Hi, when issuing SIGUSR2 to haproxy systemd wrapper configured with lot of ssl certificate two times , I got "unknown/zombie" haproxy processes aka haproxy that did not and will never received SIGUSR1 signal (and will keep going listening until server reboot or manual fix) because theirs pid were overwritten by second reload sons (here 73185 & 73187) :
# ps auxwwf | grep /178/ root 81178 0.0 0.0 4216 1240 ? Ss Jul04 0:00 /usr/sbin/haproxy-systemd-wrapper -f /srv/178/haproxy.cfg -p /srv/178/haproxy.pid -L 178 haproxy 72071 8.0 1.3 3639044 3604856 ? S 16:08 1:36 \_ /usr/sbin/haproxy -f /srv/178/haproxy.cfg -p /srv/178/haproxy.pid -L 178 -Ds -sf 126588 126589 haproxy 73185 9.6 1.3 3667888 3622752 ? Ss 16:10 1:46 | \_ /usr/sbin/haproxy -f /srv/178/haproxy.cfg -p /srv/178/haproxy.pid -L 178 -Ds -sf 126588 126589 haproxy 73187 13.5 1.3 3677504 3631228 ? Ss 16:10 2:29 | \_ /usr/sbin/haproxy -f /srv/178/haproxy.cfg -p /srv/178/haproxy.pid -L 178 -Ds -sf 126588 126589 haproxy 72244 8.1 1.3 3639044 3604692 ? S 16:09 1:37 \_ /usr/sbin/haproxy -f /srv/178/haproxy.cfg -p /srv/178/haproxy.pid -L 178 -Ds -sf 126588 126589 haproxy 73205 9.6 1.3 3668912 3622984 ? Rs 16:10 1:46 \_ /usr/sbin/haproxy -f /srv/178/haproxy.cfg -p /srv/178/haproxy.pid -L 178 -Ds -sf 126588 126589 haproxy 73206 13.5 1.3 3676512 3629092 ? Ss 16:10 2:28 \_ /usr/sbin/haproxy -f /srv/178/haproxy.cfg -p /srv/178/haproxy.pid -L 178 -Ds -sf 126588 126589 # cat /srv/178/haproxy.pid 73205 73206 # haproxy -vv HA-Proxy version 1.6.5 2016/05/10 Copyright 2000-2016 Willy Tarreau <[email protected]> Build options : TARGET = linux2628 CPU = native CC = gcc CFLAGS = -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_LUA=1 USE_STATIC_PCRE=1 USE_PCRE_JIT=1 USE_TFO=1 Default settings : maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200 Encrypted password support via crypt(3): yes Built with zlib version : 1.2.8 Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip") Built with OpenSSL version : OpenSSL 1.0.1k 8 Jan 2015 Running on OpenSSL version : OpenSSL 1.0.1k 8 Jan 2015 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports prefer-server-ciphers : yes Built with PCRE version : 8.35 2014-04-04 PCRE library supports JIT : yes Built with Lua version : Lua 5.3.1 Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. Regards,
