I would like to ask one question, maybe I am doing something wrong, maybe I found some bug in HAProxy…
One problem is, that we are using version 1.8.12 and not the latest & greatest
We are calling from SERVER1 thru SSH script thru SUDO on server where HAProxy is installed. But we have problem with ENV variables there.
What script is doing is following:
Take configuration from somewhere, check if configuration is OK (haproxy -c -V -f /path/to/configuration.cfg), then copy configuration to /etc/haproxy/haproxy.cfg and reload haproxy).
And finally to the problem
When I put to the script echo "Hostname is HOSTNAME" it shows Hostname is myvalid.host.name (so env thru ssh and sudo works), but when script is checking configuration, then it says "[ALERT] 245/164838 (7634) : parsing [/path/to/configuration.cfg:69] : 'bind *:9101' : unable to load SSL certificate file '/etc/haproxy/ssl/.pem' file does not exist." because there is bind *:9101 ssl crt "/etc/haproxy/ssl/{HOSTNAME}.pem. So I find solution, where we can do like ssh user@SERVER1 “export HOSTNAME=$HOSTNAME; sudo /path/to/script.sh”, then check is OK, but reload is not OK… and its not OK even on the server when I do systemctl reload haproxy.service… so should this be hardcoded in systemd service and HAProxy is not taking global envs from system?
When I run script thru SSH + SUDO so ssh -tt user@SERVER1 "sudo /path/to/script.sh":
Hostname is validhost.name
[ALERT] 245/223912 (3054) : parsing [/home/user/haproxy.cfg:69] : 'bind *:9101' : unable to load SSL certificate file '/etc/haproxy/ssl/.pem' file does not exist.
When I log as that user on server:
su - user
sudo /path/to/script.sh
then output is:
Hostname is validhost.name
Configuration file is valid
So locally its working, but thru SSH its not working. Problem is, that thru SSH and also locally its shows same hostname… so script knows about HOSTNAME variable, but haproxy dont.
Here are the lines from script:
echo "Hostname is $HOSTNAME"
eval "${HAPROXYCMD} ${CONFIG}"
Hmm… locally it writes out hostname, but thru SSH it does not… but there is one funny thing actually. When I run script like this ssh -tt user@SERVER1 "export HOSTNAME=\$HOSTNAME; sudo /path/to/script.sh" then it show up HOSTNAME and also haproxy config check is OK… but what I dont understand is, why I need to export HOSTNAME into HOSTNAME again… it’s the same ENV variable
It looks like HOSTNAME is only local variable and not environment. HOSTNAME variable is also not in IEEE (http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html). So HAProxy is not using bash for start most probably and it’s using something different which doesn’t have this variable by default as bash.