SHA256
1
0
forked from pool/haproxy

Accepting request 1144067 from home:crameleon:branches:server:http

- Set /run/haproxy as the default PID file and socket location
  (more canonical location for transient files)
- Allow custom stats socket names
  (allows users to define multiple sockets with different access levels as /run/haproxy/stats-*.sock)

OBS-URL: https://build.opensuse.org/request/show/1144067
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=299
This commit is contained in:
Peter Varkoly 2024-02-16 09:26:49 +00:00 committed by Git OBS Bridge
parent b4a7079e8d
commit deb5095fcd
6 changed files with 43 additions and 5 deletions

11
haproxy-service.patch Normal file
View File

@ -0,0 +1,11 @@
--- a/admin/systemd/haproxy.service.in 2024-01-18 15:32:19.000000000 +0100
+++ b/admin/systemd/haproxy.service.in 2024-02-04 23:58:30.873980359 +0100
@@ -6,7 +6,7 @@
[Service]
EnvironmentFile=-/etc/default/haproxy
EnvironmentFile=-/etc/sysconfig/haproxy
-Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy.pid" "EXTRAOPTS=-S /run/haproxy-master.sock"
+Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy/pid" "EXTRAOPTS=-S /run/haproxy/master.sock"
ExecStart=@SBINDIR@/haproxy -Ws -f $CONFIG -p $PIDFILE $EXTRAOPTS
ExecReload=@SBINDIR@/haproxy -Ws -f $CONFIG -c $EXTRAOPTS
ExecReload=/bin/kill -USR2 $MAINPID

1
haproxy-tmpfiles.conf Normal file
View File

@ -0,0 +1 @@
D /run/haproxy 0750 root haproxy

View File

@ -5,7 +5,7 @@ global
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats user haproxy group haproxy mode 0640 level operator
stats socket /run/haproxy/stats.sock user haproxy group haproxy mode 0640 level operator
tune.bufsize 32768
tune.ssl.default-dh-param 2048
ssl-default-bind-ciphers ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH

View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Sun Feb 4 22:52:43 UTC 2024 - Georg Pfuetzenreuter <georg.pfuetzenreuter@suse.com>
- Set /run/haproxy as the default PID file and socket location
- Allow custom stats socket names
-------------------------------------------------------------------
Wed Jan 24 13:40:54 UTC 2024 - varkoly@suse.com

View File

@ -1,7 +1,7 @@
#
# spec file for package haproxy
#
# Copyright (c) 2019 SUSE LINUX Products GmbH, Nuernberg, Germany.
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
# Please submit bugfixes or comments via https://bugs.opensuse.org/
%bcond_with quic
%if 0%{?suse_version} >= 1230
@ -46,8 +46,10 @@
%if 0%{?suse_version} >= 1500
%bcond_without sysusers
%bcond_without tmpfiles
%else
%bcond_with sysusers
%bcond_with tmpfiles
%endif
Name: haproxy
@ -96,9 +98,11 @@ Source2: usr.sbin.haproxy.apparmor
Source3: local.usr.sbin.haproxy.apparmor
Source4: haproxy.cfg
Source5: haproxy-user.conf
Source6: haproxy-tmpfiles.conf
Patch1: haproxy-1.6.0_config_haproxy_user.patch
Patch2: haproxy-1.6.0-makefile_lib.patch
Patch3: haproxy-1.6.0-sec-options.patch
Patch4: haproxy-service.patch
#
Source98: series
Source99: haproxy-rpmlintrc
@ -195,6 +199,9 @@ ln -sf /sbin/service %{buildroot}%{_sbindir}/rc%{pkg_name}
%if %{with sysusers}
install -D -m 644 %{SOURCE5} %{buildroot}%{_sysusersdir}/haproxy-user.conf
%endif
%if %{with tmpfiles}
install -D -m 644 %{SOURCE6} %{buildroot}%{_tmpfilesdir}/%{name}.conf
%endif
%else
install -D -m 0755 %{S:1} %{buildroot}%{_sysconfdir}/init.d/%{pkg_name}
ln -fs %{_sysconfdir}/init.d/%{pkg_name} %{buildroot}%{_sbindir}/rc%{pkg_name}
@ -224,6 +231,11 @@ rm examples/*init*
%if %{with apparmor} && %{with apparmor_reload}
%apparmor_reload /etc/apparmor.d/usr.sbin.haproxy
%endif
%if %{with systemd}
%if %{with tmpfiles}
%tmpfiles_create %{_tmpfilesdir}/%{name}.conf
%endif
%endif
%service_add_post %{pkg_name}.service
%preun
@ -268,6 +280,10 @@ getent passwd %{pkg_name} >/dev/null || \
%if %{with sysusers}
%{_sysusersdir}/haproxy-user.conf
%endif
%if %{with tmpfiles}
%{_tmpfilesdir}/%{name}.conf
%dir %ghost %{_rundir}/%{name}
%endif
%else
%config(noreplace) %{_sysconfdir}/init.d/%{pkg_name}
%endif

View File

@ -28,11 +28,15 @@ profile haproxy /usr/sbin/haproxy {
/dev/shm/haproxy_startup_logs_* rwlk,
# old stats socket location, for compatibility
/var/lib/haproxy/stats rwl,
/var/lib/haproxy/stats.*.bak rwl,
/var/lib/haproxy/stats.*.tmp rwl,
/{,var/}run/haproxy.pid rw,
/{,var/}run/haproxy-master.sock* rwlk,
# new stats socket location
/run/haproxy/stats*.sock{,*.{bak,tmp}} rwl,
/{,var/}run/haproxy/pid rw,
/{,var/}run/haproxy/master.sock* rwlk,
/sys/devices/system/node/ r,