Environment variables in cfg

Hey guys,

I would like to ask one question, maybe I am doing something wrong, maybe I found some bug in HAProxy…

One problem is, that we are using version 1.8.12 and not the latest & greatest :slight_smile:

We are calling from SERVER1 thru SSH script thru SUDO on server where HAProxy is installed. But we have problem with ENV variables there.

What script is doing is following:
Take configuration from somewhere, check if configuration is OK (haproxy -c -V -f /path/to/configuration.cfg), then copy configuration to /etc/haproxy/haproxy.cfg and reload haproxy).

And finally to the problem :slight_smile:
When I put to the script echo "Hostname is HOSTNAME" it shows Hostname is myvalid.host.name (so env thru ssh and sudo works), but when script is checking configuration, then it says "[ALERT] 245/164838 (7634) : parsing [/path/to/configuration.cfg:69] : 'bind *:9101' : unable to load SSL certificate file '/etc/haproxy/ssl/.pem' file does not exist." because there is bind *:9101 ssl crt "/etc/haproxy/ssl/{HOSTNAME}.pem. So I find solution, where we can do like ssh user@SERVER1 “export HOSTNAME=$HOSTNAME; sudo /path/to/script.sh”, then check is OK, but reload is not OK… and its not OK even on the server when I do systemctl reload haproxy.service… so should this be hardcoded in systemd service and HAProxy is not taking global envs from system?

The haproxy behavior is straightforward, if the environment variable is there, it will use it and it will work fine.

Everything else is a question of systemd configuration and passing along the environment variable, where I’m not really able to provide support.

I suggest your read through some systemd docs and maybe you find the following links useful, but I don’t have a final solution for you:

Hi,

thanks for reply! But if my script sees HOSTNAME then why haproxy command dont see it? Even its called from same script and not thru systemd?

example:

#!/bin/bash
echo "Hostname is $HOSTNAME"
haproxy -c -V -f /path/to/configuration.cfg

output is like:

Hostname is valid.host.name
bind *:9101' : unable to load SSL certificate file '/etc/haproxy/ssl/.pem' file does not exist.

I can’t tell, I don’t know what your script does, and neither have I a clear picture what exactly you are doing.

What I can tell you is that the sudo command generally does not pass the environment variables along.

If log manually into your server, and you type:

export HOSTNAME=validhostnamehere
haproxy -c -V -f /path/to/configuration.cfg

Does it work? What exact output?

How does the configuration look like exactly?

When I run script thru SSH + SUDO so ssh -tt user@SERVER1 "sudo /path/to/script.sh":

Hostname is validhost.name
[ALERT] 245/223912 (3054) : parsing [/home/user/haproxy.cfg:69] : 'bind *:9101' : unable to load SSL certificate file '/etc/haproxy/ssl/.pem' file does not exist.

When I log as that user on server:

su - user
sudo /path/to/script.sh

then output is:

Hostname is validhost.name
Configuration file is valid

So locally its working, but thru SSH its not working. Problem is, that thru SSH and also locally its shows same hostname… so script knows about HOSTNAME variable, but haproxy dont.

Here are the lines from script:

echo "Hostname is $HOSTNAME"
eval "${HAPROXYCMD} ${CONFIG}"

and my configuration looks like this:

frontend metrics
    bind *:9101 ssl crt "/etc/haproxy/ssl/${HOSTNAME}.pem"

Put a eval "printenv HOSTNAME" in your script.

Hmm… locally it writes out hostname, but thru SSH it does not… but there is one funny thing actually. When I run script like this ssh -tt user@SERVER1 "export HOSTNAME=\$HOSTNAME; sudo /path/to/script.sh" then it show up HOSTNAME and also haproxy config check is OK… but what I dont understand is, why I need to export HOSTNAME into HOSTNAME again… it’s the same ENV variable

I assume one is a variable within the bash script, and the other is an environment variable. Two different things.

But I admit the situation is not entirely clear to me either.

It looks like HOSTNAME is only local variable and not environment. HOSTNAME variable is also not in IEEE (http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html). So HAProxy is not using bash for start most probably and it’s using something different which doesn’t have this variable by default as bash.