OPNsense Forum
English Forums => General Discussion => Topic started by: 0xDEADC0DE on April 04, 2021, 10:40:02 am
-
I have configured some real server, backend pools, public services, conditions and rules.
If HAProxy is enabled, the "Save & Test syntax" is working.
If HAProxy is disabled, I get a lot of warnings.
HAProxy config contains critical errors
[NOTICE] 093/103813 (88702) : haproxy version is 2.2.11-c58c4e4
[ALERT] 093/103813 (88702) : parsing [/usr/local/etc/haproxy.conf.staging:9]: unknown keyword 'uid' out of section.
[ALERT] 093/103813 (88702) : parsing [/usr/local/etc/haproxy.conf.staging:10]: unknown keyword 'gid' out of section.
[ALERT] 093/103813 (88702) : parsing [/usr/local/etc/haproxy.conf.staging:11]: unknown keyword 'chroot' out of section.
[ALERT] 093/103813 (88702) : parsing [/usr/local/etc/haproxy.conf.staging:12]: unknown keyword 'daemon' out of section.
[ALERT] 093/103813 (88702) : parsing [/usr/local/etc/haproxy.conf.staging:13]: unknown keyword 'stats' out of section.
[ALERT] 093/103813 (88702) : parsing [/usr/local/etc/haproxy.conf.staging:14]: unknown keyword 'nbproc' out of section.
[ALERT] 093/103813 (88702) : parsing [/usr/local/etc/haproxy.conf.staging:15]: unknown keyword 'nbthread' out of section.
[ALERT] 093/103813 (88702) : parsing [/usr/local/etc/haproxy.conf.staging:16]: unknown keyword 'tune.ssl.default-dh-param' out of section.
[ALERT] 093/103813 (88702) : parsing [/usr/local/etc/haproxy.conf.staging:17]: unknown keyword 'spread-checks' out of section.
[ALERT] 093/103813 (88702) : parsing [/usr/local/etc/haproxy.conf.staging:18]: unknown keyword 'tune.chksize' out of section.
[ALERT] 093/103813 (88702) : parsing [/usr/local/etc/haproxy.conf.staging:19]: unknown keyword 'tune.bufsize' out of section.
[ALERT] 093/103813 (88702) : parsing [/usr/local/etc/haproxy.conf.staging:20]: unknown keyword 'tune.lua.maxmem' out of section.
[ALERT] 093/103813 (88702) : parsing [/usr/local/etc/haproxy.conf.staging:21]: unknown keyword 'log' out of section.
[ALERT] 093/103813 (88702) : Error(s) found in configuration file : /usr/local/etc/haproxy.conf.staging
[ALERT] 093/103813 (88702) : Fatal errors found in configuration.
This happens because the config is invalid when I disable HAProxy
#
# NOTE: HAProxy is currently DISABLED
#global
uid 80
gid 80
You can see that just global is commented.
Isn't there a better way to enable/disable HAProxy?
Doesn't sound like a good solution to need to enable HAProxy to test the syntax.
-
I noticed that too. See this thread that I created a week or so ago: https://forum.opnsense.org/index.php?topic=22304.msg105819#msg105819
I think there was a feature that was added wherein the HAProxy config file is renamed to *.staging.conf when the plugin is disabled. During the rename it also adds the comment which comments out the global keyword. I thought my config was wrong for quite a few hours before I realized that the haproxy.conf file was created only after enabling the service and I noticed it only after I ssh'ed into the firewall and was actively monitoring the changes in the filesystem with every change I made in the WebUI.
It is definitely not intuitive -- as initially I thought that Test Syntax would be a good way to make sure everything is correct before enabling the service and I kept hitting Test Syntax and it kept failing and I kept re-doing the configuration from scratch thrice.
Maybe you can create a CR/enhancement request to change the behavior such that Test Syntax would work even when the HAProxy service was disabled.
-
There is another error if you just press Save when HAProxy is disabled.
There is definitely something wrong.
-
That's definitely undesired behaviour and will be fixed in the upcoming os-haproxy 3.2:
https://github.com/opnsense/plugins/pull/2302/commits
Please report confirmed bugs or request changes/new features on GitHub:
https://github.com/opnsense/plugins/
I came here by chance, so we're lucky that this small bug is fixed in the next release :)
Regards
- Frank