[PATCH] services: nginx: Add reload action

  • Done
  • quality assurance status badge
Details
3 participants
  • EuAndreh
  • Ludovic Courtès
  • Christopher Baines
Owner
unassigned
Submitted by
EuAndreh
Severity
normal
E
E
EuAndreh wrote on 10 Oct 2022 06:39
(address . guix-patches@gnu.org)(name . EuAndreh)(address . eu@euandre.org)
20221010043932.28384-1-eu@euandre.org
In a new "reload" shepherd-action, send a SIGHUP to the NGINX master
process, so that it can re-read the configuration file and start new
worker processes.

* gnu/services/web.scm (nginx-shepherd-service): Add the "reload"
shepherd-action
---
gnu/services/web.scm | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)

Toggle diff (35 lines)
diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index e5ab1a1180..227a577de3 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -807,7 +807,6 @@ (define (nginx-shepherd-service config)
#~#t
#~(read-pid-file #$pid-file))))))))
- ;; TODO: Add 'reload' action.
(list (shepherd-service
(provision '(nginx))
(documentation "Run the nginx daemon.")
@@ -815,7 +814,19 @@ (define (nginx-shepherd-service config)
(modules `((ice-9 match)
,@%default-modules))
(start (nginx-action "-p" run-directory))
- (stop (nginx-action "-s" "stop")))))))
+ (stop (nginx-action "-s" "stop"))
+ (actions
+ (list
+ (shepherd-action
+ (name 'reload)
+ (documentation "Reload NGINX configuration file and restart worker processes.")
+ (procedure
+ #~(lambda (pid)
+ (if pid
+ (begin
+ (kill pid SIGHUP)
+ (format #t "Service NGINX (PID ~a) has been reloaded." pid))
+ (format #t "Service NGINX is not running."))))))))))))
(define nginx-service-type
(service-type (name 'nginx)
--
2.37.3
C
C
Christopher Baines wrote on 11 Oct 2022 12:51
(name . EuAndreh)(address . eu@euandre.org)(address . 58405@debbugs.gnu.org)
87h70aaay0.fsf@cbaines.net
EuAndreh via Guix-patches via <guix-patches@gnu.org> writes:

Toggle quote (10 lines)
> In a new "reload" shepherd-action, send a SIGHUP to the NGINX master
> process, so that it can re-read the configuration file and start new
> worker processes.
>
> * gnu/services/web.scm (nginx-shepherd-service): Add the "reload"
> shepherd-action
> ---
> gnu/services/web.scm | 15 +++++++++++++--
> 1 file changed, 13 insertions(+), 2 deletions(-)

With the NGinx service currently, you need to restart it to change the
NGinx binary or configuration file.

What's the purpose of the reload action here given that neither the
binary or configuration file being used will change?

Thanks,

Chris
-----BEGIN PGP SIGNATURE-----

iQKlBAEBCgCPFiEEPonu50WOcg2XVOCyXiijOwuE9XcFAmNFSxdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF
ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcRHG1haWxAY2Jh
aW5lcy5uZXQACgkQXiijOwuE9XdLPQ//UfzDl3d0jA0tHOjiVPlzXQ+52p/Segu4
SwQWEY4ClL1bramqZlAKNtkhFmVcCKKR+951bCu69VqIHONRpJCT/y1tUTZGARi7
F8koTFOrJY0hSEt0/z4tD/KMMtwaRL+aoIIYo2NKjfDKwz2UqZ50eSdOibqvBJza
2QTkTJ4Skbr3MdiqUesbZyDJVzWUciXHSiN9FAUThK2aIEQogh+xISz+ZTQRKsbO
+goG6/dlpfAGQqRtuSKJqbV06mA7ajxkK6LzeGAfXCINIMtMof2JpAnV1F2apViQ
4c6/lpiczEOJ3r/dMYsO8U9bIAjzavH48BfDA9v0Dk9s3NhjJDlNfyDbjLsYzNkn
q/FXxyWsxYtIMbEhN5xhG2VpT6wGlEN6EEeKI9WmBMB44eXHzsnxJGaeMpXB7YOb
YxlFaFnUFDMWRFsstnABt9bEhYXF3nmwfv1jdt3xetSduCg5G1eJwexne9jV95ft
yn+OTVvJwQz04JOeAB+SLijIWGYT1sxWlkNOdgQ74zKmPio580610v84UsmPFOrK
sty3xAM0tpEVDbcmsnbR5PWXSlUwU+aYETqp/2kATaoyXYQ3z0OitVpTYQ9tG2GQ
PV13Io2dCqa6dcQk1b+wwOcpErdqR25U8IqRaSIUe0LRpzl8ksg/uF/GMKNXlFJn
g8saQ/aXyLs=
=U4kc
-----END PGP SIGNATURE-----

