Haproxy fails to restart - haproxy

We are facing an issue to start the haproxy we installed.
We are using ubuntu 16.04 and the version installed is:
HA-Proxy version 1.6.3 2015/12/25
Copyright 2000-2015 Willy Tarreau
The folder /run/haproxy is created
Everything is dowloaded correctly.
Its uninstalled, and then installed with the same errors, so we desperatly seek help.
This is the folder /etc/default/haproxy
# Defaults file for HAProxy
#
# This is sourced by both, the initscript and the systemd unit file, so do not
# treat it as a shell script fragment.
# Change the config file location if needed
#CONFIG="/etc/haproxy/haproxy.cfg"
ENABLED=1
# Add extra flags here, see haproxy(1) for a few options
#EXTRAOPTS="-de -m 16"
Here is /etc/haproxy/haproxy.cfg
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DE$
ssl-default-bind-options no-sslv3
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend myfrontend
bind *:80
mode http
default_backend mybackend
backend mybackend
mode http
balance roundrobin
option httpchkHEAD / HTTP/1.1\r\nHost:\localhost
server web1 10.10.2.110:80 check weight 10
server web2 10.10.2.111:80 check weight 20
server web3 10.10.2.112:80 check weight 30
Here is the error message:
● haproxy.service - HAProxy Load Balancer
Loaded: loaded (/lib/systemd/system/haproxy.service; enabled; vendor preset: enabled)
Active: inactive (dead) (Result: exit-code) since Thu 2018-04-19 14:35:21 UTC; 5s ago
Docs: man:haproxy(1)
file:/usr/share/doc/haproxy/configuration.txt.gz
Process: 29395 ExecStartPre=/usr/sbin/haproxy -f ${CONFIG} -c -q (code=exited, status=1/FAILURE)
Main PID: 28467 (code=exited, status=0/SUCCESS)
Apr 19 14:35:20 dats42-lb systemd[1]: Failed to start HAProxy Load Balancer.
Apr 19 14:35:20 dats42-lb systemd[1]: haproxy.service: Unit entered failed state.
Apr 19 14:35:20 dats42-lb systemd[1]: haproxy.service: Failed with result 'exit-code'.
Apr 19 14:35:21 dats42-lb systemd[1]: haproxy.service: Service hold-off time over, scheduling restart.
Apr 19 14:35:21 dats42-lb systemd[1]: Stopped HAProxy Load Balancer.
Apr 19 14:35:21 dats42-lb systemd[1]: haproxy.service: Start request repeated too quickly.
Apr 19 14:35:21 dats42-lb systemd[1]: Failed to start HAProxy Load Balancer.
Anyone who can help? :)

in your /etc/haproxy/haproxy.cfg file under the global section, there is this entry - stats socket /run/haproxy/admin.sock mode 660 level admin
check if admin.sock file is getting created. also check if there is the directory path existing for that file to be created.

Related

connect to TDengine via restful, but the port is not monitored

When I try to connect TDengine via its restful API but its 6041 port is not monitored.
Following is more detail info.
systemctl status taosd
● taosd.service - TDengine server service
Loaded: loaded (/etc/systemd/system/taosd.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2021-10-20 15:08:33 CST; 48min ago
Process: 16246 ExecStartPre=/usr/local/taos/bin/startPre.sh (code=exited, status=0/SUCCESS)
Main PID: 16257 (taosd)
Tasks: 57
Memory: 30.1M
CGroup: /system.slice/taosd.service
└─16257 /usr/bin/taosd
Oct 20 15:08:33 ecs-29b3 systemd[1]: Starting TDengine server service...
Oct 20 15:08:33 ecs-29b3 systemd[1]: Started TDengine server service.
Oct 20 15:08:33 ecs-29b3 TDengine:[16257]: Starting TDengine service...
Oct 20 15:08:33 ecs-29b3 TDengine:[16257]: Started TDengine service successfully.
netstat -antp|grep 6030
tcp 0 0 0.0.0.0:6030 0.0.0.0:* LISTEN 16257/taosd
netstat -antp|grep 6041
Any suggestion?
you can check whether taosadapter is running with ps -e | grep taosadapter, If there is no taosadapter running, you should start it.

