upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-02-20 00:10:41 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 14
haproxy/src/haproxy.c

3815 lines
110 KiB
C
Raw Normal View History

[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
MINOR: version: report "HAProxy" not "HA-Proxy" in the version output When running "haproxy -v", we still get "HA-Proxy" which is the last place where this confusing oddity happens. Being so used to it I didn't even notice it until it was reported to me just after 2.2 but it never got fixed, despite the PRODUCT_NAME macro that is used to report the name in the stats page and in "show info" being already set to "HAProxy" 15 years ago in 1.2.14 with commit e03312613. It's about time to uniformize everything.
2021-05-09 00:14:25 -04:00
* HAProxy : High Availability-enabled HTTP/TCP proxy
[RELEASE] Released version 3.0-dev1 Released version 3.0-dev1 with the following main changes : - MINOR: channel: Use dedicated functions to deal with STREAMER flags - MEDIUM: applet: Handle channel's STREAMER flags on applets size - MINOR: applets: Use channel's field to compute amount of data received - MEDIUM: cache: Save body size of cached objects and track it on delivery - MEDIUM: cache: Add support for endp-to-endp fast-forwarding - MINOR: cache: Add global option to enable/disable zero-copy forwarding - MINOR: pattern: Use reference name as filename to read patterns from a file - MEDIUM: pattern: Add support for virtual and optional files for patterns - DOC: config: Add section about name format for maps and ACLs - DOC: management/lua: Update commands about map and acl - MINOR: promex: Add support for specialized front/back/li/srv metric names - MINOR: promex: Export active/backup metrics per-server - BUG/MINOR: ssl: Double free of OCSP Certificate ID - MINOR: ssl/cli: Add ha_(warning|alert) msgs to CLI ckch callback - BUG/MINOR: ssl: Wrong OCSP CID after modifying an SSL certficate - BUG/MINOR: lua: Wrong OCSP CID after modifying an SSL certficate (LUA) - DOC: configuration: typo req.ssl_hello_type - MINOR: hq-interop: add fastfwd support - CLEANUP: mux_quic: rename ffwd function with prefix qmux_strm_ - MINOR: mux-quic: add traces for 0-copy/fast-forward - BUG/MINOR: mworker/cli: fix set severity-output support - CLEANUP: mworker/cli: add comments about pcli_find_and_exec_kw() - BUG/MEDIUM: quic: Possible buffer overflow when building TLS records - BUILD: ssl: update types in wolfssl cert selection callback - MINOR: ssl: activate the certificate selection callback for WolfSSL - CI: github: switch to wolfssl git-c4b77ad for new PR - BUG/MEDIUM: map/acl: pat_ref_{set,delete}_by_id regressions - BUG/MINOR: ext-check: cannot use without preserve-env - CLEANUP: mux-quic: remove unused prototype - MINOR: mux-quic: clean up qcs Rx buffer allocation API - MINOR: mux-quic: clean up qcs Tx buffer allocation API - CLEANUP: mux-quic: clean up app ops callback definitions - MINOR: mux-quic: factorize QC_SF_UNKNOWN_PL_LENGTH set - MINOR: h3: complete traces for sending - MINOR: h3: adjust zero-copy sending related code - MINOR: hq-interop: use zero-copy to transfer single HTX data block - BUG/MEDIUM: quic: QUIC CID removed from tree without locking - BUG/MEDIUM: stconn: Block zero-copy forwarding if EOS/ERROR on consumer side - BUG/MEDIUM: mux-h1: Cound data from input buf during zero-copy forwarding - BUG/MEDIUM: mux-h1: Explicitly skip request's C-L header if not set originally - CLEANUP: mux-h1: Fix a trace message about C-L header addition - BUG/MEDIUM: mux-h2: Report too large HEADERS frame only when rxbuf is empty - BUG/MEDIUM: mux-quic: report early error on stream - DOC: config: add arguments to sample fetch methods in the table - DOC: config: also add arguments to the converters in the table - BUG/MINOR: resolvers: default resolvers fails when network not configured - SCRIPTS: mk-patch-list: produce a list of patches - DEV: patchbot: add the AI-based bot to pre-select candidate patches to backport - BUG/MEDIUM: mux-h2: Switch pending error to error if demux buffer is empty - BUG/MEDIUM: mux-h2: Only Report H2C error on read error if demux buffer is empty - BUG/MEDIUM: mux-h2: Don't report error on SE if error is only pending on H2C - BUG/MEDIUM: mux-h2: Don't report error on SE for closed H2 streams - DOC: config: Update documentation about local haproxy response - DEV: patchbot: use checked buttons as reference instead of internal table - DEV: patchbot: allow to show/hide backported patches - MINOR: h3: remove quic_conn only reference - BUG/MINOR: server: Use the configured address family for the initial resolution - MINOR: mux-quic: remove qcc_shutdown() from qcc_release() - MINOR: mux-quic: use qcc_release in case of init failure - MINOR: mux-quic: adjust error code in init failure - MINOR: h3: add traces for connection init stage - BUG/MINOR: h3: properly handle alloc failure on finalize - MINOR: h3: use INTERNAL_ERROR code for init failure - BUG/MAJOR: stconn: Disable zero-copy forwarding if consumer is shut or in error - MINOR: stats: store the parent proxy in stats ctx (http) - BUG/MEDIUM: stats: unhandled switching rules with TCP frontend - MEDIUM: proxy: set PR_O_HTTP_UPG on implicit upgrades - MINOR: proxy: monitor-uri works with tcp->http upgrades - OPTIM: server: eb lookup for server_find_by_name() - OPTIM: server: ebtree lookups for findserver_unique_* functions - MINOR: server/event_hdl: add server_inetaddr struct to facilitate event data usage - MINOR: server/event_hdl: update _srv_event_hdl_prepare_inetaddr prototype - BUG/MINOR: server/event_hdl: propagate map port info through inetaddr event - MINOR: server: ensure connection cleanup on server addr changes - CLEANUP: server/event_hdl: remove purge_conn hint in INETADDR event - MEDIUM: server: merge srv_update_addr() and srv_update_addr_port() logic - CLEANUP: server: remove unused server_parse_addr_change_request() function - CLEANUP: resolvers: remove duplicate func prototype - MINOR: resolvers: add unique numeric id to nameservers - MEDIUM: server: make server_set_inetaddr() updater serializable - MINOR: server/event_hdl: expose updater info through INETADDR event - MINOR: server: add dns hint in server_inetaddr_updater struct - MEDIUM: server/dns: clear RMAINT when addr resolves again - BUG/MINOR: server/dns: use server_set_inetaddr() to unset srv addr from DNS - BUG/MEDIUM: server/dns: perform svc_port updates atomically from SRV records - MEDIUM: peers: use server as stream target - CLEANUP: peers: remove unused sock_init_arg struct member - CLEANUP: peers: remove unused "proto" and "xprt" struct members - MINOR: peers: rely on srv->addr and remove peer->addr - DOC: config: add context hint for server keywords - MINOR: stktable: add table_process_entry helper function - MINOR: stktable: use {show,set,clear} table with ptr - MINOR: map: add map_*_key converters to provide the matching key - DOC: fix typo for fastfwd QUIC option - BUG/MINOR: mux-quic: always report error to SC on RESET_STREAM emission - MEDIUM: mux-quic: add BUG_ON if sending on locally closed QCS - BUG/MINOR: mux-quic: disable fast-fwd if connection on error - BUG/MINOR: quic: Wrong keylog callback setting. - BUG/MINOR: quic: Missing call to TLS message callbacks - MINOR: h3: check connection error during sending - BUG/MINOR: h3: close connection on header list too big - BUG/MINOR: h3: close connection on sending alloc errors - BUG/MINOR: h3: disable fast-forward on buffer alloc failure - Revert "MINOR: mux-quic: Disable zero-copy forwarding for send by default" - MINOR: stktable: stktable_data_ptr() cannot fail in table_process_entry() - CLEANUP: assorted typo fixes in the code and comments - CI: use semantic version compare for determing "latest" OpenSSL - CLEANUP: server: remove ambiguous check in srv_update_addr_port() - CLEANUP: resolvers: remove unused RSLV_UPD_OBSOLETE_IP flag - CLEANUP: resolvers: remove some more unused RSLV_UDP flags - MEDIUM: server: simplify snr_set_srv_down() to prevent confusions - MINOR: backend: export get_server_*() functions - MINOR: tcpcheck: export proxy_parse_tcpcheck() - MEDIUM: udp: allow to retrieve the frontend destination address - MINOR: global: export a way to list build options - MINOR: debug: add features and build options to "show dev" - BUG/MINOR: server: fix server_find_by_name() usage during parsing - REGTESTS: check attach-srv out of order declaration - CLEANUP: quic: Remaining useless code into server part - BUILD: quic: Missing quic_ssl.h header protection - BUG/MEDIUM: h3: fix incorrect snd_buf return value - MINOR: h3: do not consider missing buf room as error on trailers - BUG/MEDIUM: stconn: Forward shutdown on write timeout only if it is forwardable - BUG/MEDIUM: stconn: Set fsb date if zero-copy forwarding is blocked during nego - BUG/MEDIUM: spoe: Never create new spoe applet if there is no server up - MINOR: mux-h2: support limiting the total number of H2 streams per connection - CLEANUP: mux-h2: remove the printfs from previous commit on h2 streams limit. - DEV: h2: add the ability to emit literals in mkhdr - DEV: h2: add the preface as well in supported output types - DEV: h2: support passing raw data for a frame - IMPORT: ebtree: implement and use flsnz_long() to count bits - IMPORT: ebtree: switch the sizes and offsets to size_t and ssize_t - IMPORT: ebtree: rework the fls macros to better deal with arch-specific ones - IMPORT: ebtree: make string_equal_bits turn back to unsigned char - IMPORT: ebtree: use unsigned ints for flznz() - IMPORT: ebtree: make string_equal_bits() return an unsigned
2024-01-06 08:09:35 -05:00
* Copyright 2000-2024 Willy Tarreau <willy@haproxy.org>.
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*/
CLEANUP: haproxy: using _GNU_SOURCE instead of __USE_GNU macro. In order to properly enable sched_setaffinity, in some versions of Linux, it is rather _GNU_SOURCE than __USE_GNU (spotted on Alpine Linux for instance), also for the sake of consistency as __USE_GNU seems not used across the code and for last, it seems on Linux it is the best way to enable non portable code. On Linux glibc's based versions, it seems _GNU_SOURCE defines __USE_GNU it should be safe enough.
2015-12-08 16:43:09 -05:00
#define _GNU_SOURCE
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <ctype.h>
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
#include <dirent.h>
#include <sys/stat.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <sys/time.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/tcp.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <fcntl.h>
#include <errno.h>
#include <signal.h>
#include <stdarg.h>
#include <sys/resource.h>
MINOR: version: Show uname output in display_version() This patch adds the sysname, release, version and machine fields from the uname results to the version output. It intentionally leaves out the machine name, because it is usually not useful and users might not want to expose their machine names for privacy reasons. May be backported if it is considered useful for debugging.
2020-04-18 10:02:47 -04:00
#include <sys/utsname.h>
MEDIUM: New cli option -Ds for systemd compatibility This patch adds a new option "-Ds" which is exactly like "-D", but instead of forking n times to get n jobs running and then exiting, prefers to wait for all the children it just created. With this done, haproxy becomes more systemd-compliant, without changing anything for other systems. Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2013-02-12 04:53:52 -05:00
#include <sys/wait.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <time.h>
#include <syslog.h>
BUG/MEDIUM: remove supplementary groups when changing gid Without it, haproxy will retain the group membership of root, which may give more access than intended to the process. For example, haproxy would still be in the wheel group on Fedora 18, as seen with : # haproxy -f /etc/haproxy/haproxy.cfg # ps a -o pid,user,group,command | grep hapr 3545 haproxy haproxy haproxy -f /etc/haproxy/haproxy.cfg 4356 root root grep --color=auto hapr # grep Group /proc/3545/status Groups: 0 1 2 3 4 6 10 # getent group wheel wheel:x:10:root,misc [WT: The issue has been investigated by independent security research team and realized by itself not being able to allow security exploitation. Additionally, dropping groups is not allowed to unprivileged users, though this mode of deployment is quite common. Thus a warning is emitted in this case to inform the user. The fix could be backported into all supported versions as the issue has always been there. ]
2013-01-12 12:35:19 -05:00
#include <grp.h>
REORG: thread: move the thread init/affinity/stop to thread.c haproxy.c still has to deal with pthread-specific low-level stuff that is OS-dependent. We should not have to deal with this there, and we do not need to access pthread anywhere else. Let's move these 3 functions to thread.c and keep empty inline ones for when threads are disabled.
2021-10-06 16:22:40 -04:00
MINOR: thread: use a dedicated static pthread_t array in thread.c This removes the thread identifiers from struct thread_info and moves them only in static array in thread.c since it's now the only file that needs to touch it. It's also the only file that needs to include pthread.h, beyond haproxy.c which needs it to start the poll loop. As a result, much less system includes are needed and the LoC reduced by around 3%.
2021-10-06 16:53:51 -04:00
#ifdef USE_THREAD
#include <pthread.h>
#endif
MEDIUM: global: add support for CPU binding on Linux ("cpu-map") The new "cpu-map" directive allows one to assign the CPU sets that a process is allowed to bind to. This is useful in combination with the "nbproc" and "bind-process" directives. The support is implicit on Linux 2.6.28 and above.
2012-11-16 10:12:27 -05:00
#ifdef USE_CPU_AFFINITY
#include <sched.h>
BUILD/MEDIUM: threads/affinity: DragonFly build fix DragonFlyBSD does not have a build on its own, it has always used the FreeBSD's. To be able to support the cpu affinity, it needs few more headers.
2018-11-12 11:22:19 -05:00
#if defined(__FreeBSD__) || defined(__DragonFly__)
MINOR: support cpu-map feature through the compile option USE_CPU_AFFINITY on FreeBSD
2015-09-17 15:26:40 -04:00
#include <sys/param.h>
BUILD/MEDIUM: threads/affinity: DragonFly build fix DragonFlyBSD does not have a build on its own, it has always used the FreeBSD's. To be able to support the cpu affinity, it needs few more headers.
2018-11-12 11:22:19 -05:00
#ifdef __FreeBSD__
MINOR: support cpu-map feature through the compile option USE_CPU_AFFINITY on FreeBSD
2015-09-17 15:26:40 -04:00
#include <sys/cpuset.h>
BUILD/MEDIUM: threads/affinity: DragonFly build fix DragonFlyBSD does not have a build on its own, it has always used the FreeBSD's. To be able to support the cpu affinity, it needs few more headers.
2018-11-12 11:22:19 -05:00
#endif
BUILD/MEDIUM: threads: enable cpu_affinity on osx Enable it but on a per thread basis only using Darwin native API.
2019-09-13 00:12:58 -04:00
#endif
MEDIUM: global: add support for CPU binding on Linux ("cpu-map") The new "cpu-map" directive allows one to assign the CPU sets that a process is allowed to bind to. This is useful in combination with the "nbproc" and "bind-process" directives. The support is implicit on Linux 2.6.28 and above.
2012-11-16 10:12:27 -05:00
#endif
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MINOR: init: add a "set-dumpable" global directive to enable core dumps It's always a pain to get a core dump when enabling user/group setting (which disables the dumpable flag on Linux), when using a chroot and/or when haproxy is started by a service management tool which requires complex operations to just raise the core dump limit. This patch introduces a new "set-dumpable" global directive to work around these troubles by doing the following : - remove file size limits (equivalent of ulimit -f unlimited) - remove core size limits (equivalent of ulimit -c unlimited) - mark the process dumpable again (equivalent of suid_dumpable=1) Some of these will depend on the operating system. This way it becomes much easier to retrieve a core file. Temporarily moving the chroot to a user-writable place generally enough.
2019-04-15 13:38:50 -04:00
#if defined(USE_PRCTL)
#include <sys/prctl.h>
#endif
MINOR: proc: setting the process to produce a core dump on FreeBSD. using the procctl api to set the current process as traceable, thus being able to produce a core dump as well. making it as compile option if not wished or using freebsd prior to 11.x (last no EOL release).
2021-08-21 04:13:10 -04:00
#if defined(USE_PROCCTL)
#include <sys/procctl.h>
#endif
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#ifdef DEBUG_FULL
#include <assert.h>
#endif
MEDIUM: mworker: Add systemd `Type=notify` support This patch adds support for `Type=notify` to the systemd unit. Supporting `Type=notify` improves both starting as well as reloading of the unit, because systemd will be let known when the action completed. See this quote from `systemd.service(5)`: > Note however that reloading a daemon by sending a signal (as with the > example line above) is usually not a good choice, because this is an > asynchronous operation and hence not suitable to order reloads of > multiple services against each other. It is strongly recommended to > set ExecReload= to a command that not only triggers a configuration > reload of the daemon, but also synchronously waits for it to complete. By making systemd aware of a reload in progress it is able to wait until the reload actually succeeded. This patch introduces both a new `USE_SYSTEMD` build option which controls including the sd-daemon library as well as a `-Ws` runtime option which runs haproxy in master-worker mode with systemd support. When haproxy is running in master-worker mode with systemd support it will send status messages to systemd using `sd_notify(3)` in the following cases: - The master process forked off the worker processes (READY=1) - The master process entered the `mworker_reload()` function (RELOADING=1) - The master process received the SIGUSR1 or SIGTERM signal (STOPPING=1) Change the unit file to specify `Type=notify` and replace master-worker mode (`-W`) with master-worker mode with systemd support (`-Ws`). Future evolutions of this feature could include making use of the `STATUS` feature of `sd_notify()` to send information about the number of active connections to systemd. This would require bidirectional communication between the master and the workers and thus is left for future work.
2017-11-20 09:58:35 -05:00
#if defined(USE_SYSTEMD)
BUILD: systemd: fix build error on non-systemd systems with USE_SYSTEMD=1 Thanks to previous commit, we can now build with USE_SYSTEMD=1 on any system without requiring any parts from systemd. It just turns our that there was one remaining include in haproxy.c that needed to be replaced with haproxy/systemd.h to build correctly. That's what this commit does.
2024-04-03 11:32:20 -04:00
#include <haproxy/systemd.h>
MEDIUM: mworker: Add systemd `Type=notify` support This patch adds support for `Type=notify` to the systemd unit. Supporting `Type=notify` improves both starting as well as reloading of the unit, because systemd will be let known when the action completed. See this quote from `systemd.service(5)`: > Note however that reloading a daemon by sending a signal (as with the > example line above) is usually not a good choice, because this is an > asynchronous operation and hence not suitable to order reloads of > multiple services against each other. It is strongly recommended to > set ExecReload= to a command that not only triggers a configuration > reload of the daemon, but also synchronously waits for it to complete. By making systemd aware of a reload in progress it is able to wait until the reload actually succeeded. This patch introduces both a new `USE_SYSTEMD` build option which controls including the sd-daemon library as well as a `-Ws` runtime option which runs haproxy in master-worker mode with systemd support. When haproxy is running in master-worker mode with systemd support it will send status messages to systemd using `sd_notify(3)` in the following cases: - The master process forked off the worker processes (READY=1) - The master process entered the `mworker_reload()` function (RELOADING=1) - The master process received the SIGUSR1 or SIGTERM signal (STOPPING=1) Change the unit file to specify `Type=notify` and replace master-worker mode (`-W`) with master-worker mode with systemd support (`-Ws`). Future evolutions of this feature could include making use of the `STATUS` feature of `sd_notify()` to send information about the number of active connections to systemd. This would require bidirectional communication between the master and the workers and thus is left for future work.
2017-11-20 09:58:35 -05:00
#endif
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
BUG/MEDIUM: random: initialize the random pool a bit better Since the UUID sample fetch was created, some people noticed that in certain virtualized environments they manage to get exact same UUIDs on different instances started exactly at the same moment. It turns out that the randoms were only initialized to spread the health checks originally, not to provide "clean" randoms. This patch changes this and collects more randomness from various sources, including existing randoms, /dev/urandom when available, RAND_bytes() when OpenSSL is available, as well as the timing for such operations, then applies a SHA1 on all this to keep a 160 bits random seed available, 32 of which are passed to srandom(). It's worth mentioning that there's no clean way to pass more than 32 bits to srandom() as even initstate() provides an opaque state that must absolutely not be tampered with since known implementations contain state information. At least this allows to have up to 4 billion different sequences from the boot, which is not that bad. Note that the thread safety was still not addressed, which is another issue for another patch. This must be backported to all versions containing the UUID sample fetch function, i.e. as far as 2.0.
2020-03-06 12:57:15 -05:00
#include <import/sha1.h>
CLEANUP: include: tree-wide alphabetical sort of include files This patch fixes all the leftovers from the include cleanup campaign. There were not that many (~400 entries in ~150 files) but it was definitely worth doing it as it revealed a few duplicates.
2020-06-09 03:07:15 -04:00
#include <haproxy/acl.h>
REORG: global: move free acl/action in their related source files Move deinit_acl_cond and deinit_act_rules from haproxy.c respectively in acl.c and action.c. The name of the functions has been slightly altered, replacing the prefix deinit_* by free_* to reflect their purpose more clearly. This change has been made in preparation to the implementation of a free proxy function. As a side-effect, it helps to clean up haproxy.c.
2021-03-25 12:15:52 -04:00
#include <haproxy/action.h>
CLEANUP: include: tree-wide alphabetical sort of include files This patch fixes all the leftovers from the include cleanup campaign. There were not that many (~400 entries in ~150 files) but it was definitely worth doing it as it revealed a few duplicates.
2020-06-09 03:07:15 -04:00
#include <haproxy/activity.h>
#include <haproxy/api.h>
#include <haproxy/arg.h>
#include <haproxy/auth.h>
REORG: include: move base64.h, errors.h and hash.h from common to to haproxy/ These ones do not depend on any other file. One used to include haproxy/api.h but that was solely for stddef.h.
2020-05-27 10:10:29 -04:00
#include <haproxy/base64.h>
CLEANUP: include: tree-wide alphabetical sort of include files This patch fixes all the leftovers from the include cleanup campaign. There were not that many (~400 entries in ~150 files) but it was definitely worth doing it as it revealed a few duplicates.
2020-06-09 03:07:15 -04:00
#include <haproxy/capture-t.h>
REORG: config: move the condition preprocessing code to its own file The .if/.else/.endif and condition evaluation code is quite dirty and was dumped into cfgparse.c because it was easy. But it should be tidied quite a bit as it will need to evolve. Let's move all that to cfgcond.{c,h}.
2021-07-16 09:39:28 -04:00
#include <haproxy/cfgcond.h>
MINOR: diag: create cfgdiag module This module is intended to serve as a placeholder for various diagnostics executed after the configuration file has been fully loaded.
2021-03-30 11:34:24 -04:00
#include <haproxy/cfgdiag.h>
REORG: include: move cfgparse.h to haproxy/cfgparse.h There's no point splitting the file in two since only cfgparse uses the types defined there. A few call places were updated and cleaned up. All of them were in C files which register keywords. There is nothing left in common/ now so this directory must not be used anymore.
2020-06-04 18:00:29 -04:00
#include <haproxy/cfgparse.h>
REORG: include: move common/chunk.h to haproxy/chunk.h No change was necessary, it was already properly split.
2020-06-02 04:22:45 -04:00
#include <haproxy/chunk.h>
REORG: include: move cli.h to haproxy/cli{,-t}.h Almost no change except moving the cli_kw struct definition after the defines. Almost all users had both types&proto included, which is not surprizing since this code is old and it used to be the norm a decade ago. These places were cleaned.
2020-06-04 14:19:54 -04:00
#include <haproxy/cli.h>
REORG: time: move time-keeping code and variables to clock.c There is currently a problem related to time keeping. We're mixing the functions to perform calculations with the os-dependent code needed to retrieve and adjust the local time. This patch extracts from time.{c,h} the parts that are solely dedicated to time keeping. These are the "now" or "before_poll" variables for example, as well as the various now_*() functions that make use of gettimeofday() and clock_gettime() to retrieve the current time. The "tv_*" functions moved there were also more appropriately renamed to "clock_*". Other parts used to compute stolen time are in other files, they will have to be picked next.
2021-10-08 03:33:24 -04:00
#include <haproxy/clock.h>
REORG: include: move connection.h to haproxy/connection{,-t}.h The type file is becoming a mess, half of it is for the proxy protocol, another good part describes conn_streams and mux ops, it would deserve being split again. At least it was reordered so that elements are easier to find, with the PP-stuff left at the end. The MAX_SEND_FD macro was moved to compat.h as it's said to be the value for Linux.
2020-06-04 12:02:10 -04:00
#include <haproxy/connection.h>
BUG/MINOR: cpuset: fix compilation on platform without cpu affinity The compilation is currently broken on platform without USE_CPU_AFFINITY set. An error has been reported by the cygwin build of the CI. This does not need to be backported. In file included from include/haproxy/global-t.h:27, from include/haproxy/global.h:26, from include/haproxy/fd.h:33, from src/ev_poll.c:22: include/haproxy/cpuset-t.h:32:3: error: #error "No cpuset support implemented on this platform" 32 | # error "No cpuset support implemented on this platform" | ^~~~~ include/haproxy/cpuset-t.h:37:2: error: unknown type name ‘CPUSET_REPR’ 37 | CPUSET_REPR cpuset; | ^~~~~~~~~~~ make: *** [Makefile:944: src/ev_poll.o] Error 1 make: *** Waiting for unfinished jobs.... In file included from include/haproxy/global-t.h:27, from include/haproxy/global.h:26, from include/haproxy/fd.h:33, from include/haproxy/connection.h:30, from include/haproxy/ssl_sock.h:27, from src/ssl_sample.c:30: include/haproxy/cpuset-t.h:32:3: error: #error "No cpuset support implemented on this platform" 32 | # error "No cpuset support implemented on this platform" | ^~~~~ include/haproxy/cpuset-t.h:37:2: error: unknown type name ‘CPUSET_REPR’ 37 | CPUSET_REPR cpuset; | ^~~~~~~~~~~ make: *** [Makefile:944: src/ssl_sample.o] Error 1
2021-04-23 10:58:08 -04:00
#ifdef USE_CPU_AFFINITY
MEDIUM: config: use platform independent type hap_cpuset for cpu-map Use the platform independent type hap_cpuset for the cpu-map statement parsing. This allow to address CPU index greater than LONGBITS. Update the documentation to reflect the removal of this limit except for platforms without cpu_set_t type or equivalent.
2021-04-21 12:39:58 -04:00
#include <haproxy/cpuset.h>
BUG/MINOR: cpuset: fix compilation on platform without cpu affinity The compilation is currently broken on platform without USE_CPU_AFFINITY set. An error has been reported by the cygwin build of the CI. This does not need to be backported. In file included from include/haproxy/global-t.h:27, from include/haproxy/global.h:26, from include/haproxy/fd.h:33, from src/ev_poll.c:22: include/haproxy/cpuset-t.h:32:3: error: #error "No cpuset support implemented on this platform" 32 | # error "No cpuset support implemented on this platform" | ^~~~~ include/haproxy/cpuset-t.h:37:2: error: unknown type name ‘CPUSET_REPR’ 37 | CPUSET_REPR cpuset; | ^~~~~~~~~~~ make: *** [Makefile:944: src/ev_poll.o] Error 1 make: *** Waiting for unfinished jobs.... In file included from include/haproxy/global-t.h:27, from include/haproxy/global.h:26, from include/haproxy/fd.h:33, from include/haproxy/connection.h:30, from include/haproxy/ssl_sock.h:27, from src/ssl_sample.c:30: include/haproxy/cpuset-t.h:32:3: error: #error "No cpuset support implemented on this platform" 32 | # error "No cpuset support implemented on this platform" | ^~~~~ include/haproxy/cpuset-t.h:37:2: error: unknown type name ‘CPUSET_REPR’ 37 | CPUSET_REPR cpuset; | ^~~~~~~~~~~ make: *** [Makefile:944: src/ssl_sample.o] Error 1
2021-04-23 10:58:08 -04:00
#endif
MINOR: init: add info about the main program to the post_mortem struct This way we'll still have haproxy's version, build options etc in core dumps and centralized all at once.
2023-11-23 05:32:24 -05:00
#include <haproxy/debug.h>
REORG: include: move dns.h to haproxy/dns{,-t}.h The files were moved as-is.
2020-06-04 04:53:16 -04:00
#include <haproxy/dns.h>
REORG: include: move common/buffer.h to haproxy/dynbuf{,-t}.h The pretty confusing "buffer.h" was in fact not the place to look for the definition of "struct buffer" but the one responsible for dynamic buffer allocation. As such it defines the struct buffer_wait and the few functions to allocate a buffer or wait for one. This patch moves it renaming it to dynbuf.h. The type definition was moved to its own file since it's included in a number of other structs. Doing this cleanup revealed that a significant number of files used to rely on this one to inherit struct buffer through it but didn't need anything from this file at all.
2020-06-02 05:28:02 -04:00
#include <haproxy/dynbuf.h>
REORG: include: move base64.h, errors.h and hash.h from common to to haproxy/ These ones do not depend on any other file. One used to include haproxy/api.h but that was solely for stddef.h.
2020-05-27 10:10:29 -04:00
#include <haproxy/errors.h>
CLEANUP: include: tree-wide alphabetical sort of include files This patch fixes all the leftovers from the include cleanup campaign. There were not that many (~400 entries in ~150 files) but it was definitely worth doing it as it revealed a few duplicates.
2020-06-09 03:07:15 -04:00
#include <haproxy/fd.h>
REORG: include: move filters.h to haproxy/filters{,-t}.h Just a minor change, moved the macro definitions upwards. A few caller files were updated since they didn't need to include it.
2020-06-04 15:29:29 -04:00
#include <haproxy/filters.h>
CLEANUP: include: tree-wide alphabetical sort of include files This patch fixes all the leftovers from the include cleanup campaign. There were not that many (~400 entries in ~150 files) but it was definitely worth doing it as it revealed a few duplicates.
2020-06-09 03:07:15 -04:00
#include <haproxy/global.h>
REORG: include: move hlua.h to haproxy/hlua{,-t}.h This one required a few more includes as it uses list and ebpt_node. It still references lots of types/ files for now.
2020-06-04 03:20:54 -04:00
#include <haproxy/hlua.h>
REORG: include: move http_rules.h to haproxy/http_rules.h There was no include file. This one still includes types/proxy.h.
2020-06-04 05:40:28 -04:00
#include <haproxy/http_rules.h>
MINOR: limits: prepare to keep limits in one place The code which gets, sets and checks initial and current fd limits and process related limits (maxconn, maxsock, ulimit-n, fd-hard-limit) is spread around different functions in haproxy.c and in fd.c. Let's group it together in dedicated limits.c and limits.h. This patch is done in order to prepare the moving of limits-related functions from different places to the new 'limits' compilation unit. It helps to keep clean the next patch, which will do only the move without any additional modifications. Such detailed split is needed in order to be sure not to break accidentally limits logic and in order to be able to compile each commit separately in case of git-bisect.
2024-07-10 06:15:45 -04:00
#include <haproxy/limits.h>
MEDIUM: capabilities: enable support for Linux capabilities For a while there has been the constraint of having to run as root for transparent proxying, and we're starting to see some cases where QUIC is not running in socket-per-connection mode due to the missing capability that would be needed to bind a privileged port. It's not realistic to ask all QUIC users on port 443 to run as root, so instead let's provide a basic support for capabilities at least on linux. The ones currently supported are cap_net_raw, cap_net_admin and cap_net_bind_service. The mechanism was made OS-specific with a dedicated file because it really is. It can be easily refined later for other OSes if needed. A new keyword "setcaps" is added to the global section, to enumerate the capabilities that must be kept when switching from root to non-root. This is ignored in other situations though. HAProxy has to be built with USE_LINUX_CAP=1 for this to be supported, which is enabled by default for linux-glibc, linux-glibc-legacy and linux-musl. A good way to test this is to start haproxy with such a config: global uid 1000 setcap cap_net_bind_service frontend test mode http timeout client 3s bind quic4@:443 ssl crt rsa+dh2048.pem allow-0rtt and run it under "sudo strace -e trace=bind,setuid", then connecting there from an H3 client. The bind() syscall must succeed despite the user id having been switched.
2023-08-29 04:24:26 -04:00
#if defined(USE_LINUX_CAP)
#include <haproxy/linuxcap.h>
#endif
REORG: include: split mini-clist into haproxy/list and list-t.h Half of the users of this include only need the type definitions and not the manipulation macros nor the inline functions. Moves the various types into mini-clist-t.h makes the files cleaner. The other one had all its includes grouped at the top. A few files continued to reference it without using it and were cleaned. In addition it was about time that we'd rename that file, it's not "mini" anymore and contains a bit more than just circular lists.
2020-05-27 12:01:47 -04:00
#include <haproxy/list.h>
REORG: include: move listener.h to haproxy/listener{,-t}.h stdlib and list were missing from listener.h, otherwise it was OK.
2020-06-04 08:58:24 -04:00
#include <haproxy/listener.h>
REORG: include: move log.h to haproxy/log{,-t}.h The current state of the logging is a real mess. The main problem is that almost all files include log.h just in order to have access to the alert/warning functions like ha_alert() etc, and don't care about logs. But log.h also deals with real logging as well as log-format and depends on stream.h and various other things. As such it forces a few heavy files like stream.h to be loaded early and to hide missing dependencies depending where it's loaded. Among the missing ones is syslog.h which was often automatically included resulting in no less than 3 users missing it. Among 76 users, only 5 could be removed, and probably 70 don't need the full set of dependencies. A good approach would consist in splitting that file in 3 parts: - one for error output ("errors" ?). - one for log_format processing - and one for actual logging.
2020-06-04 16:01:04 -04:00
#include <haproxy/log.h>
REORG: include: move mworker.h to haproxy/mworker{,-t}.h One function prototype makes reference to struct mworker_proc which was not defined there but in global.h instead. This definition, along with the PROC_O_* fields were moved to mworker-t.h instead.
2020-06-04 08:07:37 -04:00
#include <haproxy/mworker.h>
REORG: include: move common/namespace.h to haproxy/namespace{,-t}.h The type was moved out as it's used by standard.h for netns_entry. Instead of just being a forward declaration when not used, it's an empty struct, which makes gdb happier (the resulting stripped executable is the same).
2020-06-02 11:02:59 -04:00
#include <haproxy/namespace.h>
REORG: include: move common/net_helper.h to haproxy/net_helper.h No change was necessary.
2020-06-02 10:48:09 -04:00
#include <haproxy/net_helper.h>
REORG: include: move openssl-compat.h from common/ to haproxy/ This file is to openssl what compat.h is to the libc, so it makes sense to move it to haproxy/. It could almost be part of api.h but given the amount of openssl stuff that gets loaded I fear it could increase the build time. Note that this file contains lots of inlined functions. But since it does not depend on anything else in haproxy, it remains safe to keep all that together.
2020-05-27 10:26:00 -04:00
#include <haproxy/openssl-compat.h>
MEDIUM: quic: release closing connections on stopping Since the following commit : commit fb375574f947143e185225558c274ac00a3f8cb4 MINOR: quic: mark quic-conn as jobs on socket allocation quic-conn instances are marked as jobs. This prevent haproxy process to stop while there is transfer in progress. To not delay process termination, idle connections are woken up through their MUX instances to be able to release them immediately. However, there is no mechanism to wake up quic connections left on closing or draining state. This means that haproxy process termination is delayed until every closing quic connections timer has expired. To improve this, a new function quic_handle_stopping() is called when haproxy process is stopping. It simply wakes up the idle timer task of all connections in the global closing list. These connections will thus be released immediately to not interrupt haproxy process stopping. This should be backported up to 2.7.
2023-03-08 04:37:45 -05:00
#include <haproxy/quic_conn.h>
MINOR: quic: Tunable "max_idle_timeout" transport parameter Add two tunable settings both for backends and frontends "max_idle_timeout" QUIC transport parameter, "tune.quic.frontend.max-idle-timeout" and "tune.quic.backend.max-idle-timeout" respectively. cfg_parse_quic_time() has been implemented to parse a time value thanks to parse_time_err(). It should be reused for any tunable time value to be parsed. Add the documentation for this tunable setting only for frontend.
2022-05-23 10:38:14 -04:00
#include <haproxy/quic_tp-t.h>
REORG: include: move pattern.h to haproxy/pattern{,-t}.h It was moved as-is, except for extern declaration of pattern_reference. A few C files used to include it but didn't need it anymore after having been split apart so this was cleaned.
2020-06-04 09:06:28 -04:00
#include <haproxy/pattern.h>
REORG: include: move peers.h to haproxy/peers{,-t}.h The cfg_peers external declaration was moved to the main file instead of the type one. A few types were still missing from the proto, causing warnings in the functions prototypes (proxy, stick_table).
2020-06-04 12:38:21 -04:00
#include <haproxy/peers.h>
CLEANUP: include: tree-wide alphabetical sort of include files This patch fixes all the leftovers from the include cleanup campaign. There were not that many (~400 entries in ~150 files) but it was definitely worth doing it as it revealed a few duplicates.
2020-06-09 03:07:15 -04:00
#include <haproxy/pool.h>
#include <haproxy/protocol.h>
MINOR: reload: determine the foreing binding status from the socket Let's not look at the listener options passed by the original process and determine from the socket itself whether it is configured for transparent mode or not. This is cleaner and safer, and doesn't rely on flag values that could possibly change between versions.
2020-08-26 04:23:40 -04:00
#include <haproxy/proto_tcp.h>
REORG: include: move proxy.h to haproxy/proxy{,-t}.h This one is particularly difficult to split because it provides all the functions used to manipulate a proxy state and to retrieve names or IDs for error reporting, and as such, it was included in 73 files (down to 68 after cleanup). It would deserve a small cleanup though the cut points are not obvious at the moment given the number of structs involved in the struct proxy itself.
2020-06-04 16:29:18 -04:00
#include <haproxy/proxy.h>
REORG: include: split common/regex.h into haproxy/regex{,-t}.h Regex are essentially included for myregex_t but it turns out that several of the C files didn't include it directly, relying on the one included by their own .h. This has been cleanly addressed so that only the type is included by H files which need it, and adding the missing includes for the other ones.
2020-06-02 11:32:26 -04:00
#include <haproxy/regex.h>
CLEANUP: include: tree-wide alphabetical sort of include files This patch fixes all the leftovers from the include cleanup campaign. There were not that many (~400 entries in ~150 files) but it was definitely worth doing it as it revealed a few duplicates.
2020-06-09 03:07:15 -04:00
#include <haproxy/sample.h>
REORG: include: move server.h to haproxy/server{,-t}.h extern struct dict server_name_dict was moved from the type file to the main file. A handful of inlined functions were moved at the bottom of the file. Call places were updated to use server-t.h when relevant, or to simply drop the entry when not needed.
2020-06-04 17:20:13 -04:00
#include <haproxy/server.h>
REORG: include: move session.h to haproxy/session{,-t}.h Almost no change was needed beyond a little bit of reordering of the types file and adjustments to use session-t instead of session at a few places.
2020-06-04 12:58:52 -04:00
#include <haproxy/session.h>
REORG: include: move signal.h to haproxy/signal{,-t}.h No change was necessary. Include from wdt.c was dropped since unneeded.
2020-06-04 11:37:26 -04:00
#include <haproxy/signal.h>
REORG: listener: move xfer_sock_list to sock.{c,h}. This will be used for receivers as well thus it is not specific to listeners but to sockets.
2020-08-28 10:29:53 -04:00
#include <haproxy/sock.h>
REORG: inet: replace tcp_is_foreign() with sock_inet_is_foreign() The function now makes it clear that it's independent on the socket type and solely relies on the address family. Note that it supports both IPv4 and IPv6 as we don't seem to need it per-family.
2020-08-28 09:40:33 -04:00
#include <haproxy/sock_inet.h>
REORG: include: move ssl_sock.h to haproxy/ssl_sock{,-t}.h Almost nothing changed, just moved a static inline at the end and moved an export from the types to the main file.
2020-06-04 14:30:20 -04:00
#include <haproxy/ssl_sock.h>
MINOR: stats: apply stats-file on process startup This commit is the first one of a serie to implement preloading of haproxy counters via stats-file parsing. This patch defines a basic apply_stats_file() function. It implements reading line by line of a stats-file without any parsing for the moment. It is called automatically on process startup via init().
2024-04-24 05:09:06 -04:00
#include <haproxy/stats-file.h>
MEDIUM: stats: integrate static proxies stats in new stats This is executed on startup with the registered statistics module. The existing statistics have been merged in a list containing all statistics for each domain. This is useful to print all available statistics in a generic way. Allocate extra counters for all proxies/servers/listeners instances. These counters are allocated with the counters from the stats modules registered on startup.
2020-10-05 05:49:42 -04:00
#include <haproxy/stats-t.h>
REORG: include: move stream.h to haproxy/stream{,-t}.h This one was not easy because it was embarking many includes with it, which other files would automatically find. At least global.h, arg.h and tools.h were identified. 93 total locations were identified, 8 additional includes had to be added. In the rare files where it was possible to finalize the sorting of includes by adjusting only one or two extra lines, it was done. But all files would need to be rechecked and cleaned up now. It was the last set of files in types/ and proto/ and these directories must not be reused anymore.
2020-06-04 17:46:14 -04:00
#include <haproxy/stream.h>
REORG: include: move task.h to haproxy/task{,-t}.h The TASK_IS_TASKLET() macro was moved to the proto file instead of the type one. The proto part was a bit reordered to remove a number of ugly forward declaration of static inline functions. About a tens of C and H files had their dependency dropped since they were not using anything from task.h.
2020-06-04 11:25:40 -04:00
#include <haproxy/task.h>
REORG: include: split hathreads into haproxy/thread.h and haproxy/thread-t.h This splits the hathreads.h file into types+macros and functions. Given that most users of this file used to include it only to get the definition of THREAD_LOCAL and MAXTHREADS, the bare minimum was placed into thread-t.h (i.e. types and macros). All the thread management was left to haproxy/thread.h. It's worth noting the drop of the trailing "s" in the name, to remove the permanent confusion that arises between this one and the system implementation (no "s") and the makefile's option (no "s"). For consistency, src/hathreads.c was also renamed thread.c. A number of files were updated to only include thread-t which is the one they really needed. Some future improvements are possible like replacing empty inlined functions with macros for the thread-less case, as building at -O0 disables inlining and causes these ones to be emitted. But this really is cosmetic.
2020-05-28 09:29:19 -04:00
#include <haproxy/thread.h>
CLEANUP: include: tree-wide alphabetical sort of include files This patch fixes all the leftovers from the include cleanup campaign. There were not that many (~400 entries in ~150 files) but it was definitely worth doing it as it revealed a few duplicates.
2020-06-09 03:07:15 -04:00
#include <haproxy/time.h>
#include <haproxy/tools.h>
MINOR: trace: define simple -dt argument Add '-dt' haproxy process argument. This will automatically activate all trace sources on stderr with the error level. This could be useful to troubleshoot issues such as protocol violations.
2023-11-22 08:58:59 -05:00
#include <haproxy/trace.h>
CLEANUP: include: tree-wide alphabetical sort of include files This patch fixes all the leftovers from the include cleanup campaign. There were not that many (~400 entries in ~150 files) but it was definitely worth doing it as it revealed a few duplicates.
2020-06-09 03:07:15 -04:00
#include <haproxy/uri_auth-t.h>
REORG: include: move vars.h to haproxy/vars{,-t}.h A few includes (sessions.h, stream.h, api-t.h) were added for arguments that were first declared in function prototypes.
2020-06-04 10:25:31 -04:00
#include <haproxy/vars.h>
CLEANUP: include: tree-wide alphabetical sort of include files This patch fixes all the leftovers from the include cleanup campaign. There were not that many (~400 entries in ~150 files) but it was definitely worth doing it as it revealed a few duplicates.
2020-06-09 03:07:15 -04:00
#include <haproxy/version.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
BUILD: re-implement an initcall variant without using executable sections The current initcall implementation relies on dedicated sections (one section per init stage) to store the initcall descriptors. Then upon startup, these sections are scanned from beginning to end and all items found there are called in sequence. On platforms like AIX or Cygwin it seems difficult to figure the beginning and end of sections as the linker doesn't seem to provide the corresponding symbols. In order to replace this, this patch simply implements an array of single linked (one per init stage) which are fed using constructors for each register call. These constructors are declared static, with a name depending on their line number in the file, in order to avoid name clashes. The final effect is the same, except that the method is slightly more expensive in that it explicitly produces code to register these initcalls : $ size haproxy.sections haproxy.constructor text data bss dec hex filename 4060312 249176 1457652 5767140 57ffe4 haproxy.sections 4062862 260408 1457652 5780922 5835ba haproxy.constructor This mechanism is enabled as an alternative to the default one when build option USE_OBSOLETE_LINKER is set. This option is currently enabled by default only on AIX and Cygwin, and may be attempted for any target which fails to build complaining about missing symbols __start_init_* and/or __stop_init_*. Once confirmed as a reliable fix, this will likely have to be backported to 1.9 where AIX and Cygwin do not build anymore.
2019-03-29 16:30:17 -04:00
/* array of init calls for older platforms */
DECLARE_INIT_STAGES;
MINOR: global: declare a read_mostly section Some variables are mostly read (mostly pointers) but they tend to be merged with other ones in the same cache line, slowing their access down in multi-thread setups. This patch declares an empty, aligned variable in a section called "read_mostly". This will force a cache-line alignment on this section so that any variable declared in it will be certain to avoid false sharing with other ones. The section will be eliminated at link time if not used. A __read_mostly attribute was added to compiler.h to ease use of this section.
2021-04-10 10:53:05 -04:00
/* create a read_mostly section to hold variables which are accessed a lot
* but which almost never change. The purpose is to isolate them in their
* own cache lines where they don't risk to be perturbated by write accesses
* to neighbor variables. We need to create an empty aligned variable for
* this. The fact that the variable is of size zero means that it will be
* eliminated at link time if no other variable uses it, but alignment will
* be respected.
*/
empty_t __read_mostly_align HA_SECTION("read_mostly") ALIGNED(64);
MINOR: global: export the build features string list Till now it was only presented in the version output but could not be consulted outside of haproxy.c, let's export it as a variable, and set it to an empty string if not defined.
2021-05-06 10:30:32 -04:00
#ifdef BUILD_FEATURES
MINOR: haproxy: permit to register features during boot The regtests are using the "feature()" predicate but this one can only rely on build-time options. It would be nice if some runtime-specific options could be detected at boot time so that regtests could more flexibly adapt to what is supported (capabilities, splicing, etc). Similarly, certain features that are currently enabled with USE_XXX could also be automatically detected at build time using ifdefs and would simplify the configuration, but then we'd lose the feature report in the feature list which is convenient for regtests. This patch makes sure that haproxy -vv shows the variable's contents and not the macro's contents, and adds a new hap_register_feature() to allow the code to register a new keyword.
2023-10-06 04:45:16 -04:00
char *build_features = BUILD_FEATURES;
MINOR: global: export the build features string list Till now it was only presented in the version output but could not be consulted outside of haproxy.c, let's export it as a variable, and set it to an empty string if not defined.
2021-05-06 10:30:32 -04:00
#else
MINOR: haproxy: permit to register features during boot The regtests are using the "feature()" predicate but this one can only rely on build-time options. It would be nice if some runtime-specific options could be detected at boot time so that regtests could more flexibly adapt to what is supported (capabilities, splicing, etc). Similarly, certain features that are currently enabled with USE_XXX could also be automatically detected at build time using ifdefs and would simplify the configuration, but then we'd lose the feature report in the feature list which is convenient for regtests. This patch makes sure that haproxy -vv shows the variable's contents and not the macro's contents, and adds a new hap_register_feature() to allow the code to register a new keyword.
2023-10-06 04:45:16 -04:00
char *build_features = "";
MINOR: global: export the build features string list Till now it was only presented in the version output but could not be consulted outside of haproxy.c, let's export it as a variable, and set it to an empty string if not defined.
2021-05-06 10:30:32 -04:00
#endif
[MEDIUM] config: remove the limitation of 10 config files Now we use a linked list, there is no limit anymore.
2010-01-03 15:12:30 -05:00
/* list of config files */
static struct list cfg_cfgfiles = LIST_HEAD_INIT(cfg_cfgfiles);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
int pid; /* current process id */
MEDIUM: thread: make stopping_threads per-group and add stopping_tgroups Stopping threads need a mask to figure who's still there without scanning everything in the poll loop. This means this will have to be per-group. And we also need to have a global stopping groups mask to know what groups were already signaled. This is used both to figure what thread is the first one to catch the event, and which one is the first one to detect the end of the last job. The logic isn't changed, though a loop is required in the slow path to make sure all threads are aware of the end. Note that for now the soft-stop still takes time for group IDs > 1 as the poller is not yet started on these threads and needs to expire its timeout as there's no way to wake it up. But all threads are eventually stopped.
2022-06-28 13:29:29 -04:00
static unsigned long stopping_tgroup_mask; /* Thread groups acknowledging stopping */
BUG/MINOR: haproxy: always initialize sleeping_thread_mask Surprizingly the variable was never initialized, though on most platforms it's zeroed at boot, and it is relatively harmless anyway since in the worst case the bits are updated around poll(). This was introduced by commit 79321b95a85 and needs to be backported as far as 1.9.
2020-03-12 12:24:53 -04:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* global options */
struct global global = {
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
.hard_stop_after = TICK_ETERNITY,
MEDIUM: global: Add a "close-spread-time" option to spread soft-stop on time window The new 'close-spread-time' global option can be used to spread idle and active HTTP connction closing after a SIGUSR1 signal is received. This allows to limit bursts of reconnections when too many idle connections are closed at once. Indeed, without this new mechanism, in case of soft-stop, all the idle connections would be closed at once (after the grace period is over), and all active HTTP connections would be closed by appending a "Connection: close" header to the next response that goes over it (or via a GOAWAY frame in case of HTTP2). This patch adds the support of this new option for HTTP as well as HTTP2 connections. It works differently on active and idle connections. On active connections, instead of sending systematically the GOAWAY frame or adding the 'Connection: close' header like before once the soft-stop has started, a random based on the remainder of the close window is calculated, and depending on its result we could decide to keep the connection alive. The random will be recalculated for any subsequent request/response on this connection so the GOAWAY will still end up being sent, but we might wait a few more round trips. This will ensure that goaways are distributed along a longer time window than before. On idle connections, a random factor is used when determining the expire field of the connection's task, which should naturally spread connection closings on the time window (see h2c_update_timeout). This feature request was described in GitHub issue #1614. This patch should be backported to 2.5. It depends on "BUG/MEDIUM: mux-h2: make use of http-request and keep-alive timeouts" which refactorized the timeout management of HTTP2 connections.
2022-04-08 12:04:18 -04:00
.close_spread_time = TICK_ETERNITY,
.close_spread_end = TICK_ETERNITY,
MINOR: global: add option to disable numa detection Render numa detection optional with a global configuration statement 'no numa-cpu-mapping'. This can be used if the applied affinity of the algorithm is not optimal. Also complete the documentation with this new keyword.
2021-03-26 13:50:33 -04:00
.numa_cpu_mapping = 1,
MAJOR: threads: enable one thread per CPU by default Threads have long matured by now, still for most users their usage is not trivial. It's about time to enable them by default on platforms where we know the number of CPUs bound. This patch does this, it counts the number of CPUs the process is bound to upon startup, and enables as many threads by default. Of course, "nbthread" still overrides this, but if it's not set the default behaviour is to start one thread per CPU. The default number of threads is reported in "haproxy -vv". Simply using "taskset -c" is now enough to adjust this number of threads so that there is no more need for playing with cpu-map. And thanks to the previous patches on the listener, the vast majority of configurations will not need to duplicate "bind" lines with the "process x/y" statement anymore either, so a simple config will automatically adapt to the number of processors available.
2019-01-26 08:27:06 -05:00
.nbthread = 0,
MEDIUM: log: New format-log flags: %Fi %Fp %Si %Sp %Ts %rt %H %pid %Fi: Frontend IP %Fp: Frontend Port %Si: Server IP %Sp: Server Port %Ts: Timestamp %rt: HTTP request counter %H: hostname %pid: PID +X: Hexadecimal represenation The +X mode in logformat displays hexadecimal for the following flags %Ci %Cp %Fi %Fp %Bi %Bp %Si %Sp %Ts %ct %pid rename logformat_write_string() to lf_text() Optimize size computation
2012-04-05 12:02:55 -04:00
.req_count = 0,
MEDIUM: tree-wide: logsrv struct becomes logger When 'log' directive was implemented, the internal representation was named 'struct logsrv', because the 'log' directive would directly point to the log target, which used to be a (UDP) log server exclusively at that time, hence the name. But things have become more complex, since today 'log' directive can point to ring targets (implicit, or named) for example. Indeed, a 'log' directive does no longer reference the "final" server to which the log will be sent, but instead it describes which log API and parameters to use for transporting the log messages to the proper log destination. So now the term 'logsrv' is rather confusing and prevents us from introducing a new level of abstraction because they would be mixed with logsrv. So in order to better designate this 'log' directive, and make it more generic, we chose the word 'logger' which now replaces logsrv everywhere it was used in the code (including related comments). This is internal rewording, so no functional change should be expected on user-side.
2023-09-11 09:06:53 -04:00
.loggers = LIST_HEAD_INIT(global.loggers),
CLEANUP: compression: move the default setting of maxzlibmem to defaults __comp_fetch_init() only presets the maxzlibmem, and only when both USE_ZLIB and DEFAULT_MAXZLIBMEM are set. The intent is to preset a default value to protect the system against excessive memory usage when no setting is set by the user. Nowadays the entry in the global struct is always there so there's no point anymore in passing via a constructor to possibly set this value. Let's go the cleaner way by always presetting DEFAULT_MAXZLIBMEM to 0 in defaults.h unless these conditions are met, and always assigning it instead of pre-setting the entry to zero. This is more straightforward and removes some ifdefs and the last constructor. In addition, now the setting has a chance of being found.
2022-04-25 13:29:10 -04:00
.maxzlibmem = DEFAULT_MAXZLIBMEM * 1024U * 1024U,
MINOR: compression: maximum compression rate limit This patch adds input and output rate calcutation on the HTTP compresion feature. Compression can be limited with a maximum rate value in kilobytes per second. The rate is set with the global 'maxcomprate' option. You can change this value dynamicaly with 'set rate-limit http-compression global' on the UNIX socket.
2012-11-09 11:05:39 -05:00
.comp_rate_lim = 0,
MEDIUM: ssl: Set verify 'required' as global default for servers side. If no CA file specified on a server line, the config parser will show an error. Adds an cmdline option '-dV' to re-set verify 'none' as global default on servers side (previous behavior). Also adds 'ssl-server-verify' global statement to set global default to 'none' or 'required'. WARNING: this changes the default verify mode from "none" to "required" on the server side, and it *will* break insecure setups.
2014-01-29 06:24:34 -05:00
.ssl_server_verify = SSL_SERVER_VERIFY_REQUIRED,
[MEDIUM] Add supports of bind on unix sockets.
2010-10-22 11:59:25 -04:00
.unix_bind = {
.ux = {
.uid = -1,
.gid = -1,
.mode = 0,
}
},
[MEDIUM] make it possible to change the buffer size in the configuration The new tune.bufsize and tune.maxrewrite global directives allow one to change the buffer size and the maxrewrite size. Right now, setting bufsize too low will block stats sockets which will not be able to write at all. An error checking must be added to buffer_write_chunk() so that if it cannot write its message to an empty buffer, it causes the caller to abort.
2009-08-17 01:23:33 -04:00
.tune = {
MINOR: listener: support another thread dispatch mode: "fair" This new algorithm for rebalancing incoming connections to multiple threads is simpler and instead of considering the threads load, it will only cycle through all of them, offering a fair share of the traffic to each thread. It may be well suited for short-lived connections but is also convenient for very large thread counts where it's not always certain that the least loaded thread will always be found.
2023-04-20 09:40:38 -04:00
.options = GTUNE_LISTENER_MQ_OPT,
MINOR: config: round up global.tune.bufsize to the next multiple of 2 void* Since HTX casts the buffer to a struct and stores relative pointers at the end, it is mandatory that its end is properly aligned. This patch enforces a buffer size rounding up to the next multiple of two void*, thus 8 on 32-bit and 16 on 64-bit, to match what malloc() already does on the beginning of the buffer. In pratice it will never be really noticeable since default sizes already are such multiples.
2018-12-12 00:19:42 -05:00
.bufsize = (BUFSIZE + 2*sizeof(void *) - 1) & -(2*sizeof(void *)),
MINOR: global: Set default tune.maxrewrite value during global structure init When the global structure is initialized, instead of setting tune.maxrewrite to -1, its default value can be immediately set. This way, it is always defined during the configuration validity check. Otherwise, the only way to have it at this stage, it is to explicity set it in the global section.
2020-01-22 08:31:21 -05:00
.maxrewrite = MAXREWRITE,
MAJOR: session: only wake up as many sessions as available buffers permit We've already experimented with three wake up algorithms when releasing buffers : the first naive one used to wake up far too many sessions, causing many of them not to get any buffer. The second approach which was still in use prior to this patch consisted in waking up either 1 or 2 sessions depending on the number of FDs we had released. And this was still inaccurate. The third one tried to cover the accuracy issues of the second and took into consideration the number of FDs the sessions would be willing to use, but most of the time we ended up waking up too many of them for nothing, or deadlocking by lack of buffers. This patch completely removes the need to allocate two buffers at once. Instead it splits allocations into critical and non-critical ones and implements a reserve in the pool for this. The deadlock situation happens when all buffers are be allocated for requests pending in a maxconn-limited server queue, because then there's no more way to allocate buffers for responses, and these responses are critical to release the servers's connection in order to release the pending requests. In fact maxconn on a server creates a dependence between sessions and particularly between oldest session's responses and latest session's requests. Thus, it is mandatory to get a free buffer for a response in order to release a server connection which will permit to release a request buffer. Since we definitely have non-symmetrical buffers, we need to implement this logic in the buffer allocation mechanism. What this commit does is implement a reserve of buffers which can only be allocated for responses and that will never be allocated for requests. This is made possible by the requester indicating how much margin it wants to leave after the allocation succeeds. Thus it is a cooperative allocation mechanism : the requester (process_session() in general) prefers not to get a buffer in order to respect other's need for response buffers. The session management code always knows if a buffer will be used for requests or responses, so that is not difficult : - either there's an applet on the initiator side and we really need the request buffer (since currently the applet is called in the context of the session) - or we have a connection and we really need the response buffer (in order to support building and sending an error message back) This reserve ensures that we don't take all allocatable buffers for requests waiting in a queue. The downside is that all the extra buffers are really allocated to ensure they can be allocated. But with small values it is not an issue. With this change, we don't observe any more deadlocks even when running with maxconn 1 on a server under severely constrained memory conditions. The code becomes a bit tricky, it relies on the scheduler's run queue to estimate how many sessions are already expected to run so that it doesn't wake up everyone with too few resources. A better solution would probably consist in having two queues, one for urgent requests and one for normal requests. A failed allocation for a session dealing with an error, a connection event, or the need for a response (or request when there's an applet on the left) would go to the urgent request queue, while other requests would go to the other queue. Urgent requests would be served from 1 entry in the pool, while the regular ones would be served only according to the reserve. Despite not yet having this, it works remarkably well. This mechanism is quite efficient, we don't perform too many wake up calls anymore. For 1 million sessions elapsed during massive memory contention, we observe about 4.5M calls to process_session() compared to 4.0M without memory constraints. Previously we used to observe up to 16M calls, which rougly means 12M failures. During a test run under high memory constraints (limit enforced to 27 MB instead of the 58 MB normally needed), performance used to drop by 53% prior to this patch. Now with this patch instead it *increases* by about 1.5%. The best effect of this change is that by limiting the memory usage to about 2/3 to 3/4 of what is needed by default, it's possible to increase performance by up to about 18% mainly due to the fact that pools are reused more often and remain hot in the CPU cache (observed on regular HTTP traffic with 20k objects, buffers.limit = maxconn/10, buffers.reserve = limit/2). Below is an example of scenario which used to cause a deadlock previously : - connection is received - two buffers are allocated in process_session() then released - one is allocated when receiving an HTTP request - the second buffer is allocated then released in process_session() for request parsing then connection establishment. - poll() says we can send, so the request buffer is sent and released - process session gets notified that the connection is now established and allocates two buffers then releases them - all other sessions do the same till one cannot get the request buffer without hitting the margin - and now the server responds. stream_interface allocates the response buffer and manages to get it since it's higher priority being for a response. - but process_session() cannot allocate the request buffer anymore => We could end up with all buffers used by responses so that none may be allocated for a request in process_session(). When the applet processing leaves the session context, the test will have to be changed so that we always allocate a response buffer regardless of the left side (eg: H2->H1 gateway). A final improvement would consists in being able to only retry the failed I/O operation without waking up a task, but to date all experiments to achieve this have proven not to be reliable enough.
2014-11-26 19:11:56 -05:00
.reserved_bufs = RESERVED_BUFS,
MAJOR: pattern: add LRU-based cache on pattern matching The principle of this cache is to have a global cache for all pattern matching operations which rely on lists (reg, sub, dir, dom, ...). The input data, the expression and a random seed are used as a hashing key. The cached entries contains a pointer to the expression and a revision number for that expression so that we don't accidently used obsolete data after a pattern update or a very unlikely hash collision. Regarding the risk of collisions, 10k entries at 10k req/s mean 1% risk of a collision after 60 years, that's already much less than the memory's reliability in most machines and more durable than most admin's life expectancy. A collision will result in a valid result to be returned for a different entry from the same list. If this is not acceptable, the cache can be disabled using tune.pattern.cache-size. A test on a file containing 10k small regex showed that the regex matching was limited to 6k/s instead of 70k with regular strings. When enabling the LRU cache, the performance was back to 70k/s.
2015-04-29 10:24:50 -04:00
.pattern_cache = DEFAULT_PAT_LRU_SIZE,
MEDIUM: connections: Add a way to control the number of idling connections. As by default we add all keepalive connections to the idle pool, if we run into a pathological case, where all client don't do keepalive, but the server does, and haproxy is configured to only reuse "safe" connections, we will soon find ourself having lots of idling, unusable for new sessions, connections, while we won't have any file descriptors available to create new connections. To fix this, add 2 new global settings, "pool_low_ratio" and "pool_high_ratio". pool-low-fd-ratio is the % of fds we're allowed to use (against the maximum number of fds available to haproxy) before we stop adding connections to the idle pool, and destroy them instead. The default is 20. pool-high-fd-ratio is the % of fds we're allowed to use (against the maximum number of fds available to haproxy) before we start killing idling connection in the event we have to create a new outgoing connection, and no reuse is possible. The default is 25.
2019-04-16 13:07:22 -04:00
.pool_low_ratio = 20,
.pool_high_ratio = 25,
MINOR: global: Preset tune.max_http_hdr to its default value By default, this tune parameter is set to MAX_HTTP_HDR. This assignment is done after the configuration parsing, when we check the configuration validity. So during the configuration parsing, its value is 0. Now, it is set to MAX_HTTP_HDR from the start. So, it is possible to rely on it during the configuration parsing.
2019-07-19 03:36:45 -04:00
.max_http_hdr = MAX_HTTP_HDR,
MINOR: ssl add global setting tune.sslcachesize to set SSL session cache size. This new global setting allows the user to change the SSL cache size in number of sessions. It defaults to 20000.
2012-09-03 06:10:29 -04:00
#ifdef USE_OPENSSL
MINOR: build: allow packagers to specify the ssl cache size This is done by passing the default value to SSLCACHESIZE in sessions. User can use tune.sslcachesize to change this value. By default, it is set to 20000 sessions as openssl internal cache size. Currently, a session entry size is between 592 and 616 bytes depending on the arch.
2012-11-14 05:32:56 -05:00
.sslcachesize = SSLCACHESIZE,
MINOR: compression: memlevel and windowsize The window size and the memlevel of the zlib are now configurable using global options tune.zlib.memlevel and tune.zlib.windowsize. It affects the memory consumption of the zlib.
2012-11-07 10:54:34 -05:00
#endif
MINOR: compression: tune.comp.maxlevel This option allows you to set the maximum compression level usable by the compression algorithm. It affects CPU usage.
2012-11-09 06:33:10 -05:00
.comp_maxlevel = 1,
MINOR: config: make the stream interface idle timer user-configurable The new tune.idletimer value allows one to set a different value for idle stream detection. The default value remains set to one second. It is possible to disable it using zero, and to change the default value at build time using DEFAULT_IDLE_TIMER.
2014-02-12 10:35:14 -05:00
#ifdef DEFAULT_IDLE_TIMER
.idle_timer = DEFAULT_IDLE_TIMER,
#else
.idle_timer = 1000, /* 1 second */
#endif
MEDIUM: stick-table: set the track-sc limit at boottime via tune.stick-counters The number of stick-counter entries usable by track-sc rules is currently set at build time. There is no good value for this since the vast majority of users don't need any, most need only a few and rare users need more. Adding more counters for everyone increases memory and CPU usages for no reason. This patch moves the per-session and per-stream arrays to a pool of a size defined at boot time. This way it becomes possible to set the number of entries at boot time via a new global setting "tune.stick-counters" that sets the limit for the whole process. When not set, the MAX_SESS_STR_CTR value still applies, or 3 if not set, as before. It is also possible to lower the value to 0 to save a bit of memory if not used at all. Note that a few low-level sample-fetch functions had to be protected due to the ability to use sample-fetches in the global section to set some variables.
2023-01-06 10:09:58 -05:00
.nb_stk_ctr = MAX_SESS_STKCTR,
MEDIUM: listener: switch the default sharding to by-group Sharding by-group is exactly identical to by-process for a single group, and will use the same number of file descriptors for more than one group, while significantly lowering the kernel's locking overhead. Now that all special listeners (cli, peers) are properly handled, and that support for SO_REUSEPORT is detected at runtime per protocol, there should be no more reason for now switching to by-group by default. That's what this patch does. It does only this and nothing else so that it's easy to revert, should any issue be raised. Testing on an AMD EPYC 74F3 featuring 24 cores and 48 threads distributed into 8 core complexes of 3 cores each, shows that configuring 8 groups (one per CCX) is sufficient to simply double the forwarded connection rate from 112k to 214k/s, reducing kernel locking from 71 to 55%.
2023-04-22 18:51:59 -04:00
.default_shards = -2, /* by-group */
MINOR: cfg-quic: define tune.quic.conn-buf-limit Add a new global configuration option to set the limit of buffers per QUIC connection. By default, this value is set to 30.
2022-04-19 12:26:55 -04:00
#ifdef USE_QUIC
MINOR: quic: Clarifications about transport parameters value This is becoming difficult to distinguish the default values for transport parameters which come with the RFC from our implementation default values when not set by configuration (tunable parameters). Add a comment to distinguish them. Prefix these default values by QUIC_TP_DFLT_ to distinguish them from QUIC_DFLT_* value even if there are not numerous. Furthermore ->max_udp_payload_size must be first initialized to QUIC_TP_DFLT_MAX_UDP_PAYLOAD_SIZE especially for received value.
2022-05-23 12:29:39 -04:00
.quic_backend_max_idle_timeout = QUIC_TP_DFLT_BACK_MAX_IDLE_TIMEOUT,
.quic_frontend_max_idle_timeout = QUIC_TP_DFLT_FRONT_MAX_IDLE_TIMEOUT,
.quic_frontend_max_streams_bidi = QUIC_TP_DFLT_FRONT_MAX_STREAMS_BIDI,
MINOR: quic: Dynamic packet reordering threshold Let's say that the largest packet number acknowledged by the peer is #10, when inspecting the non already acknowledged packets to detect if they are lost or not, this is the case a least if the difference between this largest packet number and and their packet numbers are bigger or equal to the packet reordering threshold as defined by the RFC 9002. This latter must not be less than QUIC_LOSS_PACKET_THRESHOLD(3). Which such a value, packets #7 and oldest are detected as lost if non acknowledged, contrary to packet number #8 or #9. So, the packet loss detection is very sensitive to such a network characteristic where non acknowledged packets are distant from each others by their packet number differences. Do not use this static value anymore for the packet reordering threshold which is used as a criteria to detect packet loss. In place, make it depend on the difference between the number of the last transmitted packet and the number of the oldest one among the packet which are still in flight before being inspected to be deemed as lost. Add new tune.quic.reorder-ratio setting to apply a ratio in percent to this dynamic packet reorder threshold. Should be backported to 2.6.
2024-02-13 13:38:46 -05:00
.quic_reorder_ratio = QUIC_DFLT_REORDER_RATIO,
MINOR: quic: Add tune.quic.retry-threshold keyword This QUIC specific keyword may be used to set the theshold, in number of connection openings, beyond which QUIC Retry feature will be automatically enabled. Its default value is 100.
2022-05-20 10:29:10 -04:00
.quic_retry_threshold = QUIC_DFLT_RETRY_THRESHOLD,
MINOR: quic: add config for retransmit limit Define a new configuration option "tune.quic.max-frame-loss". This is used to specify the limit for which a single frame instance can be detected as lost. If exceeded, the connection is closed. This should be backported up to 2.7.
2023-01-31 05:44:50 -05:00
.quic_max_frame_loss = QUIC_DFLT_MAX_FRAME_LOSS,
MINOR: cfg-quic: define tune.quic.conn-buf-limit Add a new global configuration option to set the limit of buffers per QUIC connection. By default, this value is set to 30.
2022-04-19 12:26:55 -04:00
.quic_streams_buf = 30,
#endif /* USE_QUIC */
[MEDIUM] make it possible to change the buffer size in the configuration The new tune.bufsize and tune.maxrewrite global directives allow one to change the buffer size and the maxrewrite size. Right now, setting bufsize too low will block stats sockets which will not be able to write at all. An error checking must be added to buffer_write_chunk() so that if it cannot write its message to an empty buffer, it causes the caller to abort.
2009-08-17 01:23:33 -04:00
},
MINOR: ssl: add defines LISTEN_DEFAULT_CIPHERS and CONNECT_DEFAULT_CIPHERS. These ones are used to set the default ciphers suite on "bind" lines and "server" lines respectively, instead of using OpenSSL's defaults. These are probably mainly useful for distro packagers.
2012-10-05 09:47:31 -04:00
#ifdef USE_OPENSSL
#ifdef DEFAULT_MAXSSLCONN
MEDIUM: config: implement maxsslconn in the global section SSL connections take a huge amount of memory, and unfortunately openssl does not check malloc() returns and easily segfaults when too many connections are used. The only solution against this is to provide a global maxsslconn setting to reject SSL connections above the limit in order to avoid reaching unsafe limits.
2012-09-06 05:58:37 -04:00
.maxsslconn = DEFAULT_MAXSSLCONN,
MINOR: ssl: add defines LISTEN_DEFAULT_CIPHERS and CONNECT_DEFAULT_CIPHERS. These ones are used to set the default ciphers suite on "bind" lines and "server" lines respectively, instead of using OpenSSL's defaults. These are probably mainly useful for distro packagers.
2012-10-05 09:47:31 -04:00
#endif
MEDIUM: config: implement maxsslconn in the global section SSL connections take a huge amount of memory, and unfortunately openssl does not check malloc() returns and easily segfaults when too many connections are used. The only solution against this is to provide a global maxsslconn setting to reject SSL connections above the limit in order to avoid reaching unsafe limits.
2012-09-06 05:58:37 -04:00
#endif
MAJOR: config: prevent QUIC with clients privileged port by default Previous commit introduce new protection mechanism to forbid communications with clients which use a privileged source port. By default, this mechanism is disabled for every protocols. This patch changes the default value and activate the protection mechanism for QUIC protocol. This is justified as it is a probable sign of DNS/NTP amplification attack. This is labelled as major as it can be a breaking change with some network environments.
2024-05-23 10:07:16 -04:00
/* by default allow clients which use a privileged port for TCP only */
.clt_privileged_ports = HA_PROTO_TCP,
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* others NULL OK */
};
/*********************************************************************/
int stopping; /* non zero means stopping in progress */
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
int killed; /* non zero means a hard-stop is triggered */
[MINOR] support a global jobs counter This counter is incremented for each incoming connection and each active listener, and is used to prevent haproxy from stopping upon SIGUSR1. It will thus be possible for some tasks in increment this counter in order to prevent haproxy from dying until they have completed their job.
2010-08-31 09:39:26 -04:00
int jobs = 0; /* number of active jobs (conns, listeners, active tasks, ...) */
MEDIUM: jobs: support unstoppable jobs for soft stop This patch allows a process to properly quit when some jobs are still active, this feature is handled by the unstoppable_jobs variable, which must be atomically incremented. During each new iteration of run_poll_loop() the break condition of the loop is now (jobs - unstoppable_jobs) == 0. The unique usage of this at the moment is to handle the socketpair CLI of a the worker during the stopping of the process. During the soft stop, we could mark the CLI listener as an unstoppable job and still handle new connections till every other jobs are stopped.
2018-11-16 10:57:20 -05:00
int unstoppable_jobs = 0; /* number of active jobs that can't be stopped during a soft stop */
MINOR: stats: report the number of active peers in "show info" Peers are the last type of activity which can maintain a job present, so it's important to report that such an entity is still active to explain why the job count may be higher than zero. Here by "ActivePeers" we report peers sessions, which include both established connections and outgoing connection attempts.
2018-11-05 10:31:22 -05:00
int active_peers = 0; /* number of active peers (connection attempts and connected) */
MINOR: stats: report the number of currently connected peers The active peers output indicates both the number of established peers connections and the number of peers connection attempts. The new counter "ConnectedPeers" also indicates the number of currently connected peers. This helps detect that some peers cannot be reached for example. It's worth mentioning that this value changes over time because unused peers are often disconnected and reconnected. Most of the time it should be equal to ActivePeers.
2018-11-05 11:12:27 -05:00
int connected_peers = 0; /* number of connected peers (verified ones) */
MINOR: init: extract args parsing to their own function The cmdline argument parsing was performed quite late, which prevents from retrieving elements that can be used to initialize the pools and certain sensitive areas. The goal is to improve this by parsing command line arguments right after the early init stage. This is possible because the cmdline parser already does very little beyond retrieving config elements that are used later. Doing so requires to move the parser code to a separate function and to externalize a few variables out of the function as they're used later in the boot process, in the original function. This patch creates init_args() but doesn't move it upfront yet, it's still executed just before init(), which essentially corresponds to what was done before (only the trash buffers, ACLs and Lua were initialized earlier and are not needed for this). The rest is not modified and as expected no change is observed. Note that the diff doesn't to justice to the change as it makes it look like the early init() code was moved to a new function after the function was renamed, while in fact it's clearly the parser itself which moved.
2022-02-17 12:10:36 -05:00
int arg_mode = 0; /* MODE_DEBUG etc as passed on command line ... */
char *change_dir = NULL; /* set when -C is passed */
char *check_condition = NULL; /* check condition passed to -cc */
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
CLEANUP: assorted typo fixes in the code and comments This is 11th iteration of typo fixes
2020-07-05 07:36:08 -04:00
/* Here we store information about the pids of the processes we may pause
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
* or kill. We will send them a signal every 10 ms until we can bind to all
* our ports. With 200 retries, that's about 2 seconds.
*/
#define MAX_START_RETRIES 200
static int *oldpids = NULL;
static int oldpids_sig; /* use USR1 or TERM */
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
/* Path to the unix socket we use to retrieve listener sockets from the old process */
static const char *old_unixsocket;
MEDIUM: mworker: wait mode on reload failure In Master Worker mode, when the reloading of the configuration fail, the process is exiting leaving the children without their father. To handle this, we register an exit function with atexit(3), which is reexecuting the binary in a special mode. This particular mode of HAProxy don't reload the configuration, it only loops on wait().
2017-06-01 11:38:52 -04:00
int atexit_flag = 0;
[MINOR] startup: don't wait for nothing when no old pid remains In case of binding failure during startup, we wait for some time sending signals to old pids so that they release the ports we need. But if there aren't any old pids anymore, it's useless to wait, we prefer to fail fast. Along with this change, we now have the number of old pids really found in the nb_oldpids variable.
2010-08-25 06:58:59 -04:00
int nb_oldpids = 0;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
const int zero = 0;
const int one = 1;
[MINOR] add the "nolinger" option to disable data lingering The following patch will give the ability to tweak socket linger mode. You can use this option with "option nolinger" inside fronted or backend configuration declaration. This will help in environments where lots of FIN_WAIT sockets are encountered.
2007-10-11 14:48:58 -04:00
const struct linger nolinger = { .l_onoff = 1, .l_linger = 0 };
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MINOR] force null-termination of hostname Marcello Gorlani reported that at least on FreeBSD, a long hostname was reported with garbage on the stats page. POSIX does not make it mandatory for gethostname() to NULL-terminate the string in case of truncation, and at least FreeBSD appears not to do it. So let's force null-termination to keep safe.
2010-03-12 15:58:54 -05:00
char hostname[MAX_HOSTNAME_LEN];
MINOR: peers: do not use localpeer as an array anymore It is now dynamically allocated by using strdup().
2020-06-18 10:56:47 -04:00
char *localpeer = NULL;
MINOR: management: add some basic keyword dump infrastructure It's difficult from outside haproxy to detect the supported keywords and syntax. Interestingly, many of our modern keywords are enumerated since they're registered from constructors, so it's not very hard to enumerate most of them. This patch creates some basic infrastructure to support dumping existing keywords from different classes on stdout. The format will differ depending on the classes, but the idea is that the output could easily be passed to a script that generates some simple syntax highlighting rules, completion rules for editors, syntax checkers or config parsers. The principle chosen here is that if "-dK" is passed on the command-line, at the end of the parsing the registered keywords will be dumped for the requested classes passed after "-dK". Special name "help" will show known classes, while "all" will execute all of them. The reason for doing that after the end of the config processor is that it will also enumerate internally-generated keywords, Lua or even those loaded from external code (e.g. if an add-on is loaded using LD_PRELOAD). A typical way to call this with a valid config would be: ./haproxy -dKall -q -c -f /path/to/config If there's no config available, feeding /dev/null will also do the job, though it will not be able to detect dynamically created keywords, of course. This patch also updates the management doc. For now nothing but the help is listed, various subsystems will follow in subsequent patches.
2022-03-08 10:01:40 -05:00
static char *kwd_dump = NULL; // list of keyword dumps to produce
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
BUG/MEDIUM: mworker: fix the reload with an -- option When HAProxy is started with a '--' option, all following parameters are considered configuration files. You can't add new options after a '--'. The current reload system of the master-worker adds extra options at the end of the arguments list. Which is a problem if HAProxy was started wih '--'. This patch fixes the issue by copying the new option at the beginning of the arguments list instead of the end. This patch must be backported as far as 1.8.
2020-06-05 08:08:41 -04:00
static char **old_argv = NULL; /* previous argv but cleaned up */
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
struct list proc_list = LIST_HEAD_INIT(proc_list);
int master = 0; /* 1 if in master, 0 if in child */
BUG/MEDIUM: random: initialize the random pool a bit better Since the UUID sample fetch was created, some people noticed that in certain virtualized environments they manage to get exact same UUIDs on different instances started exactly at the same moment. It turns out that the randoms were only initialized to spread the health checks originally, not to provide "clean" randoms. This patch changes this and collects more randomness from various sources, including existing randoms, /dev/urandom when available, RAND_bytes() when OpenSSL is available, as well as the timing for such operations, then applies a SHA1 on all this to keep a 160 bits random seed available, 32 of which are passed to srandom(). It's worth mentioning that there's no clean way to pass more than 32 bits to srandom() as even initstate() provides an opaque state that must absolutely not be tampered with since known implementations contain state information. At least this allows to have up to 4 billion different sequences from the boot, which is not that bad. Note that the thread safety was still not addressed, which is another issue for another patch. This must be backported to all versions containing the UUID sample fetch function, i.e. as far as 2.0.
2020-03-06 12:57:15 -05:00
/* per-boot randomness */
unsigned char boot_seed[20]; /* per-boot random seed (160 bits initially) */
MEDIUM: threads: replace ha_set_tid() with ha_set_thread() ha_set_tid() was randomly used either to explicitly set thread 0 or to set any possibly incomplete thread during boot. Let's replace it with a pointer to a valid thread or NULL for any thread. This allows us to check that the designated threads are always valid, and to ignore the thread 0's mapping when setting it to NULL, and always use group 0 with it during boot. The initialization code is also cleaner, as we don't pass ugly casts of a thread ID to a pointer anymore.
2021-09-28 03:43:11 -04:00
/* takes the thread config in argument or NULL for any thread */
MEDIUM: mworker: use the haproxy poll loop In order to reorganize the code of the master worker, the mworker_wait() function which was the main function was split. This function was handling a wait() loop, but it does not need it anymore since the code will use the poll loop of haproxy instead. The function was split in several functions: - mworker_catch_sigterm() which is a signal handler for SIGTERM ans SIGUSR1 that sends the signals to the workers - mworker_catch_sigchld() which is the code handling the leaving of a child - mworker_catch_sighup which basically call the mworker_restart() function - mworker_loop() which is the function calling the main poll loop in the master
2018-09-11 04:06:18 -04:00
static void *run_thread_poll_loop(void *data);
MINOR: config: add minimum support for emitting warnings only once This is useful to explain to users what to do during a migration.
2014-04-28 16:27:06 -04:00
/* bitfield of a few warnings to emit just once (WARN_*) */
unsigned int warned = 0;
MINOR: global: define tainted flag Add a global flag named 'tainted'. Its purpose is to report various status about experimental features used for the current process lifetime. By default it is initialized to 0. It can be set/retrieve by a couple of new functions mark_tainted()/get_tainted(). Once a flag is set, it cannot be resetted. Currently, no tainted status is implemented, it will be the subject of the following commits.
2021-05-05 10:18:45 -04:00
/* set if experimental features have been used for the current process */
DEBUG: move the tainted stuff to bug.h for easier inclusion The functions needed to manipulate the "tainted" flags were located in too high a level to be callable from the lower code layers. Let's move them to bug.h.
2022-02-25 04:10:00 -05:00
unsigned int tainted = 0;
MINOR: global: define tainted flag Add a global flag named 'tainted'. Its purpose is to report various status about experimental features used for the current process lifetime. By default it is initialized to 0. It can be set/retrieve by a couple of new functions mark_tainted()/get_tainted(). Once a flag is set, it cannot be resetted. Currently, no tainted status is implemented, it will be the subject of the following commits.
2021-05-05 10:18:45 -04:00
MINOR: cfgparse: implement experimental config keywords Add a new flag to mark a keyword as experimental. An experimental keyword cannot be used if the global 'expose-experimental-directives' is not present first. Only keywords parsed through a standard cfg_keywords lists in global/proxies section will be automatically detected if declared experimental. To support a keyword outside of these lists, check_kw_experimental must be called manually during its parsing. If an experimental keyword is present in the config, the tainted flag is updated. For the moment, no keyword is marked as experimental.
2021-05-06 10:21:39 -04:00
unsigned int experimental_directives_allowed = 0;
MINOR: cfgparse: Add a global option to expose deprecated directives Similarly to "expose-exprimental-directives" option, there is no a global option to expose some deprecated directives. Idea is to have a way to silent warnings about deprecated directives when there is no alternative solution. Of course, deprecated directives covered by this option are not listed and may change. It is only a best effort to let users upgrade smoothly.
2024-03-15 04:01:11 -04:00
unsigned int deprecated_directives_allowed = 0;
MINOR: cfgparse: implement experimental config keywords Add a new flag to mark a keyword as experimental. An experimental keyword cannot be used if the global 'expose-experimental-directives' is not present first. Only keywords parsed through a standard cfg_keywords lists in global/proxies section will be automatically detected if declared experimental. To support a keyword outside of these lists, check_kw_experimental must be called manually during its parsing. If an experimental keyword is present in the config, the tainted flag is updated. For the moment, no keyword is marked as experimental.
2021-05-06 10:21:39 -04:00
int check_kw_experimental(struct cfg_keyword *kw, const char *file, int linenum,
char **errmsg)
{
if (kw->flags & KWF_EXPERIMENTAL) {
if (!experimental_directives_allowed) {
BUILD: fix usage of ha_alert without format string The compilation is failing due to no format string used in ha_alert. This does not need to be backported.
2021-05-07 09:07:21 -04:00
memprintf(errmsg, "parsing [%s:%d] : '%s' directive is experimental, must be allowed via a global 'expose-experimental-directives'",
MINOR: cfgparse: implement experimental config keywords Add a new flag to mark a keyword as experimental. An experimental keyword cannot be used if the global 'expose-experimental-directives' is not present first. Only keywords parsed through a standard cfg_keywords lists in global/proxies section will be automatically detected if declared experimental. To support a keyword outside of these lists, check_kw_experimental must be called manually during its parsing. If an experimental keyword is present in the config, the tainted flag is updated. For the moment, no keyword is marked as experimental.
2021-05-06 10:21:39 -04:00
file, linenum, kw->kw);
return 1;
}
mark_tainted(TAINTED_CONFIG_EXP_KW_DECLARED);
}
return 0;
}
MINOR: haproxy: add a registration for build options Many extensions now report some build options to ease debugging, but this is now being done at the expense of code maintainability. Let's provide a registration function to do this so that we can start to remove most of the #ifdefs from haproxy.c (18 currently just for a single function).
2016-12-21 12:43:10 -05:00
/* These are strings to be reported in the output of "haproxy -vv". They may
* either be constants (in which case must_free must be zero) or dynamically
* allocated strings to pass to free() on exit, and in this case must_free
* must be non-zero.
*/
struct list build_opts_list = LIST_HEAD_INIT(build_opts_list);
struct build_opts_str {
struct list list;
const char *str;
int must_free;
};
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*********************************************************************/
/* general purpose functions ***************************************/
/*********************************************************************/
MINOR: haproxy: add a registration for build options Many extensions now report some build options to ease debugging, but this is now being done at the expense of code maintainability. Let's provide a registration function to do this so that we can start to remove most of the #ifdefs from haproxy.c (18 currently just for a single function).
2016-12-21 12:43:10 -05:00
/* used to register some build option strings at boot. Set must_free to
* non-zero if the string must be freed upon exit.
*/
void hap_register_build_opts(const char *str, int must_free)
{
struct build_opts_str *b;
b = calloc(1, sizeof(*b));
if (!b) {
fprintf(stderr, "out of memory\n");
exit(1);
}
b->str = str;
b->must_free = must_free;
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_APPEND(&build_opts_list, &b->list);
MINOR: haproxy: add a registration for build options Many extensions now report some build options to ease debugging, but this is now being done at the expense of code maintainability. Let's provide a registration function to do this so that we can start to remove most of the #ifdefs from haproxy.c (18 currently just for a single function).
2016-12-21 12:43:10 -05:00
}
MINOR: global: export a way to list build options The new function hap_get_next_build_opt() will iterate over the list of build options. This will be used for debugging, so that the build options can be retrieved from the CLI.
2024-01-02 04:56:05 -05:00
/* returns the first build option when <curr> is NULL, or the next one when
* <curr> is passed the last returned value. NULL when there is no more entries
* in the list. Otherwise the returned pointer is &opt->str so the caller can
* print it as *ret.
*/
const char **hap_get_next_build_opt(const char **curr)
{
struct build_opts_str *head, *start;
head = container_of(&build_opts_list, struct build_opts_str, list);
if (curr)
start = container_of(curr, struct build_opts_str, str);
else
start = head;
start = container_of(start->list.n, struct build_opts_str, list);
if (start == head)
return NULL;
return &start->str;
}
MINOR: haproxy: permit to register features during boot The regtests are using the "feature()" predicate but this one can only rely on build-time options. It would be nice if some runtime-specific options could be detected at boot time so that regtests could more flexibly adapt to what is supported (capabilities, splicing, etc). Similarly, certain features that are currently enabled with USE_XXX could also be automatically detected at build time using ifdefs and would simplify the configuration, but then we'd lose the feature report in the feature list which is convenient for regtests. This patch makes sure that haproxy -vv shows the variable's contents and not the macro's contents, and adds a new hap_register_feature() to allow the code to register a new keyword.
2023-10-06 04:45:16 -04:00
/* used to make a new feature appear in the build_features list at boot time.
* The feature must be in the format "XXX" without the leading "+" which will
* be automatically appended.
*/
void hap_register_feature(const char *name)
{
static int must_free = 0;
int new_len = strlen(build_features) + 2 + strlen(name);
char *new_features;
new_features = malloc(new_len + 1);
if (!new_features)
return;
strlcpy2(new_features, build_features, new_len);
snprintf(new_features, new_len + 1, "%s +%s", build_features, name);
if (must_free)
ha_free(&build_features);
build_features = new_features;
must_free = 1;
}
MINOR: global: add version comparison functions The new function split_version() converts a parsable haproxy version to an array of integers. The function compare_current_version() compares an arbitrary version to the current one. These two functions were written by Thierry Fournier in 2013, and are still usable as-is. They will be used to write config language predicates.
2021-05-06 01:43:35 -04:00
#define VERSION_MAX_ELTS 7
/* This function splits an haproxy version string into an array of integers.
* The syntax of the supported version string is the following:
*
* <a>[.<b>[.<c>[.<d>]]][-{dev,pre,rc}<f>][-*][-<g>]
*
* This validates for example:
* 1.2.1-pre2, 1.2.1, 1.2.10.1, 1.3.16-rc1, 1.4-dev3, 1.5-dev18, 1.5-dev18-43
* 2.4-dev18-f6818d-20
*
* The result is set in a array of <VERSION_MAX_ELTS> elements. Each letter has
* one fixed place in the array. The tags take a numeric value called <e> which
* defaults to 3. "dev" is 1, "rc" and "pre" are 2. Numbers not encountered are
* considered as zero (henxe 1.5 and 1.5.0 are the same).
