Project

General

Profile

Actions
Copy link

Bug #51355

closed

ingress service /var/lib/haproxy/haproxy.cfg

Added by Asbjørn Sannes almost 3 years ago. Updated almost 3 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Sebastian Wagner
Category:
orchestrator
Target version:
-
% Done:

0%

Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
Ceph - v16.2.4
ceph-qa-suite:
Pull request ID:
42415
Crash signature (v1):
Crash signature (v2):

Description

It seems like cephadm expects haproxy to run as root, while the docker image haproxy runs it as the user haproxy.

This seems to have changed between haproxy 2.3.x and 2.4.x Docker images (https://hub.docker.com/_/haproxy).

It does work to add "-u root" to the docker run command in the run.unit file to make it work (found in /var/lib/ceph/<fsid>/haproxy.rgw.foo.simon.xcyvkg/unit.run).

Without those changes I get:

Jun 24 18:52:32 simon bash[3042133]: WARNING: Error loading config file: .dockercfg: $HOME is not defined
Jun 24 18:52:34 simon bash[3042133]: [NOTICE]   (8) : haproxy version is 2.4.0-6cbbecf
Jun 24 18:52:34 simon bash[3042133]: [NOTICE]   (8) : path to executable is /usr/local/sbin/haproxy
Jun 24 18:52:34 simon bash[3042133]: [ALERT]    (8) : Cannot open configuration file/directory /var/lib/haproxy/haproxy.cfg : Permission denied

When applying (rgw-ingress.yaml):

service_type: ingress
service_id: rgw.foo
placement:
  hosts:
    - simon
spec:
  backend_service: rgw.foo
  frontend_port: 8443
  virtual_ip: 10.10.12.7
  virtual_interface_networks:
    - "10.10.12.0/24" 
  monitor_port: 1967
  ssl_cert:
    -----BEGIN CERTIFICATE-----
...

with:

ceph orch apply -i rgw-ingress.yaml.

Actions
Copy link

Also available in: Atom PDF