Trying to get HaProxy to log specific HTTP headers to custom file

I'm using HaProxy as a reverse proxy and load balancer for three servers. Each of these servers uses Basic Authentication to control access to them and HaProxy shares the load across them via a round-robin method.
I'd like to log the IP address, user agent, request URL and Basic Authentication username for each request that HaProxy handles and to log this to a custom file so that another script can check periodically to ensure that credentials are not be shared by my users.
It looks like this possible to do but I cannot work out how to do it.
Here's what I've added to my haproxy.cfg file in my frontend section:
# Log name of server
capture request header Host len 500
# Capture request user agent
capture request header User-Agent len 64
# Capture authorization details
capture request header Authorization len 64
log-format "%ci:%cp [%t] %H %HP %hr %hrl"
When I include this in my haproxy.cfg file I and restart the service HaProxy fails to start. Looking in 'systemctl status haproxy.service' results in:
haproxy.service - HAProxy Load Balancer
Loaded: loaded (/lib/systemd/system/haproxy.service; enabled)
Active: failed (Result: start-limit) since Mon 2018-06-18 13:09:04 BST; 18s ago
Docs: man:haproxy(1)
file:/usr/share/doc/haproxy/configuration.txt.gz
Process: 25529 ExecReload=/bin/kill -USR2 $MAINPID (code=exited, status=0/SUCCESS)
Process: 25527 ExecReload=/usr/sbin/haproxy -c -f ${CONFIG} (code=exited, status=0/SUCCESS)
Process: 9883 ExecStart=/usr/sbin/haproxy-systemd-wrapper -f ${CONFIG} -p /run/haproxy.pid $EXTRAOPTS (code=exited, status=0/SUCCESS)
Process: 10644 ExecStartPre=/usr/sbin/haproxy -f ${CONFIG} -c -q (code=exited, status=1/FAILURE)
Main PID: 9883 (code=exited, status=0/SUCCESS)
Jun 18 13:09:04 host systemd[1]: Failed to start HAProxy Load Balancer.
Jun 18 13:09:04 host systemd[1]: Unit haproxy.service entered failed state.
Jun 18 13:09:04 host systemd[1]: haproxy.service holdoff time over, scheduling restart.
Jun 18 13:09:04 host systemd[1]: Stopping HAProxy Load Balancer...
Jun 18 13:09:04 host systemd[1]: Starting HAProxy Load Balancer...
Jun 18 13:09:04 host systemd[1]: haproxy.service start request repeated too quickly, refusing to start.
Jun 18 13:09:04 host systemd[1]: Failed to start HAProxy Load Balancer.
Jun 18 13:09:04 host systemd[1]: Unit haproxy.service entered failed state.
What am I doing wrong ?
I'm new to HAproxy. I have turned on basicauth on backend server and I wanted to see in HAprogxy log who is making requests.
I have done it like this:on backend part, I have set varible txn.user:
http-request set-var(txn.user) http_auth_group(myuserlist)
Of course you need to have myuserlist, but this is easy.
In fronted I have added this variable (%[var(txn.user)]) to my custom log:
log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r [%[var(txn.user)]]"
I can now see IP address, user agent, request URL and HAProxy basic authentication username.
Just for fun (since I'm using basic http server busybox, 20k in size):
on backend I have added:
http-response set-header Set-Cookie user=%[var(txn.user)];path=/;SameSite=strict;Secure
and inside html I read this cookie with javascript and show on page who is loged in :)
Haproxy only knows how to log to a syslog socket / daemon.
You will need to tag (with the log-tag directive, probably on a backend) your logs, and configure your syslog daemon to log to a file the entries matching the previsouly defined tag.