E
E
EuAndreh wrote on 12 Oct 2022 09:00
(name . Christopher Baines)(address . mail@cbaines.net)(address . 58405@debbugs.gnu.org)
166555804644.2805.1693234721157753050@localhost
Toggle quote (3 lines)
> With the NGinx service currently, you need to restart it to change the
> NGinx binary or configuration file.

It is true that you need to restart to change the NGINX binary, but this
is not true for changing the configuration file.

NGINX's master process reloads the configuration file, which could have
an "include" line that points to ad-hoc files in /etc. So even though
the NGINX service is using the immutable file inside /gnu/store,
reloading it can have it change its runtime behaviour.

The same behaviour is relied upon for certbot certificates: the current
certificate lives in /etc/letsencrypt/live, but it is a symlink that
points to /etc/letsencrypt/archive. When a certificate is renewed, a
SIGHUP ought to be sent to NGINX in order to reload the configuration
file, so that the certificates themselves can be reloaded, even though
neither the NGINX binary nor the configuration file changed, but only
what they point to did.


Toggle quote (3 lines)
> What's the purpose of the reload action here given that neither the
> binary or configuration file being used will change?

I'm doing blue/green deployments on a web service. I have the
equivalent of /etc/my-service/{blue,green,active}.conf files, and an
"include" line in the main NGINX configuration that includes the
"active" one. Doing a deploy from blue to green is done by changing the
`active.conf` symlink to point to `green.conf` instead, and sending a
SIGHUP to NGINX.
C
C
Christopher Baines wrote on 13 Oct 2022 12:40
(name . EuAndreh)(address . eu@euandre.org)(address . 58405@debbugs.gnu.org)
87a660801b.fsf@cbaines.net
EuAndreh <eu@euandre.org> writes:

Toggle quote (19 lines)
>> With the NGinx service currently, you need to restart it to change the
>> NGinx binary or configuration file.
>
> It is true that you need to restart to change the NGINX binary, but this
> is not true for changing the configuration file.
>
> NGINX's master process reloads the configuration file, which could have
> an "include" line that points to ad-hoc files in /etc. So even though
> the NGINX service is using the immutable file inside /gnu/store,
> reloading it can have it change its runtime behaviour.
>
> The same behaviour is relied upon for certbot certificates: the current
> certificate lives in /etc/letsencrypt/live, but it is a symlink that
> points to /etc/letsencrypt/archive. When a certificate is renewed, a
> SIGHUP ought to be sent to NGINX in order to reload the configuration
> file, so that the certificates themselves can be reloaded, even though
> neither the NGINX binary nor the configuration file changed, but only
> what they point to did.

That makes sense. I do think this still might cause confusion, since I
think some will expect this to change NGinx to use the configuration
defined in the system configuration.

I'm not quite sure how to address that, but I think this can still be
merged.

