSL to
the backend servers.
- including SNI/NPN/ALPN support.
new buildrequires openssl and pkgconfig
- enable deflate support
new buildrequires zlib-devel
- enable transparent proxy support
- enable usage of accept4. reduces the syscall amount.
- enable building and installing of halog
- install vim file into the correct place
- dropped patches:
0001-MEDIUM-add-systemd-service.patch
0002-MEDIUM-add-haproxy-systemd-wrapper.patch
0003-MEDIUM-New-cli-option-Ds-for-systemd-compatibility.patch
0004-BUG-MEDIUM-systemd-wrapper-don-t-leak-zombie-process.patch
0005-BUILD-stdbool-is-not-portable-again.patch
0006-MEDIUM-haproxy-systemd-wrapper-Use-haproxy-in-same-d.patch
0007-MEDIUM-systemd-wrapper-Kill-child-processes-when-int.patch
0008-LOW-systemd-wrapper-Write-debug-information-to-stdou.patch
0009-openSUSE-Configure-haproxy-user.patch
0010-openSUSE-Fix-path-to-PCRE-library.patch
0011-BUILD-MINOR-systemd-fix-compiler-warning-about-unuse.patch
0012-BUG-MEDIUM-systemd-wrapper-fix-locating-of-haproxy-b.patch
0013-MINOR-systemd-wrapper-re-execute-on-SIGUSR2.patch
0014-MINOR-systemd-wrapper-improve-logging.patch
0015-MINOR-systemd-wrapper-propagate-exit-status.patch
- added haproxy-1.2.16_config_haproxy_user.patch:
(replaces 0009-openSUSE-Configure-haproxy-user.patch)
- added haproxy-1.5_check_config_before_start.patch:
systemd allows us to run other things before we start the final
daemon. use this to check the configuration before launching.
- added haproxy-makefile_lib.patch
(replaces 0010-openSUSE-Fix-path-to-PCRE-library.patch)
- added sec-options.patch:
allow it more easily to build haproxy with PIE, stackprotector
and relro. all those options are enabled on our build.
- added apparmor profile
usr.sbin.haproxy.apparmor
local.usr.sbin.haproxy.apparmor
- change the conditionals for systemd to use bcond_with to make it
more obvious what we are guarding.
-------------------------------------------------------------------
Wed May 21 10:50:21 UTC 2014 - jsegitz@novell.com