*
* The resulting values are:
* 1.2.1-pre2 1, 2, 1, 0, 2, 2, 0
* 1.2.1 1, 2, 1, 0, 3, 0, 0
* 1.2.10.1 1, 2, 10, 1, 3, 0, 0
* 1.3.16-rc1 1, 3, 16, 0, 2, 1, 0
* 1.4-dev3 1, 4, 0, 0, 1, 3, 0
* 1.5-dev18 1, 5, 0, 0, 1, 18, 0
* 1.5-dev18-43 1, 5, 0, 0, 1, 18, 43
* 2.4-dev18-f6818d-20 2, 4, 0, 0, 1, 18, 20
*
* The function returns non-zero if the conversion succeeded, or zero if it
* failed.
*/
int split_version(const char *version, unsigned int *value)
{
const char *p, *s;
char *error;
int nelts;
/* Initialize array with zeroes */
for (nelts = 0; nelts < VERSION_MAX_ELTS; nelts++)
value[nelts] = 0;
value[4] = 3;
p = version;
/* If the version number is empty, return false */
if (*p == '\0')
return 0;
/* Convert first number <a> */
value[0] = strtol(p, &error, 10);
p = error + 1;
if (*error == '\0')
return 1;
if (*error == '-')
goto split_version_tag;
if (*error != '.')
return 0;
/* Convert first number <b> */
value[1] = strtol(p, &error, 10);
p = error + 1;
if (*error == '\0')
return 1;
if (*error == '-')
goto split_version_tag;
if (*error != '.')
return 0;
/* Convert first number <c> */
value[2] = strtol(p, &error, 10);
p = error + 1;
if (*error == '\0')
return 1;
if (*error == '-')
goto split_version_tag;
if (*error != '.')
return 0;
/* Convert first number <d> */
value[3] = strtol(p, &error, 10);
p = error + 1;
if (*error == '\0')
return 1;
if (*error != '-')
return 0;
split_version_tag:
/* Check for commit number */
if (*p >= '0' && *p <= '9')
goto split_version_commit;
/* Read tag */
if (strncmp(p, "dev", 3) == 0) { value[4] = 1; p += 3; }
else if (strncmp(p, "rc", 2) == 0) { value[4] = 2; p += 2; }
else if (strncmp(p, "pre", 3) == 0) { value[4] = 2; p += 3; }
else
goto split_version_commit;
/* Convert tag number */
value[5] = strtol(p, &error, 10);
p = error + 1;
if (*error == '\0')
return 1;
if (*error != '-')
return 0;
split_version_commit:
/* Search the last "-" */
s = strrchr(p, '-');
if (s) {
s++;
if (*s == '\0')
return 0;
value[6] = strtol(s, &error, 10);
if (*error != '\0')
value[6] = 0;
return 1;
}
/* convert the version */
value[6] = strtol(p, &error, 10);
if (*error != '\0')
value[6] = 0;
return 1;
}
/* This function compares the current haproxy version with an arbitrary version
* string. It returns:
* -1 : the version in argument is older than the current haproxy version
* 0 : the version in argument is the same as the current haproxy version
* 1 : the version in argument is newer than the current haproxy version
*
* Or some errors:
* -2 : the current haproxy version is not parsable
* -3 : the version in argument is not parsable
*/
int compare_current_version(const char *version)
{
unsigned int loc[VERSION_MAX_ELTS];
unsigned int mod[VERSION_MAX_ELTS];
int i;
/* split versions */
if (!split_version(haproxy_version, loc))
return -2;
if (!split_version(version, mod))
return -3;
/* compare versions */
for (i = 0; i < VERSION_MAX_ELTS; i++) {
if (mod[i] < loc[i])
return -1;
else if (mod[i] > loc[i])
return 1;
}
return 0;
}
MINOR: global: export the display_version() symbol Export the display_version() function which can be used elsewhere than in haproxy.c
2023-09-05 09:24:39 -04:00
void display_version()
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
MINOR: version: Show uname output in display_version() This patch adds the sysname, release, version and machine fields from the uname results to the version output. It intentionally leaves out the machine name, because it is usually not useful and users might not want to expose their machine names for privacy reasons. May be backported if it is considered useful for debugging.
2020-04-18 10:02:47 -04:00
struct utsname utsname;
MINOR: version: report "HAProxy" not "HA-Proxy" in the version output When running "haproxy -v", we still get "HA-Proxy" which is the last place where this confusing oddity happens. Being so used to it I didn't even notice it until it was reported to me just after 2.2 but it never got fixed, despite the PRODUCT_NAME macro that is used to report the name in the stats page and in "show info" being already set to "HAProxy" 15 years ago in 1.2.14 with commit e03312613. It's about time to uniformize everything.
2021-05-09 00:14:25 -04:00
printf("HAProxy version %s %s - https://haproxy.org/\n"
MINOR: version: report the version status in "haproxy -v" As discussed on Discourse here: https://discourse.haproxy.org/t/haproxy-branch-support-lifetime/4466 it's not always easy for end users to know the lifecycle of the version they are using. This patch introduces a "Status" line in the output of "haproxy -vv" indicating whether it's a development, stable, long-term supported version, possibly with an estimated end of life for the branch when it can be anticipated (e.g. for stable versions). This field should be adjusted when creating a major release to reflect the new status. It may make sense to backport this to other branches to clarify the situation.
2019-11-21 12:07:30 -05:00
PRODUCT_STATUS "\n", haproxy_version, haproxy_date);
MINOR: version: emit the link to the known bugs in output of "haproxy -v" The link to the known bugs page for the current version is built and reported there. When it is a development version (less than 2 dots), instead a link to github open issues is reported as there's no way to be sure about the current situation in this case and it's better that users report their trouble there.
2019-11-21 12:48:20 -05:00
if (strlen(PRODUCT_URL_BUGS) > 0) {
char base_version[20];
int dots = 0;
char *del;
/* only retrieve the base version without distro-specific extensions */
for (del = haproxy_version; *del; del++) {
if (*del == '.')
dots++;
else if (*del < '0' || *del > '9')
break;
}
strlcpy2(base_version, haproxy_version, del - haproxy_version + 1);
if (dots < 2)
printf("Known bugs: https://github.com/haproxy/haproxy/issues?q=is:issue+is:open\n");
else
printf("Known bugs: " PRODUCT_URL_BUGS "\n", base_version);
}
MINOR: version: Show uname output in display_version() This patch adds the sysname, release, version and machine fields from the uname results to the version output. It intentionally leaves out the machine name, because it is usually not useful and users might not want to expose their machine names for privacy reasons. May be backported if it is considered useful for debugging.
2020-04-18 10:02:47 -04:00
if (uname(&utsname) == 0) {
printf("Running on: %s %s %s %s\n", utsname.sysname, utsname.release, utsname.version, utsname.machine);
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
CLEANUP: haproxy: statify unexported functions haproxy.c is a real mess. Let's start to clean it up by declaring static all functions which are not exported (ie almost all of them).
2016-12-21 12:19:57 -05:00
static void display_build_opts()
[MINOR] store the build options to report with -vv Sometimes it is useful to find out how a given binary version was built. The build compiler and options are now provided for this, and it's possible to get them with the -vv option.
2007-12-02 05:28:59 -05:00
{
MINOR: global: export a way to list build options The new function hap_get_next_build_opt() will iterate over the list of build options. This will be used for debugging, so that the build options can be retrieved from the CLI.
2024-01-02 04:56:05 -05:00
const char **opt;
MINOR: haproxy: add a registration for build options Many extensions now report some build options to ease debugging, but this is now being done at the expense of code maintainability. Let's provide a registration function to do this so that we can start to remove most of the #ifdefs from haproxy.c (18 currently just for a single function).
2016-12-21 12:43:10 -05:00
[MINOR] store the build options to report with -vv Sometimes it is useful to find out how a given binary version was built. The build compiler and options are now provided for this, and it's possible to get them with the -vv option.
2007-12-02 05:28:59 -05:00
printf("Build options :"
#ifdef BUILD_TARGET
[BUILD] major rework of the GNU Makefile The build process was getting annoying under some conditions, especially on platforms which are used to set CFLAGS, as well as those which set a lot of complex defines. The new Makefile takes care of this situation by not mixing TARGET, CPU and user values, and by making privileging the pre-setting of common variables with the ability to override them. Now CFLAGS and LDFLAGS are set by default and may be overridden without the risk of breaking useful defines. Options are better dealt with, and as a bonus, it was possible to merge the FreeBSD and OpenBSD targets into the common GNU Makefile. The report of build options by "haproxy -vv" has been slightly adapted to the new mode. Options implied by architecture are not reported, only user-specified options are. It is also possible to add options which will not be reported in order not to mangle the output when specifying dirty informations such as URLs... The Makefile was copiously documented and it should be easier to build for any target now. Backwards compatibility with older build processes was kept, and warnings are emitted for deprecated build options.
2008-01-02 14:48:34 -05:00
"\n TARGET = " BUILD_TARGET
[MINOR] store the build options to report with -vv Sometimes it is useful to find out how a given binary version was built. The build compiler and options are now provided for this, and it's possible to get them with the -vv option.
2007-12-02 05:28:59 -05:00
#endif
#ifdef BUILD_CC
[BUILD] major rework of the GNU Makefile The build process was getting annoying under some conditions, especially on platforms which are used to set CFLAGS, as well as those which set a lot of complex defines. The new Makefile takes care of this situation by not mixing TARGET, CPU and user values, and by making privileging the pre-setting of common variables with the ability to override them. Now CFLAGS and LDFLAGS are set by default and may be overridden without the risk of breaking useful defines. Options are better dealt with, and as a bonus, it was possible to merge the FreeBSD and OpenBSD targets into the common GNU Makefile. The report of build options by "haproxy -vv" has been slightly adapted to the new mode. Options implied by architecture are not reported, only user-specified options are. It is also possible to add options which will not be reported in order not to mangle the output when specifying dirty informations such as URLs... The Makefile was copiously documented and it should be easier to build for any target now. Backwards compatibility with older build processes was kept, and warnings are emitted for deprecated build options.
2008-01-02 14:48:34 -05:00
"\n CC = " BUILD_CC
#endif
#ifdef BUILD_CFLAGS
"\n CFLAGS = " BUILD_CFLAGS
[MINOR] store the build options to report with -vv Sometimes it is useful to find out how a given binary version was built. The build compiler and options are now provided for this, and it's possible to get them with the -vv option.
2007-12-02 05:28:59 -05:00
#endif
[BUILD] major rework of the GNU Makefile The build process was getting annoying under some conditions, especially on platforms which are used to set CFLAGS, as well as those which set a lot of complex defines. The new Makefile takes care of this situation by not mixing TARGET, CPU and user values, and by making privileging the pre-setting of common variables with the ability to override them. Now CFLAGS and LDFLAGS are set by default and may be overridden without the risk of breaking useful defines. Options are better dealt with, and as a bonus, it was possible to merge the FreeBSD and OpenBSD targets into the common GNU Makefile. The report of build options by "haproxy -vv" has been slightly adapted to the new mode. Options implied by architecture are not reported, only user-specified options are. It is also possible to add options which will not be reported in order not to mangle the output when specifying dirty informations such as URLs... The Makefile was copiously documented and it should be easier to build for any target now. Backwards compatibility with older build processes was kept, and warnings are emitted for deprecated build options.
2008-01-02 14:48:34 -05:00
#ifdef BUILD_OPTIONS
"\n OPTIONS = " BUILD_OPTIONS
BUILD: report the whole feature set with their status in haproxy -vv It's not convenient not to know the status of default options, and requires the user to know what option is enabled by default in each target. With this patch, a new "Features list" line is added to the output of "haproxy -vv" to report the whole list of known features with their respective status. They're prefixed with a "+" when enabled or a "-" when disabled. The "USE_" prefix is removed for clarity.
2019-03-27 08:20:08 -04:00
#endif
BUILD: Show the value of DEBUG= in haproxy -vv Previously this was not visible after building.
2020-11-21 12:07:59 -05:00
#ifdef BUILD_DEBUG
"\n DEBUG = " BUILD_DEBUG
#endif
MINOR: haproxy: permit to register features during boot The regtests are using the "feature()" predicate but this one can only rely on build-time options. It would be nice if some runtime-specific options could be detected at boot time so that regtests could more flexibly adapt to what is supported (capabilities, splicing, etc). Similarly, certain features that are currently enabled with USE_XXX could also be automatically detected at build time using ifdefs and would simplify the configuration, but then we'd lose the feature report in the feature list which is convenient for regtests. This patch makes sure that haproxy -vv shows the variable's contents and not the macro's contents, and adds a new hap_register_feature() to allow the code to register a new keyword.
2023-10-06 04:45:16 -04:00
"\n\nFeature list : %s"
[MEDIUM] make it possible to change the buffer size in the configuration The new tune.bufsize and tune.maxrewrite global directives allow one to change the buffer size and the maxrewrite size. Right now, setting bufsize too low will block stats sockets which will not be able to write at all. An error checking must be added to buffer_write_chunk() so that if it cannot write its message to an empty buffer, it causes the caller to abort.
2009-08-17 01:23:33 -04:00
"\n\nDefault settings :"
MINOR: config: remove obsolete use of DEFAULT_MAXCONN at various places This entry was still set to 2000 but never used anymore. The only places where it appeared was as an alias to SYSTEM_MAXCONN which forces it, so let's turn these ones to SYSTEM_MAXCONN and remove the default value for DEFAULT_MAXCONN. SYSTEM_MAXCONN still defines the upper bound however.
2019-03-13 05:03:07 -04:00
"\n bufsize = %d, maxrewrite = %d, maxpollevents = %d"
[MEDIUM] make it possible to change the buffer size in the configuration The new tune.bufsize and tune.maxrewrite global directives allow one to change the buffer size and the maxrewrite size. Right now, setting bufsize too low will block stats sockets which will not be able to write at all. An error checking must be added to buffer_write_chunk() so that if it cannot write its message to an empty buffer, it causes the caller to abort.
2009-08-17 01:23:33 -04:00
"\n\n",
MINOR: haproxy: permit to register features during boot The regtests are using the "feature()" predicate but this one can only rely on build-time options. It would be nice if some runtime-specific options could be detected at boot time so that regtests could more flexibly adapt to what is supported (capabilities, splicing, etc). Similarly, certain features that are currently enabled with USE_XXX could also be automatically detected at build time using ifdefs and would simplify the configuration, but then we'd lose the feature report in the feature list which is convenient for regtests. This patch makes sure that haproxy -vv shows the variable's contents and not the macro's contents, and adds a new hap_register_feature() to allow the code to register a new keyword.
2023-10-06 04:45:16 -04:00
build_features, BUFSIZE, MAXREWRITE, MAX_POLL_EVENTS);
[MINOR] report list of supported pollers with -vv During troubleshooting, it's often useful to get the list of supported pollers but until now it was required to have a working configuration first. Since the pollers are known before main() is called, let's list them with the build options.
2009-10-03 12:57:08 -04:00
MINOR: global: export a way to list build options The new function hap_get_next_build_opt() will iterate over the list of build options. This will be used for debugging, so that the build options can be retrieved from the CLI.
2024-01-02 04:56:05 -05:00
for (opt = NULL; (opt = hap_get_next_build_opt(opt)); puts(*opt))
;
MINOR: haproxy: add a registration for build options Many extensions now report some build options to ease debugging, but this is now being done at the expense of code maintainability. Let's provide a registration function to do this so that we can start to remove most of the #ifdefs from haproxy.c (18 currently just for a single function).
2016-12-21 12:43:10 -05:00
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
putchar('\n');
[MINOR] report list of supported pollers with -vv During troubleshooting, it's often useful to get the list of supported pollers but until now it was required to have a working configuration first. Since the pollers are known before main() is called, let's list them with the build options.
2009-10-03 12:57:08 -04:00
list_pollers(stdout);
putchar('\n');
MINOR: mux: Print the list of existing mux protocols during HA startup This is done in verbose/debug mode and when build options are reported.
2018-04-10 08:37:32 -04:00
list_mux_proto(stdout);
putchar('\n');
MINOR: init: report the list of optionally available services It's never easy to guess what services are built in. We currently have the prometheus exporter in contrib/ which is the only extension for now. Let's enumerate all available ones just like we do for filterr and pollers.
2019-03-19 03:08:10 -04:00
list_services(stdout);
putchar('\n');
MINOR: filters: Print the list of existing filters during HA startup This is done in verbose/debug mode and when build options are reported.
2016-03-07 06:46:38 -05:00
list_filters(stdout);
putchar('\n');
[MINOR] store the build options to report with -vv Sometimes it is useful to find out how a given binary version was built. The build compiler and options are now provided for this, and it's possible to get them with the -vv option.
2007-12-02 05:28:59 -05:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
* This function prints the command line usage and exits
*/
CLEANUP: haproxy: statify unexported functions haproxy.c is a real mess. Let's start to clean it up by declaring static all functions which are not exported (ie almost all of them).
2016-12-21 12:19:57 -05:00
static void usage(char *name)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
display_version();
fprintf(stderr,
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
"Usage : %s [-f <cfgfile|cfgdir>]* [ -vdV"
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
"D ] [ -n <maxconn> ] [ -N <maxpconn> ]\n"
MEDIUM: init: support a list of files on the command line HAProxy could already support being passed a file list on the command line, by passing multiple times "-f" followed by a file name. People have been complaining that it made it hard to pass file lists from init scripts. This patch introduces an end of arguments using the common "--" tag, after which only file names may appear. These files are then added to the existing list of other files specified using -f and are loaded in their declaration order. Thus it becomes possible to do something like this : haproxy -sf $(pidof haproxy) -- /etc/haproxy/global.cfg /etc/haproxy/customers/*.cfg
2015-10-08 05:58:48 -04:00
" [ -p <pidfile> ] [ -m <max megs> ] [ -C <dir> ] [-- <cfgfile>*]\n"
[MINOR] store the build options to report with -vv Sometimes it is useful to find out how a given binary version was built. The build compiler and options are now provided for this, and it's possible to get them with the -vv option.
2007-12-02 05:28:59 -05:00
" -v displays version ; -vv shows known build options.\n"
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
" -d enters debug mode ; -db only disables background mode.\n"
MINOR: pools: support setting debugging options using -dM The 9 currently available debugging options may now be checked, set, or cleared using -dM. The directive now takes a comma-delimited list of options after the optional poisonning byte. With "help", the list of available options is displayed with a short help and their current status. The management doc was updated.
2022-02-23 09:20:53 -05:00
" -dM[<byte>,help,...] debug memory (default: poison with <byte>/0x50)\n"
MINOR: trace: define simple -dt argument Add '-dt' haproxy process argument. This will automatically activate all trace sources on stderr with the error level. This could be useful to troubleshoot issues such as protocol violations.
2023-11-22 08:58:59 -05:00
" -dt activate traces on stderr\n"
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
" -V enters verbose mode (disables quiet mode)\n"
[MINOR] startup: add an option to change to a new directory Passing -C <dir> causes haproxy to chdir to <dir> before loading any file. The argument may be passed anywhere on the command line. A typical use case is : $ haproxy -C /etc/haproxy -f global.cfg -f haproxy.cfg
2011-09-10 13:26:56 -04:00
" -D goes daemon ; -C changes to <dir> before loading files.\n"
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
" -W master-worker mode.\n"
MEDIUM: mworker: Add systemd `Type=notify` support This patch adds support for `Type=notify` to the systemd unit. Supporting `Type=notify` improves both starting as well as reloading of the unit, because systemd will be let known when the action completed. See this quote from `systemd.service(5)`: > Note however that reloading a daemon by sending a signal (as with the > example line above) is usually not a good choice, because this is an > asynchronous operation and hence not suitable to order reloads of > multiple services against each other. It is strongly recommended to > set ExecReload= to a command that not only triggers a configuration > reload of the daemon, but also synchronously waits for it to complete. By making systemd aware of a reload in progress it is able to wait until the reload actually succeeded. This patch introduces both a new `USE_SYSTEMD` build option which controls including the sd-daemon library as well as a `-Ws` runtime option which runs haproxy in master-worker mode with systemd support. When haproxy is running in master-worker mode with systemd support it will send status messages to systemd using `sd_notify(3)` in the following cases: - The master process forked off the worker processes (READY=1) - The master process entered the `mworker_reload()` function (RELOADING=1) - The master process received the SIGUSR1 or SIGTERM signal (STOPPING=1) Change the unit file to specify `Type=notify` and replace master-worker mode (`-W`) with master-worker mode with systemd support (`-Ws`). Future evolutions of this feature could include making use of the `STATUS` feature of `sd_notify()` to send information about the number of active connections to systemd. This would require bidirectional communication between the master and the workers and thus is left for future work.
2017-11-20 09:58:35 -05:00
#if defined(USE_SYSTEMD)
" -Ws master-worker mode with systemd notify support.\n"
#endif
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
" -q quiet mode : don't display messages\n"
[MEDIUM] config: support loading multiple configuration files We now support up to 10 distinct configuration files. They are all loaded in the order defined by -f <file1> -f <file2> ... This can be useful in order to store global, private, public, etc... configurations in distinct files.
2009-06-22 10:02:30 -04:00
" -c check mode : only check config files and exit\n"
MINOR: haproxy: Add `-cc` argument This patch adds the `-cc` (check condition) argument to evaluate conditions on startup and return the result as the exit code. As an example this can be used to easily check HAProxy's version in scripts: haproxy -cc 'version_atleast(2.4)' This resolves GitHub issue #1246. Co-authored-by: Tim Duesterhus <tim@bastelstu.be>
2021-06-05 18:50:22 -04:00
" -cc check condition : evaluate a condition and exit\n"
MINOR: config: remove obsolete use of DEFAULT_MAXCONN at various places This entry was still set to 2000 but never used anymore. The only places where it appeared was as an alias to SYSTEM_MAXCONN which forces it, so let's turn these ones to SYSTEM_MAXCONN and remove the default value for DEFAULT_MAXCONN. SYSTEM_MAXCONN still defines the upper bound however.
2019-03-13 05:03:07 -04:00
" -n sets the maximum total # of connections (uses ulimit -n)\n"
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
" -m limits the usable amount of memory (in MB)\n"
" -N sets the default, per-proxy maximum # of connections (%d)\n"
[MAJOR] Add new files src/peer.c, include/proto/peers.h and include/types/peers.h for sync stick table management Add cmdline option -L to configure local peer name
2010-09-23 12:30:22 -04:00
" -L set local peer name (default to hostname)\n"
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
" -p writes pids of all children to this file\n"
MINOR: config: Add option line when the configuration file is dumped Add an option to dump the number lines of the configuration file when it's dumped. Other options can be easily added. Options are separated by ',' when tapping the command line: './haproxy -dC[key],line -f [file]' No backport needed, except if anonymization mechanism is backported.
2022-09-29 04:34:04 -04:00
" -dC[[key],line] display the configuration file, if there is a key, the file will be anonymised\n"
CLEANUP: build: rename some build macros to use the USE_* ones We still have quite a number of build macros which are mapped 1:1 to a USE_something setting in the makefile but which have a different name. This patch cleans this up by renaming them to use the USE_something one, allowing to clean up the makefile and make it more obvious when reading the code what build option needs to be added. The following renames were done : ENABLE_POLL -> USE_POLL ENABLE_EPOLL -> USE_EPOLL ENABLE_KQUEUE -> USE_KQUEUE ENABLE_EVPORTS -> USE_EVPORTS TPROXY -> USE_TPROXY NETFILTER -> USE_NETFILTER NEED_CRYPT_H -> USE_CRYPT_H CONFIG_HAP_CRYPT -> USE_LIBCRYPT CONFIG_HAP_NS -> DUSE_NS CONFIG_HAP_LINUX_SPLICE -> USE_LINUX_SPLICE CONFIG_HAP_LINUX_TPROXY -> USE_LINUX_TPROXY CONFIG_HAP_LINUX_VSYSCALL -> USE_LINUX_VSYSCALL
2019-05-22 13:24:06 -04:00
#if defined(USE_EPOLL)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
" -de disables epoll() usage even when available\n"
#endif
CLEANUP: build: rename some build macros to use the USE_* ones We still have quite a number of build macros which are mapped 1:1 to a USE_something setting in the makefile but which have a different name. This patch cleans this up by renaming them to use the USE_something one, allowing to clean up the makefile and make it more obvious when reading the code what build option needs to be added. The following renames were done : ENABLE_POLL -> USE_POLL ENABLE_EPOLL -> USE_EPOLL ENABLE_KQUEUE -> USE_KQUEUE ENABLE_EVPORTS -> USE_EVPORTS TPROXY -> USE_TPROXY NETFILTER -> USE_NETFILTER NEED_CRYPT_H -> USE_CRYPT_H CONFIG_HAP_CRYPT -> USE_LIBCRYPT CONFIG_HAP_NS -> DUSE_NS CONFIG_HAP_LINUX_SPLICE -> USE_LINUX_SPLICE CONFIG_HAP_LINUX_TPROXY -> USE_LINUX_TPROXY CONFIG_HAP_LINUX_VSYSCALL -> USE_LINUX_VSYSCALL
2019-05-22 13:24:06 -04:00
#if defined(USE_KQUEUE)
[MAJOR] implemented support for FreeBSD's kqueue() polling mechanism It has not been tested yet, but at least it builds.
2007-04-09 06:03:06 -04:00
" -dk disables kqueue() usage even when available\n"
#endif
CLEANUP: build: rename some build macros to use the USE_* ones We still have quite a number of build macros which are mapped 1:1 to a USE_something setting in the makefile but which have a different name. This patch cleans this up by renaming them to use the USE_something one, allowing to clean up the makefile and make it more obvious when reading the code what build option needs to be added. The following renames were done : ENABLE_POLL -> USE_POLL ENABLE_EPOLL -> USE_EPOLL ENABLE_KQUEUE -> USE_KQUEUE ENABLE_EVPORTS -> USE_EVPORTS TPROXY -> USE_TPROXY NETFILTER -> USE_NETFILTER NEED_CRYPT_H -> USE_CRYPT_H CONFIG_HAP_CRYPT -> USE_LIBCRYPT CONFIG_HAP_NS -> DUSE_NS CONFIG_HAP_LINUX_SPLICE -> USE_LINUX_SPLICE CONFIG_HAP_LINUX_TPROXY -> USE_LINUX_TPROXY CONFIG_HAP_LINUX_VSYSCALL -> USE_LINUX_VSYSCALL
2019-05-22 13:24:06 -04:00
#if defined(USE_EVPORTS)
MAJOR: polling: add event ports support (Solaris) Event ports are kqueue/epoll polling class for Solaris. Code is based on https://github.com/joyent/haproxy-1.8/tree/joyent/dev-v1.8.8. Event ports are available only on SunOS systems derived from Solaris 10 and later (including illumos systems).
2019-04-08 12:53:32 -04:00
" -dv disables event ports usage even when available\n"
#endif
CLEANUP: build: rename some build macros to use the USE_* ones We still have quite a number of build macros which are mapped 1:1 to a USE_something setting in the makefile but which have a different name. This patch cleans this up by renaming them to use the USE_something one, allowing to clean up the makefile and make it more obvious when reading the code what build option needs to be added. The following renames were done : ENABLE_POLL -> USE_POLL ENABLE_EPOLL -> USE_EPOLL ENABLE_KQUEUE -> USE_KQUEUE ENABLE_EVPORTS -> USE_EVPORTS TPROXY -> USE_TPROXY NETFILTER -> USE_NETFILTER NEED_CRYPT_H -> USE_CRYPT_H CONFIG_HAP_CRYPT -> USE_LIBCRYPT CONFIG_HAP_NS -> DUSE_NS CONFIG_HAP_LINUX_SPLICE -> USE_LINUX_SPLICE CONFIG_HAP_LINUX_TPROXY -> USE_LINUX_TPROXY CONFIG_HAP_LINUX_VSYSCALL -> USE_LINUX_VSYSCALL
2019-05-22 13:24:06 -04:00
#if defined(USE_POLL)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
" -dp disables poll() usage even when available\n"
[MEDIUM] splice: add the global "nosplice" option Setting "nosplice" in the global section will disable the use of TCP splicing (both tcpsplice and linux 2.6 splice). The same will be achieved using the "-dS" parameter on the command line.
2009-01-25 10:03:28 -05:00
#endif
CLEANUP: build: rename some build macros to use the USE_* ones We still have quite a number of build macros which are mapped 1:1 to a USE_something setting in the makefile but which have a different name. This patch cleans this up by renaming them to use the USE_something one, allowing to clean up the makefile and make it more obvious when reading the code what build option needs to be added. The following renames were done : ENABLE_POLL -> USE_POLL ENABLE_EPOLL -> USE_EPOLL ENABLE_KQUEUE -> USE_KQUEUE ENABLE_EVPORTS -> USE_EVPORTS TPROXY -> USE_TPROXY NETFILTER -> USE_NETFILTER NEED_CRYPT_H -> USE_CRYPT_H CONFIG_HAP_CRYPT -> USE_LIBCRYPT CONFIG_HAP_NS -> DUSE_NS CONFIG_HAP_LINUX_SPLICE -> USE_LINUX_SPLICE CONFIG_HAP_LINUX_TPROXY -> USE_LINUX_TPROXY CONFIG_HAP_LINUX_VSYSCALL -> USE_LINUX_VSYSCALL
2019-05-22 13:24:06 -04:00
#if defined(USE_LINUX_SPLICE)
[MEDIUM] splice: add the global "nosplice" option Setting "nosplice" in the global section will disable the use of TCP splicing (both tcpsplice and linux 2.6 splice). The same will be achieved using the "-dS" parameter on the command line.
2009-01-25 10:03:28 -05:00
" -dS disables splice usage (broken on old kernels)\n"
BUG/MINOR: Fix name lookup ordering when compiled with USE_GETADDRINFO When compiled with USE_GETADDRINFO, make sure we use getaddrinfo(3) to perform name lookups. On default dual-stack setups this will change the behavior of using IPv6 first. Global configuration option 'nogetaddrinfo' can be used to revert to deprecated gethostbyname(3).
2014-04-14 09:56:58 -04:00
#endif
#if defined(USE_GETADDRINFO)
" -dG disables getaddrinfo() usage\n"
MEDIUM: make SO_REUSEPORT configurable With Linux officially introducing SO_REUSEPORT support in 3.9 and its mainstream adoption we have seen more people running into strange SO_REUSEPORT related issues (a process management issue turning into hard to diagnose problems because the kernel load-balances between the new and an obsolete haproxy instance). Also some people simply want the guarantee that the bind fails when the old process is still bound. This change makes SO_REUSEPORT configurable, introducing the command line argument "-dR" and the noreuseport configuration directive. A backport to 1.6 should be considered.
2016-09-12 17:42:20 -04:00
#endif
#if defined(SO_REUSEPORT)
" -dR disables SO_REUSEPORT usage\n"
MINOR: debug: add support for -dL to dump library names at boot This is a second help to dump loaded library names late at boot, once external code has already been initialized. The purpose is to provide a format that makes it easy to pass to "tar" to produce an archive containing the executable and the list of dependencies. For example if haproxy is started as "haproxy -f foo.cfg", a config check only will suffice to quit before starting, "-q" will be used to disable undesired output messages, and -dL will be use to dump libraries. This will result in such a command to trivially produce a tarball of loaded libraries: ./haproxy -q -c -dL -f foo.cfg | tar -T - -hzcf archive.tgz
2021-12-28 09:43:11 -05:00
#endif
#if defined(HA_HAVE_DUMP_LIBS)
" -dL dumps loaded object files after config checks\n"
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#endif
MINOR: management: add some basic keyword dump infrastructure It's difficult from outside haproxy to detect the supported keywords and syntax. Interestingly, many of our modern keywords are enumerated since they're registered from constructors, so it's not very hard to enumerate most of them. This patch creates some basic infrastructure to support dumping existing keywords from different classes on stdout. The format will differ depending on the classes, but the idea is that the output could easily be passed to a script that generates some simple syntax highlighting rules, completion rules for editors, syntax checkers or config parsers. The principle chosen here is that if "-dK" is passed on the command-line, at the end of the parsing the registered keywords will be dumped for the requested classes passed after "-dK". Special name "help" will show known classes, while "all" will execute all of them. The reason for doing that after the end of the config processor is that it will also enumerate internally-generated keywords, Lua or even those loaded from external code (e.g. if an add-on is loaded using LD_PRELOAD). A typical way to call this with a valid config would be: ./haproxy -dKall -q -c -f /path/to/config If there's no config available, feeding /dev/null will also do the job, though it will not be able to detect dynamically created keywords, of course. This patch also updates the management doc. For now nothing but the help is listed, various subsystems will follow in subsequent patches.
2022-03-08 10:01:40 -05:00
" -dK{class[,...]} dump registered keywords (use 'help' for list)\n"
MINOR: init: add -dr to ignore server address resolution failures It is very common when validating a configuration out of production not to have access to the same resolvers and to fail on server address resolution, making it difficult to test a configuration. This option simply appends the "none" method to the list of address resolution methods for all servers, ensuring that even if the libc fails to resolve an address, the startup sequence is not interrupted.
2016-11-07 15:03:16 -05:00
" -dr ignores server address resolution failures\n"
MEDIUM: ssl: Set verify 'required' as global default for servers side. If no CA file specified on a server line, the config parser will show an error. Adds an cmdline option '-dV' to re-set verify 'none' as global default on servers side (previous behavior). Also adds 'ssl-server-verify' global statement to set global default to 'none' or 'required'. WARNING: this changes the default verify mode from "none" to "required" on the server side, and it *will* break insecure setups.
2014-01-29 06:24:34 -05:00
" -dV disables SSL verify on servers side\n"
MINOR: init: add -dW and "zero-warning" to reject configs with warnings Since some systems switched to service managers which hide all warnings by default, some users are not aware of some possibly important warnings and get caught too late with errors that could have been detected earlier. This patch adds a new global keyword, "zero-warning" and an equivalent command-line option "-dW" to refuse to start in case any warning is detected. It is recommended to use these with configurations that are managed by humans in order to catch mistakes very early.
2020-04-15 10:42:39 -04:00
" -dW fails if any warning is emitted\n"
MINOR: global: define diagnostic mode of execution Define MODE_DIAG which is used to run haproxy in diagnostic mode. This mode is used to output extra warnings about possible configuration blunder or sub-optimal usage. It can be activated with argument '-dD'. A new output function ha_diag_warning is implemented reserved for diagnostic output. It serves to standardize the format of diagnostic messages. A macro HA_DIAG_WARN_COND is also available to automatically check if diagnostic mode is on before executing the diagnostic check.
2021-03-29 04:29:07 -04:00
" -dD diagnostic mode : warn about suspicious configuration statements\n"
MINOR: haproxy: Add an command option to disable data fast-forward The -dF option can now be used to disable data fast-forward. It does the same than the global option "tune.fast-forward off". Some reg-tests may rely on this optim. To detect the feature and skip such script, the following vtest command must be used: feature cmd "$HAPROXY_PROGRAM -cc '!(globa.tune & GTUNE_NO_FAST_FWD)'"
2023-02-14 10:12:54 -05:00
" -dF disable fast-forward\n"
MINOR: debug: enable insecure fork on the command line -dI allow to enable "insure-fork-wanted" directly from the command line, which is useful when you want to run ASAN with addr2line with a lot of configuration files without editing them.
2024-03-13 06:08:50 -04:00
" -dI enable insecure fork\n"
MINOR: global: Add an option to disable the zero-copy forwarding The zero-copy forwarding or the mux-to-mux forwarding is a way to fast-forward data without using the channels buffers. Data are transferred from a mux to the other one. The kernel splicing is an optimization of the zero-copy forwarding. But it can also use normal buffers (but not channels ones). This way, it could be possible to fast-forward data with muxes not supporting the kernel splicing (H2 and H3 muxes) but also with applets. However, this mode can introduce regressions or bugs in future (just like the kernel splicing). Thus, It could be usefull to disable this optim. To do so, in configuration, the global tune settting 'tune.disable-zero-copy-forwarding' may be set in a global section or the '-dZ' command line parameter may be used to start HAProxy. Of course, this also disables the kernel splicing.
2023-10-16 12:28:59 -04:00
" -dZ disable zero-copy forwarding\n"
MEDIUM: init: support more command line arguments after pid list Given that all command line arguments start with a '-' and that no pid number can start with this character, there's no constraint to make the pid list the last argument. Let's relax this rule.
2015-10-08 05:32:32 -04:00
" -sf/-st [pid ]* finishes/terminates old pids.\n"
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
" -x <unix_socket> get listening sockets from a unix socket\n"
MINOR: doc: update the manpage and usage message about -S Add -S in the manpage, and update the usage message. Should be backported to 1.9.
2019-06-13 11:03:37 -04:00
" -S <bind>[,<bind options>...] new master CLI\n"
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
"\n",
MINOR: config: remove obsolete use of DEFAULT_MAXCONN at various places This entry was still set to 2000 but never used anymore. The only places where it appeared was as an alias to SYSTEM_MAXCONN which forces it, so let's turn these ones to SYSTEM_MAXCONN and remove the default value for DEFAULT_MAXCONN. SYSTEM_MAXCONN still defines the upper bound however.
2019-03-13 05:03:07 -04:00
name, cfg_maxpconn);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
exit(1);
}
/*********************************************************************/
/* more specific functions ***************************************/
/*********************************************************************/
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
/* sends the signal <sig> to all pids found in <oldpids>. Returns the number of
* pids the signal was correctly delivered to.
*/
REORG: mworker: move signal handlers and related functions Move the following functions to mworker.c: void mworker_catch_sighup(struct sig_handler *sh); void mworker_catch_sigterm(struct sig_handler *sh); void mworker_catch_sigchld(struct sig_handler *sh); static void mworker_kill(int sig); int current_child(int pid);
2019-04-01 05:29:56 -04:00
int tell_old_pids(int sig)
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
{
int p;
int ret = 0;
for (p = 0; p < nb_oldpids; p++)
if (kill(oldpids[p], sig) == 0)
ret++;
return ret;
}
/*
* remove a pid forom the olpid array and decrease nb_oldpids
* return 1 pid was found otherwise return 0
*/
int delete_oldpid(int pid)
{
int i;
for (i = 0; i < nb_oldpids; i++) {
if (oldpids[i] == pid) {
oldpids[i] = oldpids[nb_oldpids - 1];
oldpids[nb_oldpids - 1] = 0;
nb_oldpids--;
return 1;
}
}
return 0;
}
MEDIUM: mworker: try to guess the next stats socket to use with -x In master worker mode, you can't specify the stats socket where you get your listeners FDs on a reload, because the command line of the re-exec is launched by the master. To solve the problem, when -x is found on the command line, its parameter is rewritten on a reexec with the first stats socket with the capability to send sockets. It tries to reuse the original parameter if it has this capability.
2017-06-01 11:38:53 -04:00
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
/*
* When called, this function reexec haproxy with -sf followed by current
CLEANUP: Fix some typos in the haproxy subsystem Fix some typos in the code comments of the haproxy subsystem.
2018-11-15 13:41:50 -05:00
* children PIDs and possibly old children PIDs if they didn't leave yet.
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
*/
MINOR: mworker/cli: implement hard-reload over the master CLI The mworker mode never had a proper 'hard-stop' (-st) for the reload, this is a mode which was commonly used with the daemon mode, but it was never implemented in mworker mode. This patch fixes the problem by implementing a "hard-reload" command over the master CLI. It does the same as the "reload" command, but instead of waiting for the connections to stop in the previous process, it immediately quits the previous process after binding.
2023-11-24 15:20:32 -05:00
static void mworker_reexec(int hardreload)
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
{
BUG/MEDIUM: mworker: fix the reload with an -- option When HAProxy is started with a '--' option, all following parameters are considered configuration files. You can't add new options after a '--'. The current reload system of the master-worker adds extra options at the end of the arguments list. Which is a problem if HAProxy was started wih '--'. This patch fixes the issue by copying the new option at the beginning of the arguments list instead of the end. This patch must be backported as far as 1.8.
2020-06-05 08:08:41 -04:00
char **next_argv = NULL;
int old_argc = 0; /* previous number of argument */
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
int next_argc = 0;
BUG/MEDIUM: mworker: fix the reload with an -- option When HAProxy is started with a '--' option, all following parameters are considered configuration files. You can't add new options after a '--'. The current reload system of the master-worker adds extra options at the end of the arguments list. Which is a problem if HAProxy was started wih '--'. This patch fixes the issue by copying the new option at the beginning of the arguments list instead of the end. This patch must be backported as far as 1.8.
2020-06-05 08:08:41 -04:00
int i = 0;
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
char *msg = NULL;
BUG/MINOR: mworker: be careful to restore the original rlim_fd_cur/max on reload When the master re-execs itself on reload, it doesn't restore the initial rlim_fd_cur/rlim_fd_max values, which have been modified by the ulimit-n or global maxconn directives. This is a problem, because if these values were set really low it could prevent the process from restarting, and if they were set very high, this could have some implications on the restart time, or later on the computed maxconn. Let's simply reset these values to the ones we had at boot to maintain the system in a consistent state. A backport could be performed to 1.9 and maybe 1.8. This patch depends on the two previous ones.
2019-03-01 04:21:55 -05:00
struct rlimit limit;
MEDIUM: mworker: seamless reload use the internal sockpairs With the master worker, the seamless reload was still requiring an external stats socket to the previous process, which is a pain to configure. This patch implements a way to use the internal socketpair between the master and the workers to transfer the sockets during the reload. This way, the master will always try to transfer the socket, even without any configuration. The master will still reload with the -x argument, followed by the sockpair@ syntax. ( ex -x sockpair@4 ). Which use the FD of internal CLI to the worker.
2021-11-24 12:45:37 -05:00
struct mworker_proc *current_child = NULL;
BUG/MINOR: mworker: reintroduce way to disable seamless reload with -x /dev/null Since the introduction of the automatic seamless reload using the internal socketpair, there is no way of disabling the seamless reload. Previously we just needed to remove -x from the startup command line, and remove any "expose-fd" keyword on stats socket lines. This was introduced in 2be557f7c ("MEDIUM: mworker: seamless reload use the internal sockpairs"). The patch copy /dev/null again and pass it to the next exec so we never try to get socket from the -x. Must be backported as far as 2.6.
2024-04-26 09:08:31 -04:00
int x_off = 0; /* disable -x by putting -x /dev/null */
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
mworker_block_signals();
setenv("HAPROXY_MWORKER_REEXEC", "1", 1);
BUG/MINOR: mworker: fix a FD leak of a sockpair upon a failed reload When starting HAProxy in master-worker, the master pre-allocate a struct mworker_proc and do a socketpair() before the configuration parsing. If the configuration loading failed, the FD are never closed because they aren't part of listener, they are not even in the fdtab. This patch fixes the issue by cleaning the mworker_proc structure that were not asssigned a process, and closing its FDs. Must be backported as far as 2.0, the srv_drop() only frees the memory and could be dropped since it's done before an exec().
2022-01-28 15:17:30 -05:00
mworker_cleanup_proc();
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
mworker_proc_list_to_env(); /* put the children description in the env */
BUG/MEDIUM: mworker: cleanup the listeners when reexecuting Previously, the cleanup of the listeners was done in mworker_loop(), which was called once the configuration file was parsed. HAProxy was switching in wait mode when the configuration failed to load, so no listeners where created. Since the latest change on the mworker mode, HAProxy switch to wait mode after successfuly loading the configuration, without cleaning its listeners, because it was done in mworker_loop, resulting in the master not closing its listeners and keeping them. The master needs its configuration to know which listeners it need to close, so that must be done before the exec(). This patch fixes the problem by cleaning the listeners in the mworker_reexec() function. No backport needeed.
2021-11-18 04:51:30 -05:00
/* ensure that we close correctly every listeners before reexecuting */
mworker_cleanlisteners();
BUG/MEDIUM: mworker: fix FD leak upon reload We reintroduced some FDs leaking by using a poller and some listeners in the master. The master proxy needs to be stopped to avoid leaking its listeners, the polling loop needs to be deinit, and the thread waker pipe need to be closed too. No backport needed.
2018-11-26 05:53:40 -05:00
/* during the reload we must ensure that every FDs that can't be
* reuse (ie those that are not referenced in the proc_list)
* are closed or they will leak. */
/* close the listeners FD */
mworker_cli_proxy_stop();
BUG/MEDIUM: mworker: don't call the thread and fdtab deinit Before switching to wait mode, the per thread deinit should not be called, because we didn't initiate threads and fdtab. The problem is that the master could crash if we try to reload HAProxy The commit 944e619 ("MEDIUM: mworker: wait mode use standard init code path") removed the deinit code by accident, but its fix 7c756a8 ("BUG/MEDIUM: mworker: fix FD leak upon reload") was incomplete and did not took care of the WAIT_MODE. This fix must be backported in 1.9 and 2.0
2019-06-24 11:40:48 -04:00
BUG/MEDIUM: mworker: FD leak of the eventpoll in wait mode Since 2.5, before re-executing in wait mode, the master can have a working configuration loaded, with a eventpoll fd. This case was not handled correctly and a new eventpoll FD is leaking in the master at each reload, which is inherited by the new worker. Must be backported in 2.5.
2021-11-25 04:03:44 -05:00
if (fdtab)
deinit_pollers();
BUG/MINOR: mworker: deinit of thread poller was called when not initialized Commit 67e371e ("BUG/MEDIUM: mworker: FD leak of the eventpoll in wait mode") introduced a regression. Upon a reload it tries to deinit the poller per thread, but no poll loop was initialized after loading the configuration. This patch fixes the issue by moving this part of the code in mworker_reload(), since this function will be called only when the poller is fully initialized. This patch must be backported in 2.5.
2021-11-26 08:43:57 -05:00
BUILD: SSL: introduce fine guard for RAND_keep_random_devices_open RAND_keep_random_devices_open is OpenSSL specific function, not implemented in LibreSSL and BoringSSL. Let us define guard HAVE_SSL_RAND_KEEP_RANDOM_DEVICES_OPEN in include/haproxy/openssl-compat.h That guard does not depend anymore on HA_OPENSSL_VERSION
2021-02-19 13:42:53 -05:00
#ifdef HAVE_SSL_RAND_KEEP_RANDOM_DEVICES_OPEN
BUG/MINOR: mworker/ssl: close openssl FDs unconditionally Patch 56996da ("BUG/MINOR: mworker/ssl: close OpenSSL FDs on reload") fixes a issue where the /dev/random FD was leaked by OpenSSL upon a reload in master worker mode. Indeed the FD was not flagged with CLOEXEC. The fix was checking if ssl_used_frontend or ssl_used_backend were set to close the FD. This is wrong, indeed the lua init code creates an SSL server without increasing the backend value, so the deinit is never done when you don't use SSL in your configuration. To reproduce the problem you just need to build haproxy with openssl and lua with an openssl which does not use the getrandom() syscall. No openssl nor lua configuration are required for haproxy. This patch must be backported as far as 1.8. Fix issue #314.
2019-10-15 08:04:08 -04:00
/* close random device FDs */
RAND_keep_random_devices_open(0);
BUG/MINOR: mworker/ssl: close OpenSSL FDs on reload From OpenSSL 1.1.1, the default behaviour is to maintain open FDs to any random devices that get used by the random number library. As a result, those FDs leak when the master re-execs on reload; since those FDs are not marked FD_CLOEXEC or O_CLOEXEC, they also get inherited by children. Eventually both master and children run out of FDs. OpenSSL 1.1.1 introduces a new function to control whether the random devices are kept open. When clearing the keep-open flag, it also closes any currently open FDs, so it can be used to clean-up open FDs too. Therefore, a call to this function is made in mworker_reload prior to re-exec. The call is guarded by whether SSL is in use, because it will cause initialisation of the OpenSSL random number library if that has not already been done. This should be backported to 1.9 and 1.8.
2019-05-03 04:11:32 -04:00
#endif
BUG/MEDIUM: mworker: fix FD leak upon reload We reintroduced some FDs leaking by using a poller and some listeners in the master. The master proxy needs to be stopped to avoid leaking its listeners, the polling loop needs to be deinit, and the thread waker pipe need to be closed too. No backport needed.
2018-11-26 05:53:40 -05:00
BUG/MINOR: mworker: be careful to restore the original rlim_fd_cur/max on reload When the master re-execs itself on reload, it doesn't restore the initial rlim_fd_cur/rlim_fd_max values, which have been modified by the ulimit-n or global maxconn directives. This is a problem, because if these values were set really low it could prevent the process from restarting, and if they were set very high, this could have some implications on the restart time, or later on the computed maxconn. Let's simply reset these values to the ones we had at boot to maintain the system in a consistent state. A backport could be performed to 1.9 and maybe 1.8. This patch depends on the two previous ones.
2019-03-01 04:21:55 -05:00
/* restore the initial FD limits */
limit.rlim_cur = rlim_fd_cur_at_boot;
limit.rlim_max = rlim_fd_max_at_boot;
MINOR: init: do not try to shrink existing RLIMIT_NOFIlE As seen in issue #1866, some environments will not allow to change the current FD limit, and actually we don't need to do it, we only do it as a byproduct of adjusting the limit to the one that fits. Here we're replacing calls to setrlimit() with calls to raise_rlim_nofile(), which will avoid making the setrlimit() syscall in case the desired value is lower than the current process' one. This depends on previous commit "MINOR: fd: add a new function to only raise RLIMIT_NOFILE" and may need to be backported to 2.6, possibly earlier, depending on users' experience in such environments.
2022-09-22 10:12:08 -04:00
if (raise_rlim_nofile(&limit, &limit) != 0) {
BUG/MINOR: mworker: be careful to restore the original rlim_fd_cur/max on reload When the master re-execs itself on reload, it doesn't restore the initial rlim_fd_cur/rlim_fd_max values, which have been modified by the ulimit-n or global maxconn directives. This is a problem, because if these values were set really low it could prevent the process from restarting, and if they were set very high, this could have some implications on the restart time, or later on the computed maxconn. Let's simply reset these values to the ones we had at boot to maintain the system in a consistent state. A backport could be performed to 1.9 and maybe 1.8. This patch depends on the two previous ones.
2019-03-01 04:21:55 -05:00
ha_warning("Failed to restore initial FD limits (cur=%u max=%u), using cur=%u max=%u\n",
rlim_fd_cur_at_boot, rlim_fd_max_at_boot,
(unsigned int)limit.rlim_cur, (unsigned int)limit.rlim_max);
}
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
/* compute length */
BUG/MEDIUM: mworker: fix the reload with an -- option When HAProxy is started with a '--' option, all following parameters are considered configuration files. You can't add new options after a '--'. The current reload system of the master-worker adds extra options at the end of the arguments list. Which is a problem if HAProxy was started wih '--'. This patch fixes the issue by copying the new option at the beginning of the arguments list instead of the end. This patch must be backported as far as 1.8.
2020-06-05 08:08:41 -04:00
while (old_argv[old_argc])
old_argc++;
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
MEDIUM: mworker: try to guess the next stats socket to use with -x In master worker mode, you can't specify the stats socket where you get your listeners FDs on a reload, because the command line of the re-exec is launched by the master. To solve the problem, when -x is found on the command line, its parameter is rewritten on a reexec with the first stats socket with the capability to send sockets. It tries to reuse the original parameter if it has this capability.
2017-06-01 11:38:53 -04:00
/* 1 for haproxy -sf, 2 for -x /socket */
BUG/MINOR: mworker: don't use oldpids[] anymore for reload Since commit 3f12887 ("MINOR: mworker: don't use children variable anymore"), the oldpids array is not used anymore to generate the new -sf parameters. So we don't need to set nb_oldpids to 0 during the first start of the master process. This patch fixes a bug when 2 masters process tries to synchronize their peers, there is a small chances that it won't work because nb_oldpids equals 0. Should be backported as far as 2.0.
2021-04-21 10:55:34 -04:00
next_argv = calloc(old_argc + 1 + 2 + mworker_child_nb() + 1,
CLEANUP: Do not use a fixed type for 'sizeof' in 'calloc' Changes performed using the following coccinelle patch: @@ type T; expression E; expression t; @@ ( t = calloc(E, sizeof(*t)) | - t = calloc(E, sizeof(T)) + t = calloc(E, sizeof(*t)) ) Looking through the commit history, grepping for coccinelle shows that the same replacement with a different patch was already performed in the past in commit 02779b6263a177b1e462e53db6eaf57bcda574bc.
2020-09-12 14:26:43 -04:00
sizeof(*next_argv));
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
if (next_argv == NULL)
goto alloc_error;
BUG/MEDIUM: mworker: fix the reload with an -- option When HAProxy is started with a '--' option, all following parameters are considered configuration files. You can't add new options after a '--'. The current reload system of the master-worker adds extra options at the end of the arguments list. Which is a problem if HAProxy was started wih '--'. This patch fixes the issue by copying the new option at the beginning of the arguments list instead of the end. This patch must be backported as far as 1.8.
2020-06-05 08:08:41 -04:00
/* copy the program name */
next_argv[next_argc++] = old_argv[0];
CLEANUP: assorted typo fixes in the code and comments This is 42nd iteration of typo fixes
2024-04-30 10:11:27 -04:00
/* we need to reintroduce /dev/null every time */
BUG/MINOR: mworker: reintroduce way to disable seamless reload with -x /dev/null Since the introduction of the automatic seamless reload using the internal socketpair, there is no way of disabling the seamless reload. Previously we just needed to remove -x from the startup command line, and remove any "expose-fd" keyword on stats socket lines. This was introduced in 2be557f7c ("MEDIUM: mworker: seamless reload use the internal sockpairs"). The patch copy /dev/null again and pass it to the next exec so we never try to get socket from the -x. Must be backported as far as 2.6.
2024-04-26 09:08:31 -04:00
if (old_unixsocket && strcmp(old_unixsocket, "/dev/null") == 0)
x_off = 1;
BUG/MEDIUM: mworker: fix the reload with an -- option When HAProxy is started with a '--' option, all following parameters are considered configuration files. You can't add new options after a '--'. The current reload system of the master-worker adds extra options at the end of the arguments list. Which is a problem if HAProxy was started wih '--'. This patch fixes the issue by copying the new option at the beginning of the arguments list instead of the end. This patch must be backported as far as 1.8.
2020-06-05 08:08:41 -04:00
/* insert the new options just after argv[0] in case we have a -- */
MEDIUM: mworker: seamless reload use the internal sockpairs With the master worker, the seamless reload was still requiring an external stats socket to the previous process, which is a pain to configure. This patch implements a way to use the internal socketpair between the master and the workers to transfer the sockets during the reload. This way, the master will always try to transfer the socket, even without any configuration. The master will still reload with the -x argument, followed by the sockpair@ syntax. ( ex -x sockpair@4 ). Which use the FD of internal CLI to the worker.
2021-11-24 12:45:37 -05:00
if (getenv("HAPROXY_MWORKER_WAIT_ONLY") == NULL) {
BUG/MINOR: mworker: does not add the -sf in wait mode Since the wait mode is automatically executed after charging the configuration, -sf was shown in argv[] with the previous PID, which is normal, but also the current one. This is only a visual problem when listing the processes, because -sf does not do anything in wait mode. Fix the issue by removing the whole "-sf" part in wait mode, but the executed command can be seen in the argv[] of the latest worker forked. Must be backported in 2.5.
2021-11-24 18:49:19 -05:00
/* add -sf <PID>* to argv */
if (mworker_child_nb() > 0) {
struct mworker_proc *child;
MINOR: mworker/cli: implement hard-reload over the master CLI The mworker mode never had a proper 'hard-stop' (-st) for the reload, this is a mode which was commonly used with the daemon mode, but it was never implemented in mworker mode. This patch fixes the problem by implementing a "hard-reload" command over the master CLI. It does the same as the "reload" command, but instead of waiting for the connections to stop in the previous process, it immediately quits the previous process after binding.
2023-11-24 15:20:32 -05:00
if (hardreload)
next_argv[next_argc++] = "-st";
else
next_argv[next_argc++] = "-sf";
BUG/MINOR: mworker: does not add the -sf in wait mode Since the wait mode is automatically executed after charging the configuration, -sf was shown in argv[] with the previous PID, which is normal, but also the current one. This is only a visual problem when listing the processes, because -sf does not do anything in wait mode. Fix the issue by removing the whole "-sf" part in wait mode, but the executed command can be seen in the argv[] of the latest worker forked. Must be backported in 2.5.
2021-11-24 18:49:19 -05:00
list_for_each_entry(child, &proc_list, list) {
if (!(child->options & PROC_O_LEAVING) && (child->options & PROC_O_TYPE_WORKER))
current_child = child;
if (!(child->options & (PROC_O_TYPE_WORKER|PROC_O_TYPE_PROG)) || child->pid <= -1)
continue;
if ((next_argv[next_argc++] = memprintf(&msg, "%d", child->pid)) == NULL)
goto alloc_error;
msg = NULL;
}
}
BUG/MINOR: mworker: reintroduce way to disable seamless reload with -x /dev/null Since the introduction of the automatic seamless reload using the internal socketpair, there is no way of disabling the seamless reload. Previously we just needed to remove -x from the startup command line, and remove any "expose-fd" keyword on stats socket lines. This was introduced in 2be557f7c ("MEDIUM: mworker: seamless reload use the internal sockpairs"). The patch copy /dev/null again and pass it to the next exec so we never try to get socket from the -x. Must be backported as far as 2.6.
2024-04-26 09:08:31 -04:00
if (!x_off && current_child) {
MEDIUM: mworker: seamless reload use the internal sockpairs With the master worker, the seamless reload was still requiring an external stats socket to the previous process, which is a pain to configure. This patch implements a way to use the internal socketpair between the master and the workers to transfer the sockets during the reload. This way, the master will always try to transfer the socket, even without any configuration. The master will still reload with the -x argument, followed by the sockpair@ syntax. ( ex -x sockpair@4 ). Which use the FD of internal CLI to the worker.
2021-11-24 12:45:37 -05:00
/* add the -x option with the socketpair of the current worker */
next_argv[next_argc++] = "-x";
if ((next_argv[next_argc++] = memprintf(&msg, "sockpair@%d", current_child->ipc_fd[0])) == NULL)
goto alloc_error;
msg = NULL;
}
MEDIUM: mworker: try to guess the next stats socket to use with -x In master worker mode, you can't specify the stats socket where you get your listeners FDs on a reload, because the command line of the re-exec is launched by the master. To solve the problem, when -x is found on the command line, its parameter is rewritten on a reexec with the first stats socket with the capability to send sockets. It tries to reuse the original parameter if it has this capability.
2017-06-01 11:38:53 -04:00
}
BUG/MINOR: mworker: reintroduce way to disable seamless reload with -x /dev/null Since the introduction of the automatic seamless reload using the internal socketpair, there is no way of disabling the seamless reload. Previously we just needed to remove -x from the startup command line, and remove any "expose-fd" keyword on stats socket lines. This was introduced in 2be557f7c ("MEDIUM: mworker: seamless reload use the internal sockpairs"). The patch copy /dev/null again and pass it to the next exec so we never try to get socket from the -x. Must be backported as far as 2.6.
2024-04-26 09:08:31 -04:00
if (x_off) {
/* if the cmdline contained a -x /dev/null, continue to use it */
next_argv[next_argc++] = "-x";
next_argv[next_argc++] = "/dev/null";
}
BUG/MEDIUM: mworker: fix the reload with an -- option When HAProxy is started with a '--' option, all following parameters are considered configuration files. You can't add new options after a '--'. The current reload system of the master-worker adds extra options at the end of the arguments list. Which is a problem if HAProxy was started wih '--'. This patch fixes the issue by copying the new option at the beginning of the arguments list instead of the end. This patch must be backported as far as 1.8.
2020-06-05 08:08:41 -04:00
/* copy the previous options */
for (i = 1; i < old_argc; i++)
next_argv[next_argc++] = old_argv[i];
BUG/MINOR: mworker: disable SIGPROF on re-exec If haproxy is built with profiling enabled with -pg, it is possible to see the master quit during a reload while it's re-executing itself with error code 155 (signal 27) saying "Profile timer expired)". This happens if the SIGPROF signal is delivered during the execve() call while the handler was already unregistered. The issue itself is not directly inside haproxy but it's easy to address. This patch disables this signal before calling execvp() during a master reload. A simple test for this consists in running this little script with haproxy started in master-worker mode : $ while usleep 50000; do killall -USR2 haproxy; done This fix should be backported to all versions using the master-worker model.
2019-08-26 04:37:39 -04:00
signal(SIGPROF, SIG_IGN);
BUG/MEDIUM: mworker: Fix re-exec when haproxy is started from PATH If haproxy is started using the name of the binary only (i.e. not using a relative or absolute path) the `execv` in `mworker_reload` fails with `ENOENT`, because it does not examine the `PATH`: [WARNING] 315/161139 (7) : Reexecuting Master process [WARNING] 315/161139 (7) : Cannot allocate memory [WARNING] 315/161139 (7) : Failed to reexecute the master processs [7] The error messages are misleading, because the return value of `execv` is not checked. This should be fixed in a separate commit. Once this happened the master process ignores any further signals sent by the administrator. Replace `execv` with `execvp` to establish the expected behaviour. This bug was introduced in commit 73b85e75b3963086be889e1fb40a59e7ef2ad63b.
2017-11-12 11:39:18 -05:00
execvp(next_argv[0], next_argv);
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Failed to reexecute the master process [%d]: %s\n", pid, strerror(errno));
CLEANUP: tree-wide: replace free(x);x=NULL with ha_free(&x) This makes the code more readable and less prone to copy-paste errors. In addition, it allows to place some __builtin_constant_p() predicates to trigger a link-time error in case the compiler knows that the freed area is constant. It will also produce compile-time error if trying to free something that is not a regular pointer (e.g. a function). The DEBUG_MEM_STATS macro now also defines an instance for ha_free() so that all these calls can be checked. 178 occurrences were converted. The vast majority of them were handled by the following Coccinelle script, some slightly refined to better deal with "&*x" or with long lines: @ rule @ expression E; @@ - free(E); - E = NULL; + ha_free(&E); It was verified that the resulting code is the same, more or less a handful of cases where the compiler optimized slightly differently the temporary variable that holds the copy of the pointer. A non-negligible amount of {free(str);str=NULL;str_len=0;} are still present in the config part (mostly header names in proxies). These ones should also be cleaned for the same reasons, and probably be turned into ist strings.
2021-02-20 04:46:51 -05:00
ha_free(&next_argv);
MINOR: mworker: display an accurate error when the reexec fail When the master worker fail the execvp, it returns the wrong error "Cannot allocate memory". We now display the accurate error corresponding to the errno value.
2017-11-15 13:02:55 -05:00
return;
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
alloc_error:
CLEANUP: tree-wide: replace free(x);x=NULL with ha_free(&x) This makes the code more readable and less prone to copy-paste errors. In addition, it allows to place some __builtin_constant_p() predicates to trigger a link-time error in case the compiler knows that the freed area is constant. It will also produce compile-time error if trying to free something that is not a regular pointer (e.g. a function). The DEBUG_MEM_STATS macro now also defines an instance for ha_free() so that all these calls can be checked. 178 occurrences were converted. The vast majority of them were handled by the following Coccinelle script, some slightly refined to better deal with "&*x" or with long lines: @ rule @ expression E; @@ - free(E); - E = NULL; + ha_free(&E); It was verified that the resulting code is the same, more or less a handful of cases where the compiler optimized slightly differently the temporary variable that holds the copy of the pointer. A non-negligible amount of {free(str);str=NULL;str_len=0;} are still present in the config part (mostly header names in proxies). These ones should also be cleaned for the same reasons, and probably be turned into ist strings.
2021-02-20 04:46:51 -05:00
ha_free(&next_argv);
MINOR: Fix an error message thrown when we run out of memory Fixes a typo in an error message that can be seen by the end user when the haproxy subsystem runs out of memory.
2018-11-15 13:43:05 -05:00
ha_warning("Failed to reexecute the master process [%d]: Cannot allocate memory\n", pid);
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
return;
}
MEDIUM: mworker: reexec in waitpid mode after successful loading Use the waitpid mode after successfully loading the configuration, this way the memory will be freed in the master, and will preserve the memory. This will be useful when doing a reload with a configuration which has large maps or a lot of SSL certificates, avoiding an OOM because too much memory was allocated in the master.
2021-11-09 12:01:22 -05:00
/* reexec haproxy in waitmode */
static void mworker_reexec_waitmode()
{
setenv("HAPROXY_MWORKER_WAIT_ONLY", "1", 1);
MINOR: mworker/cli: implement hard-reload over the master CLI The mworker mode never had a proper 'hard-stop' (-st) for the reload, this is a mode which was commonly used with the daemon mode, but it was never implemented in mworker mode. This patch fixes the problem by implementing a "hard-reload" command over the master CLI. It does the same as the "reload" command, but instead of waiting for the connections to stop in the previous process, it immediately quits the previous process after binding.
2023-11-24 15:20:32 -05:00
mworker_reexec(0);
MEDIUM: mworker: reexec in waitpid mode after successful loading Use the waitpid mode after successfully loading the configuration, this way the memory will be freed in the master, and will preserve the memory. This will be useful when doing a reload with a configuration which has large maps or a lot of SSL certificates, avoiding an OOM because too much memory was allocated in the master.
2021-11-09 12:01:22 -05:00
}
/* reload haproxy and emit a warning */
MINOR: mworker/cli: implement hard-reload over the master CLI The mworker mode never had a proper 'hard-stop' (-st) for the reload, this is a mode which was commonly used with the daemon mode, but it was never implemented in mworker mode. This patch fixes the problem by implementing a "hard-reload" command over the master CLI. It does the same as the "reload" command, but instead of waiting for the connections to stop in the previous process, it immediately quits the previous process after binding.
2023-11-24 15:20:32 -05:00
void mworker_reload(int hardreload)
MEDIUM: mworker: reexec in waitpid mode after successful loading Use the waitpid mode after successfully loading the configuration, this way the memory will be freed in the master, and will preserve the memory. This will be useful when doing a reload with a configuration which has large maps or a lot of SSL certificates, avoiding an OOM because too much memory was allocated in the master.
2021-11-09 12:01:22 -05:00
{
MINOR: mworker: only increment the number of reload in wait mode Since the wait mode will be started in any case of succesful or failed reload, change the way haproxy computes the number of reloads of the processes.
2021-11-09 12:43:59 -05:00
struct mworker_proc *child;
BUG/MINOR: mworker: deinit of thread poller was called when not initialized Commit 67e371e ("BUG/MEDIUM: mworker: FD leak of the eventpoll in wait mode") introduced a regression. Upon a reload it tries to deinit the poller per thread, but no poll loop was initialized after loading the configuration. This patch fixes the issue by moving this part of the code in mworker_reload(), since this function will be called only when the poller is fully initialized. This patch must be backported in 2.5.
2021-11-26 08:43:57 -05:00
struct per_thread_deinit_fct *ptdf;
MINOR: mworker: only increment the number of reload in wait mode Since the wait mode will be started in any case of succesful or failed reload, change the way haproxy computes the number of reloads of the processes.
2021-11-09 12:43:59 -05:00
MINOR: mworker/cli: implement hard-reload over the master CLI The mworker mode never had a proper 'hard-stop' (-st) for the reload, this is a mode which was commonly used with the daemon mode, but it was never implemented in mworker mode. This patch fixes the problem by implementing a "hard-reload" command over the master CLI. It does the same as the "reload" command, but instead of waiting for the connections to stop in the previous process, it immediately quits the previous process after binding.
2023-11-24 15:20:32 -05:00
ha_notice("Reloading HAProxy%s\n", hardreload?" (hard-reload)":"");
MINOR: mworker: only increment the number of reload in wait mode Since the wait mode will be started in any case of succesful or failed reload, change the way haproxy computes the number of reloads of the processes.
2021-11-09 12:43:59 -05:00
BUG/MINOR: mworker: deinit of thread poller was called when not initialized Commit 67e371e ("BUG/MEDIUM: mworker: FD leak of the eventpoll in wait mode") introduced a regression. Upon a reload it tries to deinit the poller per thread, but no poll loop was initialized after loading the configuration. This patch fixes the issue by moving this part of the code in mworker_reload(), since this function will be called only when the poller is fully initialized. This patch must be backported in 2.5.
2021-11-26 08:43:57 -05:00
/* close the poller FD and the thread waker pipe FD */
list_for_each_entry(ptdf, &per_thread_deinit_list, list)
ptdf->fct();
MINOR: mworker: only increment the number of reload in wait mode Since the wait mode will be started in any case of succesful or failed reload, change the way haproxy computes the number of reloads of the processes.
2021-11-09 12:43:59 -05:00
/* increment the number of reloads */
list_for_each_entry(child, &proc_list, list) {
child->reloads++;
}
MEDIUM: mworker/systemd: send STATUS over sd_notify The sd_notify API is not able to change the "Active:" line in "systemcl status". However a message can still be displayed on a "Status: " line, even if the service is still green and "active (running)". When startup succeed the Status will be set to "Ready.", upon a reload it will be set to "Reloading Configuration." If the configuration succeed "Ready." again. However if the reload failed, it will be set to "Reload failed!". Keep in mind that the "Active:" line won't change upon a reload failure, and will still be green.
2022-07-07 08:00:36 -04:00
#if defined(USE_SYSTEMD)
MINOR: systemd: Include MONOTONIC_USEC field in RELOADING=1 message As per the `sd_notify` manual: > A field carrying the monotonic timestamp (as per CLOCK_MONOTONIC) formatted > in decimal in μs, when the notification message was generated by the client. > This is typically used in combination with "RELOADING=1", to allow the > service manager to properly synchronize reload cycles. See systemd.service(5) > for details, specifically "Type=notify-reload". Thus this change allows users with a recent systemd to switch to `Type=notify-reload`, should they desire to do so. Correct behavior was verified with a Fedora 39 VM. see systemd/systemd#25916 [wla: the service file should be updated this way:] diff --git a/admin/systemd/haproxy.service.in b/admin/systemd/haproxy.service.in index 22a53d8aab..8c6dadb5e5 100644 --- a/admin/systemd/haproxy.service.in +++ b/admin/systemd/haproxy.service.in @@ -8,12 +8,11 @@ EnvironmentFile=-/etc/default/haproxy EnvironmentFile=-/etc/sysconfig/haproxy Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy.pid" "EXTRAOPTS=-S /run/haproxy-master.sock" ExecStart=@SBINDIR@/haproxy -Ws -f $CONFIG -p $PIDFILE $EXTRAOPTS -ExecReload=@SBINDIR@/haproxy -Ws -f $CONFIG -c $EXTRAOPTS -ExecReload=/bin/kill -USR2 $MAINPID KillMode=mixed Restart=always SuccessExitStatus=143 -Type=notify +Type=notify-reload +ReloadSignal=SIGUSR2 # The following lines leverage SystemD's sandboxing options to provide # defense in depth protection at the expense of restricting some flexibility Signed-off-by: William Lallemand <wlallemand@haproxy.com>
2024-04-03 16:39:16 -04:00
if (global.tune.options & GTUNE_USE_SYSTEMD) {
struct timespec ts;
(void)clock_gettime(CLOCK_MONOTONIC, &ts);
sd_notifyf(0,
"RELOADING=1\n"
"STATUS=Reloading Configuration.\n"
"MONOTONIC_USEC=%" PRIu64 "\n",
(ts.tv_sec * 1000000ULL + ts.tv_nsec / 1000ULL));
}
MEDIUM: mworker/systemd: send STATUS over sd_notify The sd_notify API is not able to change the "Active:" line in "systemcl status". However a message can still be displayed on a "Status: " line, even if the service is still green and "active (running)". When startup succeed the Status will be set to "Ready.", upon a reload it will be set to "Reloading Configuration." If the configuration succeed "Ready." again. However if the reload failed, it will be set to "Reload failed!". Keep in mind that the "Active:" line won't change upon a reload failure, and will still be green.
2022-07-07 08:00:36 -04:00
#endif
MINOR: mworker/cli: implement hard-reload over the master CLI The mworker mode never had a proper 'hard-stop' (-st) for the reload, this is a mode which was commonly used with the daemon mode, but it was never implemented in mworker mode. This patch fixes the problem by implementing a "hard-reload" command over the master CLI. It does the same as the "reload" command, but instead of waiting for the connections to stop in the previous process, it immediately quits the previous process after binding.
2023-11-24 15:20:32 -05:00
mworker_reexec(hardreload);
MEDIUM: mworker: reexec in waitpid mode after successful loading Use the waitpid mode after successfully loading the configuration, this way the memory will be freed in the master, and will preserve the memory. This will be useful when doing a reload with a configuration which has large maps or a lot of SSL certificates, avoiding an OOM because too much memory was allocated in the master.
2021-11-09 12:01:22 -05:00
}
MEDIUM: mworker: use the haproxy poll loop In order to reorganize the code of the master worker, the mworker_wait() function which was the main function was split. This function was handling a wait() loop, but it does not need it anymore since the code will use the poll loop of haproxy instead. The function was split in several functions: - mworker_catch_sigterm() which is a signal handler for SIGTERM ans SIGUSR1 that sends the signals to the workers - mworker_catch_sigchld() which is the code handling the leaving of a child - mworker_catch_sighup which basically call the mworker_restart() function - mworker_loop() which is the function calling the main poll loop in the master
2018-09-11 04:06:18 -04:00
static void mworker_loop()
{
BUG/MINOR: mworker: disable busy polling in the master process When enabling busy polling, we don't want the master to use it, or it wastes a dedicated processor to this! Must be backported to 1.9.
2019-04-18 05:31:36 -04:00
/* Busy polling makes no sense in the master :-) */
global.tune.options &= ~GTUNE_BUSY_POLLING;
MEDIUM: mworker: use the haproxy poll loop In order to reorganize the code of the master worker, the mworker_wait() function which was the main function was split. This function was handling a wait() loop, but it does not need it anymore since the code will use the poll loop of haproxy instead. The function was split in several functions: - mworker_catch_sigterm() which is a signal handler for SIGTERM ans SIGUSR1 that sends the signals to the workers - mworker_catch_sigchld() which is the code handling the leaving of a child - mworker_catch_sighup which basically call the mworker_restart() function - mworker_loop() which is the function calling the main poll loop in the master
2018-09-11 04:06:18 -04:00
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
BUG/MINOR: mworker: properly pass SIGTTOU/SIGTTIN to workers If a new process is started with -sf and it fails to bind, it may send a SIGTTOU to the master process in hope that it will temporarily unbind. Unfortunately this one doesn't catch it and stops to background instead of forwarding the signal to the workers. The same is true for SIGTTIN. This commit simply implements an extra signal handler for the master to deal with such signals that must be passed down to the workers. It must be backported as far as 1.8, though there the code differs in that it's entirely in haproxy.c and doesn't require an extra sig handler.
2019-12-11 08:24:07 -05:00
signal_unregister(SIGTTIN);
signal_unregister(SIGTTOU);
BUG/MEDIUM: mworker: unregister the signals of main() The signal_register_fct() does not remove the handlers assigned to a signal, but add a new handler to a list. We accidentality inherited the handlers of the main() function in the master process which is a problem because they act on the proxies. The side effect was to stop the MASTER proxy which handle the master CLI on a SIGUSR1, and to display some debug info when doing a SIGHUP and a SIGQUIT.
2018-11-20 11:36:53 -05:00
signal_unregister(SIGUSR1);
signal_unregister(SIGHUP);
signal_unregister(SIGQUIT);
MEDIUM: mworker: use the haproxy poll loop In order to reorganize the code of the master worker, the mworker_wait() function which was the main function was split. This function was handling a wait() loop, but it does not need it anymore since the code will use the poll loop of haproxy instead. The function was split in several functions: - mworker_catch_sigterm() which is a signal handler for SIGTERM ans SIGUSR1 that sends the signals to the workers - mworker_catch_sigchld() which is the code handling the leaving of a child - mworker_catch_sighup which basically call the mworker_restart() function - mworker_loop() which is the function calling the main poll loop in the master
2018-09-11 04:06:18 -04:00
signal_register_fct(SIGTERM, mworker_catch_sigterm, SIGTERM);
signal_register_fct(SIGUSR1, mworker_catch_sigterm, SIGUSR1);
BUG/MINOR: mworker: properly pass SIGTTOU/SIGTTIN to workers If a new process is started with -sf and it fails to bind, it may send a SIGTTOU to the master process in hope that it will temporarily unbind. Unfortunately this one doesn't catch it and stops to background instead of forwarding the signal to the workers. The same is true for SIGTTIN. This commit simply implements an extra signal handler for the master to deal with such signals that must be passed down to the workers. It must be backported as far as 1.8, though there the code differs in that it's entirely in haproxy.c and doesn't require an extra sig handler.
2019-12-11 08:24:07 -05:00
signal_register_fct(SIGTTIN, mworker_broadcast_signal, SIGTTIN);
signal_register_fct(SIGTTOU, mworker_broadcast_signal, SIGTTOU);
MEDIUM: mworker: use the haproxy poll loop In order to reorganize the code of the master worker, the mworker_wait() function which was the main function was split. This function was handling a wait() loop, but it does not need it anymore since the code will use the poll loop of haproxy instead. The function was split in several functions: - mworker_catch_sigterm() which is a signal handler for SIGTERM ans SIGUSR1 that sends the signals to the workers - mworker_catch_sigchld() which is the code handling the leaving of a child - mworker_catch_sighup which basically call the mworker_restart() function - mworker_loop() which is the function calling the main poll loop in the master
2018-09-11 04:06:18 -04:00
signal_register_fct(SIGINT, mworker_catch_sigterm, SIGINT);
signal_register_fct(SIGHUP, mworker_catch_sighup, SIGHUP);
signal_register_fct(SIGUSR2, mworker_catch_sighup, SIGUSR2);
signal_register_fct(SIGCHLD, mworker_catch_sigchld, SIGCHLD);
mworker_unblock_signals();
BUG/MEDIUM: mworker: stop every tasks in the master The master is not supposed to run (at the moment) any task before the polling loop, the created tasks should be run only in the workers but in the master they should be disabled or removed. No backport needed.
2018-12-06 08:05:20 -05:00
mworker_cleantasks();
MEDIUM: mworker: use the haproxy poll loop In order to reorganize the code of the master worker, the mworker_wait() function which was the main function was split. This function was handling a wait() loop, but it does not need it anymore since the code will use the poll loop of haproxy instead. The function was split in several functions: - mworker_catch_sigterm() which is a signal handler for SIGTERM ans SIGUSR1 that sends the signals to the workers - mworker_catch_sigchld() which is the code handling the leaving of a child - mworker_catch_sighup which basically call the mworker_restart() function - mworker_loop() which is the function calling the main poll loop in the master
2018-09-11 04:06:18 -04:00
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
mworker_catch_sigchld(NULL); /* ensure we clean the children in case
some SIGCHLD were lost */
MEDIUM: mworker: use the haproxy poll loop In order to reorganize the code of the master worker, the mworker_wait() function which was the main function was split. This function was handling a wait() loop, but it does not need it anymore since the code will use the poll loop of haproxy instead. The function was split in several functions: - mworker_catch_sigterm() which is a signal handler for SIGTERM ans SIGUSR1 that sends the signals to the workers - mworker_catch_sigchld() which is the code handling the leaving of a child - mworker_catch_sighup which basically call the mworker_restart() function - mworker_loop() which is the function calling the main poll loop in the master
2018-09-11 04:06:18 -04:00
jobs++; /* this is the "master" job, we want to take care of the
signals even if there is no listener so the poll loop don't
leave */
fork_poller();
MEDIUM: threads: replace ha_set_tid() with ha_set_thread() ha_set_tid() was randomly used either to explicitly set thread 0 or to set any possibly incomplete thread during boot. Let's replace it with a pointer to a valid thread or NULL for any thread. This allows us to check that the designated threads are always valid, and to ignore the thread 0's mapping when setting it to NULL, and always use group 0 with it during boot. The initialization code is also cleaner, as we don't pass ugly casts of a thread ID to a pointer anymore.
2021-09-28 03:43:11 -04:00
run_thread_poll_loop(NULL);
MEDIUM: mworker: use the haproxy poll loop In order to reorganize the code of the master worker, the mworker_wait() function which was the main function was split. This function was handling a wait() loop, but it does not need it anymore since the code will use the poll loop of haproxy instead. The function was split in several functions: - mworker_catch_sigterm() which is a signal handler for SIGTERM ans SIGUSR1 that sends the signals to the workers - mworker_catch_sigchld() which is the code handling the leaving of a child - mworker_catch_sighup which basically call the mworker_restart() function - mworker_loop() which is the function calling the main poll loop in the master
2018-09-11 04:06:18 -04:00
}
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
MEDIUM: mworker: wait mode on reload failure In Master Worker mode, when the reloading of the configuration fail, the process is exiting leaving the children without their father. To handle this, we register an exit function with atexit(3), which is reexecuting the binary in a special mode. This particular mode of HAProxy don't reload the configuration, it only loops on wait().
2017-06-01 11:38:52 -04:00
/*
* Reexec the process in failure mode, instead of exiting
*/
void reexec_on_failure()
{
MINOR: mworker: implement a reload failure counter Implement a reload failure counter which counts the number of failure since the last success. This counter is available in 'show proc' over the master CLI.
2021-11-10 04:49:06 -05:00
struct mworker_proc *child;
MEDIUM: mworker: wait mode on reload failure In Master Worker mode, when the reloading of the configuration fail, the process is exiting leaving the children without their father. To handle this, we register an exit function with atexit(3), which is reexecuting the binary in a special mode. This particular mode of HAProxy don't reload the configuration, it only loops on wait().
2017-06-01 11:38:52 -04:00
if (!atexit_flag)
return;
MINOR: mworker: implement a reload failure counter Implement a reload failure counter which counts the number of failure since the last success. This counter is available in 'show proc' over the master CLI.
2021-11-10 04:49:06 -05:00
/* get the info of the children in the env */
if (mworker_env_to_proc_list() < 0) {
exit(EXIT_FAILURE);
}
/* increment the number of failed reloads */
list_for_each_entry(child, &proc_list, list) {
child->failedreloads++;
}
BUG/MEDIUM: mworker: close unused transferred FDs on load failure When the master process is reloaded on a new config, it will try to connect to the previous process' socket to retrieve all known listening FDs to be reused by the new listeners. If listeners were removed, their unused FDs are simply closed. However there's a catch. In case a socket fails to bind, the master will cancel its startup and swithc to wait mode for a new operation to happen. In this case it didn't close the possibly remaining FDs that were left unused. It is very hard to hit this case, but it can happen during a troubleshooting session with fat fingers. For example, let's say a config runs like this: frontend ftp bind 1.2.3.4:20000-29999 The admin wants to extend the port range down to 10000-29999 and by mistake ends up with: frontend ftp bind 1.2.3.41:20000-29999 Upon restart the bind will fail if the address is not present, and the master will then switch to wait mode without releasing the previous FDs for 1.2.3.4:20000-29999 since they're now apparently unused. Then once the admin fixes the config and does: frontend ftp bind 1.2.3.4:10000-29999 The service will start, but will bind new sockets, half of them overlapping with the previous ones that were not properly closed. This may result in a startup error (if SO_REUSEPORT is not enabled or not available), in a FD number exhaustion (if the error is repeated many times), or in connections being randomly accepted by the process if they sometimes land on the old FD that nobody listens on. This patch will need to be backported as far as 1.8, and depends on previous patch: MINOR: sock: move the unused socket cleaning code into its own function Note that before 2.3 most of the code was located inside haproxy.c, so the patch above should probably relocate the function there instead of sock.c.
2022-01-28 12:40:06 -05:00
/* do not keep unused FDs retrieved from the previous process */
sock_drop_unused_old_sockets();
MEDIUM: mworker: reexec in waitpid mode after successful loading Use the waitpid mode after successfully loading the configuration, this way the memory will be freed in the master, and will preserve the memory. This will be useful when doing a reload with a configuration which has large maps or a lot of SSL certificates, avoiding an OOM because too much memory was allocated in the master.
2021-11-09 12:01:22 -05:00
usermsgs_clr(NULL);
MINOR: mworker: store and shows loading status The environment variable HAPROXY_LOAD_SUCCESS stores "1" if it successfully load the configuration and started, "0" otherwise. The "_loadstatus" master CLI command displays either "Loading failure!\n" or "Loading success.\n"
2022-09-24 09:44:42 -04:00
setenv("HAPROXY_LOAD_SUCCESS", "0", 1);
MINOR: mworker: clarify starting/failure messages Clarify the startup and reload messages: On a successful configuration load, haproxy will emit "Loading success." after successfuly forked the children. When it didn't success to load the configuration it will emit "Loading failure!". When trying to reload the master process, it will emit "Reloading HAProxy".
2021-11-09 12:16:47 -05:00
ha_warning("Loading failure!\n");
MEDIUM: mworker/systemd: send STATUS over sd_notify The sd_notify API is not able to change the "Active:" line in "systemcl status". However a message can still be displayed on a "Status: " line, even if the service is still green and "active (running)". When startup succeed the Status will be set to "Ready.", upon a reload it will be set to "Reloading Configuration." If the configuration succeed "Ready." again. However if the reload failed, it will be set to "Reload failed!". Keep in mind that the "Active:" line won't change upon a reload failure, and will still be green.
2022-07-07 08:00:36 -04:00
#if defined(USE_SYSTEMD)
/* the sd_notify API is not able to send a reload failure signal. So
* the READY=1 signal still need to be sent */
if (global.tune.options & GTUNE_USE_SYSTEMD)
sd_notify(0, "READY=1\nSTATUS=Reload failed!\n");
#endif
MEDIUM: mworker: reexec in waitpid mode after successful loading Use the waitpid mode after successfully loading the configuration, this way the memory will be freed in the master, and will preserve the memory. This will be useful when doing a reload with a configuration which has large maps or a lot of SSL certificates, avoiding an OOM because too much memory was allocated in the master.
2021-11-09 12:01:22 -05:00
mworker_reexec_waitmode();
MEDIUM: mworker: wait mode on reload failure In Master Worker mode, when the reloading of the configuration fail, the process is exiting leaving the children without their father. To handle this, we register an exit function with atexit(3), which is reexecuting the binary in a special mode. This particular mode of HAProxy don't reload the configuration, it only loops on wait().
2017-06-01 11:38:52 -04:00
}
MINOR: mworker: display an alert upon a wait-mode exit When the mworker wait mode fails it does an exit, but there is no error message which says it exits. Add a message which specify that the error is non-recoverable. Could be backported in 2.7 and possibly earlier branch.
2022-12-07 09:03:55 -05:00
/*
* Exit with an error message upon a wait-mode failure.
*/
void exit_on_waitmode_failure()
{
if (!atexit_flag)
return;
ha_alert("Non-recoverable mworker wait-mode error, exiting.\n");
}
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
[MEDIUM] signals: support redistribution of signal zero when stopping Signal zero is never delivered by the system. However having a signal to which functions and tasks can subscribe to be notified of a stopping event is useful. So this patch does two things : 1) allow signal zero to be delivered from any function of signal handler 2) make soft_stop() deliver this signal so that tasks can be notified of a stopping condition.
2010-08-27 12:26:11 -04:00
* upon SIGUSR1, let's have a soft stop. Note that soft_stop() broadcasts
* a signal zero to all subscribers. This means that it's as easy as
* subscribing to signal 0 to get informed about an imminent shutdown.
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
*/
CLEANUP: haproxy: statify unexported functions haproxy.c is a real mess. Let's start to clean it up by declaring static all functions which are not exported (ie almost all of them).
2016-12-21 12:19:57 -05:00
static void sig_soft_stop(struct sig_handler *sh)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
soft_stop();
[MEDIUM] signals: add support for registering functions and tasks The two new functions below make it possible to register any number of functions or tasks to a system signal. They will be called in the registration order when the signal is received. struct sig_handler *signal_register_fct(int sig, void (*fct)(struct sig_handler *), int arg); struct sig_handler *signal_register_task(int sig, struct task *task, int reason);
2010-08-27 11:56:48 -04:00
signal_unregister_handler(sh);
CLEANUP: pools: rename all pool functions and pointers to remove this "2" During the migration to the second version of the pools, the new functions and pool pointers were all called "pool_something2()" and "pool2_something". Now there's no more pool v1 code and it's a real pain to still have to deal with this. Let's clean this up now by removing the "2" everywhere, and by renaming the pool heads "pool_head_something".
2017-11-24 11:34:44 -05:00
pool_gc(NULL);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
/*
* upon SIGTTOU, we pause everything
*/
CLEANUP: haproxy: statify unexported functions haproxy.c is a real mess. Let's start to clean it up by declaring static all functions which are not exported (ie almost all of them).
2016-12-21 12:19:57 -05:00
static void sig_pause(struct sig_handler *sh)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
MAJOR: signals: use protocol_pause_all() and protocol_resume_all() When temporarily pausing the listeners with SIG_TTOU, we now pause all listeners via the protocols instead of the proxies. This has the benefits that listeners are paused regardless of whether or not they belong to a visible proxy. And for resuming via SIG_TTIN we do the same, which allows to report binding conflicts and address them, since the operation can be repeated on a per-listener basis instead of a per-proxy basis. While in appearance all cases were properly handled, it's impossible to completely rule out the possibility that something broken used to work by luck due to the scan ordering which is naturally different, hence the major tag.