Chris
-----BEGIN PGP SIGNATURE-----

iQKlBAEBCgCPFiEEPonu50WOcg2XVOCyXiijOwuE9XcFAmNH7tBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF
ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcRHG1haWxAY2Jh
aW5lcy5uZXQACgkQXiijOwuE9Xd3Mw//cOibUqQovSdIMApd/pHe+Gn5ObOJrIwF
D0a+34yubn/4xFWXeY9GFuRXhv/7jyQtuk+opSlkgo0ZAK3jt8YnyAIuUgvW05Ac
XsJ8k2DA4LD6XALfsyNlPdk0C79nwiPEnv43rW6+Kae0q4CjyrMR+rx4Oqdzend9
uky5MtUhRohkkeZiuSIFRsnUS4pMwI9ynhUwl28XAVaXAH8gfsqSo8grGt3Rhq6p
MlZ3X+ulaoJVhWScOqNYuvcvKxoOunot84cj090z5hkvxRyN35CzCTbRz1ro+s4y
ehxIqV/V94q4LUwlPddLDZBs6dTxcjRzPhFJSy7mS81xQFdcVSDHfYGZigpcyeSm
GgAYX692QjB9yeA606bu4ajFup4lrc20a/TxvkJh2p/0OKRebKofU5ba1P1agr8m
hgqO+yPVDmdB+kZe2lqKNY6Y9Kk5/RY9wKNu7oTtai5owXDx0tOSv5h0QnpD9eTc
Pce6w0A5VaNJWqmBgKTpst+8QG1xipveyVeghdMDHQz75W9YXZS0kjH0vH6UfLvE
jENcCXld6VTtWQFNVA+xSf6mT5mal6WaVrkJRhcM7FLc0O+YLFzYECSsGZDp1Ic7
xLPra/DOrSjXzkERxlJeIKfJ3iA0Qd1VbX9JROJ6degu5BKZVSP8rZ5gIu64ZhnT
2MCMjZ0XCaY=
=QmHO
-----END PGP SIGNATURE-----

C
C
Christopher Baines wrote on 13 Oct 2022 13:38
(name . EuAndreh)(address . eu@euandre.org)(address . 58405-done@debbugs.gnu.org)
87wn946jh0.fsf@cbaines.net
Christopher Baines <mail@cbaines.net> writes:

Toggle quote (3 lines)
> I'm not quite sure how to address that, but I think this can still be
> merged.

I've gone ahead and pushed this as
10d429f2fce321d8285684503094694ec3979865.

Thanks,

Chris
-----BEGIN PGP SIGNATURE-----

iQKkBAEBCgCPFiEEPonu50WOcg2XVOCyXiijOwuE9XcFAmNH+OtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF
ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcRHG1haWxAY2Jh
aW5lcy5uZXQACgkQXiijOwuE9XeiNg/4n3lBPKGWPRYmai/qfTVLbfxTAliEtVlZ
bzLFNwlwtX02i1psVtj68Aw8uVu4A0jYoZjaRdtruELcsPXu71lvWhtzNhoJjc3d
lkQ1PPMNyUMudsKmtLSixI6NgE2MtSDEGEzGu+ITXfKFrb1Ntrsb/OFxNb8tGTaT
TcpQlSbtyjvVBcktikwhB0YSw8ixCcO//ywUwWRdDJX3h8mTf7MvjEIA7wvhP5Qt
bHy2vgqFVoVXmjW/TH5Y8fteN/a20FLGdNUy2aI+KHYc58uYilNo8En5GauBiMeQ
gA6688lye2hcFpIzSBcRmUcvR3NSYTrZtDVdUrMTKyMJgtvNg4Yi0aSbolMGFCAb
txFY/i4HuxHsTg+a+ljDGe5pvWxspSrKqjl+8PUAQCXy0KEZDHl7bgVHBW8YIIjf
ZM/xpVjdFUVe8hC32qJxSCrdepQvwaqXj/wIw+YYoGV3lnRZL1fr1lEpLBlL6REY
xf+F4Uu0RjqKL4axuX+Y2/X943EAL3SDQuf7E11cu4WY9bnZEnhlSLzdbYw3O10T
sh1l6ExTAIqc4M9+VUtfK9s+JPPweUfVxGB89SH6qabcm+jcBMm4dNgpuVqcQPuJ
P35z9mIgUiPDvCoQJ/fazIAFbDJhdlm7igvg2PlhxMU8/fFtJg8yrvkUZyBbk2pg
W6ptAwqNNA==
=sn0c
-----END PGP SIGNATURE-----

Closed
L
L
Ludovic Courtès wrote on 13 Oct 2022 16:02
Re: bug#58405: [PATCH] services: nginx: Add reload action
(name . EuAndreh)(address . eu@euandre.org)
87v8onq0tg.fsf@gnu.org
Hi,

A late comment…

EuAndreh <eu@euandre.org> skribis:

Toggle quote (9 lines)
> + (shepherd-action
> + (name 'reload)
> + (documentation "Reload NGINX configuration file and restart worker processes.")
> + (procedure
> + #~(lambda (pid)
> + (if pid
> + (begin
> + (kill pid SIGHUP)

Isn’t ‘nginx -s reload’ the documented way to do that? Or maybe it’s
completely equivalent?

