Re: use env variables in bind for bind options
Hi Aleks, Aleksandar Lazic wrote: > ### bind :${ROUTER_SERVICE_HTTP_PORT} > ${ROUTER_SERVICE_HTTP_PORT_BIND_OPTONS} ### > > It's look to me that this is not possible. To quote from Section 2.3 of configuration.txt: > Those variables are interpreted only within double quotes. Variables > are expanded during the configuration parsing. Variable names must be > preceded by a dollar ("$") and optionally enclosed with braces ("{}") > similarly to what is done in Bourne shell. Thus, it should work once you enclose your bind values into double quotes (without the potential linebreak added by my mail client): bind ":${ROUTER_SERVICE_HTTP_PORT}" "${ROUTER_SERVICE_HTTP_PORT_BIND_OPTONS}" This will however prevent you from setting multiple (space-separated) bind options as they will only be recognized as a single value due to the quotes. Regards, Holger
Re: use env variables in bind for bind options
Hi Holger. Am 20-05-2016 15:49, schrieb Holger Just: Hi Aleks, Aleksandar Lazic wrote: ### bind :${ROUTER_SERVICE_HTTP_PORT} ${ROUTER_SERVICE_HTTP_PORT_BIND_OPTONS} ### It's look to me that this is not possible. To quote from Section 2.3 of configuration.txt: Those variables are interpreted only within double quotes. Variables are expanded during the configuration parsing. Variable names must be preceded by a dollar ("$") and optionally enclosed with braces ("{}") similarly to what is done in Bourne shell. Thus, it should work once you enclose your bind values into double quotes (without the potential linebreak added by my mail client): bind ":${ROUTER_SERVICE_HTTP_PORT}" "${ROUTER_SERVICE_HTTP_PORT_BIND_OPTONS}" This will however prevent you from setting multiple (space-separated) bind options as they will only be recognized as a single value due to the quotes. Thanks for answer. Here the tests which I have done. # bind ":${ROUTER_SERVICE_HTTP_PORT}" "${ROUTER_SERVICE_HTTP_PORT_BIND_OPTONS}" + /usr/sbin/haproxy -f /var/lib/haproxy/conf/haproxy.config -p /var/lib/haproxy/run/haproxy.pid [ALERT] 140/141739 (19) : parsing [/var/lib/haproxy/conf/haproxy.config:55] : 'bind' : invalid address: '"' in '":${ROUTER_SERVICE_HTTP_PORT}"' [ALERT] 140/141739 (19) : Error(s) found in configuration file : /var/lib/haproxy/conf/haproxy.config [ALERT] 140/141739 (19) : Fatal errors found in configuration. # # bind :"${ROUTER_SERVICE_HTTP_PORT}" "${ROUTER_SERVICE_HTTP_PORT_BIND_OPTONS}" + /usr/sbin/haproxy -f /var/lib/haproxy/conf/haproxy.config -p /var/lib/haproxy/run/haproxy.pid [ALERT] 140/142049 (18) : parsing [/var/lib/haproxy/conf/haproxy.config:55] : 'bind' : invalid character '"' in port number '"9080"' in ':"${ROUTER_SERVICE_HTTP_PORT}"' [ALERT] 140/142049 (18) : Error(s) found in configuration file : /var/lib/haproxy/conf/haproxy.config [ALERT] 140/142049 (18) : Fatal errors found in configuration. # # bind :${ROUTER_SERVICE_HTTP_PORT} "${ROUTER_SERVICE_HTTP_PORT_BIND_OPTONS}" + /usr/sbin/haproxy -f /var/lib/haproxy/conf/haproxy.config -p /var/lib/haproxy/run/haproxy.pid [ALERT] 140/142259 (19) : parsing [/var/lib/haproxy/conf/haproxy.config:55] : 'bind :${ROUTER_SERVICE_HTTP_PORT}' unknown keyword '"${ROUTER_SERVICE_HTTP_PORT_BIND_OPTONS}"'. Registered keywords : [ ALL] accept-proxy [ ALL] backlog [ ALL] id [ ALL] maxconn [ ALL] name [ ALL] nice [ ALL] process [UNIX] gid [UNIX] group [UNIX] mode [UNIX] uid [UNIX] user [STAT] level [ TCP] defer-accept [ TCP] interface [ TCP] mss [ TCP] tcp-ut [ TCP] tfo [ TCP] transparent [ TCP] v4v6 [ TCP] v6only [ SSL] alpn [ SSL] ca-file [ SSL] ca-ignore-err [ SSL] ciphers [ SSL] crl-file [ SSL] crt [ SSL] crt-ignore-err [ SSL] crt-list [ SSL] ecdhe [ SSL] force-sslv3 [ SSL] force-tlsv10 [ SSL] force-tlsv11 [ SSL] force-tlsv12 [ SSL] no-sslv3 [ SSL] no-tlsv10 [ SSL] no-tlsv11 [ SSL] no-tlsv12 [ SSL] no-tls-tickets [ SSL] ssl [ SSL] strict-sni [ SSL] verify [ SSL] npn [ALERT] 140/142259 (19) : Error(s) found in configuration file : /var/lib/haproxy/conf/haproxy.config [ALERT] 140/142259 (19) : Fatal errors found in configuration. # My conclusion is that with or without " the ${...} is not substituted, at least in the bind line. Best regards aleks
