nginx systemd reload service command skips configtest
mdounin at mdounin.ru
Mon Sep 28 16:06:33 UTC 2015
On Sat, Sep 26, 2015 at 05:03:15PM -0400, Per Hansson wrote:
> Hi, the "nginx.service" file shipped with systemd rpm's both in nginx's
> stable repository and epel for CentOS7 / RHEL7 do not perform a "configtest"
> when "systemctl reload nginx" is issued.
> So if there is an error in the configuration file nginx is killed but not
> started due to the faulty configuration.
> It's possible to mitigate this in the nginx.service file by having two
> "ExecReload" commands on separate lines like so:
> # grep ExecReload /usr/lib/systemd/system/nginx.service
> ExecReload=/usr/sbin/nginx -t
> ExecReload=/bin/kill -s HUP $MAINPID
> This way if the configtest in the first line fails nginx is never killed,
> the command does not print any output but that is a systemd issue so I think
> I can't guarantee that this is a supported way to do this but it works for
> me at least :)
Configuration test is not needed when doing configuration reload.
During configuration reload a signal is sent to the nginx master
process, and this process handles the rest: it loads an updated
configuration, checks it and if everything is fine and applies
well it starts new worker processes with the updated configuration
and asks old worker processes to exit. If something goes wrong,
master processes simply rejects the new configuration with
appropriate errors logged to error log.
That is, configuration test isn't needed. It's also not enough -
as not all configuration changes can be done, e.g., you can't
change size of a shared memory zone. Additionally, in some cases
doing configuration testing before configuration reload is just
wrong, e.g., if you are in the middle of an upgrade of nginx, and
nginx binary on disk is different from one currently running.
The "killed but not started" case isn't something expected to
happen and not something I can reproduce here, just tested with
CentOS 7 and official nginx package from nginx.org. If this
happens for you - please report more details. Also please make
sure you've used "reload", not "restart".
More information about the nginx