Toggle quote (3 lines)
> + (format #t "Service NGINX (PID ~a) has been reloaded." pid))
> + (format #t "Service NGINX is not running."))))))))))))

Nitpick: According to https://nginx.org/en/ it seems that the correct
spelling is “nginx”, lowercase. :-)

Thanks,
Ludo’.
E
E
EuAndreh wrote on 13 Oct 2022 18:02
Re: [bug#58405] [PATCH] services: nginx: Add reload action
(name . Christopher Baines)(address . mail@cbaines.net)(address . 58405@debbugs.gnu.org)
166567692392.1002.1128529192389237246@localhost
Toggle quote (4 lines)
> That makes sense. I do think this still might cause confusion, since I
> think some will expect this to change NGinx to use the configuration
> defined in the system configuration.

How about being more explicit in the action documentation about the scope of the
reload?
E
E
EuAndreh wrote on 13 Oct 2022 18:05
Re: bug#58405: [PATCH] services: nginx: Add reload action
(name . Ludovic Courtès)(address . ludo@gnu.org)
166567715189.1002.10471412833004207259@localhost
They're compleltely equivalent :)

Both are documented ways of doing the same, see:


Toggle quote (3 lines)
> Nitpick: According to https://nginx.org/en/ it seems that the correct
> spelling is “nginx”, lowercase. :-)

Oh, TIL.

I'll fix that.
E
E
EuAndreh wrote on 13 Oct 2022 18:38
Re: [bug#58405] [PATCH] services: nginx: Add reload action
(name . Christopher Baines)(address . mail@cbaines.net)(address . 58405@debbugs.gnu.org)
166567909990.18703.909407946097887605@localhost
I think it would address your concerns on confusion of users.

I'm up for doing it if you agree.
C
C
Christopher Baines wrote on 14 Oct 2022 12:43
(name . EuAndreh)(address . eu@euandre.org)(address . 58405@debbugs.gnu.org)
87mt9y65yo.fsf@cbaines.net
EuAndreh <eu@euandre.org> writes:

Toggle quote (7 lines)
>> That makes sense. I do think this still might cause confusion, since I
>> think some will expect this to change NGinx to use the configuration
>> defined in the system configuration.
>
> How about being more explicit in the action documentation about the scope of the
> reload?

Yeah, that sounds good to me.
-----BEGIN PGP SIGNATURE-----

iQKlBAEBCgCPFiEEPonu50WOcg2XVOCyXiijOwuE9XcFAmNJPU9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF
ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcRHG1haWxAY2Jh
aW5lcy5uZXQACgkQXiijOwuE9XdO/xAApU8SoKgCYJzPvy8Tg1CMV/MD6VFi1ijm
q5SW8fBvWCnPsdS7gAvv/INUTBEMAcjInh+CaeUpcqfhPbfS0PT4VWqvSzPspNyw
414OZB/IzkudOM1HG5y0gK2zsLqbDtNfamuNauSurUI2Ehh/M/KwFMGtC+PVHb6M
53qK8ttn823JOGFxOp0LHhZuZKlFY5QWOtw7r5MClIjtmLl2mv2cWWdE1FQzZNvq
pFRfKCx5QhLT0v8ufuT2e0sImscxnfPaZpx+Ug/YnlmAfifCrvfy03fJW70tJIsk
+6HWuxHevDHipsPdv9U3zqj+3RWEQWaQYi/WG9PKLutCzMMkQPbTjR9etT2szXbS
avKeTa+L9z5bCjEWhJXOMwRwMhZRk2L6uOMQ8F/HqDESyp3qtJLJ/cFMri+jCJeN
BMCl8NtHdXryIAtf/xPEYZlqINuLr2i2JbCEiv8W5zZsz6wZFoAk/ydg9O/uJXhk
aNcOLqNj4t0Z9KoSr9Owla2bIf6EBGcPZ0osmuF971aW/wXmsLbaNqR7XcYYduB2
DIboUPUiNkKlF3DdZIjryetcJlVInhFM+Nrx2/9JaFUxPz0s+i7F7ueGXa9xSDVK
deGxnVZVSNe7nKJA/a/e8XSMteRz+cgLnd2tGscnhbIbrpStqmbnCfdyYRXNz/Ft
vt+OIBRQTlE=
=nZvm
-----END PGP SIGNATURE-----

?