From b7e682c43f36d7399991822c080e4620896d998c Mon Sep 17 00:00:00 2001 From: Firstyear Date: Sat, 26 Oct 2024 11:24:58 +1000 Subject: [PATCH] Support reloading via systemd (#3144) --- examples/systemd/kanidm-unixd.service | 2 +- platform/opensuse/kanidmd.service | 2 +- server/daemon/src/main.rs | 9 ++++++++- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/examples/systemd/kanidm-unixd.service b/examples/systemd/kanidm-unixd.service index 33956187c..ae1a0a3a5 100644 --- a/examples/systemd/kanidm-unixd.service +++ b/examples/systemd/kanidm-unixd.service @@ -7,7 +7,7 @@ After=chronyd.service ntpd.service network-online.target [Service] DynamicUser=yes -Type=notify +Type=notify-reload ExecStart=/usr/local/sbin/kanidm_unixd CacheDirectory=kanidm-unixd diff --git a/platform/opensuse/kanidmd.service b/platform/opensuse/kanidmd.service index 9ff4a01c8..fc8c30a92 100644 --- a/platform/opensuse/kanidmd.service +++ b/platform/opensuse/kanidmd.service @@ -8,7 +8,7 @@ Wants=time-sync.target network-online.target Before=radiusd.service [Service] -Type=notify +Type=notify-reload DynamicUser=yes StateDirectory=kanidm StateDirectoryMode=0750 diff --git a/server/daemon/src/main.rs b/server/daemon/src/main.rs index f3aa51de9..7486d34a8 100644 --- a/server/daemon/src/main.rs +++ b/server/daemon/src/main.rs @@ -781,7 +781,14 @@ async fn kanidm_main( tokio::signal::unix::signal(sigterm).unwrap().recv().await } => { // Reload TLS certificates - sctx.tls_acceptor_reload().await + // systemd has a special reload handler for this. + #[cfg(target_os = "linux")] + let _ = sd_notify::notify(true, &[sd_notify::NotifyState::Reloading]); + + sctx.tls_acceptor_reload().await; + + #[cfg(target_os = "linux")] + let _ = sd_notify::notify(true, &[sd_notify::NotifyState::Ready]); } Some(()) = async move { let sigterm = tokio::signal::unix::SignalKind::user_defined1();