[/var/log/neutron/neutron-lbaasv2-agent.log]
2017-09-21 19:44:44.850 736613 WARNING neutron_lbaas.drivers.haproxy.namespace_driver [-] Error while connecting to stats socket: [Errno 13] EACCES
In complain mode, if you see "ALLOWED" message for operation="connect" and info="Failed name lookup - disconnected path", but still see EACCES from lbaasv2 log. It may be hit by a bug in apparmor which blocks operation="connect" even in complain mode[2][3].
I may be completely wrong, but one possible reason to cause 503 from haproxy is AppArmor.
@Xav, what happens if you disable apparmor, i.e. aa-disable /usr/bin/ neutron- lbaasv2- agent?
As you see in an unrelated bug[1], the apparmor profile installed by neutron-gateway charm blocks lbaasv2 if it's set in enforced mode.
[kernel log] 4.857:304) : apparmor="DENIED" operation="connect" info="Failed name lookup - disconnected path" error=-13 profile= "/usr/bin/ neutron- lbaasv2- agent" name="var/ lib/neutron/ lbaas/v2/ 496d6d2b- 8bf7-42b7- 822f-c3f31d8db4 3f/haproxy_ stats.sock" pid=736613 comm="neutron- lbaasv2" requested_mask="wr" denied_mask="wr" fsuid=115 ouid=0
Sep 21 19:46:44 HOSTNAME kernel: audit: type=1400 audit(150602320
[/var/log/ neutron/ neutron- lbaasv2- agent.log] lbaas.drivers. haproxy. namespace_ driver [-] Error while connecting to stats socket: [Errno 13] EACCES
2017-09-21 19:44:44.850 736613 WARNING neutron_
In complain mode, if you see "ALLOWED" message for operation="connect" and info="Failed name lookup - disconnected path", but still see EACCES from lbaasv2 log. It may be hit by a bug in apparmor which blocks operation="connect" even in complain mode[2][3].
[1] https:/ /bugs.launchpad .net/charm- neutron- gateway/ +bug/1718768 /bugs.launchpad .net/apparmor/ +bug/1624497 /bugs.launchpad .net/apparmor/ +bug/1624300
[2] https:/
[3] https:/