Skip to content

Port does not change when reloading config with server-state-file and server-template #2103

Closed as not planned
Closed as not planned
Port does not change when reloading config with server-state-file and server-template#2103
Labels
status: works as designedThis issue stems from a misunderstanding of how HAProxy is supposed to work.type: bugThis issue describes a bug.
@Delliran

Description

@Delliran
Delliran
opened on Apr 5, 2023

Detailed Description of the Problem

You save server-state-file:
echo 'show servers state' | socat stdio /path/to/socket > /your/state/file

Then change in backend section port of server-template, for example
from:
server-template you-best-servers 1-10 my.best.servers.com:8000
to :
server-template you-best-servers 1-10 my.best.servers.com:8001

Then reload or restart haproxy with enabled option server-state-file /your/state/file, port remains sthe ame as it was in "server-state-file" until you modify this file manually and change port in it(or delete file)

Expected Behavior

After modifying port in server-template in config of haproxy, haproxy loads it not from server-state file, but from config file

Steps to Reproduce the Behavior

  1. Enable server-state-file in global section
  2. Save server state to location from config
  3. Change port in server-template to any other
  4. Reload or restart haproxy
  5. Check in socket that port doest not changed

Do you have any idea what may have caused this?

No response

Do you have an idea how to solve the issue?

No response

What is your configuration?

global
    daemon
    user  haproxy
    group  haproxy
    chroot /var/lib/haproxy
    log /log local0
    stats  socket /var/lib/haproxy/stats mode 660 level admin expose-fd listeners
    pidfile  /var/run/haproxy.pid
    server-state-file /var/lib/haproxy/state
    tune.bufsize  131072
    #tune.maxrewrite  1024
    spread-checks  3
    tune.ssl.default-dh-param  2048
    tune.ssl.cachesize 1000000
    mworker-max-reloads 30
    ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
    ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
    ssl-default-server-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
    ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
    maxconn 400000
    h1-case-adjust x-subject-token X-Subject-Token


defaults
    log global
    mode  http
    option  redispatch
    option  http-server-close
    option  splice-auto
    option log-health-checks
    retries  3
    timeout  http-request 30s
    timeout  queue 1m
    timeout  connect 10s
    timeout  client 2m
    timeout  server 2m
    timeout  check 10s
    load-server-state-from-file global

frontend https
  bind 127.0.0.1:443 ssl crt /etc/haproxy/ssl/ alpn h2,http/1.1
  mode  http
  option  httpchk
  option  http-server-close
  option  httplog
  option  redispatch
  timeout  client 180s
  timeout  server 180s
  timeout  http-request 10s
  
  capture request header x-req-id len 16
  capture request header Host len 32
  capture request header Referer len 128

  default_backend myhost



resolvers myresolvers
  nameserver dns1 127.0.0.1:53
  resolve_retries       500000
  timeout resolve       1s
  timeout retry         1s
  hold other           2s
  hold refused         2s
  hold nx              2s
  hold timeout         2s
  hold valid           2s
  hold obsolete        2s

backend myhost
  server-template you-best-servers 1-10 my.best.servers.com:8001 check inter 2s fastinter 1s downinter 1s resolvers myresolvers init-addr none

Output of haproxy -vv

HAProxy version 2.6.2-16a3646 2022/07/22 - https://haproxy.org/
Status: long-term supported branch - will stop receiving fixes around Q2 2027.
Known bugs: http://www.haproxy.org/bugs/bugs-2.6.2.html
Running on: Linux 5.4.17-2011.6.2.el7uek.x86_64 #2 SMP Thu Sep 3 14:09:14 PDT 2020 x86_64
Build options :
  TARGET  = linux-glibc
  CPU     = generic
  CC      = cc
  CFLAGS  = -O2 -g -Wall -Wextra -Wundef -Wdeclaration-after-statement -Wfatal-errors -Wtype-limits -fwrapv -Wno-address-of-packed-member -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-clobbered -Wno-missing-field-initializers -Wno-cast-function-type -Wno-string-plus-int -Wno-atomic-alignment
  OPTIONS = USE_PCRE=1 USE_PCRE_JIT=1 USE_THREAD=1 USE_LINUX_TPROXY=1 USE_OPENSSL=1 USE_ZLIB=1 USE_TFO=1 USE_NS=1 USE_SYSTEMD=1
  DEBUG   = -DDEBUG_STRICT -DDEBUG_MEMORY_POOLS

Feature list : +EPOLL -KQUEUE +NETFILTER +PCRE +PCRE_JIT -PCRE2 -PCRE2_JIT +POLL +THREAD +BACKTRACE -STATIC_PCRE -STATIC_PCRE2 +TPROXY +LINUX_TPROXY +LINUX_SPLICE +LIBCRYPT +CRYPT_H -ENGINE +GETADDRINFO +OPENSSL -LUA +ACCEPT4 -CLOSEFROM +ZLIB -SLZ +CPU_AFFINITY +TFO +NS +DL +RT -DEVICEATLAS -51DEGREES -WURFL +SYSTEMD -OBSOLETE_LINKER +PRCTL -PROCCTL +THREAD_DUMP -EVPORTS -OT -QUIC -PROMEX -MEMORY_PROFILING

Default settings :
  bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Built with multi-threading support (MAX_THREADS=64, default=64).
Built with OpenSSL version : OpenSSL 1.0.2k-fips  26 Jan 2017
Running on OpenSSL version : OpenSSL 1.0.2k-fips  26 Jan 2017
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : SSLv3 TLSv1.0 TLSv1.1 TLSv1.2
Built with network namespace support.
Built with the Prometheus exporter as a service
Support for malloc_trim() is enabled.
Built with zlib version : 1.2.7
Running on zlib version : 1.2.7
Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Built with PCRE version : 8.32 2012-11-30
Running on PCRE version : 8.32 2012-11-30
PCRE library supports JIT : yes
Encrypted password support via crypt(3): yes
Built with gcc compiler version 4.8.5 20150623 (Red Hat 4.8.5-44)

Available polling systems :
      epoll : pref=300,  test result OK
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.

Available multiplexer protocols :
(protocols marked as <default> cannot be specified using 'proto' keyword)
         h2 : mode=HTTP  side=FE|BE  mux=H2    flags=HTX|HOL_RISK|NO_UPG
       fcgi : mode=HTTP  side=BE     mux=FCGI  flags=HTX|HOL_RISK|NO_UPG
  <default> : mode=HTTP  side=FE|BE  mux=H1    flags=HTX
         h1 : mode=HTTP  side=FE|BE  mux=H1    flags=HTX|NO_UPG
  <default> : mode=TCP   side=FE|BE  mux=PASS  flags=
       none : mode=TCP   side=FE|BE  mux=PASS  flags=NO_UPG

Available services : prometheus-exporter
Available filters :
        [CACHE] cache
        [COMP] compression
        [FCGI] fcgi-app
        [SPOE] spoe
        [TRACE] trace

Last Outputs and Backtraces

No response

Additional Information

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    status: works as designedThis issue stems from a misunderstanding of how HAProxy is supposed to work.type: bugThis issue describes a bug.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions