I’m upgrading the haproxy version to HAProxy version 2.4.22-f8e3218 using RHEL-9 servers. I’m facing to major errors while running the haproxy service
Starting frontend GLOBAL: error when trying to preserve previous UNIX socket (Permission denied) [/var/lib/haproxy/stats]
[/usr/sbin/haproxy.main()] Some protocols failed to start their listeners! Exiting.
I checked a few previous blogs and posts that mentioned that we should create the /var/lib/haproxy/stats file which I did but I’m not able to find the issue.
The global congif file is
global
chroot /var/lib/haproxy
cpu-map 1 0
cpu-map 2 1
cpu-map 3 2
cpu-map 4 3
daemon
group haproxy
log 127.0.0.1 local2
maxconn 4000
nbthread 4
pidfile /var/run/haproxy.pid
# Removed the ssl-default-cipher part and bind option part
stats socket /var/lib/haproxy/stats mode 600 level admin
user haproxy
what are the permissions on the stats file you create ? I don’t remember to manually create stats file. Did you try to start haproxy without this file ? Maybe the permission for /var/lib/haproxy/ folder are wrong.
What about the parent directory’s permissions? haproxy must be allowed to create a backup file *.bak, (which would be /var/lib/haproxy/stats.bak here) in order to preserve existing file socket in case it fails to properly start.
And here it fails to create stats.bak do so due to a permission error apparently as suggested by @rhada
Also, what type of filesystem is it? Local filesystem or network one?
I think I was able to reproduce the issue in a docker env. To be able to chroot the process, it need to be started as root.
In a docker, with your config, I’m unable to start haproxy if i start it with haproxy user. If i start it with root, it starts and switch to haproxy user once in chroot. So it’s definitly a permission issue.
Try to start it with root, user, then look for folder permission as @adarragon suggested.