Actions
Bug #51355
closedingress service /var/lib/haproxy/haproxy.cfg
% Done:
0%
Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
It seems like cephadm expects haproxy to run as root, while the docker image haproxy runs it as the user haproxy.
This seems to have changed between haproxy 2.3.x and 2.4.x Docker images (https://hub.docker.com/_/haproxy).
It does work to add "-u root" to the docker run command in the run.unit file to make it work (found in /var/lib/ceph/<fsid>/haproxy.rgw.foo.simon.xcyvkg/unit.run).
Without those changes I get:
Jun 24 18:52:32 simon bash[3042133]: WARNING: Error loading config file: .dockercfg: $HOME is not defined Jun 24 18:52:34 simon bash[3042133]: [NOTICE] (8) : haproxy version is 2.4.0-6cbbecf Jun 24 18:52:34 simon bash[3042133]: [NOTICE] (8) : path to executable is /usr/local/sbin/haproxy Jun 24 18:52:34 simon bash[3042133]: [ALERT] (8) : Cannot open configuration file/directory /var/lib/haproxy/haproxy.cfg : Permission denied
When applying (rgw-ingress.yaml):
service_type: ingress service_id: rgw.foo placement: hosts: - simon spec: backend_service: rgw.foo frontend_port: 8443 virtual_ip: 10.10.12.7 virtual_interface_networks: - "10.10.12.0/24" monitor_port: 1967 ssl_cert: -----BEGIN CERTIFICATE----- ...
with:
ceph orch apply -i rgw-ingress.yaml.
Actions