Changing haproxy parameters with enabled SELinux after the initial deployment results in the haproxy container stuck in a restart loop
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
Undecided
|
Mike Fedosin |
Bug Description
Changing the haproxy configuration(e.g. timeouts adjustments or master/infra nodes scale out) after the initial deployment results in the haproxy container stuck in a restart loop due to selinux denials:
># docker ps | grep haproxy
ed4f116c597c 192.168.
># docker logs -f haproxy
Running command: '/usr/sbin/
+ echo 'Running command: '\''/usr/
+ exec /usr/sbin/
<7>haproxy-
[ALERT] 343/232417 (11) : Starting frontend GLOBAL: error when trying to preserve previous UNIX socket [/var/lib/
<5>haproxy-
+ sudo -E kolla_set_configs
INFO:__
INFO:__
INFO:__main__:Kolla config strategy set to: COPY_ALWAYS
INFO:__
INFO:__
INFO:__
INFO:__
INFO:__
ERROR:_
Traceback (most recent call last):
File "/usr/local/
os.chown(path, uid, gid)
OSError: [Errno 13] Permission denied: '/var/lib/haproxy'
++ cat /run_command
+ CMD='/usr/
+ ARGS=
+ [[ ! -n '' ]]
+ . kolla_extend_start
+ echo 'Running command: '\''/usr/
Running command: '/usr/sbin/
+ exec /usr/sbin/
<7>haproxy-
[ALERT] 343/232742 (11) : Starting frontend GLOBAL: error when trying to preserve previous UNIX socket [/var/lib/
<5>haproxy-
># grep denied /var/log/
type=AVC msg=audit(
Related bug description: https:/
Changed in tripleo: | |
assignee: | nobody → Mike Fedosin (mfedosin) |
status: | New → Confirmed |
Fix proposed to branch: master /review. openstack. org/624373
Review: https:/