Text only | Text with Images

OPNsense Forum

Archive => 24.1, 24.4 Legacy Series => Topic started by: Chrome on March 16, 2024, 08:28:59 PM

Title: HA Proxy - Startup Error
Post by: Chrome on March 16, 2024, 08:28:59 PM
Hi All,

I wanted to start playing around with HAProxy...but I can't get it to start. I haven't created anything yet.

When I enable the service and hit apply, I get this message:

The HAProxy service may not be able to start due to critical errors. Try anyway?


So, I try "Save & Test syntax" and get this error message:

[NOTICE] (78455) : haproxy version is 2.8.7-1a82cdf
[NOTICE] (78455) : path to executable is /usr/local/sbin/haproxy
[ALERT] (78455) : config : Proxy '<OCSP-UPDATE>': Can't find resolvers section 'default' for do-resolve action.
[ALERT] (78455) : config : Proxy '<HTTPCLIENT>': Can't find resolvers section 'default' for do-resolve action.
[ALERT] (78455) : config : Fatal errors found in configuration.

I may have played around the haproxy years ago... but there nothing in my current config... maybe something file/setting has hung around from years ago?

Googling doesn't seem to help me with this.

Any idea what is going on here?
Title: Re: HA Proxy - Startup Error
Post by: Chrome on March 17, 2024, 06:20:44 AM
I found some of these error messages in the OPNsense log:

cript action failed with Command '/usr/local/opnsense/scripts/OPNsense/HAProxy/syncCerts.py actions --output bootgrid --page-rows '10' --page '1' --search '' --sort-col '' --sort-dir ''' returned non-zero exit status 1. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/actions/script_output.py", line 44, in execute subprocess.check_call(script_command, env=self.config_environment, shell=True, File "/usr/local/lib/python3.9/subprocess.py", line 373, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '/usr/local/opnsense/scripts/OPNsense/HAProxy/syncCerts.py actions --output bootgrid --page-rows '10' --page '1' --search '' --sort-col '' --sort-dir ''' returned non-zero exit status 1.

cript action failed with Command '/usr/local/opnsense/scripts/OPNsense/HAProxy/socketCommand.py show-servers --output bootstrap --page-rows '10' --page '1' --search '' --sort-col '' --sort-dir ''' returned non-zero exit status 1. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/actions/script_output.py", line 44, in execute subprocess.check_call(script_command, env=self.config_environment, shell=True, File "/usr/local/lib/python3.9/subprocess.py", line 373, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '/usr/local/opnsense/scripts/OPNsense/HAProxy/socketCommand.py show-servers --output bootstrap --page-rows '10' --page '1' --search '' --sort-col '' --sort-dir ''' returned non-zero exit status 1.

Looks like I have some kind of python problem?
Title: Re: HA Proxy - Startup Error
Post by: Fright on March 17, 2024, 01:07:18 PM
Hi
can you share the config?
Title: Re: HA Proxy - Startup Error
Post by: Chrome on March 17, 2024, 03:53:36 PM
Sure... but there's not much to it.

#
# Automatically generated configuration.
# Do not edit this file manually.
#

#
# NOTE: HAProxy is currently DISABLED
#
global
    uid                         80
    gid                         80
    chroot                      /var/haproxy
    daemon
    stats                       socket /var/run/haproxy.socket group proxy mode 775 level admin
    nbthread                    1
    hard-stop-after             60s
    no strict-limits
    httpclient.resolvers.prefer   ipv4
    tune.ssl.default-dh-param   2048
    spread-checks               2
    tune.bufsize                16384
    tune.lua.maxmem             0
    log                         /var/run/log local0 info
    lua-prepend-path            /tmp/haproxy/lua/?.lua

defaults
    log     global
    option redispatch -1
    timeout client 30s
    timeout connect 30s
    timeout server 30s
    retries 3
    default-server init-addr last,libc

# autogenerated entries for ACLs


# autogenerated entries for config in backends/frontends

# autogenerated entries for stats






# statistics are DISABLED
Title: Re: HA Proxy - Startup Error
Post by: Chrome on March 17, 2024, 03:57:35 PM
I did notice that if I try to execute the commands from the CLI, I get these messages:

/usr/local/opnsense/scripts/OPNsense/HAProxy/syncCerts.py actions --output bootgrid --page-rows '10' --page '1' --search '' --sort-col '' --sort-dir ''
Traceback (most recent call last):
  File "/usr/local/opnsense/scripts/OPNsense/HAProxy/syncCerts.py", line 723, in <module>
    diff = Diff(crt_lists=crt_lists, **vars(args))
  File "/usr/local/opnsense/scripts/OPNsense/HAProxy/syncCerts.py", line 49, in __init__
    self._transactions = self._get_transactions()
  File "/usr/local/opnsense/scripts/OPNsense/HAProxy/syncCerts.py", line 142, in _get_transactions
    return self._execute_remote_cmd(cmds.showSslCerts)['transaction']
  File "/usr/local/opnsense/scripts/OPNsense/HAProxy/syncCerts.py", line 23, in _execute_remote_cmd
    con = HaPConn(self.socket)
  File "/usr/local/lib/python3.9/site-packages/haproxy/conn.py", line 51, in __init__
    self.open()
  File "/usr/local/lib/python3.9/site-packages/haproxy/conn.py", line 60, in open
    self.sock.connect(sfile)
FileNotFoundError: [Errno 2] No such file or directory
Title: Re: HA Proxy - Startup Error
Post by: Chrome on March 17, 2024, 03:58:29 PM
/usr/local/opnsense/scripts/OPNsense/HAProxy/socketCommand.py show-servers --output bootstrap --page-rows '10' --page '1' --search '' --sort-col '' --sort-dir ''
While talking to /var/run/haproxy.socket: [Errno 2] No such file or directory
Traceback (most recent call last):
  File "/usr/local/opnsense/scripts/OPNsense/HAProxy/socketCommand.py", line 146, in <module>
    con = HaPConn(SOCKET)
  File "/usr/local/lib/python3.9/site-packages/haproxy/conn.py", line 51, in __init__
    self.open()
  File "/usr/local/lib/python3.9/site-packages/haproxy/conn.py", line 60, in open
    self.sock.connect(sfile)
FileNotFoundError: [Errno 2] No such file or directory

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/opnsense/scripts/OPNsense/HAProxy/socketCommand.py", line 156, in <module>
    if args['debug']:
TypeError: 'Namespace' object is not subscriptable
Title: Re: HA Proxy - Startup Error
Post by: Fright on March 17, 2024, 04:07:12 PM
syncCerts.py and socketCommand.py errors are not the cause, but a consequence of the HAProxy does not work (and it is not possible to establish a control connection)
can you try to make some config of real/backend servers and apply it?
Title: Re: HA Proxy - Startup Error
Post by: Chrome on March 17, 2024, 04:08:09 PM
It appears that I am missing the

haproxy.socket

in /var/run. I guess its not being created? for some reason.
Title: Re: HA Proxy - Startup Error
Post by: Chrome on March 17, 2024, 04:11:20 PM
Quote from: Fright on March 17, 2024, 04:07:12 PM
syncCerts.py and socketCommand.py errors are not the cause, but a consequence of the HAProxy does not work (and it is not possible to establish a control connection)
can you try to make some config of real/backend servers and apply it?

I added some quick info to the real server section and when I applied it, I get this error messages:

The HAProxy service may not be able to start due to critical errors. Run syntax check for further details or review the changes in the Configuration Diff.

Title: Re: HA Proxy - Startup Error
Post by: Fright on March 17, 2024, 04:12:46 PM
can you share the Config Diff?
Title: Re: HA Proxy - Startup Error
Post by: Chrome on March 17, 2024, 04:15:24 PM
Quote from: Fright on March 17, 2024, 04:12:46 PM
can you share the Config Diff?

Sure:

-- /usr/local/etc/haproxy.conf   2024-03-16 19:02:46.607322000 -0400
+++ /usr/local/etc/haproxy.conf.staging   2024-03-17 11:10:00.222676000 -0400
@@ -3,6 +3,9 @@
# Do not edit this file manually.
#

+#
+# NOTE: HAProxy is currently DISABLED
+#
global
     uid                         80
     gid                         80


Title: Re: HA Proxy - Startup Error
Post by: Fright on March 17, 2024, 08:10:44 PM
I'll assume that you didn't specify the DNS server addresses at SYSTEM: SETTINGS: GENERAL ->Networking
Title: Re: HA Proxy - Startup Error
Post by: Chrome on March 17, 2024, 08:34:58 PM
Quote from: Fright on March 17, 2024, 08:10:44 PM
I'll assume that you didn't specify the DNS server addresses at SYSTEM: SETTINGS: GENERAL ->Networking

That's correct. It's empty.
Title: Re: HA Proxy - Startup Error
Post by: Chrome on March 17, 2024, 08:40:36 PM
@Fright You nailed it! Once I added a DNS (1.1.1.1) to the SYSTEM: SETTINGS: GENERAL -> Networking section, HA Proxy was happy and started nicely.

I remember taking that out... because it broke something else.

I'll leave it in for now and see how it goes.

Thanks so much for your help!
Title: Re: HA Proxy - Startup Error
Post by: Fright on March 17, 2024, 08:47:18 PM
glad it worked )
The internal httpclient library needs resolvers to work.
By default, HAProxy tries to compile a "default" list of resolvers based on the resolv.conf file, which in your case does did not contain addresses.
It seems that at the moment the plugin does not allow to specify resolvers for the httpclient by ID
(so you will either have to use the system ones or make a request at Github)
Title: Re: HA Proxy - Startup Error
Post by: asychev on July 25, 2024, 07:41:46 PM
Quote from: Fright on March 17, 2024, 08:10:44 PM
I'll assume that you didn't specify the DNS server addresses at SYSTEM: SETTINGS: GENERAL ->Networking

But this is the case when DNS-over-TLS is used, isn't it?
So it means Haproxy + Unbound DoT is not compatible setup?
Title: Re: HA Proxy - Startup Error
Post by: cookiemonster on August 06, 2024, 05:28:13 PM
I knew I had seen this and made a mental note for when I updated the firewall.
I have today and got this same problem. I don't have a value in for DNS servers in System > General > Networking. This is my preference, as I am using a path of Unbound > DoT for all clients and system too.
I'll put a request in github.
Text only | Text with Images