162
haproxy.spec
View File

@ -13,59 +13,54 @@
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
%if 0%{?suse_version} >= 1230
%bcond_without tcp_fast_open
%else
%bcond_with tcp_fast_open
%endif
%if 0%{?suse_version} >= 1310
%bcond_without systemd
%else
%bcond_with systemd
%endif
%if 0%{?suse_version} > 1140
%bcond_without pcre_jit
%else
%bcond_with pcre_jit
%endif
%bcond_without apparmor
Name: haproxy
Version: 1.4.25
Version: 1.5.1
Release: 0
#
#
%if 0%{?suse_version} >= 1230
BuildRequires: pkgconfig(systemd)
%endif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: libgcrypt-devel
BuildRequires: pcre-devel
BuildRequires: zlib-devel
BuildRequires: openssl-devel
BuildRequires: pkg-config
BuildRequires: udev
%if %{with systemd}
BuildRequires: pkgconfig(systemd)
%endif
BuildRequires: vim
%define pkg_name haproxy
%define pkg_home /var/lib/%{pkg_name}
#
Url: http://haproxy.1wt.eu/
Source: http://haproxy.1wt.eu/download/1.4/src/haproxy-%{version}.tar.gz
Source: http://haproxy.1wt.eu/download/1.5/src/haproxy-%{version}.tar.gz
Source1: %{pkg_name}.init
Source2: http://haproxy.1wt.eu/download/contrib/haproxy.vim
# PATCH-FEATURE-UPSTREAM
Patch1: 0001-MEDIUM-add-systemd-service.patch
# PATCH-FEATURE-UPSTREAM
Patch2: 0002-MEDIUM-add-haproxy-systemd-wrapper.patch
# PATCH-FIX-UPSTREAM
Patch3: 0003-MEDIUM-New-cli-option-Ds-for-systemd-compatibility.patch
# PATCH-FIX-UPSTREAM
Patch4: 0004-BUG-MEDIUM-systemd-wrapper-don-t-leak-zombie-process.patch
# PATCH-FIX-UPSTREAM
Patch5: 0005-BUILD-stdbool-is-not-portable-again.patch
# PATCH-FIX-UPSTREAM
Patch6: 0006-MEDIUM-haproxy-systemd-wrapper-Use-haproxy-in-same-d.patch
# PATCH-FIX-UPSTREAM
Patch7: 0007-MEDIUM-systemd-wrapper-Kill-child-processes-when-int.patch
# PATCH-FIX-UPSTREAM
Patch8: 0008-LOW-systemd-wrapper-Write-debug-information-to-stdou.patch
# PATCH-FIX-OPENSUSE
Patch9: 0009-openSUSE-Configure-haproxy-user.patch
# PATCH-FIX-OPENSUSE
Patch10: 0010-openSUSE-Fix-path-to-PCRE-library.patch
# PATCH-FIX-UPSTREAM
Patch11: 0011-BUILD-MINOR-systemd-fix-compiler-warning-about-unuse.patch
# PATCH-FIX-UPSTREAM
Patch12: 0012-BUG-MEDIUM-systemd-wrapper-fix-locating-of-haproxy-b.patch
# PATCH-FIX-UPSTREAM
Patch13: 0013-MINOR-systemd-wrapper-re-execute-on-SIGUSR2.patch
# PATCH-FIX-UPSTREAM
Patch14: 0014-MINOR-systemd-wrapper-improve-logging.patch
# PATCH-FIX-UPSTREAM
Patch15: 0015-MINOR-systemd-wrapper-propagate-exit-status.patch
Source3: usr.sbin.haproxy.apparmor
Source4: local.usr.sbin.haproxy.apparmor
Patch1: haproxy-1.2.16_config_haproxy_user.patch
Patch2: haproxy-makefile_lib.patch
Patch3: sec-options.patch
Patch4: haproxy-1.5_check_config_before_start.patch
Source99: haproxy-rpmlintrc
#
Summary: The Reliable, High Performance TCP/HTTP Load Balancer
@ -73,10 +68,14 @@ License: GPL-2.0+ and LGPL-2.1+
Group: Productivity/Networking/Web/Proxy
Provides: %{name}-doc = %{version}
Obsoletes: %{name}-doc < %{version}
%if 0%{?suse_version} >= 1230
Provides: haproxy-1.5 = %{version}
Obsoletes: haproxy-1.5 < %{version}
# this requires is not strictly needed. we only need it for the ownership of the vim data dir
Requires: vim
%if %{with systemd}
%{?systemd_requires}
%endif
%{!?vim_data_dir:%global vim_data_dir /usr/share/vim/%(readlink /usr/share/vim/current)}
%description
HAProxy implements an event-driven, mono-process model which enables support
@ -91,40 +90,54 @@ the most work done from every CPU cycle.
%prep
%setup -q
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch1
%patch2
%patch3
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%build
%{__make} \
TARGET=linux26 \
CPU="%{_target_cpu}" \
USE_PCRE=1 \
%if %{with pcre_jit}
USE_PCRE_JIT=1 \
%endif
USE_LIBCRYPT=1 \
USE_OPENSSL=1 \
USE_ZLIB=1 \
USE_NETFILTER=1 \
%ifarch %ix86
USE_REGPARM=1 \
%endif
USE_TPROXY=1 \
USE_LINUX_TPROXY=1 \
USE_LINUX_SPLICE=1 \
USE_ACCEPT4=1 \
USE_CPU_AFFINITY=1 \
USE_GETADDRINFO=1 \
USE_GETSOCKNAME=1 \
USE_PIE=1 \
USE_STACKPROTECTOR=1 \
USE_RELRO_NOW=1 \
%if %{with tcp_fast_open}
USE_TFO=1 \
%endif
LIB="%{_lib}" \
DEBUG="%{optflags} -fno-strict-aliasing"
%{__make} PREFIX="%{_prefix}" -C contrib/systemd
PREFIX="%{_prefix}" \
DEBUG_CFLAGS="%{optflags}"
make -C contrib/systemd PREFIX="%{_prefix}"
make -C contrib/halog PREFIX="%{_prefix}" \
DEFINE="%{optflags} -pie -fpie -fstack-protector -Wl,-z,relro,-z,now"
%install
%{__install} -D -m 0755 %{pkg_name} %{buildroot}%{_sbindir}/%{pkg_name}
%{__install} -D -m 0644 examples/%{pkg_name}.cfg %{buildroot}%{_sysconfdir}/%{pkg_name}/%{pkg_name}.cfg
%if 0%{?suse_version} >= 1230
%{__install} -D -m 0755 contrib/halog/halog %{buildroot}%{_sbindir}/haproxy-halog
%if %{with systemd}
%{__install} -D -m 0755 haproxy-systemd-wrapper %{buildroot}%{_sbindir}/haproxy-systemd-wrapper
%{__install} -D -m 0755 contrib/systemd/%{pkg_name}.service %{buildroot}%{_unitdir}/%{pkg_name}.service
%{__install} -D -m 0644 contrib/systemd/%{pkg_name}.service %{buildroot}%{_unitdir}/%{pkg_name}.service
ln -sf /sbin/service %{buildroot}%{_sbindir}/rc%{pkg_name}
%else
%{__install} -D -m 0755 %{S:1} %{buildroot}%{_sysconfdir}/init.d/%{pkg_name}
@ -132,9 +145,14 @@ ln -sf /sbin/service %{buildroot}%{_sbindir}/rc%{pkg_name}
%endif
%{__install} -d -m 0755 %{buildroot}%{pkg_home}
%{__install} -D -m 0644 %{S:2} %{buildroot}%{_datadir}/%{pkg_name}/%{pkg_name}.vim
%{__install} -D -m 0644 %{S:2} %{buildroot}%{vim_data_dir}/syntax/%{pkg_name}.vim
%{__install} -D -m 0644 doc/%{pkg_name}.1 %{buildroot}%{_mandir}/man1/%{pkg_name}.1
gzip %{buildroot}%{_mandir}/man1/%{pkg_name}.1
%if %{with apparmor}
%{__install} -D -m 0644 %{S:3} %{buildroot}/etc/apparmor.d/usr.sbin.haproxy
%{__install} -D -m 0644 %{S:4} %{buildroot}/etc/apparmor.d/local/usr.sbin.haproxy
%endif
%{__rm} examples/haproxy.spec
%if 0%{?suse_version} < 1230
%clean
@ -144,11 +162,9 @@ gzip %{buildroot}%{_mandir}/man1/%{pkg_name}.1
%pre
/usr/sbin/groupadd -r %{pkg_name} &>/dev/null ||:
/usr/sbin/useradd -g %{pkg_name} -s /bin/false -r -c "user for %{pkg_name}" -d %{pkg_home} %{pkg_name} &>/dev/null ||:
%if 0%{?suse_version} >= 1230
%service_add_pre %{pkg_name}.service
%endif
%if 0%{?suse_version} >= 1230
%if %{with systemd}
%service_add_pre %{pkg_name}.service
%post
%service_add_post %{pkg_name}.service
@ -176,12 +192,11 @@ gzip %{buildroot}%{_mandir}/man1/%{pkg_name}.1
%files
%defattr(-,root,root,-)
%doc CHANGELOG README LICENSE
%doc ROADMAP TODO doc/* examples
%doc ROADMAP doc/* examples/
%doc contrib/netsnmp-perl/ contrib/selinux/
%dir %{_sysconfdir}/%{pkg_name}
%config(noreplace) %{_sysconfdir}/%{pkg_name}/%{pkg_name}.cfg
%if 0%{?suse_version} >= 1230
%if %{with systemd}
%{_unitdir}/%{pkg_name}.service
%{_sbindir}/haproxy-systemd-wrapper
@ -192,9 +207,16 @@ gzip %{buildroot}%{_mandir}/man1/%{pkg_name}.1
%endif
%{_sbindir}/haproxy
%{_sbindir}/haproxy-halog
%{_sbindir}/rchaproxy
%{pkg_home}
%doc %{_mandir}/man1/%{pkg_name}.1.gz
%{_datadir}/%{pkg_name}
%{_mandir}/man1/%{pkg_name}.1.gz
%{vim_data_dir}/syntax/%{pkg_name}.vim
%if %{with apparmor}
%dir /etc/apparmor.d/
%dir /etc/apparmor.d/local/
%config(noreplace) /etc/apparmor.d/usr.sbin.haproxy
%config(noreplace) /etc/apparmor.d/local/usr.sbin.haproxy
%endif
%changelog

1
local.usr.sbin.haproxy.apparmor Normal file
View File

@ -0,0 +1 @@
# Site-specific additions and overrides for usr.sbin.haproxy.apparmor

40
sec-options.patch Normal file
View File

@ -0,0 +1,40 @@
Index: Makefile
===================================================================
--- Makefile.orig 2014-06-05 19:23:53.559663353 +0200
+++ Makefile 2014-06-05 19:29:01.679662808 +0200
@@ -594,6 +594,35 @@ OPTIONS_CFLAGS += -DUSE_TFO
BUILD_OPTIONS += $(call ignore_implicit,USE_TFO)
endif
+# PIE
+ifneq ($(USE_PIE),)
+OPTIONS_CFLAGS += -DUSE_PIE
+BUILD_OPTIONS += $(call ignore_implicit,USE_PIE)
+OPTIONS_LDFLAGS += -pie
+# still need to figure out how to express this conditional in the makefile
+# %ifarch s390 s390x %sparc
+# PIEFLAGS="-fPIE"
+# %else
+# PIEFLAGS="-fpie"
+# %endif
+# PIE_FLAGS.s390 = -fPIE
+# PIE_FLAGS.i386 = -fpie
+# SEC_FLAGS += $(PIE_FLAGS.$(ARCH))
+OPTIONS_CFLAGS += -fpie
+endif
+
+ifneq ($(USE_STACKPROTECTOR),)
+OPTIONS_CFLAGS += -DUSE_STACKPROTECTOR
+BUILD_OPTIONS += $(call ignore_implicit,USE_STACKPROTECTOR)
+OPTIONS_CFLAGS += -fstack-protector
+endif
+
+ifneq ($(USE_RELRO_NOW),)
+OPTIONS_CFLAGS += -DUSE_RELRO_NOW
+BUILD_OPTIONS += $(call ignore_implicit,USE_RELRO_NOW)
+OPTIONS_LDFLAGS += -Wl,-z,relro,-z,now
+endif
+
# This one can be changed to look for ebtree files in an external directory
EBTREE_DIR := ebtree

29
usr.sbin.haproxy.apparmor Normal file
View File

@ -0,0 +1,29 @@
#include <tunables/global>
/usr/sbin/haproxy {
#include <abstractions/base>
#include <abstractions/nameservice>
capability net_bind_service,
capability setgid,
capability setuid,
capability kill,
capability sys_resource,
capability sys_chroot,
# those are needed for the stats socket creation
capability chown,
capability fowner,
capability fsetid,
network tcp,
/etc/haproxy/* r,
/var/lib/haproxy/stats rwl,
/var/lib/haproxy/stats.*.bak rwl,
/var/lib/haproxy/stats.*.tmp rwl,
/{,var/}run/haproxy.pid rw,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.sbin.haproxy>
}