nginx systemd reload service command skips configtest

Maxim Dounin mdounin at mdounin.ru
Mon Sep 28 16:06:33 UTC 2015 

Hello!

On Sat, Sep 26, 2015 at 05:03:15PM -0400, Per Hansson wrote:

> Hi, the "nginx.service" file shipped with systemd rpm's both in nginx's
> stable repository and epel for CentOS7 / RHEL7 do not perform a "configtest"
> when "systemctl reload nginx" is issued.
> So if there is an error in the configuration file nginx is killed but not
> started due to the faulty configuration.
> It's possible to mitigate this in the nginx.service file by having two
> "ExecReload" commands on separate lines like so:
> # grep ExecReload /usr/lib/systemd/system/nginx.service
> ExecReload=/usr/sbin/nginx -t
> ExecReload=/bin/kill -s HUP $MAINPID
> 
> This way if the configtest in the first line fails nginx is never killed,
> the command does not print any output but that is a systemd issue so I think
> unavoidable.
> 
> I can't guarantee that this is a supported way to do this but it works for
> me at least :)

Configuration test is not needed when doing configuration reload.  
During configuration reload a signal is sent to the nginx master 
process, and this process handles the rest: it loads an updated 
configuration, checks it and if everything is fine and applies 
well it starts new worker processes with the updated configuration 
and asks old worker processes to exit.  If something goes wrong, 
master processes simply rejects the new configuration with 
appropriate errors logged to error log.

That is, configuration test isn't needed.  It's also not enough - 
as not all configuration changes can be done, e.g., you can't 
change size of a shared memory zone.  Additionally, in some cases 
doing configuration testing before configuration reload is just 
wrong, e.g., if you are in the middle of an upgrade of nginx, and 
nginx binary on disk is different from one currently running.

The "killed but not started" case isn't something expected to 
happen and not something I can reproduce here, just tested with 
CentOS 7 and official nginx package from nginx.org.  If this 
happens for you - please report more details.  Also please make 
sure you've used "reload", not "restart".

-- 
Maxim Dounin
http://nginx.org/

More information about the nginx mailing list