Actions
tickets #173533
openkanidmd reload failure
Start date:
2024-12-02
Due date:
% Done:
0%
Estimated time:
Description
Monitoring complains about failing reload after certificate renewals on kani{1,2}. It seems kanidmd takes the request but then does not process it completely, until it times out:
2024-12-02T00:17:16.781179+00:00 kani1 sudo: cert : PWD=/home/cert ; USER=root ; COMMAND=/usr/bin/systemctl try-reload-or-restart kanidmd
2024-12-02T00:17:16.782933+00:00 kani1 sudo: pam_unix(sudo:session): session opened for user root by (uid=1000)
2024-12-02T00:17:16.788565+00:00 kani1 systemd[1]: Reloading Kanidm Identity Server...
2024-12-02T00:17:16.789862+00:00 kani1 kanidmd[1223]: 00000000-0000-0000-0000-000000000000 INFO i [info]: Reloaded http tls acceptor
2024-12-02T00:17:16.789891+00:00 kani1 kanidmd[1223]: 00000000-0000-0000-0000-000000000000 INFO i [info]: Reloaded ldap tls acceptor
...
2024-12-02T00:18:46.889486+00:00 kani1 systemd[1]: kanidmd.service: Reload operation timed out. Killing reload process.
2024-12-02T00:18:46.889587+00:00 kani1 systemd[1]: Reload failed for Kanidm Identity Server.
Updated by crameleon 25 days ago
It seems reload was only introduced relatively recently: https://github.com/kanidm/kanidm/pull/3144. That'd explain why the issue was not present earlier, as our try-reload-or-restart falls back to restart if a unit does not support reload.
Updated by firstyear 25 days ago
When you get those messages it means the reload is complete.
This will be a bug in systemd I expect.
https://www.freedesktop.org/software/systemd/man/latest/sd_notify.html#RELOADING=1
https://github.com/kanidm/kanidm/blob/master/server/daemon/src/main.rs#L783
Actions