OPNsense Forum
English Forums => 24.1 Production Series => Topic started by: Chrome on March 16, 2024, 08:28:59 pm
-
Hi All,
I wanted to start playing around with HAProxy...but I can't get it to start. I haven't created anything yet.
When I enable the service and hit apply, I get this message:
The HAProxy service may not be able to start due to critical errors. Try anyway?
So, I try "Save & Test syntax" and get this error message:
[NOTICE] (78455) : haproxy version is 2.8.7-1a82cdf
[NOTICE] (78455) : path to executable is /usr/local/sbin/haproxy
[ALERT] (78455) : config : Proxy '<OCSP-UPDATE>': Can't find resolvers section 'default' for do-resolve action.
[ALERT] (78455) : config : Proxy '<HTTPCLIENT>': Can't find resolvers section 'default' for do-resolve action.
[ALERT] (78455) : config : Fatal errors found in configuration.
I may have played around the haproxy years ago... but there nothing in my current config... maybe something file/setting has hung around from years ago?
Googling doesn't seem to help me with this.
Any idea what is going on here?
-
I found some of these error messages in the OPNsense log:
cript action failed with Command '/usr/local/opnsense/scripts/OPNsense/HAProxy/syncCerts.py actions --output bootgrid --page-rows '10' --page '1' --search '' --sort-col '' --sort-dir ''' returned non-zero exit status 1. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/actions/script_output.py", line 44, in execute subprocess.check_call(script_command, env=self.config_environment, shell=True, File "/usr/local/lib/python3.9/subprocess.py", line 373, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '/usr/local/opnsense/scripts/OPNsense/HAProxy/syncCerts.py actions --output bootgrid --page-rows '10' --page '1' --search '' --sort-col '' --sort-dir ''' returned non-zero exit status 1.
cript action failed with Command '/usr/local/opnsense/scripts/OPNsense/HAProxy/socketCommand.py show-servers --output bootstrap --page-rows '10' --page '1' --search '' --sort-col '' --sort-dir ''' returned non-zero exit status 1. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/actions/script_output.py", line 44, in execute subprocess.check_call(script_command, env=self.config_environment, shell=True, File "/usr/local/lib/python3.9/subprocess.py", line 373, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '/usr/local/opnsense/scripts/OPNsense/HAProxy/socketCommand.py show-servers --output bootstrap --page-rows '10' --page '1' --search '' --sort-col '' --sort-dir ''' returned non-zero exit status 1.
Looks like I have some kind of python problem?
-
Hi
can you share the config?
-
Sure... but there's not much to it.
#
# Automatically generated configuration.
# Do not edit this file manually.
#
#
# NOTE: HAProxy is currently DISABLED
#
global
uid 80
gid 80
chroot /var/haproxy
daemon
stats socket /var/run/haproxy.socket group proxy mode 775 level admin
nbthread 1
hard-stop-after 60s
no strict-limits
httpclient.resolvers.prefer ipv4
tune.ssl.default-dh-param 2048
spread-checks 2
tune.bufsize 16384
tune.lua.maxmem 0
log /var/run/log local0 info
lua-prepend-path /tmp/haproxy/lua/?.lua
defaults
log global
option redispatch -1
timeout client 30s
timeout connect 30s
timeout server 30s
retries 3
default-server init-addr last,libc
# autogenerated entries for ACLs
# autogenerated entries for config in backends/frontends
# autogenerated entries for stats
# statistics are DISABLED
-
I did notice that if I try to execute the commands from the CLI, I get these messages:
/usr/local/opnsense/scripts/OPNsense/HAProxy/syncCerts.py actions --output bootgrid --page-rows '10' --page '1' --search '' --sort-col '' --sort-dir ''
Traceback (most recent call last):
File "/usr/local/opnsense/scripts/OPNsense/HAProxy/syncCerts.py", line 723, in <module>
diff = Diff(crt_lists=crt_lists, **vars(args))
File "/usr/local/opnsense/scripts/OPNsense/HAProxy/syncCerts.py", line 49, in __init__
self._transactions = self._get_transactions()
File "/usr/local/opnsense/scripts/OPNsense/HAProxy/syncCerts.py", line 142, in _get_transactions
return self._execute_remote_cmd(cmds.showSslCerts)['transaction']
File "/usr/local/opnsense/scripts/OPNsense/HAProxy/syncCerts.py", line 23, in _execute_remote_cmd
con = HaPConn(self.socket)
File "/usr/local/lib/python3.9/site-packages/haproxy/conn.py", line 51, in __init__
self.open()
File "/usr/local/lib/python3.9/site-packages/haproxy/conn.py", line 60, in open
self.sock.connect(sfile)
FileNotFoundError: [Errno 2] No such file or directory
-
/usr/local/opnsense/scripts/OPNsense/HAProxy/socketCommand.py show-servers --output bootstrap --page-rows '10' --page '1' --search '' --sort-col '' --sort-dir ''
While talking to /var/run/haproxy.socket: [Errno 2] No such file or directory
Traceback (most recent call last):
File "/usr/local/opnsense/scripts/OPNsense/HAProxy/socketCommand.py", line 146, in <module>
con = HaPConn(SOCKET)
File "/usr/local/lib/python3.9/site-packages/haproxy/conn.py", line 51, in __init__
self.open()
File "/usr/local/lib/python3.9/site-packages/haproxy/conn.py", line 60, in open
self.sock.connect(sfile)
FileNotFoundError: [Errno 2] No such file or directory
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/opnsense/scripts/OPNsense/HAProxy/socketCommand.py", line 156, in <module>
if args['debug']:
TypeError: 'Namespace' object is not subscriptable
-
syncCerts.py and socketCommand.py errors are not the cause, but a consequence of the HAProxy does not work (and it is not possible to establish a control connection)
can you try to make some config of real/backend servers and apply it?
-
It appears that I am missing the
haproxy.socket
in /var/run. I guess its not being created? for some reason.
-
syncCerts.py and socketCommand.py errors are not the cause, but a consequence of the HAProxy does not work (and it is not possible to establish a control connection)
can you try to make some config of real/backend servers and apply it?
I added some quick info to the real server section and when I applied it, I get this error messages:
The HAProxy service may not be able to start due to critical errors. Run syntax check for further details or review the changes in the Configuration Diff.
-
can you share the Config Diff?
-
can you share the Config Diff?
Sure:
-- /usr/local/etc/haproxy.conf 2024-03-16 19:02:46.607322000 -0400
+++ /usr/local/etc/haproxy.conf.staging 2024-03-17 11:10:00.222676000 -0400
@@ -3,6 +3,9 @@
# Do not edit this file manually.
#
+#
+# NOTE: HAProxy is currently DISABLED
+#
global
uid 80
gid 80
-
I’ll assume that you didn’t specify the DNS server addresses at SYSTEM: SETTINGS: GENERAL ->Networking
-
I’ll assume that you didn’t specify the DNS server addresses at SYSTEM: SETTINGS: GENERAL ->Networking
That's correct. It's empty.
-
@Fright You nailed it! Once I added a DNS (1.1.1.1) to the SYSTEM: SETTINGS: GENERAL -> Networking section, HA Proxy was happy and started nicely.
I remember taking that out... because it broke something else.
I'll leave it in for now and see how it goes.
Thanks so much for your help!
-
glad it worked )
The internal httpclient library needs resolvers to work.
By default, HAProxy tries to compile a "default" list of resolvers based on the resolv.conf file, which in your case does did not contain addresses.
It seems that at the moment the plugin does not allow to specify resolvers for the httpclient by ID
(so you will either have to use the system ones or make a request at Github)