Ceph » Orchestrator

It seems like cephadm expects haproxy to run as root, while the docker image haproxy runs it as the user haproxy.

This seems to have changed between haproxy 2.3.x and 2.4.x Docker images (https://hub.docker.com/_/haproxy).

It does work to add "-u root" to the docker run command in the run.unit file to make it work (found in /var/lib/ceph/<fsid>/haproxy.rgw.foo.simon.xcyvkg/unit.run).

Without those changes I get:

Jun 24 18:52:32 simon bash[3042133]: WARNING: Error loading config file: .dockercfg: $HOME is not defined
Jun 24 18:52:34 simon bash[3042133]: [NOTICE]   (8) : haproxy version is 2.4.0-6cbbecf
Jun 24 18:52:34 simon bash[3042133]: [NOTICE]   (8) : path to executable is /usr/local/sbin/haproxy
Jun 24 18:52:34 simon bash[3042133]: [ALERT]    (8) : Cannot open configuration file/directory /var/lib/haproxy/haproxy.cfg : Permission denied

When applying (rgw-ingress.yaml):

service_type: ingress
service_id: rgw.foo
placement:
  hosts:
    - simon
spec:
  backend_service: rgw.foo
  frontend_port: 8443
  virtual_ip: 10.10.12.7
  virtual_interface_networks:
    - "10.10.12.0/24" 
  monitor_port: 1967
  ssl_cert:
    -----BEGIN CERTIFICATE-----
...

with:

ceph orch apply -i rgw-ingress.yaml.