HAProxy not running stats socket

I installed haproxy from aur in Arch Linux and modified the config file a bit:
global
maxconn 20000
log 127.0.0.1 local0
user haproxy
stats socket /run/haproxy/haproxy.sock mode 660 level admin
stats timeout 30s
chroot /usr/share/haproxy
pidfile /run/haproxy.pid
daemon
defaults
mode http
stats enable
stats uri /stats
stats realm Haproxy\ Statistics
frontend www-http
bind 127.0.0.1:80
default_backend www-backend
backend www-backend
mode http
balance roundrobin
timeout connect 5s
timeout server 30s
timeout queue 30s
server app1 127.0.0.1:5001 check
server app2 127.0.0.1:5002 check
I have made sure that the directory /run/haproxy exists and has permissions for the user haproxy to write to it:
ツ ls -al /run/haproxy
total 0
drwxr-xr-x 2 haproxy root 40 May 13 21:37 .
drwxr-xr-x 27 root root 720 May 13 22:00 ..
When I launch haproxy using systemctl start haproxy.service, it loads fine. I can even go to the /stats page and view stats, however, socat reports the following error:
ツ sudo socat unix-connect:/run/haproxy/haproxy.sock stdio
2016/05/13 22:04:11 socat[24202] E connect(5, AF=1 "/run/haproxy/haproxy.sock", 27): No such file or directory
I am at wits end and not able to understand what is happening. This is what I get from journalctl -xe:
May 13 21:56:31 rohanarch.local systemd[1]: Starting HAProxy Load Balancer...
May 13 21:56:31 rohanarch.local systemd[1]: Started HAProxy Load Balancer.
May 13 21:56:31 rohanarch.local haproxy-systemd-wrapper[20454]: haproxy-systemd-wrapper: executing /usr/bin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds
May 13 21:56:31 rohanarch.local haproxy-systemd-wrapper[20454]: [WARNING] 133/215631 (20456) : config : missing timeouts for frontend 'www-http'.
May 13 21:56:31 rohanarch.local haproxy-systemd-wrapper[20454]: | While not properly invalid, you will certainly encounter various problems
May 13 21:56:31 rohanarch.local haproxy-systemd-wrapper[20454]: | with such a configuration. To fix this, please ensure that all following
May 13 21:56:31 rohanarch.local haproxy-systemd-wrapper[20454]: | timeouts are set to a non-zero value: 'client', 'connect', 'server'.
Basically, no errors/warnings or not even so much as an indication about the stats socket. Others who have faced a problem with the stats socket fail to get haproxy started. In my case, it starts up fine, but the socket just isn't creating.
You need to manually create the directory yourself. Please ensure
/run/haproxy exists. If it doesn't, then first create it with:
sudo mkdir /run/haproxy
This should resolve your issue.
try to make selinux permissive with the command belowe and restart HAproxy service.
selinux command

centos 7 with Digital ocean vps httpd.service failier

im try to install phpmyadmin on centos 7 with digitalocean droplet.i edited allow IP to dynamic any IP.but when i try to restart the service,i got this message.
[root#centos-512mb-nyc2-01 /]# sudo systemctl restart httpd.service
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
here is the result after run systemctl status httpd.service
[root#centos /]# systemctl status httpd.service
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Tue 2016-04-26 04:47:31 EDT; 1min 50s ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 2633 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
Process: 2632 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 2632 (code=exited, status=1/FAILURE)
Apr 26 04:47:31 centos-512mb-nyc2-01 systemd[1]: Starting The Apache HTTP Server...
Apr 26 04:47:31 centos-512mb-nyc2-01 httpd[2632]: AH00526: Syntax error on line 1 of /etc/httpd/conf.d/phpMyAdmin.conf:
Apr 26 04:47:31 centos-512mb-nyc2-01 httpd[2632]: allow not allowed here
Apr 26 04:47:31 centos-512mb-nyc2-01 systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Apr 26 04:47:31 centos-512mb-nyc2-01 kill[2633]: kill: cannot find process ""
Apr 26 04:47:31 centos-512mb-nyc2-01 systemd[1]: httpd.service: control process exited, code=exited status=1
Apr 26 04:47:31 centos-512mb-nyc2-01 systemd[1]: Failed to start The Apache HTTP Server.
Apr 26 04:47:31 centos-512mb-nyc2-01 systemd[1]: Unit httpd.service entered failed state.
Apr 26 04:47:31 centos-512mb-nyc2-01 systemd[1]: httpd.service failed.
here is my http file
Allow from# phpMyAdmin - Web based MySQL browser written in php
#
# Allows only localhost by default
#
# But allowing phpMyAdmin to anyone other than localhost should be considered
# dangerous unless properly secured by SSL
Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin
<Directory /usr/share/phpMyAdmin/>
AddDefaultCharset UTF-8
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
#Require ip 127.0.0.1
Require all granted
#Require ip ::1
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
<Directory /usr/share/phpMyAdmin/setup/>
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Why don't you use the one click Application Image that Digital Ocean offers?
You can get the full tutorial here

