On Tue, 29 Sep 2015 18:36:59 +1300 Amos Jeffries <squ...@treenet.co.nz> wrote:
> Hi Alex,
> Thank you for this report.
>
> To summarize:
> * this appears to be a bug in systemd, or maybe systemd-shim
> * the systemd init.d script handler is lying and corrupting systemd state
See my explanations below.
>
> On Mon, 28 Sep 2015 14:26:00 +1300 Alex King wrote:
> >
> > For example, with squid running, add a nonsense line into the
> > configuration. Reload with "systemctl reload squid3". Now "systemctl
> > status squid3" shows:
> >
> > â squid3.service - LSB: Squid HTTP Proxy version 3.x
> > Loaded: loaded (/etc/init.d/squid3)
> > Active: active (exited) since Mon 2015-09-28 13:31:37 NZDT; 12min ago
> > Process: 25937 ExecReload=/etc/init.d/squid3 reload (code=exited,
> status=0/SUCCESS)
>
> systemd is lying.
Nope, process has exited with exit status of 0.
>
> The init script contains this to exit with an error on squid.conf errors:
> res=`$DAEMON -k parse -f $CONFIG 2>&1 | grep -o "FATAL .*"`
> if test -n "$res";
> then
> log_failure_msg "$res"
> exit 3
> ...
This is were the error is.
With a faulty config, I have the following log:
FATAL: Bungled /etc/squid3/squid.conf line 272: http_access allow toto
The grep doesn't match! It should be grep -o "FATAL: .*"`.
> On most OS a shell script calling exit N with a non-0 value means
> failure. Apparently systemd is different.
As stated, "/etc/init.d/squid3 status" returned 0 here.
Once the attached patch is applied, and "systemctl daemon-reload" is
run, with a running service, doing the following will work as
expected:
me@srv:~$ sudo systemctl reload squid3.service
Job for squid3.service failed. See 'systemctl status squid3.service'
and 'journalctl -xn' for details.
me@srv:~$ systemctl status squid3.service
● squid3.service - LSB: Squid HTTP Proxy version 3.x
Loaded: loaded (/etc/init.d/squid3)
Active: active (running) (Result: exit-code) since mer. 2015-10-07
15:46:14 CEST; 1min 34s ago
Process: 17652 ExecReload=/etc/init.d/squid3 reload (code=exited, status=3)
CGroup: /system.slice/squid3.service
├─17066 /usr/sbin/squid3 -YC -f /etc/squid3/squid.conf
├─17069 (squid-1) -YC -f /etc/squid3/squid.conf
├─17070 (negotiate_wrapper_auth) --ntlm /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp --kerberos
/usr/lib/squid3/negotiate_kerberos_auth -s HTTP/proxy-pp.nantes....
├─17071 /usr/lib/squid3/negotiate_kerberos_auth -s
HTTP/proxy-pp.nantes....@ad.nantes.net
├─17072 (ntlm_auth) --helper-protocol=squid-2.5-ntlmssp
├─17073 /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
├─17074 (ntlm_auth) --helper-protocol=squid-2.5-basic
├─17075 /usr/bin/perl -w /usr/lib/squid3/ext_wbinfo_group_acl -K
├─17076 /usr/bin/perl -w /usr/lib/squid3/ext_wbinfo_group_acl -K
├─17077 /usr/bin/perl -w /usr/lib/squid3/ext_wbinfo_group_acl -K
├─17078 /usr/bin/perl -w /usr/lib/squid3/ext_wbinfo_group_acl -K
├─17079 /usr/bin/perl -w /usr/lib/squid3/ext_wbinfo_group_acl -K
└─17080 (pinger)
Additionnaly (but this is orthogonal), the systemctl status command
will incorrectly report service as active if it exited with status 0.
To fix, run:
sudo mkdir /etc/systemd/system/squid3.service.d
cat <<EOF | sudo tee /etc/systemd/system/squid3.service.d/pid.conf
[Service]
RemainAfterExit=no
PIDFile=/var/run/squid3.pid
EOF
sudo systemctl daemon-reload
sudo service logstash restart
I will patch the repo to fix both isssues, using fedora unit as
inspiration (http://pkgs.fedoraproject.org/cgit/squid.git/tree/squid.service).
--- /etc/init.d/squid3.dpkg-dist 2015-07-27 00:04:39.000000000 +0200
+++ /etc/init.d/squid3 2015-10-07 15:47:12.819706446 +0200
@@ -130,7 +130,7 @@
case "$1" in
start)
- res=`$DAEMON -k parse -f $CONFIG 2>&1 | grep -o "FATAL .*"`
+ res=`$DAEMON -k parse -f $CONFIG 2>&1 | grep -o "FATAL: .*"`
if test -n "$res";
then
log_failure_msg "$res"
@@ -153,7 +153,7 @@
fi
;;
reload|force-reload)
- res=`$DAEMON -k parse -f $CONFIG 2>&1 | grep -o "FATAL .*"`
+ res=`$DAEMON -k parse -f $CONFIG 2>&1 | grep -o "FATAL: .*"`
if test -n "$res";
then
log_failure_msg "$res"
@@ -166,7 +166,7 @@
fi
;;
restart)
- res=`$DAEMON -k parse -f $CONFIG 2>&1 | grep -o "FATAL .*"`
+ res=`$DAEMON -k parse -f $CONFIG 2>&1 | grep -o "FATAL: .*"`
if test -n "$res";
then
log_failure_msg "$res"