2020-09-24 10:36:26 -04:00
if (protocol_pause_all() & ERR_FATAL) {
const char *msg = "Some proxies refused to pause, performing soft stop now.\n";
BUG/MINOR: proxy: respect the proper format string in sig_pause/sig_listen When factoring out the pause/resume error messages in commit 775e00158 ("MAJOR: signals: use protocol_pause_all() and protocol_resume_all()") I forgot that ha_warning() and send_log() take a format string and not just a const string. No backport is needed, this is 2.3-dev.
2020-10-09 13:26:27 -04:00
ha_warning("%s", msg);
send_log(NULL, LOG_WARNING, "%s", msg);
MAJOR: signals: use protocol_pause_all() and protocol_resume_all() When temporarily pausing the listeners with SIG_TTOU, we now pause all listeners via the protocols instead of the proxies. This has the benefits that listeners are paused regardless of whether or not they belong to a visible proxy. And for resuming via SIG_TTIN we do the same, which allows to report binding conflicts and address them, since the operation can be repeated on a per-listener basis instead of a per-proxy basis. While in appearance all cases were properly handled, it's impossible to completely rule out the possibility that something broken used to work by luck due to the scan ordering which is naturally different, hence the major tag.
2020-09-24 10:36:26 -04:00
soft_stop();
}
CLEANUP: pools: rename all pool functions and pointers to remove this "2" During the migration to the second version of the pools, the new functions and pool pointers were all called "pool_something2()" and "pool2_something". Now there's no more pool v1 code and it's a real pain to still have to deal with this. Let's clean this up now by removing the "2" everywhere, and by renaming the pool heads "pool_head_something".
2017-11-24 11:34:44 -05:00
pool_gc(NULL);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
/*
* upon SIGTTIN, let's have a soft stop.
*/
CLEANUP: haproxy: statify unexported functions haproxy.c is a real mess. Let's start to clean it up by declaring static all functions which are not exported (ie almost all of them).
2016-12-21 12:19:57 -05:00
static void sig_listen(struct sig_handler *sh)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
MAJOR: signals: use protocol_pause_all() and protocol_resume_all() When temporarily pausing the listeners with SIG_TTOU, we now pause all listeners via the protocols instead of the proxies. This has the benefits that listeners are paused regardless of whether or not they belong to a visible proxy. And for resuming via SIG_TTIN we do the same, which allows to report binding conflicts and address them, since the operation can be repeated on a per-listener basis instead of a per-proxy basis. While in appearance all cases were properly handled, it's impossible to completely rule out the possibility that something broken used to work by luck due to the scan ordering which is naturally different, hence the major tag.
2020-09-24 10:36:26 -04:00
if (protocol_resume_all() & ERR_FATAL) {
const char *msg = "Some proxies refused to resume, probably due to a conflict on a listening port. You may want to try again after the conflicting application is stopped, otherwise a restart might be needed to resume safe operations.\n";
BUG/MINOR: proxy: respect the proper format string in sig_pause/sig_listen When factoring out the pause/resume error messages in commit 775e00158 ("MAJOR: signals: use protocol_pause_all() and protocol_resume_all()") I forgot that ha_warning() and send_log() take a format string and not just a const string. No backport is needed, this is 2.3-dev.
2020-10-09 13:26:27 -04:00
ha_warning("%s", msg);
send_log(NULL, LOG_WARNING, "%s", msg);
MAJOR: signals: use protocol_pause_all() and protocol_resume_all() When temporarily pausing the listeners with SIG_TTOU, we now pause all listeners via the protocols instead of the proxies. This has the benefits that listeners are paused regardless of whether or not they belong to a visible proxy. And for resuming via SIG_TTIN we do the same, which allows to report binding conflicts and address them, since the operation can be repeated on a per-listener basis instead of a per-proxy basis. While in appearance all cases were properly handled, it's impossible to completely rule out the possibility that something broken used to work by luck due to the scan ordering which is naturally different, hence the major tag.
2020-09-24 10:36:26 -04:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
/*
* this function dumps every server's state when the process receives SIGHUP.
*/
CLEANUP: haproxy: statify unexported functions haproxy.c is a real mess. Let's start to clean it up by declaring static all functions which are not exported (ie almost all of them).
2016-12-21 12:19:57 -05:00
static void sig_dump_state(struct sig_handler *sh)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
MINOR/CLEANUP: proxy: rename "proxy" to "proxies_list" Rename the global variable "proxy" to "proxies_list". There's been multiple proxies in haproxy for quite some time, and "proxy" is a potential source of bugs, a number of functions have a "proxy" argument, and some code used "proxy" when it really meant "px" or "curproxy". It worked by pure luck, because it usually happened while parsing the config, and thus "proxy" pointed to the currently parsed proxy, but we should probably not rely on this. [wt: some of these are definitely fixes that are worth backporting]
2017-11-24 10:54:05 -05:00
struct proxy *p = proxies_list;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("SIGHUP received, dumping servers states.\n");
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
while (p) {
struct server *s = p->srv;
send_log(p, LOG_NOTICE, "SIGHUP received, dumping servers states for proxy %s.\n", p->id);
while (s) {
MEDIUM: make the trash be a chunk instead of a char * The trash is used everywhere to store the results of temporary strings built out of s(n)printf, or as a storage for a chunk when chunks are needed. Using global.tune.bufsize is not the most convenient thing either. So let's replace trash with a chunk and directly use it as such. We can then use trash.size as the natural way to get its size, and get rid of many intermediary chunks that were previously used. The patch is huge because it touches many areas but it makes the code a lot more clear and even outlines places where trash was used without being that obvious.
2012-10-29 11:51:55 -04:00
chunk_printf(&trash,
"SIGHUP: Server %s/%s is %s. Conn: %d act, %d pend, %lld tot.",
p->id, s->id,
MEDIUM: check: server states and weight propagation re-work The server state and weight was reworked to handle "pending" values updated by checks/CLI/LUA/agent. These values are commited to be propagated to the LB stack. In further dev related to multi-thread, the commit will be handled into a sync point. Pending values are named using the prefix 'next_' Current values used by the LB stack are named 'cur_'
2017-08-31 08:41:55 -04:00
(s->cur_state != SRV_ST_STOPPED) ? "UP" : "DOWN",
MINOR: server: replace the pendconns-related stuff with a struct queue Just like for proxies, all three elements (pendconns, nbpend, queue_idx) were moved to struct queue.
2021-06-18 03:30:30 -04:00
s->cur_sess, s->queue.length, s->counters.cum_sess);
MEDIUM: chunks: make the chunk struct's fields match the buffer struct Chunks are only a subset of a buffer (a non-wrapping version with no head offset). Despite this we still carry a lot of duplicated code between buffers and chunks. Replacing chunks with buffers would significantly reduce the maintenance efforts. This first patch renames the chunk's fields to match the name and types used by struct buffers, with the goal of isolating the code changes from the declaration changes. Most of the changes were made with spatch using this coccinelle script : @rule_d1@ typedef chunk; struct chunk chunk; @@ - chunk.str + chunk.area @rule_d2@ typedef chunk; struct chunk chunk; @@ - chunk.len + chunk.data @rule_i1@ typedef chunk; struct chunk *chunk; @@ - chunk->str + chunk->area @rule_i2@ typedef chunk; struct chunk *chunk; @@ - chunk->len + chunk->data Some minor updates to 3 http functions had to be performed to take size_t ints instead of ints in order to match the unsigned length here.
2018-07-13 04:54:26 -04:00
ha_warning("%s\n", trash.area);
send_log(p, LOG_NOTICE, "%s\n", trash.area);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
s = s->next;
}
[MINOR] fix the SIGHUP message not to alert on server-less proxies The SIGHUP message was designed long before it was possible to have no server in a proxy. Remove the alert in case there's no server.
2007-09-17 05:27:09 -04:00
/* FIXME: those info are a bit outdated. We should be able to distinguish between FE and BE. */
if (!p->srv) {
MEDIUM: make the trash be a chunk instead of a char * The trash is used everywhere to store the results of temporary strings built out of s(n)printf, or as a storage for a chunk when chunks are needed. Using global.tune.bufsize is not the most convenient thing either. So let's replace trash with a chunk and directly use it as such. We can then use trash.size as the natural way to get its size, and get rid of many intermediary chunks that were previously used. The patch is huge because it touches many areas but it makes the code a lot more clear and even outlines places where trash was used without being that obvious.
2012-10-29 11:51:55 -04:00
chunk_printf(&trash,
"SIGHUP: Proxy %s has no servers. Conn: act(FE+BE): %d+%d, %d pend (%d unass), tot(FE+BE): %lld+%lld.",
p->id,
BUG/MINOR: backend: use cum_sess counters instead of cum_conn This commit is part of a serie to align counters usage between frontends/listeners on one side and backends/servers on the other. "stot" metric refers to the total number of sessions. On backend side, it is interpreted as a number of streams. Previously, this was accounted using <cum_sess> be_counters field for servers, but <cum_conn> instead for backend proxies. Adjust this by using <cum_sess> for both proxies and servers. As such, <cum_conn> field can be removed from be_counters. Note that several diagnostic messages which reports total frontend and backend connections were adjusted to use <cum_sess>. However, this is an outdated and misleading information as it does reports streams count on backend side. These messages should be fixed in a separate commit. This should be backported to all stable releases.
2024-04-04 12:08:46 -04:00
p->feconn, p->beconn, p->totpend, p->queue.length, p->fe_counters.cum_conn, p->be_counters.cum_sess);
[MINOR] fix the SIGHUP message not to alert on server-less proxies The SIGHUP message was designed long before it was possible to have no server in a proxy. Remove the alert in case there's no server.
2007-09-17 05:27:09 -04:00
} else if (p->srv_act == 0) {
MEDIUM: make the trash be a chunk instead of a char * The trash is used everywhere to store the results of temporary strings built out of s(n)printf, or as a storage for a chunk when chunks are needed. Using global.tune.bufsize is not the most convenient thing either. So let's replace trash with a chunk and directly use it as such. We can then use trash.size as the natural way to get its size, and get rid of many intermediary chunks that were previously used. The patch is huge because it touches many areas but it makes the code a lot more clear and even outlines places where trash was used without being that obvious.
2012-10-29 11:51:55 -04:00
chunk_printf(&trash,
"SIGHUP: Proxy %s %s ! Conn: act(FE+BE): %d+%d, %d pend (%d unass), tot(FE+BE): %lld+%lld.",
p->id,
(p->srv_bck) ? "is running on backup servers" : "has no server available",
BUG/MINOR: backend: use cum_sess counters instead of cum_conn This commit is part of a serie to align counters usage between frontends/listeners on one side and backends/servers on the other. "stot" metric refers to the total number of sessions. On backend side, it is interpreted as a number of streams. Previously, this was accounted using <cum_sess> be_counters field for servers, but <cum_conn> instead for backend proxies. Adjust this by using <cum_sess> for both proxies and servers. As such, <cum_conn> field can be removed from be_counters. Note that several diagnostic messages which reports total frontend and backend connections were adjusted to use <cum_sess>. However, this is an outdated and misleading information as it does reports streams count on backend side. These messages should be fixed in a separate commit. This should be backported to all stable releases.
2024-04-04 12:08:46 -04:00
p->feconn, p->beconn, p->totpend, p->queue.length, p->fe_counters.cum_conn, p->be_counters.cum_sess);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
} else {
MEDIUM: make the trash be a chunk instead of a char * The trash is used everywhere to store the results of temporary strings built out of s(n)printf, or as a storage for a chunk when chunks are needed. Using global.tune.bufsize is not the most convenient thing either. So let's replace trash with a chunk and directly use it as such. We can then use trash.size as the natural way to get its size, and get rid of many intermediary chunks that were previously used. The patch is huge because it touches many areas but it makes the code a lot more clear and even outlines places where trash was used without being that obvious.
2012-10-29 11:51:55 -04:00
chunk_printf(&trash,
"SIGHUP: Proxy %s has %d active servers and %d backup servers available."
" Conn: act(FE+BE): %d+%d, %d pend (%d unass), tot(FE+BE): %lld+%lld.",
p->id, p->srv_act, p->srv_bck,
BUG/MINOR: backend: use cum_sess counters instead of cum_conn This commit is part of a serie to align counters usage between frontends/listeners on one side and backends/servers on the other. "stot" metric refers to the total number of sessions. On backend side, it is interpreted as a number of streams. Previously, this was accounted using <cum_sess> be_counters field for servers, but <cum_conn> instead for backend proxies. Adjust this by using <cum_sess> for both proxies and servers. As such, <cum_conn> field can be removed from be_counters. Note that several diagnostic messages which reports total frontend and backend connections were adjusted to use <cum_sess>. However, this is an outdated and misleading information as it does reports streams count on backend side. These messages should be fixed in a separate commit. This should be backported to all stable releases.
2024-04-04 12:08:46 -04:00
p->feconn, p->beconn, p->totpend, p->queue.length, p->fe_counters.cum_conn, p->be_counters.cum_sess);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MEDIUM: chunks: make the chunk struct's fields match the buffer struct Chunks are only a subset of a buffer (a non-wrapping version with no head offset). Despite this we still carry a lot of duplicated code between buffers and chunks. Replacing chunks with buffers would significantly reduce the maintenance efforts. This first patch renames the chunk's fields to match the name and types used by struct buffers, with the goal of isolating the code changes from the declaration changes. Most of the changes were made with spatch using this coccinelle script : @rule_d1@ typedef chunk; struct chunk chunk; @@ - chunk.str + chunk.area @rule_d2@ typedef chunk; struct chunk chunk; @@ - chunk.len + chunk.data @rule_i1@ typedef chunk; struct chunk *chunk; @@ - chunk->str + chunk->area @rule_i2@ typedef chunk; struct chunk *chunk; @@ - chunk->len + chunk->data Some minor updates to 3 http functions had to be performed to take size_t ints instead of ints in order to match the unsigned length here.
2018-07-13 04:54:26 -04:00
ha_warning("%s\n", trash.area);
send_log(p, LOG_NOTICE, "%s\n", trash.area);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
p = p->next;
}
}
CLEANUP: haproxy: statify unexported functions haproxy.c is a real mess. Let's start to clean it up by declaring static all functions which are not exported (ie almost all of them).
2016-12-21 12:19:57 -05:00
static void dump(struct sig_handler *sh)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
[MAJOR] migrated task, tree64 and session to pool2 task and tree64 are already very close in size and are merged together. Overall performance gained slightly by this simple change.
2007-05-13 13:43:47 -04:00
/* dump memory usage then free everything possible */
dump_pools();
CLEANUP: pools: rename all pool functions and pointers to remove this "2" During the migration to the second version of the pools, the new functions and pool pointers were all called "pool_something2()" and "pool2_something". Now there's no more pool v1 code and it's a real pain to still have to deal with this. Let's clean this up now by removing the "2" everywhere, and by renaming the pool heads "pool_head_something".
2017-11-24 11:34:44 -05:00
pool_gc(NULL);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MINOR: don't close stdio anymore Closing the standard IO FDs (0,1,2) can be troublesome, especially in the case of the master-worker. Instead of closing those FDs, they are now pointing to /dev/null which prevents sending debugging messages to the wrong FDs. This patch could be backported in 1.8.
2017-12-28 10:09:36 -05:00
/*
* This function dup2 the stdio FDs (0,1,2) with <fd>, then closes <fd>
* If <fd> < 0, it opens /dev/null and use it to dup
*
* In the case of chrooting, you have to open /dev/null before the chroot, and
* pass the <fd> to this function
*/
static void stdio_quiet(int fd)
{
if (fd < 0)
fd = open("/dev/null", O_RDWR, 0);
if (fd > -1) {
fclose(stdin);
fclose(stdout);
fclose(stderr);
dup2(fd, 0);
dup2(fd, 1);
dup2(fd, 2);
if (fd > 2)
close(fd);
return;
}
ha_alert("Cannot open /dev/null\n");
exit(EXIT_FAILURE);
}
CLEANUP: Fix some typos in the haproxy subsystem Fix some typos in the code comments of the haproxy subsystem.
2018-11-15 13:41:50 -05:00
/* This function checks if cfg_cfgfiles contains directories.
* If it finds one, it adds all the files (and only files) it contains
* in cfg_cfgfiles in place of the directory (and removes the directory).
* It adds the files in lexical order.
* It adds only files with .cfg extension.
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
* It doesn't add files with name starting with '.'
*/
CLEANUP: haproxy: statify unexported functions haproxy.c is a real mess. Let's start to clean it up by declaring static all functions which are not exported (ie almost all of them).
2016-12-21 12:19:57 -05:00
static void cfgfiles_expand_directories(void)
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
{
MINOR: startup: adapt list_append_word to use cfgfile list_append_word() helper was used before only to chain configuration file names in a list. As now we start to use cfgfile structure which represents entire file in memory and its metadata, let's adapt this helper to use this structure and let's rename it to list_append_cfgfile(). Adapt functions, which process configuration files and directories to use cfgfile structure and list_append_cfgfile() instead of wordlist.
2024-08-07 12:20:43 -04:00
struct cfgfile *cfg, *cfg_tmp;
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
char *err = NULL;
MINOR: startup: adapt list_append_word to use cfgfile list_append_word() helper was used before only to chain configuration file names in a list. As now we start to use cfgfile structure which represents entire file in memory and its metadata, let's adapt this helper to use this structure and let's rename it to list_append_cfgfile(). Adapt functions, which process configuration files and directories to use cfgfile structure and list_append_cfgfile() instead of wordlist.
2024-08-07 12:20:43 -04:00
list_for_each_entry_safe(cfg, cfg_tmp, &cfg_cfgfiles, list) {
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
struct stat file_stat;
struct dirent **dir_entries = NULL;
int dir_entries_nb;
int dir_entries_it;
MINOR: startup: adapt list_append_word to use cfgfile list_append_word() helper was used before only to chain configuration file names in a list. As now we start to use cfgfile structure which represents entire file in memory and its metadata, let's adapt this helper to use this structure and let's rename it to list_append_cfgfile(). Adapt functions, which process configuration files and directories to use cfgfile structure and list_append_cfgfile() instead of wordlist.
2024-08-07 12:20:43 -04:00
if (stat(cfg->filename, &file_stat)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Cannot open configuration file/directory %s : %s\n",
MINOR: startup: adapt list_append_word to use cfgfile list_append_word() helper was used before only to chain configuration file names in a list. As now we start to use cfgfile structure which represents entire file in memory and its metadata, let's adapt this helper to use this structure and let's rename it to list_append_cfgfile(). Adapt functions, which process configuration files and directories to use cfgfile structure and list_append_cfgfile() instead of wordlist.
2024-08-07 12:20:43 -04:00
cfg->filename,
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
strerror(errno));
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
exit(1);
}
if (!S_ISDIR(file_stat.st_mode))
continue;
MINOR: startup: adapt list_append_word to use cfgfile list_append_word() helper was used before only to chain configuration file names in a list. As now we start to use cfgfile structure which represents entire file in memory and its metadata, let's adapt this helper to use this structure and let's rename it to list_append_cfgfile(). Adapt functions, which process configuration files and directories to use cfgfile structure and list_append_cfgfile() instead of wordlist.
2024-08-07 12:20:43 -04:00
/* from this point cfg->name is a directory */
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
MINOR: startup: adapt list_append_word to use cfgfile list_append_word() helper was used before only to chain configuration file names in a list. As now we start to use cfgfile structure which represents entire file in memory and its metadata, let's adapt this helper to use this structure and let's rename it to list_append_cfgfile(). Adapt functions, which process configuration files and directories to use cfgfile structure and list_append_cfgfile() instead of wordlist.
2024-08-07 12:20:43 -04:00
dir_entries_nb = scandir(cfg->filename, &dir_entries, NULL, alphasort);
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
if (dir_entries_nb < 0) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Cannot open configuration directory %s : %s\n",
MINOR: startup: adapt list_append_word to use cfgfile list_append_word() helper was used before only to chain configuration file names in a list. As now we start to use cfgfile structure which represents entire file in memory and its metadata, let's adapt this helper to use this structure and let's rename it to list_append_cfgfile(). Adapt functions, which process configuration files and directories to use cfgfile structure and list_append_cfgfile() instead of wordlist.
2024-08-07 12:20:43 -04:00
cfg->filename,
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
strerror(errno));
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
exit(1);
}
MINOR: startup: adapt list_append_word to use cfgfile list_append_word() helper was used before only to chain configuration file names in a list. As now we start to use cfgfile structure which represents entire file in memory and its metadata, let's adapt this helper to use this structure and let's rename it to list_append_cfgfile(). Adapt functions, which process configuration files and directories to use cfgfile structure and list_append_cfgfile() instead of wordlist.
2024-08-07 12:20:43 -04:00
/* for each element in the directory cfg->name */
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
for (dir_entries_it = 0; dir_entries_it < dir_entries_nb; dir_entries_it++) {
struct dirent *dir_entry = dir_entries[dir_entries_it];
char *filename = NULL;
char *d_name_cfgext = strstr(dir_entry->d_name, ".cfg");
/* don't add filename that begin with .
CLEANUP: Fix some typos in the haproxy subsystem Fix some typos in the code comments of the haproxy subsystem.
2018-11-15 13:41:50 -05:00
* only add filename with .cfg extension
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
*/
if (dir_entry->d_name[0] == '.' ||
!(d_name_cfgext && d_name_cfgext[4] == '\0'))
goto next_dir_entry;
MINOR: startup: adapt list_append_word to use cfgfile list_append_word() helper was used before only to chain configuration file names in a list. As now we start to use cfgfile structure which represents entire file in memory and its metadata, let's adapt this helper to use this structure and let's rename it to list_append_cfgfile(). Adapt functions, which process configuration files and directories to use cfgfile structure and list_append_cfgfile() instead of wordlist.
2024-08-07 12:20:43 -04:00
if (!memprintf(&filename, "%s/%s", cfg->filename, dir_entry->d_name)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Cannot load configuration files %s : out of memory.\n",
filename);
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
exit(1);
}
if (stat(filename, &file_stat)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Cannot open configuration file %s : %s\n",
MINOR: startup: adapt list_append_word to use cfgfile list_append_word() helper was used before only to chain configuration file names in a list. As now we start to use cfgfile structure which represents entire file in memory and its metadata, let's adapt this helper to use this structure and let's rename it to list_append_cfgfile(). Adapt functions, which process configuration files and directories to use cfgfile structure and list_append_cfgfile() instead of wordlist.
2024-08-07 12:20:43 -04:00
cfg->filename,
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
strerror(errno));
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
exit(1);
}
/* don't add anything else than regular file in cfg_cfgfiles
* this way we avoid loops
*/
if (!S_ISREG(file_stat.st_mode))
goto next_dir_entry;
MINOR: startup: adapt list_append_word to use cfgfile list_append_word() helper was used before only to chain configuration file names in a list. As now we start to use cfgfile structure which represents entire file in memory and its metadata, let's adapt this helper to use this structure and let's rename it to list_append_cfgfile(). Adapt functions, which process configuration files and directories to use cfgfile structure and list_append_cfgfile() instead of wordlist.
2024-08-07 12:20:43 -04:00
if (!list_append_cfgfile(&cfg->list, filename, &err)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Cannot load configuration files %s : %s\n",
filename,
err);
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
exit(1);
}
next_dir_entry:
free(filename);
free(dir_entry);
}
free(dir_entries);
MINOR: startup: adapt list_append_word to use cfgfile list_append_word() helper was used before only to chain configuration file names in a list. As now we start to use cfgfile structure which represents entire file in memory and its metadata, let's adapt this helper to use this structure and let's rename it to list_append_cfgfile(). Adapt functions, which process configuration files and directories to use cfgfile structure and list_append_cfgfile() instead of wordlist.
2024-08-07 12:20:43 -04:00
/* remove the current directory (cfg) from cfgfiles */
free(cfg->filename);
LIST_DELETE(&cfg->list);
free(cfg);
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
}
free(err);
}
MEDIUM: startup: make read_cfg() return immediately on ENOMEM This commit prepares read_cfg() to call load_cfg_in_mem() helper in order to load configuration files in memory. Before, read_cfg() calls the parser for all files from cfg_cfgfiles list and cumulates parser's errors and memprintf's errors in for_each loop. memprintf's errors did not stop this loop and were accounted just after. Now, as we plan to load configuration files in memory, we stop the loop, if memprintf() fails, and we show appropraite error message with ha_alert. Then process terminates. So not all cumulated syntax-related errors will be shown before exit in this case and we has to stop, because we run out of memory. If we can't open the current file or we fail to allocate a memory to store some configuration line, the previous behaviour is kept, process emits appropriate alert message and exits. If parser returns some syntax-related error on the current file, the previous behaviour is kept as well. We cumulate such errors for all parsed files and we check them just after the loop. All syntax-related errors for all files is shown then as before in ha_alert messages line by line during the startup. Then process will exit with 1. As now cfg_cfgfiles list contains many pointers to some memory areas with configuration files content and this content could be big, it's better to free the list explicitly, when parsing was finished. So, let's change read_cfg() to return some integer value to its caller init(), and let's perform the free routine at a caller level, as cfg_cfgfiles list was initialized and initially filled at this level.
2024-08-05 04:03:52 -04:00
/* Reads config files. Returns -1, if we are run out of memory,
REORG: init: encapsulate code that reads cfg files Haproxy master process should not read its configuration the second time after performing reexec and passing to MODE_MWORKER_WAIT. So, to make this part of init() function more readable and to distinguish better the point, where configs have been read, let's encapsulate it in a separate function.
2024-06-26 11:03:04 -04:00
* couldn't open provided file(s) or parser has detected some fatal error.
* Otherwise, returns an err_code, which may contain 0 (OK) or ERR_WARN,
MEDIUM: startup: make read_cfg() return immediately on ENOMEM This commit prepares read_cfg() to call load_cfg_in_mem() helper in order to load configuration files in memory. Before, read_cfg() calls the parser for all files from cfg_cfgfiles list and cumulates parser's errors and memprintf's errors in for_each loop. memprintf's errors did not stop this loop and were accounted just after. Now, as we plan to load configuration files in memory, we stop the loop, if memprintf() fails, and we show appropraite error message with ha_alert. Then process terminates. So not all cumulated syntax-related errors will be shown before exit in this case and we has to stop, because we run out of memory. If we can't open the current file or we fail to allocate a memory to store some configuration line, the previous behaviour is kept, process emits appropriate alert message and exits. If parser returns some syntax-related error on the current file, the previous behaviour is kept as well. We cumulate such errors for all parsed files and we check them just after the loop. All syntax-related errors for all files is shown then as before in ha_alert messages line by line during the startup. Then process will exit with 1. As now cfg_cfgfiles list contains many pointers to some memory areas with configuration files content and this content could be big, it's better to free the list explicitly, when parsing was finished. So, let's change read_cfg() to return some integer value to its caller init(), and let's perform the free routine at a caller level, as cfg_cfgfiles list was initialized and initially filled at this level.
2024-08-05 04:03:52 -04:00
* ERR_ALERT. It is used in further initialization stages.
REORG: init: encapsulate code that reads cfg files Haproxy master process should not read its configuration the second time after performing reexec and passing to MODE_MWORKER_WAIT. So, to make this part of init() function more readable and to distinguish better the point, where configs have been read, let's encapsulate it in a separate function.
2024-06-26 11:03:04 -04:00
*/
static int read_cfg(char *progname)
{
char *env_cfgfiles = NULL;
MEDIUM: startup: load and parse configs from memory Let's call load_cfg_in_ram() helper for each configuration file to load it's content in some area in memory. Adapt readcfgfile() parser function respectively. In order to limit changes in its scope we give as an argument a cfgfile structure, already filled in init_args() and in load_cfg_in_ram() with file metadata and content. Parser function (readcfgfile()) uses now fgets_from_mem() instead of standard fgets from libc implementations. SPOE filter parses its own configuration file, pointed by 'config' keyword in the configuration already loaded in memory. So, let's allocate and fill for this a supplementary cfgfile structure, which is not referenced in cfg_cfgfiles list. This structure and the memory with content of SPOE filter configuration are freed immediately in parse_spoe_flt(), when readcfgfile() returns. HAProxy OpenTracing filter also uses its own configuration file. So, let's follow the same logic as we do for SPOE filter.
2024-08-07 10:53:50 -04:00
struct cfgfile *cfg, *cfg_tmp;
REORG: init: encapsulate code that reads cfg files Haproxy master process should not read its configuration the second time after performing reexec and passing to MODE_MWORKER_WAIT. So, to make this part of init() function more readable and to distinguish better the point, where configs have been read, let's encapsulate it in a separate function.
2024-06-26 11:03:04 -04:00
int err_code = 0;
/* handle cfgfiles that are actually directories */
cfgfiles_expand_directories();
if (LIST_ISEMPTY(&cfg_cfgfiles))
usage(progname);
/* temporary create environment variables with default
* values to ease user configuration. Do not forget to
* unset them after the list_for_each_entry loop.
*/
setenv("HAPROXY_HTTP_LOG_FMT", default_http_log_format, 1);
setenv("HAPROXY_HTTPS_LOG_FMT", default_https_log_format, 1);
setenv("HAPROXY_TCP_LOG_FMT", default_tcp_log_format, 1);
setenv("HAPROXY_BRANCH", PRODUCT_BRANCH, 1);
MEDIUM: startup: load and parse configs from memory Let's call load_cfg_in_ram() helper for each configuration file to load it's content in some area in memory. Adapt readcfgfile() parser function respectively. In order to limit changes in its scope we give as an argument a cfgfile structure, already filled in init_args() and in load_cfg_in_ram() with file metadata and content. Parser function (readcfgfile()) uses now fgets_from_mem() instead of standard fgets from libc implementations. SPOE filter parses its own configuration file, pointed by 'config' keyword in the configuration already loaded in memory. So, let's allocate and fill for this a supplementary cfgfile structure, which is not referenced in cfg_cfgfiles list. This structure and the memory with content of SPOE filter configuration are freed immediately in parse_spoe_flt(), when readcfgfile() returns. HAProxy OpenTracing filter also uses its own configuration file. So, let's follow the same logic as we do for SPOE filter.
2024-08-07 10:53:50 -04:00
list_for_each_entry_safe(cfg, cfg_tmp, &cfg_cfgfiles, list) {
REORG: init: encapsulate code that reads cfg files Haproxy master process should not read its configuration the second time after performing reexec and passing to MODE_MWORKER_WAIT. So, to make this part of init() function more readable and to distinguish better the point, where configs have been read, let's encapsulate it in a separate function.
2024-06-26 11:03:04 -04:00
int ret;
MEDIUM: startup: load and parse configs from memory Let's call load_cfg_in_ram() helper for each configuration file to load it's content in some area in memory. Adapt readcfgfile() parser function respectively. In order to limit changes in its scope we give as an argument a cfgfile structure, already filled in init_args() and in load_cfg_in_ram() with file metadata and content. Parser function (readcfgfile()) uses now fgets_from_mem() instead of standard fgets from libc implementations. SPOE filter parses its own configuration file, pointed by 'config' keyword in the configuration already loaded in memory. So, let's allocate and fill for this a supplementary cfgfile structure, which is not referenced in cfg_cfgfiles list. This structure and the memory with content of SPOE filter configuration are freed immediately in parse_spoe_flt(), when readcfgfile() returns. HAProxy OpenTracing filter also uses its own configuration file. So, let's follow the same logic as we do for SPOE filter.
2024-08-07 10:53:50 -04:00
cfg->size = load_cfg_in_mem(cfg->filename, &cfg->content);
if (cfg->size < 0)
goto err;
MEDIUM: startup: make read_cfg() return immediately on ENOMEM This commit prepares read_cfg() to call load_cfg_in_mem() helper in order to load configuration files in memory. Before, read_cfg() calls the parser for all files from cfg_cfgfiles list and cumulates parser's errors and memprintf's errors in for_each loop. memprintf's errors did not stop this loop and were accounted just after. Now, as we plan to load configuration files in memory, we stop the loop, if memprintf() fails, and we show appropraite error message with ha_alert. Then process terminates. So not all cumulated syntax-related errors will be shown before exit in this case and we has to stop, because we run out of memory. If we can't open the current file or we fail to allocate a memory to store some configuration line, the previous behaviour is kept, process emits appropriate alert message and exits. If parser returns some syntax-related error on the current file, the previous behaviour is kept as well. We cumulate such errors for all parsed files and we check them just after the loop. All syntax-related errors for all files is shown then as before in ha_alert messages line by line during the startup. Then process will exit with 1. As now cfg_cfgfiles list contains many pointers to some memory areas with configuration files content and this content could be big, it's better to free the list explicitly, when parsing was finished. So, let's change read_cfg() to return some integer value to its caller init(), and let's perform the free routine at a caller level, as cfg_cfgfiles list was initialized and initially filled at this level.
2024-08-05 04:03:52 -04:00
if (!memprintf(&env_cfgfiles, "%s%s%s",
(env_cfgfiles ? env_cfgfiles : ""),
(env_cfgfiles ? ";" : ""), cfg->filename)) {
/* free what we've already allocated and free cfglist */
ha_alert("Could not allocate memory for HAPROXY_CFGFILES env variable\n");
goto err;
REORG: init: encapsulate code that reads cfg files Haproxy master process should not read its configuration the second time after performing reexec and passing to MODE_MWORKER_WAIT. So, to make this part of init() function more readable and to distinguish better the point, where configs have been read, let's encapsulate it in a separate function.
2024-06-26 11:03:04 -04:00
}
MINOR: startup: rename readcfgfile in parse_cfg As readcfgfile no longer opens configuration files and reads them with fgets, but performs only the parsing of provided data, let's rename it to parse_cfg by analogy with read_cfg in haproxy.c.
2024-08-05 04:04:03 -04:00
ret = parse_cfg(cfg);
MEDIUM: startup: make read_cfg() return immediately on ENOMEM This commit prepares read_cfg() to call load_cfg_in_mem() helper in order to load configuration files in memory. Before, read_cfg() calls the parser for all files from cfg_cfgfiles list and cumulates parser's errors and memprintf's errors in for_each loop. memprintf's errors did not stop this loop and were accounted just after. Now, as we plan to load configuration files in memory, we stop the loop, if memprintf() fails, and we show appropraite error message with ha_alert. Then process terminates. So not all cumulated syntax-related errors will be shown before exit in this case and we has to stop, because we run out of memory. If we can't open the current file or we fail to allocate a memory to store some configuration line, the previous behaviour is kept, process emits appropriate alert message and exits. If parser returns some syntax-related error on the current file, the previous behaviour is kept as well. We cumulate such errors for all parsed files and we check them just after the loop. All syntax-related errors for all files is shown then as before in ha_alert messages line by line during the startup. Then process will exit with 1. As now cfg_cfgfiles list contains many pointers to some memory areas with configuration files content and this content could be big, it's better to free the list explicitly, when parsing was finished. So, let's change read_cfg() to return some integer value to its caller init(), and let's perform the free routine at a caller level, as cfg_cfgfiles list was initialized and initially filled at this level.
2024-08-05 04:03:52 -04:00
if (ret == -1)
goto err;
REORG: init: encapsulate code that reads cfg files Haproxy master process should not read its configuration the second time after performing reexec and passing to MODE_MWORKER_WAIT. So, to make this part of init() function more readable and to distinguish better the point, where configs have been read, let's encapsulate it in a separate function.
2024-06-26 11:03:04 -04:00
if (ret & (ERR_ABORT|ERR_FATAL))
MINOR: startup: adapt list_append_word to use cfgfile list_append_word() helper was used before only to chain configuration file names in a list. As now we start to use cfgfile structure which represents entire file in memory and its metadata, let's adapt this helper to use this structure and let's rename it to list_append_cfgfile(). Adapt functions, which process configuration files and directories to use cfgfile structure and list_append_cfgfile() instead of wordlist.
2024-08-07 12:20:43 -04:00
ha_alert("Error(s) found in configuration file : %s\n", cfg->filename);
REORG: init: encapsulate code that reads cfg files Haproxy master process should not read its configuration the second time after performing reexec and passing to MODE_MWORKER_WAIT. So, to make this part of init() function more readable and to distinguish better the point, where configs have been read, let's encapsulate it in a separate function.
2024-06-26 11:03:04 -04:00
err_code |= ret;
MEDIUM: startup: make read_cfg() return immediately on ENOMEM This commit prepares read_cfg() to call load_cfg_in_mem() helper in order to load configuration files in memory. Before, read_cfg() calls the parser for all files from cfg_cfgfiles list and cumulates parser's errors and memprintf's errors in for_each loop. memprintf's errors did not stop this loop and were accounted just after. Now, as we plan to load configuration files in memory, we stop the loop, if memprintf() fails, and we show appropraite error message with ha_alert. Then process terminates. So not all cumulated syntax-related errors will be shown before exit in this case and we has to stop, because we run out of memory. If we can't open the current file or we fail to allocate a memory to store some configuration line, the previous behaviour is kept, process emits appropriate alert message and exits. If parser returns some syntax-related error on the current file, the previous behaviour is kept as well. We cumulate such errors for all parsed files and we check them just after the loop. All syntax-related errors for all files is shown then as before in ha_alert messages line by line during the startup. Then process will exit with 1. As now cfg_cfgfiles list contains many pointers to some memory areas with configuration files content and this content could be big, it's better to free the list explicitly, when parsing was finished. So, let's change read_cfg() to return some integer value to its caller init(), and let's perform the free routine at a caller level, as cfg_cfgfiles list was initialized and initially filled at this level.
2024-08-05 04:03:52 -04:00
if (err_code & ERR_ABORT)
goto err;
REORG: init: encapsulate code that reads cfg files Haproxy master process should not read its configuration the second time after performing reexec and passing to MODE_MWORKER_WAIT. So, to make this part of init() function more readable and to distinguish better the point, where configs have been read, let's encapsulate it in a separate function.
2024-06-26 11:03:04 -04:00
}
/* remove temporary environment variables. */
unsetenv("HAPROXY_BRANCH");
unsetenv("HAPROXY_HTTP_LOG_FMT");
unsetenv("HAPROXY_HTTPS_LOG_FMT");
unsetenv("HAPROXY_TCP_LOG_FMT");
/* do not try to resolve arguments nor to spot inconsistencies when
MEDIUM: startup: make read_cfg() return immediately on ENOMEM This commit prepares read_cfg() to call load_cfg_in_mem() helper in order to load configuration files in memory. Before, read_cfg() calls the parser for all files from cfg_cfgfiles list and cumulates parser's errors and memprintf's errors in for_each loop. memprintf's errors did not stop this loop and were accounted just after. Now, as we plan to load configuration files in memory, we stop the loop, if memprintf() fails, and we show appropraite error message with ha_alert. Then process terminates. So not all cumulated syntax-related errors will be shown before exit in this case and we has to stop, because we run out of memory. If we can't open the current file or we fail to allocate a memory to store some configuration line, the previous behaviour is kept, process emits appropriate alert message and exits. If parser returns some syntax-related error on the current file, the previous behaviour is kept as well. We cumulate such errors for all parsed files and we check them just after the loop. All syntax-related errors for all files is shown then as before in ha_alert messages line by line during the startup. Then process will exit with 1. As now cfg_cfgfiles list contains many pointers to some memory areas with configuration files content and this content could be big, it's better to free the list explicitly, when parsing was finished. So, let's change read_cfg() to return some integer value to its caller init(), and let's perform the free routine at a caller level, as cfg_cfgfiles list was initialized and initially filled at this level.
2024-08-05 04:03:52 -04:00
* the configuration contains fatal errors.
REORG: init: encapsulate code that reads cfg files Haproxy master process should not read its configuration the second time after performing reexec and passing to MODE_MWORKER_WAIT. So, to make this part of init() function more readable and to distinguish better the point, where configs have been read, let's encapsulate it in a separate function.
2024-06-26 11:03:04 -04:00
*/
if (err_code & (ERR_ABORT|ERR_FATAL)) {
ha_alert("Fatal errors found in configuration.\n");
MEDIUM: startup: make read_cfg() return immediately on ENOMEM This commit prepares read_cfg() to call load_cfg_in_mem() helper in order to load configuration files in memory. Before, read_cfg() calls the parser for all files from cfg_cfgfiles list and cumulates parser's errors and memprintf's errors in for_each loop. memprintf's errors did not stop this loop and were accounted just after. Now, as we plan to load configuration files in memory, we stop the loop, if memprintf() fails, and we show appropraite error message with ha_alert. Then process terminates. So not all cumulated syntax-related errors will be shown before exit in this case and we has to stop, because we run out of memory. If we can't open the current file or we fail to allocate a memory to store some configuration line, the previous behaviour is kept, process emits appropriate alert message and exits. If parser returns some syntax-related error on the current file, the previous behaviour is kept as well. We cumulate such errors for all parsed files and we check them just after the loop. All syntax-related errors for all files is shown then as before in ha_alert messages line by line during the startup. Then process will exit with 1. As now cfg_cfgfiles list contains many pointers to some memory areas with configuration files content and this content could be big, it's better to free the list explicitly, when parsing was finished. So, let's change read_cfg() to return some integer value to its caller init(), and let's perform the free routine at a caller level, as cfg_cfgfiles list was initialized and initially filled at this level.
2024-08-05 04:03:52 -04:00
goto err;
REORG: init: encapsulate code that reads cfg files Haproxy master process should not read its configuration the second time after performing reexec and passing to MODE_MWORKER_WAIT. So, to make this part of init() function more readable and to distinguish better the point, where configs have been read, let's encapsulate it in a separate function.
2024-06-26 11:03:04 -04:00
}
MEDIUM: startup: make read_cfg() return immediately on ENOMEM This commit prepares read_cfg() to call load_cfg_in_mem() helper in order to load configuration files in memory. Before, read_cfg() calls the parser for all files from cfg_cfgfiles list and cumulates parser's errors and memprintf's errors in for_each loop. memprintf's errors did not stop this loop and were accounted just after. Now, as we plan to load configuration files in memory, we stop the loop, if memprintf() fails, and we show appropraite error message with ha_alert. Then process terminates. So not all cumulated syntax-related errors will be shown before exit in this case and we has to stop, because we run out of memory. If we can't open the current file or we fail to allocate a memory to store some configuration line, the previous behaviour is kept, process emits appropriate alert message and exits. If parser returns some syntax-related error on the current file, the previous behaviour is kept as well. We cumulate such errors for all parsed files and we check them just after the loop. All syntax-related errors for all files is shown then as before in ha_alert messages line by line during the startup. Then process will exit with 1. As now cfg_cfgfiles list contains many pointers to some memory areas with configuration files content and this content could be big, it's better to free the list explicitly, when parsing was finished. So, let's change read_cfg() to return some integer value to its caller init(), and let's perform the free routine at a caller level, as cfg_cfgfiles list was initialized and initially filled at this level.
2024-08-05 04:03:52 -04:00
REORG: init: encapsulate code that reads cfg files Haproxy master process should not read its configuration the second time after performing reexec and passing to MODE_MWORKER_WAIT. So, to make this part of init() function more readable and to distinguish better the point, where configs have been read, let's encapsulate it in a separate function.
2024-06-26 11:03:04 -04:00
setenv("HAPROXY_CFGFILES", env_cfgfiles, 1);
free(env_cfgfiles);
return err_code;
MEDIUM: startup: make read_cfg() return immediately on ENOMEM This commit prepares read_cfg() to call load_cfg_in_mem() helper in order to load configuration files in memory. Before, read_cfg() calls the parser for all files from cfg_cfgfiles list and cumulates parser's errors and memprintf's errors in for_each loop. memprintf's errors did not stop this loop and were accounted just after. Now, as we plan to load configuration files in memory, we stop the loop, if memprintf() fails, and we show appropraite error message with ha_alert. Then process terminates. So not all cumulated syntax-related errors will be shown before exit in this case and we has to stop, because we run out of memory. If we can't open the current file or we fail to allocate a memory to store some configuration line, the previous behaviour is kept, process emits appropriate alert message and exits. If parser returns some syntax-related error on the current file, the previous behaviour is kept as well. We cumulate such errors for all parsed files and we check them just after the loop. All syntax-related errors for all files is shown then as before in ha_alert messages line by line during the startup. Then process will exit with 1. As now cfg_cfgfiles list contains many pointers to some memory areas with configuration files content and this content could be big, it's better to free the list explicitly, when parsing was finished. So, let's change read_cfg() to return some integer value to its caller init(), and let's perform the free routine at a caller level, as cfg_cfgfiles list was initialized and initially filled at this level.
2024-08-05 04:03:52 -04:00
err:
free(env_cfgfiles);
return -1;
REORG: init: encapsulate code that reads cfg files Haproxy master process should not read its configuration the second time after performing reexec and passing to MODE_MWORKER_WAIT. So, to make this part of init() function more readable and to distinguish better the point, where configs have been read, let's encapsulate it in a separate function.
2024-06-26 11:03:04 -04:00
}
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
/*
* copy and cleanup the current argv
BUG/MEDIUM: mworker: fix the copy of options in copy_argv() The copy_argv() function, which is used to copy and remove some of the arguments of the command line in order to re-exec() the master process, is poorly implemented. The function tries to remove the -x and the -sf/-st options but without taking into account that some of the options could take a parameter starting with a dash. In issue #644, haproxy starts with "-L -xfoo" which is perfectly correct. However, the re-exec is done without "-xfoo" because the master tries to remove the "-x" option. Indeed, the copy_argv() function does not know how much arguments an option can have, and just assume that everything starting with a dash is an option. So haproxy is exec() with "-L" but without a parameter, which is wrong and leads to the exit of the master, with usage(). To fix this issue, copy_argv() must know how much parameters an option takes, and copy or skip the parameters correctly. This fix is a first step but it should evolve to a cleaner way of declaring the options to avoid deduplication of the parsing code, so we avoid new bugs. Should be backported with care as far as 1.8, by removing the options that does not exists in the previous versions.
2020-06-04 11:40:23 -04:00
* Remove the -sf /-st / -x parameters
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
* Return an allocated copy of argv
*/
static char **copy_argv(int argc, char **argv)
{
BUG/MEDIUM: mworker: fix the copy of options in copy_argv() The copy_argv() function, which is used to copy and remove some of the arguments of the command line in order to re-exec() the master process, is poorly implemented. The function tries to remove the -x and the -sf/-st options but without taking into account that some of the options could take a parameter starting with a dash. In issue #644, haproxy starts with "-L -xfoo" which is perfectly correct. However, the re-exec is done without "-xfoo" because the master tries to remove the "-x" option. Indeed, the copy_argv() function does not know how much arguments an option can have, and just assume that everything starting with a dash is an option. So haproxy is exec() with "-L" but without a parameter, which is wrong and leads to the exit of the master, with usage(). To fix this issue, copy_argv() must know how much parameters an option takes, and copy or skip the parameters correctly. This fix is a first step but it should evolve to a cleaner way of declaring the options to avoid deduplication of the parsing code, so we avoid new bugs. Should be backported with care as far as 1.8, by removing the options that does not exists in the previous versions.
2020-06-04 11:40:23 -04:00
char **newargv, **retargv;
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
CLEANUP: Do not use a fixed type for 'sizeof' in 'calloc' Changes performed using the following coccinelle patch: @@ type T; expression E; expression t; @@ ( t = calloc(E, sizeof(*t)) | - t = calloc(E, sizeof(T)) + t = calloc(E, sizeof(*t)) ) Looking through the commit history, grepping for coccinelle shows that the same replacement with a different patch was already performed in the past in commit 02779b6263a177b1e462e53db6eaf57bcda574bc.
2020-09-12 14:26:43 -04:00
newargv = calloc(argc + 2, sizeof(*newargv));
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
if (newargv == NULL) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Cannot allocate memory\n");
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
return NULL;
}
BUG/MEDIUM: mworker: fix the copy of options in copy_argv() The copy_argv() function, which is used to copy and remove some of the arguments of the command line in order to re-exec() the master process, is poorly implemented. The function tries to remove the -x and the -sf/-st options but without taking into account that some of the options could take a parameter starting with a dash. In issue #644, haproxy starts with "-L -xfoo" which is perfectly correct. However, the re-exec is done without "-xfoo" because the master tries to remove the "-x" option. Indeed, the copy_argv() function does not know how much arguments an option can have, and just assume that everything starting with a dash is an option. So haproxy is exec() with "-L" but without a parameter, which is wrong and leads to the exit of the master, with usage(). To fix this issue, copy_argv() must know how much parameters an option takes, and copy or skip the parameters correctly. This fix is a first step but it should evolve to a cleaner way of declaring the options to avoid deduplication of the parsing code, so we avoid new bugs. Should be backported with care as far as 1.8, by removing the options that does not exists in the previous versions.
2020-06-04 11:40:23 -04:00
retargv = newargv;
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
BUG/MEDIUM: mworker: fix the copy of options in copy_argv() The copy_argv() function, which is used to copy and remove some of the arguments of the command line in order to re-exec() the master process, is poorly implemented. The function tries to remove the -x and the -sf/-st options but without taking into account that some of the options could take a parameter starting with a dash. In issue #644, haproxy starts with "-L -xfoo" which is perfectly correct. However, the re-exec is done without "-xfoo" because the master tries to remove the "-x" option. Indeed, the copy_argv() function does not know how much arguments an option can have, and just assume that everything starting with a dash is an option. So haproxy is exec() with "-L" but without a parameter, which is wrong and leads to the exit of the master, with usage(). To fix this issue, copy_argv() must know how much parameters an option takes, and copy or skip the parameters correctly. This fix is a first step but it should evolve to a cleaner way of declaring the options to avoid deduplication of the parsing code, so we avoid new bugs. Should be backported with care as far as 1.8, by removing the options that does not exists in the previous versions.
2020-06-04 11:40:23 -04:00
/* first copy argv[0] */
*newargv++ = *argv++;
argc--;
while (argc > 0) {
if (**argv != '-') {
/* non options are copied but will fail in the argument parser */
*newargv++ = *argv++;
argc--;
} else {
char *flag;
flag = *argv + 1;
if (flag[0] == '-' && flag[1] == 0) {
/* "--\0" copy every arguments till the end of argv */
*newargv++ = *argv++;
argc--;
while (argc > 0) {
*newargv++ = *argv++;
argc--;
}
} else {
switch (*flag) {
case 's':
/* -sf / -st and their parameters are ignored */
if (flag[1] == 'f' || flag[1] == 't') {
argc--;
argv++;
/* The list can't contain a negative value since the only
way to know the end of this list is by looking for the
next option or the end of the options */
while (argc > 0 && argv[0][0] != '-') {
argc--;
argv++;
}
BUG/MINOR: startup: haproxy -s cause 100% cpu It was reported in bug #837 that haproxy -s causes a 100% CPU. However this option does not exist and haproxy must exit with the usage message. The parser was not handling the case where -s is not followed by 't' or 'f' which are the only two valid cases. This bug was introduced by df6c5a ("BUG/MEDIUM: mworker: fix the copy of options in copy_argv()") which was backported as far as 1.8. This fix must be backported as far as 1.8.
2020-09-02 10:12:23 -04:00
} else {
argc--;
argv++;
BUG/MEDIUM: mworker: fix the copy of options in copy_argv() The copy_argv() function, which is used to copy and remove some of the arguments of the command line in order to re-exec() the master process, is poorly implemented. The function tries to remove the -x and the -sf/-st options but without taking into account that some of the options could take a parameter starting with a dash. In issue #644, haproxy starts with "-L -xfoo" which is perfectly correct. However, the re-exec is done without "-xfoo" because the master tries to remove the "-x" option. Indeed, the copy_argv() function does not know how much arguments an option can have, and just assume that everything starting with a dash is an option. So haproxy is exec() with "-L" but without a parameter, which is wrong and leads to the exit of the master, with usage(). To fix this issue, copy_argv() must know how much parameters an option takes, and copy or skip the parameters correctly. This fix is a first step but it should evolve to a cleaner way of declaring the options to avoid deduplication of the parsing code, so we avoid new bugs. Should be backported with care as far as 1.8, by removing the options that does not exists in the previous versions.
2020-06-04 11:40:23 -04:00
}
break;
case 'x':
/* this option and its parameter are ignored */
argc--;
argv++;
if (argc > 0) {
argc--;
argv++;
}
break;
case 'C':
case 'n':
case 'm':
case 'N':
case 'L':
case 'f':
case 'p':
case 'S':
/* these options have only 1 parameter which must be copied and can start with a '-' */
*newargv++ = *argv++;
argc--;
if (argc == 0)
goto error;
*newargv++ = *argv++;
argc--;
break;
default:
/* for other options just copy them without parameters, this is also done
* for options like "--foo", but this will fail in the argument parser.
* */
*newargv++ = *argv++;
argc--;
break;
}
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
}
}
}
MINOR: mworker: don't copy -x argument anymore in copy_argv() Don't copy the -x argument anymore in copy_argv() since it's already allocated in mworker_reload(). Make the copy_argv() more consistent when used with multiple arguments to strip. It prevents multiple -x on reload, which is not supported.
2017-06-20 05:20:23 -04:00
BUG/MEDIUM: mworker: fix the copy of options in copy_argv() The copy_argv() function, which is used to copy and remove some of the arguments of the command line in order to re-exec() the master process, is poorly implemented. The function tries to remove the -x and the -sf/-st options but without taking into account that some of the options could take a parameter starting with a dash. In issue #644, haproxy starts with "-L -xfoo" which is perfectly correct. However, the re-exec is done without "-xfoo" because the master tries to remove the "-x" option. Indeed, the copy_argv() function does not know how much arguments an option can have, and just assume that everything starting with a dash is an option. So haproxy is exec() with "-L" but without a parameter, which is wrong and leads to the exit of the master, with usage(). To fix this issue, copy_argv() must know how much parameters an option takes, and copy or skip the parameters correctly. This fix is a first step but it should evolve to a cleaner way of declaring the options to avoid deduplication of the parsing code, so we avoid new bugs. Should be backported with care as far as 1.8, by removing the options that does not exists in the previous versions.
2020-06-04 11:40:23 -04:00
return retargv;
error:
free(retargv);
return NULL;
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
}
BUG/MEDIUM: random: initialize the random pool a bit better Since the UUID sample fetch was created, some people noticed that in certain virtualized environments they manage to get exact same UUIDs on different instances started exactly at the same moment. It turns out that the randoms were only initialized to spread the health checks originally, not to provide "clean" randoms. This patch changes this and collects more randomness from various sources, including existing randoms, /dev/urandom when available, RAND_bytes() when OpenSSL is available, as well as the timing for such operations, then applies a SHA1 on all this to keep a 160 bits random seed available, 32 of which are passed to srandom(). It's worth mentioning that there's no clean way to pass more than 32 bits to srandom() as even initstate() provides an opaque state that must absolutely not be tampered with since known implementations contain state information. At least this allows to have up to 4 billion different sequences from the boot, which is not that bad. Note that the thread safety was still not addressed, which is another issue for another patch. This must be backported to all versions containing the UUID sample fetch function, i.e. as far as 2.0.
2020-03-06 12:57:15 -05:00
/* Performs basic random seed initialization. The main issue with this is that
* srandom_r() only takes 32 bits and purposely provides a reproducible sequence,
* which means that there will only be 4 billion possible random sequences once
* srandom() is called, regardless of the internal state. Not calling it is
* even worse as we'll always produce the same randoms sequences. What we do
* here is to create an initial sequence from various entropy sources, hash it
* using SHA1 and keep the resulting 160 bits available globally.
*
* We initialize the current process with the first 32 bits before starting the
* polling loop, where all this will be changed to have process specific and
* thread specific sequences.
BUG/MEDIUM: random: implement a thread-safe and process-safe PRNG This is the replacement of failed attempt to add thread safety and per-process sequences of random numbers initally tried with commit 1c306aa84d ("BUG/MEDIUM: random: implement per-thread and per-process random sequences"). This new version takes a completely different approach and doesn't try to work around the horrible OS-specific and non-portable random API anymore. Instead it implements "xoroshiro128**", a reputedly high quality random number generator, which is one of the many variants of xorshift, which passes all quality tests and which is described here: http://prng.di.unimi.it/ While not cryptographically secure, it is fast and features a 2^128-1 period. It supports fast jumps allowing to cut the period into smaller non-overlapping sequences, which we use here to support up to 2^32 processes each having their own, non-overlapping sequence of 2^96 numbers (~7*10^28). This is enough to provide 1 billion randoms per second and per process for 2200 billion years. The implementation was made thread-safe either by using a double 64-bit CAS on platforms supporting it (x86_64, aarch64) or by using a local lock for the time needed to perform the shift operations. This ensures that all threads pick numbers from the same pool so that it is not needed to assign per-thread ranges. For processes we use the fast jump method to advance the sequence by 2^96 for each process. Before this patch, the following config: global nbproc 8 frontend f bind :4445 mode http log stdout format raw daemon log-format "%[uuid] %pid" redirect location / Would produce this output: a4d0ad64-2645-4b74-b894-48acce0669af 12987 a4d0ad64-2645-4b74-b894-48acce0669af 12992 a4d0ad64-2645-4b74-b894-48acce0669af 12986 a4d0ad64-2645-4b74-b894-48acce0669af 12988 a4d0ad64-2645-4b74-b894-48acce0669af 12991 a4d0ad64-2645-4b74-b894-48acce0669af 12989 a4d0ad64-2645-4b74-b894-48acce0669af 12990 82d5f6cd-f6c1-4f85-a89c-36ae85d26fb9 12987 82d5f6cd-f6c1-4f85-a89c-36ae85d26fb9 12992 82d5f6cd-f6c1-4f85-a89c-36ae85d26fb9 12986 (...) And now produces: f94b29b3-da74-4e03-a0c5-a532c635bad9 13011 47470c02-4862-4c33-80e7-a952899570e5 13014 86332123-539a-47bf-853f-8c8ea8b2a2b5 13013 8f9efa99-3143-47b2-83cf-d618c8dea711 13012 3cc0f5c7-d790-496b-8d39-bec77647af5b 13015 3ec64915-8f95-4374-9e66-e777dc8791e0 13009 0f9bf894-dcde-408c-b094-6e0bb3255452 13011 49c7bfde-3ffb-40e9-9a8d-8084d650ed8f 13014 e23f6f2e-35c5-4433-a294-b790ab902653 13012 There are multiple benefits to using this method. First, it doesn't depend anymore on a non-portable API. Second it's thread safe. Third it is fast and more proven than any hack we could attempt to try to work around the deficiencies of the various implementations around. This commit depends on previous patches "MINOR: tools: add 64-bit rotate operators" and "BUG/MEDIUM: random: initialize the random pool a bit better", all of which will need to be backported at least as far as version 2.0. It doesn't require to backport the build fixes for circular include files dependecy anymore.
2020-03-07 18:42:37 -05:00
*
* Before starting threads, it's still possible to call random() as srandom()
* is initialized from this, but after threads and/or processes are started,
* only ha_random() is expected to be used to guarantee distinct sequences.
BUG/MEDIUM: random: initialize the random pool a bit better Since the UUID sample fetch was created, some people noticed that in certain virtualized environments they manage to get exact same UUIDs on different instances started exactly at the same moment. It turns out that the randoms were only initialized to spread the health checks originally, not to provide "clean" randoms. This patch changes this and collects more randomness from various sources, including existing randoms, /dev/urandom when available, RAND_bytes() when OpenSSL is available, as well as the timing for such operations, then applies a SHA1 on all this to keep a 160 bits random seed available, 32 of which are passed to srandom(). It's worth mentioning that there's no clean way to pass more than 32 bits to srandom() as even initstate() provides an opaque state that must absolutely not be tampered with since known implementations contain state information. At least this allows to have up to 4 billion different sequences from the boot, which is not that bad. Note that the thread safety was still not addressed, which is another issue for another patch. This must be backported to all versions containing the UUID sample fetch function, i.e. as far as 2.0.
2020-03-06 12:57:15 -05:00
*/
static void ha_random_boot(char *const *argv)
{
unsigned char message[256];
unsigned char *m = message;
struct timeval tv;
blk_SHA_CTX ctx;
unsigned long l;
int fd;
int i;
/* start with current time as pseudo-random seed */
gettimeofday(&tv, NULL);
write_u32(m, tv.tv_sec); m += 4;
write_u32(m, tv.tv_usec); m += 4;
/* PID and PPID add some OS-based randomness */
write_u16(m, getpid()); m += 2;
write_u16(m, getppid()); m += 2;
/* take up to 160 bits bytes from /dev/urandom if available (non-blocking) */
fd = open("/dev/urandom", O_RDONLY);
if (fd >= 0) {
i = read(fd, m, 20);
if (i > 0)
m += i;
close(fd);
}
/* take up to 160 bits bytes from openssl (non-blocking) */
#ifdef USE_OPENSSL
if (RAND_bytes(m, 20) == 1)
m += 20;
#endif
/* take 160 bits from existing random in case it was already initialized */
for (i = 0; i < 5; i++) {
write_u32(m, random());
m += 4;
}
/* stack address (benefit form operating system's ASLR) */
l = (unsigned long)&m;
memcpy(m, &l, sizeof(l)); m += sizeof(l);
/* argv address (benefit form operating system's ASLR) */
l = (unsigned long)&argv;
memcpy(m, &l, sizeof(l)); m += sizeof(l);
/* use tv_usec again after all the operations above */
gettimeofday(&tv, NULL);
write_u32(m, tv.tv_usec); m += 4;
/*
* At this point, ~84-92 bytes have been used
*/
/* finish with the hostname */
strncpy((char *)m, hostname, message + sizeof(message) - m);
m += strlen(hostname);
/* total message length */
l = m - message;
memset(&ctx, 0, sizeof(ctx));
blk_SHA1_Init(&ctx);
blk_SHA1_Update(&ctx, message, l);
blk_SHA1_Final(boot_seed, &ctx);
srandom(read_u32(boot_seed));
BUG/MEDIUM: random: implement a thread-safe and process-safe PRNG This is the replacement of failed attempt to add thread safety and per-process sequences of random numbers initally tried with commit 1c306aa84d ("BUG/MEDIUM: random: implement per-thread and per-process random sequences"). This new version takes a completely different approach and doesn't try to work around the horrible OS-specific and non-portable random API anymore. Instead it implements "xoroshiro128**", a reputedly high quality random number generator, which is one of the many variants of xorshift, which passes all quality tests and which is described here: http://prng.di.unimi.it/ While not cryptographically secure, it is fast and features a 2^128-1 period. It supports fast jumps allowing to cut the period into smaller non-overlapping sequences, which we use here to support up to 2^32 processes each having their own, non-overlapping sequence of 2^96 numbers (~7*10^28). This is enough to provide 1 billion randoms per second and per process for 2200 billion years. The implementation was made thread-safe either by using a double 64-bit CAS on platforms supporting it (x86_64, aarch64) or by using a local lock for the time needed to perform the shift operations. This ensures that all threads pick numbers from the same pool so that it is not needed to assign per-thread ranges. For processes we use the fast jump method to advance the sequence by 2^96 for each process. Before this patch, the following config: global nbproc 8 frontend f bind :4445 mode http log stdout format raw daemon log-format "%[uuid] %pid" redirect location / Would produce this output: a4d0ad64-2645-4b74-b894-48acce0669af 12987 a4d0ad64-2645-4b74-b894-48acce0669af 12992 a4d0ad64-2645-4b74-b894-48acce0669af 12986 a4d0ad64-2645-4b74-b894-48acce0669af 12988 a4d0ad64-2645-4b74-b894-48acce0669af 12991 a4d0ad64-2645-4b74-b894-48acce0669af 12989 a4d0ad64-2645-4b74-b894-48acce0669af 12990 82d5f6cd-f6c1-4f85-a89c-36ae85d26fb9 12987 82d5f6cd-f6c1-4f85-a89c-36ae85d26fb9 12992 82d5f6cd-f6c1-4f85-a89c-36ae85d26fb9 12986 (...) And now produces: f94b29b3-da74-4e03-a0c5-a532c635bad9 13011 47470c02-4862-4c33-80e7-a952899570e5 13014 86332123-539a-47bf-853f-8c8ea8b2a2b5 13013 8f9efa99-3143-47b2-83cf-d618c8dea711 13012 3cc0f5c7-d790-496b-8d39-bec77647af5b 13015 3ec64915-8f95-4374-9e66-e777dc8791e0 13009 0f9bf894-dcde-408c-b094-6e0bb3255452 13011 49c7bfde-3ffb-40e9-9a8d-8084d650ed8f 13014 e23f6f2e-35c5-4433-a294-b790ab902653 13012 There are multiple benefits to using this method. First, it doesn't depend anymore on a non-portable API. Second it's thread safe. Third it is fast and more proven than any hack we could attempt to try to work around the deficiencies of the various implementations around. This commit depends on previous patches "MINOR: tools: add 64-bit rotate operators" and "BUG/MEDIUM: random: initialize the random pool a bit better", all of which will need to be backported at least as far as version 2.0. It doesn't require to backport the build fixes for circular include files dependecy anymore.
2020-03-07 18:42:37 -05:00
ha_random_seed(boot_seed, sizeof(boot_seed));
BUG/MEDIUM: random: initialize the random pool a bit better Since the UUID sample fetch was created, some people noticed that in certain virtualized environments they manage to get exact same UUIDs on different instances started exactly at the same moment. It turns out that the randoms were only initialized to spread the health checks originally, not to provide "clean" randoms. This patch changes this and collects more randomness from various sources, including existing randoms, /dev/urandom when available, RAND_bytes() when OpenSSL is available, as well as the timing for such operations, then applies a SHA1 on all this to keep a 160 bits random seed available, 32 of which are passed to srandom(). It's worth mentioning that there's no clean way to pass more than 32 bits to srandom() as even initstate() provides an opaque state that must absolutely not be tampered with since known implementations contain state information. At least this allows to have up to 4 billion different sequences from the boot, which is not that bad. Note that the thread safety was still not addressed, which is another issue for another patch. This must be backported to all versions containing the UUID sample fetch function, i.e. as far as 2.0.
2020-03-06 12:57:15 -05:00
}
MEDIUM: init: always try to push the FD limit when maxconn is set from -m When a maximum memory setting is passed to haproxy and maxconn is not set and ulimit-n is not set, it is expected that maxconn will be set to the highest value permitted by this memory setting, possibly affecting the FD limit. When maxconn was changed to be deduced from the current process's FD limit, the automatic setting above was partially lost because it now remains limited to the current FD limit in addition to being limited to the memory usage. For unprivileged processes it does not change anything, but for privileged processes the difference is important. Indeed, the previous behavior ensured that the new FD limit could be enforced on the process as long as the user had the privilege to do so. Now this does not happen anymore, and some people rely on this for automatic sizing in VM environments. This patch implements the ability to verify if the setting will be enforceable on the process or not. First it computes maxconn based on the memory limits alone, then checks if the process is willing to accept them, otherwise tries again by respecting the process' hard limit. Thanks to this we now have the best of the pre-2.0 behavior and the current one, in that privileged users will be able to get as high a maxconn as they need just based on the memory limit, while unprivileged users will still get as high a setting as permitted by the intersection of the memory limit and the process' FD limit. Ideally, after some observation period, this patch along with the previous one "MINOR: init: move the maxsock calculation code to compute_ideal_maxsock()" should be backported to 2.1 and 2.0. Thanks to Baptiste for raising the issue.
2020-03-10 12:54:54 -04:00
REORG: init: encapsulate CHECK_CONDITION logic in a func As MODE_CHECK_CONDITION logic terminates the process anyway, no matter if the test for the provided condition was successfull or not, let's encapsulate it in a separate function. This makes the code of init() more readable.
2024-06-26 12:39:45 -04:00
/* Evaluates a condition provided within a conditional block of the
* configuration. Makes process to exit with 0, if the condition is true, with
* 1, if the condition is false or with 2, if parse_line encounters an error.
*/
static void do_check_condition(char *progname)
{
int result;
uint32_t err;
const char *errptr;
char *errmsg = NULL;
char *args[MAX_LINE_ARGS+1];
int arg = sizeof(args) / sizeof(*args);
size_t outlen;
char *w;
if (!check_condition)
usage(progname);
outlen = strlen(check_condition) + 1;
err = parse_line(check_condition, check_condition, &outlen, args, &arg,
PARSE_OPT_ENV | PARSE_OPT_WORD_EXPAND | PARSE_OPT_DQUOTE | PARSE_OPT_SQUOTE | PARSE_OPT_BKSLASH,
&errptr);
if (err & PARSE_ERR_QUOTE) {
ha_alert("Syntax Error in condition: Unmatched quote.\n");
exit(2);
}
if (err & PARSE_ERR_HEX) {
ha_alert("Syntax Error in condition: Truncated or invalid hexadecimal sequence.\n");
exit(2);
}
if (err & (PARSE_ERR_TOOLARGE|PARSE_ERR_OVERLAP)) {
ha_alert("Error in condition: Line too long.\n");
exit(2);
}
if (err & PARSE_ERR_TOOMANY) {
ha_alert("Error in condition: Too many words.\n");
exit(2);
}
if (err) {
ha_alert("Unhandled error in condition, please report this to the developers.\n");
exit(2);
}
/* remerge all words into a single expression */
for (w = *args; (w += strlen(w)) < check_condition + outlen - 1; *w = ' ')
;
result = cfg_eval_condition(args, &errmsg, &errptr);
if (result < 0) {
if (errmsg)
ha_alert("Failed to evaluate condition: %s\n", errmsg);
exit(2);
}
exit(result ? 0 : 1);
}
MEDIUM: init: split the early initialization in its own function There are some delicate chicken-and-egg situations in the initialization code, because the init() function currently does way too much (it goes as far as parsing the config) and due to this it must be started very late. But it's also in charge of initializing a number of variables that are needed in early boot (e.g. hostname/pid for error reporting, or entropy for random generators). This patch carefully extracts all the early code that depends on absolutely nothing, and places it immediately after the STG_LOCK init stage. The only possible failures at this stage are only allocation errors and they continue to provoke an immediate exit(). Some environment variables, hostname, date, pid etc are retrieved at this stage. The program's arguments are also copied there since they're needed to be kept intact for the master process.
2022-02-17 11:45:58 -05:00
/* This performs th every basic early initialization at the end of the PREPARE
* init stage. It may only assume that list heads are initialized, but not that
* anything else is correct. It will initialize a number of variables that
* depend on command line and will pre-parse the command line. If it fails, it
* directly exits.
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
*/
MEDIUM: init: split the early initialization in its own function There are some delicate chicken-and-egg situations in the initialization code, because the init() function currently does way too much (it goes as far as parsing the config) and due to this it must be started very late. But it's also in charge of initializing a number of variables that are needed in early boot (e.g. hostname/pid for error reporting, or entropy for random generators). This patch carefully extracts all the early code that depends on absolutely nothing, and places it immediately after the STG_LOCK init stage. The only possible failures at this stage are only allocation errors and they continue to provoke an immediate exit(). Some environment variables, hostname, date, pid etc are retrieved at this stage. The program's arguments are also copied there since they're needed to be kept intact for the master process.
2022-02-17 11:45:58 -05:00
static void init_early(int argc, char **argv)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
[MINOR] log: ability to override the syslog tag One of the requirements we have is to run multiple instances of haproxy on a single host; this is so that we can split the responsibilities (and change permissions) between product teams. An issue we ran up against is how we would distinguish between the logs generated by each instance. The solution we came up with (please let me know if there is a better way) is to override the application tag written to syslog. We can then configure syslog to write these to different files. I have attached a patch adding a global option 'log-tag' to override the default syslog tag 'haproxy' (actually defaults to argv[0]).
2010-12-22 11:08:21 -05:00
char *progname;
MEDIUM: init: split the early initialization in its own function There are some delicate chicken-and-egg situations in the initialization code, because the init() function currently does way too much (it goes as far as parsing the config) and due to this it must be started very late. But it's also in charge of initializing a number of variables that are needed in early boot (e.g. hostname/pid for error reporting, or entropy for random generators). This patch carefully extracts all the early code that depends on absolutely nothing, and places it immediately after the STG_LOCK init stage. The only possible failures at this stage are only allocation errors and they continue to provoke an immediate exit(). Some environment variables, hostname, date, pid etc are retrieved at this stage. The program's arguments are also copied there since they're needed to be kept intact for the master process.
2022-02-17 11:45:58 -05:00
char *tmp;
int len;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MINOR: startup: HAPROXY_STARTUP_VERSION contains the version used to start HAPROXY_STARTUP_VERSION: contains the version used to start, in master-worker mode this is the version which was used to start the master, even after updating the binary and reloading. This patch could be backported in every version since it is useful when debugging.
2023-02-21 08:07:05 -05:00
setenv("HAPROXY_STARTUP_VERSION", HAPROXY_VERSION, 0);
MEDIUM: init: split the early initialization in its own function There are some delicate chicken-and-egg situations in the initialization code, because the init() function currently does way too much (it goes as far as parsing the config) and due to this it must be started very late. But it's also in charge of initializing a number of variables that are needed in early boot (e.g. hostname/pid for error reporting, or entropy for random generators). This patch carefully extracts all the early code that depends on absolutely nothing, and places it immediately after the STG_LOCK init stage. The only possible failures at this stage are only allocation errors and they continue to provoke an immediate exit(). Some environment variables, hostname, date, pid etc are retrieved at this stage. The program's arguments are also copied there since they're needed to be kept intact for the master process.
2022-02-17 11:45:58 -05:00
/* First, let's initialize most global variables */
totalconn = actconn = listeners = stopping = 0;
killed = pid = 0;
MINOR: cli/debug: show dev: add cmdline and version 'show dev' command is very convenient to obtain haproxy debugging information, while process is run in container. Let's extend its output with version and cmdline. cmdline is useful in a way, as it shows absolute binary path and its arguments, because sometimes the person, who is debugging failing container is not the same, who has created and deployed it. argc and argv are stored in the exported global structure, because feed_post_mortem() is added as a post check function callback in the post_check_list. So we can't simply change the signature of feed_post_mortem(), without breaking other post check callbacks APIs. Parsers are not supposed to modify argv, so we can safely bypass its pointer to debug_parse_cli_show_dev(), without copying all argument stings somewhere in the heap or on stack.
2024-05-29 05:27:21 -04:00
/* cast to one byte in order to fill better a 3 bytes hole in the global struct,
* we hopefully will never start with > than 255 args
*/
global.argc = (unsigned char)argc;
global.argv = argv;
MEDIUM: init: split the early initialization in its own function There are some delicate chicken-and-egg situations in the initialization code, because the init() function currently does way too much (it goes as far as parsing the config) and due to this it must be started very late. But it's also in charge of initializing a number of variables that are needed in early boot (e.g. hostname/pid for error reporting, or entropy for random generators). This patch carefully extracts all the early code that depends on absolutely nothing, and places it immediately after the STG_LOCK init stage. The only possible failures at this stage are only allocation errors and they continue to provoke an immediate exit(). Some environment variables, hostname, date, pid etc are retrieved at this stage. The program's arguments are also copied there since they're needed to be kept intact for the master process.
2022-02-17 11:45:58 -05:00
global.maxsock = 10; /* reserve 10 fds ; will be incremented by socket eaters */
global.rlimit_memmax_all = HAPROXY_MEMMAX;
MINOR: startup: Extend the scope the MODE_STARTING flag Now, MODE_STARTING is set at the begining to init function and it is removed just before the polling loop. So more alerts or warnings are saved.
2017-10-24 07:53:54 -04:00
global.mode = MODE_STARTING;
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
MEDIUM: init: split the early initialization in its own function There are some delicate chicken-and-egg situations in the initialization code, because the init() function currently does way too much (it goes as far as parsing the config) and due to this it must be started very late. But it's also in charge of initializing a number of variables that are needed in early boot (e.g. hostname/pid for error reporting, or entropy for random generators). This patch carefully extracts all the early code that depends on absolutely nothing, and places it immediately after the STG_LOCK init stage. The only possible failures at this stage are only allocation errors and they continue to provoke an immediate exit(). Some environment variables, hostname, date, pid etc are retrieved at this stage. The program's arguments are also copied there since they're needed to be kept intact for the master process.
2022-02-17 11:45:58 -05:00
/* if we were in mworker mode, we should restart in mworker mode */
if (getenv("HAPROXY_MWORKER_REEXEC") != NULL)
global.mode |= MODE_MWORKER;
BUG/MAJOR: trash must always be the size of a buffer Before it was possible to resize the buffers using global.tune.bufsize, the trash has always been the size of a buffer by design. Unfortunately, the recent buffer sizing at runtime forgot to adjust the trash, resulting in it being too short for content rewriting if buffers were enlarged from the default value. The bug was encountered in 1.4 so the fix must be backported there.
2012-05-16 08:16:48 -04:00
MEDIUM: init: split the early initialization in its own function There are some delicate chicken-and-egg situations in the initialization code, because the init() function currently does way too much (it goes as far as parsing the config) and due to this it must be started very late. But it's also in charge of initializing a number of variables that are needed in early boot (e.g. hostname/pid for error reporting, or entropy for random generators). This patch carefully extracts all the early code that depends on absolutely nothing, and places it immediately after the STG_LOCK init stage. The only possible failures at this stage are only allocation errors and they continue to provoke an immediate exit(). Some environment variables, hostname, date, pid etc are retrieved at this stage. The program's arguments are also copied there since they're needed to be kept intact for the master process.
2022-02-17 11:45:58 -05:00
/* initialize date, time, and pid */
tzset();
clock_init_process_date();
BUG/MINOR: clock: do not mix wall-clock and monotonic time in uptime calculation We've had a start date even before the internal monotonic clock existed, but once the monotonic clock was added, the start date was not updated to distinguish the wall clock time units and the internal monotonic time units. The distinction is important because both clocks do not necessarily progress at the same speed. The very rare occurrences of the wall-clock date are essentially for human consumption and communication with third parties (e.g. report the start date in "show info" for monitoring purposes). However currently this one is also used to measure the distance to "now" as being the process' uptime. This is actually not correct. It only works because for now the two dates are initialized at the exact same instant at boot but could still be wrong if the system's date shows a big jump backwards during startup for example. In addition the current situation prevents us from enforcing an abritrary offset at boot to reveal some heisenbugs. This patch adds a new "start_time" at boot that is set from "now" and is used in uptime calculations. "start_date" instead is now set from "date" and will always reflect the system date for human consumption (e.g. in "show info"). This way we're now sure that any drift of the internal clock relative to the system date will not impact the reported uptime. This could possibly be backported though it's unlikely that anyone has ever noticed the problem.
2023-02-07 09:52:14 -05:00
start_date = date;
MINOR: clock: replace the timeval start_time with start_time_ns Now that "now" is no more a timeval, there's no point keeping a copy of it as a timeval, let's also switch start_time to nanoseconds, it simplifies operations.
2023-04-28 08:50:29 -04:00
start_time_ns = now_ns;
MEDIUM: init: split the early initialization in its own function There are some delicate chicken-and-egg situations in the initialization code, because the init() function currently does way too much (it goes as far as parsing the config) and due to this it must be started very late. But it's also in charge of initializing a number of variables that are needed in early boot (e.g. hostname/pid for error reporting, or entropy for random generators). This patch carefully extracts all the early code that depends on absolutely nothing, and places it immediately after the STG_LOCK init stage. The only possible failures at this stage are only allocation errors and they continue to provoke an immediate exit(). Some environment variables, hostname, date, pid etc are retrieved at this stage. The program's arguments are also copied there since they're needed to be kept intact for the master process.
2022-02-17 11:45:58 -05:00
pid = getpid();
/* Set local host name and adjust some environment variables.
* NB: POSIX does not make it mandatory for gethostname() to
* NULL-terminate the string in case of truncation, and at least
* FreeBSD appears not to do it.
[MAJOR] Add new files src/peer.c, include/proto/peers.h and include/types/peers.h for sync stick table management Add cmdline option -L to configure local peer name
2010-09-23 12:30:22 -04:00
*/
memset(hostname, 0, sizeof(hostname));
gethostname(hostname, sizeof(hostname) - 1);
MINOR: peers: do not use localpeer as an array anymore It is now dynamically allocated by using strdup().
2020-06-18 10:56:47 -04:00
MEDIUM: init: split the early initialization in its own function There are some delicate chicken-and-egg situations in the initialization code, because the init() function currently does way too much (it goes as far as parsing the config) and due to this it must be started very late. But it's also in charge of initializing a number of variables that are needed in early boot (e.g. hostname/pid for error reporting, or entropy for random generators). This patch carefully extracts all the early code that depends on absolutely nothing, and places it immediately after the STG_LOCK init stage. The only possible failures at this stage are only allocation errors and they continue to provoke an immediate exit(). Some environment variables, hostname, date, pid etc are retrieved at this stage. The program's arguments are also copied there since they're needed to be kept intact for the master process.
2022-02-17 11:45:58 -05:00
/* preset some environment variables */
localpeer = strdup(hostname);
if (!localpeer || setenv("HAPROXY_LOCALPEER", localpeer, 1) < 0) {
MINOR: peers: do not use localpeer as an array anymore It is now dynamically allocated by using strdup().
2020-06-18 10:56:47 -04:00
ha_alert("Cannot allocate memory for local peer.\n");
exit(EXIT_FAILURE);
}
[MAJOR] Add new files src/peer.c, include/proto/peers.h and include/types/peers.h for sync stick table management Add cmdline option -L to configure local peer name
2010-09-23 12:30:22 -04:00
MEDIUM: init: split the early initialization in its own function There are some delicate chicken-and-egg situations in the initialization code, because the init() function currently does way too much (it goes as far as parsing the config) and due to this it must be started very late. But it's also in charge of initializing a number of variables that are needed in early boot (e.g. hostname/pid for error reporting, or entropy for random generators). This patch carefully extracts all the early code that depends on absolutely nothing, and places it immediately after the STG_LOCK init stage. The only possible failures at this stage are only allocation errors and they continue to provoke an immediate exit(). Some environment variables, hostname, date, pid etc are retrieved at this stage. The program's arguments are also copied there since they're needed to be kept intact for the master process.
2022-02-17 11:45:58 -05:00
/* extract the program name from argv[0], it will be used for the logs
* and error messages.
*/
progname = *argv;
while ((tmp = strchr(progname, '/')) != NULL)
progname = tmp + 1;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: init: split the early initialization in its own function There are some delicate chicken-and-egg situations in the initialization code, because the init() function currently does way too much (it goes as far as parsing the config) and due to this it must be started very late. But it's also in charge of initializing a number of variables that are needed in early boot (e.g. hostname/pid for error reporting, or entropy for random generators). This patch carefully extracts all the early code that depends on absolutely nothing, and places it immediately after the STG_LOCK init stage. The only possible failures at this stage are only allocation errors and they continue to provoke an immediate exit(). Some environment variables, hostname, date, pid etc are retrieved at this stage. The program's arguments are also copied there since they're needed to be kept intact for the master process.
2022-02-17 11:45:58 -05:00
len = strlen(progname);
progname = strdup(progname);
if (!progname) {
ha_alert("Cannot allocate memory for log_tag.\n");
exit(EXIT_FAILURE);
}
MINOR: sample: add a rand() sample fetch to return a sample. Sometimes it can be useful to generate a random value, at least for debugging purposes, but also to take routing decisions or to pass such a value to a backend server.
2014-02-14 05:59:04 -05:00
MEDIUM: init: split the early initialization in its own function There are some delicate chicken-and-egg situations in the initialization code, because the init() function currently does way too much (it goes as far as parsing the config) and due to this it must be started very late. But it's also in charge of initializing a number of variables that are needed in early boot (e.g. hostname/pid for error reporting, or entropy for random generators). This patch carefully extracts all the early code that depends on absolutely nothing, and places it immediately after the STG_LOCK init stage. The only possible failures at this stage are only allocation errors and they continue to provoke an immediate exit(). Some environment variables, hostname, date, pid etc are retrieved at this stage. The program's arguments are also copied there since they're needed to be kept intact for the master process.
2022-02-17 11:45:58 -05:00
chunk_initlen(&global.log_tag, progname, len, len);
}
MEDIUM: initcall: use initcalls for a few initialization functions signal_init(), init_log(), init_stream(), and init_task() all used to only preset some values and lists. This needs to be done very early to provide a reliable interface to all other users. The calls used to be explicit in haproxy.c:init(). Now they're placed in initcalls at the STG_PREPARE stage. The functions are not exported anymore.
2018-11-26 10:31:20 -05:00
MINOR: init: extract args parsing to their own function The cmdline argument parsing was performed quite late, which prevents from retrieving elements that can be used to initialize the pools and certain sensitive areas. The goal is to improve this by parsing command line arguments right after the early init stage. This is possible because the cmdline parser already does very little beyond retrieving config elements that are used later. Doing so requires to move the parser code to a separate function and to externalize a few variables out of the function as they're used later in the boot process, in the original function. This patch creates init_args() but doesn't move it upfront yet, it's still executed just before init(), which essentially corresponds to what was done before (only the trash buffers, ACLs and Lua were initialized earlier and are not needed for this). The rest is not modified and as expected no change is observed. Note that the diff doesn't to justice to the change as it makes it look like the early init() code was moved to a new function after the function was renamed, while in fact it's clearly the parser itself which moved.
2022-02-17 12:10:36 -05:00
/* handles program arguments. Very minimal parsing is performed, variables are
* fed with some values, and lists are completed with other ones. In case of
* error, it will exit.
MEDIUM: init: split the early initialization in its own function There are some delicate chicken-and-egg situations in the initialization code, because the init() function currently does way too much (it goes as far as parsing the config) and due to this it must be started very late. But it's also in charge of initializing a number of variables that are needed in early boot (e.g. hostname/pid for error reporting, or entropy for random generators). This patch carefully extracts all the early code that depends on absolutely nothing, and places it immediately after the STG_LOCK init stage. The only possible failures at this stage are only allocation errors and they continue to provoke an immediate exit(). Some environment variables, hostname, date, pid etc are retrieved at this stage. The program's arguments are also copied there since they're needed to be kept intact for the master process.
2022-02-17 11:45:58 -05:00
*/
MINOR: init: extract args parsing to their own function The cmdline argument parsing was performed quite late, which prevents from retrieving elements that can be used to initialize the pools and certain sensitive areas. The goal is to improve this by parsing command line arguments right after the early init stage. This is possible because the cmdline parser already does very little beyond retrieving config elements that are used later. Doing so requires to move the parser code to a separate function and to externalize a few variables out of the function as they're used later in the boot process, in the original function. This patch creates init_args() but doesn't move it upfront yet, it's still executed just before init(), which essentially corresponds to what was done before (only the trash buffers, ACLs and Lua were initialized earlier and are not needed for this). The rest is not modified and as expected no change is observed. Note that the diff doesn't to justice to the change as it makes it look like the early init() code was moved to a new function after the function was renamed, while in fact it's clearly the parser itself which moved.
2022-02-17 12:10:36 -05:00
static void init_args(int argc, char **argv)
MEDIUM: init: split the early initialization in its own function There are some delicate chicken-and-egg situations in the initialization code, because the init() function currently does way too much (it goes as far as parsing the config) and due to this it must be started very late. But it's also in charge of initializing a number of variables that are needed in early boot (e.g. hostname/pid for error reporting, or entropy for random generators). This patch carefully extracts all the early code that depends on absolutely nothing, and places it immediately after the STG_LOCK init stage. The only possible failures at this stage are only allocation errors and they continue to provoke an immediate exit(). Some environment variables, hostname, date, pid etc are retrieved at this stage. The program's arguments are also copied there since they're needed to be kept intact for the master process.
2022-02-17 11:45:58 -05:00
{
char *progname = global.log_tag.area;
MINOR: init: extract args parsing to their own function The cmdline argument parsing was performed quite late, which prevents from retrieving elements that can be used to initialize the pools and certain sensitive areas. The goal is to improve this by parsing command line arguments right after the early init stage. This is possible because the cmdline parser already does very little beyond retrieving config elements that are used later. Doing so requires to move the parser code to a separate function and to externalize a few variables out of the function as they're used later in the boot process, in the original function. This patch creates init_args() but doesn't move it upfront yet, it's still executed just before init(), which essentially corresponds to what was done before (only the trash buffers, ACLs and Lua were initialized earlier and are not needed for this). The rest is not modified and as expected no change is observed. Note that the diff doesn't to justice to the change as it makes it look like the early init() code was moved to a new function after the function was renamed, while in fact it's clearly the parser itself which moved.
2022-02-17 12:10:36 -05:00
char *err_msg = NULL;
MEDIUM: lua: lua integration in the build and init system. This is the first step of the lua integration. We add the useful files in the HAProxy project. These files contains the main includes, the Makefile options and empty initialisation function. Is is the LUA skeleton.
2015-01-23 08:06:13 -05:00
MEDIUM: init: split the early initialization in its own function There are some delicate chicken-and-egg situations in the initialization code, because the init() function currently does way too much (it goes as far as parsing the config) and due to this it must be started very late. But it's also in charge of initializing a number of variables that are needed in early boot (e.g. hostname/pid for error reporting, or entropy for random generators). This patch carefully extracts all the early code that depends on absolutely nothing, and places it immediately after the STG_LOCK init stage. The only possible failures at this stage are only allocation errors and they continue to provoke an immediate exit(). Some environment variables, hostname, date, pid etc are retrieved at this stage. The program's arguments are also copied there since they're needed to be kept intact for the master process.
2022-02-17 11:45:58 -05:00
/* pre-fill in the global tuning options before we let the cmdline
* change them.