Changing port of OpenLdap on Centos installed with yum

I am trying to change the default port of openldap (not so experienced with openldap so I might be doing something incorrectly).
Currently I am installing it through yum package manager on CentOS 7.1.1503 as follows :
yum install openldap-servers
After installing 'openldap-servers' I can start the openldap server by invoking service slapd start
however when I try to change the port by editing /etc/sysconfig/slapd for instance by changing SLAPD_URLS to the following :
# OpenLDAP server configuration
# see 'man slapd' for additional information
# Where the server will run (-h option)
# - ldapi:/// is required for on-the-fly configuration using client tools
# (use SASL with EXTERNAL mechanism for authentication)
# - default: ldapi:/// ldap:///
# - example: ldapi:/// ldap://127.0.0.1/ ldap://10.0.0.1:1389/ ldaps:///
SLAPD_URLS="ldapi:/// ldap://127.0.0.1:3421/"
# Any custom options
#SLAPD_OPTIONS=""
# Keytab location for GSSAPI Kerberos authentication
#KRB5_KTNAME="FILE:/etc/openldap/ldap.keytab"
(see SLAPD_URLS="ldapi:/// ldap://127.0.0.1:3421/" )..
it is failing to start
service slapd start
Redirecting to /bin/systemctl start slapd.service
Job for slapd.service failed. See 'systemctl status slapd.service' and 'journalctl -xn' for details.
service slapd status
Redirecting to /bin/systemctl status slapd.service
slapd.service - OpenLDAP Server Daemon
Loaded: loaded (/usr/lib/systemd/system/slapd.service; disabled)
Active: failed (Result: exit-code) since Fri 2015-07-31 07:49:06 EDT; 10s ago
Docs: man:slapd
man:slapd-config
man:slapd-hdb
man:slapd-mdb
file:///usr/share/doc/openldap-servers/guide.html
Process: 41704 ExecStart=/usr/sbin/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS (code=exited, status=1/FAILURE)
Process: 41675 ExecStartPre=/usr/libexec/openldap/check-config.sh (code=exited, status=0/SUCCESS)
Main PID: 34363 (code=exited, status=0/SUCCESS)
Jul 31 07:49:06 osboxes runuser[41691]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
Jul 31 07:49:06 osboxes runuser[41693]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
Jul 31 07:49:06 osboxes runuser[41695]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
Jul 31 07:49:06 osboxes runuser[41697]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
Jul 31 07:49:06 osboxes runuser[41699]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
Jul 31 07:49:06 osboxes runuser[41701]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
Jul 31 07:49:06 osboxes slapd[41704]: #(#) $OpenLDAP: slapd 2.4.39 (Mar 6 2015 04:35:49) $
mockbuild#worker1.bsys.centos.org:/builddir/build/BUILD/openldap-2.4.39/openldap-2.4.39/servers/slapd
Jul 31 07:49:06 osboxes systemd[1]: slapd.service: control process exited, code=exited status=1
Jul 31 07:49:06 osboxes systemd[1]: Failed to start OpenLDAP Server Daemon.
Jul 31 07:49:06 osboxes systemd[1]: Unit slapd.service entered failed state.
ps I also disabled firewalld
the solution was provided when I ran journalctl -xn which basically says:
SELinux is preventing /usr/sbin/slapd from name_bind access on the tcp_socket port 9312.
***** Plugin bind_ports (92.2 confidence) suggests ************************
If you want to allow /usr/sbin/slapd to bind to network port 9312
Then you need to modify the port type.
Do
# semanage port -a -t ldap_port_t -p tcp 9312
***** Plugin catchall_boolean (7.83 confidence) suggests ******************
If you want to allow nis to enabled
Then you must tell SELinux about this by enabling the 'nis_enabled' boolean.
You can read 'None' man page for more details.
Do
setsebool -P nis_enabled 1
***** Plugin catchall (1.41 confidence) suggests **************************
If you believe that slapd should be allowed name_bind access on the port 9312 tcp_socket by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep slapd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp