Support reloading via systemd (#3144)

2025-02-23 04:27:02 +01:00 · 2024-10-26 11:24:58 +10:00 · 2024-10-26 11:24:58 +10:00 · b7e682c43f
parent dc56a3217d
commit b7e682c43f
3 changed files with 10 additions and 3 deletions
--- a/examples/systemd/kanidm-unixd.service
+++ b/examples/systemd/kanidm-unixd.service
@ -7,7 +7,7 @@ After=chronyd.service ntpd.service network-online.target

 [Service]
 DynamicUser=yes
-Type=notify
+Type=notify-reload
 ExecStart=/usr/local/sbin/kanidm_unixd

 CacheDirectory=kanidm-unixd
--- a/platform/opensuse/kanidmd.service
+++ b/platform/opensuse/kanidmd.service
@ -8,7 +8,7 @@ Wants=time-sync.target network-online.target
 Before=radiusd.service

 [Service]
-Type=notify
+Type=notify-reload
 DynamicUser=yes
 StateDirectory=kanidm
 StateDirectoryMode=0750
--- a/server/daemon/src/main.rs
+++ b/server/daemon/src/main.rs
@ -781,7 +781,14 @@ async fn kanidm_main(
                                        tokio::signal::unix::signal(sigterm).unwrap().recv().await
                                    } => {
                                        // Reload TLS certificates
-                                        sctx.tls_acceptor_reload().await
+                                        // systemd has a special reload handler for this.
+                                        #[cfg(target_os = "linux")]
+                                        let _ = sd_notify::notify(true, &[sd_notify::NotifyState::Reloading]);
+
+                                        sctx.tls_acceptor_reload().await;
+
+                                        #[cfg(target_os = "linux")]
+                                        let _ = sd_notify::notify(true, &[sd_notify::NotifyState::Ready]);
                                    }
                                    Some(()) = async move {
                                        let sigterm = tokio::signal::unix::SignalKind::user_defined1();