From fcd4bf54c8276db2e562decdf9fccaec8de79f9d Mon Sep 17 00:00:00 2001 From: Valentine Krasnobaeva Date: Wed, 17 Jul 2024 18:40:41 +0200 Subject: [PATCH] BUG/MEDIUM: startup: fix zero-warning mode Let's check the second time a global counter of "ha_warning" messages, if zero-warning is set. And let's do this just before forking. At this moment we are sure, that we've already done all init operations, where we could emit "ha_warning", and we still have stderr fd opened. Even with the second check, we could lost some late and rare warnings about failing to drop supplementary groups and about re-enabling core dumps. Notes about this are added into 'zero-warning' keyword description. --- doc/configuration.txt | 17 ++++++++++++----- src/haproxy.c | 8 ++++++++ 2 files changed, 20 insertions(+), 5 deletions(-) diff --git a/doc/configuration.txt b/doc/configuration.txt index 885659345..151cbb10b 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -4176,11 +4176,18 @@ quiet zero-warning When this option is set, HAProxy will refuse to start if any warning was - emitted while processing the configuration. It is highly recommended to set - this option on configurations that are not changed often, as it helps detect - subtle mistakes and keep the configuration clean and forward-compatible. Note - that "haproxy -c" will also report errors in such a case. This option is - equivalent to command line argument "-dW". + emitted while processing the configuration and applying it. It means that + warnings about bad combinations of parameters, warnings about very high + limits that couldn't be set, and so on, make the process exit with an error + during startup. A few late startup warnings cannot be caught by this option, + such as the failure to drop supplementary groups when changing the group ID + in "daemon" or "master-worker" modes, or the failure to mark the process + dumpable after the fork(). This option does not catch warnings emitted at + runtime. It is highly recommended to set this option on configurations that + are not changed often, as it helps to detect subtle mistakes and keep the + configuration clean and forward-compatible. Note that "haproxy -c" will also + report errors in such a case. This option is equivalent to command line + argument "-dW". 3.4. Userlists diff --git a/src/haproxy.c b/src/haproxy.c index c00947583..629a56fa9 100644 --- a/src/haproxy.c +++ b/src/haproxy.c @@ -3485,6 +3485,14 @@ int main(int argc, char **argv) clock_adjust_now_offset(); ready_date = date; + /* catch last warnings, which could be produced while adjusting limits + * or preallocating fds + */ + if (warned & WARN_ANY && global.mode & MODE_ZERO_WARNING) { + ha_alert("Some warnings were found and 'zero-warning' is set. Aborting.\n"); + exit(1); + } + if (global.mode & (MODE_DAEMON | MODE_MWORKER | MODE_MWORKER_WAIT)) { int ret = 0; int in_parent = 0;