OpenStack-Ansible

haproxy double entries

Bug #1631252 reported by admin0 on 2016-10-07

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack-Ansible	Invalid	Undecided	Kevin Carter

Bug Description

stable/newton
ubuntu 16.04

multi-node install with SSL selected.

The deployed haproxy has double entries.

Example:

root@s10:/etc/haproxy# grep -ri api.cloudvpsnl.com:9292 *

conf.d/glance_api: bind api.cloudvpsnl.com:9292 ssl crt /etc/ssl/private/haproxy.pem ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS

haproxy.cfg: bind api.cloudvpsnl.com:9292 ssl crt /etc/ssl/private/haproxy.pem ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS

It should either be in only haproxy.cfg or in conf.d/glance_api
Good to have it it is not in one big cfg but into individual segments in the conf.d folder.

See original description

admin0 (shashi-eu) on 2016-10-07

description:

updated

Revision history for this message

Jean-Philippe Evrard (jean-philippe-evrard) wrote on 2016-10-07:

haproxy packaging under centos/ubuntu doesn't work with folders.
We can't include folders without messing with the init scripts.

In order to not ship our own init scripts, like we used to do, we move to doing haproxy config in two steps: one for generating the files in conf.d and the last one by assembling the files for the haproxy.cfg.

That's by design.

Revision history for this message

admin0 (shashi-eu) wrote on 2016-10-07:

Then, can those unnecessary files or folders be deleted after the installation is done ? or maybe put a remark saying

## this file in this conf.d/ folder is for temporary purpose only and can be deleted.

Praveen N (praveenn) on 2016-10-07

Changed in openstack-ansible:
assignee:	nobody → Praveen N (praveenn)

Revision history for this message

Kevin Carter (kevin-carter) wrote on 2016-10-07:

so this is expected. the items in conf.d are concatenated into the single haproxy.cfg file. This is being done because systems that rely on systemd do not have the ability to source multiple conf.d files in a manner consistent with initV or upstart.

Changed in openstack-ansible:
status:	New → Invalid
assignee:	Praveen N (praveenn) → Kevin Carter (kevin-carter)

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.