HAProxy init script does not work correctly with nbproc configuration option
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
haproxy (Ubuntu) |
Fix Released
|
Medium
|
James Page | ||
Trusty |
Fix Released
|
Medium
|
Unassigned | ||
Vivid |
Won't Fix
|
Medium
|
Louis Bouchard | ||
Wily |
Fix Released
|
Medium
|
James Page | ||
Xenial |
Fix Released
|
Medium
|
James Page |
Bug Description
[SRU justification]
The sysVinit script does not completely stop processes when nbproc > 1
[Impact]
Stopping haproxy without this fix leaves all but one process running
[Fix]
Use temporary pidfile in a loop containing one single PID as the --pid option is not available for start-stop-daemon.
[Test Case]
Set nbproc > 4 in /etc/haproxy/
resart haproxy & verify that there is more than one haproxy process
Run :
$ ps aux | grep haproxy | grep -v grep | wc -l
4
$ service haproxy stop
$ ps aux | grep haproxy | grep -v grep | wc -l
Without the patch, the result of the last command will be 3. With the fix, it will be 0
[Regression]
The regression risk is in the use of a temporary file instead of the start-stop-daemon option.
It has been tested with TMPDIR="/tmp/My Dir" to check for spaces in directory names.
[Original description of the problem]
In case you have more than one process enabled in the haproxy config, the init script fails to stop all of those processes.
So to clarify you need to have this in your haproxy.cfg:
"""
...
global
maxconn 32000
ulimit-n 65536
user haproxy
group haproxy
nbproc 2
...
"""
the problem is more visible if you set the nbproc to higher number.
service haproxy stop --> will only stop on of the haproxy processes.
The problem is so that start-stop-daemon can't handle pid files with multiple lines. Only stopping the first one. HAProxy does write all the pids started by itself into the pid file, so the problem is not in HAProxy, but in the start-stop-daemon or more likely in the init scrip of haproxy.
One solution or workaround is to remove pidfile option of start-stop-daemon in the init script, than it wil work as killall and will stop the haproxy processes properly.
To proof you can try this sequence:
service haproxy start #if its not running
ps ax | grep haproxy | grep -v grep | wc -l #this should report 2
service haproxy restart
ps ax | grep haproxy | grep -v grep | wc -l #this will report 3
The workaround as a diff:
root@ubi1:/opt# diff /etc/init.d/haproxy /etc/init.
62c62
< --retry 5 --exec $HAPROXY || ret=$?
---
> --retry 5 --pidfile $PIDFILE --exec $HAPROXY || ret=$?
extra infos:
root@ubi1:/opt# lsb_release -rd
Description: Ubuntu 14.04.3 LTS
Release: 14.04
root@ubi1:/opt# apt-cache policy haproxy
haproxy:
Installed: 1.4.24-2ubuntu0.2
Candidate: 1.4.24-2ubuntu0.2
Version table:
1.
100 http://
*** 1.4.24-2ubuntu0.2 0
500 http://
100 /var/lib/
1.4.24-2 0
500 http://
Changed in haproxy (Ubuntu Trusty): | |
importance: | Undecided → Medium |
status: | New → In Progress |
assignee: | nobody → Louis Bouchard (louis-bouchard) |
Changed in haproxy (Ubuntu): | |
status: | Confirmed → Invalid |
description: | updated |
tags: |
added: trusty removed: haproxy |
Changed in haproxy (Ubuntu): | |
status: | Invalid → Fix Released |
importance: | Undecided → Medium |
tags: | removed: needs-upstream-report |
Changed in haproxy (Ubuntu Vivid): | |
assignee: | nobody → Louis Bouchard (louis-bouchard) |
importance: | Undecided → Medium |
status: | New → In Progress |
Changed in haproxy (Ubuntu Wily): | |
status: | New → In Progress |
Changed in haproxy (Ubuntu Xenial): | |
assignee: | nobody → James Page (james-page) |
Changed in haproxy (Ubuntu Wily): | |
assignee: | nobody → James Page (james-page) |
tags: |
added: verification-done removed: verification-needed |
tags: |
added: verification-done removed: verification-needed |
Changed in haproxy (Ubuntu Trusty): | |
assignee: | Louis Bouchard (louis-bouchard) → nobody |
Status changed to 'Confirmed' because the bug affects multiple users.