1943869 – Provide e.g. /etc/haproxy/conf.d directory and use it in haproxy.service

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1943869 - Provide e.g. /etc/haproxy/conf.d directory and use it in haproxy.service

Summary: Provide e.g. /etc/haproxy/conf.d directory and use it in haproxy.service

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	haproxy
Sub Component:
Version:	8.3
Hardware:	x86_64
OS:	Linux
Priority:	low
Severity:	high
Target Milestone:	rc
Target Release:	8.5
Assignee:	Ryan O'Hara
QA Contact:	Brandon Perkins
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2093482 2093483
TreeView+	depends on / blocked

Reported:	2021-03-28 00:50 UTC by Robert Scheck
Modified:	2022-11-08 10:52 UTC (History)
CC List:	7 users (show)
Fixed In Version:	haproxy-1.8.27-5.el8
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	2093482 2093483 (view as bug list)
Environment:
Last Closed:	2022-11-08 09:51:38 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2022:7625	0	None	None	None	2022-11-08 09:51:44 UTC

Description Robert Scheck 2021-03-28 00:50:01 UTC

Description of problem:
As of writing, the HAProxy configuration file possibilities in RHEL 8 are unfortunately very static. And this leads to the commonly (wrong) assumption that HAProxy only supports a single configuration file rather a "conf.d" directory.

As per https://www.mail-archive.com/haproxy@formilux.org/msg28891.html, HAProxy supports also a configuration directory, from which "all the files (and only files) it contains are added in lexical order (using LC_COLLATE=C) to the list of configuration files to be loaded [...]".

Thus I hereby would like to propose to add e.g. a /etc/haproxy/conf.d directory and to include e.g. a "-f /etc/haproxy/conf.d" to the haproxy.service systemd unit file.

Having a configuration drop-in directory eases the handling of especially generated configuration files.

Version-Release number of selected component (if applicable):
haproxy-1.8.23-5.el8

Actual results:
No e.g. /etc/haproxy/conf.d directory which is being picked up by haproxy.service.

Expected results:
E.g. /etc/haproxy/conf.d directory which gets picked up by haproxy.service

Additional info:
Once this RFE is accepted in general, it should be merged back to Fedora and also to RHEL 9 (let me know if this needs yet another case at the Red Hat customer portal in addition to 8).

Comment 1 Robert Scheck 2021-03-28 00:53:28 UTC

Cross-filed case 02903748 at the Red Hat customer portal.

Comment 10 Nimish Sharma 2022-05-26 05:14:49 UTC

Hi, Team,

We have got around 10 support cases from customer to know if we can implemented it for RHEL 8.6 or 8.7 (and 9). Kindly check and let us know if it feasible.

Comment 13 Ryan O'Hara 2022-06-03 16:53:49 UTC

Here are some initial findings:

# rpm -q haproxy
haproxy-2.4.7-2.el9_0.x86_64

Created /etc/haproxy/conf.d directory and populated with two config files: 01-haproxy.cfg (contains the frontend declaration) and 02-haproxy.cfg (contains the backend declaration). Note that the frontend references the default backend which is parsed *after* being referenced (parsing is done in lexical order or file names in conf.d directory). The global and default sections remain in /etc/haproxy/haproxy.cfg file. We can test the configuration for validity by running:

# haproxy -f /etc/haproxy/haproxy.cfg -f /etc/haproxy/conf.d/ -c
Configuration file is valid

Reversing the order (ie. putting the backend in 01-haproxy.cfg and the frontend in 02-haproxy.cfg) also works, as expected. Having an empty conf.d directory also works, which is important as to not break existing, single file configurations.

Some things to be aware of:
- haproxy will only parse non-hidden files that end in "*.cfg"
- haproxy will parse files in the conf.d directory in lexical order
- haproxy will issue an alert if a frontend and/or backend is redeclared (ie. same frontend/backend name defined multiple times across files)
- haproxy will issue an alert if globals and/or defaults section is redefined

Note that this behavior has only been tested for haproxy-2.4 in RHEL9. It is possible that RHEL8 (which contains haproxy-1.8) may behave differently, specifically with regards to yet to be defined/parsed backends that are referenced earlier in parsing.

Seems like this is feasible for RHEL9, but this BZ is open against RHEL8.

Comment 14 Robert Scheck 2022-06-03 17:25:14 UTC

(In reply to Ryan O'Hara from comment #13)
> Seems like this is feasible for RHEL9, but this BZ is open against RHEL8.

I'm the initial reporter. RHEL 9 is absolutely fine, but ideally also RHEL 8 (especially as this report is already 1+ years old).

Comment 15 Ryan O'Hara 2022-06-03 17:51:19 UTC

It appears that haproxy-1.8.27 in RHEL8 behaves the same as described in comment #13. We will need a separate BZ (clone) for RHEL9. I will need to work on upstream changes next, but I seriously doubt the will backport this to anything beyond 2.4 release.

Comment 16 Robert Scheck 2022-06-07 19:59:47 UTC

Why is it unlikely that the same change gets also applied for RHEL 8 (haproxy 1.8.x)? According to your comment #13, it doesn't break existing setups.

Comment 17 Robert Scheck 2022-06-13 18:16:46 UTC

Thank you!

Comment 21 Robert Scheck 2022-07-25 20:06:56 UTC

May I ask why haproxy-1.8.27-5.el8 doesn't show up at https://git.centos.org/rpms/haproxy/commits/c8s?

Comment 24 Robert Scheck 2022-08-09 09:03:49 UTC

As cheerfully answered by CEE/GSS, the commit shows meanwhile up as https://git.centos.org/rpms/haproxy/c/cecc5d35e963d24cebea4d536f76cbe30bda0828?branch=c8s - thank you! :)

Comment 25 Fedora Update System 2022-10-05 14:59:27 UTC

FEDORA-EPEL-2022-c55b6f81ff has been pushed to the Fedora EPEL 7 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 27 errata-xmlrpc 2022-11-08 09:51:38 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (haproxy bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:7625

Note You need to log in before you can comment on or make changes to this bug.