*/
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
global.tune.options |= GTUNE_USE_SELECT; /* select() is always available */
CLEANUP: build: rename some build macros to use the USE_* ones We still have quite a number of build macros which are mapped 1:1 to a USE_something setting in the makefile but which have a different name. This patch cleans this up by renaming them to use the USE_something one, allowing to clean up the makefile and make it more obvious when reading the code what build option needs to be added. The following renames were done : ENABLE_POLL -> USE_POLL ENABLE_EPOLL -> USE_EPOLL ENABLE_KQUEUE -> USE_KQUEUE ENABLE_EVPORTS -> USE_EVPORTS TPROXY -> USE_TPROXY NETFILTER -> USE_NETFILTER NEED_CRYPT_H -> USE_CRYPT_H CONFIG_HAP_CRYPT -> USE_LIBCRYPT CONFIG_HAP_NS -> DUSE_NS CONFIG_HAP_LINUX_SPLICE -> USE_LINUX_SPLICE CONFIG_HAP_LINUX_TPROXY -> USE_LINUX_TPROXY CONFIG_HAP_LINUX_VSYSCALL -> USE_LINUX_VSYSCALL
2019-05-22 13:24:06 -04:00
#if defined(USE_POLL)
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
global.tune.options |= GTUNE_USE_POLL;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#endif
CLEANUP: build: rename some build macros to use the USE_* ones We still have quite a number of build macros which are mapped 1:1 to a USE_something setting in the makefile but which have a different name. This patch cleans this up by renaming them to use the USE_something one, allowing to clean up the makefile and make it more obvious when reading the code what build option needs to be added. The following renames were done : ENABLE_POLL -> USE_POLL ENABLE_EPOLL -> USE_EPOLL ENABLE_KQUEUE -> USE_KQUEUE ENABLE_EVPORTS -> USE_EVPORTS TPROXY -> USE_TPROXY NETFILTER -> USE_NETFILTER NEED_CRYPT_H -> USE_CRYPT_H CONFIG_HAP_CRYPT -> USE_LIBCRYPT CONFIG_HAP_NS -> DUSE_NS CONFIG_HAP_LINUX_SPLICE -> USE_LINUX_SPLICE CONFIG_HAP_LINUX_TPROXY -> USE_LINUX_TPROXY CONFIG_HAP_LINUX_VSYSCALL -> USE_LINUX_VSYSCALL
2019-05-22 13:24:06 -04:00
#if defined(USE_EPOLL)
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
global.tune.options |= GTUNE_USE_EPOLL;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#endif
CLEANUP: build: rename some build macros to use the USE_* ones We still have quite a number of build macros which are mapped 1:1 to a USE_something setting in the makefile but which have a different name. This patch cleans this up by renaming them to use the USE_something one, allowing to clean up the makefile and make it more obvious when reading the code what build option needs to be added. The following renames were done : ENABLE_POLL -> USE_POLL ENABLE_EPOLL -> USE_EPOLL ENABLE_KQUEUE -> USE_KQUEUE ENABLE_EVPORTS -> USE_EVPORTS TPROXY -> USE_TPROXY NETFILTER -> USE_NETFILTER NEED_CRYPT_H -> USE_CRYPT_H CONFIG_HAP_CRYPT -> USE_LIBCRYPT CONFIG_HAP_NS -> DUSE_NS CONFIG_HAP_LINUX_SPLICE -> USE_LINUX_SPLICE CONFIG_HAP_LINUX_TPROXY -> USE_LINUX_TPROXY CONFIG_HAP_LINUX_VSYSCALL -> USE_LINUX_VSYSCALL
2019-05-22 13:24:06 -04:00
#if defined(USE_KQUEUE)
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
global.tune.options |= GTUNE_USE_KQUEUE;
[MAJOR] implemented support for FreeBSD's kqueue() polling mechanism It has not been tested yet, but at least it builds.
2007-04-09 06:03:06 -04:00
#endif
CLEANUP: build: rename some build macros to use the USE_* ones We still have quite a number of build macros which are mapped 1:1 to a USE_something setting in the makefile but which have a different name. This patch cleans this up by renaming them to use the USE_something one, allowing to clean up the makefile and make it more obvious when reading the code what build option needs to be added. The following renames were done : ENABLE_POLL -> USE_POLL ENABLE_EPOLL -> USE_EPOLL ENABLE_KQUEUE -> USE_KQUEUE ENABLE_EVPORTS -> USE_EVPORTS TPROXY -> USE_TPROXY NETFILTER -> USE_NETFILTER NEED_CRYPT_H -> USE_CRYPT_H CONFIG_HAP_CRYPT -> USE_LIBCRYPT CONFIG_HAP_NS -> DUSE_NS CONFIG_HAP_LINUX_SPLICE -> USE_LINUX_SPLICE CONFIG_HAP_LINUX_TPROXY -> USE_LINUX_TPROXY CONFIG_HAP_LINUX_VSYSCALL -> USE_LINUX_VSYSCALL
2019-05-22 13:24:06 -04:00
#if defined(USE_EVPORTS)
MAJOR: polling: add event ports support (Solaris) Event ports are kqueue/epoll polling class for Solaris. Code is based on https://github.com/joyent/haproxy-1.8/tree/joyent/dev-v1.8.8. Event ports are available only on SunOS systems derived from Solaris 10 and later (including illumos systems).
2019-04-08 12:53:32 -04:00
global.tune.options |= GTUNE_USE_EVPORTS;
#endif
CLEANUP: build: rename some build macros to use the USE_* ones We still have quite a number of build macros which are mapped 1:1 to a USE_something setting in the makefile but which have a different name. This patch cleans this up by renaming them to use the USE_something one, allowing to clean up the makefile and make it more obvious when reading the code what build option needs to be added. The following renames were done : ENABLE_POLL -> USE_POLL ENABLE_EPOLL -> USE_EPOLL ENABLE_KQUEUE -> USE_KQUEUE ENABLE_EVPORTS -> USE_EVPORTS TPROXY -> USE_TPROXY NETFILTER -> USE_NETFILTER NEED_CRYPT_H -> USE_CRYPT_H CONFIG_HAP_CRYPT -> USE_LIBCRYPT CONFIG_HAP_NS -> DUSE_NS CONFIG_HAP_LINUX_SPLICE -> USE_LINUX_SPLICE CONFIG_HAP_LINUX_TPROXY -> USE_LINUX_TPROXY CONFIG_HAP_LINUX_VSYSCALL -> USE_LINUX_VSYSCALL
2019-05-22 13:24:06 -04:00
#if defined(USE_LINUX_SPLICE)
[MEDIUM] splice: add the global "nosplice" option Setting "nosplice" in the global section will disable the use of TCP splicing (both tcpsplice and linux 2.6 splice). The same will be achieved using the "-dS" parameter on the command line.
2009-01-25 10:03:28 -05:00
global.tune.options |= GTUNE_USE_SPLICE;
#endif
BUG/MINOR: Fix name lookup ordering when compiled with USE_GETADDRINFO When compiled with USE_GETADDRINFO, make sure we use getaddrinfo(3) to perform name lookups. On default dual-stack setups this will change the behavior of using IPv6 first. Global configuration option 'nogetaddrinfo' can be used to revert to deprecated gethostbyname(3).
2014-04-14 09:56:58 -04:00
#if defined(USE_GETADDRINFO)
global.tune.options |= GTUNE_USE_GAI;
#endif
MINOR: config: add a new tune.idle-pool.shared global setting. Enables ('on') or disables ('off') sharing of idle connection pools between threads for a same server. The default is to share them between threads in order to minimize the number of persistent connections to a server, and to optimize the connection reuse rate. But to help with debugging or when suspecting a bug in HAProxy around connection reuse, it can be convenient to forcefully disable this idle pool sharing between multiple threads, and force this option to "off". The default is on. This could have been nice to have during the idle connections debugging, but it's not too late to add it!
2020-07-01 12:49:24 -04:00
#ifdef USE_THREAD
global.tune.options |= GTUNE_IDLE_POOL_SHARED;
MINOR: quic: activate socket per conn by default Activate QUIC connection socket to achieve the best performance. The previous behavior can be reverted by tune.quic.socket-owner configuration option. This change is part of quic-conn owned socket implementation. Contrary to its siblings patches, I suggest to not backport it to 2.7. This should ensure that stable releases behavior is perserved. If a user faces issues with QUIC performance on 2.7, he can nonetheless change the default configuration.
2022-11-21 05:54:13 -05:00
#endif
#ifdef USE_QUIC
global.tune.options |= GTUNE_QUIC_SOCK_PER_CONN;
MINOR: config: add a new tune.idle-pool.shared global setting. Enables ('on') or disables ('off') sharing of idle connection pools between threads for a same server. The default is to share them between threads in order to minimize the number of persistent connections to a server, and to optimize the connection reuse rate. But to help with debugging or when suspecting a bug in HAProxy around connection reuse, it can be convenient to forcefully disable this idle pool sharing between multiple threads, and force this option to "off". The default is on. This could have been nice to have during the idle connections debugging, but it's not too late to add it!
2020-07-01 12:49:24 -04:00
#endif
MINOR: config: make strict limits enabled by default as agreed a few months ago, enable strict-limits for v2.3 update configuration manual accordingly Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2020-03-28 14:29:58 -04:00
global.tune.options |= GTUNE_STRICT_LIMITS;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
BUG/MINOR: haproxy: Fix option to disable the fast-forward The option was renamed to only permit to disable the fast-forward. First there is no reason to enable it because it is the default behavior. Then it introduced a bug because there is no way to be sure the command line has precedence over the configuration this way. So, the option is now named "tune.disable-fast-forward" and does not support any argument. And of course, the commande line option "-dF" has now precedence over the configuration. No backport needed.
2023-02-20 08:06:52 -05:00
global.tune.options |= GTUNE_USE_FAST_FWD; /* Use fast-forward by default */
MINOR: global: Use a dedicated bitfield to customize zero-copy fast-forwarding Zero-copy fast-forwading feature is a quite new and is a bit sensitive. There is an option to disable it globally. However, all protocols have not the same maturity. For instance, for the PT multiplexer, there is nothing really new. The zero-copy fast-forwading is only another name for the kernel splicing. However, for the QUIC/H3, it is pretty new, not really optimized and it will evolved. And soon, the support will be added for the cache applet. In this context, it is usefull to be able to enable/disable zero-copy fast-forwading per-protocol and applet. And when it is applicable, on sends or receives separately. So, instead of having one flag to disable it globally, there is now a dedicated bitfield, global.tune.no_zero_copy_fwd.
2023-12-04 08:18:50 -05:00
/* Use zero-copy forwarding by default */
Revert "MINOR: mux-quic: Disable zero-copy forwarding for send by default" This reverts commit 18f2ccd244f555348b0d5920e3b71286f1e7b04b. Found issues related to QUIC fast-forward were resolved (see github issue #2372). Reenable it by default. If any issue arises, it can be disabled using the global statement : tune.quit.zero-copy-fwd-send off This can be backported to 2.9, but only after a sensible period of observation.
2023-12-22 10:26:07 -05:00
global.tune.no_zero_copy_fwd = 0;
BUG/MINOR: haproxy: Fix option to disable the fast-forward The option was renamed to only permit to disable the fast-forward. First there is no reason to enable it because it is the default behavior. Then it introduced a bug because there is no way to be sure the command line has precedence over the configuration this way. So, the option is now named "tune.disable-fast-forward" and does not support any argument. And of course, the commande line option "-dF" has now precedence over the configuration. No backport needed.
2023-02-20 08:06:52 -05:00
MINOR: init: extract args parsing to their own function The cmdline argument parsing was performed quite late, which prevents from retrieving elements that can be used to initialize the pools and certain sensitive areas. The goal is to improve this by parsing command line arguments right after the early init stage. This is possible because the cmdline parser already does very little beyond retrieving config elements that are used later. Doing so requires to move the parser code to a separate function and to externalize a few variables out of the function as they're used later in the boot process, in the original function. This patch creates init_args() but doesn't move it upfront yet, it's still executed just before init(), which essentially corresponds to what was done before (only the trash buffers, ACLs and Lua were initialized earlier and are not needed for this). The rest is not modified and as expected no change is observed. Note that the diff doesn't to justice to the change as it makes it look like the early init() code was moved to a new function after the function was renamed, while in fact it's clearly the parser itself which moved.
2022-02-17 12:10:36 -05:00
/* keep a copy of original arguments for the master process */
old_argv = copy_argv(argc, argv);
if (!old_argv) {
ha_alert("failed to copy argv.\n");
exit(EXIT_FAILURE);
}
/* skip program name and start */
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
argc--; argv++;
while (argc > 0) {
char *flag;
if (**argv == '-') {
flag = *argv+1;
/* 1 arg */
if (*flag == 'v') {
display_version();
[MINOR] store the build options to report with -vv Sometimes it is useful to find out how a given binary version was built. The build compiler and options are now provided for this, and it's possible to get them with the -vv option.
2007-12-02 05:28:59 -05:00
if (flag[1] == 'v') /* -vv */
display_build_opts();
MINOR: Call deinit_and_exit(0) for `haproxy -vv` It appears that it is safe to call perform a clean deinit at this point, so let's do this to exercise the deinit paths some more. Running `valgrind --leak-check=full --show-leak-kinds=all ./haproxy -vv` with this change reports: ==261864== HEAP SUMMARY: ==261864== in use at exit: 344 bytes in 11 blocks ==261864== total heap usage: 1,178 allocs, 1,167 frees, 1,102,089 bytes allocated ==261864== ==261864== 24 bytes in 1 blocks are still reachable in loss record 1 of 2 ==261864== at 0x483DD99: calloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==261864== by 0x324BA6: hap_register_pre_check (init.c:92) ==261864== by 0x155824: main (haproxy.c:3024) ==261864== ==261864== 320 bytes in 10 blocks are still reachable in loss record 2 of 2 ==261864== at 0x483DD99: calloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==261864== by 0x26E54E: cfg_register_postparser (cfgparse.c:4238) ==261864== by 0x155824: main (haproxy.c:3024) ==261864== ==261864== LEAK SUMMARY: ==261864== definitely lost: 0 bytes in 0 blocks ==261864== indirectly lost: 0 bytes in 0 blocks ==261864== possibly lost: 0 bytes in 0 blocks ==261864== still reachable: 344 bytes in 11 blocks ==261864== suppressed: 0 bytes in 0 blocks which is looking pretty good.
2022-04-26 18:08:11 -04:00
deinit_and_exit(0);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
CLEANUP: build: rename some build macros to use the USE_* ones We still have quite a number of build macros which are mapped 1:1 to a USE_something setting in the makefile but which have a different name. This patch cleans this up by renaming them to use the USE_something one, allowing to clean up the makefile and make it more obvious when reading the code what build option needs to be added. The following renames were done : ENABLE_POLL -> USE_POLL ENABLE_EPOLL -> USE_EPOLL ENABLE_KQUEUE -> USE_KQUEUE ENABLE_EVPORTS -> USE_EVPORTS TPROXY -> USE_TPROXY NETFILTER -> USE_NETFILTER NEED_CRYPT_H -> USE_CRYPT_H CONFIG_HAP_CRYPT -> USE_LIBCRYPT CONFIG_HAP_NS -> DUSE_NS CONFIG_HAP_LINUX_SPLICE -> USE_LINUX_SPLICE CONFIG_HAP_LINUX_TPROXY -> USE_LINUX_TPROXY CONFIG_HAP_LINUX_VSYSCALL -> USE_LINUX_VSYSCALL
2019-05-22 13:24:06 -04:00
#if defined(USE_EPOLL)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (*flag == 'd' && flag[1] == 'e')
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
global.tune.options &= ~GTUNE_USE_EPOLL;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#endif
CLEANUP: build: rename some build macros to use the USE_* ones We still have quite a number of build macros which are mapped 1:1 to a USE_something setting in the makefile but which have a different name. This patch cleans this up by renaming them to use the USE_something one, allowing to clean up the makefile and make it more obvious when reading the code what build option needs to be added. The following renames were done : ENABLE_POLL -> USE_POLL ENABLE_EPOLL -> USE_EPOLL ENABLE_KQUEUE -> USE_KQUEUE ENABLE_EVPORTS -> USE_EVPORTS TPROXY -> USE_TPROXY NETFILTER -> USE_NETFILTER NEED_CRYPT_H -> USE_CRYPT_H CONFIG_HAP_CRYPT -> USE_LIBCRYPT CONFIG_HAP_NS -> DUSE_NS CONFIG_HAP_LINUX_SPLICE -> USE_LINUX_SPLICE CONFIG_HAP_LINUX_TPROXY -> USE_LINUX_TPROXY CONFIG_HAP_LINUX_VSYSCALL -> USE_LINUX_VSYSCALL
2019-05-22 13:24:06 -04:00
#if defined(USE_POLL)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (*flag == 'd' && flag[1] == 'p')
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
global.tune.options &= ~GTUNE_USE_POLL;
[MAJOR] implemented support for FreeBSD's kqueue() polling mechanism It has not been tested yet, but at least it builds.
2007-04-09 06:03:06 -04:00
#endif
CLEANUP: build: rename some build macros to use the USE_* ones We still have quite a number of build macros which are mapped 1:1 to a USE_something setting in the makefile but which have a different name. This patch cleans this up by renaming them to use the USE_something one, allowing to clean up the makefile and make it more obvious when reading the code what build option needs to be added. The following renames were done : ENABLE_POLL -> USE_POLL ENABLE_EPOLL -> USE_EPOLL ENABLE_KQUEUE -> USE_KQUEUE ENABLE_EVPORTS -> USE_EVPORTS TPROXY -> USE_TPROXY NETFILTER -> USE_NETFILTER NEED_CRYPT_H -> USE_CRYPT_H CONFIG_HAP_CRYPT -> USE_LIBCRYPT CONFIG_HAP_NS -> DUSE_NS CONFIG_HAP_LINUX_SPLICE -> USE_LINUX_SPLICE CONFIG_HAP_LINUX_TPROXY -> USE_LINUX_TPROXY CONFIG_HAP_LINUX_VSYSCALL -> USE_LINUX_VSYSCALL
2019-05-22 13:24:06 -04:00
#if defined(USE_KQUEUE)
[MAJOR] implemented support for FreeBSD's kqueue() polling mechanism It has not been tested yet, but at least it builds.
2007-04-09 06:03:06 -04:00
else if (*flag == 'd' && flag[1] == 'k')
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
global.tune.options &= ~GTUNE_USE_KQUEUE;
[MEDIUM] splice: add the global "nosplice" option Setting "nosplice" in the global section will disable the use of TCP splicing (both tcpsplice and linux 2.6 splice). The same will be achieved using the "-dS" parameter on the command line.
2009-01-25 10:03:28 -05:00
#endif
CLEANUP: build: rename some build macros to use the USE_* ones We still have quite a number of build macros which are mapped 1:1 to a USE_something setting in the makefile but which have a different name. This patch cleans this up by renaming them to use the USE_something one, allowing to clean up the makefile and make it more obvious when reading the code what build option needs to be added. The following renames were done : ENABLE_POLL -> USE_POLL ENABLE_EPOLL -> USE_EPOLL ENABLE_KQUEUE -> USE_KQUEUE ENABLE_EVPORTS -> USE_EVPORTS TPROXY -> USE_TPROXY NETFILTER -> USE_NETFILTER NEED_CRYPT_H -> USE_CRYPT_H CONFIG_HAP_CRYPT -> USE_LIBCRYPT CONFIG_HAP_NS -> DUSE_NS CONFIG_HAP_LINUX_SPLICE -> USE_LINUX_SPLICE CONFIG_HAP_LINUX_TPROXY -> USE_LINUX_TPROXY CONFIG_HAP_LINUX_VSYSCALL -> USE_LINUX_VSYSCALL
2019-05-22 13:24:06 -04:00
#if defined(USE_EVPORTS)
MAJOR: polling: add event ports support (Solaris) Event ports are kqueue/epoll polling class for Solaris. Code is based on https://github.com/joyent/haproxy-1.8/tree/joyent/dev-v1.8.8. Event ports are available only on SunOS systems derived from Solaris 10 and later (including illumos systems).
2019-04-08 12:53:32 -04:00
else if (*flag == 'd' && flag[1] == 'v')
global.tune.options &= ~GTUNE_USE_EVPORTS;
#endif
CLEANUP: build: rename some build macros to use the USE_* ones We still have quite a number of build macros which are mapped 1:1 to a USE_something setting in the makefile but which have a different name. This patch cleans this up by renaming them to use the USE_something one, allowing to clean up the makefile and make it more obvious when reading the code what build option needs to be added. The following renames were done : ENABLE_POLL -> USE_POLL ENABLE_EPOLL -> USE_EPOLL ENABLE_KQUEUE -> USE_KQUEUE ENABLE_EVPORTS -> USE_EVPORTS TPROXY -> USE_TPROXY NETFILTER -> USE_NETFILTER NEED_CRYPT_H -> USE_CRYPT_H CONFIG_HAP_CRYPT -> USE_LIBCRYPT CONFIG_HAP_NS -> DUSE_NS CONFIG_HAP_LINUX_SPLICE -> USE_LINUX_SPLICE CONFIG_HAP_LINUX_TPROXY -> USE_LINUX_TPROXY CONFIG_HAP_LINUX_VSYSCALL -> USE_LINUX_VSYSCALL
2019-05-22 13:24:06 -04:00
#if defined(USE_LINUX_SPLICE)
[MEDIUM] splice: add the global "nosplice" option Setting "nosplice" in the global section will disable the use of TCP splicing (both tcpsplice and linux 2.6 splice). The same will be achieved using the "-dS" parameter on the command line.
2009-01-25 10:03:28 -05:00
else if (*flag == 'd' && flag[1] == 'S')
global.tune.options &= ~GTUNE_USE_SPLICE;
BUG/MINOR: Fix name lookup ordering when compiled with USE_GETADDRINFO When compiled with USE_GETADDRINFO, make sure we use getaddrinfo(3) to perform name lookups. On default dual-stack setups this will change the behavior of using IPv6 first. Global configuration option 'nogetaddrinfo' can be used to revert to deprecated gethostbyname(3).
2014-04-14 09:56:58 -04:00
#endif
#if defined(USE_GETADDRINFO)
else if (*flag == 'd' && flag[1] == 'G')
global.tune.options &= ~GTUNE_USE_GAI;
MEDIUM: make SO_REUSEPORT configurable With Linux officially introducing SO_REUSEPORT support in 3.9 and its mainstream adoption we have seen more people running into strange SO_REUSEPORT related issues (a process management issue turning into hard to diagnose problems because the kernel load-balances between the new and an obsolete haproxy instance). Also some people simply want the guarantee that the bind fails when the old process is still bound. This change makes SO_REUSEPORT configurable, introducing the command line argument "-dR" and the noreuseport configuration directive. A backport to 1.6 should be considered.
2016-09-12 17:42:20 -04:00
#endif
#if defined(SO_REUSEPORT)
else if (*flag == 'd' && flag[1] == 'R')
MINOR: protocol: move the global reuseport flag to the protocols Some protocol support SO_REUSEPORT and others not. Some have such a limitation in the kernel, and others in haproxy itself (e.g. sock_unix cannot support multiple bindings since each one will unbind the previous one). Also it's really protocol-dependent and not just family-dependent because on Linux for some time it was supported for TCP and not UDP. Let's move the definition to the protocols instead. Now it's preset in tcp/udp/quic when SO_REUSEPORT is defined, and is otherwise left unset. The enabled() config condition test validates IPv4 (generally sufficient), and -dR / noreuseport all protocols at once.
2023-04-22 09:09:07 -04:00
protocol_clrf_all(PROTO_F_REUSEPORT_SUPPORTED);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#endif
MINOR: haproxy: Add an command option to disable data fast-forward The -dF option can now be used to disable data fast-forward. It does the same than the global option "tune.fast-forward off". Some reg-tests may rely on this optim. To detect the feature and skip such script, the following vtest command must be used: feature cmd "$HAPROXY_PROGRAM -cc '!(globa.tune & GTUNE_NO_FAST_FWD)'"
2023-02-14 10:12:54 -05:00
else if (*flag == 'd' && flag[1] == 'F')
BUG/MINOR: haproxy: Fix option to disable the fast-forward The option was renamed to only permit to disable the fast-forward. First there is no reason to enable it because it is the default behavior. Then it introduced a bug because there is no way to be sure the command line has precedence over the configuration this way. So, the option is now named "tune.disable-fast-forward" and does not support any argument. And of course, the commande line option "-dF" has now precedence over the configuration. No backport needed.
2023-02-20 08:06:52 -05:00
global.tune.options &= ~GTUNE_USE_FAST_FWD;
MINOR: debug: enable insecure fork on the command line -dI allow to enable "insure-fork-wanted" directly from the command line, which is useful when you want to run ASAN with addr2line with a lot of configuration files without editing them.
2024-03-13 06:08:50 -04:00
else if (*flag == 'd' && flag[1] == 'I')
global.tune.options |= GTUNE_INSECURE_FORK;
MEDIUM: ssl: Set verify 'required' as global default for servers side. If no CA file specified on a server line, the config parser will show an error. Adds an cmdline option '-dV' to re-set verify 'none' as global default on servers side (previous behavior). Also adds 'ssl-server-verify' global statement to set global default to 'none' or 'required'. WARNING: this changes the default verify mode from "none" to "required" on the server side, and it *will* break insecure setups.
2014-01-29 06:24:34 -05:00
else if (*flag == 'd' && flag[1] == 'V')
global.ssl_server_verify = SSL_SERVER_VERIFY_NONE;
MINOR: global: Add an option to disable the zero-copy forwarding The zero-copy forwarding or the mux-to-mux forwarding is a way to fast-forward data without using the channels buffers. Data are transferred from a mux to the other one. The kernel splicing is an optimization of the zero-copy forwarding. But it can also use normal buffers (but not channels ones). This way, it could be possible to fast-forward data with muxes not supporting the kernel splicing (H2 and H3 muxes) but also with applets. However, this mode can introduce regressions or bugs in future (just like the kernel splicing). Thus, It could be usefull to disable this optim. To do so, in configuration, the global tune settting 'tune.disable-zero-copy-forwarding' may be set in a global section or the '-dZ' command line parameter may be used to start HAProxy. Of course, this also disables the kernel splicing.
2023-10-16 12:28:59 -04:00
else if (*flag == 'd' && flag[1] == 'Z')
MINOR: global: Use a dedicated bitfield to customize zero-copy fast-forwarding Zero-copy fast-forwading feature is a quite new and is a bit sensitive. There is an option to disable it globally. However, all protocols have not the same maturity. For instance, for the PT multiplexer, there is nothing really new. The zero-copy fast-forwading is only another name for the kernel splicing. However, for the QUIC/H3, it is pretty new, not really optimized and it will evolved. And soon, the support will be added for the cache applet. In this context, it is usefull to be able to enable/disable zero-copy fast-forwading per-protocol and applet. And when it is applicable, on sends or receives separately. So, instead of having one flag to disable it globally, there is now a dedicated bitfield, global.tune.no_zero_copy_fwd.
2023-12-04 08:18:50 -05:00
global.tune.no_zero_copy_fwd |= NO_ZERO_COPY_FWD;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (*flag == 'V')
arg_mode |= MODE_VERBOSE;
MINOR: config: add command-line -dC to dump the configuration file This commit adds a new command line option -dC to dump the configuration file. An optional key may be appended to -dC in order to produce an anonymized dump using this key. The anonymizing process uses the same algorithm as the CLI so that the same key will produce the same hashes for the same identifiers. This way an admin may share an anonymized extract of a configuration to match against live dumps. Note that key 0 will not anonymize the output. However, in any case, the configuration is dumped after tokenizing, thus comments are lost.
2022-09-14 11:51:55 -04:00
else if (*flag == 'd' && flag[1] == 'C') {
MINOR: config: Add option line when the configuration file is dumped Add an option to dump the number lines of the configuration file when it's dumped. Other options can be easily added. Options are separated by ',' when tapping the command line: './haproxy -dC[key],line -f [file]' No backport needed, except if anonymization mechanism is backported.
2022-09-29 04:34:04 -04:00
char *end;
char *key;
key = flag + 2;
for (;key && *key; key = end) {
end = strchr(key, ',');
if (end)
*(end++) = 0;
if (strcmp(key, "line") == 0)
arg_mode |= MODE_DUMP_NB_L;
}
MINOR: config: add command-line -dC to dump the configuration file This commit adds a new command line option -dC to dump the configuration file. An optional key may be appended to -dC in order to produce an anonymized dump using this key. The anonymizing process uses the same algorithm as the CLI so that the same key will produce the same hashes for the same identifiers. This way an admin may share an anonymized extract of a configuration to match against live dumps. Note that key 0 will not anonymize the output. However, in any case, the configuration is dumped after tokenizing, thus comments are lost.
2022-09-14 11:51:55 -04:00
arg_mode |= MODE_DUMP_CFG;
HA_ATOMIC_STORE(&global.anon_key, atoll(flag + 2));
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (*flag == 'd' && flag[1] == 'b')
arg_mode |= MODE_FOREGROUND;
MINOR: global: define diagnostic mode of execution Define MODE_DIAG which is used to run haproxy in diagnostic mode. This mode is used to output extra warnings about possible configuration blunder or sub-optimal usage. It can be activated with argument '-dD'. A new output function ha_diag_warning is implemented reserved for diagnostic output. It serves to standardize the format of diagnostic messages. A macro HA_DIAG_WARN_COND is also available to automatically check if diagnostic mode is on before executing the diagnostic check.
2021-03-29 04:29:07 -04:00
else if (*flag == 'd' && flag[1] == 'D')
arg_mode |= MODE_DIAG;
MINOR: init: add -dW and "zero-warning" to reject configs with warnings Since some systems switched to service managers which hide all warnings by default, some users are not aware of some possibly important warnings and get caught too late with errors that could have been detected earlier. This patch adds a new global keyword, "zero-warning" and an equivalent command-line option "-dW" to refuse to start in case any warning is detected. It is recommended to use these with configurations that are managed by humans in order to catch mistakes very early.
2020-04-15 10:42:39 -04:00
else if (*flag == 'd' && flag[1] == 'W')
arg_mode |= MODE_ZERO_WARNING;
MINOR: pools: add a debugging flag for memory poisonning option Now -dM will set POOL_DBG_POISON for consistency with the rest of the pool debugging options. As such now we only check for the new flag, which allows the default value to be preset.
2022-02-23 08:15:18 -05:00
else if (*flag == 'd' && flag[1] == 'M') {
MINOR: pools: delegate parsing of command line option -dM to a new function New function pool_parse_debugging() is now dedicated to parsing options of -dM. For now it only handles the optional memory poisonning byte, but the function may already return an informative message to be printed for help, a warning or an error. This way we'll reuse it for the settings that will be needed for configurable debugging options.
2022-02-18 12:54:40 -05:00
int ret = pool_parse_debugging(flag + 2, &err_msg);
if (ret <= -1) {
if (ret < -1)
ha_alert("-dM: %s\n", err_msg);
else
printf("%s\n", err_msg);
ha_free(&err_msg);
exit(ret < -1 ? EXIT_FAILURE : 0);
} else if (ret == 0) {
ha_warning("-dM: %s\n", err_msg);
ha_free(&err_msg);
}
MINOR: pools: add a debugging flag for memory poisonning option Now -dM will set POOL_DBG_POISON for consistency with the rest of the pool debugging options. As such now we only check for the new flag, which allows the default value to be preset.
2022-02-23 08:15:18 -05:00
}
MINOR: init: add -dr to ignore server address resolution failures It is very common when validating a configuration out of production not to have access to the same resolvers and to fail on server address resolution, making it difficult to test a configuration. This option simply appends the "none" method to the list of address resolution methods for all servers, ensuring that even if the libc fails to resolve an address, the startup sequence is not interrupted.
2016-11-07 15:03:16 -05:00
else if (*flag == 'd' && flag[1] == 'r')
global.tune.options |= GTUNE_RESOLVE_DONTFAIL;
MINOR: debug: add support for -dL to dump library names at boot This is a second help to dump loaded library names late at boot, once external code has already been initialized. The purpose is to provide a format that makes it easy to pass to "tar" to produce an archive containing the executable and the list of dependencies. For example if haproxy is started as "haproxy -f foo.cfg", a config check only will suffice to quit before starting, "-q" will be used to disable undesired output messages, and -dL will be use to dump libraries. This will result in such a command to trivially produce a tarball of loaded libraries: ./haproxy -q -c -dL -f foo.cfg | tar -T - -hzcf archive.tgz
2021-12-28 09:43:11 -05:00
#if defined(HA_HAVE_DUMP_LIBS)
else if (*flag == 'd' && flag[1] == 'L')
arg_mode |= MODE_DUMP_LIBS;
#endif
MINOR: management: add some basic keyword dump infrastructure It's difficult from outside haproxy to detect the supported keywords and syntax. Interestingly, many of our modern keywords are enumerated since they're registered from constructors, so it's not very hard to enumerate most of them. This patch creates some basic infrastructure to support dumping existing keywords from different classes on stdout. The format will differ depending on the classes, but the idea is that the output could easily be passed to a script that generates some simple syntax highlighting rules, completion rules for editors, syntax checkers or config parsers. The principle chosen here is that if "-dK" is passed on the command-line, at the end of the parsing the registered keywords will be dumped for the requested classes passed after "-dK". Special name "help" will show known classes, while "all" will execute all of them. The reason for doing that after the end of the config processor is that it will also enumerate internally-generated keywords, Lua or even those loaded from external code (e.g. if an add-on is loaded using LD_PRELOAD). A typical way to call this with a valid config would be: ./haproxy -dKall -q -c -f /path/to/config If there's no config available, feeding /dev/null will also do the job, though it will not be able to detect dynamically created keywords, of course. This patch also updates the management doc. For now nothing but the help is listed, various subsystems will follow in subsequent patches.
2022-03-08 10:01:40 -05:00
else if (*flag == 'd' && flag[1] == 'K') {
arg_mode |= MODE_DUMP_KWD;
kwd_dump = flag + 2;
}
MINOR: trace: define simple -dt argument Add '-dt' haproxy process argument. This will automatically activate all trace sources on stderr with the error level. This could be useful to troubleshoot issues such as protocol violations.
2023-11-22 08:58:59 -05:00
else if (*flag == 'd' && flag[1] == 't') {
MINOR: trace: support -dt optional format Add an optional argument for "-dt". This argument is interpreted as a list of several trace statement separated by comma. For each statement, a specific trace name can be specifed, or none to act on all sources. Using double-colon separator, it is possible to add specifications on the wanted level and verbosity.
2023-11-22 11:27:57 -05:00
if (argc > 1 && argv[1][0] != '-') {
if (trace_parse_cmd(argv[1], &err_msg)) {
ha_alert("-dt: %s.\n", err_msg);
ha_free(&err_msg);
exit(EXIT_FAILURE);
}
argc--; argv++;
}
else {
trace_parse_cmd(NULL, NULL);
}
MINOR: trace: define simple -dt argument Add '-dt' haproxy process argument. This will automatically activate all trace sources on stderr with the error level. This could be useful to troubleshoot issues such as protocol violations.
2023-11-22 08:58:59 -05:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (*flag == 'd')
arg_mode |= MODE_DEBUG;
MINOR: haproxy: Add `-cc` argument This patch adds the `-cc` (check condition) argument to evaluate conditions on startup and return the result as the exit code. As an example this can be used to easily check HAProxy's version in scripts: haproxy -cc 'version_atleast(2.4)' This resolves GitHub issue #1246. Co-authored-by: Tim Duesterhus <tim@bastelstu.be>
2021-06-05 18:50:22 -04:00
else if (*flag == 'c' && flag[1] == 'c') {
arg_mode |= MODE_CHECK_CONDITION;
argv++;
argc--;
check_condition = *argv;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (*flag == 'c')
arg_mode |= MODE_CHECK;
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
else if (*flag == 'D')
[MINOR] startup: don't imply -q with -D It is recommended to have -D in init scripts, but -D also implies quiet mode, which hides warning messages, and both options are now completely unrelated. Remove the implication to get warnings with -D.
2009-05-18 10:29:51 -04:00
arg_mode |= MODE_DAEMON;
MEDIUM: mworker: Add systemd `Type=notify` support This patch adds support for `Type=notify` to the systemd unit. Supporting `Type=notify` improves both starting as well as reloading of the unit, because systemd will be let known when the action completed. See this quote from `systemd.service(5)`: > Note however that reloading a daemon by sending a signal (as with the > example line above) is usually not a good choice, because this is an > asynchronous operation and hence not suitable to order reloads of > multiple services against each other. It is strongly recommended to > set ExecReload= to a command that not only triggers a configuration > reload of the daemon, but also synchronously waits for it to complete. By making systemd aware of a reload in progress it is able to wait until the reload actually succeeded. This patch introduces both a new `USE_SYSTEMD` build option which controls including the sd-daemon library as well as a `-Ws` runtime option which runs haproxy in master-worker mode with systemd support. When haproxy is running in master-worker mode with systemd support it will send status messages to systemd using `sd_notify(3)` in the following cases: - The master process forked off the worker processes (READY=1) - The master process entered the `mworker_reload()` function (RELOADING=1) - The master process received the SIGUSR1 or SIGTERM signal (STOPPING=1) Change the unit file to specify `Type=notify` and replace master-worker mode (`-W`) with master-worker mode with systemd support (`-Ws`). Future evolutions of this feature could include making use of the `STATUS` feature of `sd_notify()` to send information about the number of active connections to systemd. This would require bidirectional communication between the master and the workers and thus is left for future work.
2017-11-20 09:58:35 -05:00
else if (*flag == 'W' && flag[1] == 's') {
BUG/MINOR: systemd: ignore daemon mode Since we switched to notify mode in the systemd unit file in commit d6942c8, haproxy won't start if the daemon keyword is present in the configuration. This change makes sure that haproxy remains in foreground when using systemd mode and adds a note in the documentation.
2017-11-21 06:39:34 -05:00
arg_mode |= MODE_MWORKER | MODE_FOREGROUND;
MEDIUM: mworker: Add systemd `Type=notify` support This patch adds support for `Type=notify` to the systemd unit. Supporting `Type=notify` improves both starting as well as reloading of the unit, because systemd will be let known when the action completed. See this quote from `systemd.service(5)`: > Note however that reloading a daemon by sending a signal (as with the > example line above) is usually not a good choice, because this is an > asynchronous operation and hence not suitable to order reloads of > multiple services against each other. It is strongly recommended to > set ExecReload= to a command that not only triggers a configuration > reload of the daemon, but also synchronously waits for it to complete. By making systemd aware of a reload in progress it is able to wait until the reload actually succeeded. This patch introduces both a new `USE_SYSTEMD` build option which controls including the sd-daemon library as well as a `-Ws` runtime option which runs haproxy in master-worker mode with systemd support. When haproxy is running in master-worker mode with systemd support it will send status messages to systemd using `sd_notify(3)` in the following cases: - The master process forked off the worker processes (READY=1) - The master process entered the `mworker_reload()` function (RELOADING=1) - The master process received the SIGUSR1 or SIGTERM signal (STOPPING=1) Change the unit file to specify `Type=notify` and replace master-worker mode (`-W`) with master-worker mode with systemd support (`-Ws`). Future evolutions of this feature could include making use of the `STATUS` feature of `sd_notify()` to send information about the number of active connections to systemd. This would require bidirectional communication between the master and the workers and thus is left for future work.
2017-11-20 09:58:35 -05:00
#if defined(USE_SYSTEMD)
global.tune.options |= GTUNE_USE_SYSTEMD;
#else
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("master-worker mode with systemd support (-Ws) requested, but not compiled. Use master-worker mode (-W) if you are not using Type=notify in your unit file or recompile with USE_SYSTEMD=1.\n\n");
MEDIUM: mworker: Add systemd `Type=notify` support This patch adds support for `Type=notify` to the systemd unit. Supporting `Type=notify` improves both starting as well as reloading of the unit, because systemd will be let known when the action completed. See this quote from `systemd.service(5)`: > Note however that reloading a daemon by sending a signal (as with the > example line above) is usually not a good choice, because this is an > asynchronous operation and hence not suitable to order reloads of > multiple services against each other. It is strongly recommended to > set ExecReload= to a command that not only triggers a configuration > reload of the daemon, but also synchronously waits for it to complete. By making systemd aware of a reload in progress it is able to wait until the reload actually succeeded. This patch introduces both a new `USE_SYSTEMD` build option which controls including the sd-daemon library as well as a `-Ws` runtime option which runs haproxy in master-worker mode with systemd support. When haproxy is running in master-worker mode with systemd support it will send status messages to systemd using `sd_notify(3)` in the following cases: - The master process forked off the worker processes (READY=1) - The master process entered the `mworker_reload()` function (RELOADING=1) - The master process received the SIGUSR1 or SIGTERM signal (STOPPING=1) Change the unit file to specify `Type=notify` and replace master-worker mode (`-W`) with master-worker mode with systemd support (`-Ws`). Future evolutions of this feature could include making use of the `STATUS` feature of `sd_notify()` to send information about the number of active connections to systemd. This would require bidirectional communication between the master and the workers and thus is left for future work.
2017-11-20 09:58:35 -05:00
usage(progname);
#endif
}
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
else if (*flag == 'W')
arg_mode |= MODE_MWORKER;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (*flag == 'q')
arg_mode |= MODE_QUIET;
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
else if (*flag == 'x') {
BUG/MINOR: init: -x can have a parameter starting with a dash There is no reason the -x option can't take an argument which starts with a -. This limitation must only be used for options that take a non-finite list of parameters (-sf/-st) This can be backported only if the previous patch which fixes copy_argv() is backported too. Could be backported as far as 1.8.
2020-06-04 17:41:29 -04:00
if (argc <= 1) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Unix socket path expected with the -x flag\n\n");
BUG/MEDIUM: fix segfault when no argument to -x option This patch fixes a segfault in the command line parser. When haproxy is launched with -x with no argument and -x is the latest option in argv it segfaults. Use usage() insteads of exit() on error.
2017-06-19 09:57:55 -04:00
usage(progname);
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
}
MINOR: warning on multiple -x Multiple use of the -x option is useless, emit a warning.
2017-06-19 10:37:19 -04:00
if (old_unixsocket)
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("-x option already set, overwriting the value\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
old_unixsocket = argv[1];
MINOR: warning on multiple -x Multiple use of the -x option is useless, emit a warning.
2017-06-19 10:37:19 -04:00
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
argv++;
argc--;
}
MEDIUM: mworker: create CLI listeners from argv[] This patch introduces mworker_cli_proxy_new_listener() which allows the creation of new listeners for the CLI proxy. Using this function it is possible to create new listeners from the program arguments with -Sa <unix_socket>. It is allowed to create multiple listeners with several -Sa.
2018-10-26 08:47:36 -04:00
else if (*flag == 'S') {
struct wordlist *c;
BUG/MINOR: init: -S can have a parameter starting with a dash There is no reason the -S option can't take an argument which starts with a -. This limitation must only be used for options that take a non-finite list of parameters (-sf/-st) This can be backported only if the previous patch which fixes copy_argv() is backported too. Could be backported as far as 1.9.
2020-06-04 17:49:20 -04:00
if (argc <= 1) {
MEDIUM: mworker: create CLI listeners from argv[] This patch introduces mworker_cli_proxy_new_listener() which allows the creation of new listeners for the CLI proxy. Using this function it is possible to create new listeners from the program arguments with -Sa <unix_socket>. It is allowed to create multiple listeners with several -Sa.
2018-10-26 08:47:36 -04:00
ha_alert("Socket and optional bind parameters expected with the -S flag\n");
usage(progname);
}
if ((c = malloc(sizeof(*c))) == NULL || (c->s = strdup(argv[1])) == NULL) {
ha_alert("Cannot allocate memory\n");
exit(EXIT_FAILURE);
}
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_INSERT(&mworker_cli_conf, &c->list);
MEDIUM: mworker: create CLI listeners from argv[] This patch introduces mworker_cli_proxy_new_listener() which allows the creation of new listeners for the CLI proxy. Using this function it is possible to create new listeners from the program arguments with -Sa <unix_socket>. It is allowed to create multiple listeners with several -Sa.
2018-10-26 08:47:36 -04:00
argv++;
argc--;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (*flag == 's' && (flag[1] == 'f' || flag[1] == 't')) {
/* list of pids to finish ('f') or terminate ('t') */
if (flag[1] == 'f')
oldpids_sig = SIGUSR1; /* finish then exit */
else
oldpids_sig = SIGTERM; /* terminate immediately */
MEDIUM: init: support more command line arguments after pid list Given that all command line arguments start with a '-' and that no pid number can start with this character, there's no constraint to make the pid list the last argument. Let's relax this rule.
2015-10-08 05:32:32 -04:00
while (argc > 1 && argv[1][0] != '-') {
MINOR: init: emit warning when -sf/-sd cannot parse argument Previously, -sf and -sd command line parsing used atol which cannot detect errors. I had a problem where I was doing -sf "$pid1 $pid2 $pid" and it was sending the gracefully terminate signal only to the first pid. The change uses strtol and checks endptr and errno to see if the parsing worked. It will exit when the pid list is not parsed. [wt: this should be backported to 1.8]
2018-02-05 18:15:44 -05:00
char * endptr = NULL;
MEDIUM: init: support more command line arguments after pid list Given that all command line arguments start with a '-' and that no pid number can start with this character, there's no constraint to make the pid list the last argument. Let's relax this rule.
2015-10-08 05:32:32 -04:00
oldpids = realloc(oldpids, (nb_oldpids + 1) * sizeof(int));
if (!oldpids) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Cannot allocate old pid : out of memory.\n");
MEDIUM: init: support more command line arguments after pid list Given that all command line arguments start with a '-' and that no pid number can start with this character, there's no constraint to make the pid list the last argument. Let's relax this rule.
2015-10-08 05:32:32 -04:00
exit(1);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MEDIUM: init: support more command line arguments after pid list Given that all command line arguments start with a '-' and that no pid number can start with this character, there's no constraint to make the pid list the last argument. Let's relax this rule.
2015-10-08 05:32:32 -04:00
argc--; argv++;
MINOR: init: emit warning when -sf/-sd cannot parse argument Previously, -sf and -sd command line parsing used atol which cannot detect errors. I had a problem where I was doing -sf "$pid1 $pid2 $pid" and it was sending the gracefully terminate signal only to the first pid. The change uses strtol and checks endptr and errno to see if the parsing worked. It will exit when the pid list is not parsed. [wt: this should be backported to 1.8]
2018-02-05 18:15:44 -05:00
errno = 0;
oldpids[nb_oldpids] = strtol(*argv, &endptr, 10);
if (errno) {
ha_alert("-%2s option: failed to parse {%s}: %s\n",
flag,
*argv, strerror(errno));
exit(1);
} else if (endptr && strlen(endptr)) {
BUILD: general: always pass unsigned chars to is* functions The isalnum(), isalpha(), isdigit() etc functions from ctype.h are supposed to take an int in argument which must either reflect an unsigned char or EOF. In practice on some platforms they're implemented as macros referencing an array, and when passed a char, they either cause a warning "array subscript has type 'char'" when lucky, or cause random segfaults when unlucky. It's quite unconvenient by the way since none of them may return true for negative values. The recent introduction of cygwin to the list of regularly tested build platforms revealed a lot of breakage there due to the same issues again. So this patch addresses the problem all over the code at once. It adds unsigned char casts to every valid use case, and also drops the unneeded double cast to int that was sometimes added on top of it. It may be backported by dropping irrelevant changes if that helps better support uncommon platforms. It's unlikely to fix bugs on platforms which would already not emit any warning though.
2020-02-25 02:16:33 -05:00
while (isspace((unsigned char)*endptr)) endptr++;
BUG/MINOR: init: Add missing brackets in the code parsing -sf/-st The codes tries to strip trailing spaces of arguments but due to missing brackets, it will always exit. It can be reproduced with this (silly) example: $ haproxy -f /etc/haproxy/haproxy.cfg -sf 1234 "1235 " 1236 $ echo $? 1 This was introduced in commit 236062f7c ("MINOR: init: emit warning when -sf/-sd cannot parse argument") Signed-off-by: Aurélien Nephtali <aurelien.nephtali@gmail.com>
2018-02-17 14:53:11 -05:00
if (*endptr != 0) {
MINOR: init: emit warning when -sf/-sd cannot parse argument Previously, -sf and -sd command line parsing used atol which cannot detect errors. I had a problem where I was doing -sf "$pid1 $pid2 $pid" and it was sending the gracefully terminate signal only to the first pid. The change uses strtol and checks endptr and errno to see if the parsing worked. It will exit when the pid list is not parsed. [wt: this should be backported to 1.8]
2018-02-05 18:15:44 -05:00
ha_alert("-%2s option: some bytes unconsumed in PID list {%s}\n",
flag, endptr);
exit(1);
BUG/MINOR: init: Add missing brackets in the code parsing -sf/-st The codes tries to strip trailing spaces of arguments but due to missing brackets, it will always exit. It can be reproduced with this (silly) example: $ haproxy -f /etc/haproxy/haproxy.cfg -sf 1234 "1235 " 1236 $ echo $? 1 This was introduced in commit 236062f7c ("MINOR: init: emit warning when -sf/-sd cannot parse argument") Signed-off-by: Aurélien Nephtali <aurelien.nephtali@gmail.com>
2018-02-17 14:53:11 -05:00
}
MINOR: init: emit warning when -sf/-sd cannot parse argument Previously, -sf and -sd command line parsing used atol which cannot detect errors. I had a problem where I was doing -sf "$pid1 $pid2 $pid" and it was sending the gracefully terminate signal only to the first pid. The change uses strtol and checks endptr and errno to see if the parsing worked. It will exit when the pid list is not parsed. [wt: this should be backported to 1.8]
2018-02-05 18:15:44 -05:00
}
MEDIUM: init: support more command line arguments after pid list Given that all command line arguments start with a '-' and that no pid number can start with this character, there's no constraint to make the pid list the last argument. Let's relax this rule.
2015-10-08 05:32:32 -04:00
if (oldpids[nb_oldpids] <= 0)
usage(progname);
nb_oldpids++;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
}
MEDIUM: init: support a list of files on the command line HAProxy could already support being passed a file list on the command line, by passing multiple times "-f" followed by a file name. People have been complaining that it made it hard to pass file lists from init scripts. This patch introduces an end of arguments using the common "--" tag, after which only file names may appear. These files are then added to the existing list of other files specified using -f and are loaded in their declaration order. Thus it becomes possible to do something like this : haproxy -sf $(pidof haproxy) -- /etc/haproxy/global.cfg /etc/haproxy/customers/*.cfg
2015-10-08 05:58:48 -04:00
else if (flag[0] == '-' && flag[1] == 0) { /* "--" */
/* now that's a cfgfile list */
argv++; argc--;
while (argc > 0) {
MINOR: startup: adapt list_append_word to use cfgfile list_append_word() helper was used before only to chain configuration file names in a list. As now we start to use cfgfile structure which represents entire file in memory and its metadata, let's adapt this helper to use this structure and let's rename it to list_append_cfgfile(). Adapt functions, which process configuration files and directories to use cfgfile structure and list_append_cfgfile() instead of wordlist.
2024-08-07 12:20:43 -04:00
if (!list_append_cfgfile(&cfg_cfgfiles, *argv, &err_msg)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Cannot load configuration file/directory %s : %s\n",
*argv,
err_msg);
MEDIUM: init: support a list of files on the command line HAProxy could already support being passed a file list on the command line, by passing multiple times "-f" followed by a file name. People have been complaining that it made it hard to pass file lists from init scripts. This patch introduces an end of arguments using the common "--" tag, after which only file names may appear. These files are then added to the existing list of other files specified using -f and are loaded in their declaration order. Thus it becomes possible to do something like this : haproxy -sf $(pidof haproxy) -- /etc/haproxy/global.cfg /etc/haproxy/customers/*.cfg
2015-10-08 05:58:48 -04:00
exit(1);
}
argv++; argc--;
}
break;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else { /* >=2 args */
argv++; argc--;
if (argc == 0)
[CLEANUP] startup: report only the basename in the usage message Don't write the full path to the program, just the program name.
2011-09-10 13:20:23 -04:00
usage(progname);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
switch (*flag) {
[MINOR] startup: add an option to change to a new directory Passing -C <dir> causes haproxy to chdir to <dir> before loading any file. The argument may be passed anywhere on the command line. A typical use case is : $ haproxy -C /etc/haproxy -f global.cfg -f haproxy.cfg
2011-09-10 13:26:56 -04:00
case 'C' : change_dir = *argv; break;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
case 'n' : cfg_maxconn = atol(*argv); break;
BUG/MEDIUM: config: properly adjust maxconn with nbproc when memmax is forced When memmax is forced using "-m", the per-process memory limit is enforced using setrlimit(), but this value is not used to compute the automatic maxconn limit. In addition, the per-process memory limit didn't consider the fact that the shared SSL cache only needs to be accounted once. The doc was also fixed to clearly state that "-m" is global and not per process. It makes sense because people who use -m want to protect the system's resources regardless of whatever appears in the configuration.
2015-12-14 06:46:07 -05:00
case 'm' : global.rlimit_memmax_all = atol(*argv); break;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
case 'N' : cfg_maxpconn = atol(*argv); break;
MINOR: export localpeer as an environment variable Export localpeer as the environment variable $HAPROXY_LOCALPEER, allowing to use this variable in the configuration file. It's useful to use this variable in the case of synchronized configuration between peers.
2018-04-17 10:46:13 -04:00
case 'L' :
MINOR: peers: do not use localpeer as an array anymore It is now dynamically allocated by using strdup().
2020-06-18 10:56:47 -04:00
free(localpeer);
if ((localpeer = strdup(*argv)) == NULL) {
ha_alert("Cannot allocate memory for local peer.\n");
exit(EXIT_FAILURE);
}
MINOR: export localpeer as an environment variable Export localpeer as the environment variable $HAPROXY_LOCALPEER, allowing to use this variable in the configuration file. It's useful to use this variable in the case of synchronized configuration between peers.
2018-04-17 10:46:13 -04:00
setenv("HAPROXY_LOCALPEER", localpeer, 1);
MEDIUM: peers: add the "localpeer" global option localpeer <name> Sets the local instance's peer name. It will be ignored if the "-L" command line argument is specified or if used after "peers" section definitions. In such cases, a warning message will be emitted during the configuration parsing. This option will also set the HAPROXY_LOCALPEER environment variable. See also "-L" in the management guide and "peers" section in the configuration manual.
2020-06-18 12:24:05 -04:00
global.localpeer_cmdline = 1;
MINOR: export localpeer as an environment variable Export localpeer as the environment variable $HAPROXY_LOCALPEER, allowing to use this variable in the configuration file. It's useful to use this variable in the case of synchronized configuration between peers.
2018-04-17 10:46:13 -04:00
break;
[MEDIUM] config: support loading multiple configuration files We now support up to 10 distinct configuration files. They are all loaded in the order defined by -f <file1> -f <file2> ... This can be useful in order to store global, private, public, etc... configurations in distinct files.
2009-06-22 10:02:30 -04:00
case 'f' :
MINOR: startup: adapt list_append_word to use cfgfile list_append_word() helper was used before only to chain configuration file names in a list. As now we start to use cfgfile structure which represents entire file in memory and its metadata, let's adapt this helper to use this structure and let's rename it to list_append_cfgfile(). Adapt functions, which process configuration files and directories to use cfgfile structure and list_append_cfgfile() instead of wordlist.
2024-08-07 12:20:43 -04:00
if (!list_append_cfgfile(&cfg_cfgfiles, *argv, &err_msg)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Cannot load configuration file/directory %s : %s\n",
*argv,
err_msg);
[MEDIUM] config: support loading multiple configuration files We now support up to 10 distinct configuration files. They are all loaded in the order defined by -f <file1> -f <file2> ... This can be useful in order to store global, private, public, etc... configurations in distinct files.
2009-06-22 10:02:30 -04:00
exit(1);
}
break;
MINOR: init: extract args parsing to their own function The cmdline argument parsing was performed quite late, which prevents from retrieving elements that can be used to initialize the pools and certain sensitive areas. The goal is to improve this by parsing command line arguments right after the early init stage. This is possible because the cmdline parser already does very little beyond retrieving config elements that are used later. Doing so requires to move the parser code to a separate function and to externalize a few variables out of the function as they're used later in the boot process, in the original function. This patch creates init_args() but doesn't move it upfront yet, it's still executed just before init(), which essentially corresponds to what was done before (only the trash buffers, ACLs and Lua were initialized earlier and are not needed for this). The rest is not modified and as expected no change is observed. Note that the diff doesn't to justice to the change as it makes it look like the early init() code was moved to a new function after the function was renamed, while in fact it's clearly the parser itself which moved.
2022-02-17 12:10:36 -05:00
case 'p' :
free(global.pidfile);
if ((global.pidfile = strdup(*argv)) == NULL) {
ha_alert("Cannot allocate memory for pidfile.\n");
exit(EXIT_FAILURE);
}
break;
[CLEANUP] startup: report only the basename in the usage message Don't write the full path to the program, just the program name.
2011-09-10 13:20:23 -04:00
default: usage(progname);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
}
}
else
[CLEANUP] startup: report only the basename in the usage message Don't write the full path to the program, just the program name.
2011-09-10 13:20:23 -04:00
usage(progname);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
argv++; argc--;
}
MINOR: init: extract args parsing to their own function The cmdline argument parsing was performed quite late, which prevents from retrieving elements that can be used to initialize the pools and certain sensitive areas. The goal is to improve this by parsing command line arguments right after the early init stage. This is possible because the cmdline parser already does very little beyond retrieving config elements that are used later. Doing so requires to move the parser code to a separate function and to externalize a few variables out of the function as they're used later in the boot process, in the original function. This patch creates init_args() but doesn't move it upfront yet, it's still executed just before init(), which essentially corresponds to what was done before (only the trash buffers, ACLs and Lua were initialized earlier and are not needed for this). The rest is not modified and as expected no change is observed. Note that the diff doesn't to justice to the change as it makes it look like the early init() code was moved to a new function after the function was renamed, while in fact it's clearly the parser itself which moved.
2022-02-17 12:10:36 -05:00
free(err_msg);
}
MINOR: management: add some basic keyword dump infrastructure It's difficult from outside haproxy to detect the supported keywords and syntax. Interestingly, many of our modern keywords are enumerated since they're registered from constructors, so it's not very hard to enumerate most of them. This patch creates some basic infrastructure to support dumping existing keywords from different classes on stdout. The format will differ depending on the classes, but the idea is that the output could easily be passed to a script that generates some simple syntax highlighting rules, completion rules for editors, syntax checkers or config parsers. The principle chosen here is that if "-dK" is passed on the command-line, at the end of the parsing the registered keywords will be dumped for the requested classes passed after "-dK". Special name "help" will show known classes, while "all" will execute all of them. The reason for doing that after the end of the config processor is that it will also enumerate internally-generated keywords, Lua or even those loaded from external code (e.g. if an add-on is loaded using LD_PRELOAD). A typical way to call this with a valid config would be: ./haproxy -dKall -q -c -f /path/to/config If there's no config available, feeding /dev/null will also do the job, though it will not be able to detect dynamically created keywords, of course. This patch also updates the management doc. For now nothing but the help is listed, various subsystems will follow in subsequent patches.
2022-03-08 10:01:40 -05:00
/* call the various keyword dump functions based on the comma-delimited list of
* classes in kwd_dump.
*/
static void dump_registered_keywords(void)
{
char *end;
int all __maybe_unused = 0;
for (; kwd_dump && *kwd_dump; kwd_dump = end) {
end = strchr(kwd_dump, ',');
if (end)
*(end++) = 0;
if (strcmp(kwd_dump, "help") == 0) {
printf("# List of supported keyword classes:\n");
printf("all: list all keywords\n");
MINOR: acl: add a function to dump the list of known ACL keywords New function acl_dump_kwd() dumps the registered ACL keywords and their sample-fetch equivalent to stdout. It's called by dump_registered_keywords() for keyword class "acl".
2022-03-29 09:36:56 -04:00
printf("acl: ACL keywords\n");
MINOR: config: add a function to dump all known config keywords All registered config keywords that are valid in the config parser are dumped to stdout organized like the regular sections (global, listen, etc). Some keywords that are known to only be valid in frontends or backends will be suffixed with [FE] or [BE]. All regularly registered "bind" and "server" keywords are also dumped, one per "bind" or "server" line. Those depending on ssl are listed after the "ssl" keyword. Doing so required to export the listener and server keyword lists that were static. The function is called from dump_registered_keywords() for keyword class "cfg".
2022-03-29 09:02:44 -04:00
printf("cfg: configuration keywords\n");
MINOR: cli: add a new keyword dump function New function cli_list_keywords() scans the list of registered CLI keywords and dumps them on stdout. It's now called from dump_registered_keywords() for the class "cli". Some keywords are valid for the master, they'll be suffixed with "[MASTER]". Others are valid for the worker, they'll have "[WORKER]". Those accessible only in expert mode will show "[EXPERT]" and the experimental ones will show "[EXPERIM]".
2022-03-29 09:25:30 -04:00
printf("cli: CLI keywords\n");
MINOR: sample: list registered sample converter functions Similar to the sample fetch keywords, let's also list the converter keywords. They're much simpler since there's no compatibility matrix. Instead the input and output types are listed. This is called by dump_registered_keywords() for the "cnv" keywords class.
2022-03-29 10:59:49 -04:00
printf("cnv: sample converter keywords\n");
MINOR: filters: extend flt_dump_kws() to dump to stdout When passing a NULL output buffer the function will now dump to stdout with a more compact format that is more suitable for machine processing. An entry was added to dump_registered_keyword() to call it when the keyword class "flt" is requested.
2022-03-29 09:03:09 -04:00
printf("flt: filter names\n");
MINOR: samples: add a function to list register sample fetch keywords New function smp_dump_fetch_kw lists registered sample fetch keywords with their compatibility matrix, mandatory and optional argument types, and output types. It's called from dump_registered_keywords() with class "smp".
2022-03-29 10:51:29 -04:00
printf("smp: sample fetch functions\n");
MINOR: services: extend list_services() to dump to stdout When no output stream is passed, stdout is used with one entry per line, and this is called from dump_registered_services() when passed the class "svc".
2022-03-29 09:10:44 -04:00
printf("svc: service names\n");
MINOR: management: add some basic keyword dump infrastructure It's difficult from outside haproxy to detect the supported keywords and syntax. Interestingly, many of our modern keywords are enumerated since they're registered from constructors, so it's not very hard to enumerate most of them. This patch creates some basic infrastructure to support dumping existing keywords from different classes on stdout. The format will differ depending on the classes, but the idea is that the output could easily be passed to a script that generates some simple syntax highlighting rules, completion rules for editors, syntax checkers or config parsers. The principle chosen here is that if "-dK" is passed on the command-line, at the end of the parsing the registered keywords will be dumped for the requested classes passed after "-dK". Special name "help" will show known classes, while "all" will execute all of them. The reason for doing that after the end of the config processor is that it will also enumerate internally-generated keywords, Lua or even those loaded from external code (e.g. if an add-on is loaded using LD_PRELOAD). A typical way to call this with a valid config would be: ./haproxy -dKall -q -c -f /path/to/config If there's no config available, feeding /dev/null will also do the job, though it will not be able to detect dynamically created keywords, of course. This patch also updates the management doc. For now nothing but the help is listed, various subsystems will follow in subsequent patches.
2022-03-08 10:01:40 -05:00
continue;
}
else if (strcmp(kwd_dump, "all") == 0) {
all = 1;
}
MINOR: config: add a function to dump all known config keywords All registered config keywords that are valid in the config parser are dumped to stdout organized like the regular sections (global, listen, etc). Some keywords that are known to only be valid in frontends or backends will be suffixed with [FE] or [BE]. All regularly registered "bind" and "server" keywords are also dumped, one per "bind" or "server" line. Those depending on ssl are listed after the "ssl" keyword. Doing so required to export the listener and server keyword lists that were static. The function is called from dump_registered_keywords() for keyword class "cfg".
2022-03-29 09:02:44 -04:00
MINOR: acl: add a function to dump the list of known ACL keywords New function acl_dump_kwd() dumps the registered ACL keywords and their sample-fetch equivalent to stdout. It's called by dump_registered_keywords() for keyword class "acl".
2022-03-29 09:36:56 -04:00
if (all || strcmp(kwd_dump, "acl") == 0) {
printf("# List of registered ACL keywords:\n");
acl_dump_kwd();
}
MINOR: config: add a function to dump all known config keywords All registered config keywords that are valid in the config parser are dumped to stdout organized like the regular sections (global, listen, etc). Some keywords that are known to only be valid in frontends or backends will be suffixed with [FE] or [BE]. All regularly registered "bind" and "server" keywords are also dumped, one per "bind" or "server" line. Those depending on ssl are listed after the "ssl" keyword. Doing so required to export the listener and server keyword lists that were static. The function is called from dump_registered_keywords() for keyword class "cfg".
2022-03-29 09:02:44 -04:00
if (all || strcmp(kwd_dump, "cfg") == 0) {
printf("# List of registered configuration keywords:\n");
cfg_dump_registered_keywords();
}
MINOR: filters: extend flt_dump_kws() to dump to stdout When passing a NULL output buffer the function will now dump to stdout with a more compact format that is more suitable for machine processing. An entry was added to dump_registered_keyword() to call it when the keyword class "flt" is requested.
2022-03-29 09:03:09 -04:00
MINOR: cli: add a new keyword dump function New function cli_list_keywords() scans the list of registered CLI keywords and dumps them on stdout. It's now called from dump_registered_keywords() for the class "cli". Some keywords are valid for the master, they'll be suffixed with "[MASTER]". Others are valid for the worker, they'll have "[WORKER]". Those accessible only in expert mode will show "[EXPERT]" and the experimental ones will show "[EXPERIM]".
2022-03-29 09:25:30 -04:00
if (all || strcmp(kwd_dump, "cli") == 0) {
printf("# List of registered CLI keywords:\n");
cli_list_keywords();
}
MINOR: sample: list registered sample converter functions Similar to the sample fetch keywords, let's also list the converter keywords. They're much simpler since there's no compatibility matrix. Instead the input and output types are listed. This is called by dump_registered_keywords() for the "cnv" keywords class.
2022-03-29 10:59:49 -04:00
if (all || strcmp(kwd_dump, "cnv") == 0) {
printf("# List of registered sample converter functions:\n");
smp_dump_conv_kw();
}
MINOR: filters: extend flt_dump_kws() to dump to stdout When passing a NULL output buffer the function will now dump to stdout with a more compact format that is more suitable for machine processing. An entry was added to dump_registered_keyword() to call it when the keyword class "flt" is requested.
2022-03-29 09:03:09 -04:00
if (all || strcmp(kwd_dump, "flt") == 0) {
printf("# List of registered filter names:\n");
flt_dump_kws(NULL);
}
MINOR: services: extend list_services() to dump to stdout When no output stream is passed, stdout is used with one entry per line, and this is called from dump_registered_services() when passed the class "svc".
2022-03-29 09:10:44 -04:00
MINOR: samples: add a function to list register sample fetch keywords New function smp_dump_fetch_kw lists registered sample fetch keywords with their compatibility matrix, mandatory and optional argument types, and output types. It's called from dump_registered_keywords() with class "smp".
2022-03-29 10:51:29 -04:00
if (all || strcmp(kwd_dump, "smp") == 0) {
printf("# List of registered sample fetch functions:\n");
smp_dump_fetch_kw();
}
MINOR: services: extend list_services() to dump to stdout When no output stream is passed, stdout is used with one entry per line, and this is called from dump_registered_services() when passed the class "svc".
2022-03-29 09:10:44 -04:00
if (all || strcmp(kwd_dump, "svc") == 0) {
printf("# List of registered service names:\n");
list_services(NULL);
}
MINOR: management: add some basic keyword dump infrastructure It's difficult from outside haproxy to detect the supported keywords and syntax. Interestingly, many of our modern keywords are enumerated since they're registered from constructors, so it's not very hard to enumerate most of them. This patch creates some basic infrastructure to support dumping existing keywords from different classes on stdout. The format will differ depending on the classes, but the idea is that the output could easily be passed to a script that generates some simple syntax highlighting rules, completion rules for editors, syntax checkers or config parsers. The principle chosen here is that if "-dK" is passed on the command-line, at the end of the parsing the registered keywords will be dumped for the requested classes passed after "-dK". Special name "help" will show known classes, while "all" will execute all of them. The reason for doing that after the end of the config processor is that it will also enumerate internally-generated keywords, Lua or even those loaded from external code (e.g. if an add-on is loaded using LD_PRELOAD). A typical way to call this with a valid config would be: ./haproxy -dKall -q -c -f /path/to/config If there's no config available, feeding /dev/null will also do the job, though it will not be able to detect dynamically created keywords, of course. This patch also updates the management doc. For now nothing but the help is listed, various subsystems will follow in subsequent patches.
2022-03-08 10:01:40 -05:00
}
}
MINOR: global: generate random cluster.secret if not defined If no cluster-secret is defined by the user, a random one is silently generated. This ensures that at least QUIC Retry tokens are generated if abnormal conditions are detected. However, it is advisable to specify it in the configuration for tokens to be valid even after a reload or across LBs instances in the same cluster. This should be backported up to 2.6.
2022-11-14 10:18:46 -05:00
/* Generate a random cluster-secret in case the setting is not provided in the
* configuration. This allows to use features which rely on it albeit with some
* limitations.
*/
static void generate_random_cluster_secret()
{
/* used as a default random cluster-secret if none defined. */
BUG/MINOR: quic: Wrong cluster secret initialization The function generate_random_cluster_secret() which initializes the cluster secret when not supplied by configuration is buggy. There 1/256 that the cluster secret string is empty. To fix this, one stores the cluster as a reduced size first 128 bits of its own SHA1 (160 bits) digest, if defined by configuration. If this is not the case, it is initialized with a 128 bits random value. Furthermore, thus the cluster secret is always initialized. As the cluster secret is always initialized, there are several tests which are for now on useless. This patch removes such tests (if(global.cluster_secret)) in the QUIC code part and at parsing time: no need to check that a cluster secret was initialized with "quic-force-retry" option. Must be backported as far as 2.6.
2023-09-07 12:43:52 -04:00
uint64_t rand;
MINOR: global: generate random cluster.secret if not defined If no cluster-secret is defined by the user, a random one is silently generated. This ensures that at least QUIC Retry tokens are generated if abnormal conditions are detected. However, it is advisable to specify it in the configuration for tokens to be valid even after a reload or across LBs instances in the same cluster. This should be backported up to 2.6.
2022-11-14 10:18:46 -05:00
/* The caller must not overwrite an already defined secret. */
BUG/MINOR: quic: Wrong cluster secret initialization The function generate_random_cluster_secret() which initializes the cluster secret when not supplied by configuration is buggy. There 1/256 that the cluster secret string is empty. To fix this, one stores the cluster as a reduced size first 128 bits of its own SHA1 (160 bits) digest, if defined by configuration. If this is not the case, it is initialized with a 128 bits random value. Furthermore, thus the cluster secret is always initialized. As the cluster secret is always initialized, there are several tests which are for now on useless. This patch removes such tests (if(global.cluster_secret)) in the QUIC code part and at parsing time: no need to check that a cluster secret was initialized with "quic-force-retry" option. Must be backported as far as 2.6.
2023-09-07 12:43:52 -04:00
BUG_ON(cluster_secret_isset);
MINOR: global: generate random cluster.secret if not defined If no cluster-secret is defined by the user, a random one is silently generated. This ensures that at least QUIC Retry tokens are generated if abnormal conditions are detected. However, it is advisable to specify it in the configuration for tokens to be valid even after a reload or across LBs instances in the same cluster. This should be backported up to 2.6.
2022-11-14 10:18:46 -05:00
BUG/MINOR: quic: Wrong cluster secret initialization The function generate_random_cluster_secret() which initializes the cluster secret when not supplied by configuration is buggy. There 1/256 that the cluster secret string is empty. To fix this, one stores the cluster as a reduced size first 128 bits of its own SHA1 (160 bits) digest, if defined by configuration. If this is not the case, it is initialized with a 128 bits random value. Furthermore, thus the cluster secret is always initialized. As the cluster secret is always initialized, there are several tests which are for now on useless. This patch removes such tests (if(global.cluster_secret)) in the QUIC code part and at parsing time: no need to check that a cluster secret was initialized with "quic-force-retry" option. Must be backported as far as 2.6.
2023-09-07 12:43:52 -04:00
rand = ha_random64();
MINOR: global: generate random cluster.secret if not defined If no cluster-secret is defined by the user, a random one is silently generated. This ensures that at least QUIC Retry tokens are generated if abnormal conditions are detected. However, it is advisable to specify it in the configuration for tokens to be valid even after a reload or across LBs instances in the same cluster. This should be backported up to 2.6.
2022-11-14 10:18:46 -05:00
memcpy(global.cluster_secret, &rand, sizeof(rand));
BUG/MINOR: quic: Wrong cluster secret initialization The function generate_random_cluster_secret() which initializes the cluster secret when not supplied by configuration is buggy. There 1/256 that the cluster secret string is empty. To fix this, one stores the cluster as a reduced size first 128 bits of its own SHA1 (160 bits) digest, if defined by configuration. If this is not the case, it is initialized with a 128 bits random value. Furthermore, thus the cluster secret is always initialized. As the cluster secret is always initialized, there are several tests which are for now on useless. This patch removes such tests (if(global.cluster_secret)) in the QUIC code part and at parsing time: no need to check that a cluster secret was initialized with "quic-force-retry" option. Must be backported as far as 2.6.
2023-09-07 12:43:52 -04:00
rand = ha_random64();
memcpy(global.cluster_secret + sizeof(rand), &rand, sizeof(rand));
cluster_secret_isset = 1;
MINOR: global: generate random cluster.secret if not defined If no cluster-secret is defined by the user, a random one is silently generated. This ensures that at least QUIC Retry tokens are generated if abnormal conditions are detected. However, it is advisable to specify it in the configuration for tokens to be valid even after a reload or across LBs instances in the same cluster. This should be backported up to 2.6.
2022-11-14 10:18:46 -05:00
}
MINOR: init: extract args parsing to their own function The cmdline argument parsing was performed quite late, which prevents from retrieving elements that can be used to initialize the pools and certain sensitive areas. The goal is to improve this by parsing command line arguments right after the early init stage. This is possible because the cmdline parser already does very little beyond retrieving config elements that are used later. Doing so requires to move the parser code to a separate function and to externalize a few variables out of the function as they're used later in the boot process, in the original function. This patch creates init_args() but doesn't move it upfront yet, it's still executed just before init(), which essentially corresponds to what was done before (only the trash buffers, ACLs and Lua were initialized earlier and are not needed for this). The rest is not modified and as expected no change is observed. Note that the diff doesn't to justice to the change as it makes it look like the early init() code was moved to a new function after the function was renamed, while in fact it's clearly the parser itself which moved.
2022-02-17 12:10:36 -05:00
/*
* This function initializes all the necessary variables. It only returns
* if everything is OK. If something fails, it exits.
*/
static void init(int argc, char **argv)
{
char *progname = global.log_tag.area;
int err_code = 0;
struct proxy *px;
struct post_check_fct *pcf;
MINOR: init: add the pre-check callback This adds a call to function <fct> to the list of functions to be called at the step just before the configuration validity checks. This is useful when you need to create things like it would have been done during the configuration parsing and where the initialization should continue in the configuration check. It could be used for example to generate a proxy with multiple servers using the configuration parser itself. At this step the trash buffers are allocated. Threads are not yet started so no protection is required. The function is expected to return non-zero on success, or zero on failure. A failure will make the process emit a succinct error message and immediately exit.
2022-04-21 12:02:53 -04:00
struct pre_check_fct *prcf;
MEDIUM: startup: make read_cfg() return immediately on ENOMEM This commit prepares read_cfg() to call load_cfg_in_mem() helper in order to load configuration files in memory. Before, read_cfg() calls the parser for all files from cfg_cfgfiles list and cumulates parser's errors and memprintf's errors in for_each loop. memprintf's errors did not stop this loop and were accounted just after. Now, as we plan to load configuration files in memory, we stop the loop, if memprintf() fails, and we show appropraite error message with ha_alert. Then process terminates. So not all cumulated syntax-related errors will be shown before exit in this case and we has to stop, because we run out of memory. If we can't open the current file or we fail to allocate a memory to store some configuration line, the previous behaviour is kept, process emits appropriate alert message and exits. If parser returns some syntax-related error on the current file, the previous behaviour is kept as well. We cumulate such errors for all parsed files and we check them just after the loop. All syntax-related errors for all files is shown then as before in ha_alert messages line by line during the startup. Then process will exit with 1. As now cfg_cfgfiles list contains many pointers to some memory areas with configuration files content and this content could be big, it's better to free the list explicitly, when parsing was finished. So, let's change read_cfg() to return some integer value to its caller init(), and let's perform the free routine at a caller level, as cfg_cfgfiles list was initialized and initially filled at this level.
2024-08-05 04:03:52 -04:00
struct cfgfile *cfg, *cfg_tmp;
MINOR: startup: fix unused value reported by coverity Unused 0 is assigned to ret, as it's rewritten by error code of read_cfg(). This issue was reported by coverity.
2024-08-08 12:54:28 -04:00
int ret, ideal_maxconn;
MINOR: init: add info about the main program to the post_mortem struct This way we'll still have haproxy's version, build options etc in core dumps and centralized all at once.
2023-11-23 05:32:24 -05:00
const char *cc, *cflags, *opts;
MINOR: init: extract args parsing to their own function The cmdline argument parsing was performed quite late, which prevents from retrieving elements that can be used to initialize the pools and certain sensitive areas. The goal is to improve this by parsing command line arguments right after the early init stage. This is possible because the cmdline parser already does very little beyond retrieving config elements that are used later. Doing so requires to move the parser code to a separate function and to externalize a few variables out of the function as they're used later in the boot process, in the original function. This patch creates init_args() but doesn't move it upfront yet, it's still executed just before init(), which essentially corresponds to what was done before (only the trash buffers, ACLs and Lua were initialized earlier and are not needed for this). The rest is not modified and as expected no change is observed. Note that the diff doesn't to justice to the change as it makes it look like the early init() code was moved to a new function after the function was renamed, while in fact it's clearly the parser itself which moved.
2022-02-17 12:10:36 -05:00
BUG/MINOR: ssl: initialize WolfSSL before parsing The wolfSSL library need to be initialized before parsing the configuration which uses some SSL functions. To be backported in 2.6.
2022-12-02 11:17:43 -05:00
#ifdef USE_OPENSSL
#ifdef USE_OPENSSL_WOLFSSL
wolfSSL_Init();
wolfSSL_Debugging_ON();
#endif
BUILD: ssl: Build with new cryptographic library AWS-LC This adds a new option for the Makefile USE_OPENSSL_AWSLC, and update the documentation with instructions to use HAProxy with AWS-LC. Update the type of the OCSP callback retrieved with SSL_CTX_get_tlsext_status_cb with the actual type for libcrypto versions greater than 1.0.2. This doesn't affect OpenSSL which casts the callback to void* in SSL_CTX_ctrl.
2023-07-06 18:41:46 -04:00
BUILD: ssl: replace USE_OPENSSL_AWSLC by OPENSSL_IS_AWSLC Replace USE_OPENSSL_AWSLC by OPENSSL_IS_AWSLC in the code source, so we won't need to set USE_OPENSSL_AWSLC in the Makefile on the long term.
2024-07-30 09:51:59 -04:00
#ifdef OPENSSL_IS_AWSLC
BUILD: ssl: Build with new cryptographic library AWS-LC This adds a new option for the Makefile USE_OPENSSL_AWSLC, and update the documentation with instructions to use HAProxy with AWS-LC. Update the type of the OCSP callback retrieved with SSL_CTX_get_tlsext_status_cb with the actual type for libcrypto versions greater than 1.0.2. This doesn't affect OpenSSL which casts the callback to void* in SSL_CTX_ctrl.
2023-07-06 18:41:46 -04:00
const char *version_str = OpenSSL_version(OPENSSL_VERSION);
if (strncmp(version_str, "AWS-LC", 6) != 0) {
ha_alert("HAPRoxy built with AWS-LC but running with %s.\n", version_str);
exit(1);
}
#endif
BUG/MINOR: ssl: initialize WolfSSL before parsing The wolfSSL library need to be initialized before parsing the configuration which uses some SSL functions. To be backported in 2.6.
2022-12-02 11:17:43 -05:00
#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
BUG/MINOR: ssl: initialize SSL error before parsing The SSL error initialization need to be done before the configuration parsing, because it uses the SSL. Need to be backported to 2.6.
2022-12-02 11:06:59 -05:00
/* Initialize the error strings of OpenSSL
* It only needs to be done explicitly with older versions of the SSL
* library. On newer versions, errors strings are loaded during start
* up. */
SSL_load_error_strings();
BUG/MINOR: ssl: initialize WolfSSL before parsing The wolfSSL library need to be initialized before parsing the configuration which uses some SSL functions. To be backported in 2.6.
2022-12-02 11:17:43 -05:00
#endif
BUG/MINOR: ssl: initialize SSL error before parsing The SSL error initialization need to be done before the configuration parsing, because it uses the SSL. Need to be backported to 2.6.
2022-12-02 11:06:59 -05:00
#endif
MINOR: logs: startup-logs can use a shm for logging the reload When compiled with USE_SHM_OPEN=1 the startup-logs are now able to use an shm which is used to keep the logs when switching to mworker wait mode. This allows to keep the failed reload logs. When allocating the startup-logs at first start of the process, haproxy will do a shm_open with a unique path using the PID of the process, the file is unlink immediatly so we don't let unwelcomed files be. The fd resulting from this shm is stored in the HAPROXY_STARTUPLOGS_FD environment variable so it can be mmap again when switching to wait mode. When forking children, the process is copying the mmap to a a mallocated ring so we never share the same memory section between the master and the workers. When switching to wait mode, the shm is not used anymore as it is also copied to a mallocated structure. This allow to use the "show startup-logs" command over the master CLI, to get the logs of the latest startup or reload. This way the logs of the latest failed reload are also kept. This is only activated on the linux-glibc target for now.
2022-09-26 06:54:39 -04:00
startup_logs_init();
MINOR: init: extract args parsing to their own function The cmdline argument parsing was performed quite late, which prevents from retrieving elements that can be used to initialize the pools and certain sensitive areas. The goal is to improve this by parsing command line arguments right after the early init stage. This is possible because the cmdline parser already does very little beyond retrieving config elements that are used later. Doing so requires to move the parser code to a separate function and to externalize a few variables out of the function as they're used later in the boot process, in the original function. This patch creates init_args() but doesn't move it upfront yet, it's still executed just before init(), which essentially corresponds to what was done before (only the trash buffers, ACLs and Lua were initialized earlier and are not needed for this). The rest is not modified and as expected no change is observed. Note that the diff doesn't to justice to the change as it makes it look like the early init() code was moved to a new function after the function was renamed, while in fact it's clearly the parser itself which moved.
2022-02-17 12:10:36 -05:00
if (init_acl() != 0)
exit(1);
/* Initialise lua. */
hlua_init();
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MINOR: startup: Extend the scope the MODE_STARTING flag Now, MODE_STARTING is set at the begining to init function and it is removed just before the polling loop. So more alerts or warnings are saved.
2017-10-24 07:53:54 -04:00
global.mode |= (arg_mode & (MODE_DAEMON | MODE_MWORKER | MODE_FOREGROUND | MODE_VERBOSE
MINOR: global: define diagnostic mode of execution Define MODE_DIAG which is used to run haproxy in diagnostic mode. This mode is used to output extra warnings about possible configuration blunder or sub-optimal usage. It can be activated with argument '-dD'. A new output function ha_diag_warning is implemented reserved for diagnostic output. It serves to standardize the format of diagnostic messages. A macro HA_DIAG_WARN_COND is also available to automatically check if diagnostic mode is on before executing the diagnostic check.
2021-03-29 04:29:07 -04:00
| MODE_QUIET | MODE_CHECK | MODE_DEBUG | MODE_ZERO_WARNING
MINOR: config: Add option line when the configuration file is dumped Add an option to dump the number lines of the configuration file when it's dumped. Other options can be easily added. Options are separated by ',' when tapping the command line: './haproxy -dC[key],line -f [file]' No backport needed, except if anonymization mechanism is backported.
2022-09-29 04:34:04 -04:00
| MODE_DIAG | MODE_CHECK_CONDITION | MODE_DUMP_LIBS | MODE_DUMP_KWD
| MODE_DUMP_CFG | MODE_DUMP_NB_L));
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
if (getenv("HAPROXY_MWORKER_WAIT_ONLY")) {
MEDIUM: mworker: wait mode on reload failure In Master Worker mode, when the reloading of the configuration fail, the process is exiting leaving the children without their father. To handle this, we register an exit function with atexit(3), which is reexecuting the binary in a special mode. This particular mode of HAProxy don't reload the configuration, it only loops on wait().
2017-06-01 11:38:52 -04:00
unsetenv("HAPROXY_MWORKER_WAIT_ONLY");
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
global.mode |= MODE_MWORKER_WAIT;
global.mode &= ~MODE_MWORKER;
MEDIUM: mworker: wait mode on reload failure In Master Worker mode, when the reloading of the configuration fail, the process is exiting leaving the children without their father. To handle this, we register an exit function with atexit(3), which is reexecuting the binary in a special mode. This particular mode of HAProxy don't reload the configuration, it only loops on wait().
2017-06-01 11:38:52 -04:00
}
REORG: init: encapsulate CHECK_CONDITION logic in a func As MODE_CHECK_CONDITION logic terminates the process anyway, no matter if the test for the provided condition was successfull or not, let's encapsulate it in a separate function. This makes the code of init() more readable.
2024-06-26 12:39:45 -04:00
/* Do check_condition, if we started with -cc, and exit. */
if (global.mode & MODE_CHECK_CONDITION)
do_check_condition(progname);
MINOR: haproxy: Add `-cc` argument This patch adds the `-cc` (check condition) argument to evaluate conditions on startup and return the result as the exit code. As an example this can be used to easily check HAProxy's version in scripts: haproxy -cc 'version_atleast(2.4)' This resolves GitHub issue #1246. Co-authored-by: Tim Duesterhus <tim@bastelstu.be>
2021-06-05 18:50:22 -04:00
REORG: init: do MODE_CHECK_CONDITION logic first In MODE_CHECK_CONDITION we only parse check_condition string, provided by '-cc', and then we evaluate it. Haproxy process terminates at the end of {if..else} block anyway, if the test has failed or passed. So, it will be more appropriate to perform MODE_CHECK_CONDITION test first and then do all other process runtime mode verifications.
2024-06-26 12:29:47 -04:00
/* set the atexit functions when not doing configuration check */
if (!(global.mode & MODE_CHECK) && (getenv("HAPROXY_MWORKER_REEXEC") != NULL)) {
if (global.mode & MODE_MWORKER) {
atexit_flag = 1;
atexit(reexec_on_failure);
} else if (global.mode & MODE_MWORKER_WAIT) {
atexit_flag = 1;
atexit(exit_on_waitmode_failure);
}
}
if (change_dir && chdir(change_dir) < 0) {
ha_alert("Could not change to directory %s : %s\n", change_dir, strerror(errno));
exit(1);
}
usermsgs_clr("config");
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
/* in wait mode, we don't try to read the configuration files */
MEDIUM: startup: make read_cfg() return immediately on ENOMEM This commit prepares read_cfg() to call load_cfg_in_mem() helper in order to load configuration files in memory. Before, read_cfg() calls the parser for all files from cfg_cfgfiles list and cumulates parser's errors and memprintf's errors in for_each loop. memprintf's errors did not stop this loop and were accounted just after. Now, as we plan to load configuration files in memory, we stop the loop, if memprintf() fails, and we show appropraite error message with ha_alert. Then process terminates. So not all cumulated syntax-related errors will be shown before exit in this case and we has to stop, because we run out of memory. If we can't open the current file or we fail to allocate a memory to store some configuration line, the previous behaviour is kept, process emits appropriate alert message and exits. If parser returns some syntax-related error on the current file, the previous behaviour is kept as well. We cumulate such errors for all parsed files and we check them just after the loop. All syntax-related errors for all files is shown then as before in ha_alert messages line by line during the startup. Then process will exit with 1. As now cfg_cfgfiles list contains many pointers to some memory areas with configuration files content and this content could be big, it's better to free the list explicitly, when parsing was finished. So, let's change read_cfg() to return some integer value to its caller init(), and let's perform the free routine at a caller level, as cfg_cfgfiles list was initialized and initially filled at this level.
2024-08-05 04:03:52 -04:00
if (!(global.mode & MODE_MWORKER_WAIT)) {
ret = read_cfg(progname);
/* free memory to store config file content */
list_for_each_entry_safe(cfg, cfg_tmp, &cfg_cfgfiles, list)
ha_free(&cfg->content);
if (ret < 0)
exit(1);
}
MINOR: init: setenv HAPROXY_CFGFILES Set the HAPROXY_CFGFILES environment variable which contains the list of configuration files used to start haproxy, separated by semicolon.
2019-05-20 05:15:37 -04:00
MEDIUM: mworker: each worker socketpair is a CLI listener The init code of the mworker_proc structs has been moved before the init of the listeners. Each socketpair is now connected to a CLI within the workers, which allows the master to access their CLI. The inherited flag of the worker side socketpair is removed so the socket can be closed in the master.
2018-10-26 08:47:30 -04:00
if (global.mode & MODE_MWORKER) {
MINOR: cli: show master information in 'show proc' Displays the master information in show proc.
2018-11-19 12:46:18 -05:00
struct mworker_proc *tmproc;
MINOR: mworker: export HAPROXY_MWORKER=1 when running in mworker mode Export HAPROXY_MWORKER=1 in an environment variable when running in mworker mode.
2019-04-12 10:15:00 -04:00
setenv("HAPROXY_MWORKER", "1", 1);
MINOR: cli: show master information in 'show proc' Displays the master information in show proc.