Re: use env variables in bind for bind options
Hi Aleks, Aleksandar Lazic wrote: > My conclusion is that with or without " the ${...} is not substituted, > at least in the bind line. >From your output, it looks like you are using an older version of HAProxy. The behavior of quoted strings in the config changed in HAProxy 1.6. It appears you are using an older version (e.g. 1.5) which does indeed not support this syntax. That said, even on HAProxy 1.5.14, I have been able to validate your syntax (there without the quotes). Please ensure you are using a resonably up-to-date version of HAProxy (which you can verify with `haproxy -vv`) and that you actually set all used environment variables with their respective values when starting HAProxy. The last one is crucial as HAProxy does not replace environment variables in the config file if the environment variable is not actually defined. From your original output, it appears you are not defining the ${ROUTER_SERVICE_HTTPS_PORT_BIND_OPTONS} variable in the environment which thus results in the parse error. Regards, Holger
Re: use env variables in bind for bind options
Hi Holger Am 20-05-2016 17:02, schrieb Holger Just: Hi Aleks, Aleksandar Lazic wrote: My conclusion is that with or without " the ${...} is not substituted, at least in the bind line. From your output, it looks like you are using an older version of HAProxy. yep. [root@4a9889bfd2ac conf]# haproxy -vv HA-Proxy version 1.5.14 2015/07/02 Copyright 2000-2015 Willy Tarreau Build options : TARGET = linux2628 CPU = generic CC = gcc CFLAGS = -O2 -g -fno-strict-aliasing -DTCP_USER_TIMEOUT=18 OPTIONS = USE_LINUX_TPROXY=1 USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1 USE_PCRE=1 Default settings : maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200 Encrypted password support via crypt(3): yes Built with zlib version : 1.2.7 Compression algorithms supported : identity, deflate, gzip Built with OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013 Running on OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports prefer-server-ciphers : yes Built with PCRE version : 8.32 2012-11-30 PCRE library supports JIT : no (USE_PCRE_JIT not set) Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. The behavior of quoted strings in the config changed in HAProxy 1.6. It appears you are using an older version (e.g. 1.5) which does indeed not support this syntax. That said, even on HAProxy 1.5.14, I have been able to validate your syntax (there without the quotes). Please ensure you are using a resonably up-to-date version of HAProxy (which you can verify with `haproxy -vv`) and that you actually set all used environment variables with their respective values when starting HAProxy. Okay I have now used more or less recent versions ;-). curl -vO http://www.haproxy.org/download/1.7/src/snapshot/haproxy-ss-20160520.tar.gz curl -vO http://www.haproxy.org/download/1.6/src/haproxy-1.6.5.tar.gz curl -vO http://www.haproxy.org/download/1.5/src/haproxy-1.5.18.tar.gz The last one is crucial as HAProxy does not replace environment variables in the config file if the environment variable is not actually defined. From your original output, it appears you are not defining the ${ROUTER_SERVICE_HTTPS_PORT_BIND_OPTONS} variable in the environment which thus results in the parse error. Looks like you are right. test_env_haproxy.conf https://gist.github.com/anonymous/4c9af7b622d072c7a58d85d5794e0fa7 20.05.2016 22:30 export PORT=8081 20.05.2016 22:30 export PORT_OPTS="accept-proxy" OK haproxy-1.6.5/haproxy -f test_env_haproxy.conf -d haproxy-ss-20160520/haproxy -f test_env_haproxy.conf -d NOK haproxy-1.5.18/haproxy -f test_env_haproxy.conf -d Thanks. Best regards Aleks