charm-haproxy

All units (servers) are not added to haproxy

Bug #2040130 reported by Erik Lönroth on 2023-10-23

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	charm-haproxy	New	Undecided	Unassigned

Bug Description

I was relating a haproxy:reverseproxy to the "juju-controller:website" charm to achieve a ssl-termination for a juju controller setup in high-availability with three units.

(See attached image)

# The problem

The juju-controller application has three units, but in the haproxy.cfg, there is only a single unit. The other two units are not added to the config.

# Below the single haproxy unit - This shows that there are three units of the juju-controller.

juju show-unit haproxy/0
haproxy/0:
  machine: "3"
  opened-ports:
  - 80/tcp
  - 443/tcp
  - 10000/tcp
  public-address: 13.51.194.141
  charm: ch:amd64/focal/haproxy-75
  leader: true
  life: alive
  relation-info:
  - relation-id: 1
    endpoint: peer
    related-endpoint: peer
    application-data: {}
    local-unit:
      in-scope: true
      data:
        egress-subnets: 172.31.37.29/32
        ingress-address: 172.31.37.29
        private-address: 172.31.37.29
  - relation-id: 2
    endpoint: reverseproxy
    related-endpoint: website
    application-data: {}
    related-units:
      juju-controller/0:
        in-scope: true
        data:
          egress-subnets: 172.31.19.33/32
          hostname: 172.31.19.33
          ingress-address: 172.31.19.33
          port: "17070"
          private-address: 172.31.19.33
      juju-controller/1:
        in-scope: true
        data:
          egress-subnets: 172.31.39.110/32
          ingress-address: 172.31.39.110
          private-address: 172.31.39.110
      juju-controller/2:
        in-scope: true
        data:
          egress-subnets: 172.31.8.39/32
          ingress-address: 172.31.8.39
          private-address: 172.31.8.39

# Below the relevant sections from the haproxy-charm-generated haproxy.cfg file which shows only one server where there should be 3.

frontend haproxy-0-443
    bind 0.0.0.0:443 ssl crt /var/lib/haproxy/certs no-sslv3
    default_backend app-controller
    mode http

backend app-controller
    mode http
    balance leastconn
    option httpchk GET / HTTP/1.1\r\nHost:\ juju-apiserver\r\nConnection:\ Upgrade\r\nUpgrade:\ websocket\r\nSec-WebSocket-Key:\ aGFwcm94eQ==\r\nSec-WebSocket-Version:\ 13\r\nSec-WebSocket-Protocol:\ echo-protocol
    http-check expect status 101
    server juju-controller-0-17070 172.31.19.33:17070 ssl verify none check

See original description

Revision history for this message

Erik Lönroth (erik-lonroth) wrote on 2023-10-23:

Screenshot from 2023-10-23 08-24-42.png Edit (78.2 KiB, image/png)

description:

updated

Revision history for this message

Tom Haddon (mthaddon) wrote on 2023-10-23:

It looks like only one of the units is exposing `port: "17070"` over the relation which I suspect is why haproxy is only connecting to one of them. Possibly this is intended behaviour of the juju-controller charm?

Erik Lönroth (erik-lonroth) on 2023-10-23

description:

updated

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Screenshot from 2023-10-23 08-24-42.png Edit

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.