Greetings,
On 04/29/2016 11:37 AM, Philipp Buehler wrote:
Am 29.04.2016 17:27 schrieb Chad Lavoie:
HAProxy sockets support "add acl <acl> <pattern>" to add an ACL entry
or "add map" to add to a map. Can be used with "clear acl"/"clear
map" to empty the table first to refresh them completely.
See
https://cbonte.github.io/haproxy-dconv/configuration-1.5.html#9.2-add%20acl
for details.
If how to use that isn't clear I can provide an example.
Oh, almost there, would love to see an example.
If you have an acl configuration such as "acl admin_ips src -f
/usr/local/haproxy/admin_ips.acl" in your haproxy configuration, you can
update it using the following:
# echo "clear acl /usr/local/haproxy/admin_ips.acl" | socat stdio
/var/run/haproxy.sock
# cat /usr/local/haproxy/admin_ips.acl | sed "s|^|add acl
/usr/local/haproxy/admin_ips.acl |" | socat stdio /var/run/haproxy.sock
The first line there clears the existing ACL entries, and the second
line adds the ACL entries from the file. Depending on the use-case the
ACL could be updated instead of clearing it and refilling it.
Requires having "stats socket /var/run/haproxy.sock mode 0600 level
admin" in your haproxy configs "global" section.
- Chad
(damn, 1.6.html has no chapter-9 anymore)
Yet, looks like this would render my proposal to void (always good!).
ciao