2018-11-19 12:46:18 -05:00
if (getenv("HAPROXY_MWORKER_REEXEC") == NULL) {
MINOR: mworker: allocate and initialize a mworker_proc mworker_proc_new() allocates and initializes correctly a mworker_proc structure.
2022-01-28 15:11:41 -05:00
tmproc = mworker_proc_new();
MINOR: cli: show master information in 'show proc' Displays the master information in show proc.
2018-11-19 12:46:18 -05:00
if (!tmproc) {
ha_alert("Cannot allocate process structures.\n");
exit(EXIT_FAILURE);
}
CLEANUP: mworker: remove the type field in mworker_proc Since the introduction of the options field, we can use it to store the type of process. type = 'm' is replaced by PROC_O_TYPE_MASTER type = 'w' is replaced by PROC_O_TYPE_WORKER type = 'e' is replaced by PROC_O_TYPE_PROG The old values are still used in the HAPROXY_PROCESSES environment variable to pass the information during a reload.
2019-04-12 10:09:23 -04:00
tmproc->options |= PROC_O_TYPE_MASTER; /* master */
MINOR: cli: show master information in 'show proc' Displays the master information in show proc.
2018-11-19 12:46:18 -05:00
tmproc->pid = pid;
BUG/MINOR: mworker: prevent incorrect values in uptime Since the recent changes on the clocks, now.tv_sec is not to be used between processes because it's a clock which is local to the process and does not contain a real unix timestamp. This patch fixes the issue by using "data.tv_sec" which is the wall clock instead of "now.tv_sec'. It prevents having incoherent timestamps. It also introduces some checks on negatives values in order to never displays a netative value if it was computed from a wrong value set by a previous haproxy version. It must be backported as far as 2.0.
2023-02-17 10:23:52 -05:00
tmproc->timestamp = start_date.tv_sec;
MINOR: cli: show master information in 'show proc' Displays the master information in show proc.
2018-11-19 12:46:18 -05:00
proc_self = tmproc;
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_APPEND(&proc_list, &tmproc->list);
MINOR: cli: show master information in 'show proc' Displays the master information in show proc.
2018-11-19 12:46:18 -05:00
}
MEDIUM: mworker: each worker socketpair is a CLI listener The init code of the mworker_proc structs has been moved before the init of the listeners. Each socketpair is now connected to a CLI within the workers, which allows the master to access their CLI. The inherited flag of the worker side socketpair is removed so the socket can be closed in the master.
2018-10-26 08:47:30 -04:00
MINOR: mworker: allocate and initialize a mworker_proc mworker_proc_new() allocates and initializes correctly a mworker_proc structure.
2022-01-28 15:11:41 -05:00
tmproc = mworker_proc_new();
MINOR: mworker: remove the initialization loop over processes There was a loop used to prepare structures for all current processes. Let's just assume there's a single iteration now.
2021-06-15 02:02:06 -04:00
if (!tmproc) {
ha_alert("Cannot allocate process structures.\n");
exit(EXIT_FAILURE);
}
tmproc->options |= PROC_O_TYPE_WORKER; /* worker */
MEDIUM: mworker: each worker socketpair is a CLI listener The init code of the mworker_proc structs has been moved before the init of the listeners. Each socketpair is now connected to a CLI within the workers, which allows the master to access their CLI. The inherited flag of the worker side socketpair is removed so the socket can be closed in the master.
2018-10-26 08:47:30 -04:00
MINOR: mworker: remove the initialization loop over processes There was a loop used to prepare structures for all current processes. Let's just assume there's a single iteration now.
2021-06-15 02:02:06 -04:00
if (mworker_cli_sockpair_new(tmproc, 0) < 0) {
exit(EXIT_FAILURE);
MEDIUM: mworker: each worker socketpair is a CLI listener The init code of the mworker_proc structs has been moved before the init of the listeners. Each socketpair is now connected to a CLI within the workers, which allows the master to access their CLI. The inherited flag of the worker side socketpair is removed so the socket can be closed in the master.
2018-10-26 08:47:30 -04:00
}
MINOR: mworker: remove the initialization loop over processes There was a loop used to prepare structures for all current processes. Let's just assume there's a single iteration now.
2021-06-15 02:02:06 -04:00
LIST_APPEND(&proc_list, &tmproc->list);
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
}
BUG/MEDIUM: master: force the thread count earlier Christopher bisected that recent commit d0b73bca71 ("MEDIUM: listener: switch bind_thread from global to group-local") broke the master socket in that only the first out of the Nth initial connections would work, where N is the number of threads, after which they all work. The cause is that the master socket was bound to multiple threads, despite global.nbthread being 1 there, so the incoming connection load balancing would try to send incoming connections to non-existing threads, however the bind_thread mask would nonetheless include multiple threads. What happened is that in 1.9 we forced "nbthread" to 1 in the master's poll loop with commit b3f2be338b ("MEDIUM: mworker: use the haproxy poll loop"). In 2.0, nbthread detection was enabled by default in commit 149ab779cc ("MAJOR: threads: enable one thread per CPU by default"). From this point on, the operation above is unsafe because everything during startup is performed with nbthread corresponding to the default value, then it changes to one when starting the polling loop. But by then we weren't using the wait mode except for reload errors, so even if it would have happened nobody would have noticed. In 2.5 with commit fab0fdce9 ("MEDIUM: mworker: reexec in waitpid mode after successful loading") we started to rexecute all the time, not just for errors, so as to release precious resources and to possibly spot bugs that were rarely exposed in this mode. By then the incoming connection LB was enforcing all_threads_mask on the listener's thread mask so that the incorrect value was being corrected while using it. Finally in 2.7 commit d0b73bca71 ("MEDIUM: listener: switch bind_thread from global to group-local") replaces the all_threads_mask there with the listener's bind_thread, but that one was never adjusted by the starting master, whose thread group was filled to N threads by the automatic detection during early setup. The best approach here is to set nbthread to 1 very early in init() when we're in the master in wait mode, so that we don't try to guess the best value and don't end up with incorrect bindings anymore. This patch does this and also sets nbtgroups to 1 in preparation for a possible future where this will also be automatically calculated. There is no need to backport this patch since no other versions were affected, but if it were to be discovered that the incorrect bind mask on some of the master's FDs could be responsible for any trouble in older versions, then the backport should be safe (provided that nbtgroups is dropped of course).
2022-07-22 11:35:49 -04:00
if (global.mode & MODE_MWORKER_WAIT) {
/* in exec mode, there's always exactly one thread. Failure to
* set these ones now will result in nbthread being detected
* automatically.
*/
global.nbtgroups = 1;
global.nbthread = 1;
}
REORG: init: encapsulate 'reload' sockpair and master CLI listeners creation Let's encapsulate the logic of 'reload' sockpair and master CLI listeners creation, used by master CLI into a separate function, as we needed this only in master-worker runtime mode. This makes the code of init() more readable.
2024-06-26 10:21:50 -04:00
if (global.mode & (MODE_MWORKER|MODE_MWORKER_WAIT))
mworker_create_master_cli();
MEDIUM: mworker: each worker socketpair is a CLI listener The init code of the mworker_proc structs has been moved before the init of the listeners. Each socketpair is now connected to a CLI within the workers, which allows the master to access their CLI. The inherited flag of the worker side socketpair is removed so the socket can be closed in the master.
2018-10-26 08:47:30 -04:00
MINOR: mworker/cli: alert the user if we enabled a master CLI but not the master-worker mode Declaring a master CLI socket without activating the master-worker mode is likely a user error, so we issue a warning. This patch can be backported as far as 1.8.
2021-03-16 10:11:17 -04:00
if (!LIST_ISEMPTY(&mworker_cli_conf) && !(arg_mode & MODE_MWORKER)) {
MEDIUM: mworker: -W is mandatory when using -S Defining a master CLI without the master-worker mode emits a warning since version 1.8. This patch enforce the behavior by forbiding the usage of the -S option without the master-worker mode.
2023-11-09 09:02:13 -05:00
ha_alert("a master CLI socket was defined, but master-worker mode (-W) is not enabled.\n");
exit(EXIT_FAILURE);
MINOR: mworker/cli: alert the user if we enabled a master CLI but not the master-worker mode Declaring a master CLI socket without activating the master-worker mode is likely a user error, so we issue a warning. This patch can be backported as far as 1.8.
2021-03-16 10:11:17 -04:00
}
MINOR: proxy: Be able to reference the defaults section used by a proxy A proxy may now references the defaults section it is used. To do so, a pointer on the default proxy was added in the proxy structure. And a refcount must be used to track proxies using a default proxy. A default proxy is destroyed iff its refcount is equal to zero and when it drops to zero. All this stuff must be performed during init/deinit staged for now. All unreferenced default proxies are removed after the configuration parsing. This patch is mandatory to support TCP/HTTP rules in defaults sections.
2021-10-13 03:50:53 -04:00
/* destroy unreferenced defaults proxies */
proxy_destroy_all_unref_defaults();
MINOR: init: add the pre-check callback This adds a call to function <fct> to the list of functions to be called at the step just before the configuration validity checks. This is useful when you need to create things like it would have been done during the configuration parsing and where the initialization should continue in the configuration check. It could be used for example to generate a proxy with multiple servers using the configuration parser itself. At this step the trash buffers are allocated. Threads are not yet started so no protection is required. The function is expected to return non-zero on success, or zero on failure. A failure will make the process emit a succinct error message and immediately exit.
2022-04-21 12:02:53 -04:00
list_for_each_entry(prcf, &pre_check_list, list)
err_code |= prcf->fct();
MEDIUM: proxy: store the default proxies in a tree by name Now default proxies are stored into a dedicated tree, sorted by name. Only unnamed entries are not kept upon new section creation. The very first call to cfg_parse_listen() will automatically allocate a dummy defaults section which corresponds to the previous static one, since the code requires to have one at a few places. The first immediately visible benefit is that it allows to reuse alloc_new_proxy() to allocate a defaults section instead of doing it by hand. And the secret goal is to allow to keep multiple named defaults section in memory to reuse them from various proxies.
2021-02-12 08:08:31 -05:00
MINOR: init: exit() after pre-check upon error Add a test on the err_code variable so we don't go further if one of the pre-check callback failed.
2022-05-04 08:29:46 -04:00
if (err_code & (ERR_ABORT|ERR_FATAL)) {
ha_alert("Fatal errors found in configuration.\n");
exit(1);
}
MINOR: clock: measure the total boot time Some huge configs take a significant amount of time to start and this can cause some trouble (e.g. health checks getting delayed and grouped, process not responding to the CLI etc). For example, some configs might start fast in certain environments and slowly in other ones just due to the use of a wrong DNS server that delays all libc's resolutions. Let's first start by measuring it by keeping a copy of the most recently known ready date, once before calling check_config_validity() and then refine it when leaving this function. A last call is finally performed just before deciding to split between master and worker processes, and it covers the whole boot. It's trivial to collect and even allows to get rid of a call to clock_update_date() in function check_config_validity() that was used in hope to better schedule future events.
2023-05-17 03:02:21 -04:00
/* update the ready date that will be used to count the startup time
* during config checks (e.g. to schedule certain tasks if needed)
*/
clock_update_date(0, 1);
BUG/MINOR: clock: automatically adjust the internal clock with the boot time This is a better and more general solution to the problem described in this commit: BUG/MINOR: checks: postpone the startup of health checks by the boot time Now we're updating the now_offset that is used to compute now_ms at the few points where we update the ready date during boot. This ensures that now_ms while being stable during all the boot process will be correct and will start with the boot value right after the boot is finished. As such the patch above is rolled back (we don't want to count the boot time twice). This must not be backported because it relies on the more flexible clock architecture in 2.8.
2023-05-16 13:19:36 -04:00
clock_adjust_now_offset();
MINOR: clock: measure the total boot time Some huge configs take a significant amount of time to start and this can cause some trouble (e.g. health checks getting delayed and grouped, process not responding to the CLI etc). For example, some configs might start fast in certain environments and slowly in other ones just due to the use of a wrong DNS server that delays all libc's resolutions. Let's first start by measuring it by keeping a copy of the most recently known ready date, once before calling check_config_validity() and then refine it when leaving this function. A last call is finally performed just before deciding to split between master and worker processes, and it covers the whole boot. It's trivial to collect and even allows to get rid of a call to clock_update_date() in function check_config_validity() that was used in hope to better schedule future events.
2023-05-17 03:02:21 -04:00
ready_date = date;
BUG/MINOR: clock: automatically adjust the internal clock with the boot time This is a better and more general solution to the problem described in this commit: BUG/MINOR: checks: postpone the startup of health checks by the boot time Now we're updating the now_offset that is used to compute now_ms at the few points where we update the ready date during boot. This ensures that now_ms while being stable during all the boot process will be correct and will start with the boot value right after the boot is finished. As such the patch above is rolled back (we don't want to count the boot time twice). This must not be backported because it relies on the more flexible clock architecture in 2.8.
2023-05-16 13:19:36 -04:00
CLEANUP: init: remove useless assignment of nbthread The old test consisting in setting global.nbthread if lower than 1 is useless nowadays since it's already done in check_config_validity().
2022-12-08 02:13:20 -05:00
/* Note: global.nbthread will be initialized as part of this call */
[MINOR] config: improve error reporting when checking configuration Do not exit early at the first error found while checking configuration validity. This particularly helps spotting multiple wrong tracked server names at once.
2009-07-23 07:36:36 -04:00
err_code |= check_config_validity();
MINOR: clock: measure the total boot time Some huge configs take a significant amount of time to start and this can cause some trouble (e.g. health checks getting delayed and grouped, process not responding to the CLI etc). For example, some configs might start fast in certain environments and slowly in other ones just due to the use of a wrong DNS server that delays all libc's resolutions. Let's first start by measuring it by keeping a copy of the most recently known ready date, once before calling check_config_validity() and then refine it when leaving this function. A last call is finally performed just before deciding to split between master and worker processes, and it covers the whole boot. It's trivial to collect and even allows to get rid of a call to clock_update_date() in function check_config_validity() that was used in hope to better schedule future events.
2023-05-17 03:02:21 -04:00
/* update the ready date to also account for the check time */
clock_update_date(0, 1);
BUG/MINOR: clock: automatically adjust the internal clock with the boot time This is a better and more general solution to the problem described in this commit: BUG/MINOR: checks: postpone the startup of health checks by the boot time Now we're updating the now_offset that is used to compute now_ms at the few points where we update the ready date during boot. This ensures that now_ms while being stable during all the boot process will be correct and will start with the boot value right after the boot is finished. As such the patch above is rolled back (we don't want to count the boot time twice). This must not be backported because it relies on the more flexible clock architecture in 2.8.
2023-05-16 13:19:36 -04:00
clock_adjust_now_offset();
MINOR: clock: measure the total boot time Some huge configs take a significant amount of time to start and this can cause some trouble (e.g. health checks getting delayed and grouped, process not responding to the CLI etc). For example, some configs might start fast in certain environments and slowly in other ones just due to the use of a wrong DNS server that delays all libc's resolutions. Let's first start by measuring it by keeping a copy of the most recently known ready date, once before calling check_config_validity() and then refine it when leaving this function. A last call is finally performed just before deciding to split between master and worker processes, and it covers the whole boot. It's trivial to collect and even allows to get rid of a call to clock_update_date() in function check_config_validity() that was used in hope to better schedule future events.
2023-05-17 03:02:21 -04:00
ready_date = date;
MINOR: config: Support per-proxy and per-server post-check functions callbacks Most of times, when a keyword is added in proxy section or on the server line, we need to have a post-parser callback to check the config validity for the proxy or the server which uses this keyword. It is possible to register a global post-parser callback. But all these callbacks need to loop on the proxies and servers to do their job. It is neither handy nor efficient. Instead, it is now possible to register per-proxy and per-server post-check callbacks.
2019-08-12 03:51:07 -04:00
for (px = proxies_list; px; px = px->next) {
struct server *srv;
struct post_proxy_check_fct *ppcf;
struct post_server_check_fct *pscf;
MINOR: proxy: Introduce proxy flags to replace disabled bitfield This change is required to support TCP/HTTP rules in defaults sections. The 'disabled' bitfield in the proxy structure, used to know if a proxy is disabled or stopped, is replaced a generic bitfield named 'flags'. PR_DISABLED and PR_STOPPED flags are renamed to PR_FL_DISABLED and PR_FL_STOPPED respectively. In addition, everywhere there is a test to know if a proxy is disabled or stopped, there is now a bitwise AND operation on PR_FL_DISABLED and/or PR_FL_STOPPED flags.
2021-10-06 08:24:19 -04:00
if (px->flags & (PR_FL_DISABLED|PR_FL_STOPPED))
BUG/MINOR: proxy/server: Skip per-proxy/server post-check for disabled proxies per-proxy and per-server post-check callback functions must be skipped for disabled proxies because most of the configuration validity check is skipped for these proxies. This patch must be backported as far as 2.1.
2020-11-02 10:20:13 -05:00
continue;
MINOR: config: Support per-proxy and per-server post-check functions callbacks Most of times, when a keyword is added in proxy section or on the server line, we need to have a post-parser callback to check the config validity for the proxy or the server which uses this keyword. It is possible to register a global post-parser callback. But all these callbacks need to loop on the proxies and servers to do their job. It is neither handy nor efficient. Instead, it is now possible to register per-proxy and per-server post-check callbacks.
2019-08-12 03:51:07 -04:00
list_for_each_entry(pscf, &post_server_check_list, list) {
for (srv = px->srv; srv; srv = srv->next)
err_code |= pscf->fct(srv);
}
list_for_each_entry(ppcf, &post_proxy_check_list, list)
err_code |= ppcf->fct(px);
MINOR: proxy: add PR_FL_CHECKED flag PR_FL_CHECKED is set on proxy once the proxy configuration was fully checked (including postparsing checks). This information may be useful to functions that need to know if some config-related proxy properties are likely to change or not due to parsing or postparsing/check logics. Also, during runtime, except for some rare cases config-related proxy properties are not supposed to be changed.
2024-03-09 16:18:51 -05:00
px->flags |= PR_FL_CHECKED;
MINOR: config: Support per-proxy and per-server post-check functions callbacks Most of times, when a keyword is added in proxy section or on the server line, we need to have a post-parser callback to check the config validity for the proxy or the server which uses this keyword. It is possible to register a global post-parser callback. But all these callbacks need to loop on the proxies and servers to do their job. It is neither handy nor efficient. Instead, it is now possible to register per-proxy and per-server post-check callbacks.
2019-08-12 03:51:07 -04:00
}
[MINOR] config: improve error reporting when checking configuration Do not exit early at the first error found while checking configuration validity. This particularly helps spotting multiple wrong tracked server names at once.
2009-07-23 07:36:36 -04:00
if (err_code & (ERR_ABORT|ERR_FATAL)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Fatal errors found in configuration.\n");
[MEDIUM] config: split parser and checker in two functions This is a first step towards support of multiple configuration files. Now readcfgfile() only reads a file in memory and performs very minimal parsing. The checks are performed afterwards.
2009-06-22 09:48:36 -04:00
exit(1);
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
OPTIM: startup: fast unique_id allocation for acl. pattern_finalize_config() uses an inefficient algorithm which is a problem with very large configuration files. This affects startup, and therefore reload time. When haproxy is deployed as a router in a Kubernetes cluster the generated configuration file may be large and reloads are frequently occuring, which makes this a significant issue. The old algorithm is O(n^2) * allocate missing uids - O(n^2) * sort linked list - O(n^2) The new algorithm is O(n log n): * find the user allocated uids - O(n) * store them for efficient lookup - O(n log n) * allocate missing uids - n times O(log n) * sort all uids - O(n log n) * convert back to linked list - O(n) Performance examples, startup time in seconds: pat_refs old new 1000 0.02 0.01 10000 2.1 0.04 20000 12.3 0.07 30000 27.9 0.10 40000 52.5 0.14 50000 77.5 0.17 Please backport to 1.8, 2.0 and 2.1.
2020-02-27 10:45:50 -05:00
err_code |= pattern_finalize_config();
if (err_code & (ERR_ABORT|ERR_FATAL)) {
ha_alert("Failed to finalize pattern config.\n");
exit(1);
}
BUG/MEDIUM: pattern: assign pattern IDs after checking the config validity Pavlos Parissis reported an interesting case where some map identifiers were not assigned (appearing as -1 in show map). It turns out that it only happens for log-format expressions parsed in check_config_validity() that involve maps (log-format, use_backend, unique-id-header), as in the sample configuration below : frontend foo bind :8001 unique-id-format %[src,map(addr.lst)] log-format %[src,map(addr.lst)] use_backend %[src,map(addr.lst)] The reason stems from the initial introduction of unique IDs in 1.5 via commit af5a29d5f ("MINOR: pattern: Each pattern is identified by unique id.") : the unique_id assignment was done before calling check_config_validity() so all maps loaded after this call are not properly configured. From what the function does, it seems they will not be able to use a cache, will not have a unique_id assigned and will not be updatable from the CLI. This fix must be backported to all supported versions.
2019-04-11 08:47:08 -04:00
BUG/MEDIUM: init: restore behavior of command-line "-m" for memory limitation The removal for the shared inter-process cache in commit 6fd0450b4 ("CLEANUP: shctx: remove the different inter-process locking techniques") accidentally removed the enforcement of rlimit_memmax_all which corresponds to what is passed to the command-line "-m" argument. Let's restore it. Thanks to @nafets227 for spotting this. This fixes github issue #1319.
2021-07-17 06:31:08 -04:00
if (global.rlimit_memmax_all)
global.rlimit_memmax = global.rlimit_memmax_all;
CLEANUP: build: rename some build macros to use the USE_* ones We still have quite a number of build macros which are mapped 1:1 to a USE_something setting in the makefile but which have a different name. This patch cleans this up by renaming them to use the USE_something one, allowing to clean up the makefile and make it more obvious when reading the code what build option needs to be added. The following renames were done : ENABLE_POLL -> USE_POLL ENABLE_EPOLL -> USE_EPOLL ENABLE_KQUEUE -> USE_KQUEUE ENABLE_EVPORTS -> USE_EVPORTS TPROXY -> USE_TPROXY NETFILTER -> USE_NETFILTER NEED_CRYPT_H -> USE_CRYPT_H CONFIG_HAP_CRYPT -> USE_LIBCRYPT CONFIG_HAP_NS -> DUSE_NS CONFIG_HAP_LINUX_SPLICE -> USE_LINUX_SPLICE CONFIG_HAP_LINUX_TPROXY -> USE_LINUX_TPROXY CONFIG_HAP_LINUX_VSYSCALL -> USE_LINUX_VSYSCALL
2019-05-22 13:24:06 -04:00
#ifdef USE_NS
MAJOR: namespace: add Linux network namespace support This patch makes it possible to create binds and servers in separate namespaces. This can be used to proxy between multiple completely independent virtual networks (with possibly overlapping IP addresses) and a non-namespace-aware proxy implementation that supports the proxy protocol (v2). The setup is something like this: net1 on VLAN 1 (namespace 1) -\ net2 on VLAN 2 (namespace 2) -- haproxy ==== proxy (namespace 0) net3 on VLAN 3 (namespace 3) -/ The proxy is configured to make server connections through haproxy and sending the expected source/target addresses to haproxy using the proxy protocol. The network namespace setup on the haproxy node is something like this: = 8< = $ cat setup.sh ip netns add 1 ip link add link eth1 type vlan id 1 ip link set eth1.1 netns 1 ip netns exec 1 ip addr add 192.168.91.2/24 dev eth1.1 ip netns exec 1 ip link set eth1.$id up ... = 8< = = 8< = $ cat haproxy.cfg frontend clients bind 127.0.0.1:50022 namespace 1 transparent default_backend scb backend server mode tcp server server1 192.168.122.4:2222 namespace 2 send-proxy-v2 = 8< = A bind line creates the listener in the specified namespace, and connections originating from that listener also have their network namespace set to that of the listener. A server line either forces the connection to be made in a specified namespace or may use the namespace from the client-side connection if that was set. For more documentation please read the documentation included in the patch itself. Signed-off-by: KOVACS Tamas <ktamas@balabit.com> Signed-off-by: Sarkozi Laszlo <laszlo.sarkozi@balabit.com> Signed-off-by: KOVACS Krisztian <hidden@balabit.com>
2014-11-17 09:11:45 -05:00
err_code |= netns_init();
if (err_code & (ERR_ABORT|ERR_FATAL)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Failed to initialize namespace support.\n");
MAJOR: namespace: add Linux network namespace support This patch makes it possible to create binds and servers in separate namespaces. This can be used to proxy between multiple completely independent virtual networks (with possibly overlapping IP addresses) and a non-namespace-aware proxy implementation that supports the proxy protocol (v2). The setup is something like this: net1 on VLAN 1 (namespace 1) -\ net2 on VLAN 2 (namespace 2) -- haproxy ==== proxy (namespace 0) net3 on VLAN 3 (namespace 3) -/ The proxy is configured to make server connections through haproxy and sending the expected source/target addresses to haproxy using the proxy protocol. The network namespace setup on the haproxy node is something like this: = 8< = $ cat setup.sh ip netns add 1 ip link add link eth1 type vlan id 1 ip link set eth1.1 netns 1 ip netns exec 1 ip addr add 192.168.91.2/24 dev eth1.1 ip netns exec 1 ip link set eth1.$id up ... = 8< = = 8< = $ cat haproxy.cfg frontend clients bind 127.0.0.1:50022 namespace 1 transparent default_backend scb backend server mode tcp server server1 192.168.122.4:2222 namespace 2 send-proxy-v2 = 8< = A bind line creates the listener in the specified namespace, and connections originating from that listener also have their network namespace set to that of the listener. A server line either forces the connection to be made in a specified namespace or may use the namespace from the client-side connection if that was set. For more documentation please read the documentation included in the patch itself. Signed-off-by: KOVACS Tamas <ktamas@balabit.com> Signed-off-by: Sarkozi Laszlo <laszlo.sarkozi@balabit.com> Signed-off-by: KOVACS Krisztian <hidden@balabit.com>
2014-11-17 09:11:45 -05:00
exit(1);
}
#endif
MEDIUM: threads: detect incomplete CPU bindings It's very easy to mess up with some cpu-map directives and to leave some thread unbound. Let's add a test that checks that either all threads are bound or none are bound, but that we do not face the intermediary situation where some are pinned and others are left wandering around, possibly on the same CPUs as bound ones. Note that this should not be backported, or maybe turned into a notice only, as it appears that it will easily catch invalid configs and that may break updates for some users.
2023-09-04 10:53:20 -04:00
thread_detect_binding_discrepancies();
MEDIUM: threads: detect excessive thread counts vs cpu-map This detects when there are more threads bound via cpu-map than CPUs enabled in cpu-map, or when there are more total threads than the total number of CPUs available at boot (for unbound threads) and configured for bound threads. In this case, a warning is emitted to explain the problems it will cause, and explaining how to address the situation. Note that some configurations will not be detected as faulty because the algorithmic complexity to resolve all arrangements grows in O(N!). This means that having 3 threads on 2 CPUs and one thread on 2 CPUs will not be detected as it's 4 threads for 4 CPUs. But at least configs such as T0:(1,4) T1:(1,4) T2:(2,4) T3:(3,4) will not trigger a warning since they're valid.
2023-09-04 11:36:20 -04:00
thread_detect_more_than_cpus();
MEDIUM: threads: detect incomplete CPU bindings It's very easy to mess up with some cpu-map directives and to leave some thread unbound. Let's add a test that checks that either all threads are bound or none are bound, but that we do not face the intermediary situation where some are pinned and others are left wandering around, possibly on the same CPUs as bound ones. Note that this should not be backported, or maybe turned into a notice only, as it appears that it will easily catch invalid configs and that may break updates for some users.
2023-09-04 10:53:20 -04:00
MINOR: init: move apply_server_state in haproxy.c before MODE_CHECK Currently, the function which applies server states provided by the "old" process is applied after configuration sanity check. This results in the impossibility to check the validity of the state file during a regular config check, implying a full start is required, which can be a problem sometimes. This patch moves the loading of server_state file before MODE_CHECK.
2016-11-02 10:33:15 -04:00
/* Apply server states */
apply_server_state();
MINOR: stats: apply stats-file on process startup This commit is the first one of a serie to implement preloading of haproxy counters via stats-file parsing. This patch defines a basic apply_stats_file() function. It implements reading line by line of a stats-file without any parsing for the moment. It is called automatically on process startup via init().
2024-04-24 05:09:06 -04:00
/* Preload internal counters. */
apply_stats_file();
MINOR/CLEANUP: proxy: rename "proxy" to "proxies_list" Rename the global variable "proxy" to "proxies_list". There's been multiple proxies in haproxy for quite some time, and "proxy" is a potential source of bugs, a number of functions have a "proxy" argument, and some code used "proxy" when it really meant "px" or "curproxy". It worked by pure luck, because it usually happened while parsing the config, and thus "proxy" pointed to the currently parsed proxy, but we should probably not rely on this. [wt: some of these are definitely fixes that are worth backporting]
2017-11-24 10:54:05 -05:00
for (px = proxies_list; px; px = px->next)
MINOR: init: move apply_server_state in haproxy.c before MODE_CHECK Currently, the function which applies server states provided by the "old" process is applied after configuration sanity check. This results in the impossibility to check the validity of the state file during a regular config check, implying a full start is required, which can be a problem sometimes. This patch moves the loading of server_state file before MODE_CHECK.
2016-11-02 10:33:15 -04:00
srv_compute_all_admin_states(px);
MAJOR: server: postpone address resolution Server addresses are not resolved anymore upon the first pass so that we don't fail if an address cannot be resolved by the libc. Instead they are processed all at once after the configuration is fully loaded, by the new function srv_init_addr(). This function only acts on the server's address if this address uses an FQDN, which appears in server->hostname. For now the function does two things, to followup with HAProxy's historical default behavior: 1. apply server IP address found in server-state file if runtime DNS resolution is enabled for this server 2. use the DNS resolver provided by the libc If none of the 2 options above can find an IP address, then an error is returned. All of this will be needed to support the new server parameter "init-addr". For now, the biggest user-visible change is that all server resolution errors are dumped at once instead of causing a startup failure one by one.
2016-11-02 10:34:05 -04:00
/* Apply servers' configured address */
err_code |= srv_init_addr();
if (err_code & (ERR_ABORT|ERR_FATAL)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Failed to initialize server(s) addr.\n");
MAJOR: server: postpone address resolution Server addresses are not resolved anymore upon the first pass so that we don't fail if an address cannot be resolved by the libc. Instead they are processed all at once after the configuration is fully loaded, by the new function srv_init_addr(). This function only acts on the server's address if this address uses an FQDN, which appears in server->hostname. For now the function does two things, to followup with HAProxy's historical default behavior: 1. apply server IP address found in server-state file if runtime DNS resolution is enabled for this server 2. use the DNS resolver provided by the libc If none of the 2 options above can find an IP address, then an error is returned. All of this will be needed to support the new server parameter "init-addr". For now, the biggest user-visible change is that all server resolution errors are dumped at once instead of causing a startup failure one by one.
2016-11-02 10:34:05 -04:00
exit(1);
}
MINOR: init: add -dW and "zero-warning" to reject configs with warnings Since some systems switched to service managers which hide all warnings by default, some users are not aware of some possibly important warnings and get caught too late with errors that could have been detected earlier. This patch adds a new global keyword, "zero-warning" and an equivalent command-line option "-dW" to refuse to start in case any warning is detected. It is recommended to use these with configurations that are managed by humans in order to catch mistakes very early.
2020-04-15 10:42:39 -04:00
if (warned & WARN_ANY && global.mode & MODE_ZERO_WARNING) {
ha_alert("Some warnings were found and 'zero-warning' is set. Aborting.\n");
exit(1);
}
MINOR: debug: add support for -dL to dump library names at boot This is a second help to dump loaded library names late at boot, once external code has already been initialized. The purpose is to provide a format that makes it easy to pass to "tar" to produce an archive containing the executable and the list of dependencies. For example if haproxy is started as "haproxy -f foo.cfg", a config check only will suffice to quit before starting, "-q" will be used to disable undesired output messages, and -dL will be use to dump libraries. This will result in such a command to trivially produce a tarball of loaded libraries: ./haproxy -q -c -dL -f foo.cfg | tar -T - -hzcf archive.tgz
2021-12-28 09:43:11 -05:00
#if defined(HA_HAVE_DUMP_LIBS)
if (global.mode & MODE_DUMP_LIBS) {
qfprintf(stdout, "List of loaded object files:\n");
chunk_reset(&trash);
MINOR: debug: support dumping the libs addresses when running in verbose mode Starting haproxy with -dL helps enumerate the list of libraries in use. But sometimes in order to go further we'd like to see their address ranges. This is already supported on the CLI's "show libs" but not on the command line where it can sometimes help troubleshoot startup issues. Let's dump them when in verbose mode. This way it doesn't change the existing behavior for those trying to enumerate libs to produce an archive.
2023-03-22 06:37:54 -04:00
if (dump_libs(&trash, ((arg_mode & (MODE_QUIET|MODE_VERBOSE)) == MODE_VERBOSE)))
MINOR: debug: add support for -dL to dump library names at boot This is a second help to dump loaded library names late at boot, once external code has already been initialized. The purpose is to provide a format that makes it easy to pass to "tar" to produce an archive containing the executable and the list of dependencies. For example if haproxy is started as "haproxy -f foo.cfg", a config check only will suffice to quit before starting, "-q" will be used to disable undesired output messages, and -dL will be use to dump libraries. This will result in such a command to trivially produce a tarball of loaded libraries: ./haproxy -q -c -dL -f foo.cfg | tar -T - -hzcf archive.tgz
2021-12-28 09:43:11 -05:00
printf("%s", trash.area);
}
#endif
MINOR: management: add some basic keyword dump infrastructure It's difficult from outside haproxy to detect the supported keywords and syntax. Interestingly, many of our modern keywords are enumerated since they're registered from constructors, so it's not very hard to enumerate most of them. This patch creates some basic infrastructure to support dumping existing keywords from different classes on stdout. The format will differ depending on the classes, but the idea is that the output could easily be passed to a script that generates some simple syntax highlighting rules, completion rules for editors, syntax checkers or config parsers. The principle chosen here is that if "-dK" is passed on the command-line, at the end of the parsing the registered keywords will be dumped for the requested classes passed after "-dK". Special name "help" will show known classes, while "all" will execute all of them. The reason for doing that after the end of the config processor is that it will also enumerate internally-generated keywords, Lua or even those loaded from external code (e.g. if an add-on is loaded using LD_PRELOAD). A typical way to call this with a valid config would be: ./haproxy -dKall -q -c -f /path/to/config If there's no config available, feeding /dev/null will also do the job, though it will not be able to detect dynamically created keywords, of course. This patch also updates the management doc. For now nothing but the help is listed, various subsystems will follow in subsequent patches.
2022-03-08 10:01:40 -05:00
if (global.mode & MODE_DUMP_KWD)
dump_registered_keywords();
BUG/MINOR: diag: run the final diags before quitting when using -c Final diags were added in 2.4 by commit 5a6926dcf ("MINOR: diag: create cfgdiag module"), but it's called too late in the startup process, because when "-c" is passed, the call is not made, while it's its primary use case. Let's just move the call earlier. Note that currently the check in this function is limited to verifying unicity of server cookies in a backend, so it can be backported as far as 2.4, but there is little value in insisting if it doesn't backport easily.
2024-02-03 06:05:08 -05:00
if (global.mode & MODE_DIAG) {
cfg_run_diagnostics();
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (global.mode & MODE_CHECK) {
MEDIUM: improve config check return codes When checking a configuration file using "-c -f xxx", sometimes it is reported that a config is valid while it will later fail (eg: no enabled listener). Instead, let's improve the return values : - return 0 if config is 100% OK - return 1 if config has errors - return 2 if config is OK but no listener nor peer is enabled
2012-02-02 11:48:18 -05:00
struct peers *pr;
struct proxy *px;
MINOR: init: report in "haproxy -c" whether there were warnings or not This helps quickly checking if the config produces any warning. For this we reuse the "warned" bit field to add a new WARN_ANY bit that is set by ha_warning(). The rest of the bit field was also cleaned from unused bits.
2020-04-15 10:06:11 -04:00
if (warned & WARN_ANY)
qfprintf(stdout, "Warnings were found.\n");
BUG/MINOR: peers: peer synchronization issue (with several peers sections). When several stick-tables were configured with several peers sections, only a part of them could be synchronized: the ones attached to the last parsed 'peers' section. This was due to the fact that, at least, the peer I/O handler refered to the wrong peer section list, in fact always the same: the last one parsed. The fact that the global peer section list was named "struct peers *peers" lead to this issue. This variable name is dangerous ;). So this patch renames global 'peers' variable to 'cfg_peers' to ensure that no such wrong references are still in use, then all the functions wich used old 'peers' variable have been modified to refer to the correct peer list. Must be backported to 1.6 and 1.7.
2017-07-13 03:07:09 -04:00
for (pr = cfg_peers; pr; pr = pr->next)
MEDIUM: improve config check return codes When checking a configuration file using "-c -f xxx", sometimes it is reported that a config is valid while it will later fail (eg: no enabled listener). Instead, let's improve the return values : - return 0 if config is 100% OK - return 1 if config has errors - return 2 if config is OK but no listener nor peer is enabled
2012-02-02 11:48:18 -05:00
if (pr->peers_fe)
break;
MINOR/CLEANUP: proxy: rename "proxy" to "proxies_list" Rename the global variable "proxy" to "proxies_list". There's been multiple proxies in haproxy for quite some time, and "proxy" is a potential source of bugs, a number of functions have a "proxy" argument, and some code used "proxy" when it really meant "px" or "curproxy". It worked by pure luck, because it usually happened while parsing the config, and thus "proxy" pointed to the currently parsed proxy, but we should probably not rely on this. [wt: some of these are definitely fixes that are worth backporting]
2017-11-24 10:54:05 -05:00
for (px = proxies_list; px; px = px->next)
MINOR: proxy: Introduce proxy flags to replace disabled bitfield This change is required to support TCP/HTTP rules in defaults sections. The 'disabled' bitfield in the proxy structure, used to know if a proxy is disabled or stopped, is replaced a generic bitfield named 'flags'. PR_DISABLED and PR_STOPPED flags are renamed to PR_FL_DISABLED and PR_FL_STOPPED respectively. In addition, everywhere there is a test to know if a proxy is disabled or stopped, there is now a bitwise AND operation on PR_FL_DISABLED and/or PR_FL_STOPPED flags.
2021-10-06 08:24:19 -04:00
if (!(px->flags & (PR_FL_DISABLED|PR_FL_STOPPED)) && px->li_all)
MEDIUM: improve config check return codes When checking a configuration file using "-c -f xxx", sometimes it is reported that a config is valid while it will later fail (eg: no enabled listener). Instead, let's improve the return values : - return 0 if config is 100% OK - return 1 if config has errors - return 2 if config is OK but no listener nor peer is enabled
2012-02-02 11:48:18 -05:00
break;
BUG/MEDIUM: cfgcheck: verify existing log-forward listeners during config check User reported that the config check returns an error with the message: "Configuration file has no error but will not start (no listener) => exit(2)." if the configuration present only a log-forward section with bind or dgram-bind listeners but no listen/backend nor peer sections. The process checked if there was 'peers' section avalaible with an internal frontend (and so a listener) or a 'listen/backend' section not disabled with at least one configured listener (into the global proxies_list). Since the log-forward proxies appear in a different list, they were not checked. This patch adds a lookup on the 'log-forward' proxies list to check if one of them presents a listener and is not disabled. And this is done only if there was no available listener found into 'listen/backend' sections. I have also studied how to re-work this check considering the 'listeners' counter used after startup/init to keep the same algo and avoid further mistakes but currently this counter seems increased during config parsing and if a proxy is disabled, decreased during startup/init which is done after the current config check. So the fix still not rely on this counter. This patch should fix the github issue #1346 This patch should be backported as far as 2.3 (so on branches including the "log-forward" feature)
2021-08-13 03:32:50 -04:00
if (!px) {
/* We may only have log-forward section */
for (px = cfg_log_forward; px; px = px->next)
MINOR: proxy: Introduce proxy flags to replace disabled bitfield This change is required to support TCP/HTTP rules in defaults sections. The 'disabled' bitfield in the proxy structure, used to know if a proxy is disabled or stopped, is replaced a generic bitfield named 'flags'. PR_DISABLED and PR_STOPPED flags are renamed to PR_FL_DISABLED and PR_FL_STOPPED respectively. In addition, everywhere there is a test to know if a proxy is disabled or stopped, there is now a bitwise AND operation on PR_FL_DISABLED and/or PR_FL_STOPPED flags.
2021-10-06 08:24:19 -04:00
if (!(px->flags & (PR_FL_DISABLED|PR_FL_STOPPED)) && px->li_all)
BUG/MEDIUM: cfgcheck: verify existing log-forward listeners during config check User reported that the config check returns an error with the message: "Configuration file has no error but will not start (no listener) => exit(2)." if the configuration present only a log-forward section with bind or dgram-bind listeners but no listen/backend nor peer sections. The process checked if there was 'peers' section avalaible with an internal frontend (and so a listener) or a 'listen/backend' section not disabled with at least one configured listener (into the global proxies_list). Since the log-forward proxies appear in a different list, they were not checked. This patch adds a lookup on the 'log-forward' proxies list to check if one of them presents a listener and is not disabled. And this is done only if there was no available listener found into 'listen/backend' sections. I have also studied how to re-work this check considering the 'listeners' counter used after startup/init to keep the same algo and avoid further mistakes but currently this counter seems increased during config parsing and if a proxy is disabled, decreased during startup/init which is done after the current config check. So the fix still not rely on this counter. This patch should fix the github issue #1346 This patch should be backported as far as 2.3 (so on branches including the "log-forward" feature)
2021-08-13 03:32:50 -04:00
break;
}
MEDIUM: improve config check return codes When checking a configuration file using "-c -f xxx", sometimes it is reported that a config is valid while it will later fail (eg: no enabled listener). Instead, let's improve the return values : - return 0 if config is 100% OK - return 1 if config has errors - return 2 if config is OK but no listener nor peer is enabled
2012-02-02 11:48:18 -05:00
if (pr || px) {
/* At least one peer or one listener has been found */
MEDIUM: startup: 'haproxy -c' is quiet when valid MODE_CHECK does not output "Configuration file is valid" by default anymore. To display this message the -V option must be used with -c. However the warning and errors are still output by default if they exist. This allows to clean the output of the systemd unit file with is doing a -c.
2023-11-09 08:48:50 -05:00
if (global.mode & MODE_VERBOSE)
qfprintf(stdout, "Configuration file is valid\n");
MINOR: haproxy: Make use of deinit_and_exit() for clean exits Particularly cleanly deinit() after a configuration check to clean up the output of valgrind which reports "possible losses" without a deinit() and does not with a deinit(), converting actual losses into proper hard losses which makes the whole stuff easier to analyze. As an example, given an example configuration of the following: frontend foo bind *:8080 mode http Running `haproxy -c -f cfg` within valgrind will report 4 possible losses: $ valgrind --leak-check=full ./haproxy -c -f ./example.cfg ==21219== Memcheck, a memory error detector ==21219== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. ==21219== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info ==21219== Command: ./haproxy -c -f ./example.cfg ==21219== [WARNING] 165/001100 (21219) : config : missing timeouts for frontend 'foo'. | While not properly invalid, you will certainly encounter various problems | with such a configuration. To fix this, please ensure that all following | timeouts are set to a non-zero value: 'client', 'connect', 'server'. Warnings were found. Configuration file is valid ==21219== ==21219== HEAP SUMMARY: ==21219== in use at exit: 1,436,631 bytes in 130 blocks ==21219== total heap usage: 153 allocs, 23 frees, 1,447,758 bytes allocated ==21219== ==21219== 7 bytes in 1 blocks are possibly lost in loss record 5 of 54 ==21219== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==21219== by 0x5726489: strdup (strdup.c:42) ==21219== by 0x468FD9: bind_conf_alloc (listener.h:158) ==21219== by 0x468FD9: cfg_parse_listen (cfgparse-listen.c:557) ==21219== by 0x459DF3: readcfgfile (cfgparse.c:2167) ==21219== by 0x5056CD: init (haproxy.c:2021) ==21219== by 0x418232: main (haproxy.c:3121) ==21219== ==21219== 14 bytes in 1 blocks are possibly lost in loss record 9 of 54 ==21219== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==21219== by 0x5726489: strdup (strdup.c:42) ==21219== by 0x468F9B: bind_conf_alloc (listener.h:154) ==21219== by 0x468F9B: cfg_parse_listen (cfgparse-listen.c:557) ==21219== by 0x459DF3: readcfgfile (cfgparse.c:2167) ==21219== by 0x5056CD: init (haproxy.c:2021) ==21219== by 0x418232: main (haproxy.c:3121) ==21219== ==21219== 128 bytes in 1 blocks are possibly lost in loss record 35 of 54 ==21219== at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==21219== by 0x468F90: bind_conf_alloc (listener.h:152) ==21219== by 0x468F90: cfg_parse_listen (cfgparse-listen.c:557) ==21219== by 0x459DF3: readcfgfile (cfgparse.c:2167) ==21219== by 0x5056CD: init (haproxy.c:2021) ==21219== by 0x418232: main (haproxy.c:3121) ==21219== ==21219== 608 bytes in 1 blocks are possibly lost in loss record 46 of 54 ==21219== at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==21219== by 0x4B953A: create_listeners (listener.c:576) ==21219== by 0x4578F6: str2listener (cfgparse.c:192) ==21219== by 0x469039: cfg_parse_listen (cfgparse-listen.c:568) ==21219== by 0x459DF3: readcfgfile (cfgparse.c:2167) ==21219== by 0x5056CD: init (haproxy.c:2021) ==21219== by 0x418232: main (haproxy.c:3121) ==21219== ==21219== LEAK SUMMARY: ==21219== definitely lost: 0 bytes in 0 blocks ==21219== indirectly lost: 0 bytes in 0 blocks ==21219== possibly lost: 757 bytes in 4 blocks ==21219== still reachable: 1,435,874 bytes in 126 blocks ==21219== suppressed: 0 bytes in 0 blocks ==21219== Reachable blocks (those to which a pointer was found) are not shown. ==21219== To see them, rerun with: --leak-check=full --show-leak-kinds=all ==21219== ==21219== For counts of detected and suppressed errors, rerun with: -v ==21219== ERROR SUMMARY: 4 errors from 4 contexts (suppressed: 0 from 0) Re-running the same command with the patch applied will not report any losses any more: $ valgrind --leak-check=full ./haproxy -c -f ./example.cfg ==22124== Memcheck, a memory error detector ==22124== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. ==22124== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info ==22124== Command: ./haproxy -c -f ./example.cfg ==22124== [WARNING] 165/001503 (22124) : config : missing timeouts for frontend 'foo'. | While not properly invalid, you will certainly encounter various problems | with such a configuration. To fix this, please ensure that all following | timeouts are set to a non-zero value: 'client', 'connect', 'server'. Warnings were found. Configuration file is valid ==22124== ==22124== HEAP SUMMARY: ==22124== in use at exit: 313,864 bytes in 82 blocks ==22124== total heap usage: 153 allocs, 71 frees, 1,447,758 bytes allocated ==22124== ==22124== LEAK SUMMARY: ==22124== definitely lost: 0 bytes in 0 blocks ==22124== indirectly lost: 0 bytes in 0 blocks ==22124== possibly lost: 0 bytes in 0 blocks ==22124== still reachable: 313,864 bytes in 82 blocks ==22124== suppressed: 0 bytes in 0 blocks ==22124== Reachable blocks (those to which a pointer was found) are not shown. ==22124== To see them, rerun with: --leak-check=full --show-leak-kinds=all ==22124== ==22124== For counts of detected and suppressed errors, rerun with: -v ==22124== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0) It might be worth investigating what exactly HAProxy does to lose pointers to the start of those 4 memory areas and then to be able to still free them during deinit(). If HAProxy is able to free them, they ideally should be "still reachable" and not "possibly lost".
2020-06-13 18:37:42 -04:00
deinit_and_exit(0);
MEDIUM: improve config check return codes When checking a configuration file using "-c -f xxx", sometimes it is reported that a config is valid while it will later fail (eg: no enabled listener). Instead, let's improve the return values : - return 0 if config is 100% OK - return 1 if config has errors - return 2 if config is OK but no listener nor peer is enabled
2012-02-02 11:48:18 -05:00
}
qfprintf(stdout, "Configuration file has no error but will not start (no listener) => exit(2).\n");
exit(2);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MINOR: config: add command-line -dC to dump the configuration file This commit adds a new command line option -dC to dump the configuration file. An optional key may be appended to -dC in order to produce an anonymized dump using this key. The anonymizing process uses the same algorithm as the CLI so that the same key will produce the same hashes for the same identifiers. This way an admin may share an anonymized extract of a configuration to match against live dumps. Note that key 0 will not anonymize the output. However, in any case, the configuration is dumped after tokenizing, thus comments are lost.
2022-09-14 11:51:55 -04:00
if (global.mode & MODE_DUMP_CFG)
deinit_and_exit(0);
MEDIUM: ssl: Delay random generator initialization after config parsing The random generator initialization needs to be performed before the chroot but it is not needed before. If we want to add provider configuration option to the configuration file, they need to be processed before any call to a crypto-related OpenSSL function. We can then delay the initialization until after the configuration file is parsed and processed.
2022-05-16 10:24:31 -04:00
#ifdef USE_OPENSSL
MINOR: init: load OpenSSL error strings Load OpenSSL Error strings in order to be able to output reason strings. This is mandatory to be able to use ERR_reason_error_string().
2022-07-19 12:13:29 -04:00
MEDIUM: ssl: Delay random generator initialization after config parsing The random generator initialization needs to be performed before the chroot but it is not needed before. If we want to add provider configuration option to the configuration file, they need to be processed before any call to a crypto-related OpenSSL function. We can then delay the initialization until after the configuration file is parsed and processed.
2022-05-16 10:24:31 -04:00
/* Initialize SSL random generator. Must be called before chroot for
* access to /dev/urandom, and before ha_random_boot() which may use
* RAND_bytes().
*/
if (!ssl_initialize_random()) {
ha_alert("OpenSSL random data generator initialization failed.\n");
exit(EXIT_FAILURE);
}
#endif
ha_random_boot(argv); // the argv pointer brings some kernel-fed entropy
CLEANUP: channel: use "channel" instead of "buffer" in function names This is a massive rename of most functions which should make use of the word "channel" instead of the word "buffer" in their names. In concerns the following ones (new names) : unsigned long long channel_forward(struct channel *buf, unsigned long long bytes); static inline void channel_init(struct channel *buf) static inline int channel_input_closed(struct channel *buf) static inline int channel_output_closed(struct channel *buf) static inline void channel_check_timeouts(struct channel *b) static inline void channel_erase(struct channel *buf) static inline void channel_shutr_now(struct channel *buf) static inline void channel_shutw_now(struct channel *buf) static inline void channel_abort(struct channel *buf) static inline void channel_stop_hijacker(struct channel *buf) static inline void channel_auto_connect(struct channel *buf) static inline void channel_dont_connect(struct channel *buf) static inline void channel_auto_close(struct channel *buf) static inline void channel_dont_close(struct channel *buf) static inline void channel_auto_read(struct channel *buf) static inline void channel_dont_read(struct channel *buf) unsigned long long channel_forward(struct channel *buf, unsigned long long bytes) Some functions provided by channel.[ch] have kept their "buffer" name because they are really designed to act on the buffer according to some information gathered from the channel. They have been moved together to the same place in the file for better readability but they were not changed at all. The "buffer" memory pool was also renamed "channel".
2012-08-27 18:06:31 -04:00
/* now we know the buffer size, we can initialize the channels and buffers */
MAJOR: channel: replace the struct buffer with a pointer to a buffer With this commit, we now separate the channel from the buffer. This will allow us to replace buffers on the fly without touching the channel. Since nobody is supposed to keep a reference to a buffer anymore, doing so is not a problem and will also permit some copy-less data manipulation. Interestingly, these changes have shown a 2% performance increase on some workloads, probably due to a better cache placement of data.
2012-10-12 17:49:43 -04:00
init_buffer();
[BUG] variable buffer size ignored at initialization time Commit 27a674efb84bde8c045b87c9634f123e2f8925dc introduced the ability to configure buffer sizes. Unfortunately, the pool was created before the conf was read, so that is was always set to the default size. In order to fix that, we delay the call to init_buffer(), which is not a problem since nothing uses it during the initialization.
2009-09-23 17:37:52 -04:00
MINOR: haproxy: add a registration for post-check functions There's a significant amount of late initialization calls which are performed after the point where we exit in check mode. These calls are used to allocate resource and perform certain slow operations. Let's have a way to register some functions which need to be called there instead of having this multitude of #ifdef in the init path.
2016-12-21 13:57:00 -05:00
list_for_each_entry(pcf, &post_check_list, list) {
err_code |= pcf->fct();
if (err_code & (ERR_ABORT|ERR_FATAL))
exit(1);
}
BUG/MEDIUM: mworker: use default maxconn in wait mode In bug #1751, it was reported that haproxy is consumming too much memory since the 2.4 version. This is because of a change in the master, which loses completely its configuration in wait mode, and lose its maxconn. Without the maxconn, haproxy will try to compute one itself, and will allocate RAM consequently, too much in our case. Which means the master will have a too high maxconn and too much RAM allocated. The patch fixes the issue by setting the maxconn to the default value when re-executing the master in wait mode. Must be backported as far as 2.5.
2022-06-21 05:11:50 -04:00
/* set the default maxconn in the master, but let it be rewritable with -n */
if (global.mode & MODE_MWORKER_WAIT)
BUG/MINOR: mworker: use MASTER_MAXCONN as default maxconn value In environments where SYSTEM_MAXCONN is defined when compiling, the master will use this value instead of the original minimal value which was set to 100. When this happens, the master process could allocate RAM excessively since it does not need to have an high maxconn. (For example if SYSTEM_MAXCONN was set to 100000 or more) This patch fixes the issue by using the new define MASTER_MAXCONN which define a default maxconn of 100 for the master process. Must be backported as far as 2.5.
2023-03-09 08:28:44 -05:00
global.maxconn = MASTER_MAXCONN;
BUG/MEDIUM: mworker: use default maxconn in wait mode In bug #1751, it was reported that haproxy is consumming too much memory since the 2.4 version. This is because of a change in the master, which loses completely its configuration in wait mode, and lose its maxconn. Without the maxconn, haproxy will try to compute one itself, and will allocate RAM consequently, too much in our case. Which means the master will have a too high maxconn and too much RAM allocated. The patch fixes the issue by setting the maxconn to the default value when re-executing the master in wait mode. Must be backported as far as 2.5.
2022-06-21 05:11:50 -04:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (cfg_maxconn > 0)
global.maxconn = cfg_maxconn;
CLEANUP: cli: rename the last few "stats_" to "cli_" There were still a very small list of functions, variables and fields called "stats_" while they were really purely CLI-centric. There's the frontend called "stats_fe" in the global section, which instantiates a "cli_applet" called "<CLI>" so it was renamed "cli_fe". The "alloc_stats_fe" function cas renamed to "cli_alloc_fe" which also better matches the naming convention of all cli-specific functions. Finally the "stats_permission_denied_msg" used to return an error on the CLI was renamed "cli_permission_denied_msg". Now there's no more "stats_something" that designates the CLI.
2021-03-13 05:00:33 -05:00
if (global.cli_fe)
global.maxsock += global.cli_fe->maxconn;
MINOR: init: move some maxsock updates earlier We'll need to know the global maxsock before the maxconn calculation. Actually only two components were calculated too late, the peers FD and the stats FD. Let's move them a few lines upward.
2019-03-01 03:39:42 -05:00
if (cfg_peers) {
/* peers also need to bypass global maxconn */
struct peers *p = cfg_peers;
for (p = cfg_peers; p; p = p->next)
if (p->peers_fe)
global.maxsock += p->peers_fe->maxconn;
}
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
/* Now we want to compute the maxconn and possibly maxsslconn values.
MEDIUM: init: make the global maxconn default to what rlim_fd_cur permits The global maxconn value is often a pain to configure : - in development the user never has the permissions to increase the rlim_cur value too high and gets warnings all the time ; - in some production environments, users may have limited actions on it or may only be able to act on rlim_fd_cur using ulimit -n. This is sometimes particularly true in containers or whatever environment where the user has no privilege to upgrade the limits. - keeping config homogenous between machines is even less easy. We already had the ability to automatically compute maxconn from the memory limits when they were set. This patch goes a bit further by also computing the limit permitted by the configured limit on the number of FDs. For this it simply reverses the rlim_fd_cur calculation to determine maxconn based on the number of reserved sockets for listeners & checks, the number of SSL engines and the number of pipes (absolute or relative). This way it becomes possible to make maxconn always be the highest possible value resulting in maxsock matching what was set using "ulimit -n", without ever setting it. Note that we adjust to the soft limit, not the hard one, since it's what is configured with ulimit -n. This allows users to also limit to low values if needed. Just like before, the calculated value is reported in verbose mode.
2019-03-01 09:43:14 -05:00
* It's a bit tricky. Maxconn defaults to the pre-computed value based
* on rlim_fd_cur and the number of FDs in use due to the configuration,
* and maxsslconn defaults to DEFAULT_MAXSSLCONN. On top of that we can
* enforce a lower limit based on memmax.
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
*
* If memmax is set, then it depends on which values are set. If
* maxsslconn is set, we use memmax to determine how many cleartext
* connections may be added, and set maxconn to the sum of the two.
* If maxconn is set and not maxsslconn, maxsslconn is computed from
* the remaining amount of memory between memmax and the cleartext
* connections. If neither are set, then it is considered that all
* connections are SSL-capable, and maxconn is computed based on this,
* then maxsslconn accordingly. We need to know if SSL is used on the
* frontends, backends, or both, because when it's used on both sides,
* we need twice the value for maxsslconn, but we only count the
* handshake once since it is not performed on the two sides at the
* same time (frontend-side is terminated before backend-side begins).
* The SSL stack is supposed to have filled ssl_session_cost and
MEDIUM: init: continue to enforce SYSTEM_MAXCONN with auto settings if set Commit d025648 ("MAJOR: init: automatically set maxconn and/or maxsslconn when possible") resulted in a case where if enough memory is available, a maxconn value larger than SYSTEM_MAXCONN could be computed, resulting in possibly overflowing other systems resources (eg: kernel socket buffers, conntrack entries, etc). Let's bound any automatic maxconn to SYSTEM_MAXCONN if it is defined. Note that the value is set to DEFAULT_MAXCONN since SYSTEM_MAXCONN forces DEFAULT_MAXCONN, thus it is not an error.
2015-01-28 13:03:21 -05:00
* ssl_handshake_cost during its initialization. In any case, if
* SYSTEM_MAXCONN is set, we still enforce it as an upper limit for
* maxconn in order to protect the system.
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
*/
MEDIUM: init: make the global maxconn default to what rlim_fd_cur permits The global maxconn value is often a pain to configure : - in development the user never has the permissions to increase the rlim_cur value too high and gets warnings all the time ; - in some production environments, users may have limited actions on it or may only be able to act on rlim_fd_cur using ulimit -n. This is sometimes particularly true in containers or whatever environment where the user has no privilege to upgrade the limits. - keeping config homogenous between machines is even less easy. We already had the ability to automatically compute maxconn from the memory limits when they were set. This patch goes a bit further by also computing the limit permitted by the configured limit on the number of FDs. For this it simply reverses the rlim_fd_cur calculation to determine maxconn based on the number of reserved sockets for listeners & checks, the number of SSL engines and the number of pipes (absolute or relative). This way it becomes possible to make maxconn always be the highest possible value resulting in maxsock matching what was set using "ulimit -n", without ever setting it. Note that we adjust to the soft limit, not the hard one, since it's what is configured with ulimit -n. This allows users to also limit to low values if needed. Just like before, the calculated value is reported in verbose mode.
2019-03-01 09:43:14 -05:00
ideal_maxconn = compute_ideal_maxconn();
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
if (!global.rlimit_memmax) {
if (global.maxconn == 0) {
MEDIUM: init: make the global maxconn default to what rlim_fd_cur permits The global maxconn value is often a pain to configure : - in development the user never has the permissions to increase the rlim_cur value too high and gets warnings all the time ; - in some production environments, users may have limited actions on it or may only be able to act on rlim_fd_cur using ulimit -n. This is sometimes particularly true in containers or whatever environment where the user has no privilege to upgrade the limits. - keeping config homogenous between machines is even less easy. We already had the ability to automatically compute maxconn from the memory limits when they were set. This patch goes a bit further by also computing the limit permitted by the configured limit on the number of FDs. For this it simply reverses the rlim_fd_cur calculation to determine maxconn based on the number of reserved sockets for listeners & checks, the number of SSL engines and the number of pipes (absolute or relative). This way it becomes possible to make maxconn always be the highest possible value resulting in maxsock matching what was set using "ulimit -n", without ever setting it. Note that we adjust to the soft limit, not the hard one, since it's what is configured with ulimit -n. This allows users to also limit to low values if needed. Just like before, the calculated value is reported in verbose mode.
2019-03-01 09:43:14 -05:00
global.maxconn = ideal_maxconn;
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
if (global.mode & (MODE_VERBOSE|MODE_DEBUG))
fprintf(stderr, "Note: setting global.maxconn to %d.\n", global.maxconn);
}
}
#ifdef USE_OPENSSL
else if (!global.maxconn && !global.maxsslconn &&
(global.ssl_used_frontend || global.ssl_used_backend)) {
/* memmax is set, compute everything automatically. Here we want
* to ensure that all SSL connections will be served. We take
* care of the number of sides where SSL is used, and consider
* the worst case : SSL used on both sides and doing a handshake
* simultaneously. Note that we can't have more than maxconn
* handshakes at a time by definition, so for the worst case of
* two SSL conns per connection, we count a single handshake.
*/
int sides = !!global.ssl_used_frontend + !!global.ssl_used_backend;
int64_t mem = global.rlimit_memmax * 1048576ULL;
MEDIUM: init: always try to push the FD limit when maxconn is set from -m When a maximum memory setting is passed to haproxy and maxconn is not set and ulimit-n is not set, it is expected that maxconn will be set to the highest value permitted by this memory setting, possibly affecting the FD limit. When maxconn was changed to be deduced from the current process's FD limit, the automatic setting above was partially lost because it now remains limited to the current FD limit in addition to being limited to the memory usage. For unprivileged processes it does not change anything, but for privileged processes the difference is important. Indeed, the previous behavior ensured that the new FD limit could be enforced on the process as long as the user had the privilege to do so. Now this does not happen anymore, and some people rely on this for automatic sizing in VM environments. This patch implements the ability to verify if the setting will be enforceable on the process or not. First it computes maxconn based on the memory limits alone, then checks if the process is willing to accept them, otherwise tries again by respecting the process' hard limit. Thanks to this we now have the best of the pre-2.0 behavior and the current one, in that privileged users will be able to get as high a maxconn as they need just based on the memory limit, while unprivileged users will still get as high a setting as permitted by the intersection of the memory limit and the process' FD limit. Ideally, after some observation period, this patch along with the previous one "MINOR: init: move the maxsock calculation code to compute_ideal_maxsock()" should be backported to 2.1 and 2.0. Thanks to Baptiste for raising the issue.
2020-03-10 12:54:54 -04:00
int retried = 0;
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
CLEANUP: init: address a coverity warning about possible multiply overflow In issue #1585 Coverity suspects a risk of multiply overflow when calculating the SSL cache size, though in practice the cache is limited to 2^32 anyway thus it cannot really happen. Nevertheless, casting the operation should be sufficient to avoid marking it as a false positive.
2022-05-24 01:43:57 -04:00
mem -= global.tune.sslcachesize * 200ULL; // about 200 bytes per SSL cache entry
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
mem -= global.maxzlibmem;
mem = mem * MEM_USABLE_RATIO;
MEDIUM: init: always try to push the FD limit when maxconn is set from -m When a maximum memory setting is passed to haproxy and maxconn is not set and ulimit-n is not set, it is expected that maxconn will be set to the highest value permitted by this memory setting, possibly affecting the FD limit. When maxconn was changed to be deduced from the current process's FD limit, the automatic setting above was partially lost because it now remains limited to the current FD limit in addition to being limited to the memory usage. For unprivileged processes it does not change anything, but for privileged processes the difference is important. Indeed, the previous behavior ensured that the new FD limit could be enforced on the process as long as the user had the privilege to do so. Now this does not happen anymore, and some people rely on this for automatic sizing in VM environments. This patch implements the ability to verify if the setting will be enforceable on the process or not. First it computes maxconn based on the memory limits alone, then checks if the process is willing to accept them, otherwise tries again by respecting the process' hard limit. Thanks to this we now have the best of the pre-2.0 behavior and the current one, in that privileged users will be able to get as high a maxconn as they need just based on the memory limit, while unprivileged users will still get as high a setting as permitted by the intersection of the memory limit and the process' FD limit. Ideally, after some observation period, this patch along with the previous one "MINOR: init: move the maxsock calculation code to compute_ideal_maxsock()" should be backported to 2.1 and 2.0. Thanks to Baptiste for raising the issue.
2020-03-10 12:54:54 -04:00
/* Principle: we test once to set maxconn according to the free
* memory. If it results in values the system rejects, we try a
* second time by respecting rlim_fd_max. If it fails again, we
* go back to the initial value and will let the final code
* dealing with rlimit report the error. That's up to 3 attempts.
*/
do {
global.maxconn = mem /
((STREAM_MAX_COST + 2 * global.tune.bufsize) + // stream + 2 buffers per stream
sides * global.ssl_session_max_cost + // SSL buffers, one per side
global.ssl_handshake_max_cost); // 1 handshake per connection max
if (retried == 1)
global.maxconn = MIN(global.maxconn, ideal_maxconn);
global.maxconn = round_2dig(global.maxconn);
MEDIUM: init: continue to enforce SYSTEM_MAXCONN with auto settings if set Commit d025648 ("MAJOR: init: automatically set maxconn and/or maxsslconn when possible") resulted in a case where if enough memory is available, a maxconn value larger than SYSTEM_MAXCONN could be computed, resulting in possibly overflowing other systems resources (eg: kernel socket buffers, conntrack entries, etc). Let's bound any automatic maxconn to SYSTEM_MAXCONN if it is defined. Note that the value is set to DEFAULT_MAXCONN since SYSTEM_MAXCONN forces DEFAULT_MAXCONN, thus it is not an error.
2015-01-28 13:03:21 -05:00
#ifdef SYSTEM_MAXCONN
MEDIUM: init: always try to push the FD limit when maxconn is set from -m When a maximum memory setting is passed to haproxy and maxconn is not set and ulimit-n is not set, it is expected that maxconn will be set to the highest value permitted by this memory setting, possibly affecting the FD limit. When maxconn was changed to be deduced from the current process's FD limit, the automatic setting above was partially lost because it now remains limited to the current FD limit in addition to being limited to the memory usage. For unprivileged processes it does not change anything, but for privileged processes the difference is important. Indeed, the previous behavior ensured that the new FD limit could be enforced on the process as long as the user had the privilege to do so. Now this does not happen anymore, and some people rely on this for automatic sizing in VM environments. This patch implements the ability to verify if the setting will be enforceable on the process or not. First it computes maxconn based on the memory limits alone, then checks if the process is willing to accept them, otherwise tries again by respecting the process' hard limit. Thanks to this we now have the best of the pre-2.0 behavior and the current one, in that privileged users will be able to get as high a maxconn as they need just based on the memory limit, while unprivileged users will still get as high a setting as permitted by the intersection of the memory limit and the process' FD limit. Ideally, after some observation period, this patch along with the previous one "MINOR: init: move the maxsock calculation code to compute_ideal_maxsock()" should be backported to 2.1 and 2.0. Thanks to Baptiste for raising the issue.
2020-03-10 12:54:54 -04:00
if (global.maxconn > SYSTEM_MAXCONN)
global.maxconn = SYSTEM_MAXCONN;
MEDIUM: init: continue to enforce SYSTEM_MAXCONN with auto settings if set Commit d025648 ("MAJOR: init: automatically set maxconn and/or maxsslconn when possible") resulted in a case where if enough memory is available, a maxconn value larger than SYSTEM_MAXCONN could be computed, resulting in possibly overflowing other systems resources (eg: kernel socket buffers, conntrack entries, etc). Let's bound any automatic maxconn to SYSTEM_MAXCONN if it is defined. Note that the value is set to DEFAULT_MAXCONN since SYSTEM_MAXCONN forces DEFAULT_MAXCONN, thus it is not an error.
2015-01-28 13:03:21 -05:00
#endif /* SYSTEM_MAXCONN */
MEDIUM: init: always try to push the FD limit when maxconn is set from -m When a maximum memory setting is passed to haproxy and maxconn is not set and ulimit-n is not set, it is expected that maxconn will be set to the highest value permitted by this memory setting, possibly affecting the FD limit. When maxconn was changed to be deduced from the current process's FD limit, the automatic setting above was partially lost because it now remains limited to the current FD limit in addition to being limited to the memory usage. For unprivileged processes it does not change anything, but for privileged processes the difference is important. Indeed, the previous behavior ensured that the new FD limit could be enforced on the process as long as the user had the privilege to do so. Now this does not happen anymore, and some people rely on this for automatic sizing in VM environments. This patch implements the ability to verify if the setting will be enforceable on the process or not. First it computes maxconn based on the memory limits alone, then checks if the process is willing to accept them, otherwise tries again by respecting the process' hard limit. Thanks to this we now have the best of the pre-2.0 behavior and the current one, in that privileged users will be able to get as high a maxconn as they need just based on the memory limit, while unprivileged users will still get as high a setting as permitted by the intersection of the memory limit and the process' FD limit. Ideally, after some observation period, this patch along with the previous one "MINOR: init: move the maxsock calculation code to compute_ideal_maxsock()" should be backported to 2.1 and 2.0. Thanks to Baptiste for raising the issue.
2020-03-10 12:54:54 -04:00
global.maxsslconn = sides * global.maxconn;
if (check_if_maxsock_permitted(compute_ideal_maxsock(global.maxconn)))
break;
} while (retried++ < 2);
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
if (global.mode & (MODE_VERBOSE|MODE_DEBUG))
fprintf(stderr, "Note: setting global.maxconn to %d and global.maxsslconn to %d.\n",
global.maxconn, global.maxsslconn);
}
else if (!global.maxsslconn &&
(global.ssl_used_frontend || global.ssl_used_backend)) {
/* memmax and maxconn are known, compute maxsslconn automatically.
* maxsslconn being forced, we don't know how many of it will be
* on each side if both sides are being used. The worst case is
* when all connections use only one SSL instance because
* handshakes may be on two sides at the same time.
*/
int sides = !!global.ssl_used_frontend + !!global.ssl_used_backend;
int64_t mem = global.rlimit_memmax * 1048576ULL;
int64_t sslmem;
CLEANUP: init: address another coverity warning about a possible multiply overflow Commit 2cb3be76b ("CLEANUP: init: address a coverity warning about possible multiply overflow") was incomplete, two other locations were present. This should address issue #1585.
2022-05-26 02:55:05 -04:00
mem -= global.tune.sslcachesize * 200ULL; // about 200 bytes per SSL cache entry
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
mem -= global.maxzlibmem;
mem = mem * MEM_USABLE_RATIO;
REORG/MAJOR: session: rename the "session" entity to "stream" With HTTP/2, we'll have to support multiplexed streams. A stream is in fact the largest part of what we currently call a session, it has buffers, logs, etc. In order to catch any error, this commit removes any reference to the struct session and tries to rename most "session" occurrences in function names to "stream" and "sess" to "strm" when that's related to a session. The files stream.{c,h} were added and session.{c,h} removed. The session will be reintroduced later and a few parts of the stream will progressively be moved overthere. It will more or less contain only what we need in an embryonic session. Sample fetch functions and converters will have to change a bit so that they'll use an L5 (session) instead of what's currently called "L4" which is in fact L6 for now. Once all changes are completed, we should see approximately this : L7 - http_txn L6 - stream L5 - session L4 - connection | applet There will be at most one http_txn per stream, and a same session will possibly be referenced by multiple streams. A connection will point to a session and to a stream. The session will hold all the information we need to keep even when we don't yet have a stream. Some more cleanup is needed because some code was already far from being clean. The server queue management still refers to sessions at many places while comments talk about connections. This will have to be cleaned up once we have a server-side connection pool manager. Stream flags "SN_*" still need to be renamed, it doesn't seem like any of them will need to move to the session.
2015-04-02 18:22:06 -04:00
sslmem = mem - global.maxconn * (int64_t)(STREAM_MAX_COST + 2 * global.tune.bufsize);
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
global.maxsslconn = sslmem / (global.ssl_session_max_cost + global.ssl_handshake_max_cost);
global.maxsslconn = round_2dig(global.maxsslconn);
if (sslmem <= 0 || global.maxsslconn < sides) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Cannot compute the automatic maxsslconn because global.maxconn is already too "
"high for the global.memmax value (%d MB). The absolute maximum possible value "
"without SSL is %d, but %d was found and SSL is in use.\n",
global.rlimit_memmax,
(int)(mem / (STREAM_MAX_COST + 2 * global.tune.bufsize)),
global.maxconn);
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
exit(1);
}
if (global.maxsslconn > sides * global.maxconn)
global.maxsslconn = sides * global.maxconn;
if (global.mode & (MODE_VERBOSE|MODE_DEBUG))
fprintf(stderr, "Note: setting global.maxsslconn to %d\n", global.maxsslconn);
}
#endif
else if (!global.maxconn) {
/* memmax and maxsslconn are known/unused, compute maxconn automatically */
int sides = !!global.ssl_used_frontend + !!global.ssl_used_backend;
int64_t mem = global.rlimit_memmax * 1048576ULL;
int64_t clearmem;
MEDIUM: init: always try to push the FD limit when maxconn is set from -m When a maximum memory setting is passed to haproxy and maxconn is not set and ulimit-n is not set, it is expected that maxconn will be set to the highest value permitted by this memory setting, possibly affecting the FD limit. When maxconn was changed to be deduced from the current process's FD limit, the automatic setting above was partially lost because it now remains limited to the current FD limit in addition to being limited to the memory usage. For unprivileged processes it does not change anything, but for privileged processes the difference is important. Indeed, the previous behavior ensured that the new FD limit could be enforced on the process as long as the user had the privilege to do so. Now this does not happen anymore, and some people rely on this for automatic sizing in VM environments. This patch implements the ability to verify if the setting will be enforceable on the process or not. First it computes maxconn based on the memory limits alone, then checks if the process is willing to accept them, otherwise tries again by respecting the process' hard limit. Thanks to this we now have the best of the pre-2.0 behavior and the current one, in that privileged users will be able to get as high a maxconn as they need just based on the memory limit, while unprivileged users will still get as high a setting as permitted by the intersection of the memory limit and the process' FD limit. Ideally, after some observation period, this patch along with the previous one "MINOR: init: move the maxsock calculation code to compute_ideal_maxsock()" should be backported to 2.1 and 2.0. Thanks to Baptiste for raising the issue.
2020-03-10 12:54:54 -04:00
int retried = 0;
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
if (global.ssl_used_frontend || global.ssl_used_backend)
CLEANUP: init: address another coverity warning about a possible multiply overflow Commit 2cb3be76b ("CLEANUP: init: address a coverity warning about possible multiply overflow") was incomplete, two other locations were present. This should address issue #1585.
2022-05-26 02:55:05 -04:00
mem -= global.tune.sslcachesize * 200ULL; // about 200 bytes per SSL cache entry
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
mem -= global.maxzlibmem;
mem = mem * MEM_USABLE_RATIO;
clearmem = mem;
if (sides)
clearmem -= (global.ssl_session_max_cost + global.ssl_handshake_max_cost) * (int64_t)global.maxsslconn;
MEDIUM: init: always try to push the FD limit when maxconn is set from -m When a maximum memory setting is passed to haproxy and maxconn is not set and ulimit-n is not set, it is expected that maxconn will be set to the highest value permitted by this memory setting, possibly affecting the FD limit. When maxconn was changed to be deduced from the current process's FD limit, the automatic setting above was partially lost because it now remains limited to the current FD limit in addition to being limited to the memory usage. For unprivileged processes it does not change anything, but for privileged processes the difference is important. Indeed, the previous behavior ensured that the new FD limit could be enforced on the process as long as the user had the privilege to do so. Now this does not happen anymore, and some people rely on this for automatic sizing in VM environments. This patch implements the ability to verify if the setting will be enforceable on the process or not. First it computes maxconn based on the memory limits alone, then checks if the process is willing to accept them, otherwise tries again by respecting the process' hard limit. Thanks to this we now have the best of the pre-2.0 behavior and the current one, in that privileged users will be able to get as high a maxconn as they need just based on the memory limit, while unprivileged users will still get as high a setting as permitted by the intersection of the memory limit and the process' FD limit. Ideally, after some observation period, this patch along with the previous one "MINOR: init: move the maxsock calculation code to compute_ideal_maxsock()" should be backported to 2.1 and 2.0. Thanks to Baptiste for raising the issue.
2020-03-10 12:54:54 -04:00
/* Principle: we test once to set maxconn according to the free
* memory. If it results in values the system rejects, we try a
* second time by respecting rlim_fd_max. If it fails again, we
* go back to the initial value and will let the final code
* dealing with rlimit report the error. That's up to 3 attempts.
*/
do {
global.maxconn = clearmem / (STREAM_MAX_COST + 2 * global.tune.bufsize);
if (retried == 1)
global.maxconn = MIN(global.maxconn, ideal_maxconn);
global.maxconn = round_2dig(global.maxconn);
MEDIUM: init: continue to enforce SYSTEM_MAXCONN with auto settings if set Commit d025648 ("MAJOR: init: automatically set maxconn and/or maxsslconn when possible") resulted in a case where if enough memory is available, a maxconn value larger than SYSTEM_MAXCONN could be computed, resulting in possibly overflowing other systems resources (eg: kernel socket buffers, conntrack entries, etc). Let's bound any automatic maxconn to SYSTEM_MAXCONN if it is defined. Note that the value is set to DEFAULT_MAXCONN since SYSTEM_MAXCONN forces DEFAULT_MAXCONN, thus it is not an error.
2015-01-28 13:03:21 -05:00
#ifdef SYSTEM_MAXCONN
MEDIUM: init: always try to push the FD limit when maxconn is set from -m When a maximum memory setting is passed to haproxy and maxconn is not set and ulimit-n is not set, it is expected that maxconn will be set to the highest value permitted by this memory setting, possibly affecting the FD limit. When maxconn was changed to be deduced from the current process's FD limit, the automatic setting above was partially lost because it now remains limited to the current FD limit in addition to being limited to the memory usage. For unprivileged processes it does not change anything, but for privileged processes the difference is important. Indeed, the previous behavior ensured that the new FD limit could be enforced on the process as long as the user had the privilege to do so. Now this does not happen anymore, and some people rely on this for automatic sizing in VM environments. This patch implements the ability to verify if the setting will be enforceable on the process or not. First it computes maxconn based on the memory limits alone, then checks if the process is willing to accept them, otherwise tries again by respecting the process' hard limit. Thanks to this we now have the best of the pre-2.0 behavior and the current one, in that privileged users will be able to get as high a maxconn as they need just based on the memory limit, while unprivileged users will still get as high a setting as permitted by the intersection of the memory limit and the process' FD limit. Ideally, after some observation period, this patch along with the previous one "MINOR: init: move the maxsock calculation code to compute_ideal_maxsock()" should be backported to 2.1 and 2.0. Thanks to Baptiste for raising the issue.
2020-03-10 12:54:54 -04:00
if (global.maxconn > SYSTEM_MAXCONN)
global.maxconn = SYSTEM_MAXCONN;
MEDIUM: init: continue to enforce SYSTEM_MAXCONN with auto settings if set Commit d025648 ("MAJOR: init: automatically set maxconn and/or maxsslconn when possible") resulted in a case where if enough memory is available, a maxconn value larger than SYSTEM_MAXCONN could be computed, resulting in possibly overflowing other systems resources (eg: kernel socket buffers, conntrack entries, etc). Let's bound any automatic maxconn to SYSTEM_MAXCONN if it is defined. Note that the value is set to DEFAULT_MAXCONN since SYSTEM_MAXCONN forces DEFAULT_MAXCONN, thus it is not an error.
2015-01-28 13:03:21 -05:00
#endif /* SYSTEM_MAXCONN */
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
MEDIUM: init: always try to push the FD limit when maxconn is set from -m When a maximum memory setting is passed to haproxy and maxconn is not set and ulimit-n is not set, it is expected that maxconn will be set to the highest value permitted by this memory setting, possibly affecting the FD limit. When maxconn was changed to be deduced from the current process's FD limit, the automatic setting above was partially lost because it now remains limited to the current FD limit in addition to being limited to the memory usage. For unprivileged processes it does not change anything, but for privileged processes the difference is important. Indeed, the previous behavior ensured that the new FD limit could be enforced on the process as long as the user had the privilege to do so. Now this does not happen anymore, and some people rely on this for automatic sizing in VM environments. This patch implements the ability to verify if the setting will be enforceable on the process or not. First it computes maxconn based on the memory limits alone, then checks if the process is willing to accept them, otherwise tries again by respecting the process' hard limit. Thanks to this we now have the best of the pre-2.0 behavior and the current one, in that privileged users will be able to get as high a maxconn as they need just based on the memory limit, while unprivileged users will still get as high a setting as permitted by the intersection of the memory limit and the process' FD limit. Ideally, after some observation period, this patch along with the previous one "MINOR: init: move the maxsock calculation code to compute_ideal_maxsock()" should be backported to 2.1 and 2.0. Thanks to Baptiste for raising the issue.
2020-03-10 12:54:54 -04:00
if (clearmem <= 0 || !global.maxconn) {
ha_alert("Cannot compute the automatic maxconn because global.maxsslconn is already too "
"high for the global.memmax value (%d MB). The absolute maximum possible value "
"is %d, but %d was found.\n",
global.rlimit_memmax,
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
(int)(mem / (global.ssl_session_max_cost + global.ssl_handshake_max_cost)),
MEDIUM: init: always try to push the FD limit when maxconn is set from -m When a maximum memory setting is passed to haproxy and maxconn is not set and ulimit-n is not set, it is expected that maxconn will be set to the highest value permitted by this memory setting, possibly affecting the FD limit. When maxconn was changed to be deduced from the current process's FD limit, the automatic setting above was partially lost because it now remains limited to the current FD limit in addition to being limited to the memory usage. For unprivileged processes it does not change anything, but for privileged processes the difference is important. Indeed, the previous behavior ensured that the new FD limit could be enforced on the process as long as the user had the privilege to do so. Now this does not happen anymore, and some people rely on this for automatic sizing in VM environments. This patch implements the ability to verify if the setting will be enforceable on the process or not. First it computes maxconn based on the memory limits alone, then checks if the process is willing to accept them, otherwise tries again by respecting the process' hard limit. Thanks to this we now have the best of the pre-2.0 behavior and the current one, in that privileged users will be able to get as high a maxconn as they need just based on the memory limit, while unprivileged users will still get as high a setting as permitted by the intersection of the memory limit and the process' FD limit. Ideally, after some observation period, this patch along with the previous one "MINOR: init: move the maxsock calculation code to compute_ideal_maxsock()" should be backported to 2.1 and 2.0. Thanks to Baptiste for raising the issue.
2020-03-10 12:54:54 -04:00
global.maxsslconn);
exit(1);
}
if (check_if_maxsock_permitted(compute_ideal_maxsock(global.maxconn)))
break;
} while (retried++ < 2);
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
if (global.mode & (MODE_VERBOSE|MODE_DEBUG)) {
if (sides && global.maxsslconn > sides * global.maxconn) {
fprintf(stderr, "Note: global.maxsslconn is forced to %d which causes global.maxconn "
"to be limited to %d. Better reduce global.maxsslconn to get more "
"room for extra connections.\n", global.maxsslconn, global.maxconn);
}
fprintf(stderr, "Note: setting global.maxconn to %d\n", global.maxconn);
}
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MINOR: init: move the maxsock calculation code to compute_ideal_maxsock() The maxsock value is currently derived from global.maxconn and a few other settings, some of which also depend on global.maxconn. This makes it difficult to check if a limit is already too high or not during the maxconn automatic sizing. Let's move this code into a new function, compute_ideal_maxsock() which now takes a maxconn in argument. It performs the same operations and returns the maxsock value if global.maxconn were to be set to that value. It now replaces the previous code to compute maxsock.
2020-03-10 12:08:53 -04:00
global.maxsock = compute_ideal_maxsock(global.maxconn);
global.hardmaxconn = global.maxconn;
BUG/MAJOR: init: properly compute the default global.maxpipes value Initial default settings for maxconn/maxsock/maxpipes were rearranged in commit a409f30d0 ("MINOR: init: move the maxsock calculation code to compute_ideal_maxsock()") but as a side effect, the calculated maxpipes value was not stored anymore into global.maxpipes. This resulted in splicing being disabled unless there is an explicit maxpipes setting in the global section. This patch just stores the calculated ideal value as planned in the computation and as was done before the patch above. This is strictly 2.2, no backport is needed.
2020-06-19 10:20:59 -04:00
if (!global.maxpipes)
global.maxpipes = compute_ideal_maxpipes();
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: connections: Add a way to control the number of idling connections. As by default we add all keepalive connections to the idle pool, if we run into a pathological case, where all client don't do keepalive, but the server does, and haproxy is configured to only reuse "safe" connections, we will soon find ourself having lots of idling, unusable for new sessions, connections, while we won't have any file descriptors available to create new connections. To fix this, add 2 new global settings, "pool_low_ratio" and "pool_high_ratio". pool-low-fd-ratio is the % of fds we're allowed to use (against the maximum number of fds available to haproxy) before we stop adding connections to the idle pool, and destroy them instead. The default is 20. pool-high-fd-ratio is the % of fds we're allowed to use (against the maximum number of fds available to haproxy) before we start killing idling connection in the event we have to create a new outgoing connection, and no reuse is possible. The default is 25.
2019-04-16 13:07:22 -04:00
/* update connection pool thresholds */
global.tune.pool_low_count = ((long long)global.maxsock * global.tune.pool_low_ratio + 99) / 100;
global.tune.pool_high_count = ((long long)global.maxsock * global.tune.pool_high_ratio + 99) / 100;
MEDIUM: config: don't enforce a low frontend maxconn value anymore Historically the default frontend's maxconn used to be quite low (2000), which was sufficient two decades ago but often proved to be a problem when users had purposely set the global maxconn value but forgot to set the frontend's. There is no point in keeping this arbitrary limit for frontends : when the global maxconn is lower, it's already too high and when the global maxconn is much higher, it becomes a limiting factor which causes trouble in production. This commit allows the value to be set to zero, which becomes the new default value, to mean it's not directly limited, or in fact it's set to the global maxconn. Since this operation used to be performed before computing a possibly automatic global maxconn based on memory limits, the calculation of the maxconn value and its propagation to the backends' fullconn has now moved to a dedicated function, proxy_adjust_all_maxconn(), which is called once the global maxconn is stabilized. This comes with two benefits : 1) a configuration missing "maxconn" in the defaults section will not limit itself to a magically hardcoded value but will scale up to the global maxconn ; 2) when the global maxconn is not set and memory limits are used instead, the frontends' maxconn automatically adapts, and the backends' fullconn as well.
2019-02-27 11:25:52 -05:00
proxy_adjust_all_maxconn();
[MEDIUM] limit the number of events returned by *poll* By default, epoll/kqueue used to return as many events as possible. This could sometimes cause huge latencies (latencies of up to 400 ms have been observed with many thousands of fds at once). Limiting the number of events returned also reduces the latency by avoiding too many blind processing. The value is set to 200 by default and can be changed in the global section using the tune.maxpollevents parameter.
2007-06-03 11:16:49 -04:00
if (global.tune.maxpollevents <= 0)
global.tune.maxpollevents = MAX_POLL_EVENTS;
OPTIM: task: automatically adjust the default runqueue-depth to the threads The recent default runqueue size reduction appeared to have significantly lowered performance on low-thread count configs. Testing various values runqueue values on different workloads under thread counts ranging from 1 to 64, it appeared that lower values are more optimal for high thread counts and conversely. It could even be drawn that the optimal value for various workloads sits around 280/sqrt(nbthread), and probably has to do with both the L3 cache usage and how to optimally interlace the threads' activity to minimize contention. This is much easier to optimally configure, so let's do this by default now.
2021-03-10 05:06:26 -05:00
if (global.tune.runqueue_depth <= 0) {
/* tests on various thread counts from 1 to 64 have shown an
* optimal queue depth following roughly 1/sqrt(threads).
*/
int s = my_flsl(global.nbthread);
s += (global.nbthread / s); // roughly twice the sqrt.
global.tune.runqueue_depth = RUNQUEUE_DEPTH * 2 / s;
}
MINOR: tasks: Make the number of tasks to run at once configurable. Instead of hardcoding 200, make the number of tasks to be run configurable using tune.runqueue-depth. 200 is still the default.
2018-05-24 12:59:04 -04:00
[OPTIM] stream_sock: don't retry to read after a large read If we get very large data at once, it's almost certain that it's worthless trying to read again, because we got everything we could get. Doing this has made all -EAGAIN disappear from splice reads. The threshold has been put in the global tunable structures so that if we one day want to make it accessible from user config, it will be easy to do so.
2009-03-21 15:43:57 -04:00
if (global.tune.recv_enough == 0)
global.tune.recv_enough = MIN_RECV_AT_ONCE_ENOUGH;
[MEDIUM] make it possible to change the buffer size in the configuration The new tune.bufsize and tune.maxrewrite global directives allow one to change the buffer size and the maxrewrite size. Right now, setting bufsize too low will block stats sockets which will not be able to write at all. An error checking must be added to buffer_write_chunk() so that if it cannot write its message to an empty buffer, it causes the caller to abort.
2009-08-17 01:23:33 -04:00
if (global.tune.maxrewrite >= global.tune.bufsize / 2)
global.tune.maxrewrite = global.tune.bufsize / 2;
MINOR: errors: specify prefix "config" for parsing output Set "config :" as a prefix for the user messages context before starting the configuration parsing. All following stderr output will be prefixed by it. As a consequence, remove extraneous prefix "config" already specified in various ha_alert/warning/notice calls.
2021-06-04 12:22:08 -04:00
usermsgs_clr(NULL);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (arg_mode & (MODE_DEBUG | MODE_FOREGROUND)) {
/* command line debug mode inhibits configuration mode */
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
global.mode &= ~(MODE_DAEMON | MODE_QUIET);
BUG/MEDIUM: command-line option -D must have precedence over "debug" From the beginning it has been said that -D must always be used on the command line from startup scripts so that haproxy does not accidentally stay in foreground when loaded from init script... Except that this has not been true for a long time now. The fix is easy and must be backported to 1.4 too which is affected.
2012-10-26 10:04:28 -04:00
global.mode |= (arg_mode & (MODE_DEBUG | MODE_FOREGROUND));
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
BUG/MEDIUM: command-line option -D must have precedence over "debug" From the beginning it has been said that -D must always be used on the command line from startup scripts so that haproxy does not accidentally stay in foreground when loaded from init script... Except that this has not been true for a long time now. The fix is easy and must be backported to 1.4 too which is affected.
2012-10-26 10:04:28 -04:00
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
if (arg_mode & MODE_DAEMON) {
BUG/MEDIUM: command-line option -D must have precedence over "debug" From the beginning it has been said that -D must always be used on the command line from startup scripts so that haproxy does not accidentally stay in foreground when loaded from init script... Except that this has not been true for a long time now. The fix is easy and must be backported to 1.4 too which is affected.
2012-10-26 10:04:28 -04:00
/* command line daemon mode inhibits foreground and debug modes mode */
global.mode &= ~(MODE_DEBUG | MODE_FOREGROUND);
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
global.mode |= arg_mode & MODE_DAEMON;
BUG/MEDIUM: command-line option -D must have precedence over "debug" From the beginning it has been said that -D must always be used on the command line from startup scripts so that haproxy does not accidentally stay in foreground when loaded from init script... Except that this has not been true for a long time now. The fix is easy and must be backported to 1.4 too which is affected.
2012-10-26 10:04:28 -04:00
}
global.mode |= (arg_mode & (MODE_QUIET | MODE_VERBOSE));
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
if ((global.mode & MODE_DEBUG) && (global.mode & (MODE_DAEMON | MODE_QUIET))) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("<debug> mode incompatible with <quiet> and <daemon>. Keeping <debug> only.\n");
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
global.mode &= ~(MODE_DAEMON | MODE_QUIET);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MEDIUM: chunks: Realloc trash buffers only after the config is parsed and checked Trash buffers are reallocated when "tune.bufsize" parameter is changed. Here, we just move the realloc after the configuration parsing. Given that the config parser doesn't rely on the trash size, it should be harmless.
2017-08-29 10:46:57 -04:00
/* Realloc trash buffers because global.tune.bufsize may have changed */
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
if (!init_trash_buffers(0)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("failed to initialize trash buffers.\n");
MEDIUM: chunks: Realloc trash buffers only after the config is parsed and checked Trash buffers are reallocated when "tune.bufsize" parameter is changed. Here, we just move the realloc after the configuration parsing. Given that the config parser doesn't rely on the trash size, it should be harmless.
2017-08-29 10:46:57 -04:00
exit(1);
}
BUG/MINOR: Allocate the log buffers before the proxies startup Since the commit cd7879adc ("BUG/MEDIUM: threads: Run the poll loop on the main thread too"), the log buffers are allocated after the proxies startup. So log messages produced during this startup was ignored. To fix the bug, we restore the initialization of these buffers before proxies startup. This is specific to threads, no backport is needed.
2017-11-14 16:02:30 -05:00
if (!init_log_buffers()) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("failed to initialize log buffers.\n");
BUG/MINOR: Allocate the log buffers before the proxies startup Since the commit cd7879adc ("BUG/MEDIUM: threads: Run the poll loop on the main thread too"), the log buffers are allocated after the proxies startup. So log messages produced during this startup was ignored. To fix the bug, we restore the initialization of these buffers before proxies startup. This is specific to threads, no backport is needed.
2017-11-14 16:02:30 -05:00
exit(1);
}
BUG/MINOR: quic: Wrong cluster secret initialization The function generate_random_cluster_secret() which initializes the cluster secret when not supplied by configuration is buggy. There 1/256 that the cluster secret string is empty. To fix this, one stores the cluster as a reduced size first 128 bits of its own SHA1 (160 bits) digest, if defined by configuration. If this is not the case, it is initialized with a 128 bits random value. Furthermore, thus the cluster secret is always initialized. As the cluster secret is always initialized, there are several tests which are for now on useless. This patch removes such tests (if(global.cluster_secret)) in the QUIC code part and at parsing time: no need to check that a cluster secret was initialized with "quic-force-retry" option. Must be backported as far as 2.6.
2023-09-07 12:43:52 -04:00
if (!cluster_secret_isset)
MINOR: global: generate random cluster.secret if not defined If no cluster-secret is defined by the user, a random one is silently generated. This ensures that at least QUIC Retry tokens are generated if abnormal conditions are detected. However, it is advisable to specify it in the configuration for tokens to be valid even after a reload or across LBs instances in the same cluster. This should be backported up to 2.6.
2022-11-14 10:18:46 -05:00
generate_random_cluster_secret();
[MAJOR] auto-registering of pollers at load time Gcc provides __attribute__((constructor)) which is very convenient to execute functions at startup right before main(). All the pollers have been converted to have their register() function declared like this, so that it is not necessary anymore to call them from a centralized file.
2007-04-15 18:25:25 -04:00
/*
* Note: we could register external pollers here.
* Built-in pollers have been registered before main().
*/
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
if (!(global.tune.options & GTUNE_USE_KQUEUE))
[MAJOR] implemented support for FreeBSD's kqueue() polling mechanism It has not been tested yet, but at least it builds.
2007-04-09 06:03:06 -04:00
disable_poller("kqueue");
MAJOR: polling: add event ports support (Solaris) Event ports are kqueue/epoll polling class for Solaris. Code is based on https://github.com/joyent/haproxy-1.8/tree/joyent/dev-v1.8.8. Event ports are available only on SunOS systems derived from Solaris 10 and later (including illumos systems).
2019-04-08 12:53:32 -04:00
if (!(global.tune.options & GTUNE_USE_EVPORTS))
disable_poller("evports");
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
if (!(global.tune.options & GTUNE_USE_EPOLL))
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
disable_poller("epoll");
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
if (!(global.tune.options & GTUNE_USE_POLL))
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
disable_poller("poll");
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
if (!(global.tune.options & GTUNE_USE_SELECT))
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
disable_poller("select");
/* Note: we could disable any poller by name here */
MINOR: filters: Print the list of existing filters during HA startup This is done in verbose/debug mode and when build options are reported.
2016-03-07 06:46:38 -05:00
if (global.mode & (MODE_VERBOSE|MODE_DEBUG)) {
[MAJOR] delay registering of listener sockets at startup Some pollers such as kqueue lose their FD across fork(), meaning that the registered file descriptors are lost too. Now when the proxies are started by start_proxies(), the file descriptors are not registered yet, leaving enough time for the fork() to take place and to get a new pollfd. It will be the first call to maintain_proxies that will register them.
2007-04-09 13:29:56 -04:00
list_pollers(stderr);
MINOR: filters: Print the list of existing filters during HA startup This is done in verbose/debug mode and when build options are reported.
2016-03-07 06:46:38 -05:00
fprintf(stderr, "\n");
list_filters(stderr);
}
[MAJOR] delay registering of listener sockets at startup Some pollers such as kqueue lose their FD across fork(), meaning that the registered file descriptors are lost too. Now when the proxies are started by start_proxies(), the file descriptors are not registered yet, leaving enough time for the fork() to take place and to get a new pollfd. It will be the first call to maintain_proxies that will register them.
2007-04-09 13:29:56 -04:00
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
if (!init_pollers()) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("No polling mechanism available.\n"
MEDIUM: poller: disable thread-groups for poll() and select() These old legacy pollers are not designed for this. They're still using a shared list of events for all threads, this will not scale at all, so there's no point in enabling thread-groups there. Modern systems have epoll, kqueue or event ports and do not need these ones. We arrange for failing at boot time, only when thread-groups > 1 so that existing setups will remain unaffected. If there's a compelling reason for supporting thread groups with these pollers in the future, the rework should not be too hard, it would just consume a lot of memory to have an fd_evts[] array per thread, but that is doable.
2022-07-09 17:38:46 -04:00
" This may happen when using thread-groups with old pollers (poll/select), or\n"
" it is possible that haproxy was built with TARGET=generic and that FD_SETSIZE\n"
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
" is too low on this platform to support maxconn and the number of listeners\n"
" and servers. You should rebuild haproxy specifying your system using TARGET=\n"
" in order to support other polling systems (poll, epoll, kqueue) or reduce the\n"
" global maxconn setting to accommodate the system's limitation. For reference,\n"
" FD_SETSIZE=%d on this system, global.maxconn=%d resulting in a maximum of\n"
" %d file descriptors. You should thus reduce global.maxconn by %d. Also,\n"
" check build settings using 'haproxy -vv'.\n\n",
FD_SETSIZE, global.maxconn, global.maxsock, (global.maxsock + 1 - FD_SETSIZE) / 2);
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
exit(1);
}
[MAJOR] delay registering of listener sockets at startup Some pollers such as kqueue lose their FD across fork(), meaning that the registered file descriptors are lost too. Now when the proxies are started by start_proxies(), the file descriptors are not registered yet, leaving enough time for the fork() to take place and to get a new pollfd. It will be the first call to maintain_proxies that will register them.
2007-04-09 13:29:56 -04:00
if (global.mode & (MODE_VERBOSE|MODE_DEBUG)) {
printf("Using %s() as the polling mechanism.\n", cur_poller.name);
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
}
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
if (!global.node)
global.node = strdup(hostname);
MEDIUM: init: stop disabled proxies after initializing fdtab During the startup process we don't have any fdtab nor fd_updt for quite a long time, and as such some operations on the listeners are not permitted, such as fd_want_*/fd_stop_* or fd_delete(). The latter is of particular concern because it's used when stopping a disabled frontend, and it's performed very early during check_config_validity() while there is no fdtab yet. The trick till now relies on the listener's state which is a bit brittle. There is absolutely no valid reason for stopping a proxy's listeners this early, we can postpone it after init_pollers() which will at least have allocated fdtab.
2020-10-07 12:36:54 -04:00
/* stop disabled proxies */
for (px = proxies_list; px; px = px->next) {
MINOR: proxy: Introduce proxy flags to replace disabled bitfield This change is required to support TCP/HTTP rules in defaults sections. The 'disabled' bitfield in the proxy structure, used to know if a proxy is disabled or stopped, is replaced a generic bitfield named 'flags'. PR_DISABLED and PR_STOPPED flags are renamed to PR_FL_DISABLED and PR_FL_STOPPED respectively. In addition, everywhere there is a test to know if a proxy is disabled or stopped, there is now a bitwise AND operation on PR_FL_DISABLED and/or PR_FL_STOPPED flags.
2021-10-06 08:24:19 -04:00
if (px->flags & (PR_FL_DISABLED|PR_FL_STOPPED))
MEDIUM: init: stop disabled proxies after initializing fdtab During the startup process we don't have any fdtab nor fd_updt for quite a long time, and as such some operations on the listeners are not permitted, such as fd_want_*/fd_stop_* or fd_delete(). The latter is of particular concern because it's used when stopping a disabled frontend, and it's performed very early during check_config_validity() while there is no fdtab yet. The trick till now relies on the listener's state which is a bit brittle. There is absolutely no valid reason for stopping a proxy's listeners this early, we can postpone it after init_pollers() which will at least have allocated fdtab.
2020-10-07 12:36:54 -04:00
stop_proxy(px);
}
MINOR: lua: post initialisation bindings This system permits to execute some lua function after than HAProxy complete his initialisation. These functions are executed between the end of the configuration parsing and check and the begin of the scheduler.
2015-01-23 06:08:30 -05:00
if (!hlua_post_init())
exit(1);
MINOR: pool: make the thread-local hot cache size configurable Till now it was only possible to change the thread local hot cache size at build time using CONFIG_HAP_POOL_CACHE_SIZE. But along benchmarks it was sometimes noticed a huge contention in the lower level memory allocators indicating that larger caches could be beneficial, especially on machines with large L2 CPUs. Given that the checks against this value was no longer on a hot path anymore, there was no reason for continuing to force it to be tuned at build time. So this patch allows to set it by tune.memory-hot-size. It's worth noting that during the boot phase the value remains zero so that it's possible to know if the value was set or not, which opens the possibility that we try to automatically adjust it based on the per-cpu L2 cache size or the use of certain protocols (none of this is done yet).
2022-12-19 02:15:57 -05:00
/* Set the per-thread pool cache size to the default value if not set.
* This is the right place to decide to automatically adjust it (e.g.
* check L2 cache size, thread counts or take into account certain
* expensive pools).
*/
if (!global.tune.pool_cache_size)
global.tune.pool_cache_size = CONFIG_HAP_POOL_CACHE_SIZE;
MINOR: init: add info about the main program to the post_mortem struct This way we'll still have haproxy's version, build options etc in core dumps and centralized all at once.
2023-11-23 05:32:24 -05:00
/* fill in a few info about our version and build options */
chunk_reset(&trash);
/* toolchain */
cc = chunk_newstr(&trash);
#if defined(__clang_version__)
chunk_appendf(&trash, "clang-" __clang_version__);
#elif defined(__VERSION__)
chunk_appendf(&trash, "gcc-" __VERSION__);
#endif
#if __has_feature(address_sanitizer) || defined(__SANITIZE_ADDRESS__)
chunk_appendf(&trash, "+asan");
#endif
/* toolchain opts */
cflags = chunk_newstr(&trash);
#ifdef BUILD_CC
chunk_appendf(&trash, "%s", BUILD_CC);
#endif
#ifdef BUILD_CFLAGS
chunk_appendf(&trash, " %s", BUILD_CFLAGS);
#endif
#ifdef BUILD_DEBUG
chunk_appendf(&trash, " %s", BUILD_DEBUG);
#endif
/* settings */
opts = chunk_newstr(&trash);
#ifdef BUILD_TARGET
chunk_appendf(&trash, "TARGET='%s'", BUILD_TARGET);
#endif
#ifdef BUILD_OPTIONS
chunk_appendf(&trash, " %s", BUILD_OPTIONS);
#endif
post_mortem_add_component("haproxy", haproxy_version, cc, cflags, opts, argv[0]);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
void deinit(void)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
MINOR/CLEANUP: proxy: rename "proxy" to "proxies_list" Rename the global variable "proxy" to "proxies_list". There's been multiple proxies in haproxy for quite some time, and "proxy" is a potential source of bugs, a number of functions have a "proxy" argument, and some code used "proxy" when it really meant "px" or "curproxy". It worked by pure luck, because it usually happened while parsing the config, and thus "proxy" pointed to the currently parsed proxy, but we should probably not rely on this. [wt: some of these are definitely fixes that are worth backporting]
2017-11-24 10:54:05 -05:00
struct proxy *p = proxies_list, *p0;
MINOR: startup: adapt list_append_word to use cfgfile list_append_word() helper was used before only to chain configuration file names in a list. As now we start to use cfgfile structure which represents entire file in memory and its metadata, let's adapt this helper to use this structure and let's rename it to list_append_cfgfile(). Adapt functions, which process configuration files and directories to use cfgfile structure and list_append_cfgfile() instead of wordlist.
2024-08-07 12:20:43 -04:00
struct cfgfile *cfg, *cfg_tmp;
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
struct uri_auth *uap, *ua = NULL;
MEDIUM: tree-wide: logsrv struct becomes logger When 'log' directive was implemented, the internal representation was named 'struct logsrv', because the 'log' directive would directly point to the log target, which used to be a (UDP) log server exclusively at that time, hence the name. But things have become more complex, since today 'log' directive can point to ring targets (implicit, or named) for example. Indeed, a 'log' directive does no longer reference the "final" server to which the log will be sent, but instead it describes which log API and parameters to use for transporting the log messages to the proper log destination. So now the term 'logsrv' is rather confusing and prevents us from introducing a new level of abstraction because they would be mixed with logsrv. So in order to better designate this 'log' directive, and make it more generic, we chose the word 'logger' which now replaces logsrv everywhere it was used in the code (including related comments). This is internal rewording, so no functional change should be expected on user-side.
2023-09-11 09:06:53 -04:00
struct logger *log, *logb;
MINOR: haproxy: add a registration for build options Many extensions now report some build options to ease debugging, but this is now being done at the expense of code maintainability. Let's provide a registration function to do this so that we can start to remove most of the #ifdefs from haproxy.c (18 currently just for a single function).
2016-12-21 12:43:10 -05:00
struct build_opts_str *bol, *bolb;
CLEANUP: haproxy: Free post_deinit_list in deinit() This allocation is technically always reachable and cannot leak, but so are a few others that *are* freed.
2020-07-04 05:49:48 -04:00
struct post_deinit_fct *pdf, *pdfb;
CLEANUP: haproxy: Free proxy_deinit_list in deinit() This allocation is technically always reachable and cannot leak, but so are a few others that *are* freed.
2020-07-04 05:49:47 -04:00
struct proxy_deinit_fct *pxdf, *pxdfb;
CLEANUP: haproxy: Free server_deinit_list in deinit() This allocation is technically always reachable and cannot leak, but so are a few others that *are* freed.
2020-07-04 05:49:49 -04:00
struct server_deinit_fct *srvdf, *srvdfb;
CLEANUP: haproxy: Free per_thread_*_list in deinit() This allocation is technically always reachable and cannot leak, but so are a few others that *are* freed.
2020-09-10 13:46:41 -04:00
struct per_thread_init_fct *tif, *tifb;
struct per_thread_deinit_fct *tdf, *tdfb;
struct per_thread_alloc_fct *taf, *tafb;
struct per_thread_free_fct *tff, *tffb;
CLEANUP: haproxy: Free post_server_check_list in deinit() This allocation is technically always reachable and cannot leak, but so are a few others that *are* freed.
2020-07-04 05:49:50 -04:00
struct post_server_check_fct *pscf, *pscfb;
CLEANUP: haproxy: Free post_check_list in deinit() This allocation is technically always reachable and cannot leak, but so are a few others that *are* freed.
2020-09-10 13:46:42 -04:00
struct post_check_fct *pcf, *pcfb;
CLEANUP: haproxy: Free post_proxy_check_list in deinit() This allocation is technically always reachable and cannot leak, but so are a few others that *are* freed.
2020-09-10 13:46:40 -04:00
struct post_proxy_check_fct *ppcf, *ppcfb;
CLEANUP: deinit: release the pre-check callbacks The freeing of pre-check callbacks was missing when this feature was recently added with commit b53eb8790 ("MINOR: init: add the pre-check callback"), let's do it to make valgrind happy.
2022-04-27 12:02:54 -04:00
struct pre_check_fct *prcf, *prcfb;
CLEANUP: deinit: release the config postparsers These ones were not released either, it just requires to export the list ("postparsers") and it makes valgrind happy.
2022-04-27 12:07:24 -04:00
struct cfg_postparser *pprs, *pprsb;
MEDIUM: deinit: close all receivers/listeners before scanning proxies Because of the zombie state, proxies have a skewed vision of the state of listeners, which explains why there are hacks switching the state from ZOMBIE to INIT in the proxy cleaning loop. This is particularly complicated and not needed, as all the information is now available in the protocol list and the fdtab. What we do here instead is to first close all active listeners or receivers by protocol and clean their protocol parts. Then we scan the fdtab to get rid of remaining ones that were necessarily in INIT state after a previous invocation of delete_listener(). From this point, we know the listeners are cleaned, the can safely be freed by scanning the proxies.
2020-09-23 10:46:22 -04:00
int cur_fd;
MINOR: deinit: add a "quick-exit" option to bypass the deinit step Once in a while we spot a bug in the deinit code that is complex, especially when it has to deal with incomplete initializations, and the ability to bypass this step has regularly been raised. In addition for fast-reloading setups it could theoretically save some time. Tests have shown that very large configs can barely save ~100-150ms by skipping the deinit step. However the ability not to crash if a bug is encountered can occasionally help. This patch adds an option to do exactly this. It's obviously not enabled by default and the documentation discourages from using it, but this might be useful in the future.
2022-11-15 03:34:07 -05:00
/* the user may want to skip this phase */
if (global.tune.options & GTUNE_QUICK_EXIT)
return;
MEDIUM: deinit: close all receivers/listeners before scanning proxies Because of the zombie state, proxies have a skewed vision of the state of listeners, which explains why there are hacks switching the state from ZOMBIE to INIT in the proxy cleaning loop. This is particularly complicated and not needed, as all the information is now available in the protocol list and the fdtab. What we do here instead is to first close all active listeners or receivers by protocol and clean their protocol parts. Then we scan the fdtab to get rid of remaining ones that were necessarily in INIT state after a previous invocation of delete_listener(). From this point, we know the listeners are cleaned, the can safely be freed by scanning the proxies.
2020-09-23 10:46:22 -04:00
/* At this point the listeners state is weird:
* - most listeners are still bound and referenced in their protocol
* - some might be zombies that are not in their proto anymore, but
* still appear in their proxy's listeners with a valid FD.
* - some might be stopped and still appear in their proxy as FD #-1
* - among all of them, some might be inherited hence shared and we're
* not allowed to pause them or whatever, we must just close them.
* - finally some are not listeners (pipes, logs, stdout, etc) and
* must be left intact.
*
* The safe way to proceed is to unbind (and close) whatever is not yet
* unbound so that no more receiver/listener remains alive. Then close
* remaining listener FDs, which correspond to zombie listeners (those
* belonging to disabled proxies that were in another process).
* objt_listener() would be cleaner here but not converted yet.
*/
protocol_unbind_all();
for (cur_fd = 0; cur_fd < global.maxsock; cur_fd++) {
BUG/MEDIUM: deinit: check fdtab before fdtab[fd].owner When running a pure config check (haproxy -c) we go through the deinit phase without having allocated fdtab, so we can't blindly dereference it. The issue was added by recent commit ae7bc4a23 ("MEDIUM: deinit: close all receivers/listeners before scanning proxies"), no backport is needed.
2020-10-14 06:13:51 -04:00
if (!fdtab || !fdtab[cur_fd].owner)
MEDIUM: deinit: close all receivers/listeners before scanning proxies Because of the zombie state, proxies have a skewed vision of the state of listeners, which explains why there are hacks switching the state from ZOMBIE to INIT in the proxy cleaning loop. This is particularly complicated and not needed, as all the information is now available in the protocol list and the fdtab. What we do here instead is to first close all active listeners or receivers by protocol and clean their protocol parts. Then we scan the fdtab to get rid of remaining ones that were necessarily in INIT state after a previous invocation of delete_listener(). From this point, we know the listeners are cleaned, the can safely be freed by scanning the proxies.
2020-09-23 10:46:22 -04:00
continue;
MINOR: protocol: register the receiver's I/O handler and not the protocol's Now we define a new sock_accept_iocb() for socket-based stream protocols and use it as a wrapper for listener_accept() which now takes a listener and not an FD anymore. This will allow the receiver's I/O cb to be redefined during registration, and more specifically to get rid of the hard-coded hacks in protocol_bind_all() made for syslog. The previous ->accept() callback in the protocol was removed since it doesn't have anything to do with accept() anymore but is more generic. A few places where listener_accept() was compared against the FD's IO callback for debugging purposes on the CLI were updated.
2020-10-15 15:29:49 -04:00
if (fdtab[cur_fd].iocb == &sock_accept_iocb) {
MEDIUM: deinit: close all receivers/listeners before scanning proxies Because of the zombie state, proxies have a skewed vision of the state of listeners, which explains why there are hacks switching the state from ZOMBIE to INIT in the proxy cleaning loop. This is particularly complicated and not needed, as all the information is now available in the protocol list and the fdtab. What we do here instead is to first close all active listeners or receivers by protocol and clean their protocol parts. Then we scan the fdtab to get rid of remaining ones that were necessarily in INIT state after a previous invocation of delete_listener(). From this point, we know the listeners are cleaned, the can safely be freed by scanning the proxies.
2020-09-23 10:46:22 -04:00
struct listener *l = fdtab[cur_fd].owner;
BUG_ON(l->state != LI_INIT);
unbind_listener(l);
}
}
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
[MEDIUM] signals: add support for registering functions and tasks The two new functions below make it possible to register any number of functions or tasks to a system signal. They will be called in the registration order when the signal is received. struct sig_handler *signal_register_fct(int sig, void (*fct)(struct sig_handler *), int arg); struct sig_handler *signal_register_task(int sig, struct task *task, int reason);
2010-08-27 11:56:48 -04:00
deinit_signals();
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
while (p) {
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
/* build a list of unique uri_auths */
if (!ua)
ua = p->uri_auth;
else {
/* check if p->uri_auth is unique */
for (uap = ua; uap; uap=uap->next)
if (uap == p->uri_auth)
break;
[BUG] we could segfault during exit while freeing uri_auths The following config makes haproxy segfault on exit : defaults mode http balance roundrobin listen no-stats bind :8001 listen stats bind :8002 stats uri /stats The simple fix is to ensure that p->uri_auth is not NULL before dereferencing it.
2008-06-24 05:14:45 -04:00
if (!uap && p->uri_auth) {
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
/* add it, if it is */
p->uri_auth->next = ua;
ua = p->uri_auth;
}
}
[MINOR] improve memory freeing upon exit The deinit() function is specialized in memory area freeing. There were a ton of information that were not released at the exit time, which made valgrind complain. Now, most of the entries are freed. However, it seems like regfree() does not completely free a regex (12 bytes lost per regex).
2007-06-16 18:36:03 -04:00
[MAJOR] call garbage collector when doing soft stop When we're interrupted by another instance, it is very likely that the other one will need some memory. Now we know how to free what is not used, so let's do it. Also only free non-null pointers. Previously, pool_destroy() did implicitly check for this case which was incidentely needed.
2007-05-13 18:39:29 -04:00
p0 = p;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
p = p->next;
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
free_proxy(p0);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}/* end while(p) */
[MAJOR] added generic protocol support A new generic protocol mechanism has been added. It provides an easy method to implement new protocols with different listeners (eg: unix sockets). The listeners are automatically started at the right moment and enabled after the possible fork().
2007-10-16 06:25:14 -04:00
MINOR: log: move log-forwarders cleanup in log.c Move the log-forwarded proxies cleanup from global deinit() function into log dedicated deinit function. No backport needed.
2023-07-03 12:07:30 -04:00
/* we don't need to free sink_proxies_list nor cfg_log_forward proxies since
* they are respectively cleaned up in sink_deinit() and deinit_log_forward()
BUG/MINOR: sink: free forward_px on deinit() When a ring section is configured, a new sink is created and forward_px proxy may be allocated and assigned to the sink. Such sink-related proxies are added to the sink_proxies_list and thus don't belong to the main proxy list which is cleaned up in haproxy deinit() function. We don't have to manually clean up sink_proxies_list in the main deinit() func: sink API already provides the sink_deinit() function so we just add the missing free_proxy(sink->forward_px) there. This could be backported up to 2.4. [in 2.4, commit b0281a49 ("MINOR: proxy: check if p is NULL in free_proxy()") must be backported first]
2023-03-09 06:07:09 -05:00
*/
MINOR: proxy: Be able to reference the defaults section used by a proxy A proxy may now references the defaults section it is used. To do so, a pointer on the default proxy was added in the proxy structure. And a refcount must be used to track proxies using a default proxy. A default proxy is destroyed iff its refcount is equal to zero and when it drops to zero. All this stuff must be performed during init/deinit staged for now. All unreferenced default proxies are removed after the configuration parsing. This patch is mandatory to support TCP/HTTP rules in defaults sections.
2021-10-13 03:50:53 -04:00
/* destroy all referenced defaults proxies */
proxy_destroy_all_unref_defaults();
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
while (ua) {
BUG/MINOR: haproxy: Free uri_auth->scope during deinit Given the following example configuration: listen http bind *:80 mode http stats scope . Running a configuration check with valgrind reports: ==16341== 26 (24 direct, 2 indirect) bytes in 1 blocks are definitely lost in loss record 3 of 13 ==16341== at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==16341== by 0x571C2E: stats_add_scope (uri_auth.c:296) ==16341== by 0x46CE29: cfg_parse_listen (cfgparse-listen.c:1901) ==16341== by 0x45A112: readcfgfile (cfgparse.c:2078) ==16341== by 0x50A0F5: init (haproxy.c:1828) ==16341== by 0x418248: main (haproxy.c:3012) After this patch is applied the leak is gone as expected. This is a very minor leak that can only be observed if deinit() is called, shortly before the OS will free all memory of the process anyway. No backport needed.
2020-09-10 13:46:38 -04:00
struct stat_scope *scope, *scopep;
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
uap = ua;
ua = ua->next;
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(uap->uri_prefix);
free(uap->auth_realm);
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
free(uap->node);
free(uap->desc);
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
[MAJOR] use the new auth framework for http stats Support the new syntax (http-request allow/deny/auth) in http stats. Now it is possible to use the same syntax is the same like in the frontend/backend http-request access control: acl src_nagios src 192.168.66.66 acl stats_auth_ok http_auth(L1) stats http-request allow if src_nagios stats http-request allow if stats_auth_ok stats http-request auth realm LB The old syntax is still supported, but now it is emulated via private acls and an aditional userlist.
2010-01-29 13:29:32 -05:00
userlist_free(uap->userlist);
REORG: global: move free acl/action in their related source files Move deinit_acl_cond and deinit_act_rules from haproxy.c respectively in acl.c and action.c. The name of the functions has been slightly altered, replacing the prefix deinit_* by free_* to reflect their purpose more clearly. This change has been made in preparation to the implementation of a free proxy function. As a side-effect, it helps to clean up haproxy.c.
2021-03-25 12:15:52 -04:00
free_act_rules(&uap->http_req_rules);
[MAJOR] use the new auth framework for http stats Support the new syntax (http-request allow/deny/auth) in http stats. Now it is possible to use the same syntax is the same like in the frontend/backend http-request access control: acl src_nagios src 192.168.66.66 acl stats_auth_ok http_auth(L1) stats http-request allow if src_nagios stats http-request allow if stats_auth_ok stats http-request auth realm LB The old syntax is still supported, but now it is emulated via private acls and an aditional userlist.
2010-01-29 13:29:32 -05:00
BUG/MINOR: haproxy: Free uri_auth->scope during deinit Given the following example configuration: listen http bind *:80 mode http stats scope . Running a configuration check with valgrind reports: ==16341== 26 (24 direct, 2 indirect) bytes in 1 blocks are definitely lost in loss record 3 of 13 ==16341== at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==16341== by 0x571C2E: stats_add_scope (uri_auth.c:296) ==16341== by 0x46CE29: cfg_parse_listen (cfgparse-listen.c:1901) ==16341== by 0x45A112: readcfgfile (cfgparse.c:2078) ==16341== by 0x50A0F5: init (haproxy.c:1828) ==16341== by 0x418248: main (haproxy.c:3012) After this patch is applied the leak is gone as expected. This is a very minor leak that can only be observed if deinit() is called, shortly before the OS will free all memory of the process anyway. No backport needed.
2020-09-10 13:46:38 -04:00
scope = uap->scope;
while (scope) {
scopep = scope;
scope = scope->next;
free(scopep->px_id);
free(scopep);
}
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
free(uap);
}
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
userlist_free(userlist);
BUG/MEDIUM: main: Freeing a bunch of static pointers static_table_key, get_http_auth_buff and swap_buffer static variables are now freed during deinit and the two previously new functions are called as well. In addition, the 'trash' string buffer is cleared.
2015-09-25 07:02:25 -04:00
cfg_unregister_sections();
MINOR: logs: Use dedicated function to init/deinit log buffers Now, we use init_log_buffers and deinit_log_buffers to, respectively, initialize and deinitialize log buffers used for syslog messages. These functions have been introduced to be used by threads, to deal with thread-local log buffers.
2017-07-26 09:33:35 -04:00
deinit_log_buffers();
BUG/MEDIUM: main: Freeing a bunch of static pointers static_table_key, get_http_auth_buff and swap_buffer static variables are now freed during deinit and the two previously new functions are called as well. In addition, the 'trash' string buffer is cleared.
2015-09-25 07:02:25 -04:00
MINOR: haproxy: add a registration for post-deinit functions The 3 device detection engines stop at the same place in deinit() with the usual #ifdefs. Similar to the other functions we can have some late deinitialization functions. These functions do not return anything however so we have to use a different type.
2016-12-21 14:46:26 -05:00
list_for_each_entry(pdf, &post_deinit_list, list)
pdf->fct();
CLEANUP: tree-wide: replace free(x);x=NULL with ha_free(&x) This makes the code more readable and less prone to copy-paste errors. In addition, it allows to place some __builtin_constant_p() predicates to trigger a link-time error in case the compiler knows that the freed area is constant. It will also produce compile-time error if trying to free something that is not a regular pointer (e.g. a function). The DEBUG_MEM_STATS macro now also defines an instance for ha_free() so that all these calls can be checked. 178 occurrences were converted. The vast majority of them were handled by the following Coccinelle script, some slightly refined to better deal with "&*x" or with long lines: @ rule @ expression E; @@ - free(E); - E = NULL; + ha_free(&E); It was verified that the resulting code is the same, more or less a handful of cases where the compiler optimized slightly differently the temporary variable that holds the copy of the pointer. A non-negligible amount of {free(str);str=NULL;str_len=0;} are still present in the config part (mostly header names in proxies). These ones should also be cleaned for the same reasons, and probably be turned into ist strings.
2021-02-20 04:46:51 -05:00
ha_free(&global.log_send_hostname);
BUG/MEDIUM: logs: segfault writing to log from Lua Michael Ezzell reported a bug causing haproxy to segfault during startup when trying to send syslog message from Lua. The function __send_log() can be called with *p that is NULL and/or when the configuration is not fully parsed, as is the case with Lua. This patch fixes this problem by using individual vectors instead of the pre-generated strings log_htp and log_htp_rfc5424. Also, this patch fixes a problem causing haproxy to write the wrong pid in the logs -- the log_htp(_rfc5424) strings were generated at the haproxy start, but "pid" value would be changed after haproxy is started in daemon/systemd mode.
2015-10-01 07:18:13 -04:00
chunk_destroy(&global.log_tag);
CLEANUP: tree-wide: replace free(x);x=NULL with ha_free(&x) This makes the code more readable and less prone to copy-paste errors. In addition, it allows to place some __builtin_constant_p() predicates to trigger a link-time error in case the compiler knows that the freed area is constant. It will also produce compile-time error if trying to free something that is not a regular pointer (e.g. a function). The DEBUG_MEM_STATS macro now also defines an instance for ha_free() so that all these calls can be checked. 178 occurrences were converted. The vast majority of them were handled by the following Coccinelle script, some slightly refined to better deal with "&*x" or with long lines: @ rule @ expression E; @@ - free(E); - E = NULL; + ha_free(&E); It was verified that the resulting code is the same, more or less a handful of cases where the compiler optimized slightly differently the temporary variable that holds the copy of the pointer. A non-negligible amount of {free(str);str=NULL;str_len=0;} are still present in the config part (mostly header names in proxies). These ones should also be cleaned for the same reasons, and probably be turned into ist strings.
2021-02-20 04:46:51 -05:00
ha_free(&global.chroot);
ha_free(&global.pidfile);
ha_free(&global.node);
ha_free(&global.desc);
ha_free(&oldpids);
ha_free(&old_argv);
ha_free(&localpeer);
ha_free(&global.server_state_base);
ha_free(&global.server_state_file);
MINOR: stats: apply stats-file on process startup This commit is the first one of a serie to implement preloading of haproxy counters via stats-file parsing. This patch defines a basic apply_stats_file() function. It implements reading line by line of a stats-file without any parsing for the moment. It is called automatically on process startup via init().
2024-04-24 05:09:06 -04:00
ha_free(&global.stats_file);
MEDIUM: tasks: Merge task_delete() and task_free() into task_destroy(). task_delete() was never used without calling task_free() just after, and task_free() was only used on error pathes to destroy a just-created task, so merge them into task_destroy(), that will remove the task from the wait queue, and make sure the task is either destroyed immediately if it's not in the run queue, or destroyed when it's supposed to run.
2019-04-17 16:51:06 -04:00
task_destroy(idle_conn_task);
MEDIUM: servers: Reorganize the way idle connections are cleaned. Instead of having one task per thread and per server that does clean the idling connections, have only one global task for every servers. That tasks parses all the servers that currently have idling connections, and remove half of them, to put them in a per-thread list of connections to kill. For each thread that does have connections to kill, wake a task to do so, so that the cleaning will be done in the context of said thread.
2019-02-14 12:29:09 -05:00
idle_conn_task = NULL;
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
MEDIUM: tree-wide: logsrv struct becomes logger When 'log' directive was implemented, the internal representation was named 'struct logsrv', because the 'log' directive would directly point to the log target, which used to be a (UDP) log server exclusively at that time, hence the name. But things have become more complex, since today 'log' directive can point to ring targets (implicit, or named) for example. Indeed, a 'log' directive does no longer reference the "final" server to which the log will be sent, but instead it describes which log API and parameters to use for transporting the log messages to the proper log destination. So now the term 'logsrv' is rather confusing and prevents us from introducing a new level of abstraction because they would be mixed with logsrv. So in order to better designate this 'log' directive, and make it more generic, we chose the word 'logger' which now replaces logsrv everywhere it was used in the code (including related comments). This is internal rewording, so no functional change should be expected on user-side.
2023-09-11 09:06:53 -04:00
list_for_each_entry_safe(log, logb, &global.loggers, list) {
BUG/MINOR: log: release global log servers on exit Since 2.6 we have a free_logsrv() function that is used to release log servers. It must be called from deinit() instead of manually iterating over the log servers, otherwise some parts of the structure are not freed (namely the ring name), as reported by ASAN. This should be backported to 2.6.
2023-01-26 09:32:12 -05:00
LIST_DEL_INIT(&log->list);
MEDIUM: tree-wide: logsrv struct becomes logger When 'log' directive was implemented, the internal representation was named 'struct logsrv', because the 'log' directive would directly point to the log target, which used to be a (UDP) log server exclusively at that time, hence the name. But things have become more complex, since today 'log' directive can point to ring targets (implicit, or named) for example. Indeed, a 'log' directive does no longer reference the "final" server to which the log will be sent, but instead it describes which log API and parameters to use for transporting the log messages to the proper log destination. So now the term 'logsrv' is rather confusing and prevents us from introducing a new level of abstraction because they would be mixed with logsrv. So in order to better designate this 'log' directive, and make it more generic, we chose the word 'logger' which now replaces logsrv everywhere it was used in the code (including related comments). This is internal rewording, so no functional change should be expected on user-side.
2023-09-11 09:06:53 -04:00
free_logger(log);
BUG/MINOR: log: release global log servers on exit Since 2.6 we have a free_logsrv() function that is used to release log servers. It must be called from deinit() instead of manually iterating over the log servers, otherwise some parts of the structure are not freed (namely the ring name), as reported by ASAN. This should be backported to 2.6.
2023-01-26 09:32:12 -05:00
}
MINOR: startup: adapt list_append_word to use cfgfile list_append_word() helper was used before only to chain configuration file names in a list. As now we start to use cfgfile structure which represents entire file in memory and its metadata, let's adapt this helper to use this structure and let's rename it to list_append_cfgfile(). Adapt functions, which process configuration files and directories to use cfgfile structure and list_append_cfgfile() instead of wordlist.
2024-08-07 12:20:43 -04:00
list_for_each_entry_safe(cfg, cfg_tmp, &cfg_cfgfiles, list) {
ha_free(&cfg->filename);
LIST_DELETE(&cfg->list);
ha_free(&cfg);
[MEDIUM] config: remove the limitation of 10 config files Now we use a linked list, there is no limit anymore.
2010-01-03 15:12:30 -05:00
}
MINOR: haproxy: add a registration for build options Many extensions now report some build options to ease debugging, but this is now being done at the expense of code maintainability. Let's provide a registration function to do this so that we can start to remove most of the #ifdefs from haproxy.c (18 currently just for a single function).
2016-12-21 12:43:10 -05:00
list_for_each_entry_safe(bol, bolb, &build_opts_list, list) {
if (bol->must_free)
free((void *)bol->str);
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_DELETE(&bol->list);
MINOR: haproxy: add a registration for build options Many extensions now report some build options to ease debugging, but this is now being done at the expense of code maintainability. Let's provide a registration function to do this so that we can start to remove most of the #ifdefs from haproxy.c (18 currently just for a single function).
2016-12-21 12:43:10 -05:00
free(bol);
}
CLEANUP: haproxy: Free proxy_deinit_list in deinit() This allocation is technically always reachable and cannot leak, but so are a few others that *are* freed.
2020-07-04 05:49:47 -04:00
list_for_each_entry_safe(pxdf, pxdfb, &proxy_deinit_list, list) {
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_DELETE(&pxdf->list);
CLEANUP: haproxy: Free proxy_deinit_list in deinit() This allocation is technically always reachable and cannot leak, but so are a few others that *are* freed.
2020-07-04 05:49:47 -04:00
free(pxdf);
}
CLEANUP: haproxy: Free post_deinit_list in deinit() This allocation is technically always reachable and cannot leak, but so are a few others that *are* freed.
2020-07-04 05:49:48 -04:00
list_for_each_entry_safe(pdf, pdfb, &post_deinit_list, list) {
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_DELETE(&pdf->list);
CLEANUP: haproxy: Free post_deinit_list in deinit() This allocation is technically always reachable and cannot leak, but so are a few others that *are* freed.
2020-07-04 05:49:48 -04:00
free(pdf);
}
CLEANUP: haproxy: Free server_deinit_list in deinit() This allocation is technically always reachable and cannot leak, but so are a few others that *are* freed.
2020-07-04 05:49:49 -04:00
list_for_each_entry_safe(srvdf, srvdfb, &server_deinit_list, list) {
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_DELETE(&srvdf->list);
CLEANUP: haproxy: Free server_deinit_list in deinit() This allocation is technically always reachable and cannot leak, but so are a few others that *are* freed.
2020-07-04 05:49:49 -04:00
free(srvdf);
}
CLEANUP: haproxy: Free post_check_list in deinit() This allocation is technically always reachable and cannot leak, but so are a few others that *are* freed.
2020-09-10 13:46:42 -04:00
list_for_each_entry_safe(pcf, pcfb, &post_check_list, list) {
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_DELETE(&pcf->list);
CLEANUP: haproxy: Free post_check_list in deinit() This allocation is technically always reachable and cannot leak, but so are a few others that *are* freed.
2020-09-10 13:46:42 -04:00
free(pcf);
}
CLEANUP: haproxy: Free post_server_check_list in deinit() This allocation is technically always reachable and cannot leak, but so are a few others that *are* freed.
2020-07-04 05:49:50 -04:00
list_for_each_entry_safe(pscf, pscfb, &post_server_check_list, list) {
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_DELETE(&pscf->list);
CLEANUP: haproxy: Free post_server_check_list in deinit() This allocation is technically always reachable and cannot leak, but so are a few others that *are* freed.
2020-07-04 05:49:50 -04:00
free(pscf);
}
CLEANUP: haproxy: Free post_proxy_check_list in deinit() This allocation is technically always reachable and cannot leak, but so are a few others that *are* freed.
2020-09-10 13:46:40 -04:00
list_for_each_entry_safe(ppcf, ppcfb, &post_proxy_check_list, list) {
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_DELETE(&ppcf->list);
CLEANUP: haproxy: Free post_proxy_check_list in deinit() This allocation is technically always reachable and cannot leak, but so are a few others that *are* freed.
2020-09-10 13:46:40 -04:00
free(ppcf);
}
CLEANUP: deinit: release the pre-check callbacks The freeing of pre-check callbacks was missing when this feature was recently added with commit b53eb8790 ("MINOR: init: add the pre-check callback"), let's do it to make valgrind happy.
2022-04-27 12:02:54 -04:00
list_for_each_entry_safe(prcf, prcfb, &pre_check_list, list) {
LIST_DELETE(&prcf->list);
free(prcf);
}
CLEANUP: haproxy: Free per_thread_*_list in deinit() This allocation is technically always reachable and cannot leak, but so are a few others that *are* freed.
2020-09-10 13:46:41 -04:00
list_for_each_entry_safe(tif, tifb, &per_thread_init_list, list) {
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_DELETE(&tif->list);
CLEANUP: haproxy: Free per_thread_*_list in deinit() This allocation is technically always reachable and cannot leak, but so are a few others that *are* freed.
2020-09-10 13:46:41 -04:00
free(tif);
}
list_for_each_entry_safe(tdf, tdfb, &per_thread_deinit_list, list) {
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_DELETE(&tdf->list);
CLEANUP: haproxy: Free per_thread_*_list in deinit() This allocation is technically always reachable and cannot leak, but so are a few others that *are* freed.
2020-09-10 13:46:41 -04:00
free(tdf);
}
list_for_each_entry_safe(taf, tafb, &per_thread_alloc_list, list) {
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_DELETE(&taf->list);
CLEANUP: haproxy: Free per_thread_*_list in deinit() This allocation is technically always reachable and cannot leak, but so are a few others that *are* freed.
2020-09-10 13:46:41 -04:00
free(taf);
}
list_for_each_entry_safe(tff, tffb, &per_thread_free_list, list) {
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_DELETE(&tff->list);
CLEANUP: haproxy: Free per_thread_*_list in deinit() This allocation is technically always reachable and cannot leak, but so are a few others that *are* freed.
2020-09-10 13:46:41 -04:00
free(tff);
}
CLEANUP: deinit: release the config postparsers These ones were not released either, it just requires to export the list ("postparsers") and it makes valgrind happy.
2022-04-27 12:07:24 -04:00
list_for_each_entry_safe(pprs, pprsb, &postparsers, list) {
LIST_DELETE(&pprs->list);
free(pprs);
}
REORG: vars: move the "proc" scope variables out of the global struct The presence of this field causes a long dependency chain because almost everyone includes global-t.h, and vars include sample_data which include some system includes as well as HTTP parts. There is absolutely no reason for having the process-wide variables in the global struct, let's just move them into vars.c and vars.h. This reduces from ~190k to ~170k the preprocessed output of version.c.
2021-05-08 05:41:28 -04:00
vars_prune(&proc_vars, NULL, NULL);
MEDIUM: memory: use pool_destroy_all() to destroy all pools on deinit() Instead of exporting a number of pools and having to manually delete them in deinit() or to have dedicated destructors to remove them, let's simply kill all pools on deinit(). For this a new function pool_destroy_all() was introduced. As its name implies, it destroys and frees all pools (provided they don't have any user anymore of course). This allowed to remove 4 implicit destructors, 2 explicit ones, and 11 individual calls to pool_destroy(). In addition it properly removes the mux_pt_ctx pool which was not cleared on exit (no backport needed here since it's 1.9 only). The sig_handler pool doesn't need to be exported anymore and became static now.
2018-11-26 09:57:34 -05:00
pool_destroy_all();
[MEDIUM] Fix memory freeing at exit New functions implemented: - deinit_pollers: called at the end of deinit()) - prune_acl: called via list_for_each_entry_safe Add missing pool_destroy2 calls: - p->hdr_idx_pool - pool2_tree64 Implement all task stopping: - health-check: needs new "struct task" in the struct server - queue processing: queue_mgt - appsess_refresh: appsession_refresh before (idle system): ==6079== LEAK SUMMARY: ==6079== definitely lost: 1,112 bytes in 75 blocks. ==6079== indirectly lost: 53,356 bytes in 2,090 blocks. ==6079== possibly lost: 52 bytes in 1 blocks. ==6079== still reachable: 150,996 bytes in 504 blocks. ==6079== suppressed: 0 bytes in 0 blocks. after (idle system): ==6945== LEAK SUMMARY: ==6945== definitely lost: 7,644 bytes in 137 blocks. ==6945== indirectly lost: 9,913 bytes in 587 blocks. ==6945== possibly lost: 0 bytes in 0 blocks. ==6945== still reachable: 0 bytes in 0 blocks. ==6945== suppressed: 0 bytes in 0 blocks. before (running system for ~2m): ==9343== LEAK SUMMARY: ==9343== definitely lost: 1,112 bytes in 75 blocks. ==9343== indirectly lost: 54,199 bytes in 2,122 blocks. ==9343== possibly lost: 52 bytes in 1 blocks. ==9343== still reachable: 151,128 bytes in 509 blocks. ==9343== suppressed: 0 bytes in 0 blocks. after (running system for ~2m): ==11616== LEAK SUMMARY: ==11616== definitely lost: 7,644 bytes in 137 blocks. ==11616== indirectly lost: 9,981 bytes in 591 blocks. ==11616== possibly lost: 0 bytes in 0 blocks. ==11616== still reachable: 4 bytes in 1 blocks. ==11616== suppressed: 0 bytes in 0 blocks. Still not perfect but significant improvement.
2008-05-29 17:53:44 -04:00
deinit_pollers();
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
} /* end deinit() */
BUILD: haproxy: mark deinit_and_exit() as noreturn Commit 0a3b43d9c ("MINOR: haproxy: Make use of deinit_and_exit() for clean exits") introduced this build warning: src/haproxy.c: In function 'main': src/haproxy.c:3775:1: warning: control reaches end of non-void function [-Wreturn-type] } ^ This is because the new deinit_and_exit() is not marked as "noreturn" so depending on the optimizations, the noreturn attribute of exit() will either leak through it and silence the warning or not and confuse the compiler. Let's just add the attribute to fix this. No backport is needed, this is purely 2.2.
2020-06-15 12:43:46 -04:00
__attribute__((noreturn)) void deinit_and_exit(int status)
MINOR: haproxy: Add void deinit_and_exit(int) This helper function calls deinit() and then exit() with the given status.
2020-06-13 18:37:41 -04:00
{
MINOR: global: define MODE_STOPPING Define a new mode MODE_STOPPING. It is used to indicate that the process is in the stopping stage and no event loop runs anymore.
2021-08-09 09:02:56 -04:00
global.mode |= MODE_STOPPING;
MINOR: haproxy: Add void deinit_and_exit(int) This helper function calls deinit() and then exit() with the given status.
2020-06-13 18:37:41 -04:00
deinit();
exit(status);
}
MEDIUM: mworker: leave when the master die When the master die, the worker should exit too, this is achieved by checking if the FD of the socketpair/pipe was closed between the master and the worker. In the former architecture of the master-worker, there was only a pipe between the master and the workers, and it was easy to check an EOF on the pipe FD to exit() the worker. With the new architecture, we use a socketpair by process, and this socketpair is also used to accept new connections with the listener_accept() callback. This accept callback can't handle the EOF and the exit of the process, because it's very specific to the master worker. This is why we transformed the mworker_pipe_handler() function in a wrapper which check if there is an EOF and exit the process, and if not call listener_accept() to achieve the accept.
2018-11-06 11:37:16 -05:00
[MAJOR] proxy: finally get rid of maintain_proxies() This function is finally not needed anymore, as it has been replaced with a per-proxy task that is scheduled when some limits are encountered on incoming connections or when the process is stopping. The savings should be noticeable on configs with a large number of proxies. The most important point is that the rate limiting is now enforced in a clean and solid way.
2011-07-25 10:33:49 -04:00
/* Runs the polling loop */
MINOR: haproxy: export run_poll_loop This will help refine debug traces.
2020-03-03 08:59:56 -05:00
void run_poll_loop()
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
{
MEDIUM: poller: separate the wait time from the wake events We have been abusing the do_poll()'s timeout for a while, making it zero whenever there is some known activity. The problem this poses is that it complicates activity diagnostic by incrementing the poll_exp field for each known activity. It also requires extra computations that could be avoided. This change passes a "wake" argument to say that the poller must not sleep. This simplifies the operations and allows one to differenciate expirations from activity.
2019-05-28 10:44:05 -04:00
int next, wake;
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
MINOR: threads: add flags to know if a thread is started and/or running Several times during debugging it has been difficult to find a way to reliably indicate if a thread had been started and if it was still running. It's really not easy because the elements we look at are not necessarily reliable (e.g. harmless bit or idle bit might not reflect what we think during a signal). And such notions can be subjective anyway. Here we define two thread flags, TH_FL_STARTED which is set as soon as a thread enters run_thread_poll_loop() and drops the idle bit, and another one, TH_FL_IN_LOOP, which is set when entering run_poll_loop() and cleared when leaving it. This should help init/deinit code know whether it's called from a non-initialized thread (i.e. tid must not be trusted), or shared functions know if they're being called from a running thread or from init/deinit code outside of the polling loop.
2023-02-17 02:36:42 -05:00
_HA_ATOMIC_OR(&th_ctx->flags, TH_FL_IN_LOOP);
REORG: time: move time-keeping code and variables to clock.c There is currently a problem related to time keeping. We're mixing the functions to perform calculations with the os-dependent code needed to retrieve and adjust the local time. This patch extracts from time.{c,h} the parts that are solely dedicated to time keeping. These are the "now" or "before_poll" variables for example, as well as the various now_*() functions that make use of gettimeofday() and clock_gettime() to retrieve the current time. The "tv_*" functions moved there were also more appropriately renamed to "clock_*". Other parts used to compute stolen time are in other files, they will have to be picked next.
2021-10-08 03:33:24 -04:00
clock_update_date(0,1);
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
while (1) {
MINOR: tasks: split wake_expired_tasks() in two parts to avoid useless wakeups We used to have wake_expired_tasks() wake up tasks and return the next expiration delay. The problem this causes is that we have to call it just before poll() in order to consider latest timers, but this also means that we don't wake up all newly expired tasks upon return from poll(), which thus systematically requires a second poll() round. This is visible when running any scheduled task like a health check, as there are systematically two poll() calls, one with the interval, nothing is done after it, and another one with a zero delay, and the task is called: listen test bind *:8001 server s1 127.0.0.1:1111 check 09:37:38.200959 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=8696843}) = 0 09:37:38.200967 epoll_wait(3, [], 200, 1000) = 0 09:37:39.202459 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=8712467}) = 0 >> nothing run here, as the expired task was not woken up yet. 09:37:39.202497 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=8715766}) = 0 09:37:39.202505 epoll_wait(3, [], 200, 0) = 0 09:37:39.202513 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=8719064}) = 0 >> now the expired task was woken up 09:37:39.202522 socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) = 7 09:37:39.202537 fcntl(7, F_SETFL, O_RDONLY|O_NONBLOCK) = 0 09:37:39.202565 setsockopt(7, SOL_TCP, TCP_NODELAY, [1], 4) = 0 09:37:39.202577 setsockopt(7, SOL_TCP, TCP_QUICKACK, [0], 4) = 0 09:37:39.202585 connect(7, {sa_family=AF_INET, sin_port=htons(1111), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EINPROGRESS (Operation now in progress) 09:37:39.202659 epoll_ctl(3, EPOLL_CTL_ADD, 7, {EPOLLOUT, {u32=7, u64=7}}) = 0 09:37:39.202673 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=8814713}) = 0 09:37:39.202683 epoll_wait(3, [{EPOLLOUT|EPOLLERR|EPOLLHUP, {u32=7, u64=7}}], 200, 1000) = 1 09:37:39.202693 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=8818617}) = 0 09:37:39.202701 getsockopt(7, SOL_SOCKET, SO_ERROR, [111], [4]) = 0 09:37:39.202715 close(7) = 0 Let's instead split the function in two parts: - the first part, wake_expired_tasks(), called just before process_runnable_tasks(), wakes up all expired tasks; it doesn't compute any timeout. - the second part, next_timer_expiry(), called just before poll(), only computes the next timeout for the current thread. Thanks to this, all expired tasks are properly woken up when leaving poll, and each poll call's timeout remains up to date: 09:41:16.270449 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=10223556}) = 0 09:41:16.270457 epoll_wait(3, [], 200, 999) = 0 09:41:17.270130 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=10238572}) = 0 09:41:17.270157 socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) = 7 09:41:17.270194 fcntl(7, F_SETFL, O_RDONLY|O_NONBLOCK) = 0 09:41:17.270204 setsockopt(7, SOL_TCP, TCP_NODELAY, [1], 4) = 0 09:41:17.270216 setsockopt(7, SOL_TCP, TCP_QUICKACK, [0], 4) = 0 09:41:17.270224 connect(7, {sa_family=AF_INET, sin_port=htons(1111), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EINPROGRESS (Operation now in progress) 09:41:17.270299 epoll_ctl(3, EPOLL_CTL_ADD, 7, {EPOLLOUT, {u32=7, u64=7}}) = 0 09:41:17.270314 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=10337841}) = 0 09:41:17.270323 epoll_wait(3, [{EPOLLOUT|EPOLLERR|EPOLLHUP, {u32=7, u64=7}}], 200, 1000) = 1 09:41:17.270332 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=10341860}) = 0 09:41:17.270340 getsockopt(7, SOL_SOCKET, SO_ERROR, [111], [4]) = 0 09:41:17.270367 close(7) = 0 This may be backported to 2.1 and 2.0 though it's unlikely to bring any user-visible improvement except to clarify debugging.
2019-12-11 02:12:23 -05:00
wake_expired_tasks();
BUG/MEDIUM: threads: handle signal queue only in thread 0 Signals were handled in all threads which caused some signals to be lost from time to time. To avoid complicated lock system (threads+signals), we prefer handling the signals in one thread avoiding concurrent access. The side effect of this bug was that some process were not leaving from time to time during a reload. This patch must be backported in 1.8.
2018-06-07 03:46:01 -04:00
/* check if we caught some signals and process them in the
first thread */
MINOR: haproxy: process signals before runnable tasks Nowadays signals cause tasks to be woken up. The historic code still processes signals after tasks, which forces a second round in the loop before they can effectively be processed. Let's move the signal queue handling between wake_expired_tasks() and process_runnable_tasks() where it makes much more sense.
2020-06-19 06:06:34 -04:00
if (signal_queue_len && tid == 0) {
activity[tid].wake_signal++;
BUG/MEDIUM: threads: handle signal queue only in thread 0 Signals were handled in all threads which caused some signals to be lost from time to time. To avoid complicated lock system (threads+signals), we prefer handling the signals in one thread avoiding concurrent access. The side effect of this bug was that some process were not leaving from time to time during a reload. This patch must be backported in 1.8.
2018-06-07 03:46:01 -04:00
signal_process_queue();
MINOR: haproxy: process signals before runnable tasks Nowadays signals cause tasks to be woken up. The historic code still processes signals after tasks, which forces a second round in the loop before they can effectively be processed. Let's move the signal queue handling between wake_expired_tasks() and process_runnable_tasks() where it makes much more sense.
2020-06-19 06:06:34 -04:00
}
/* Process a few tasks */
process_runnable_tasks();
[MEDIUM] call signal_process_queue from run_poll_loop Now we check for asynchronous pending signals. There's no user yet so this cannot cause any trouble.
2009-05-10 03:01:21 -04:00
BUG/MINOR: deinit/threads: make hard-stop-after perform a clean exit As reported in GH issue #99, when hard-stop-after triggers and threads are in use, the chance that any thread releases the resources in use by the other ones is non-null. Thus no thread should be allowed to deinit() nor exit by itself. Here we take a different approach. We simply use a 3rd possible value for the "killed" variable so that all threads know they must break out of the run-poll-loop and immediately stop. This patch was tested by commenting the stream_shutdown() calls in hard_stop() to increase the chances to see a stream use released resources. With this fix applied, it never crashes anymore. This fix should be backported to 1.9 and 1.8.
2019-06-02 05:11:29 -04:00
/* also stop if we failed to cleanly stop all tasks */
if (killed > 1)
break;
BUG/MINOR: signals/poller: ensure wakeup from signals Add self-wake in signal_handler() to fix a race condition with a signal coming in between checking signal_queue_len and entering polling sleep. The changes in commit 43c891dda ("BUG/MINOR: signals/poller: set the poller timeout to 0 when there are signals") were insufficient. Move the signal_queue_len check from the poll implementations to run_poll_loop() to keep that logic in one place. The poll loops are terminated either by the parameter wake being set or wake up due to a write to their poller_wr_pipe by wake_thread() in signal_handler(). This fixes issue #1841. Must be backported in every stable version.
2022-09-09 04:21:00 -04:00
/* expire immediately if events or signals are pending */
MEDIUM: poller: separate the wait time from the wake events We have been abusing the do_poll()'s timeout for a while, making it zero whenever there is some known activity. The problem this poses is that it complicates activity diagnostic by incrementing the poll_exp field for each known activity. It also requires extra computations that could be avoided. This change passes a "wake" argument to say that the poller must not sleep. This simplifies the operations and allows one to differenciate expirations from activity.
2019-05-28 10:44:05 -04:00
wake = 1;
MAJOR: fd: Get rid of the fd cache. Now that the architecture was changed so that attempts to receive/send data always come from the upper layers, instead of them only trying to do so when the lower layer let them know they could try, we can finally get rid of the fd cache. We don't really need it anymore, and removing it gives us a small performance boost.
2019-07-24 12:07:06 -04:00
if (thread_has_tasks())
MINOR: global: add some global activity counters to help debugging A number of counters have been added at special places helping better understanding certain bug reports. These counters are maintained per thread and are shown using "show activity" on the CLI. The "clear counters" commands also reset these counters. The output is sent as a single write(), which currently produces up to about 7 kB of data for 64 threads. If more counters are added, it may be necessary to write into multiple buffers, or to reset the counters. To backport to 1.8 to help collect more detailed bug reports.
2018-01-20 13:30:13 -05:00
activity[tid].wake_tasks++;
MINOR: pollers: Add a way to wake a thread sleeping in the poller. Add a new pipe, one per thread, so that we can write on it to wake a thread sleeping in a poller, and use it to wake threads supposed to take care of a task, if they are all sleeping.
2018-07-26 11:55:11 -04:00
else {
MEDIUM: tasks/fd: replace sleeping_thread_mask with a TH_FL_SLEEPING flag Every single place where sleeping_thread_mask was still used was to test or set a single thread. We can now add a per-thread flag to indicate a thread is sleeping, and remove this shared mask. The wake_thread() function now always performs an atomic fetch-and-or instead of a first load then an atomic OR. That's cleaner and more reliable. This is not easy to test, as broadcast FD events are rare. The good way to test for this is to run a very low rate-limited frontend with a listener that listens to the fewest possible threads (2), and to send it only 1 connection at a time. The listener will periodically pause and the wakeup task will sometimes wake up on a random thread and will call wake_thread(): frontend test bind :8888 maxconn 10 thread 1-2 rate-limit sessions 5 Alternately, disabling/enabling a frontend in loops via the CLI also broadcasts such events, but they're more difficult to observe since this is causing connection failures.
2022-06-20 03:23:24 -04:00
_HA_ATOMIC_OR(&th_ctx->flags, TH_FL_SLEEPING);
MEDIUM: thread: add a new per-thread flag TH_FL_NOTIFIED to remember wakeups Right now when an inter-thread wakeup happens, we preliminary check if the thread was asleep, and if so we wake the poller up and remove its bit from the sleeping mask. That's not very clean since the sleeping mask cannot be entirely trusted since a thread that's about to wake up will already have its sleeping bit removed. This patch adds a new per-thread flag (TH_FL_NOTIFIED) to remember that a thread was notified to wake up. It's cleared before checking the task lists last, so that new wakeups can be considered again (since wake_thread() is only used to notify about task wakeups and FD polling changes). This way we do not need to modify a remote thread's sleeping mask anymore. As such wake_thread() now only tests and sets the TH_FL_NOTIFIED flag but doesn't clear sleeping anymore.
2022-06-22 09:38:38 -04:00
_HA_ATOMIC_AND(&th_ctx->flags, ~TH_FL_NOTIFIED);
MEDIUM: threads: Use the new _HA_ATOMIC_* macros. Use the new _HA_ATOMIC_* macros and add barriers where needed.
2019-03-08 12:51:17 -05:00
__ha_barrier_atomic_store();
CLEANUP: haproxy/threads: don't check global_tasks_mask twice In run_thread_poll_loop() we test both for (global_tasks_mask & tid_bit) and thread_has_tasks(), but the former is useless since this test is already part of the latter.
2020-03-23 04:33:32 -04:00
if (thread_has_tasks()) {
MINOR: pollers: Add a way to wake a thread sleeping in the poller. Add a new pipe, one per thread, so that we can write on it to wake a thread sleeping in a poller, and use it to wake threads supposed to take care of a task, if they are all sleeping.
2018-07-26 11:55:11 -04:00
activity[tid].wake_tasks++;
MEDIUM: tasks/fd: replace sleeping_thread_mask with a TH_FL_SLEEPING flag Every single place where sleeping_thread_mask was still used was to test or set a single thread. We can now add a per-thread flag to indicate a thread is sleeping, and remove this shared mask. The wake_thread() function now always performs an atomic fetch-and-or instead of a first load then an atomic OR. That's cleaner and more reliable. This is not easy to test, as broadcast FD events are rare. The good way to test for this is to run a very low rate-limited frontend with a listener that listens to the fewest possible threads (2), and to send it only 1 connection at a time. The listener will periodically pause and the wakeup task will sometimes wake up on a random thread and will call wake_thread(): frontend test bind :8888 maxconn 10 thread 1-2 rate-limit sessions 5 Alternately, disabling/enabling a frontend in loops via the CLI also broadcasts such events, but they're more difficult to observe since this is causing connection failures.
2022-06-20 03:23:24 -04:00
_HA_ATOMIC_AND(&th_ctx->flags, ~TH_FL_SLEEPING);
BUG/MINOR: haproxy: only tid 0 must not sleep if got signal This patch fixes the commit eea152ee68 ("BUG/MINOR: signals/poller: ensure wakeup from signals"). There is some probability that run_poll_loop() becomes inifinite, if TH_FL_SLEEPING is withdrawn from all threads in the second signal_queue_len check, when a signal has received just after the first one. In such particular case, the 'wake' variable, which is used to terminate thread's poll loop is never reset to 0. So, we never enter to the "stopping" part of the run_poll_loop() and threads, except the one with id 0 (tid 0 handles signals), will continue to call _do_poll() eternally and will never sleep, as its TH_FL_SLEEPING flag was unset. This flag needs to be removed only for the tid 0, as it was done in the first signal_queue_len check. This fixes an issue #2537 "infinite loop when shutting down". This fix must be backported in every stable version.
2024-05-06 08:24:41 -04:00
} else if (signal_queue_len && tid == 0) {
BUG/MINOR: signals/poller: ensure wakeup from signals Add self-wake in signal_handler() to fix a race condition with a signal coming in between checking signal_queue_len and entering polling sleep. The changes in commit 43c891dda ("BUG/MINOR: signals/poller: set the poller timeout to 0 when there are signals") were insufficient. Move the signal_queue_len check from the poll implementations to run_poll_loop() to keep that logic in one place. The poll loops are terminated either by the parameter wake being set or wake up due to a write to their poller_wr_pipe by wake_thread() in signal_handler(). This fixes issue #1841. Must be backported in every stable version.
2022-09-09 04:21:00 -04:00
/* this check is required after setting TH_FL_SLEEPING to avoid
* a race with wakeup on signals using wake_threads() */
_HA_ATOMIC_AND(&th_ctx->flags, ~TH_FL_SLEEPING);
MINOR: pollers: Add a way to wake a thread sleeping in the poller. Add a new pipe, one per thread, so that we can write on it to wake a thread sleeping in a poller, and use it to wake threads supposed to take care of a task, if they are all sleeping.
2018-07-26 11:55:11 -04:00
} else
MEDIUM: poller: separate the wait time from the wake events We have been abusing the do_poll()'s timeout for a while, making it zero whenever there is some known activity. The problem this poses is that it complicates activity diagnostic by incrementing the poll_exp field for each known activity. It also requires extra computations that could be avoided. This change passes a "wake" argument to say that the poller must not sleep. This simplifies the operations and allows one to differenciate expirations from activity.
2019-05-28 10:44:05 -04:00
wake = 0;
MINOR: pollers: Add a way to wake a thread sleeping in the poller. Add a new pipe, one per thread, so that we can write on it to wake a thread sleeping in a poller, and use it to wake threads supposed to take care of a task, if they are all sleeping.
2018-07-26 11:55:11 -04:00
}
CLEANUP: poll: move the conditions for waiting out of the poll functions The poll() functions have become a bit dirty because they now check the size of the signal queue, the FD cache and the number of tasks. It's not their job, this must be moved to the caller. In the end it simplifies the code because the expiration date is now set to now_ms if we must not wait, and this achieves in exactly the same result and is cleaner. The change looks large due to the change of indent for blocks which were inside an "if" block.
2015-04-13 14:44:19 -04:00
BUG/MINOR: haproxy/threads: close a possible race in soft-stop detection Commit 4b3f27b ("BUG/MINOR: haproxy/threads: try to make all threads leave together") improved the soft-stop synchronization but it left a small race open because it looks at tasks_run_queue, which can drop to zero then back to one while another thread picks the task from the run queue to insert it into the tasklet_list. The risk is very low but not null. In addition the condition didn't consider the possible presence of signals in the queue. This patch moves the stopping detection just after the "wake" calculation which already takes care of the various queues' sizes and signals. It avoids needlessly duplicating these tests. The bug was discovered during a code review but will probably never be observed. This fix may be backported to 2.1 and 2.0 along with the commit above.
2020-03-23 04:27:28 -04:00
if (!wake) {
BUG/MINOR: soft-stop: always wake up waiting threads on stopping Currently the soft-stop can lead to old processes remaining alive for as long as two seconds after receiving a soft-stop signal. What happens is that when receiving SIGUSR1, one thread (usually the first one) wakes up, handles the signal, sets "stopping", goes into runn_poll_loop(), and discovers that stopping is set, so its also sets itself in the stopping_thread_mask bit mask. After this it sees that other threads are not yet willing to stop, so it continues to wait. From there, other threads which were waiting in poll() expire after one second on poll timeout and enter run_poll_loop() in turn. That's already one second of wait time. They discover each in turn that they're stopping and see that other threads are not yet stopping, so they go back waiting. After the end of the first second, all threads know they're stopping and have set their bit in stopping_thread_mask. It's only now that those who started to wait first wake up again on timeout to discover that all other ones are stopping, and can now quit. One second later all threads will have done it and the process will quit. This is effectively strictly larger than one second and up to two seconds. What the current patch does is simple, when the first thread stops, it sets its own bit into stopping_thread_mask then wakes up all other threads to do also set theirs. This kills the first second which corresponds to the time to discover the stopping state. Second, when a thread exists, it wakes all other ones again because some might have gone back sleeping waiting for "jobs" to go down to zero (i.e. closing the last connection). This kills the last second of wait time. Thanks to this, as SIGUSR1 now acts instantly again if there's no active connection, or it stops immediately after the last connection has left if one was still present. This should be backported as far as 2.0.
2020-05-13 07:51:01 -04:00
int i;
if (stopping) {
MEDIUM: quic: release closing connections on stopping Since the following commit : commit fb375574f947143e185225558c274ac00a3f8cb4 MINOR: quic: mark quic-conn as jobs on socket allocation quic-conn instances are marked as jobs. This prevent haproxy process to stop while there is transfer in progress. To not delay process termination, idle connections are woken up through their MUX instances to be able to release them immediately. However, there is no mechanism to wake up quic connections left on closing or draining state. This means that haproxy process termination is delayed until every closing quic connections timer has expired. To improve this, a new function quic_handle_stopping() is called when haproxy process is stopping. It simply wakes up the idle timer task of all connections in the global closing list. These connections will thus be released immediately to not interrupt haproxy process stopping. This should be backported up to 2.7.
2023-03-08 04:37:45 -05:00
/* stop muxes/quic-conns before acknowledging stopping */
BUG/MEDIUM: thread: check stopping thread against local bit and not global one Commit ef422ced9 ("MEDIUM: thread: make stopping_threads per-group and add stopping_tgroups") moved the stopping_threads mask to per-group, but one test in the loop preserved its global value instead, resulting in stopping threads never sleeping on stop and eating 100% CPU until all were stopped. No backport is needed.
2022-07-04 08:07:29 -04:00
if (!(tg_ctx->stopping_threads & ti->ltid_bit)) {
MEDIUM: connection: close front idling connection on soft-stop Implement a safe mechanism to close front idling connection which prevents the soft-stop to complete. Every h1/h2 front connection is added in a new per-thread list instance. On shutdown, a new task is waking up which calls wake mux operation on every connection still present in the new list. A new stopping_list attach point has been added in the connection structure. As this member is only used for frontend connections, it shared the same union as the session_list reserved for backend connections.
2021-05-03 04:47:51 -04:00
task_wakeup(mux_stopping_data[tid].task, TASK_WOKEN_OTHER);
wake = 1;
}
MEDIUM: thread: make stopping_threads per-group and add stopping_tgroups Stopping threads need a mask to figure who's still there without scanning everything in the poll loop. This means this will have to be per-group. And we also need to have a global stopping groups mask to know what groups were already signaled. This is used both to figure what thread is the first one to catch the event, and which one is the first one to detect the end of the last job. The logic isn't changed, though a loop is required in the slow path to make sure all threads are aware of the end. Note that for now the soft-stop still takes time for group IDs > 1 as the poller is not yet started on these threads and needs to expire its timeout as there's no way to wake it up. But all threads are eventually stopped.
2022-06-28 13:29:29 -04:00
if (_HA_ATOMIC_OR_FETCH(&tg_ctx->stopping_threads, ti->ltid_bit) == ti->ltid_bit &&
_HA_ATOMIC_OR_FETCH(&stopping_tgroup_mask, tg->tgid_bit) == tg->tgid_bit) {
/* first one to detect it, notify all threads that stopping was just set */
for (i = 0; i < global.nbthread; i++) {
BUG/MINOR: thread: always reload threads_enabled in loops A few loops waiting for threads to synchronize such as thread_isolate() rightfully filter the thread masks via the threads_enabled field that contains the list of enabled threads. However, it doesn't use an atomic load on it. Before 2.7, the equivalent variables were marked as volatile and were always reloaded. In 2.7 they're fields in ha_tgroup_ctx[], and the risk that the compiler keeps them in a register inside a loop is not null at all. In practice when ha_thread_relax() calls sched_yield() or an x86 PAUSE instruction, it could be verified that the variable is always reloaded. If these are avoided (e.g. architecture providing neither solution), it's visible in asm code that the variables are not reloaded. In this case, if a thread exists just between the moment the two values are read, the loop could spin forever. This patch adds the required _HA_ATOMIC_LOAD() on the relevant threads_enabled fields. It must be backported to 2.7.
2023-01-19 13:14:18 -05:00
if (_HA_ATOMIC_LOAD(&ha_thread_info[i].tg->threads_enabled) &
MEDIUM: thread: make stopping_threads per-group and add stopping_tgroups Stopping threads need a mask to figure who's still there without scanning everything in the poll loop. This means this will have to be per-group. And we also need to have a global stopping groups mask to know what groups were already signaled. This is used both to figure what thread is the first one to catch the event, and which one is the first one to detect the end of the last job. The logic isn't changed, though a loop is required in the slow path to make sure all threads are aware of the end. Note that for now the soft-stop still takes time for group IDs > 1 as the poller is not yet started on these threads and needs to expire its timeout as there's no way to wake it up. But all threads are eventually stopped.
2022-06-28 13:29:29 -04:00
ha_thread_info[i].ltid_bit &
~_HA_ATOMIC_LOAD(&ha_thread_info[i].tg_ctx->stopping_threads))
MINOR: soft-stop: let the first stopper only signal other threads When the first thread stops and wakes others up, it's possible some of them will also start to wake others in parallel. Let's make give this notification task to the very first one instead since it's enough and can reduce the amount of needless (though harmless) wakeup calls.
2020-05-13 08:30:25 -04:00
wake_thread(i);
MEDIUM: thread: make stopping_threads per-group and add stopping_tgroups Stopping threads need a mask to figure who's still there without scanning everything in the poll loop. This means this will have to be per-group. And we also need to have a global stopping groups mask to know what groups were already signaled. This is used both to figure what thread is the first one to catch the event, and which one is the first one to detect the end of the last job. The logic isn't changed, though a loop is required in the slow path to make sure all threads are aware of the end. Note that for now the soft-stop still takes time for group IDs > 1 as the poller is not yet started on these threads and needs to expire its timeout as there's no way to wake it up. But all threads are eventually stopped.
2022-06-28 13:29:29 -04:00
}
MINOR: soft-stop: let the first stopper only signal other threads When the first thread stops and wakes others up, it's possible some of them will also start to wake others in parallel. Let's make give this notification task to the very first one instead since it's enough and can reduce the amount of needless (though harmless) wakeup calls.
2020-05-13 08:30:25 -04:00
}
BUG/MINOR: soft-stop: always wake up waiting threads on stopping Currently the soft-stop can lead to old processes remaining alive for as long as two seconds after receiving a soft-stop signal. What happens is that when receiving SIGUSR1, one thread (usually the first one) wakes up, handles the signal, sets "stopping", goes into runn_poll_loop(), and discovers that stopping is set, so its also sets itself in the stopping_thread_mask bit mask. After this it sees that other threads are not yet willing to stop, so it continues to wait. From there, other threads which were waiting in poll() expire after one second on poll timeout and enter run_poll_loop() in turn. That's already one second of wait time. They discover each in turn that they're stopping and see that other threads are not yet stopping, so they go back waiting. After the end of the first second, all threads know they're stopping and have set their bit in stopping_thread_mask. It's only now that those who started to wait first wake up again on timeout to discover that all other ones are stopping, and can now quit. One second later all threads will have done it and the process will quit. This is effectively strictly larger than one second and up to two seconds. What the current patch does is simple, when the first thread stops, it sets its own bit into stopping_thread_mask then wakes up all other threads to do also set theirs. This kills the first second which corresponds to the time to discover the stopping state. Second, when a thread exists, it wakes all other ones again because some might have gone back sleeping waiting for "jobs" to go down to zero (i.e. closing the last connection). This kills the last second of wait time. Thanks to this, as SIGUSR1 now acts instantly again if there's no active connection, or it stops immediately after the last connection has left if one was still present. This should be backported as far as 2.0.
2020-05-13 07:51:01 -04:00
}
BUG/MINOR: haproxy/threads: close a possible race in soft-stop detection Commit 4b3f27b ("BUG/MINOR: haproxy/threads: try to make all threads leave together") improved the soft-stop synchronization but it left a small race open because it looks at tasks_run_queue, which can drop to zero then back to one while another thread picks the task from the run queue to insert it into the tasklet_list. The risk is very low but not null. In addition the condition didn't consider the possible presence of signals in the queue. This patch moves the stopping detection just after the "wake" calculation which already takes care of the various queues' sizes and signals. It avoids needlessly duplicating these tests. The bug was discovered during a code review but will probably never be observed. This fix may be backported to 2.1 and 2.0 along with the commit above.
2020-03-23 04:27:28 -04:00
/* stop when there's nothing left to do */
if ((jobs - unstoppable_jobs) == 0 &&
MEDIUM: thread: make stopping_threads per-group and add stopping_tgroups Stopping threads need a mask to figure who's still there without scanning everything in the poll loop. This means this will have to be per-group. And we also need to have a global stopping groups mask to know what groups were already signaled. This is used both to figure what thread is the first one to catch the event, and which one is the first one to detect the end of the last job. The logic isn't changed, though a loop is required in the slow path to make sure all threads are aware of the end. Note that for now the soft-stop still takes time for group IDs > 1 as the poller is not yet started on these threads and needs to expire its timeout as there's no way to wake it up. But all threads are eventually stopped.
2022-06-28 13:29:29 -04:00
(_HA_ATOMIC_LOAD(&stopping_tgroup_mask) & all_tgroups_mask) == all_tgroups_mask) {
/* check that all threads are aware of the stopping status */
for (i = 0; i < global.nbtgroups; i++)
BUG/MINOR: thread: always reload threads_enabled in loops A few loops waiting for threads to synchronize such as thread_isolate() rightfully filter the thread masks via the threads_enabled field that contains the list of enabled threads. However, it doesn't use an atomic load on it. Before 2.7, the equivalent variables were marked as volatile and were always reloaded. In 2.7 they're fields in ha_tgroup_ctx[], and the risk that the compiler keeps them in a register inside a loop is not null at all. In practice when ha_thread_relax() calls sched_yield() or an x86 PAUSE instruction, it could be verified that the variable is always reloaded. If these are avoided (e.g. architecture providing neither solution), it's visible in asm code that the variables are not reloaded. In this case, if a thread exists just between the moment the two values are read, the loop could spin forever. This patch adds the required _HA_ATOMIC_LOAD() on the relevant threads_enabled fields. It must be backported to 2.7.
2023-01-19 13:14:18 -05:00
if ((_HA_ATOMIC_LOAD(&ha_tgroup_ctx[i].stopping_threads) &
_HA_ATOMIC_LOAD(&ha_tgroup_info[i].threads_enabled)) !=
_HA_ATOMIC_LOAD(&ha_tgroup_info[i].threads_enabled))
MEDIUM: thread: make stopping_threads per-group and add stopping_tgroups Stopping threads need a mask to figure who's still there without scanning everything in the poll loop. This means this will have to be per-group. And we also need to have a global stopping groups mask to know what groups were already signaled. This is used both to figure what thread is the first one to catch the event, and which one is the first one to detect the end of the last job. The logic isn't changed, though a loop is required in the slow path to make sure all threads are aware of the end. Note that for now the soft-stop still takes time for group IDs > 1 as the poller is not yet started on these threads and needs to expire its timeout as there's no way to wake it up. But all threads are eventually stopped.
2022-06-28 13:29:29 -04:00
break;
#ifdef USE_THREAD
if (i == global.nbtgroups) {
/* all are OK, let's wake them all and stop */
for (i = 0; i < global.nbthread; i++)
BUG/MINOR: thread: always reload threads_enabled in loops A few loops waiting for threads to synchronize such as thread_isolate() rightfully filter the thread masks via the threads_enabled field that contains the list of enabled threads. However, it doesn't use an atomic load on it. Before 2.7, the equivalent variables were marked as volatile and were always reloaded. In 2.7 they're fields in ha_tgroup_ctx[], and the risk that the compiler keeps them in a register inside a loop is not null at all. In practice when ha_thread_relax() calls sched_yield() or an x86 PAUSE instruction, it could be verified that the variable is always reloaded. If these are avoided (e.g. architecture providing neither solution), it's visible in asm code that the variables are not reloaded. In this case, if a thread exists just between the moment the two values are read, the loop could spin forever. This patch adds the required _HA_ATOMIC_LOAD() on the relevant threads_enabled fields. It must be backported to 2.7.
2023-01-19 13:14:18 -05:00
if (i != tid && _HA_ATOMIC_LOAD(&ha_thread_info[i].tg->threads_enabled) & ha_thread_info[i].ltid_bit)
MEDIUM: thread: make stopping_threads per-group and add stopping_tgroups Stopping threads need a mask to figure who's still there without scanning everything in the poll loop. This means this will have to be per-group. And we also need to have a global stopping groups mask to know what groups were already signaled. This is used both to figure what thread is the first one to catch the event, and which one is the first one to detect the end of the last job. The logic isn't changed, though a loop is required in the slow path to make sure all threads are aware of the end. Note that for now the soft-stop still takes time for group IDs > 1 as the poller is not yet started on these threads and needs to expire its timeout as there's no way to wake it up. But all threads are eventually stopped.
2022-06-28 13:29:29 -04:00
wake_thread(i);
break;
}
#endif
BUG/MINOR: soft-stop: always wake up waiting threads on stopping Currently the soft-stop can lead to old processes remaining alive for as long as two seconds after receiving a soft-stop signal. What happens is that when receiving SIGUSR1, one thread (usually the first one) wakes up, handles the signal, sets "stopping", goes into runn_poll_loop(), and discovers that stopping is set, so its also sets itself in the stopping_thread_mask bit mask. After this it sees that other threads are not yet willing to stop, so it continues to wait. From there, other threads which were waiting in poll() expire after one second on poll timeout and enter run_poll_loop() in turn. That's already one second of wait time. They discover each in turn that they're stopping and see that other threads are not yet stopping, so they go back waiting. After the end of the first second, all threads know they're stopping and have set their bit in stopping_thread_mask. It's only now that those who started to wait first wake up again on timeout to discover that all other ones are stopping, and can now quit. One second later all threads will have done it and the process will quit. This is effectively strictly larger than one second and up to two seconds. What the current patch does is simple, when the first thread stops, it sets its own bit into stopping_thread_mask then wakes up all other threads to do also set theirs. This kills the first second which corresponds to the time to discover the stopping state. Second, when a thread exists, it wakes all other ones again because some might have gone back sleeping waiting for "jobs" to go down to zero (i.e. closing the last connection). This kills the last second of wait time. Thanks to this, as SIGUSR1 now acts instantly again if there's no active connection, or it stops immediately after the last connection has left if one was still present. This should be backported as far as 2.0.
2020-05-13 07:51:01 -04:00
}
BUG/MINOR: haproxy/threads: close a possible race in soft-stop detection Commit 4b3f27b ("BUG/MINOR: haproxy/threads: try to make all threads leave together") improved the soft-stop synchronization but it left a small race open because it looks at tasks_run_queue, which can drop to zero then back to one while another thread picks the task from the run queue to insert it into the tasklet_list. The risk is very low but not null. In addition the condition didn't consider the possible presence of signals in the queue. This patch moves the stopping detection just after the "wake" calculation which already takes care of the various queues' sizes and signals. It avoids needlessly duplicating these tests. The bug was discovered during a code review but will probably never be observed. This fix may be backported to 2.1 and 2.0 along with the commit above.
2020-03-23 04:27:28 -04:00
}
MINOR: tasks: split wake_expired_tasks() in two parts to avoid useless wakeups We used to have wake_expired_tasks() wake up tasks and return the next expiration delay. The problem this causes is that we have to call it just before poll() in order to consider latest timers, but this also means that we don't wake up all newly expired tasks upon return from poll(), which thus systematically requires a second poll() round. This is visible when running any scheduled task like a health check, as there are systematically two poll() calls, one with the interval, nothing is done after it, and another one with a zero delay, and the task is called: listen test bind *:8001 server s1 127.0.0.1:1111 check 09:37:38.200959 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=8696843}) = 0 09:37:38.200967 epoll_wait(3, [], 200, 1000) = 0 09:37:39.202459 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=8712467}) = 0 >> nothing run here, as the expired task was not woken up yet. 09:37:39.202497 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=8715766}) = 0 09:37:39.202505 epoll_wait(3, [], 200, 0) = 0 09:37:39.202513 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=8719064}) = 0 >> now the expired task was woken up 09:37:39.202522 socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) = 7 09:37:39.202537 fcntl(7, F_SETFL, O_RDONLY|O_NONBLOCK) = 0 09:37:39.202565 setsockopt(7, SOL_TCP, TCP_NODELAY, [1], 4) = 0 09:37:39.202577 setsockopt(7, SOL_TCP, TCP_QUICKACK, [0], 4) = 0 09:37:39.202585 connect(7, {sa_family=AF_INET, sin_port=htons(1111), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EINPROGRESS (Operation now in progress) 09:37:39.202659 epoll_ctl(3, EPOLL_CTL_ADD, 7, {EPOLLOUT, {u32=7, u64=7}}) = 0 09:37:39.202673 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=8814713}) = 0 09:37:39.202683 epoll_wait(3, [{EPOLLOUT|EPOLLERR|EPOLLHUP, {u32=7, u64=7}}], 200, 1000) = 1 09:37:39.202693 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=8818617}) = 0 09:37:39.202701 getsockopt(7, SOL_SOCKET, SO_ERROR, [111], [4]) = 0 09:37:39.202715 close(7) = 0 Let's instead split the function in two parts: - the first part, wake_expired_tasks(), called just before process_runnable_tasks(), wakes up all expired tasks; it doesn't compute any timeout. - the second part, next_timer_expiry(), called just before poll(), only computes the next timeout for the current thread. Thanks to this, all expired tasks are properly woken up when leaving poll, and each poll call's timeout remains up to date: 09:41:16.270449 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=10223556}) = 0 09:41:16.270457 epoll_wait(3, [], 200, 999) = 0 09:41:17.270130 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=10238572}) = 0 09:41:17.270157 socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) = 7 09:41:17.270194 fcntl(7, F_SETFL, O_RDONLY|O_NONBLOCK) = 0 09:41:17.270204 setsockopt(7, SOL_TCP, TCP_NODELAY, [1], 4) = 0 09:41:17.270216 setsockopt(7, SOL_TCP, TCP_QUICKACK, [0], 4) = 0 09:41:17.270224 connect(7, {sa_family=AF_INET, sin_port=htons(1111), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EINPROGRESS (Operation now in progress) 09:41:17.270299 epoll_ctl(3, EPOLL_CTL_ADD, 7, {EPOLLOUT, {u32=7, u64=7}}) = 0 09:41:17.270314 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=10337841}) = 0 09:41:17.270323 epoll_wait(3, [{EPOLLOUT|EPOLLERR|EPOLLHUP, {u32=7, u64=7}}], 200, 1000) = 1 09:41:17.270332 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=10341860}) = 0 09:41:17.270340 getsockopt(7, SOL_SOCKET, SO_ERROR, [111], [4]) = 0 09:41:17.270367 close(7) = 0 This may be backported to 2.1 and 2.0 though it's unlikely to bring any user-visible improvement except to clarify debugging.
2019-12-11 02:12:23 -05:00
/* If we have to sleep, measure how long */
next = wake ? TICK_ETERNITY : next_timer_expiry();
[MAJOR] use an ebtree instead of a list for the run queue We now insert tasks in a certain sequence in the run queue. The sorting key currently is the arrival order. It will now be possible to apply a "nice" value to any task so that it goes forwards or backwards in the run queue. The calls to wake_expired_tasks() and maintain_proxies() have been moved to the main run_poll_loop(), because they had nothing to do in process_runnable_tasks(). The task_wakeup() function is not inlined anymore, as it was only used at one place. The qlist member of the task structure has been removed now. The run_queue list has been replaced for an integer indicating the number of tasks in the run queue.
2008-06-29 16:40:23 -04:00
/* The poller will ensure it returns around <next> */
MEDIUM: poller: separate the wait time from the wake events We have been abusing the do_poll()'s timeout for a while, making it zero whenever there is some known activity. The problem this poses is that it complicates activity diagnostic by incrementing the poll_exp field for each known activity. It also requires extra computations that could be avoided. This change passes a "wake" argument to say that the poller must not sleep. This simplifies the operations and allows one to differenciate expirations from activity.
2019-05-28 10:44:05 -04:00
cur_poller.poll(&cur_poller, next, wake);
MAJOR: servers: propagate server status changes asynchronously. In order to prepare multi-thread development, code was re-worked to propagate changes asynchronoulsy. Servers with pending status changes are registered in a list and this one is processed and emptied only once 'run poll' loop. Operational status changes are performed before administrative status changes. In a case of multiple operational status change or admin status change in the same 'run poll' loop iteration, those changes are merged to reach only the targeted status.
2017-10-03 08:46:45 -04:00
MINOR: global: add some global activity counters to help debugging A number of counters have been added at special places helping better understanding certain bug reports. These counters are maintained per thread and are shown using "show activity" on the CLI. The "clear counters" commands also reset these counters. The output is sent as a single write(), which currently produces up to about 7 kB of data for 64 threads. If more counters are added, it may be necessary to write into multiple buffers, or to reset the counters. To backport to 1.8 to help collect more detailed bug reports.
2018-01-20 13:30:13 -05:00
activity[tid].loops++;
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
}
MINOR: threads: add flags to know if a thread is started and/or running Several times during debugging it has been difficult to find a way to reliably indicate if a thread had been started and if it was still running. It's really not easy because the elements we look at are not necessarily reliable (e.g. harmless bit or idle bit might not reflect what we think during a signal). And such notions can be subjective anyway. Here we define two thread flags, TH_FL_STARTED which is set as soon as a thread enters run_thread_poll_loop() and drops the idle bit, and another one, TH_FL_IN_LOOP, which is set when entering run_poll_loop() and cleared when leaving it. This should help init/deinit code know whether it's called from a non-initialized thread (i.e. tid must not be trusted), or shared functions know if they're being called from a running thread or from init/deinit code outside of the polling loop.
2023-02-17 02:36:42 -05:00
_HA_ATOMIC_AND(&th_ctx->flags, ~TH_FL_IN_LOOP);
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
}
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
static void *run_thread_poll_loop(void *data)
{
BUG/MEDIUM: init/threads: provide per-thread alloc/free function callbacks We currently have the ability to register functions to be called early on thread creation and at thread deinitialization. It turns out this is not sufficient because certain such functions may use resources that are being allocated by the other ones, thus creating a race condition depending only on the linking order. For example the mworker needs to register a file descriptor while the pollers will reallocate the fd_updt[] array. Similarly logs and trashes may be used by some init functions while it's unclear whether they have been deduplicated. The same issue happens on deinit, if the fd_updt[] or trash is released before some functions finish to use them, we'll get into trouble. This patch creates a couple of early and late callbacks for per-thread allocation/freeing of resources. A few init functions were moved there, and the fd init code was split between the two (since it used to both allocate and initialize at once). This way the init/deinit sequence is expected to be safe now. This patch should be backported to 1.9 as at least the trash/log issue seems to be present. The run_thread_poll_loop() code is a bit different there as the mworker is not a callback, but it will have no effect and it's enough to drop the mworker changes. This bug was reported by Ilya Shipitsin in github issue #104.
2019-05-22 08:42:12 -04:00
struct per_thread_alloc_fct *ptaf;
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
struct per_thread_init_fct *ptif;
struct per_thread_deinit_fct *ptdf;
BUG/MEDIUM: init/threads: provide per-thread alloc/free function callbacks We currently have the ability to register functions to be called early on thread creation and at thread deinitialization. It turns out this is not sufficient because certain such functions may use resources that are being allocated by the other ones, thus creating a race condition depending only on the linking order. For example the mworker needs to register a file descriptor while the pollers will reallocate the fd_updt[] array. Similarly logs and trashes may be used by some init functions while it's unclear whether they have been deduplicated. The same issue happens on deinit, if the fd_updt[] or trash is released before some functions finish to use them, we'll get into trouble. This patch creates a couple of early and late callbacks for per-thread allocation/freeing of resources. A few init functions were moved there, and the fd init code was split between the two (since it used to both allocate and initialize at once). This way the init/deinit sequence is expected to be safe now. This patch should be backported to 1.9 as at least the trash/log issue seems to be present. The run_thread_poll_loop() code is a bit different there as the mworker is not a callback, but it will have no effect and it's enough to drop the mworker changes. This bug was reported by Ilya Shipitsin in github issue #104.
2019-05-22 08:42:12 -04:00
struct per_thread_free_fct *ptff;
MEDIUM: init/threads: don't use spinlocks during the init phase PiBa-NL found some pathological cases where starting threads can hinder each other and cause a measurable slow down. This problem is reproducible with the following config (haproxy must be built with -DDEBUG_DEV) : global stats socket /tmp/sock1 mode 666 level admin nbthread 64 backend stopme timeout server 1s option tcp-check tcp-check send "debug dev exit\n" server cli unix@/tmp/sock1 check This will cause the process to be stopped once the checks are ready to start. Binding all these to just a few cores magnifies the problem. Starting them in loops shows a significant time difference among the commits : # before startup serialization $ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy-e186161 -db -f slow-init.cfg >/dev/null 2>&1; done real 0m1.581s user 0m0.621s sys 0m5.339s # after startup serialization $ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy-e4d7c9dd -db -f slow-init.cfg >/dev/null 2>&1; done real 0m2.366s user 0m0.894s sys 0m8.238s In order to address this, let's use plain mutexes and cond_wait during the init phase. With this done, waiting threads now sleep and the problem completely disappeared : $ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy -db -f slow-init.cfg >/dev/null 2>&1; done real 0m0.161s user 0m0.079s sys 0m0.149s
2019-06-11 03:16:41 -04:00
static int init_left = 0;
CLEANUP: thread: rename __decl_hathreads() to __decl_thread() I can never figure whether it takes an "s" or not, and in the end it's better if it matches the file's naming, so let's call it "__decl_thread".
2020-06-05 02:40:51 -04:00
__decl_thread(static pthread_mutex_t init_mutex = PTHREAD_MUTEX_INITIALIZER);
__decl_thread(static pthread_cond_t init_cond = PTHREAD_COND_INITIALIZER);
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
MEDIUM: threads: replace ha_set_tid() with ha_set_thread() ha_set_tid() was randomly used either to explicitly set thread 0 or to set any possibly incomplete thread during boot. Let's replace it with a pointer to a valid thread or NULL for any thread. This allows us to check that the designated threads are always valid, and to ignore the thread 0's mapping when setting it to NULL, and always use group 0 with it during boot. The initialization code is also cleaner, as we don't pass ugly casts of a thread ID to a pointer anymore.
2021-09-28 03:43:11 -04:00
ha_set_thread(data);
MEDIUM: init: de-uglify the per-thread affinity setting Till now the threads startup was quite messy: - we would start all threads but one - then we would change all threads' CPU affinities - then we would manually start the poll loop for the current thread Let's change this by moving the CPU affinity setting code to a function set_thread_cpu_affinity() that does this job for the current thread only, and that is called during the thread's initialization in the polling loop. It takes care of not doing this for the master, and will result in all threads to be properly bound earlier and with cleaner code. It also removes some ugly nested ifdefs.
2021-09-28 04:15:47 -04:00
set_thread_cpu_affinity();
REORG: clock: move the clock_id initialization to clock.c This was previously open-coded in run_thread_poll_loop(). Now that we have clock.c dedicated to such stuff, let's move the code there so that we don't need to keep such ifdefs nor to depend on the clock_id.
2021-10-08 06:27:54 -04:00
clock_set_local_source();
DEBUG: tinfo: store the pthread ID and the stack pointer in tinfo When debugging a core, it's difficult to match a given gdb thread number against an internal thread. Let's just store the pthread ID and the stack pointer in each tinfo. This could help in the future by allowing to just glance over them and pick the right one depending what info is found first.
2023-11-22 12:01:25 -05:00
#ifdef USE_THREAD
ha_thread_info[tid].pth_id = ha_get_pthread_id(tid);
#endif
ha_thread_info[tid].stack_top = __builtin_frame_address(0);
MINOR: ring: make the number of queues configurable Now the rings have one wait queue per group. This should limit the contention on systems such as EPYC CPUs where the performance drops dramatically when using more than one CCX. Tests were run with different numbers and it was showed that value 6 outperforms all other ones at 12, 24, 48, 64 and 80 threads on an EPYC, a Xeon and an Ampere CPU. Value 7 sometimes comes close and anything around these values degrades quickly. The value has been left tunable in the global section. This commit only introduces everything needed to set up the queue count so that it's easier to adjust it in the forthcoming patches, but it was initially added after the series, making it harder to compare. It was also shown that trying to group the threads in queues by their thread groups is counter-productive and that it was more efficient to do that by applying a modulo on the thread number. As surprising as it seems, it does have the benefit of well balancing any number of threads.
2024-03-14 03:57:02 -04:00
/* Assign the ring queue. Contrary to an intuitive thought, this does
* not benefit from locality and it's counter-productive to group
* threads from a same group or range number in the same queue. In some
* sense it arranges us because it means we can use a modulo and ensure
* that even small numbers of threads are well spread.
*/
ha_thread_info[tid].ring_queue =
(tid % MIN(global.nbthread,
(global.tune.ring_queues ?
global.tune.ring_queues :
RING_DFLT_QUEUES))) % RING_WAIT_QUEUES;
BUG/MEDIUM: thread: consider secondary threads as idle+harmless during boot idle and harmless bits in the tgroup_ctx structure were not explicitly set during boot. | struct tgroup_ctx ha_tgroup_ctx[MAX_TGROUPS] = { }; As the structure is first statically initialized, .threads_harmless and .threads_idle are automatically zero- initialized by the compiler. Unfortulately, this means that such threads are not considered idle nor harmless by thread_isolate(_full)() functions until they enter the polling loop (thread_harmless_now() and thread_idle_now() are respectively called before entering the polling loop) Because of this, any attempt to call thread_isolate() or thread_isolate_full() during a startup phase with nbthreads >= 2 will cause thread_isolate to loop until every secondary threads make it through their first polling loop. If the startup phase is aborted during boot (ie: "-c" option to check the configuration), secondary threads may be initialized but will never be started (ie: they won't enter the polling loop), thus thread_isolate() could would loop forever in such cases. We can easily reveal the bug with this patch reproducer: | diff --git a/src/haproxy.c b/src/haproxy.c | index e91691658..0b733f6ee 100644 | --- a/src/haproxy.c | +++ b/src/haproxy.c | @@ -2317,6 +2317,10 @@ static void init(int argc, char **argv) | if (pr || px) { | /* At least one peer or one listener has been found */ | qfprintf(stdout, "Configuration file is valid\n"); | + printf("haproxy will loop...\n"); | + thread_isolate(); | + printf("we will never reach this\n"); | + thread_release(); | deinit_and_exit(0); | } | qfprintf(stdout, "Configuration file has no error but will not start (no listener) => exit(2).\n"); Now we start haproxy with a valid config: $> haproxy -c -f valid.conf Configuration file is valid haproxy will loop... ^C ------------------------------------------------------------------------------ This did not cause any issue so far because no early deinit paths require full thread isolation. But this may change when new features or requirements are introduced, so we should fix this before it becomes a real issue. To fix this, we explicitly assign .threads_harmless and .threads_idle to .threads_enabled value in thread_map_to_groups() function during boot. This is the proper place to do this since as long as .threads_enabled is not explicitly set, its default value is also 0 (zero-initialized by the compiler) code snippet from thread_isolate() function: ulong te = _HA_ATOMIC_LOAD(&ha_tgroup_info[tgrp].threads_enabled); ulong th = _HA_ATOMIC_LOAD(&ha_tgroup_ctx[tgrp].threads_harmless); if ((th & te) == te) break; Thus thread_isolate(_full()) won't be looping forever in thread_isolate() even if it were to be used before thread_map_to_groups() is executed. No backport needed unless this is a requirement.
2023-01-27 09:13:28 -05:00
/* thread is started, from now on it is not idle nor harmless */
thread_harmless_end();
thread_idle_end();
MINOR: threads: add flags to know if a thread is started and/or running Several times during debugging it has been difficult to find a way to reliably indicate if a thread had been started and if it was still running. It's really not easy because the elements we look at are not necessarily reliable (e.g. harmless bit or idle bit might not reflect what we think during a signal). And such notions can be subjective anyway. Here we define two thread flags, TH_FL_STARTED which is set as soon as a thread enters run_thread_poll_loop() and drops the idle bit, and another one, TH_FL_IN_LOOP, which is set when entering run_poll_loop() and cleared when leaving it. This should help init/deinit code know whether it's called from a non-initialized thread (i.e. tid must not be trusted), or shared functions know if they're being called from a running thread or from init/deinit code outside of the polling loop.
2023-02-17 02:36:42 -05:00
_HA_ATOMIC_OR(&th_ctx->flags, TH_FL_STARTED);
MINOR: threads: add each thread's clockid into the global thread_info This is the per-thread CPU runtime clock, it will be used to measure the CPU usage of each thread and by the lockup detection mechanism. It must only be retrieved at the beginning of run_thread_poll_loop() since the thread must already have been started for this. But it must be done before performing any per-thread initcall so that all thread init functions have access to the clock ID. Note that it could make sense to always have this clockid available even in non-threaded situations and place the process' clock there instead. But it would add portability issues which are currently easy to deal with by disabling threads so it may not be worth it for now.
2019-05-03 11:21:18 -04:00
MINOR: threads: serialize threads initialization There is no point in initializing threads in parallel when we know that it's the moment where some global variables are turned to thread-local ones, and/or that some global variables are updated (like global_now or trash_size). Some FDs might be created/destroyed/reallocated and could be tricky to follow as well (think about epoll_fd for example). Instead of having to be extremely careful about all these, and to trigger false positives in thread sanitizers, let's simply initialize one thread at a time. The init step is very fast so nobody should even notice, and we won't have any more doubts about what might have happened when analysing a dump. See GH issues #111 and #117 for some background on this.
2019-06-07 08:41:11 -04:00
/* Now, initialize one thread init at a time. This is better since
* some init code is a bit tricky and may release global resources
* after reallocating them locally. This will also ensure there is
* no race on file descriptors allocation.
*/
MEDIUM: init/threads: don't use spinlocks during the init phase PiBa-NL found some pathological cases where starting threads can hinder each other and cause a measurable slow down. This problem is reproducible with the following config (haproxy must be built with -DDEBUG_DEV) : global stats socket /tmp/sock1 mode 666 level admin nbthread 64 backend stopme timeout server 1s option tcp-check tcp-check send "debug dev exit\n" server cli unix@/tmp/sock1 check This will cause the process to be stopped once the checks are ready to start. Binding all these to just a few cores magnifies the problem. Starting them in loops shows a significant time difference among the commits : # before startup serialization $ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy-e186161 -db -f slow-init.cfg >/dev/null 2>&1; done real 0m1.581s user 0m0.621s sys 0m5.339s # after startup serialization $ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy-e4d7c9dd -db -f slow-init.cfg >/dev/null 2>&1; done real 0m2.366s user 0m0.894s sys 0m8.238s In order to address this, let's use plain mutexes and cond_wait during the init phase. With this done, waiting threads now sleep and the problem completely disappeared : $ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy -db -f slow-init.cfg >/dev/null 2>&1; done real 0m0.161s user 0m0.079s sys 0m0.149s
2019-06-11 03:16:41 -04:00
#ifdef USE_THREAD
pthread_mutex_lock(&init_mutex);
#endif
/* The first thread must set the number of threads left */
if (!init_left)
init_left = global.nbthread;
init_left--;
MINOR: threads: add each thread's clockid into the global thread_info This is the per-thread CPU runtime clock, it will be used to measure the CPU usage of each thread and by the lockup detection mechanism. It must only be retrieved at the beginning of run_thread_poll_loop() since the thread must already have been started for this. But it must be done before performing any per-thread initcall so that all thread init functions have access to the clock ID. Note that it could make sense to always have this clockid available even in non-threaded situations and place the process' clock there instead. But it would add portability issues which are currently easy to deal with by disabling threads so it may not be worth it for now.
2019-05-03 11:21:18 -04:00
REORG: time: move time-keeping code and variables to clock.c There is currently a problem related to time keeping. We're mixing the functions to perform calculations with the os-dependent code needed to retrieve and adjust the local time. This patch extracts from time.{c,h} the parts that are solely dedicated to time keeping. These are the "now" or "before_poll" variables for example, as well as the various now_*() functions that make use of gettimeofday() and clock_gettime() to retrieve the current time. The "tv_*" functions moved there were also more appropriately renamed to "clock_*". Other parts used to compute stolen time are in other files, they will have to be picked next.
2021-10-08 03:33:24 -04:00
clock_init_thread_date();
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
BUG/MEDIUM: init/threads: provide per-thread alloc/free function callbacks We currently have the ability to register functions to be called early on thread creation and at thread deinitialization. It turns out this is not sufficient because certain such functions may use resources that are being allocated by the other ones, thus creating a race condition depending only on the linking order. For example the mworker needs to register a file descriptor while the pollers will reallocate the fd_updt[] array. Similarly logs and trashes may be used by some init functions while it's unclear whether they have been deduplicated. The same issue happens on deinit, if the fd_updt[] or trash is released before some functions finish to use them, we'll get into trouble. This patch creates a couple of early and late callbacks for per-thread allocation/freeing of resources. A few init functions were moved there, and the fd init code was split between the two (since it used to both allocate and initialize at once). This way the init/deinit sequence is expected to be safe now. This patch should be backported to 1.9 as at least the trash/log issue seems to be present. The run_thread_poll_loop() code is a bit different there as the mworker is not a callback, but it will have no effect and it's enough to drop the mworker changes. This bug was reported by Ilya Shipitsin in github issue #104.
2019-05-22 08:42:12 -04:00
/* per-thread alloc calls performed here are not allowed to snoop on
* other threads, so they are free to initialize at their own rhythm
* as long as they act as if they were alone. None of them may rely
* on resources initialized by the other ones.
*/
list_for_each_entry(ptaf, &per_thread_alloc_list, list) {
if (!ptaf->fct()) {
ha_alert("failed to allocate resources for thread %u.\n", tid);
BUILD: threads: fix pthread_mutex_unlock when !USE_THREAD Commit 048368ef6 ("MINOR: deinit: always deinit the init_mutex on failed initialization") added the missing unlock but forgot to condition it on USE_THREAD, resulting in a build failure. No backport is needed. This addresses oss-fuzz issue 36426.
2021-07-22 08:42:32 -04:00
#ifdef USE_THREAD
MINOR: deinit: always deinit the init_mutex on failed initialization The init_mutex was not unlocked in case an error is encountered during a thread initialization, and the polling loop was aborted during startup. In practise it does not have any observable effect since an explicit exit() is placed there, but it could confuse some debugging tools or some static analysers, so let's release it as expected. This addresses issue #1326.
2021-07-18 04:40:57 -04:00
pthread_mutex_unlock(&init_mutex);
BUILD: threads: fix pthread_mutex_unlock when !USE_THREAD Commit 048368ef6 ("MINOR: deinit: always deinit the init_mutex on failed initialization") added the missing unlock but forgot to condition it on USE_THREAD, resulting in a build failure. No backport is needed. This addresses oss-fuzz issue 36426.
2021-07-22 08:42:32 -04:00
#endif
BUG/MEDIUM: init/threads: provide per-thread alloc/free function callbacks We currently have the ability to register functions to be called early on thread creation and at thread deinitialization. It turns out this is not sufficient because certain such functions may use resources that are being allocated by the other ones, thus creating a race condition depending only on the linking order. For example the mworker needs to register a file descriptor while the pollers will reallocate the fd_updt[] array. Similarly logs and trashes may be used by some init functions while it's unclear whether they have been deduplicated. The same issue happens on deinit, if the fd_updt[] or trash is released before some functions finish to use them, we'll get into trouble. This patch creates a couple of early and late callbacks for per-thread allocation/freeing of resources. A few init functions were moved there, and the fd init code was split between the two (since it used to both allocate and initialize at once). This way the init/deinit sequence is expected to be safe now. This patch should be backported to 1.9 as at least the trash/log issue seems to be present. The run_thread_poll_loop() code is a bit different there as the mworker is not a callback, but it will have no effect and it's enough to drop the mworker changes. This bug was reported by Ilya Shipitsin in github issue #104.
2019-05-22 08:42:12 -04:00
exit(1);
}
}
MINOR: threads/init: synchronize the threads startup It's a bit dangerous to let threads initialize at different speeds on startup. Some are still in their init functions while others area already running. It was even subject to some race condition bugs like the one fixed by commit 1605c7ae6 ("BUG/MEDIUM: threads/mworker: fix a race on startup"). Here in order to secure all this, we take a very simplistic approach consisting in using half of the rendez-vous point, which is made exactly for this purpose : we first initialize the mask of the threads requesting a rendez-vous to the mask of all threads, and we simply call thread_release() once the init is complete. This guarantees that no thread will go further than the initialization code during this time. This could even safely be backported if any other issue related to an init race was discovered in a stable release.
2019-05-20 04:50:43 -04:00
/* per-thread init calls performed here are not allowed to snoop on
* other threads, so they are free to initialize at their own rhythm
* as long as they act as if they were alone.
*/
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
list_for_each_entry(ptif, &per_thread_init_list, list) {
if (!ptif->fct()) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("failed to initialize thread %u.\n", tid);
BUILD: threads: fix pthread_mutex_unlock when !USE_THREAD Commit 048368ef6 ("MINOR: deinit: always deinit the init_mutex on failed initialization") added the missing unlock but forgot to condition it on USE_THREAD, resulting in a build failure. No backport is needed. This addresses oss-fuzz issue 36426.
2021-07-22 08:42:32 -04:00
#ifdef USE_THREAD
MINOR: deinit: always deinit the init_mutex on failed initialization The init_mutex was not unlocked in case an error is encountered during a thread initialization, and the polling loop was aborted during startup. In practise it does not have any observable effect since an explicit exit() is placed there, but it could confuse some debugging tools or some static analysers, so let's release it as expected. This addresses issue #1326.
2021-07-18 04:40:57 -04:00
pthread_mutex_unlock(&init_mutex);
BUILD: threads: fix pthread_mutex_unlock when !USE_THREAD Commit 048368ef6 ("MINOR: deinit: always deinit the init_mutex on failed initialization") added the missing unlock but forgot to condition it on USE_THREAD, resulting in a build failure. No backport is needed. This addresses oss-fuzz issue 36426.
2021-07-22 08:42:32 -04:00
#endif
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
exit(1);
}
}
BUG/MEDIUM: init/threads: prevent initialized threads from starting before others Since commit 6ec902a ("MINOR: threads: serialize threads initialization") we now serialize threads initialization. But doing so has emphasized another race which is that some threads may actually start the loop before others are done initializing. As soon as all threads enter the first thread_release() call, their rdv bit is cleared and they're all waiting for all others' rdv to be cleared as well, with their harmless bit set. The first one to notice the cleared mask will progress through thread_isolate(), take rdv again preventing most others from noticing its short pass to zero, and this first one will be able to run all the way through the initialization till the last call to thread_release() which it happily crosses, being the only one with the rdv bit, leaving the room for one or a few others to do the same. This results in some threads entering the loop before others are done with their initialization, which is particularly bad. PiBa-NL reported that some regtests fail for him due to this (which was impossible to reproduce here, but races are racy by definition). However placing some printf() in the initialization code definitely shows this unsychronized startup. This patch takes a different approach in three steps : - first, we don't start with thread_release() anymore and we don't set the rdv mask anymore in the main call. This was initially done to let all threads start toghether, which we don't want. Instead we just start with thread_isolate(). Since all threads are harmful by default, they all wait for each other's readiness before starting. - second, we don't release with thread_release() but with thread_sync_release(), meaning that we don't leave the function until other ones have reached the point in the function where they decide to leave it as well. - third, it makes sure we don't start the listeners using protocol_enable_all() before all threads have allocated their local FD tables or have initialized their pollers, otherwise startup could be racy as well. It's worth noting that it is even possible to limit this call to thread #0 as it only needs to be performed once. This now guarantees that all thread init calls start only after all threads are ready, and that no thread enters the polling loop before all others have completed their initialization. Please check GH issues #111 and #117 for more context. No backport is needed, though if some new init races are reported in 1.9 (or even 1.8) which do not affect 2.0, then it may make sense to carefully backport this small series.
2019-06-10 03:51:04 -04:00
/* enabling protocols will result in fd_insert() calls to be performed,
* we want all threads to have already allocated their local fd tables
MEDIUM: init/threads: don't use spinlocks during the init phase PiBa-NL found some pathological cases where starting threads can hinder each other and cause a measurable slow down. This problem is reproducible with the following config (haproxy must be built with -DDEBUG_DEV) : global stats socket /tmp/sock1 mode 666 level admin nbthread 64 backend stopme timeout server 1s option tcp-check tcp-check send "debug dev exit\n" server cli unix@/tmp/sock1 check This will cause the process to be stopped once the checks are ready to start. Binding all these to just a few cores magnifies the problem. Starting them in loops shows a significant time difference among the commits : # before startup serialization $ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy-e186161 -db -f slow-init.cfg >/dev/null 2>&1; done real 0m1.581s user 0m0.621s sys 0m5.339s # after startup serialization $ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy-e4d7c9dd -db -f slow-init.cfg >/dev/null 2>&1; done real 0m2.366s user 0m0.894s sys 0m8.238s In order to address this, let's use plain mutexes and cond_wait during the init phase. With this done, waiting threads now sleep and the problem completely disappeared : $ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy -db -f slow-init.cfg >/dev/null 2>&1; done real 0m0.161s user 0m0.079s sys 0m0.149s
2019-06-11 03:16:41 -04:00
* before doing so, thus only the last thread does it.
BUG/MEDIUM: init/threads: prevent initialized threads from starting before others Since commit 6ec902a ("MINOR: threads: serialize threads initialization") we now serialize threads initialization. But doing so has emphasized another race which is that some threads may actually start the loop before others are done initializing. As soon as all threads enter the first thread_release() call, their rdv bit is cleared and they're all waiting for all others' rdv to be cleared as well, with their harmless bit set. The first one to notice the cleared mask will progress through thread_isolate(), take rdv again preventing most others from noticing its short pass to zero, and this first one will be able to run all the way through the initialization till the last call to thread_release() which it happily crosses, being the only one with the rdv bit, leaving the room for one or a few others to do the same. This results in some threads entering the loop before others are done with their initialization, which is particularly bad. PiBa-NL reported that some regtests fail for him due to this (which was impossible to reproduce here, but races are racy by definition). However placing some printf() in the initialization code definitely shows this unsychronized startup. This patch takes a different approach in three steps : - first, we don't start with thread_release() anymore and we don't set the rdv mask anymore in the main call. This was initially done to let all threads start toghether, which we don't want. Instead we just start with thread_isolate(). Since all threads are harmful by default, they all wait for each other's readiness before starting. - second, we don't release with thread_release() but with thread_sync_release(), meaning that we don't leave the function until other ones have reached the point in the function where they decide to leave it as well. - third, it makes sure we don't start the listeners using protocol_enable_all() before all threads have allocated their local FD tables or have initialized their pollers, otherwise startup could be racy as well. It's worth noting that it is even possible to limit this call to thread #0 as it only needs to be performed once. This now guarantees that all thread init calls start only after all threads are ready, and that no thread enters the polling loop before all others have completed their initialization. Please check GH issues #111 and #117 for more context. No backport is needed, though if some new init races are reported in 1.9 (or even 1.8) which do not affect 2.0, then it may make sense to carefully backport this small series.
2019-06-10 03:51:04 -04:00
*/
MEDIUM: init/threads: don't use spinlocks during the init phase PiBa-NL found some pathological cases where starting threads can hinder each other and cause a measurable slow down. This problem is reproducible with the following config (haproxy must be built with -DDEBUG_DEV) : global stats socket /tmp/sock1 mode 666 level admin nbthread 64 backend stopme timeout server 1s option tcp-check tcp-check send "debug dev exit\n" server cli unix@/tmp/sock1 check This will cause the process to be stopped once the checks are ready to start. Binding all these to just a few cores magnifies the problem. Starting them in loops shows a significant time difference among the commits : # before startup serialization $ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy-e186161 -db -f slow-init.cfg >/dev/null 2>&1; done real 0m1.581s user 0m0.621s sys 0m5.339s # after startup serialization $ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy-e4d7c9dd -db -f slow-init.cfg >/dev/null 2>&1; done real 0m2.366s user 0m0.894s sys 0m8.238s In order to address this, let's use plain mutexes and cond_wait during the init phase. With this done, waiting threads now sleep and the problem completely disappeared : $ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy -db -f slow-init.cfg >/dev/null 2>&1; done real 0m0.161s user 0m0.079s sys 0m0.149s
2019-06-11 03:16:41 -04:00
if (init_left == 0)
OPTIM/MINOR: init/threads: only call protocol_enable_all() on first thread There's no point in calling this on each and every thread since the first thread passing there will enable the listeners, and the next ones will simply scan all of them in turn to discover that they are already initialized. Let's only initilize them on the first thread. This could slightly speed up start up on very large configurations, eventhough most of the time is still spent in the main thread binding the sockets. A few measurements have constantly shown that this decreases the startup time by ~0.1s for 150k listeners. Starting all of them in parallel doesn't provide better results and can still expose some undesired races.
2019-06-10 04:14:52 -04:00
protocol_enable_all();
MINOR: threads: serialize threads initialization There is no point in initializing threads in parallel when we know that it's the moment where some global variables are turned to thread-local ones, and/or that some global variables are updated (like global_now or trash_size). Some FDs might be created/destroyed/reallocated and could be tricky to follow as well (think about epoll_fd for example). Instead of having to be extremely careful about all these, and to trigger false positives in thread sanitizers, let's simply initialize one thread at a time. The init step is very fast so nobody should even notice, and we won't have any more doubts about what might have happened when analysing a dump. See GH issues #111 and #117 for some background on this.
2019-06-07 08:41:11 -04:00
MEDIUM: init/threads: don't use spinlocks during the init phase PiBa-NL found some pathological cases where starting threads can hinder each other and cause a measurable slow down. This problem is reproducible with the following config (haproxy must be built with -DDEBUG_DEV) : global stats socket /tmp/sock1 mode 666 level admin nbthread 64 backend stopme timeout server 1s option tcp-check tcp-check send "debug dev exit\n" server cli unix@/tmp/sock1 check This will cause the process to be stopped once the checks are ready to start. Binding all these to just a few cores magnifies the problem. Starting them in loops shows a significant time difference among the commits : # before startup serialization $ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy-e186161 -db -f slow-init.cfg >/dev/null 2>&1; done real 0m1.581s user 0m0.621s sys 0m5.339s # after startup serialization $ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy-e4d7c9dd -db -f slow-init.cfg >/dev/null 2>&1; done real 0m2.366s user 0m0.894s sys 0m8.238s In order to address this, let's use plain mutexes and cond_wait during the init phase. With this done, waiting threads now sleep and the problem completely disappeared : $ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy -db -f slow-init.cfg >/dev/null 2>&1; done real 0m0.161s user 0m0.079s sys 0m0.149s
2019-06-11 03:16:41 -04:00
#ifdef USE_THREAD
pthread_cond_broadcast(&init_cond);
pthread_mutex_unlock(&init_mutex);
/* now wait for other threads to finish starting */
pthread_mutex_lock(&init_mutex);
while (init_left)
pthread_cond_wait(&init_cond, &init_mutex);
pthread_mutex_unlock(&init_mutex);
#endif
MINOR: threads/init: synchronize the threads startup It's a bit dangerous to let threads initialize at different speeds on startup. Some are still in their init functions while others area already running. It was even subject to some race condition bugs like the one fixed by commit 1605c7ae6 ("BUG/MEDIUM: threads/mworker: fix a race on startup"). Here in order to secure all this, we take a very simplistic approach consisting in using half of the rendez-vous point, which is made exactly for this purpose : we first initialize the mask of the threads requesting a rendez-vous to the mask of all threads, and we simply call thread_release() once the init is complete. This guarantees that no thread will go further than the initialization code during this time. This could even safely be backported if any other issue related to an init race was discovered in a stable release.
2019-05-20 04:50:43 -04:00
MEDIUM: init: set NO_NEW_PRIVS by default when supported HAProxy doesn't need to call executables at run time (except when using external checks which are strongly recommended against), and is even expected to isolate itself into an empty chroot. As such, there basically is no valid reason to allow a setuid executable to be called without the user being fully aware of the risks. In a situation where haproxy would need to call external checks and/or disable chroot, exploiting a vulnerability in a library or in haproxy itself could lead to the execution of an external program. On Linux it is possible to lock the process so that any setuid bit present on such an executable is ignored. This significantly reduces the risk of privilege escalation in such a situation. This is what haproxy does by default. In case this causes a problem to an external check (for example one which would need the "ping" command), then it is possible to disable this protection by explicitly adding this directive in the global section. If enabled, it is possible to turn it back off by prefixing it with the "no" keyword. Before the option: $ socat - /tmp/sock1 <<< "expert-mode on; debug dev exec sudo /bin/id" uid=0(root) gid=0(root) groups=0(root After the option: $ socat - /tmp/sock1 <<< "expert-mode on; debug dev exec sudo /bin/id" sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?
2019-12-06 10:31:45 -05:00
#if defined(PR_SET_NO_NEW_PRIVS) && defined(USE_PRCTL)
/* Let's refrain from using setuid executables. This way the impact of
* an eventual vulnerability in a library remains limited. It may
* impact external checks but who cares about them anyway ? In the
* worst case it's possible to disable the option. Obviously we do this
* in workers only. We can't hard-fail on this one as it really is
* implementation dependent though we're interested in feedback, hence
* the warning.
*/
if (!(global.tune.options & GTUNE_INSECURE_SETUID) && !master) {
static int warn_fail;
CLEANUP: atomic: add a fetch-and-xxx variant for common operations The fetch_and_xxx variant is often missing for add/sub/and/or. In fact it was only provided for ADD under the name XADD which corresponds to the x86 instruction name. But for destructive operations like AND and OR it's missing even more as it's not possible to know the value before modifying it. This patch explicitly adds HA_ATOMIC_FETCH_{OR,AND,ADD,SUB} which cover these standard operations, and renames XADD to FETCH_ADD (there were only 6 call places). In the future, backport of fixes involving such operations could simply remap FETCH_ADD(x) to XADD(x), FETCH_SUB(x) to XADD(-x), and for the OR/AND if needed, these could possibly be done using BTS/BTR. It's worth noting that xchg could have been renamed to fetch_and_store() but xchg already has well understood semantics and it wasn't needed to go further.
2021-04-06 05:57:41 -04:00
if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) == -1 && !_HA_ATOMIC_FETCH_ADD(&warn_fail, 1)) {
MEDIUM: init: set NO_NEW_PRIVS by default when supported HAProxy doesn't need to call executables at run time (except when using external checks which are strongly recommended against), and is even expected to isolate itself into an empty chroot. As such, there basically is no valid reason to allow a setuid executable to be called without the user being fully aware of the risks. In a situation where haproxy would need to call external checks and/or disable chroot, exploiting a vulnerability in a library or in haproxy itself could lead to the execution of an external program. On Linux it is possible to lock the process so that any setuid bit present on such an executable is ignored. This significantly reduces the risk of privilege escalation in such a situation. This is what haproxy does by default. In case this causes a problem to an external check (for example one which would need the "ping" command), then it is possible to disable this protection by explicitly adding this directive in the global section. If enabled, it is possible to turn it back off by prefixing it with the "no" keyword. Before the option: $ socat - /tmp/sock1 <<< "expert-mode on; debug dev exec sudo /bin/id" uid=0(root) gid=0(root) groups=0(root After the option: $ socat - /tmp/sock1 <<< "expert-mode on; debug dev exec sudo /bin/id" sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?
2019-12-06 10:31:45 -05:00
ha_warning("Failed to disable setuid, please report to developers with detailed "
"information about your operating system. You can silence this warning "
"by adding 'insecure-setuid-wanted' in the 'global' section.\n");
}
}
#endif
MEDIUM: init: prevent process and thread creation at runtime Some concerns are regularly raised about the risk to inherit some Lua files which make use of a fork (e.g. via os.execute()) as well as whether or not some of bugs we fix might or not be exploitable to run some code. Given that haproxy is event-driven, any foreground activity completely stops processing and is easy to detect, but background activity is a different story. A Lua script could very well discretely fork a sub-process connecting to a remote location and taking commands, and some injected code could also try to hide its activity by creating a process or a thread without blocking the rest of the processing. While such activities should be extremely limited when run in an empty chroot without any permission, it would be better to get a higher assurance they cannot happen. This patch introduces something very simple: it limits the number of processes and threads to zero in the workers after the last thread was created. By doing so, it effectively instructs the system to fail on any fork() or clone() syscall. Thus any undesired activity has to happen in the foreground and is way easier to detect. This will obviously break external checks (whose concept is already totally insecure), and for this reason a new option "insecure-fork-wanted" was added to disable this protection, and it is suggested in the fork() error report from the checks. It is obviously recommended not to use it and to reconsider the reasons leading to it being enabled in the first place. If for any reason we fail to disable forks, we still start because it could be imaginable that some operating systems refuse to set this limit to zero, but in this case we emit a warning, that may or may not be reported since we're after the fork point. Ideally over the long term it should be conditionned by strict-limits and cause a hard fail.
2019-12-03 01:07:36 -05:00
#if defined(RLIMIT_NPROC)
/* all threads have started, it's now time to prevent any new thread
* or process from starting. Obviously we do this in workers only. We
* can't hard-fail on this one as it really is implementation dependent
* though we're interested in feedback, hence the warning.
*/
if (!(global.tune.options & GTUNE_INSECURE_FORK) && !master) {
struct rlimit limit = { .rlim_cur = 0, .rlim_max = 0 };
static int warn_fail;
CLEANUP: atomic: add a fetch-and-xxx variant for common operations The fetch_and_xxx variant is often missing for add/sub/and/or. In fact it was only provided for ADD under the name XADD which corresponds to the x86 instruction name. But for destructive operations like AND and OR it's missing even more as it's not possible to know the value before modifying it. This patch explicitly adds HA_ATOMIC_FETCH_{OR,AND,ADD,SUB} which cover these standard operations, and renames XADD to FETCH_ADD (there were only 6 call places). In the future, backport of fixes involving such operations could simply remap FETCH_ADD(x) to XADD(x), FETCH_SUB(x) to XADD(-x), and for the OR/AND if needed, these could possibly be done using BTS/BTR. It's worth noting that xchg could have been renamed to fetch_and_store() but xchg already has well understood semantics and it wasn't needed to go further.
2021-04-06 05:57:41 -04:00
if (setrlimit(RLIMIT_NPROC, &limit) == -1 && !_HA_ATOMIC_FETCH_ADD(&warn_fail, 1)) {
MEDIUM: init: prevent process and thread creation at runtime Some concerns are regularly raised about the risk to inherit some Lua files which make use of a fork (e.g. via os.execute()) as well as whether or not some of bugs we fix might or not be exploitable to run some code. Given that haproxy is event-driven, any foreground activity completely stops processing and is easy to detect, but background activity is a different story. A Lua script could very well discretely fork a sub-process connecting to a remote location and taking commands, and some injected code could also try to hide its activity by creating a process or a thread without blocking the rest of the processing. While such activities should be extremely limited when run in an empty chroot without any permission, it would be better to get a higher assurance they cannot happen. This patch introduces something very simple: it limits the number of processes and threads to zero in the workers after the last thread was created. By doing so, it effectively instructs the system to fail on any fork() or clone() syscall. Thus any undesired activity has to happen in the foreground and is way easier to detect. This will obviously break external checks (whose concept is already totally insecure), and for this reason a new option "insecure-fork-wanted" was added to disable this protection, and it is suggested in the fork() error report from the checks. It is obviously recommended not to use it and to reconsider the reasons leading to it being enabled in the first place. If for any reason we fail to disable forks, we still start because it could be imaginable that some operating systems refuse to set this limit to zero, but in this case we emit a warning, that may or may not be reported since we're after the fork point. Ideally over the long term it should be conditionned by strict-limits and cause a hard fail.
2019-12-03 01:07:36 -05:00
ha_warning("Failed to disable forks, please report to developers with detailed "
"information about your operating system. You can silence this warning "
"by adding 'insecure-fork-wanted' in the 'global' section.\n");
}
}
#endif
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
run_poll_loop();
list_for_each_entry(ptdf, &per_thread_deinit_list, list)
ptdf->fct();
BUG/MEDIUM: init/threads: provide per-thread alloc/free function callbacks We currently have the ability to register functions to be called early on thread creation and at thread deinitialization. It turns out this is not sufficient because certain such functions may use resources that are being allocated by the other ones, thus creating a race condition depending only on the linking order. For example the mworker needs to register a file descriptor while the pollers will reallocate the fd_updt[] array. Similarly logs and trashes may be used by some init functions while it's unclear whether they have been deduplicated. The same issue happens on deinit, if the fd_updt[] or trash is released before some functions finish to use them, we'll get into trouble. This patch creates a couple of early and late callbacks for per-thread allocation/freeing of resources. A few init functions were moved there, and the fd init code was split between the two (since it used to both allocate and initialize at once). This way the init/deinit sequence is expected to be safe now. This patch should be backported to 1.9 as at least the trash/log issue seems to be present. The run_thread_poll_loop() code is a bit different there as the mworker is not a callback, but it will have no effect and it's enough to drop the mworker changes. This bug was reported by Ilya Shipitsin in github issue #104.
2019-05-22 08:42:12 -04:00
list_for_each_entry(ptff, &per_thread_free_list, list)
ptff->fct();
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
#ifdef USE_THREAD
BUG/MEDIUM: threads: fix incorrect thread group being used on soft-stop Commit 377e37a80 ("MINOR: tinfo: add the mask of enabled threads in each group") forgot -1 on the tgid, thus the groups was not always correctly tested, which is visible only when running with more than one group. No backport is needed.
2022-07-04 07:36:16 -04:00
if (!_HA_ATOMIC_AND_FETCH(&ha_tgroup_info[ti->tgid-1].threads_enabled, ~ti->ltid_bit))
MINOR: thread: add a new all_tgroups_mask variable to know about active tgroups In order to kill all_threads_mask we'll need to have an equivalent for the thread groups. The all_tgroups_mask does just this, it keeps one bit set per enabled group.
2022-06-24 09:55:11 -04:00
_HA_ATOMIC_AND(&all_tgroups_mask, ~tg->tgid_bit);
CLEANUP: thread: also remove a thread's bit from stopping_threads on stop As much as possible we should take care of not leaving bits from stopped threads in shared thread masks. It can avoid issues like the previous fix and will also make debugging less confusing.
2022-07-06 04:17:21 -04:00
if (!_HA_ATOMIC_AND_FETCH(&tg_ctx->stopping_threads, ~ti->ltid_bit))
_HA_ATOMIC_AND(&stopping_tgroup_mask, ~tg->tgid_bit);
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
if (tid > 0)
pthread_exit(NULL);
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
#endif
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
return NULL;
}
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
MINOR: init: avoid code duplication while setting identify since the introduction of mworker, the setuid/setgid was duplicated in two places; try to improve that by creating a dedicated function. this patch does not introduce any functional change. Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2019-11-17 09:47:16 -05:00
/* set uid/gid depending on global settings */
static void set_identity(const char *program_name)
{
MEDIUM: capabilities: enable support for Linux capabilities For a while there has been the constraint of having to run as root for transparent proxying, and we're starting to see some cases where QUIC is not running in socket-per-connection mode due to the missing capability that would be needed to bind a privileged port. It's not realistic to ask all QUIC users on port 443 to run as root, so instead let's provide a basic support for capabilities at least on linux. The ones currently supported are cap_net_raw, cap_net_admin and cap_net_bind_service. The mechanism was made OS-specific with a dedicated file because it really is. It can be easily refined later for other OSes if needed. A new keyword "setcaps" is added to the global section, to enumerate the capabilities that must be kept when switching from root to non-root. This is ignored in other situations though. HAProxy has to be built with USE_LINUX_CAP=1 for this to be supported, which is enabled by default for linux-glibc, linux-glibc-legacy and linux-musl. A good way to test this is to start haproxy with such a config: global uid 1000 setcap cap_net_bind_service frontend test mode http timeout client 3s bind quic4@:443 ssl crt rsa+dh2048.pem allow-0rtt and run it under "sudo strace -e trace=bind,setuid", then connecting there from an H3 client. The bind() syscall must succeed despite the user id having been switched.
2023-08-29 04:24:26 -04:00
int from_uid __maybe_unused = geteuid();
MINOR: init: avoid code duplication while setting identify since the introduction of mworker, the setuid/setgid was duplicated in two places; try to improve that by creating a dedicated function. this patch does not introduce any functional change. Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2019-11-17 09:47:16 -05:00
if (global.gid) {
if (getgroups(0, NULL) > 0 && setgroups(0, NULL) == -1)
ha_warning("[%s.main()] Failed to drop supplementary groups. Using 'gid'/'group'"
" without 'uid'/'user' is generally useless.\n", program_name);
if (setgid(global.gid) == -1) {
ha_alert("[%s.main()] Cannot set gid %d.\n", program_name, global.gid);
protocol_unbind_all();
exit(1);
}
}
MEDIUM: capabilities: enable support for Linux capabilities For a while there has been the constraint of having to run as root for transparent proxying, and we're starting to see some cases where QUIC is not running in socket-per-connection mode due to the missing capability that would be needed to bind a privileged port. It's not realistic to ask all QUIC users on port 443 to run as root, so instead let's provide a basic support for capabilities at least on linux. The ones currently supported are cap_net_raw, cap_net_admin and cap_net_bind_service. The mechanism was made OS-specific with a dedicated file because it really is. It can be easily refined later for other OSes if needed. A new keyword "setcaps" is added to the global section, to enumerate the capabilities that must be kept when switching from root to non-root. This is ignored in other situations though. HAProxy has to be built with USE_LINUX_CAP=1 for this to be supported, which is enabled by default for linux-glibc, linux-glibc-legacy and linux-musl. A good way to test this is to start haproxy with such a config: global uid 1000 setcap cap_net_bind_service frontend test mode http timeout client 3s bind quic4@:443 ssl crt rsa+dh2048.pem allow-0rtt and run it under "sudo strace -e trace=bind,setuid", then connecting there from an H3 client. The bind() syscall must succeed despite the user id having been switched.
2023-08-29 04:24:26 -04:00
#if defined(USE_LINUX_CAP)
if (prepare_caps_for_setuid(from_uid, global.uid) < 0) {
ha_alert("[%s.main()] Cannot switch uid to %d.\n", program_name, global.uid);
protocol_unbind_all();
exit(1);
}
#endif
MINOR: init: avoid code duplication while setting identify since the introduction of mworker, the setuid/setgid was duplicated in two places; try to improve that by creating a dedicated function. this patch does not introduce any functional change. Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2019-11-17 09:47:16 -05:00
if (global.uid && setuid(global.uid) == -1) {
ha_alert("[%s.main()] Cannot set uid %d.\n", program_name, global.uid);
protocol_unbind_all();
exit(1);
}
MEDIUM: capabilities: enable support for Linux capabilities For a while there has been the constraint of having to run as root for transparent proxying, and we're starting to see some cases where QUIC is not running in socket-per-connection mode due to the missing capability that would be needed to bind a privileged port. It's not realistic to ask all QUIC users on port 443 to run as root, so instead let's provide a basic support for capabilities at least on linux. The ones currently supported are cap_net_raw, cap_net_admin and cap_net_bind_service. The mechanism was made OS-specific with a dedicated file because it really is. It can be easily refined later for other OSes if needed. A new keyword "setcaps" is added to the global section, to enumerate the capabilities that must be kept when switching from root to non-root. This is ignored in other situations though. HAProxy has to be built with USE_LINUX_CAP=1 for this to be supported, which is enabled by default for linux-glibc, linux-glibc-legacy and linux-musl. A good way to test this is to start haproxy with such a config: global uid 1000 setcap cap_net_bind_service frontend test mode http timeout client 3s bind quic4@:443 ssl crt rsa+dh2048.pem allow-0rtt and run it under "sudo strace -e trace=bind,setuid", then connecting there from an H3 client. The bind() syscall must succeed despite the user id having been switched.
2023-08-29 04:24:26 -04:00
#if defined(USE_LINUX_CAP)
if (finalize_caps_after_setuid(from_uid, global.uid) < 0) {
ha_alert("[%s.main()] Cannot switch uid to %d.\n", program_name, global.uid);
protocol_unbind_all();
exit(1);
}
#endif
MINOR: init: avoid code duplication while setting identify since the introduction of mworker, the setuid/setgid was duplicated in two places; try to improve that by creating a dedicated function. this patch does not introduce any functional change. Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2019-11-17 09:47:16 -05:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
int main(int argc, char **argv)
{
int err, retry;
struct rlimit limit;
BUG/MEDIUM: workaround an eglibc bug which truncates the pidfiles when nbproc > 1 Thomas Heil reported that when using nbproc > 1, his pidfiles were regularly truncated. The issue could be tracked down to the presence of a call to lseek(pidfile, 0, SEEK_SET) just before the close() call in the children, resulting in the file being truncated by the children while the parent was feeding it. This unexpected lseek() is transparently performed by fclose(). Since there is no way to have the file automatically closed during the fork, the only solution is to bypass the libc and use open/write/close instead of fprintf() and fclose(). The issue was observed on eglibc 2.15.
2012-09-05 02:02:48 -04:00
int pidfd = -1;
BUILD: add detection of missing important CFLAGS Modern compilers love to break existing code, and some options detected at build time (such as -fwrapv) are absolutely critical otherwise some bad code can be generated. Given that some users rely on packages that force CFLAGS without being aware of this and can be hit by runtime bugs, we have to help packagers figure that they need to be careful about their build options. The test here consists in detecting correct wrapping of signed integers. Some of the old code relies on it, and modern compilers recently decided to break it. It's normally addressed using -fwrapv which users will rarely enforce in their own flags. Thus it is a good indicator of missing critical CFLAGS, and it happens to be very easy to detect at run time. Note that the test uses argc in order to have a variable. While gcc ignores wrapping even for constants, clang only ignores it for variables. The way the code is constructed doesn't result in code being emitted for optimized builds thanks to value range propagation. This should address GitHub issue #1315, and should be backported to all stable versions. It may result in instantly breaking binaries that seemed to work fine (typically the ones suddenly showing a busy loop after a few weeks of uptime), and require packagers to fix their flags. The vast majority of distro packages are fine and will not be affected though.
2021-07-14 11:54:01 -04:00
int intovf = (unsigned char)argc + 1; /* let the compiler know it's strictly positive */
BUILD: add detection for unsupported compiler models As reported in github issue #1765, some people get trapped into building haproxy and companion libraries on Windows using a compiler following the LLP64 model. This has no chance to work, and definitely causes nasty bugs everywhere when pointers are passed as longs. Let's save them time and detect this at boot time. The message and detection was factored with the existing one for -fwrapv since we need the same info and actions. This should be backported to all recent supported versions (the ones that are likely to be tried on such platforms when people don't know).
2022-07-21 03:55:22 -04:00
/* Catch broken toolchains */
if (sizeof(long) != sizeof(void *) || (intovf + 0x7FFFFFFF >= intovf)) {
const char *msg;
if (sizeof(long) != sizeof(void *))
/* Apparently MingW64 was not made for us and can also break openssl */
msg = "The compiler this program was built with uses unsupported integral type sizes.\n"
"Most likely it follows the unsupported LLP64 model. Never try to link HAProxy\n"
"against libraries built with that compiler either! Please only use a compiler\n"
"producing ILP32 or LP64 programs for both programs and libraries.\n";
else if (intovf + 0x7FFFFFFF >= intovf)
/* Catch forced CFLAGS that miss 2-complement integer overflow */
msg = "The source code was miscompiled by the compiler, which usually indicates that\n"
"some of the CFLAGS needed to work around overzealous compiler optimizations\n"
"were overwritten at build time. Please do not force CFLAGS, and read Makefile\n"
"and INSTALL files to decide on the best way to pass your local build options.\n";
else
msg = "Bug in the compiler bug detection code, please report it to developers!\n";
BUILD: add detection of missing important CFLAGS Modern compilers love to break existing code, and some options detected at build time (such as -fwrapv) are absolutely critical otherwise some bad code can be generated. Given that some users rely on packages that force CFLAGS without being aware of this and can be hit by runtime bugs, we have to help packagers figure that they need to be careful about their build options. The test here consists in detecting correct wrapping of signed integers. Some of the old code relies on it, and modern compilers recently decided to break it. It's normally addressed using -fwrapv which users will rarely enforce in their own flags. Thus it is a good indicator of missing critical CFLAGS, and it happens to be very easy to detect at run time. Note that the test uses argc in order to have a variable. While gcc ignores wrapping even for constants, clang only ignores it for variables. The way the code is constructed doesn't result in code being emitted for optimized builds thanks to value range propagation. This should address GitHub issue #1315, and should be backported to all stable versions. It may result in instantly breaking binaries that seemed to work fine (typically the ones suddenly showing a busy loop after a few weeks of uptime), and require packagers to fix their flags. The vast majority of distro packages are fine and will not be affected though.
2021-07-14 11:54:01 -04:00
fprintf(stderr,
"FATAL ERROR: invalid code detected -- cannot go further, please recompile!\n"
BUILD: add detection for unsupported compiler models As reported in github issue #1765, some people get trapped into building haproxy and companion libraries on Windows using a compiler following the LLP64 model. This has no chance to work, and definitely causes nasty bugs everywhere when pointers are passed as longs. Let's save them time and detect this at boot time. The message and detection was factored with the existing one for -fwrapv since we need the same info and actions. This should be backported to all recent supported versions (the ones that are likely to be tried on such platforms when people don't know).
2022-07-21 03:55:22 -04:00
"%s"
"\nBuild options :"
BUILD: add detection of missing important CFLAGS Modern compilers love to break existing code, and some options detected at build time (such as -fwrapv) are absolutely critical otherwise some bad code can be generated. Given that some users rely on packages that force CFLAGS without being aware of this and can be hit by runtime bugs, we have to help packagers figure that they need to be careful about their build options. The test here consists in detecting correct wrapping of signed integers. Some of the old code relies on it, and modern compilers recently decided to break it. It's normally addressed using -fwrapv which users will rarely enforce in their own flags. Thus it is a good indicator of missing critical CFLAGS, and it happens to be very easy to detect at run time. Note that the test uses argc in order to have a variable. While gcc ignores wrapping even for constants, clang only ignores it for variables. The way the code is constructed doesn't result in code being emitted for optimized builds thanks to value range propagation. This should address GitHub issue #1315, and should be backported to all stable versions. It may result in instantly breaking binaries that seemed to work fine (typically the ones suddenly showing a busy loop after a few weeks of uptime), and require packagers to fix their flags. The vast majority of distro packages are fine and will not be affected though.
2021-07-14 11:54:01 -04:00
#ifdef BUILD_TARGET
BUILD: add detection for unsupported compiler models As reported in github issue #1765, some people get trapped into building haproxy and companion libraries on Windows using a compiler following the LLP64 model. This has no chance to work, and definitely causes nasty bugs everywhere when pointers are passed as longs. Let's save them time and detect this at boot time. The message and detection was factored with the existing one for -fwrapv since we need the same info and actions. This should be backported to all recent supported versions (the ones that are likely to be tried on such platforms when people don't know).
2022-07-21 03:55:22 -04:00
"\n TARGET = " BUILD_TARGET
BUILD: add detection of missing important CFLAGS Modern compilers love to break existing code, and some options detected at build time (such as -fwrapv) are absolutely critical otherwise some bad code can be generated. Given that some users rely on packages that force CFLAGS without being aware of this and can be hit by runtime bugs, we have to help packagers figure that they need to be careful about their build options. The test here consists in detecting correct wrapping of signed integers. Some of the old code relies on it, and modern compilers recently decided to break it. It's normally addressed using -fwrapv which users will rarely enforce in their own flags. Thus it is a good indicator of missing critical CFLAGS, and it happens to be very easy to detect at run time. Note that the test uses argc in order to have a variable. While gcc ignores wrapping even for constants, clang only ignores it for variables. The way the code is constructed doesn't result in code being emitted for optimized builds thanks to value range propagation. This should address GitHub issue #1315, and should be backported to all stable versions. It may result in instantly breaking binaries that seemed to work fine (typically the ones suddenly showing a busy loop after a few weeks of uptime), and require packagers to fix their flags. The vast majority of distro packages are fine and will not be affected though.
2021-07-14 11:54:01 -04:00
#endif
#ifdef BUILD_CC
BUILD: add detection for unsupported compiler models As reported in github issue #1765, some people get trapped into building haproxy and companion libraries on Windows using a compiler following the LLP64 model. This has no chance to work, and definitely causes nasty bugs everywhere when pointers are passed as longs. Let's save them time and detect this at boot time. The message and detection was factored with the existing one for -fwrapv since we need the same info and actions. This should be backported to all recent supported versions (the ones that are likely to be tried on such platforms when people don't know).
2022-07-21 03:55:22 -04:00
"\n CC = " BUILD_CC
BUILD: add detection of missing important CFLAGS Modern compilers love to break existing code, and some options detected at build time (such as -fwrapv) are absolutely critical otherwise some bad code can be generated. Given that some users rely on packages that force CFLAGS without being aware of this and can be hit by runtime bugs, we have to help packagers figure that they need to be careful about their build options. The test here consists in detecting correct wrapping of signed integers. Some of the old code relies on it, and modern compilers recently decided to break it. It's normally addressed using -fwrapv which users will rarely enforce in their own flags. Thus it is a good indicator of missing critical CFLAGS, and it happens to be very easy to detect at run time. Note that the test uses argc in order to have a variable. While gcc ignores wrapping even for constants, clang only ignores it for variables. The way the code is constructed doesn't result in code being emitted for optimized builds thanks to value range propagation. This should address GitHub issue #1315, and should be backported to all stable versions. It may result in instantly breaking binaries that seemed to work fine (typically the ones suddenly showing a busy loop after a few weeks of uptime), and require packagers to fix their flags. The vast majority of distro packages are fine and will not be affected though.
2021-07-14 11:54:01 -04:00
#endif
#ifdef BUILD_CFLAGS
BUILD: add detection for unsupported compiler models As reported in github issue #1765, some people get trapped into building haproxy and companion libraries on Windows using a compiler following the LLP64 model. This has no chance to work, and definitely causes nasty bugs everywhere when pointers are passed as longs. Let's save them time and detect this at boot time. The message and detection was factored with the existing one for -fwrapv since we need the same info and actions. This should be backported to all recent supported versions (the ones that are likely to be tried on such platforms when people don't know).
2022-07-21 03:55:22 -04:00
"\n CFLAGS = " BUILD_CFLAGS
BUILD: add detection of missing important CFLAGS Modern compilers love to break existing code, and some options detected at build time (such as -fwrapv) are absolutely critical otherwise some bad code can be generated. Given that some users rely on packages that force CFLAGS without being aware of this and can be hit by runtime bugs, we have to help packagers figure that they need to be careful about their build options. The test here consists in detecting correct wrapping of signed integers. Some of the old code relies on it, and modern compilers recently decided to break it. It's normally addressed using -fwrapv which users will rarely enforce in their own flags. Thus it is a good indicator of missing critical CFLAGS, and it happens to be very easy to detect at run time. Note that the test uses argc in order to have a variable. While gcc ignores wrapping even for constants, clang only ignores it for variables. The way the code is constructed doesn't result in code being emitted for optimized builds thanks to value range propagation. This should address GitHub issue #1315, and should be backported to all stable versions. It may result in instantly breaking binaries that seemed to work fine (typically the ones suddenly showing a busy loop after a few weeks of uptime), and require packagers to fix their flags. The vast majority of distro packages are fine and will not be affected though.
2021-07-14 11:54:01 -04:00
#endif
#ifdef BUILD_OPTIONS
BUILD: add detection for unsupported compiler models As reported in github issue #1765, some people get trapped into building haproxy and companion libraries on Windows using a compiler following the LLP64 model. This has no chance to work, and definitely causes nasty bugs everywhere when pointers are passed as longs. Let's save them time and detect this at boot time. The message and detection was factored with the existing one for -fwrapv since we need the same info and actions. This should be backported to all recent supported versions (the ones that are likely to be tried on such platforms when people don't know).
2022-07-21 03:55:22 -04:00
"\n OPTIONS = " BUILD_OPTIONS
BUILD: add detection of missing important CFLAGS Modern compilers love to break existing code, and some options detected at build time (such as -fwrapv) are absolutely critical otherwise some bad code can be generated. Given that some users rely on packages that force CFLAGS without being aware of this and can be hit by runtime bugs, we have to help packagers figure that they need to be careful about their build options. The test here consists in detecting correct wrapping of signed integers. Some of the old code relies on it, and modern compilers recently decided to break it. It's normally addressed using -fwrapv which users will rarely enforce in their own flags. Thus it is a good indicator of missing critical CFLAGS, and it happens to be very easy to detect at run time. Note that the test uses argc in order to have a variable. While gcc ignores wrapping even for constants, clang only ignores it for variables. The way the code is constructed doesn't result in code being emitted for optimized builds thanks to value range propagation. This should address GitHub issue #1315, and should be backported to all stable versions. It may result in instantly breaking binaries that seemed to work fine (typically the ones suddenly showing a busy loop after a few weeks of uptime), and require packagers to fix their flags. The vast majority of distro packages are fine and will not be affected though.
2021-07-14 11:54:01 -04:00
#endif
#ifdef BUILD_DEBUG
BUILD: add detection for unsupported compiler models As reported in github issue #1765, some people get trapped into building haproxy and companion libraries on Windows using a compiler following the LLP64 model. This has no chance to work, and definitely causes nasty bugs everywhere when pointers are passed as longs. Let's save them time and detect this at boot time. The message and detection was factored with the existing one for -fwrapv since we need the same info and actions. This should be backported to all recent supported versions (the ones that are likely to be tried on such platforms when people don't know).
2022-07-21 03:55:22 -04:00
"\n DEBUG = " BUILD_DEBUG
BUILD: add detection of missing important CFLAGS Modern compilers love to break existing code, and some options detected at build time (such as -fwrapv) are absolutely critical otherwise some bad code can be generated. Given that some users rely on packages that force CFLAGS without being aware of this and can be hit by runtime bugs, we have to help packagers figure that they need to be careful about their build options. The test here consists in detecting correct wrapping of signed integers. Some of the old code relies on it, and modern compilers recently decided to break it. It's normally addressed using -fwrapv which users will rarely enforce in their own flags. Thus it is a good indicator of missing critical CFLAGS, and it happens to be very easy to detect at run time. Note that the test uses argc in order to have a variable. While gcc ignores wrapping even for constants, clang only ignores it for variables. The way the code is constructed doesn't result in code being emitted for optimized builds thanks to value range propagation. This should address GitHub issue #1315, and should be backported to all stable versions. It may result in instantly breaking binaries that seemed to work fine (typically the ones suddenly showing a busy loop after a few weeks of uptime), and require packagers to fix their flags. The vast majority of distro packages are fine and will not be affected though.
2021-07-14 11:54:01 -04:00
#endif
BUILD: add detection for unsupported compiler models As reported in github issue #1765, some people get trapped into building haproxy and companion libraries on Windows using a compiler following the LLP64 model. This has no chance to work, and definitely causes nasty bugs everywhere when pointers are passed as longs. Let's save them time and detect this at boot time. The message and detection was factored with the existing one for -fwrapv since we need the same info and actions. This should be backported to all recent supported versions (the ones that are likely to be tried on such platforms when people don't know).
2022-07-21 03:55:22 -04:00
"\n\n", msg);
BUILD: add detection of missing important CFLAGS Modern compilers love to break existing code, and some options detected at build time (such as -fwrapv) are absolutely critical otherwise some bad code can be generated. Given that some users rely on packages that force CFLAGS without being aware of this and can be hit by runtime bugs, we have to help packagers figure that they need to be careful about their build options. The test here consists in detecting correct wrapping of signed integers. Some of the old code relies on it, and modern compilers recently decided to break it. It's normally addressed using -fwrapv which users will rarely enforce in their own flags. Thus it is a good indicator of missing critical CFLAGS, and it happens to be very easy to detect at run time. Note that the test uses argc in order to have a variable. While gcc ignores wrapping even for constants, clang only ignores it for variables. The way the code is constructed doesn't result in code being emitted for optimized builds thanks to value range propagation. This should address GitHub issue #1315, and should be backported to all stable versions. It may result in instantly breaking binaries that seemed to work fine (typically the ones suddenly showing a busy loop after a few weeks of uptime), and require packagers to fix their flags. The vast majority of distro packages are fine and will not be affected though.
2021-07-14 11:54:01 -04:00
return 1;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MINOR: init: make stdout unbuffered printf is unusable for debugging without this, and printf() is not used for anything else.
2018-02-03 09:15:21 -05:00
setvbuf(stdout, NULL, _IONBF, 0);
MINOR: init: process all initcalls in order at boot time main() now iterates over all initcall stages at boot time. This will allow to move init code from constructors to initcalls.
2018-11-25 12:43:29 -05:00
MINOR: global: keep a copy of the initial rlim_fd_cur and rlim_fd_max values Let's keep a copy of these initial values. They will be useful to compute automatic maxconn, as well as to restore proper limits when doing an execve() on external checks.
2019-03-01 04:09:28 -05:00
/* take a copy of initial limits before we possibly change them */
getrlimit(RLIMIT_NOFILE, &limit);
BUG/MINOR: init: only keep rlim_fd_cur if max is unlimited On some operating systems, RLIM_INFINITY is set to -1 so that when the hard limit on the number of FDs is set to unlimited, taking the MAX of both values keeps rlim_fd_cur and everything works. But on other systems this values is defined as the highest positive integer. This is what was observed on a 32-bit AIX 5.1. The effect is that maxsock becomes 2^31-1 and that fdtab allocation fails. Note that a simple workaround consists in manually setting maxconn in the global section. Let's ignore unlimited as soon as we retrieve rlim_fd_max so that all systems behave consistently. This may be backported as far as 2.0, though it doesn't seem like it has annoyed anyone.
2020-10-13 09:36:08 -04:00
if (limit.rlim_max == RLIM_INFINITY)
limit.rlim_max = limit.rlim_cur;
MINOR: global: keep a copy of the initial rlim_fd_cur and rlim_fd_max values Let's keep a copy of these initial values. They will be useful to compute automatic maxconn, as well as to restore proper limits when doing an execve() on external checks.
2019-03-01 04:09:28 -05:00
rlim_fd_cur_at_boot = limit.rlim_cur;
rlim_fd_max_at_boot = limit.rlim_max;
MINOR: init: process all initcalls in order at boot time main() now iterates over all initcall stages at boot time. This will allow to move init code from constructors to initcalls.
2018-11-25 12:43:29 -05:00
/* process all initcalls in order of potential dependency */
RUN_INITCALLS(STG_PREPARE);
RUN_INITCALLS(STG_LOCK);
MEDIUM: initcall: move STG_REGISTER earlier The STG_REGISTER init level is used to register known keywords and protocol stacks. It must be called earlier because some of the init code already relies on it to be known. For example, "haproxy -vv" for now is constrained to start very late only because of this. This patch moves it between STG_LOCK and STG_ALLOC, which is fine as it's used for static registration.
2022-02-18 08:51:49 -05:00
RUN_INITCALLS(STG_REGISTER);
MEDIUM: init: split the early initialization in its own function There are some delicate chicken-and-egg situations in the initialization code, because the init() function currently does way too much (it goes as far as parsing the config) and due to this it must be started very late. But it's also in charge of initializing a number of variables that are needed in early boot (e.g. hostname/pid for error reporting, or entropy for random generators). This patch carefully extracts all the early code that depends on absolutely nothing, and places it immediately after the STG_LOCK init stage. The only possible failures at this stage are only allocation errors and they continue to provoke an immediate exit(). Some environment variables, hostname, date, pid etc are retrieved at this stage. The program's arguments are also copied there since they're needed to be kept intact for the master process.
2022-02-17 11:45:58 -05:00
/* now's time to initialize early boot variables */
init_early(argc, argv);
MEDIUM: init: handle arguments earlier The argument parser runs too late, we'll soon need it before creating pools, hence just after init_early(). No visible change is expected but this part is sensitive enough to be placed into its own commit for easier bisection later if needed.
2022-02-23 11:25:00 -05:00
/* handles argument parsing */
init_args(argc, argv);
MINOR: init: process all initcalls in order at boot time main() now iterates over all initcall stages at boot time. This will allow to move init code from constructors to initcalls.
2018-11-25 12:43:29 -05:00
RUN_INITCALLS(STG_ALLOC);
RUN_INITCALLS(STG_POOL);
MEDIUM: init: initialize the trash earlier More and more utility functions rely on the trash while most of the init code doesn't have access to it because it's initialized very late (in PRE_CHECK for the initial one). It's a pool, and it purposely supports being reallocated, so let's initialize it in STG_POOL so that early STG_INIT code can at least use it.
2023-07-11 12:42:53 -04:00
/* some code really needs to have the trash properly allocated */
if (!trash.area) {
ha_alert("failed to initialize trash buffers.\n");
exit(1);
}
MINOR: init: process all initcalls in order at boot time main() now iterates over all initcall stages at boot time. This will allow to move init code from constructors to initcalls.
2018-11-25 12:43:29 -05:00
RUN_INITCALLS(STG_INIT);
MEDIUM: init: split the early initialization in its own function There are some delicate chicken-and-egg situations in the initialization code, because the init() function currently does way too much (it goes as far as parsing the config) and due to this it must be started very late. But it's also in charge of initializing a number of variables that are needed in early boot (e.g. hostname/pid for error reporting, or entropy for random generators). This patch carefully extracts all the early code that depends on absolutely nothing, and places it immediately after the STG_LOCK init stage. The only possible failures at this stage are only allocation errors and they continue to provoke an immediate exit(). Some environment variables, hostname, date, pid etc are retrieved at this stage. The program's arguments are also copied there since they're needed to be kept intact for the master process.
2022-02-17 11:45:58 -05:00
/* this is the late init where the config is parsed */
[MEDIUM] Enhance message errors management on binds
2010-10-22 10:06:11 -04:00
init(argc, argv);
MEDIUM: init: split the early initialization in its own function There are some delicate chicken-and-egg situations in the initialization code, because the init() function currently does way too much (it goes as far as parsing the config) and due to this it must be started very late. But it's also in charge of initializing a number of variables that are needed in early boot (e.g. hostname/pid for error reporting, or entropy for random generators). This patch carefully extracts all the early code that depends on absolutely nothing, and places it immediately after the STG_LOCK init stage. The only possible failures at this stage are only allocation errors and they continue to provoke an immediate exit(). Some environment variables, hostname, date, pid etc are retrieved at this stage. The program's arguments are also copied there since they're needed to be kept intact for the master process.
2022-02-17 11:45:58 -05:00
[MEDIUM] signals: add support for registering functions and tasks The two new functions below make it possible to register any number of functions or tasks to a system signal. They will be called in the registration order when the signal is received. struct sig_handler *signal_register_fct(int sig, void (*fct)(struct sig_handler *), int arg); struct sig_handler *signal_register_task(int sig, struct task *task, int reason);
2010-08-27 11:56:48 -04:00
signal_register_fct(SIGQUIT, dump, SIGQUIT);
signal_register_fct(SIGUSR1, sig_soft_stop, SIGUSR1);
signal_register_fct(SIGHUP, sig_dump_state, SIGHUP);
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
signal_register_fct(SIGUSR2, NULL, 0);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[BUG] init: unconditionally catch SIGPIPE Apparently some systems define MSG_NOSIGNAL but do not necessarily check it (or maybe binaries are built somewhere and used on older versions). There were reports of very recent FreeBSD setups causing SIGPIPEs, while older ones catch the signal. Recent FreeBSD manpages indeed define MSG_NOSIGNAL. So let's now unconditionnaly catch the signal. It's useless not to do it for the rare cases where it's not needed (linux 2.4 and below).
2010-03-17 13:02:46 -04:00
/* Always catch SIGPIPE even on platforms which define MSG_NOSIGNAL.
* Some recent FreeBSD setups report broken pipes, and MSG_NOSIGNAL
* was defined there, so let's stay on the safe side.
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
*/
[MEDIUM] signals: add support for registering functions and tasks The two new functions below make it possible to register any number of functions or tasks to a system signal. They will be called in the registration order when the signal is received. struct sig_handler *signal_register_fct(int sig, void (*fct)(struct sig_handler *), int arg); struct sig_handler *signal_register_task(int sig, struct task *task, int reason);
2010-08-27 11:56:48 -04:00
signal_register_fct(SIGPIPE, NULL, 0);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[BUG] startup: set the rlimits before binding ports, not after. As reported by the Loadbalancer.org team, it was not possible to bind more than 1024 ports. This is because the process' limits were set after trying to bind the sockets, which defeats their purpose. This fix must be backported to 1.4 and 1.3.
2011-02-16 05:10:36 -05:00
/* ulimits */
if (!global.rlimit_nofile)
global.rlimit_nofile = global.maxsock;
if (global.rlimit_nofile) {
BUG/MINOR: init: never lower rlim_fd_max If a ulimit-n value is set, we must not lower the rlim_max value if the new value is lower, we must only adjust the rlim_cur one. The effect is that on very low values, this could prevent a master-worker reload, or make an external check fail by lack of FDs. This may be backported to 1.9 and earlier, but it depends on this patch "MINOR: global: keep a copy of the initial rlim_fd_cur and rlim_fd_max values".
2019-03-01 04:32:05 -05:00
limit.rlim_cur = global.rlimit_nofile;
limit.rlim_max = MAX(rlim_fd_max_at_boot, limit.rlim_cur);
MINOR: init: add global setting "fd-hard-limit" to bound system limits On some systems, the hard limit for ulimit -n may be huge, in the order of 1 billion, and using this to automatically compute maxconn doesn't work as it requires way too much memory. Users tend to hard-code maxconn but that's not convenient to manage deployments on heterogenous systems, nor when porting configs to developers' machines. The ulimit-n parameter doesn't work either because it forces the limit. What most users seem to want (and it makes sense) is to respect the system imposed limits up to a certain value and cap this value. This is exactly what fd-hard-limit does. This addresses github issue #1622.
2022-04-25 12:02:03 -04:00
if ((global.fd_hard_limit && limit.rlim_cur > global.fd_hard_limit) ||
MINOR: init: do not try to shrink existing RLIMIT_NOFIlE As seen in issue #1866, some environments will not allow to change the current FD limit, and actually we don't need to do it, we only do it as a byproduct of adjusting the limit to the one that fits. Here we're replacing calls to setrlimit() with calls to raise_rlim_nofile(), which will avoid making the setrlimit() syscall in case the desired value is lower than the current process' one. This depends on previous commit "MINOR: fd: add a new function to only raise RLIMIT_NOFILE" and may need to be backported to 2.6, possibly earlier, depending on users' experience in such environments.
2022-09-22 10:12:08 -04:00
raise_rlim_nofile(NULL, &limit) != 0) {
BUG/MINOR: init: always ensure that global.rlimit_nofile matches actual limits global.rlimit_nofile contains the mxa number of file descriptors that can be allocated, except if the user is not allowed to reach this limit, where it still contains the initially requested value. It is important that this value always matches what is really configured so that it is properly reported in the stats and that we can use it later to close all FDs without wasting time closing impossible FDs. This fix may be backported to 1.6 and 1.5.
2016-06-21 05:48:18 -04:00
getrlimit(RLIMIT_NOFILE, &limit);
MINOR: init: add global setting "fd-hard-limit" to bound system limits On some systems, the hard limit for ulimit -n may be huge, in the order of 1 billion, and using this to automatically compute maxconn doesn't work as it requires way too much memory. Users tend to hard-code maxconn but that's not convenient to manage deployments on heterogenous systems, nor when porting configs to developers' machines. The ulimit-n parameter doesn't work either because it forces the limit. What most users seem to want (and it makes sense) is to respect the system imposed limits up to a certain value and cap this value. This is exactly what fd-hard-limit does. This addresses github issue #1622.
2022-04-25 12:02:03 -04:00
if (global.fd_hard_limit && limit.rlim_cur > global.fd_hard_limit)
limit.rlim_cur = global.fd_hard_limit;
MINOR: init: always fail when setrlimit fails this patch introduces a strict-limits parameter which enforces the setrlimit setting instead of a warning. This option can be forcingly disable with the "no" keyword. The general aim of this patch is to avoid bad surprises on a production environment where you change the maxconn for example, a new fd limit is calculated, but cannot be set because of sysfs setting. In that case you might want to have an explicit failure to be aware of it before seeing your traffic going down. During a global rollout it is also useful to explictly fail as most progressive rollout would simply check the general health check of the process. As discussed, plan to use the strict by default mode starting from v2.3. Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2019-10-27 15:08:11 -04:00
if (global.tune.options & GTUNE_STRICT_LIMITS) {
ha_alert("[%s.main()] Cannot raise FD limit to %d, limit is %d.\n",
argv[0], global.rlimit_nofile, (int)limit.rlim_cur);
BUG/MINOR: init: enforce strict-limits when using master-worker The strict-limits global option was introduced with commit 0fec3ab7b ("MINOR: init: always fail when setrlimit fails"). When used in conjuction with master-worker, haproxy will not fail when a setrlimit fails. This happens because we only exit() if master-worker isn't used. This patch removes all tests for master-worker mode for all cases covered by strict-limits scope. This should be backported from 2.1 onward. This should fix issue #1042. Reviewed by William Dauchy <wdauchy@gmail.com>
2021-01-12 14:19:38 -05:00
exit(1);
MINOR: init: always fail when setrlimit fails this patch introduces a strict-limits parameter which enforces the setrlimit setting instead of a warning. This option can be forcingly disable with the "no" keyword. The general aim of this patch is to avoid bad surprises on a production environment where you change the maxconn for example, a new fd limit is calculated, but cannot be set because of sysfs setting. In that case you might want to have an explicit failure to be aware of it before seeing your traffic going down. During a global rollout it is also useful to explictly fail as most progressive rollout would simply check the general health check of the process. As discussed, plan to use the strict by default mode starting from v2.3. Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2019-10-27 15:08:11 -04:00
}
else {
/* try to set it to the max possible at least */
limit.rlim_cur = limit.rlim_max;
MINOR: init: add global setting "fd-hard-limit" to bound system limits On some systems, the hard limit for ulimit -n may be huge, in the order of 1 billion, and using this to automatically compute maxconn doesn't work as it requires way too much memory. Users tend to hard-code maxconn but that's not convenient to manage deployments on heterogenous systems, nor when porting configs to developers' machines. The ulimit-n parameter doesn't work either because it forces the limit. What most users seem to want (and it makes sense) is to respect the system imposed limits up to a certain value and cap this value. This is exactly what fd-hard-limit does. This addresses github issue #1622.
2022-04-25 12:02:03 -04:00
if (global.fd_hard_limit && limit.rlim_cur > global.fd_hard_limit)
limit.rlim_cur = global.fd_hard_limit;
MINOR: init: do not try to shrink existing RLIMIT_NOFIlE As seen in issue #1866, some environments will not allow to change the current FD limit, and actually we don't need to do it, we only do it as a byproduct of adjusting the limit to the one that fits. Here we're replacing calls to setrlimit() with calls to raise_rlim_nofile(), which will avoid making the setrlimit() syscall in case the desired value is lower than the current process' one. This depends on previous commit "MINOR: fd: add a new function to only raise RLIMIT_NOFILE" and may need to be backported to 2.6, possibly earlier, depending on users' experience in such environments.
2022-09-22 10:12:08 -04:00
if (raise_rlim_nofile(&limit, &limit) == 0)
MINOR: init: always fail when setrlimit fails this patch introduces a strict-limits parameter which enforces the setrlimit setting instead of a warning. This option can be forcingly disable with the "no" keyword. The general aim of this patch is to avoid bad surprises on a production environment where you change the maxconn for example, a new fd limit is calculated, but cannot be set because of sysfs setting. In that case you might want to have an explicit failure to be aware of it before seeing your traffic going down. During a global rollout it is also useful to explictly fail as most progressive rollout would simply check the general health check of the process. As discussed, plan to use the strict by default mode starting from v2.3. Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2019-10-27 15:08:11 -04:00
getrlimit(RLIMIT_NOFILE, &limit);
MINOR: config: make strict limits enabled by default as agreed a few months ago, enable strict-limits for v2.3 update configuration manual accordingly Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2020-03-28 14:29:58 -04:00
ha_warning("[%s.main()] Cannot raise FD limit to %d, limit is %d.\n",
MINOR: init: always fail when setrlimit fails this patch introduces a strict-limits parameter which enforces the setrlimit setting instead of a warning. This option can be forcingly disable with the "no" keyword. The general aim of this patch is to avoid bad surprises on a production environment where you change the maxconn for example, a new fd limit is calculated, but cannot be set because of sysfs setting. In that case you might want to have an explicit failure to be aware of it before seeing your traffic going down. During a global rollout it is also useful to explictly fail as most progressive rollout would simply check the general health check of the process. As discussed, plan to use the strict by default mode starting from v2.3. Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2019-10-27 15:08:11 -04:00
argv[0], global.rlimit_nofile, (int)limit.rlim_cur);
global.rlimit_nofile = limit.rlim_cur;
}
[BUG] startup: set the rlimits before binding ports, not after. As reported by the Loadbalancer.org team, it was not possible to bind more than 1024 ports. This is because the process' limits were set after trying to bind the sockets, which defeats their purpose. This fix must be backported to 1.4 and 1.3.
2011-02-16 05:10:36 -05:00
}
}
if (global.rlimit_memmax) {
limit.rlim_cur = limit.rlim_max =
BUG/MEDIUM: config: properly adjust maxconn with nbproc when memmax is forced When memmax is forced using "-m", the per-process memory limit is enforced using setrlimit(), but this value is not used to compute the automatic maxconn limit. In addition, the per-process memory limit didn't consider the fact that the shared SSL cache only needs to be accounted once. The doc was also fixed to clearly state that "-m" is global and not per process. It makes sense because people who use -m want to protect the system's resources regardless of whatever appears in the configuration.
2015-12-14 06:46:07 -05:00
global.rlimit_memmax * 1048576ULL;
[BUG] startup: set the rlimits before binding ports, not after. As reported by the Loadbalancer.org team, it was not possible to bind more than 1024 ports. This is because the process' limits were set after trying to bind the sockets, which defeats their purpose. This fix must be backported to 1.4 and 1.3.
2011-02-16 05:10:36 -05:00
if (setrlimit(RLIMIT_DATA, &limit) == -1) {
MINOR: init: always fail when setrlimit fails this patch introduces a strict-limits parameter which enforces the setrlimit setting instead of a warning. This option can be forcingly disable with the "no" keyword. The general aim of this patch is to avoid bad surprises on a production environment where you change the maxconn for example, a new fd limit is calculated, but cannot be set because of sysfs setting. In that case you might want to have an explicit failure to be aware of it before seeing your traffic going down. During a global rollout it is also useful to explictly fail as most progressive rollout would simply check the general health check of the process. As discussed, plan to use the strict by default mode starting from v2.3. Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2019-10-27 15:08:11 -04:00
if (global.tune.options & GTUNE_STRICT_LIMITS) {
ha_alert("[%s.main()] Cannot fix MEM limit to %d megs.\n",
argv[0], global.rlimit_memmax);
BUG/MINOR: init: enforce strict-limits when using master-worker The strict-limits global option was introduced with commit 0fec3ab7b ("MINOR: init: always fail when setrlimit fails"). When used in conjuction with master-worker, haproxy will not fail when a setrlimit fails. This happens because we only exit() if master-worker isn't used. This patch removes all tests for master-worker mode for all cases covered by strict-limits scope. This should be backported from 2.1 onward. This should fix issue #1042. Reviewed by William Dauchy <wdauchy@gmail.com>
2021-01-12 14:19:38 -05:00
exit(1);
MINOR: init: always fail when setrlimit fails this patch introduces a strict-limits parameter which enforces the setrlimit setting instead of a warning. This option can be forcingly disable with the "no" keyword. The general aim of this patch is to avoid bad surprises on a production environment where you change the maxconn for example, a new fd limit is calculated, but cannot be set because of sysfs setting. In that case you might want to have an explicit failure to be aware of it before seeing your traffic going down. During a global rollout it is also useful to explictly fail as most progressive rollout would simply check the general health check of the process. As discussed, plan to use the strict by default mode starting from v2.3. Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2019-10-27 15:08:11 -04:00
}
else
MINOR: config: make strict limits enabled by default as agreed a few months ago, enable strict-limits for v2.3 update configuration manual accordingly Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2020-03-28 14:29:58 -04:00
ha_warning("[%s.main()] Cannot fix MEM limit to %d megs.\n",
MINOR: init: always fail when setrlimit fails this patch introduces a strict-limits parameter which enforces the setrlimit setting instead of a warning. This option can be forcingly disable with the "no" keyword. The general aim of this patch is to avoid bad surprises on a production environment where you change the maxconn for example, a new fd limit is calculated, but cannot be set because of sysfs setting. In that case you might want to have an explicit failure to be aware of it before seeing your traffic going down. During a global rollout it is also useful to explictly fail as most progressive rollout would simply check the general health check of the process. As discussed, plan to use the strict by default mode starting from v2.3. Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2019-10-27 15:08:11 -04:00
argv[0], global.rlimit_memmax);
[BUG] startup: set the rlimits before binding ports, not after. As reported by the Loadbalancer.org team, it was not possible to bind more than 1024 ports. This is because the process' limits were set after trying to bind the sockets, which defeats their purpose. This fix must be backported to 1.4 and 1.3.
2011-02-16 05:10:36 -05:00
}
}
MEDIUM: capabilities: check process capabilities sets Since the Linux capabilities support add-on (see the commit bd84387beb26 ("MEDIUM: capabilities: enable support for Linux capabilities")), we can also check haproxy process effective and permitted capabilities sets, when it starts and runs as non-root. Like this, if needed network capabilities are presented only in the process permitted set, we can get this information with capget and put them in the process effective set via capset. To do this properly, let's introduce prepare_caps_from_permitted_set(). First, it checks if binary effective set has CAP_NET_ADMIN or CAP_NET_RAW. If there is a match, LSTCHK_NETADM is removed from global.last_checks list to avoid warning, because in the initialization sequence some last configuration checks are based on LSTCHK_NETADM flag and haproxy process euid may stay unpriviledged. If there are no CAP_NET_ADMIN and CAP_NET_RAW in the effective set, permitted set will be checked and only capabilities given in 'setcap' keyword will be promoted in the process effective set. LSTCHK_NETADM will be also removed in this case by the same reason. In order to be transparent, we promote from permitted set only capabilities given by user in 'setcap' keyword. So, if caplist doesn't include CAP_NET_ADMIN or CAP_NET_RAW, LSTCHK_NETADM would not be unset and warning about missing priviledges will be emitted at initialization. Need to call it before protocol_bind_all() to allow binding to priviledged ports under non-root and 'setcap cap_net_bind_service' must be set in the global section in this case.
2024-03-15 13:02:05 -04:00
#if defined(USE_LINUX_CAP)
/* If CAP_NET_BIND_SERVICE is in binary file permitted set and process
* is started and run under the same non-root user, this allows
CLEANUP: assorted typo fixes in the code and comments This is 41st iteration of typo fixes
2024-04-14 03:23:52 -04:00
* binding to privileged ports.
MEDIUM: capabilities: check process capabilities sets Since the Linux capabilities support add-on (see the commit bd84387beb26 ("MEDIUM: capabilities: enable support for Linux capabilities")), we can also check haproxy process effective and permitted capabilities sets, when it starts and runs as non-root. Like this, if needed network capabilities are presented only in the process permitted set, we can get this information with capget and put them in the process effective set via capset. To do this properly, let's introduce prepare_caps_from_permitted_set(). First, it checks if binary effective set has CAP_NET_ADMIN or CAP_NET_RAW. If there is a match, LSTCHK_NETADM is removed from global.last_checks list to avoid warning, because in the initialization sequence some last configuration checks are based on LSTCHK_NETADM flag and haproxy process euid may stay unpriviledged. If there are no CAP_NET_ADMIN and CAP_NET_RAW in the effective set, permitted set will be checked and only capabilities given in 'setcap' keyword will be promoted in the process effective set. LSTCHK_NETADM will be also removed in this case by the same reason. In order to be transparent, we promote from permitted set only capabilities given by user in 'setcap' keyword. So, if caplist doesn't include CAP_NET_ADMIN or CAP_NET_RAW, LSTCHK_NETADM would not be unset and warning about missing priviledges will be emitted at initialization. Need to call it before protocol_bind_all() to allow binding to priviledged ports under non-root and 'setcap cap_net_bind_service' must be set in the global section in this case.
2024-03-15 13:02:05 -04:00
*/
prepare_caps_from_permitted_set(geteuid(), global.uid, argv[0]);
#endif
BUG/MEDIUM: mworker: don't use _getsocks in wait mode Since version 2.5 the master is automatically re-executed in wait-mode when the config is successfully loaded, puting corner cases of the wait mode in plain sight. When using the -x argument and with the right timing, the master will try to get the FDs again in wait mode even through it's not needed anymore, which will harm the worker by removing its listeners. However, if it fails, (and it's suppose to, sometimes), the master will exit with EXIT_FAILURE because it does not have the MODE_MWORKER flag, but only the MODE_MWORKER_WAIT flag. With the consequence of killing the workers. This patch fixes the issue by restricting the use of _getsocks to some modes. This patch must be backported in every version supported, even through the impact should me more harmless in version prior to 2.5.
2022-01-07 12:19:42 -05:00
/* Try to get the listeners FD from the previous process using
* _getsocks on the stat socket, it must never been done in wait mode
* and check mode
*/
if (old_unixsocket &&
!(global.mode & (MODE_MWORKER_WAIT|MODE_CHECK|MODE_CHECK_CONDITION))) {
MEDIUM: mworker: try to guess the next stats socket to use with -x In master worker mode, you can't specify the stats socket where you get your listeners FDs on a reload, because the command line of the re-exec is launched by the master. To solve the problem, when -x is found on the command line, its parameter is rewritten on a reexec with the first stats socket with the capability to send sockets. It tries to reuse the original parameter if it has this capability.
2017-06-01 11:38:53 -04:00
if (strcmp("/dev/null", old_unixsocket) != 0) {
REORG: sock: move get_old_sockets() from haproxy.c The new function was called sock_get_old_sockets() and was left as-is except a minimum amount of style lifting to make it more readable. It will never be awesome anyway since it's used very early in the boot sequence and needs to perform socket I/O without any external help.
2020-08-28 12:42:45 -04:00
if (sock_get_old_sockets(old_unixsocket) != 0) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Failed to get the sockets from the old process!\n");
MEDIUM: mworker: try to guess the next stats socket to use with -x In master worker mode, you can't specify the stats socket where you get your listeners FDs on a reload, because the command line of the re-exec is launched by the master. To solve the problem, when -x is found on the command line, its parameter is rewritten on a reexec with the first stats socket with the capability to send sockets. It tries to reuse the original parameter if it has this capability.
2017-06-01 11:38:53 -04:00
if (!(global.mode & MODE_MWORKER))
exit(1);
}
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
}
}
MEDIUM: mworker: try to guess the next stats socket to use with -x In master worker mode, you can't specify the stats socket where you get your listeners FDs on a reload, because the command line of the re-exec is launched by the master. To solve the problem, when -x is found on the command line, its parameter is rewritten on a reexec with the first stats socket with the capability to send sockets. It tries to reuse the original parameter if it has this capability.
2017-06-01 11:38:53 -04:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* We will loop at most 100 times with 10 ms delay each time.
* That's at most 1 second. We only send a signal to old pids
* if we cannot grab at least one port.
*/
retry = MAX_START_RETRIES;
err = ERR_NONE;
while (retry >= 0) {
struct timeval w;
MAJOR: init: start all listeners via protocols and not via proxies anymore Ever since the protocols were added in 1.3.13, listeners used to be started twice: - once by start_proxies(), which iteratees over all proxies then all listeners ; - once by protocol_bind_all() which iterates over all protocols then all listeners ; It's a real mess because error reporting is not even consistent, and more importantly now that some protocols do not appear in regular proxies (peers, logs), there is no way to retry their binding should it fail on the last step. What this patch does is to make sure that listeners are exclusively started by protocols. The failure to start a listener now causes the emission of an error indicating the proxy's name (as it used to be the case per proxy), and retryable failures are silently ignored during all but last attempts. The start_proxies() function was kept solely for setting the proxy's state to READY and emitting the "Proxy started" message and log that some have likely got used to seeking in their logs.
2020-09-02 05:11:43 -04:00
err = protocol_bind_all(retry == 0 || nb_oldpids == 0);
[BUG] hot reconfiguration failed because of a wrong error check The error check in return of start_proxies checked for exact ERR_RETRYABLE but did not consider the return as a bit field. The function returned both ERR_RETRYABLE and ERR_ALERT, hence the problem.
2007-12-20 17:05:50 -05:00
/* exit the loop on no error or fatal error */
if ((err & (ERR_RETRYABLE|ERR_FATAL)) != ERR_RETRYABLE)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
break;
[MINOR] startup: don't wait for nothing when no old pid remains In case of binding failure during startup, we wait for some time sending signals to old pids so that they release the ports we need. But if there aren't any old pids anymore, it's useless to wait, we prefer to fail fast. Along with this change, we now have the number of old pids really found in the nb_oldpids variable.
2010-08-25 06:58:59 -04:00
if (nb_oldpids == 0 || retry == 0)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
break;
/* FIXME-20060514: Solaris and OpenBSD do not support shutdown() on
* listening sockets. So on those platforms, it would be wiser to
* simply send SIGUSR1, which will not be undoable.
*/
[MINOR] startup: don't wait for nothing when no old pid remains In case of binding failure during startup, we wait for some time sending signals to old pids so that they release the ports we need. But if there aren't any old pids anymore, it's useless to wait, we prefer to fail fast. Along with this change, we now have the number of old pids really found in the nb_oldpids variable.
2010-08-25 06:58:59 -04:00
if (tell_old_pids(SIGTTOU) == 0) {
/* no need to wait if we can't contact old pids */
retry = 0;
continue;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* give some time to old processes to stop listening */
w.tv_sec = 0;
w.tv_usec = 10*1000;
select(0, NULL, NULL, NULL, &w);
retry--;
}
MAJOR: init: start all listeners via protocols and not via proxies anymore Ever since the protocols were added in 1.3.13, listeners used to be started twice: - once by start_proxies(), which iteratees over all proxies then all listeners ; - once by protocol_bind_all() which iterates over all protocols then all listeners ; It's a real mess because error reporting is not even consistent, and more importantly now that some protocols do not appear in regular proxies (peers, logs), there is no way to retry their binding should it fail on the last step. What this patch does is to make sure that listeners are exclusively started by protocols. The failure to start a listener now causes the emission of an error indicating the proxy's name (as it used to be the case per proxy), and retryable failures are silently ignored during all but last attempts. The start_proxies() function was kept solely for setting the proxy's state to READY and emitting the "Proxy started" message and log that some have likely got used to seeking in their logs.
2020-09-02 05:11:43 -04:00
/* Note: protocol_bind_all() sends an alert when it fails. */
[BUG] we must not exit if protocol binding only returns a warning Right now, protocol binding cannot return a warning, but when this will happen, we must not exit but just print the warning.
2009-02-04 11:05:23 -05:00
if ((err & ~ERR_WARN) != ERR_NONE) {
MAJOR: init: start all listeners via protocols and not via proxies anymore Ever since the protocols were added in 1.3.13, listeners used to be started twice: - once by start_proxies(), which iteratees over all proxies then all listeners ; - once by protocol_bind_all() which iterates over all protocols then all listeners ; It's a real mess because error reporting is not even consistent, and more importantly now that some protocols do not appear in regular proxies (peers, logs), there is no way to retry their binding should it fail on the last step. What this patch does is to make sure that listeners are exclusively started by protocols. The failure to start a listener now causes the emission of an error indicating the proxy's name (as it used to be the case per proxy), and retryable failures are silently ignored during all but last attempts. The start_proxies() function was kept solely for setting the proxy's state to READY and emitting the "Proxy started" message and log that some have likely got used to seeking in their logs.
2020-09-02 05:11:43 -04:00
ha_alert("[%s.main()] Some protocols failed to start their listeners! Exiting.\n", argv[0]);
MINOR: haproxy: always protocol unbind on startup error path In haproxy startup, all init error paths after the protocol bind step cautiously call protocol_unbind_all() before exiting except one that was conditional. We're not making an exception to the rule and we now properly call protocol_unbind_all() as well. No backport needed as this patch is unnoticeable.
2023-01-17 10:30:52 -05:00
if (retry != MAX_START_RETRIES && nb_oldpids)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
tell_old_pids(SIGTTIN);
MINOR: haproxy: always protocol unbind on startup error path In haproxy startup, all init error paths after the protocol bind step cautiously call protocol_unbind_all() before exiting except one that was conditional. We're not making an exception to the rule and we now properly call protocol_unbind_all() as well. No backport needed as this patch is unnoticeable.
2023-01-17 10:30:52 -05:00
protocol_unbind_all(); /* cleanup everything we can */
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
exit(1);
}
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
if (!(global.mode & MODE_MWORKER_WAIT) && listeners == 0) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("[%s.main()] No enabled listener found (check for 'bind' directives) ! Exiting.\n", argv[0]);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* Note: we don't have to send anything to the old pids because we
* never stopped them. */
exit(1);
}
MAJOR: init: start all listeners via protocols and not via proxies anymore Ever since the protocols were added in 1.3.13, listeners used to be started twice: - once by start_proxies(), which iteratees over all proxies then all listeners ; - once by protocol_bind_all() which iterates over all protocols then all listeners ; It's a real mess because error reporting is not even consistent, and more importantly now that some protocols do not appear in regular proxies (peers, logs), there is no way to retry their binding should it fail on the last step. What this patch does is to make sure that listeners are exclusively started by protocols. The failure to start a listener now causes the emission of an error indicating the proxy's name (as it used to be the case per proxy), and retryable failures are silently ignored during all but last attempts. The start_proxies() function was kept solely for setting the proxy's state to READY and emitting the "Proxy started" message and log that some have likely got used to seeking in their logs.
2020-09-02 05:11:43 -04:00
/* Ok, all listeners should now be bound, close any leftover sockets
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
* the previous process gave us, we don't need them anymore
*/
MINOR: sock: move the unused socket cleaning code into its own function The startup code used to scan the list of unused sockets retrieved from an older process, and to close them one by one. This also required that the knowledge of the internal storage of these temporary sockets was known from outside sock.c and that the code was copy-pasted at every call place. This patch moves this into sock.c under the name sock_drop_unused_old_sockets(), and removes the xfer_sock_list definition from sock.h since the rest of the code doesn't need to know this. This cleanup is minimal and preliminary to a future fix that will need to be backported to all versions featuring FD transfers over the CLI.
2022-01-28 12:28:18 -05:00
sock_drop_unused_old_sockets();
[MAJOR] added generic protocol support A new generic protocol mechanism has been added. It provides an easy method to implement new protocols with different listeners (eg: unix sockets). The listeners are automatically started at the right moment and enabled after the possible fork().
2007-10-16 06:25:14 -04:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* prepare pause/play signals */
[MEDIUM] signals: add support for registering functions and tasks The two new functions below make it possible to register any number of functions or tasks to a system signal. They will be called in the registration order when the signal is received. struct sig_handler *signal_register_fct(int sig, void (*fct)(struct sig_handler *), int arg); struct sig_handler *signal_register_task(int sig, struct task *task, int reason);
2010-08-27 11:56:48 -04:00
signal_register_fct(SIGTTOU, sig_pause, SIGTTOU);
signal_register_fct(SIGTTIN, sig_listen, SIGTTIN);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* MODE_QUIET can inhibit alerts and warnings below this line */
BUG/MEDIUM: mworker: don't close stdio several time This patch makes sure that a frontend socket that gets created after initialization won't be closed when the master gets re-executed. When used in daemon mode, the master-worker is closing the FDs 0, 1, 2 after the fork of the children. When the master was reloading, those FDs were assigned again during the parsing of the configuration (probably for some listeners), and the workers were closing them thinking it was the stdio. This patch must be backported to 1.8.
2017-12-25 15:03:31 -05:00
if (getenv("HAPROXY_MWORKER_REEXEC") != NULL) {
/* either stdin/out/err are already closed or should stay as they are. */
if ((global.mode & MODE_DAEMON)) {
/* daemon mode re-executing, stdin/stdout/stderr are already closed so keep quiet */
global.mode &= ~MODE_VERBOSE;
global.mode |= MODE_QUIET; /* ensure that we won't say anything from now */
}
} else {
if ((global.mode & MODE_QUIET) && !(global.mode & MODE_VERBOSE)) {
/* detach from the tty */
MINOR: don't close stdio anymore Closing the standard IO FDs (0,1,2) can be troublesome, especially in the case of the master-worker. Instead of closing those FDs, they are now pointing to /dev/null which prevents sending debugging messages to the wrong FDs. This patch could be backported in 1.8.
2017-12-28 10:09:36 -05:00
stdio_quiet(-1);
BUG/MEDIUM: mworker: don't close stdio several time This patch makes sure that a frontend socket that gets created after initialization won't be closed when the master gets re-executed. When used in daemon mode, the master-worker is closing the FDs 0, 1, 2 after the fork of the children. When the master was reloading, those FDs were assigned again during the parsing of the configuration (probably for some listeners), and the workers were closing them thinking it was the stdio. This patch must be backported to 1.8.
2017-12-25 15:03:31 -05:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
/* open log & pid files before the chroot */
BUG/MINOR: mworker: does not erase the pidfile upon reload When started in master-worker mode combined with daemon mode, HAProxy will open() with O_TRUNC the pidfile when switching to wait mode. In 2.5, it happens everytime after trying to load the configuration, since we switch to wait mode. In previous version this happens upon a failure of the configuration loading. Fixes bug #1545. Must be backported in every supported branches.
2022-02-14 03:02:14 -05:00
if ((global.mode & MODE_DAEMON || global.mode & MODE_MWORKER) &&
!(global.mode & MODE_MWORKER_WAIT) && global.pidfile != NULL) {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
unlink(global.pidfile);
pidfd = open(global.pidfile, O_CREAT | O_WRONLY | O_TRUNC, 0644);
if (pidfd < 0) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("[%s.main()] Cannot create pidfile %s\n", argv[0], global.pidfile);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (nb_oldpids)
tell_old_pids(SIGTTIN);
[MAJOR] added generic protocol support A new generic protocol mechanism has been added. It provides an easy method to implement new protocols with different listeners (eg: unix sockets). The listeners are automatically started at the right moment and enabled after the possible fork().
2007-10-16 06:25:14 -04:00
protocol_unbind_all();
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
exit(1);
}
}
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
if ((global.mode & (MODE_MWORKER|MODE_DAEMON)) == 0) {
/* chroot if needed */
if (global.chroot != NULL) {
if (chroot(global.chroot) == -1 || chdir("/") == -1) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("[%s.main()] Cannot chroot(%s).\n", argv[0], global.chroot);
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
if (nb_oldpids)
tell_old_pids(SIGTTIN);
protocol_unbind_all();
exit(1);
}
[MEDIUM] fixed call to chroot() during startup It wasn't very wise to chroot() early during the startup. Also, the exit() was missing if the chroot() failed.
2007-10-15 12:57:08 -04:00
}
}
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
if (nb_oldpids && !(global.mode & MODE_MWORKER_WAIT))
[MINOR] startup: don't wait for nothing when no old pid remains In case of binding failure during startup, we wait for some time sending signals to old pids so that they release the ports we need. But if there aren't any old pids anymore, it's useless to wait, we prefer to fail fast. Along with this change, we now have the number of old pids really found in the nb_oldpids variable.
2010-08-25 06:58:59 -04:00
nb_oldpids = tell_old_pids(oldpids_sig);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MINOR: mworker: support a configurable maximum number of reloads This patch implements a new global parameter for the master-worker mode. When setting the mworker-max-reloads value, a worker receive a SIGTERM if its number of reloads is greater than this value.
2019-05-07 11:49:33 -04:00
/* send a SIGTERM to workers who have a too high reloads number */
if ((global.mode & MODE_MWORKER) && !(global.mode & MODE_MWORKER_WAIT))
mworker_kill_max_reloads(SIGTERM);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* Note that any error at this stage will be fatal because we will not
* be able to restart the old pids.
*/
MINOR: init: avoid code duplication while setting identify since the introduction of mworker, the setuid/setgid was duplicated in two places; try to improve that by creating a dedicated function. this patch does not introduce any functional change. Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2019-11-17 09:47:16 -05:00
if ((global.mode & (MODE_MWORKER | MODE_DAEMON)) == 0)
set_identity(argv[0]);
MINOR: init: add a "set-dumpable" global directive to enable core dumps It's always a pain to get a core dump when enabling user/group setting (which disables the dumpable flag on Linux), when using a chroot and/or when haproxy is started by a service management tool which requires complex operations to just raise the core dump limit. This patch introduces a new "set-dumpable" global directive to work around these troubles by doing the following : - remove file size limits (equivalent of ulimit -f unlimited) - remove core size limits (equivalent of ulimit -c unlimited) - mark the process dumpable again (equivalent of suid_dumpable=1) Some of these will depend on the operating system. This way it becomes much easier to retrieve a core file. Temporarily moving the chroot to a user-writable place generally enough.
2019-04-15 13:38:50 -04:00
MINOR: capabilities: add cap_sys_admin support If 'namespace' keyword is used in the backend server settings or/and in the bind string, it means that haproxy process will call setns() to change its default namespace to the configured one and then, it will create a socket in this new namespace. setns() syscall requires CAP_SYS_ADMIN capability in the process Effective set (see man 2 setns). Otherwise, the process must be run as root. To avoid to run haproxy as root, let's add cap_sys_admin capability in the same way as we already added the support for some other network capabilities. As CAP_SYS_ADMIN belongs to CAP_SYS_* capabilities type, let's add a separate flag LSTCHK_SYSADM for it. This flag is set, if the 'namespace' keyword was found during configuration parsing. The flag may be unset only in prepare_caps_for_setuid() or in prepare_caps_from_permitted_set(), which inspect process EUID/RUID and Effective and Permitted capabilities sets. If system doesn't support Linux capabilities or 'cap_sys_admin' was not set in 'setcap', but 'namespace' keyword is presented in the configuration, we keep the previous strict behaviour. Process, that has changed uid to the non-priviledged user, will terminate with alert. This alert invites the user to recheck its configuration. In the case, when haproxy will start and run under a non-root user and 'cap_sys_admin' is not set, but 'namespace' keyword is presented, this patch does not change previous behaviour as well. We'll still let the user to try its configuration, but we inform via warning, that unexpected things, like socket creation errors, may occur.
2024-04-26 15:47:54 -04:00
/* set_identity() above might have dropped LSTCHK_NETADM or/and
* LSTCHK_SYSADM if it changed to a new UID while preserving enough
* permissions to honnor LSTCHK_NETADM/LSTCHK_SYSADM.
BUG/MINOR: init: relax LSTCHK_NETADM checks for non root Linux capabilities support and ability to preserve it for running process after switching to a global.uid was added recently by the commit bd84387beb26 ("MEDIUM: capabilities: enable support for Linux capabilities")). This new feature hasn't yet been taken into account by last config checks, which are performed at initialization stage. So, to update it, let's perform it after set_identity() call. Like this, current EUID is already changed to a global.uid and prepare_caps_for_setuid() would unset LSTCHK_NETADM flag, only if capabilities given in the 'setcap' keyword in the configuration file were preserved. Otherwise, if system doesn't support Linux capabilities or they were not set via 'setcap', we keep the previous strict behaviour: process will terminate with an alert, in order to insist that user: either needs to change run UID (worst case: start and run as root), or he needs to set/recheck capabilities listed as 'setcap' arguments. In the case, when haproxy will start and run under a non-root user this patch doesn't change the previous behaviour: we'll still let him try the configuration, but we inform via warning that unexpected things may occur. Need to be backported until v2.9, including v2.9.
2024-03-18 09:50:26 -04:00
*/
MINOR: capabilities: add cap_sys_admin support If 'namespace' keyword is used in the backend server settings or/and in the bind string, it means that haproxy process will call setns() to change its default namespace to the configured one and then, it will create a socket in this new namespace. setns() syscall requires CAP_SYS_ADMIN capability in the process Effective set (see man 2 setns). Otherwise, the process must be run as root. To avoid to run haproxy as root, let's add cap_sys_admin capability in the same way as we already added the support for some other network capabilities. As CAP_SYS_ADMIN belongs to CAP_SYS_* capabilities type, let's add a separate flag LSTCHK_SYSADM for it. This flag is set, if the 'namespace' keyword was found during configuration parsing. The flag may be unset only in prepare_caps_for_setuid() or in prepare_caps_from_permitted_set(), which inspect process EUID/RUID and Effective and Permitted capabilities sets. If system doesn't support Linux capabilities or 'cap_sys_admin' was not set in 'setcap', but 'namespace' keyword is presented in the configuration, we keep the previous strict behaviour. Process, that has changed uid to the non-priviledged user, will terminate with alert. This alert invites the user to recheck its configuration. In the case, when haproxy will start and run under a non-root user and 'cap_sys_admin' is not set, but 'namespace' keyword is presented, this patch does not change previous behaviour as well. We'll still let the user to try its configuration, but we inform via warning, that unexpected things, like socket creation errors, may occur.
2024-04-26 15:47:54 -04:00
if ((global.last_checks & (LSTCHK_NETADM|LSTCHK_SYSADM)) && getuid()) {
BUG/MINOR: init: relax LSTCHK_NETADM checks for non root Linux capabilities support and ability to preserve it for running process after switching to a global.uid was added recently by the commit bd84387beb26 ("MEDIUM: capabilities: enable support for Linux capabilities")). This new feature hasn't yet been taken into account by last config checks, which are performed at initialization stage. So, to update it, let's perform it after set_identity() call. Like this, current EUID is already changed to a global.uid and prepare_caps_for_setuid() would unset LSTCHK_NETADM flag, only if capabilities given in the 'setcap' keyword in the configuration file were preserved. Otherwise, if system doesn't support Linux capabilities or they were not set via 'setcap', we keep the previous strict behaviour: process will terminate with an alert, in order to insist that user: either needs to change run UID (worst case: start and run as root), or he needs to set/recheck capabilities listed as 'setcap' arguments. In the case, when haproxy will start and run under a non-root user this patch doesn't change the previous behaviour: we'll still let him try the configuration, but we inform via warning that unexpected things may occur. Need to be backported until v2.9, including v2.9.
2024-03-18 09:50:26 -04:00
/* If global.uid is present in config, it is already set as euid
MINOR: capabilities: add cap_sys_admin support If 'namespace' keyword is used in the backend server settings or/and in the bind string, it means that haproxy process will call setns() to change its default namespace to the configured one and then, it will create a socket in this new namespace. setns() syscall requires CAP_SYS_ADMIN capability in the process Effective set (see man 2 setns). Otherwise, the process must be run as root. To avoid to run haproxy as root, let's add cap_sys_admin capability in the same way as we already added the support for some other network capabilities. As CAP_SYS_ADMIN belongs to CAP_SYS_* capabilities type, let's add a separate flag LSTCHK_SYSADM for it. This flag is set, if the 'namespace' keyword was found during configuration parsing. The flag may be unset only in prepare_caps_for_setuid() or in prepare_caps_from_permitted_set(), which inspect process EUID/RUID and Effective and Permitted capabilities sets. If system doesn't support Linux capabilities or 'cap_sys_admin' was not set in 'setcap', but 'namespace' keyword is presented in the configuration, we keep the previous strict behaviour. Process, that has changed uid to the non-priviledged user, will terminate with alert. This alert invites the user to recheck its configuration. In the case, when haproxy will start and run under a non-root user and 'cap_sys_admin' is not set, but 'namespace' keyword is presented, this patch does not change previous behaviour as well. We'll still let the user to try its configuration, but we inform via warning, that unexpected things, like socket creation errors, may occur.
2024-04-26 15:47:54 -04:00
* and ruid by set_identity() just above, so it's better to
BUG/MINOR: init: relax LSTCHK_NETADM checks for non root Linux capabilities support and ability to preserve it for running process after switching to a global.uid was added recently by the commit bd84387beb26 ("MEDIUM: capabilities: enable support for Linux capabilities")). This new feature hasn't yet been taken into account by last config checks, which are performed at initialization stage. So, to update it, let's perform it after set_identity() call. Like this, current EUID is already changed to a global.uid and prepare_caps_for_setuid() would unset LSTCHK_NETADM flag, only if capabilities given in the 'setcap' keyword in the configuration file were preserved. Otherwise, if system doesn't support Linux capabilities or they were not set via 'setcap', we keep the previous strict behaviour: process will terminate with an alert, in order to insist that user: either needs to change run UID (worst case: start and run as root), or he needs to set/recheck capabilities listed as 'setcap' arguments. In the case, when haproxy will start and run under a non-root user this patch doesn't change the previous behaviour: we'll still let him try the configuration, but we inform via warning that unexpected things may occur. Need to be backported until v2.9, including v2.9.
2024-03-18 09:50:26 -04:00
* remind the user to fix uncoherent settings.
*/
if (global.uid) {
ha_alert("[%s.main()] Some configuration options require full "
"privileges, so global.uid cannot be changed.\n", argv[0]);
#if defined(USE_LINUX_CAP)
ha_alert("[%s.main()] Alternately, if your system supports "
"Linux capabilities, you may also consider using "
"'setcap cap_net_raw' or 'setcap cap_net_admin' in the "
"'global' section.\n", argv[0]);
#endif
protocol_unbind_all();
exit(1);
}
/* If the user is not root, we'll still let them try the configuration
* but we inform them that unexpected behaviour may occur.
*/
ha_warning("[%s.main()] Some options which require full privileges"
" might not work well.\n", argv[0]);
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* check ulimits */
limit.rlim_cur = limit.rlim_max = 0;
getrlimit(RLIMIT_NOFILE, &limit);
if (limit.rlim_cur < global.maxsock) {
MINOR: init: always fail when setrlimit fails this patch introduces a strict-limits parameter which enforces the setrlimit setting instead of a warning. This option can be forcingly disable with the "no" keyword. The general aim of this patch is to avoid bad surprises on a production environment where you change the maxconn for example, a new fd limit is calculated, but cannot be set because of sysfs setting. In that case you might want to have an explicit failure to be aware of it before seeing your traffic going down. During a global rollout it is also useful to explictly fail as most progressive rollout would simply check the general health check of the process. As discussed, plan to use the strict by default mode starting from v2.3. Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2019-10-27 15:08:11 -04:00
if (global.tune.options & GTUNE_STRICT_LIMITS) {
ha_alert("[%s.main()] FD limit (%d) too low for maxconn=%d/maxsock=%d. "
"Please raise 'ulimit-n' to %d or more to avoid any trouble.\n",
argv[0], (int)limit.rlim_cur, global.maxconn, global.maxsock,
global.maxsock);
BUG/MINOR: init: enforce strict-limits when using master-worker The strict-limits global option was introduced with commit 0fec3ab7b ("MINOR: init: always fail when setrlimit fails"). When used in conjuction with master-worker, haproxy will not fail when a setrlimit fails. This happens because we only exit() if master-worker isn't used. This patch removes all tests for master-worker mode for all cases covered by strict-limits scope. This should be backported from 2.1 onward. This should fix issue #1042. Reviewed by William Dauchy <wdauchy@gmail.com>
2021-01-12 14:19:38 -05:00
exit(1);
MINOR: init: always fail when setrlimit fails this patch introduces a strict-limits parameter which enforces the setrlimit setting instead of a warning. This option can be forcingly disable with the "no" keyword. The general aim of this patch is to avoid bad surprises on a production environment where you change the maxconn for example, a new fd limit is calculated, but cannot be set because of sysfs setting. In that case you might want to have an explicit failure to be aware of it before seeing your traffic going down. During a global rollout it is also useful to explictly fail as most progressive rollout would simply check the general health check of the process. As discussed, plan to use the strict by default mode starting from v2.3. Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2019-10-27 15:08:11 -04:00
}
else
ha_alert("[%s.main()] FD limit (%d) too low for maxconn=%d/maxsock=%d. "
MINOR: config: make strict limits enabled by default as agreed a few months ago, enable strict-limits for v2.3 update configuration manual accordingly Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2020-03-28 14:29:58 -04:00
"Please raise 'ulimit-n' to %d or more to avoid any trouble.\n",
MINOR: init: always fail when setrlimit fails this patch introduces a strict-limits parameter which enforces the setrlimit setting instead of a warning. This option can be forcingly disable with the "no" keyword. The general aim of this patch is to avoid bad surprises on a production environment where you change the maxconn for example, a new fd limit is calculated, but cannot be set because of sysfs setting. In that case you might want to have an explicit failure to be aware of it before seeing your traffic going down. During a global rollout it is also useful to explictly fail as most progressive rollout would simply check the general health check of the process. As discussed, plan to use the strict by default mode starting from v2.3. Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2019-10-27 15:08:11 -04:00
argv[0], (int)limit.rlim_cur, global.maxconn, global.maxsock,
global.maxsock);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MINOR: init: pre-allocate kernel data structures on init The Linux kernel maintains data structures to track a processes' open file descriptors, and it expands these structures as necessary when FD usage grows (at every FD=2^X starting at 64). However when threading is in use, during expansion the kernel will pause (observed up to 47ms) while it waits for thread synchronization (see https://bugzilla.kernel.org/show_bug.cgi?id=217366). This change addresses the issue and avoids the random pauses by opening the maximum file descriptor during initialization, so that expansion will not occur while processing traffic.
2023-05-23 13:02:08 -04:00
if (global.prealloc_fd && fcntl((int)limit.rlim_cur - 1, F_GETFD) == -1) {
if (dup2(0, (int)limit.rlim_cur - 1) == -1)
BUILD: init: print rlim_cur as regular integer haproxy does not compile anymore on macOS+clang since 425d7ad ("MINOR: init: pre-allocate kernel data structures on init"). This is due to rlim_cur being printed uncasted using %lu format specifier, with rlim_cur being stored as a rlim_t which is a typedef so its size may vary depending on the system's architecture. This is not the first time we need to dump rlim_cur in case of errors, there are already multiple occurences in the init code. Everywhere this happens, rlim is casted as a regular int and printed using the '%d' format specifier, so we do the same here as well to fix the build issue. No backport needed unless 425d7ad gets backported.
2023-05-26 08:04:18 -04:00
ha_warning("[%s.main()] Unable to preallocate file descriptor %d : %s",
argv[0], (int)limit.rlim_cur - 1, strerror(errno));
MINOR: init: pre-allocate kernel data structures on init The Linux kernel maintains data structures to track a processes' open file descriptors, and it expands these structures as necessary when FD usage grows (at every FD=2^X starting at 64). However when threading is in use, during expansion the kernel will pause (observed up to 47ms) while it waits for thread synchronization (see https://bugzilla.kernel.org/show_bug.cgi?id=217366). This change addresses the issue and avoids the random pauses by opening the maximum file descriptor during initialization, so that expansion will not occur while processing traffic.
2023-05-23 13:02:08 -04:00
else
close((int)limit.rlim_cur - 1);
}
MINOR: clock: measure the total boot time Some huge configs take a significant amount of time to start and this can cause some trouble (e.g. health checks getting delayed and grouped, process not responding to the CLI etc). For example, some configs might start fast in certain environments and slowly in other ones just due to the use of a wrong DNS server that delays all libc's resolutions. Let's first start by measuring it by keeping a copy of the most recently known ready date, once before calling check_config_validity() and then refine it when leaving this function. A last call is finally performed just before deciding to split between master and worker processes, and it covers the whole boot. It's trivial to collect and even allows to get rid of a call to clock_update_date() in function check_config_validity() that was used in hope to better schedule future events.
2023-05-17 03:02:21 -04:00
/* update the ready date a last time to also account for final setup time */
clock_update_date(0, 1);
BUG/MINOR: clock: automatically adjust the internal clock with the boot time This is a better and more general solution to the problem described in this commit: BUG/MINOR: checks: postpone the startup of health checks by the boot time Now we're updating the now_offset that is used to compute now_ms at the few points where we update the ready date during boot. This ensures that now_ms while being stable during all the boot process will be correct and will start with the boot value right after the boot is finished. As such the patch above is rolled back (we don't want to count the boot time twice). This must not be backported because it relies on the more flexible clock architecture in 2.8.
2023-05-16 13:19:36 -04:00
clock_adjust_now_offset();
MINOR: clock: measure the total boot time Some huge configs take a significant amount of time to start and this can cause some trouble (e.g. health checks getting delayed and grouped, process not responding to the CLI etc). For example, some configs might start fast in certain environments and slowly in other ones just due to the use of a wrong DNS server that delays all libc's resolutions. Let's first start by measuring it by keeping a copy of the most recently known ready date, once before calling check_config_validity() and then refine it when leaving this function. A last call is finally performed just before deciding to split between master and worker processes, and it covers the whole boot. It's trivial to collect and even allows to get rid of a call to clock_update_date() in function check_config_validity() that was used in hope to better schedule future events.
2023-05-17 03:02:21 -04:00
ready_date = date;
BUG/MEDIUM: startup: fix zero-warning mode Let's check the second time a global counter of "ha_warning" messages, if zero-warning is set. And let's do this just before forking. At this moment we are sure, that we've already done all init operations, where we could emit "ha_warning", and we still have stderr fd opened. Even with the second check, we could lost some late and rare warnings about failing to drop supplementary groups and about re-enabling core dumps. Notes about this are added into 'zero-warning' keyword description.
2024-07-17 12:40:41 -04:00
/* catch last warnings, which could be produced while adjusting limits
* or preallocating fds
*/
if (warned & WARN_ANY && global.mode & MODE_ZERO_WARNING) {
ha_alert("Some warnings were found and 'zero-warning' is set. Aborting.\n");
exit(1);
}
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
if (global.mode & (MODE_DAEMON | MODE_MWORKER | MODE_MWORKER_WAIT)) {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
int ret = 0;
MEDIUM: init: remove the loop over processes during init There was a loop iterating over all nbproc values during init that couldn't be immediately removed because the loop's index was used to distinguish a child from a parent. That's now fixed by replacing the iterator with an in_parent flag. All bindings that were checking (1UL << proc) or cpu_map.proc[proc] were adjusted to always use zero for proc.
2021-06-15 01:58:09 -04:00
int in_parent = 0;
MINOR: don't close stdio anymore Closing the standard IO FDs (0,1,2) can be troublesome, especially in the case of the master-worker. Instead of closing those FDs, they are now pointing to /dev/null which prevents sending debugging messages to the wrong FDs. This patch could be backported in 1.8.
2017-12-28 10:09:36 -05:00
int devnullfd = -1;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
/*
* if daemon + mworker: must fork here to let a master
* process live in background before forking children
*/
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
if ((getenv("HAPROXY_MWORKER_REEXEC") == NULL)
&& (global.mode & MODE_MWORKER)
&& (global.mode & MODE_DAEMON)) {
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
ret = fork();
if (ret < 0) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("[%s.main()] Cannot fork.\n", argv[0]);
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
protocol_unbind_all();
exit(1); /* there has been an error */
MINOR: startup: change session/process group settings Change the way the process groups are set. Indeed setsid() was called for every processes which caused the worker to have a different process group than the master. This patch behave in a better way: - In daemon mode only, each child do a setsid() - In master worker + daemon mode, the setsid() is done in the master before forking the children - In any foreground mode, we don't do a setsid() Could be backported in 1.8 but the master-worker mode is mostly used with systemd which rely on cgroups so that won't affect much people.
2018-07-04 09:31:23 -04:00
} else if (ret > 0) { /* parent leave to daemonize */
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
exit(0);
MINOR: startup: change session/process group settings Change the way the process groups are set. Indeed setsid() was called for every processes which caused the worker to have a different process group than the master. This patch behave in a better way: - In daemon mode only, each child do a setsid() - In master worker + daemon mode, the setsid() is done in the master before forking the children - In any foreground mode, we don't do a setsid() Could be backported in 1.8 but the master-worker mode is mostly used with systemd which rely on cgroups so that won't affect much people.
2018-07-04 09:31:23 -04:00
} else /* change the process group ID in the child (master process) */
setsid();
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
}
MEDIUM: mworker: workers exit when the master leaves This patch ensure that the children will exit when the master quits, even if the master didn't send any signal. The master and the workers are connected through a pipe, when the pipe closes the children leave.
2017-06-01 11:38:55 -04:00
MINOR: mworker: write parent pid in the pidfile The first pid in the pidfile is now the parent, it's more convenient for supervising the processus. You can now reload haproxy in master-worker mode with convenient command like: kill -USR2 $(head -1 /tmp/haproxy.pid)
2017-11-06 05:00:04 -05:00
/* if in master-worker mode, write the PID of the father */
if (global.mode & MODE_MWORKER) {
char pidstr[100];
BUILD: mworker: silence two printf format warnings around getpid() getpid() is documented as returning a pit pid_t result, not necessarily an int. This causes a build warning on Solaris 10 because of '%d' or '%u' are used in the format passed to snprintf(). Let's just cast the result as an int (respectively unsigned int). This can be backported to 2.0 and possibly older versions though it really has no impact.
2019-06-22 01:41:38 -04:00
snprintf(pidstr, sizeof(pidstr), "%d\n", (int)getpid());
BUG/MINOR: mworker: only write to pidfile if it exists A missing test causes a write(-1, $PID) to appear in strace output when in master-worker mode. This is totally harmless though. This fix must be backported to 1.8.
2018-01-23 13:20:19 -05:00
if (pidfd >= 0)
MINOR: use DISGUISE() everywhere we deliberately want to ignore a result It's more generic and versatile than the previous shut_your_big_mouth_gcc() that was used to silence annoying warnings as it's not limited to ignoring syscalls returns only. This allows us to get rid of the aforementioned function and the shut_your_big_mouth_gcc_int variable, that started to look ugly in multi-threaded environments.
2020-03-14 06:03:20 -04:00
DISGUISE(write(pidfd, pidstr, strlen(pidstr)));
MINOR: mworker: write parent pid in the pidfile The first pid in the pidfile is now the parent, it's more convenient for supervising the processus. You can now reload haproxy in master-worker mode with convenient command like: kill -USR2 $(head -1 /tmp/haproxy.pid)
2017-11-06 05:00:04 -05:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* the father launches the required number of processes */
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
if (!(global.mode & MODE_MWORKER_WAIT)) {
MINOR: logs: startup-logs can use a shm for logging the reload When compiled with USE_SHM_OPEN=1 the startup-logs are now able to use an shm which is used to keep the logs when switching to mworker wait mode. This allows to keep the failed reload logs. When allocating the startup-logs at first start of the process, haproxy will do a shm_open with a unique path using the PID of the process, the file is unlink immediatly so we don't let unwelcomed files be. The fd resulting from this shm is stored in the HAPROXY_STARTUPLOGS_FD environment variable so it can be mmap again when switching to wait mode. When forking children, the process is copying the mmap to a a mallocated ring so we never share the same memory section between the master and the workers. When switching to wait mode, the shm is not used anymore as it is also copied to a mallocated structure. This allow to use the "show startup-logs" command over the master CLI, to get the logs of the latest startup or reload. This way the logs of the latest failed reload are also kept. This is only activated on the linux-glibc target for now.
2022-09-26 06:54:39 -04:00
struct ring *tmp_startup_logs = NULL;
MEDIUM: mworker-prog: implement program for master-worker This patch implements the external binary support in the master worker. To configure an external process, you need to use the program section, for example: program dataplane-api command ./dataplane_api Those processes are launched at the same time as the workers. During a reload of HAProxy, those processes are dealing with the same sequence as a worker: - the master is re-executed - the master sends a USR1 signal to the program - the master launches a new instance of the program During a stop, or restart, a SIGTERM is sent to the program.
2019-04-01 05:30:02 -04:00
if (global.mode & MODE_MWORKER)
mworker_ext_launch_all();
MEDIUM: init: remove the loop over processes during init There was a loop iterating over all nbproc values during init that couldn't be immediately removed because the loop's index was used to distinguish a child from a parent. That's now fixed by replacing the iterator with an in_parent flag. All bindings that were checking (1UL << proc) or cpu_map.proc[proc] were adjusted to always use zero for proc.
2021-06-15 01:58:09 -04:00
MINOR: logs: startup-logs can use a shm for logging the reload When compiled with USE_SHM_OPEN=1 the startup-logs are now able to use an shm which is used to keep the logs when switching to mworker wait mode. This allows to keep the failed reload logs. When allocating the startup-logs at first start of the process, haproxy will do a shm_open with a unique path using the PID of the process, the file is unlink immediatly so we don't let unwelcomed files be. The fd resulting from this shm is stored in the HAPROXY_STARTUPLOGS_FD environment variable so it can be mmap again when switching to wait mode. When forking children, the process is copying the mmap to a a mallocated ring so we never share the same memory section between the master and the workers. When switching to wait mode, the shm is not used anymore as it is also copied to a mallocated structure. This allow to use the "show startup-logs" command over the master CLI, to get the logs of the latest startup or reload. This way the logs of the latest failed reload are also kept. This is only activated on the linux-glibc target for now.
2022-09-26 06:54:39 -04:00
/* at this point the worker must have his own startup_logs buffer */
tmp_startup_logs = startup_logs_dup(startup_logs);
MEDIUM: init: remove the loop over processes during init There was a loop iterating over all nbproc values during init that couldn't be immediately removed because the loop's index was used to distinguish a child from a parent. That's now fixed by replacing the iterator with an in_parent flag. All bindings that were checking (1UL << proc) or cpu_map.proc[proc] were adjusted to always use zero for proc.
2021-06-15 01:58:09 -04:00
ret = fork();
if (ret < 0) {
ha_alert("[%s.main()] Cannot fork.\n", argv[0]);
protocol_unbind_all();
exit(1); /* there has been an error */
}
else if (ret == 0) { /* child breaks here */
MINOR: logs: startup-logs can use a shm for logging the reload When compiled with USE_SHM_OPEN=1 the startup-logs are now able to use an shm which is used to keep the logs when switching to mworker wait mode. This allows to keep the failed reload logs. When allocating the startup-logs at first start of the process, haproxy will do a shm_open with a unique path using the PID of the process, the file is unlink immediatly so we don't let unwelcomed files be. The fd resulting from this shm is stored in the HAPROXY_STARTUPLOGS_FD environment variable so it can be mmap again when switching to wait mode. When forking children, the process is copying the mmap to a a mallocated ring so we never share the same memory section between the master and the workers. When switching to wait mode, the shm is not used anymore as it is also copied to a mallocated structure. This allow to use the "show startup-logs" command over the master CLI, to get the logs of the latest startup or reload. This way the logs of the latest failed reload are also kept. This is only activated on the linux-glibc target for now.
2022-09-26 06:54:39 -04:00
startup_logs_free(startup_logs);
startup_logs = tmp_startup_logs;
BUG/MINOR: mworker: do not export HAPROXY_MWORKER_REEXEC across programs This undocumented variable is only for internal use, and its sole presence affects the process' behavior, as shown in bug #1324. It must not be exported to workers, external checks, nor programs. Let's unset it before forking programs and workers. This should be backported as far as 1.8. The worker code might differ a bit before 2.5 due to the recent removal of multi-process support.
2021-07-21 04:17:02 -04:00
/* This one must not be exported, it's internal! */
unsetenv("HAPROXY_MWORKER_REEXEC");
MEDIUM: global: remove the relative_pid from global and mworker The relative_pid is always 1. In mworker mode we also have a child->relative_pid which is always equalt relative_pid, except for a master (0) or external process (-1), but these types are usually tested for, except for one place that was amended to carefully check for the PROC_O_TYPE_WORKER option. Changes were pretty limited as most usages of relative_pid were for designating a process in stats output and peers protocol.
2021-06-15 03:08:18 -04:00
ha_random_jump96(1);
MEDIUM: init: remove the loop over processes during init There was a loop iterating over all nbproc values during init that couldn't be immediately removed because the loop's index was used to distinguish a child from a parent. That's now fixed by replacing the iterator with an in_parent flag. All bindings that were checking (1UL << proc) or cpu_map.proc[proc] were adjusted to always use zero for proc.
2021-06-15 01:58:09 -04:00
}
else { /* parent here */
in_parent = 1;
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
if (pidfd >= 0 && !(global.mode & MODE_MWORKER)) {
char pidstr[100];
snprintf(pidstr, sizeof(pidstr), "%d\n", ret);
MINOR: use DISGUISE() everywhere we deliberately want to ignore a result It's more generic and versatile than the previous shut_your_big_mouth_gcc() that was used to silence annoying warnings as it's not limited to ignoring syscalls returns only. This allows us to get rid of the aforementioned function and the shut_your_big_mouth_gcc_int variable, that started to look ugly in multi-threaded environments.
2020-03-14 06:03:20 -04:00
DISGUISE(write(pidfd, pidstr, strlen(pidstr)));
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
}
if (global.mode & MODE_MWORKER) {
struct mworker_proc *child;
CLEANUP: mworker: remove any relative PID reference nbproc was removed, it's time to remove any reference to the relative PID in the master-worker, since there can be only 1 current haproxy process. This patch cleans up the alerts and warnings emitted during the exit of a process, as well as the "show proc" output.
2021-11-09 09:25:31 -05:00
ha_notice("New worker (%d) forked\n", ret);
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
/* find the right mworker_proc */
list_for_each_entry(child, &proc_list, list) {
BUG/MEDIUM: mworker: proc_self incorrectly set crashes upon reload When updating from 2.4 to 2.6, the child->reloads++ instruction changed place, resulting in a former worker from the 2.4 process, still identified as a current worker once in 2.6, because its reload counter is still 0. Unfortunately this counter is used to chose the mworker_proc structure that will be used for the new worker. What happens next, is that the mworker_proc structure of the previous process is selected, and this one has ipc_fd[1] set to -1, because this structure was supposed to be in the master. The process then forks, and mworker_sockpair_register_per_thread() tries to register ipc_fd[1] which is set to -1, instead of the fd of the new socketpair. This patch fixes the issue by checking if child->pid is equal to -1 when selecting proc_self. This way we could be sure it wasn't a previous process. Should fix issue #1785. This must be backported as far as 2.4 to fix the issue related to the reload computation difference. However backporting it in every stable branch will enforce the reload process.
2022-07-20 18:52:43 -04:00
if (child->reloads == 0 &&
child->options & PROC_O_TYPE_WORKER &&
child->pid == -1) {
BUG/MINOR: mworker: prevent incorrect values in uptime Since the recent changes on the clocks, now.tv_sec is not to be used between processes because it's a clock which is local to the process and does not contain a real unix timestamp. This patch fixes the issue by using "data.tv_sec" which is the wall clock instead of "now.tv_sec'. It prevents having incoherent timestamps. It also introduces some checks on negatives values in order to never displays a netative value if it was computed from a wrong value set by a previous haproxy version. It must be backported as far as 2.0.
2023-02-17 10:23:52 -05:00
child->timestamp = date.tv_sec;
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
child->pid = ret;
MINOR: mworker: add the HAProxy version in "show proc" Displays the HAProxy version so you can compare the version of old processes and new ones.
2019-06-12 13:11:33 -04:00
child->version = strdup(haproxy_version);
BUG/MINOR: mworker: leak of a socketpair during startup failure Aurelien Darragon found a case of leak when working on ticket #2184. When a reexec_on_failure() happens *BEFORE* protocol_bind_all(), the worker is not fork and the mworker_proc struct is still there with its 2 socketpairs. The socketpair that is supposed to be in the master is already closed in mworker_cleanup_proc(), the one for the worker was suppposed to be cleaned up in mworker_cleanlisteners(). However, since the fd is not bound during this failure, the fd is never closed. This patch fixes the problem by setting the fd to -1 in the mworker_proc after the fork, so we ensure that this it won't be close if everything was done right, and then we try to close it in mworker_cleanup_proc() when it's not set to -1. This could be triggered with the script in ticket #2184 and a `ulimit -H -n 300`. This will fail before the protocol_bind_all() when trying to increase the nofile setrlimit. In recent version of haproxy, there is a BUG_ON() in fd_insert() that could be triggered by this bug because of the global.maxsock check. Must be backported as far as 2.6. The problem could exist in previous version but the code is different and this won't be triggered easily without other consequences in the master.
2023-06-21 03:44:18 -04:00
/* at this step the fd is bound for the worker, set it to -1 so
* it could be close in case of errors in mworker_cleanup_proc() */
child->ipc_fd[1] = -1;
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
break;
}
MEDIUM: mworker: each worker socketpair is a CLI listener The init code of the mworker_proc structs has been moved before the init of the listeners. Each socketpair is now connected to a CLI within the workers, which allows the master to access their CLI. The inherited flag of the worker side socketpair is removed so the socket can be closed in the master.
2018-10-26 08:47:30 -04:00
}
}
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
}
MEDIUM: init: remove the loop over processes during init There was a loop iterating over all nbproc values during init that couldn't be immediately removed because the loop's index was used to distinguish a child from a parent. That's now fixed by replacing the iterator with an in_parent flag. All bindings that were checking (1UL << proc) or cpu_map.proc[proc] were adjusted to always use zero for proc.
2021-06-15 01:58:09 -04:00
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
} else {
/* wait mode */
MEDIUM: init: remove the loop over processes during init There was a loop iterating over all nbproc values during init that couldn't be immediately removed because the loop's index was used to distinguish a child from a parent. That's now fixed by replacing the iterator with an in_parent flag. All bindings that were checking (1UL << proc) or cpu_map.proc[proc] were adjusted to always use zero for proc.
2021-06-15 01:58:09 -04:00
in_parent = 1;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MEDIUM: global: add support for CPU binding on Linux ("cpu-map") The new "cpu-map" directive allows one to assign the CPU sets that a process is allowed to bind to. This is useful in combination with the "nbproc" and "bind-process" directives. The support is implicit on Linux 2.6.28 and above.
2012-11-16 10:12:27 -05:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* close the pidfile both in children and father */
BUG/MEDIUM: workaround an eglibc bug which truncates the pidfiles when nbproc > 1 Thomas Heil reported that when using nbproc > 1, his pidfiles were regularly truncated. The issue could be tracked down to the presence of a call to lseek(pidfile, 0, SEEK_SET) just before the close() call in the children, resulting in the file being truncated by the children while the parent was feeding it. This unexpected lseek() is transparently performed by fclose(). Since there is no way to have the file automatically closed during the fork, the only solution is to bypass the libc and use open/write/close instead of fprintf() and fclose(). The issue was observed on eglibc 2.15.
2012-09-05 02:02:48 -04:00
if (pidfd >= 0) {
//lseek(pidfd, 0, SEEK_SET); /* debug: emulate eglibc bug */
close(pidfd);
}
[MINOR] startup: release unused structs after forking Don't keep the old pid list or chroot place after startup, they won't be used anymore.
2010-08-25 06:49:05 -04:00
/* We won't ever use this anymore */
CLEANUP: tree-wide: replace free(x);x=NULL with ha_free(&x) This makes the code more readable and less prone to copy-paste errors. In addition, it allows to place some __builtin_constant_p() predicates to trigger a link-time error in case the compiler knows that the freed area is constant. It will also produce compile-time error if trying to free something that is not a regular pointer (e.g. a function). The DEBUG_MEM_STATS macro now also defines an instance for ha_free() so that all these calls can be checked. 178 occurrences were converted. The vast majority of them were handled by the following Coccinelle script, some slightly refined to better deal with "&*x" or with long lines: @ rule @ expression E; @@ - free(E); - E = NULL; + ha_free(&E); It was verified that the resulting code is the same, more or less a handful of cases where the compiler optimized slightly differently the temporary variable that holds the copy of the pointer. A non-negligible amount of {free(str);str=NULL;str_len=0;} are still present in the config part (mostly header names in proxies). These ones should also be cleaned for the same reasons, and probably be turned into ist strings.
2021-02-20 04:46:51 -05:00
ha_free(&global.pidfile);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: init: remove the loop over processes during init There was a loop iterating over all nbproc values during init that couldn't be immediately removed because the loop's index was used to distinguish a child from a parent. That's now fixed by replacing the iterator with an in_parent flag. All bindings that were checking (1UL << proc) or cpu_map.proc[proc] were adjusted to always use zero for proc.
2021-06-15 01:58:09 -04:00
if (in_parent) {
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
if (global.mode & (MODE_MWORKER|MODE_MWORKER_WAIT)) {
MEDIUM: mworker: reexec in waitpid mode after successful loading Use the waitpid mode after successfully loading the configuration, this way the memory will be freed in the master, and will preserve the memory. This will be useful when doing a reload with a configuration which has large maps or a lot of SSL certificates, avoiding an OOM because too much memory was allocated in the master.
2021-11-09 12:01:22 -05:00
master = 1;
BUG/MINOR: mworker: detach from tty when in daemon mode This allows a calling script to show the first startup output and know when to stop reading from stdout so haproxy can daemonize. To be backpored to 1.8.
2017-11-28 17:26:08 -05:00
if ((!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)) &&
(global.mode & MODE_DAEMON)) {
/* detach from the tty, this is required to properly daemonize. */
MINOR: don't close stdio anymore Closing the standard IO FDs (0,1,2) can be troublesome, especially in the case of the master-worker. Instead of closing those FDs, they are now pointing to /dev/null which prevents sending debugging messages to the wrong FDs. This patch could be backported in 1.8.
2017-12-28 10:09:36 -05:00
if ((getenv("HAPROXY_MWORKER_REEXEC") == NULL))
stdio_quiet(-1);
BUG/MINOR: mworker: detach from tty when in daemon mode This allows a calling script to show the first startup output and know when to stop reading from stdout so haproxy can daemonize. To be backpored to 1.8.
2017-11-28 17:26:08 -05:00
global.mode &= ~MODE_VERBOSE;
global.mode |= MODE_QUIET; /* ensure that we won't say anything from now */
}
MEDIUM: mworker: reexec in waitpid mode after successful loading Use the waitpid mode after successfully loading the configuration, this way the memory will be freed in the master, and will preserve the memory. This will be useful when doing a reload with a configuration which has large maps or a lot of SSL certificates, avoiding an OOM because too much memory was allocated in the master.
2021-11-09 12:01:22 -05:00
if (global.mode & MODE_MWORKER_WAIT) {
/* only the wait mode handles the master CLI */
mworker_loop();
} else {
MEDIUM: mworker/systemd: send STATUS over sd_notify The sd_notify API is not able to change the "Active:" line in "systemcl status". However a message can still be displayed on a "Status: " line, even if the service is still green and "active (running)". When startup succeed the Status will be set to "Ready.", upon a reload it will be set to "Reloading Configuration." If the configuration succeed "Ready." again. However if the reload failed, it will be set to "Reload failed!". Keep in mind that the "Active:" line won't change upon a reload failure, and will still be green.
2022-07-07 08:00:36 -04:00
#if defined(USE_SYSTEMD)
if (global.tune.options & GTUNE_USE_SYSTEMD)
sd_notifyf(0, "READY=1\nMAINPID=%lu\nSTATUS=Ready.\n", (unsigned long)getpid());
#endif
MEDIUM: mworker: reexec in waitpid mode after successful loading Use the waitpid mode after successfully loading the configuration, this way the memory will be freed in the master, and will preserve the memory. This will be useful when doing a reload with a configuration which has large maps or a lot of SSL certificates, avoiding an OOM because too much memory was allocated in the master.
2021-11-09 12:01:22 -05:00
/* if not in wait mode, reload in wait mode to free the memory */
MINOR: mworker: store and shows loading status The environment variable HAPROXY_LOAD_SUCCESS stores "1" if it successfully load the configuration and started, "0" otherwise. The "_loadstatus" master CLI command displays either "Loading failure!\n" or "Loading success.\n"
2022-09-24 09:44:42 -04:00
setenv("HAPROXY_LOAD_SUCCESS", "1", 1);
MINOR: mworker: clarify starting/failure messages Clarify the startup and reload messages: On a successful configuration load, haproxy will emit "Loading success." after successfuly forked the children. When it didn't success to load the configuration it will emit "Loading failure!". When trying to reload the master process, it will emit "Reloading HAProxy".
2021-11-09 12:16:47 -05:00
ha_notice("Loading success.\n");
MINOR: mworker: implement a reload failure counter Implement a reload failure counter which counts the number of failure since the last success. This counter is available in 'show proc' over the master CLI.
2021-11-10 04:49:06 -05:00
proc_self->failedreloads = 0; /* reset the number of failure */
MEDIUM: mworker: reexec in waitpid mode after successful loading Use the waitpid mode after successfully loading the configuration, this way the memory will be freed in the master, and will preserve the memory. This will be useful when doing a reload with a configuration which has large maps or a lot of SSL certificates, avoiding an OOM because too much memory was allocated in the master.
2021-11-09 12:01:22 -05:00
mworker_reexec_waitmode();
}
BUG/MEDIUM: misplaced exit and wrong exit code Commit cb11fd2 ("MEDIUM: mworker: wait mode on reload failure") introduced a regression, when HAProxy is used in daemon mode, it exits 1 after forking its children. HAProxy should exit(0), the exit(EXIT_FAILURE) was expected to be use when the master fail in master-worker mode. Thanks to Emmanuel Hocdet for reporting this bug. No backport needed.
2017-06-07 09:04:47 -04:00
/* should never get there */
exit(EXIT_FAILURE);
MEDIUM: init: don't stop proxies in parent process when exiting That's pointless, and that's confusing when debugging.
2015-05-01 11:01:08 -04:00
}
BUG/MEDIUM: build without openssl broken The commit 872f9c213 ("MEDIUM: ssl: add basic support for OpenSSL crypto engine") broke the build without openssl support. The ssl_free_dh() function is not defined when USE_OPENSSL is not defined and leads to a compilation failure.
2017-06-08 13:05:48 -04:00
#if defined(USE_OPENSSL) && !defined(OPENSSL_NO_DH)
MEDIUM: ssl: add basic support for OpenSSL crypto engine This patch adds the global 'ssl-engine' keyword. First arg is an engine identifier followed by a list of default_algorithms the engine will operate. If the openssl version is too old, an error is reported when the option is used.
2017-01-20 20:10:18 -05:00
ssl_free_dh();
#endif
BUG/MEDIUM: misplaced exit and wrong exit code Commit cb11fd2 ("MEDIUM: mworker: wait mode on reload failure") introduced a regression, when HAProxy is used in daemon mode, it exits 1 after forking its children. HAProxy should exit(0), the exit(EXIT_FAILURE) was expected to be use when the master fail in master-worker mode. Thanks to Emmanuel Hocdet for reporting this bug. No backport needed.
2017-06-07 09:04:47 -04:00
exit(0); /* parent must leave */
MEDIUM: init: don't stop proxies in parent process when exiting That's pointless, and that's confusing when debugging.
2015-05-01 11:01:08 -04:00
}
MEDIUM: mworker: wait mode on reload failure In Master Worker mode, when the reloading of the configuration fail, the process is exiting leaving the children without their father. To handle this, we register an exit function with atexit(3), which is reexecuting the binary in a special mode. This particular mode of HAProxy don't reload the configuration, it only loops on wait().
2017-06-01 11:38:52 -04:00
/* child must never use the atexit function */
atexit_flag = 0;
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
/* close useless master sockets */
if (global.mode & MODE_MWORKER) {
struct mworker_proc *child, *it;
master = 0;
MEDIUM: mworker: stop the master proxy in the workers The master proxy which handles the CLI should not be used or shown in the stats of the workers. This proxy is now disabled after the fork.
2018-10-26 08:47:45 -04:00
mworker_cli_proxy_stop();
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
/* free proc struct of other processes */
list_for_each_entry_safe(child, it, &proc_list, list) {
MEDIUM: mworker: each worker socketpair is a CLI listener The init code of the mworker_proc structs has been moved before the init of the listeners. Each socketpair is now connected to a CLI within the workers, which allows the master to access their CLI. The inherited flag of the worker side socketpair is removed so the socket can be closed in the master.
2018-10-26 08:47:30 -04:00
/* close the FD of the master side for all
* workers, we don't need to close the worker
* side of other workers since it's done with
* the bind_proc */
MINOR: mworker: set the master side of ipc_fd in the worker to -1 Once the child->ipc_fd[0] is closed in the worker, set the value to -1 so we don't reference a closed FD anymore.
2022-01-28 15:56:24 -05:00
if (child->ipc_fd[0] >= 0) {
BUG/MINOR: mworker: Do not attempt to close(2) fd -1 Valgrind reports: ==3389== Warning: invalid file descriptor -1 in syscall close() Check for >= 0 before closing. This bug was introduced in commit ce83b4a5dd48c000dec68f9d551945d21e9ac7ac and is specific to 1.9. No backport needed.
2018-11-25 14:03:39 -05:00
close(child->ipc_fd[0]);
MINOR: mworker: set the master side of ipc_fd in the worker to -1 Once the child->ipc_fd[0] is closed in the worker, set the value to -1 so we don't reference a closed FD anymore.
2022-01-28 15:56:24 -05:00
child->ipc_fd[0] = -1;
}
MEDIUM: global: remove the relative_pid from global and mworker The relative_pid is always 1. In mworker mode we also have a child->relative_pid which is always equalt relative_pid, except for a master (0) or external process (-1), but these types are usually tested for, except for one place that was amended to carefully check for the PROC_O_TYPE_WORKER option. Changes were pretty limited as most usages of relative_pid were for designating a process in stats output and peers protocol.
2021-06-15 03:08:18 -04:00
if (child->options & PROC_O_TYPE_WORKER &&
BUG/MEDIUM: mworker: proc_self incorrectly set crashes upon reload When updating from 2.4 to 2.6, the child->reloads++ instruction changed place, resulting in a former worker from the 2.4 process, still identified as a current worker once in 2.6, because its reload counter is still 0. Unfortunately this counter is used to chose the mworker_proc structure that will be used for the new worker. What happens next, is that the mworker_proc structure of the previous process is selected, and this one has ipc_fd[1] set to -1, because this structure was supposed to be in the master. The process then forks, and mworker_sockpair_register_per_thread() tries to register ipc_fd[1] which is set to -1, instead of the fd of the new socketpair. This patch fixes the issue by checking if child->pid is equal to -1 when selecting proc_self. This way we could be sure it wasn't a previous process. Should fix issue #1785. This must be backported as far as 2.4 to fix the issue related to the reload computation difference. However backporting it in every stable branch will enforce the reload process.
2022-07-20 18:52:43 -04:00
child->reloads == 0 &&
child->pid == -1) {
MEDIUM: mworker: each worker socketpair is a CLI listener The init code of the mworker_proc structs has been moved before the init of the listeners. Each socketpair is now connected to a CLI within the workers, which allows the master to access their CLI. The inherited flag of the worker side socketpair is removed so the socket can be closed in the master.
2018-10-26 08:47:30 -04:00
/* keep this struct if this is our pid */
proc_self = child;
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
continue;
MEDIUM: mworker: each worker socketpair is a CLI listener The init code of the mworker_proc structs has been moved before the init of the listeners. Each socketpair is now connected to a CLI within the workers, which allows the master to access their CLI. The inherited flag of the worker side socketpair is removed so the socket can be closed in the master.
2018-10-26 08:47:30 -04:00
}
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_DELETE(&child->list);
BUG/MINOR: mworker: Fix memory leak of mworker_proc members The struct mworker_proc is not uniformly freed everywhere, sometimes leading to leaks of the `id` string (and possibly the other strings). Introduce a mworker_free_child function instead of duplicating the freeing logic everywhere to prevent this kind of issues. This leak was reported in issue #96. It looks like the leaks have been introduced in commit 9a1ee7ac31c56fd7d881adf2ef4659f336e50c9f, which is specific to 2.0-dev. Backporting `mworker_free_child` might be helpful to ease backporting other fixes, though.
2019-05-16 14:23:22 -04:00
mworker_free_child(child);
child = NULL;
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
}
}
BUG/MEDIUM: threads/mworker: fix a race on startup Marc Fournier reported an interesting case when using threads with the master-worker mode : sometimes, a listener would have its FD closed during startup. Sometimes it could even be health checks seeing this. What happens is that after the threads are created, and the pollers enabled on each threads, the master-worker pipe is registered, and at the same time a close() is performed on the write side of this pipe since the children must not use it. But since this is replicated in every thread, what happens is that the first thread closes the pipe, thus releases the FD, and the next thread starting a listener in parallel gets this FD reassigned. Then another thread closes the FD again, which this time corresponds to the listener. It can also happen with the health check sockets if they're started early enough. This patch splits the mworker_pipe_register() function in two, so that the close() of the write side of the FD is performed very early after the fork() and long before threads are created (we don't need to delay it anyway). Only the pipe registration is done in the threaded code since it is important that the pollers are properly allocated for this. The mworker_pipe_register() function now takes care of registering the pipe only once, and this is guaranteed by a new surrounding lock. The call to protocol_enable_all() looks fragile in theory since it scans the list of proxies and their listeners, though in practice all threads scan the same list and take the same locks for each listener so it's not possible that any of them escapes the process and finishes before all listeners are started. And the operation is idempotent. This fix must be backported to 1.8. Thanks to Marc for providing very detailed traces clearly showing the problem.
2018-01-23 13:01:49 -05:00
MINOR: don't close stdio anymore Closing the standard IO FDs (0,1,2) can be troublesome, especially in the case of the master-worker. Instead of closing those FDs, they are now pointing to /dev/null which prevents sending debugging messages to the wrong FDs. This patch could be backported in 1.8.
2017-12-28 10:09:36 -05:00
if (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)) {
devnullfd = open("/dev/null", O_RDWR, 0);
if (devnullfd < 0) {
ha_alert("Cannot open /dev/null\n");
exit(EXIT_FAILURE);
}
}
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
/* Must chroot and setgid/setuid in the children */
/* chroot if needed */
if (global.chroot != NULL) {
if (chroot(global.chroot) == -1 || chdir("/") == -1) {
BUG/MINOR: mworker: fix typo in chroot error message Since its introduction in 1.8 with commit 095ba4c24 ("MEDIUM: mworker: replace systemd mode by master worker mode"), it says "cannot chroot1(...)" which seems to be a leftover of a debug message. It could be backported but probably nobody will notice.
2021-06-15 02:59:19 -04:00
ha_alert("[%s.main()] Cannot chroot(%s).\n", argv[0], global.chroot);
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
if (nb_oldpids)
tell_old_pids(SIGTTIN);
protocol_unbind_all();
exit(1);
}
}
CLEANUP: tree-wide: replace free(x);x=NULL with ha_free(&x) This makes the code more readable and less prone to copy-paste errors. In addition, it allows to place some __builtin_constant_p() predicates to trigger a link-time error in case the compiler knows that the freed area is constant. It will also produce compile-time error if trying to free something that is not a regular pointer (e.g. a function). The DEBUG_MEM_STATS macro now also defines an instance for ha_free() so that all these calls can be checked. 178 occurrences were converted. The vast majority of them were handled by the following Coccinelle script, some slightly refined to better deal with "&*x" or with long lines: @ rule @ expression E; @@ - free(E); - E = NULL; + ha_free(&E); It was verified that the resulting code is the same, more or less a handful of cases where the compiler optimized slightly differently the temporary variable that holds the copy of the pointer. A non-negligible amount of {free(str);str=NULL;str_len=0;} are still present in the config part (mostly header names in proxies). These ones should also be cleaned for the same reasons, and probably be turned into ist strings.
2021-02-20 04:46:51 -05:00
ha_free(&global.chroot);
MINOR: init: avoid code duplication while setting identify since the introduction of mworker, the setuid/setgid was duplicated in two places; try to improve that by creating a dedicated function. this patch does not introduce any functional change. Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2019-11-17 09:47:16 -05:00
set_identity(argv[0]);
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
MINOR: mworker: only close std{in,out,err} in daemon mode This allows to output messages when we are not in daemon mode which is useful to use log stdout in master worker mode.
2018-11-13 10:18:23 -05:00
/*
* This is only done in daemon mode because we might want the
* logs on stdout in mworker mode. If we're NOT in QUIET mode,
* we should now close the 3 first FDs to ensure that we can
* detach from the TTY. We MUST NOT do it in other cases since
* it would have already be done, and 0-2 would have been
* affected to listening sockets
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
*/
MINOR: mworker: only close std{in,out,err} in daemon mode This allows to output messages when we are not in daemon mode which is useful to use log stdout in master worker mode.
2018-11-13 10:18:23 -05:00
if ((global.mode & MODE_DAEMON) &&
(!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE))) {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* detach from the tty */
MINOR: don't close stdio anymore Closing the standard IO FDs (0,1,2) can be troublesome, especially in the case of the master-worker. Instead of closing those FDs, they are now pointing to /dev/null which prevents sending debugging messages to the wrong FDs. This patch could be backported in 1.8.
2017-12-28 10:09:36 -05:00
stdio_quiet(devnullfd);
[BUG] critical errors should be reported even in daemon mode Josh Goebel reported that haproxy silently dies when it fails to chroot. In fact, it does so when in daemon mode, because daemon mode has been disabling output for ages. Since the code has been reworked, this could have been changed because there is no reason for this anymore, hence this patch. (cherry picked from commit 304d6fb00fe32fca1bd932a301d4afb7d54c92bc) (cherry picked from commit 50b7f7f12c67322c793f50a6be009f0fd0eec1bb)
2008-11-16 01:40:34 -05:00
global.mode &= ~MODE_VERBOSE;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
global.mode |= MODE_QUIET; /* ensure that we won't say anything from now */
}
pid = getpid(); /* update child's pid */
MINOR: startup: change session/process group settings Change the way the process groups are set. Indeed setsid() was called for every processes which caused the worker to have a different process group than the master. This patch behave in a better way: - In daemon mode only, each child do a setsid() - In master worker + daemon mode, the setsid() is done in the master before forking the children - In any foreground mode, we don't do a setsid() Could be backported in 1.8 but the master-worker mode is mostly used with systemd which rely on cgroups so that won't affect much people.
2018-07-04 09:31:23 -04:00
if (!(global.mode & MODE_MWORKER)) /* in mworker mode we don't want a new pgid for the children */
setsid();
[MAJOR] delay registering of listener sockets at startup Some pollers such as kqueue lose their FD across fork(), meaning that the registered file descriptors are lost too. Now when the proxies are started by start_proxies(), the file descriptors are not registered yet, leaving enough time for the fork() to take place and to get a new pollfd. It will be the first call to maintain_proxies that will register them.
2007-04-09 13:29:56 -04:00
fork_poller();
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
BUG/MINOR: startup: set GTUNE_SOCKET_TRANSFER correctly This bug was forbidding the GTUNE_SOCKET_TRANSFER option to be set when haproxy is neither in daemon mode nor in mworker mode. So it basically only impacts the foreground mode. The fix moves the code outside the 'if (global.mode & (MODE_DAEMON | MODE_MWORKER | MODE_MWORKER_WAIT))' condition. Bug was introduced with 7f80eb23 ("MEDIUM: proxy: zombify proxies only when the expose-fd socket is bound"). Must be backported in every stable version.
2023-11-20 04:49:05 -05:00
/* pass through every cli socket, and check if it's bound to
* the current process and if it exposes listeners sockets.
* Caution: the GTUNE_SOCKET_TRANSFER is now set after the fork.
* */
if (global.cli_fe) {
struct bind_conf *bind_conf;
list_for_each_entry(bind_conf, &global.cli_fe->conf.bind, by_fe) {
if (bind_conf->level & ACCESS_FD_LISTENERS) {
global.tune.options |= GTUNE_SOCKET_TRANSFER;
break;
}
}
}
BUG/MINOR: init: set process' affinity even in foreground The per-process CPU affinity settings are only applied during forking, which means that cpu-map are ignored when running in foreground (e.g. haproxy started with -db). This is historic due to the original semantics of a process array, but isn't documented and causes surprises when trying to debug affinity settings. Let's make sure the setting is applied to the workers themselves even in foreground. This may be backported to 2.6 though it is really not important. If backported, it also depends on previous commit: BUG/MINOR: cpuset: remove the bogus "proc" from the cpu_map struct
2023-07-19 12:39:32 -04:00
/* Note that here we can't be in the parent/master anymore */
#if !defined(USE_THREAD) && defined(USE_CPU_AFFINITY)
if (ha_cpuset_count(&cpu_map[0].thread[0])) { /* only do this if the process has a CPU map */
#if defined(CPUSET_USE_CPUSET) || defined(__DragonFly__)
struct hap_cpuset *set = &cpu_map[0].thread[0];
sched_setaffinity(0, sizeof(set->cpuset), &set->cpuset);
#elif defined(__FreeBSD__)
struct hap_cpuset *set = &cpu_map[0].thread[0];
ret = cpuset_setaffinity(CPU_LEVEL_WHICH, CPU_WHICH_PID, -1, sizeof(set->cpuset), &set->cpuset);
#endif
}
#endif
BUG/MINOR: init: fix set-dumpable when using uid/gid in mworker mode used with uid/gid settings, it was not possible to get a coredump despite the set-dumpable option. indeed prctl(2) manual page specifies the dumpable attribute is reverted to `/proc/sys/fs/suid_dumpable` in a few conditions such as process effective user and group are changed. this patch moves the whole set-dumpable logic before the polling code in order to catch all possible cases where we could have changed the uid/gid. It however does not cover the possible segfault at startup. this patch should be backported in 2.0. Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2019-11-17 09:47:15 -05:00
/* try our best to re-enable core dumps depending on system capabilities.
* What is addressed here :
* - remove file size limits
* - remove core size limits
* - mark the process dumpable again if it lost it due to user/group
*/
if (global.tune.options & GTUNE_SET_DUMPABLE) {
limit.rlim_cur = limit.rlim_max = RLIM_INFINITY;
#if defined(RLIMIT_FSIZE)
if (setrlimit(RLIMIT_FSIZE, &limit) == -1) {
if (global.tune.options & GTUNE_STRICT_LIMITS) {
ha_alert("[%s.main()] Failed to set the raise the maximum "
"file size.\n", argv[0]);
BUG/MINOR: init: enforce strict-limits when using master-worker The strict-limits global option was introduced with commit 0fec3ab7b ("MINOR: init: always fail when setrlimit fails"). When used in conjuction with master-worker, haproxy will not fail when a setrlimit fails. This happens because we only exit() if master-worker isn't used. This patch removes all tests for master-worker mode for all cases covered by strict-limits scope. This should be backported from 2.1 onward. This should fix issue #1042. Reviewed by William Dauchy <wdauchy@gmail.com>
2021-01-12 14:19:38 -05:00
exit(1);
BUG/MINOR: init: fix set-dumpable when using uid/gid in mworker mode used with uid/gid settings, it was not possible to get a coredump despite the set-dumpable option. indeed prctl(2) manual page specifies the dumpable attribute is reverted to `/proc/sys/fs/suid_dumpable` in a few conditions such as process effective user and group are changed. this patch moves the whole set-dumpable logic before the polling code in order to catch all possible cases where we could have changed the uid/gid. It however does not cover the possible segfault at startup. this patch should be backported in 2.0. Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2019-11-17 09:47:15 -05:00
}
else
ha_warning("[%s.main()] Failed to set the raise the maximum "
MINOR: config: make strict limits enabled by default as agreed a few months ago, enable strict-limits for v2.3 update configuration manual accordingly Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2020-03-28 14:29:58 -04:00
"file size.\n", argv[0]);
BUG/MINOR: init: fix set-dumpable when using uid/gid in mworker mode used with uid/gid settings, it was not possible to get a coredump despite the set-dumpable option. indeed prctl(2) manual page specifies the dumpable attribute is reverted to `/proc/sys/fs/suid_dumpable` in a few conditions such as process effective user and group are changed. this patch moves the whole set-dumpable logic before the polling code in order to catch all possible cases where we could have changed the uid/gid. It however does not cover the possible segfault at startup. this patch should be backported in 2.0. Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2019-11-17 09:47:15 -05:00
}
#endif
#if defined(RLIMIT_CORE)
if (setrlimit(RLIMIT_CORE, &limit) == -1) {
if (global.tune.options & GTUNE_STRICT_LIMITS) {
ha_alert("[%s.main()] Failed to set the raise the core "
"dump size.\n", argv[0]);
BUG/MINOR: init: enforce strict-limits when using master-worker The strict-limits global option was introduced with commit 0fec3ab7b ("MINOR: init: always fail when setrlimit fails"). When used in conjuction with master-worker, haproxy will not fail when a setrlimit fails. This happens because we only exit() if master-worker isn't used. This patch removes all tests for master-worker mode for all cases covered by strict-limits scope. This should be backported from 2.1 onward. This should fix issue #1042. Reviewed by William Dauchy <wdauchy@gmail.com>
2021-01-12 14:19:38 -05:00
exit(1);
BUG/MINOR: init: fix set-dumpable when using uid/gid in mworker mode used with uid/gid settings, it was not possible to get a coredump despite the set-dumpable option. indeed prctl(2) manual page specifies the dumpable attribute is reverted to `/proc/sys/fs/suid_dumpable` in a few conditions such as process effective user and group are changed. this patch moves the whole set-dumpable logic before the polling code in order to catch all possible cases where we could have changed the uid/gid. It however does not cover the possible segfault at startup. this patch should be backported in 2.0. Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2019-11-17 09:47:15 -05:00
}
else
ha_warning("[%s.main()] Failed to set the raise the core "
MINOR: config: make strict limits enabled by default as agreed a few months ago, enable strict-limits for v2.3 update configuration manual accordingly Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2020-03-28 14:29:58 -04:00
"dump size.\n", argv[0]);
BUG/MINOR: init: fix set-dumpable when using uid/gid in mworker mode used with uid/gid settings, it was not possible to get a coredump despite the set-dumpable option. indeed prctl(2) manual page specifies the dumpable attribute is reverted to `/proc/sys/fs/suid_dumpable` in a few conditions such as process effective user and group are changed. this patch moves the whole set-dumpable logic before the polling code in order to catch all possible cases where we could have changed the uid/gid. It however does not cover the possible segfault at startup. this patch should be backported in 2.0. Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2019-11-17 09:47:15 -05:00
}
#endif
#if defined(USE_PRCTL)
if (prctl(PR_SET_DUMPABLE, 1, 0, 0, 0) == -1)
ha_warning("[%s.main()] Failed to set the dumpable flag, "
"no core will be dumped.\n", argv[0]);
MINOR: proc: setting the process to produce a core dump on FreeBSD. using the procctl api to set the current process as traceable, thus being able to produce a core dump as well. making it as compile option if not wished or using freebsd prior to 11.x (last no EOL release).
2021-08-21 04:13:10 -04:00
#elif defined(USE_PROCCTL)
BUILD: init: avoid a build warning on FreeBSD with USE_PROCCTL It was brought by a variable declared after some statements in commit 21185970c ("MINOR: proc: setting the process to produce a core dump on FreeBSD."). It's worth noting that some versions of clang seem to ignore -Wdeclaration-after-statement by default. No backport is needed.
2021-10-08 09:55:13 -04:00
{
int traceable = PROC_TRACE_CTL_ENABLE;
if (procctl(P_PID, getpid(), PROC_TRACE_CTL, &traceable) == -1)
ha_warning("[%s.main()] Failed to set the traceable flag, "
"no core will be dumped.\n", argv[0]);
}
BUG/MINOR: init: fix set-dumpable when using uid/gid in mworker mode used with uid/gid settings, it was not possible to get a coredump despite the set-dumpable option. indeed prctl(2) manual page specifies the dumpable attribute is reverted to `/proc/sys/fs/suid_dumpable` in a few conditions such as process effective user and group are changed. this patch moves the whole set-dumpable logic before the polling code in order to catch all possible cases where we could have changed the uid/gid. It however does not cover the possible segfault at startup. this patch should be backported in 2.0. Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2019-11-17 09:47:15 -05:00
#endif
}
MINOR: startup: Extend the scope the MODE_STARTING flag Now, MODE_STARTING is set at the begining to init function and it is removed just before the polling loop. So more alerts or warnings are saved.
2017-10-24 07:53:54 -04:00
global.mode &= ~MODE_STARTING;
MEDIUM: errors: implement parsing context type Create a parsing_ctx structure. This type is used to store information about the current file/line parsed. A global context is created and can be manipulated when haproxy is in STARTING mode. When starting is over, the context is resetted and should not be accessed anymore.
2021-05-27 09:45:28 -04:00
reset_usermsgs_ctx();
MINOR: init: extract the setup and end of threads to their own functions The startup code was still ugly with tons of unreadable nested ifdefs. Let's just have one function to set up the extra threads and another one to wait for their completion. The ifdefs are isolated into their own functions now and are more readable, just like the end of main(), which now uses the same statements to start thread 0 with and without threads.
2021-09-28 04:36:57 -04:00
/* start threads 2 and above */
REORG: thread: move the thread init/affinity/stop to thread.c haproxy.c still has to deal with pthread-specific low-level stuff that is OS-dependent. We should not have to deal with this there, and we do not need to access pthread anywhere else. Let's move these 3 functions to thread.c and keep empty inline ones for when threads are disabled.
2021-10-06 16:22:40 -04:00
setup_extra_threads(&run_thread_poll_loop);
BUG/MEDIUM: threads: handle signal queue only in thread 0 Signals were handled in all threads which caused some signals to be lost from time to time. To avoid complicated lock system (threads+signals), we prefer handling the signals in one thread avoiding concurrent access. The side effect of this bug was that some process were not leaving from time to time during a reload. This patch must be backported in 1.8.
2018-06-07 03:46:01 -04:00
MINOR: init: extract the setup and end of threads to their own functions The startup code was still ugly with tons of unreadable nested ifdefs. Let's just have one function to set up the extra threads and another one to wait for their completion. The ifdefs are isolated into their own functions now and are more readable, just like the end of main(), which now uses the same statements to start thread 0 with and without threads.
2021-09-28 04:36:57 -04:00
/* when multithreading we need to let only the thread 0 handle the signals */
MEDIUM: startup: unify signal init between daemon and mworker mode The signals are now unblocked only once the configuration have been parsed.
2018-09-11 04:06:23 -04:00
haproxy_unblock_signals();
MINOR: init: extract the setup and end of threads to their own functions The startup code was still ugly with tons of unreadable nested ifdefs. Let's just have one function to set up the extra threads and another one to wait for their completion. The ifdefs are isolated into their own functions now and are more readable, just like the end of main(), which now uses the same statements to start thread 0 with and without threads.
2021-09-28 04:36:57 -04:00
/* Finally, start the poll loop for the first thread */
MEDIUM: threads: replace ha_set_tid() with ha_set_thread() ha_set_tid() was randomly used either to explicitly set thread 0 or to set any possibly incomplete thread during boot. Let's replace it with a pointer to a valid thread or NULL for any thread. This allows us to check that the designated threads are always valid, and to ignore the thread 0's mapping when setting it to NULL, and always use group 0 with it during boot. The initialization code is also cleaner, as we don't pass ugly casts of a thread ID to a pointer anymore.
2021-09-28 03:43:11 -04:00
run_thread_poll_loop(&ha_thread_info[0]);
MINOR: init: extract the setup and end of threads to their own functions The startup code was still ugly with tons of unreadable nested ifdefs. Let's just have one function to set up the extra threads and another one to wait for their completion. The ifdefs are isolated into their own functions now and are more readable, just like the end of main(), which now uses the same statements to start thread 0 with and without threads.
2021-09-28 04:36:57 -04:00
/* wait for all threads to terminate */
wait_for_threads_completion();
MINOR: threads: Add thread-map config parameter in the global section By default, no affinity is set for threads. To bind threads on CPU, you must define a "thread-map" in the global section. The format is the same than the "cpu-map" parameter, with a small difference. The process number must be defined, with the same format than cpu-map ("all", "even", "odd" or a number between 1 and 31/63). A thread will be bound on the intersection of its mapping and the one of the process on which it is attached. If the intersection is null, no specific bind will be set for the thread.
2017-10-16 09:49:32 -04:00
MINOR: haproxy: Make use of deinit_and_exit() for clean exits Particularly cleanly deinit() after a configuration check to clean up the output of valgrind which reports "possible losses" without a deinit() and does not with a deinit(), converting actual losses into proper hard losses which makes the whole stuff easier to analyze. As an example, given an example configuration of the following: frontend foo bind *:8080 mode http Running `haproxy -c -f cfg` within valgrind will report 4 possible losses: $ valgrind --leak-check=full ./haproxy -c -f ./example.cfg ==21219== Memcheck, a memory error detector ==21219== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. ==21219== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info ==21219== Command: ./haproxy -c -f ./example.cfg ==21219== [WARNING] 165/001100 (21219) : config : missing timeouts for frontend 'foo'. | While not properly invalid, you will certainly encounter various problems | with such a configuration. To fix this, please ensure that all following | timeouts are set to a non-zero value: 'client', 'connect', 'server'. Warnings were found. Configuration file is valid ==21219== ==21219== HEAP SUMMARY: ==21219== in use at exit: 1,436,631 bytes in 130 blocks ==21219== total heap usage: 153 allocs, 23 frees, 1,447,758 bytes allocated ==21219== ==21219== 7 bytes in 1 blocks are possibly lost in loss record 5 of 54 ==21219== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==21219== by 0x5726489: strdup (strdup.c:42) ==21219== by 0x468FD9: bind_conf_alloc (listener.h:158) ==21219== by 0x468FD9: cfg_parse_listen (cfgparse-listen.c:557) ==21219== by 0x459DF3: readcfgfile (cfgparse.c:2167) ==21219== by 0x5056CD: init (haproxy.c:2021) ==21219== by 0x418232: main (haproxy.c:3121) ==21219== ==21219== 14 bytes in 1 blocks are possibly lost in loss record 9 of 54 ==21219== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==21219== by 0x5726489: strdup (strdup.c:42) ==21219== by 0x468F9B: bind_conf_alloc (listener.h:154) ==21219== by 0x468F9B: cfg_parse_listen (cfgparse-listen.c:557) ==21219== by 0x459DF3: readcfgfile (cfgparse.c:2167) ==21219== by 0x5056CD: init (haproxy.c:2021) ==21219== by 0x418232: main (haproxy.c:3121) ==21219== ==21219== 128 bytes in 1 blocks are possibly lost in loss record 35 of 54 ==21219== at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==21219== by 0x468F90: bind_conf_alloc (listener.h:152) ==21219== by 0x468F90: cfg_parse_listen (cfgparse-listen.c:557) ==21219== by 0x459DF3: readcfgfile (cfgparse.c:2167) ==21219== by 0x5056CD: init (haproxy.c:2021) ==21219== by 0x418232: main (haproxy.c:3121) ==21219== ==21219== 608 bytes in 1 blocks are possibly lost in loss record 46 of 54 ==21219== at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==21219== by 0x4B953A: create_listeners (listener.c:576) ==21219== by 0x4578F6: str2listener (cfgparse.c:192) ==21219== by 0x469039: cfg_parse_listen (cfgparse-listen.c:568) ==21219== by 0x459DF3: readcfgfile (cfgparse.c:2167) ==21219== by 0x5056CD: init (haproxy.c:2021) ==21219== by 0x418232: main (haproxy.c:3121) ==21219== ==21219== LEAK SUMMARY: ==21219== definitely lost: 0 bytes in 0 blocks ==21219== indirectly lost: 0 bytes in 0 blocks ==21219== possibly lost: 757 bytes in 4 blocks ==21219== still reachable: 1,435,874 bytes in 126 blocks ==21219== suppressed: 0 bytes in 0 blocks ==21219== Reachable blocks (those to which a pointer was found) are not shown. ==21219== To see them, rerun with: --leak-check=full --show-leak-kinds=all ==21219== ==21219== For counts of detected and suppressed errors, rerun with: -v ==21219== ERROR SUMMARY: 4 errors from 4 contexts (suppressed: 0 from 0) Re-running the same command with the patch applied will not report any losses any more: $ valgrind --leak-check=full ./haproxy -c -f ./example.cfg ==22124== Memcheck, a memory error detector ==22124== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. ==22124== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info ==22124== Command: ./haproxy -c -f ./example.cfg ==22124== [WARNING] 165/001503 (22124) : config : missing timeouts for frontend 'foo'. | While not properly invalid, you will certainly encounter various problems | with such a configuration. To fix this, please ensure that all following | timeouts are set to a non-zero value: 'client', 'connect', 'server'. Warnings were found. Configuration file is valid ==22124== ==22124== HEAP SUMMARY: ==22124== in use at exit: 313,864 bytes in 82 blocks ==22124== total heap usage: 153 allocs, 71 frees, 1,447,758 bytes allocated ==22124== ==22124== LEAK SUMMARY: ==22124== definitely lost: 0 bytes in 0 blocks ==22124== indirectly lost: 0 bytes in 0 blocks ==22124== possibly lost: 0 bytes in 0 blocks ==22124== still reachable: 313,864 bytes in 82 blocks ==22124== suppressed: 0 bytes in 0 blocks ==22124== Reachable blocks (those to which a pointer was found) are not shown. ==22124== To see them, rerun with: --leak-check=full --show-leak-kinds=all ==22124== ==22124== For counts of detected and suppressed errors, rerun with: -v ==22124== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0) It might be worth investigating what exactly HAProxy does to lose pointers to the start of those 4 memory areas and then to be able to still free them during deinit(). If HAProxy is able to free them, they ideally should be "still reachable" and not "possibly lost".
2020-06-13 18:37:42 -04:00
deinit_and_exit(0);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
/*
* Local variables:
* c-indent-level: 8
* c-basic-offset: 8
* End:
*/
Reference in a new issue Copy permalink