Re: use env variables in bind for bind options
Hi Aleks,
Aleksandar Lazic wrote:
> ### bind :${ROUTER_SERVICE_HTTP_PORT}
> ${ROUTER_SERVICE_HTTP_PORT_BIND_OPTONS} ###
>
> It's look to me that this is not possible.
To quote from Section 2.3 of configuration.txt:
> Those variables are interpreted only within double quotes. Variables
> are expanded during the configuration parsing. Variable names must be
> preceded by a dollar ("$") and optionally enclosed with braces ("{}")
> similarly to what is done in Bourne shell.
Thus, it should work once you enclose your bind values into double
quotes (without the potential linebreak added by my mail client):
bind ":${ROUTER_SERVICE_HTTP_PORT}"
"${ROUTER_SERVICE_HTTP_PORT_BIND_OPTONS}"
This will however prevent you from setting multiple (space-separated)
bind options as they will only be recognized as a single value due to
the quotes.
Regards,
Holger
Re: use env variables in bind for bind options
Hi Holger.
Am 20-05-2016 15:49, schrieb Holger Just:
Hi Aleks,
Aleksandar Lazic wrote:
### bind :${ROUTER_SERVICE_HTTP_PORT}
${ROUTER_SERVICE_HTTP_PORT_BIND_OPTONS} ###
It's look to me that this is not possible.
To quote from Section 2.3 of configuration.txt:
Those variables are interpreted only within double quotes. Variables
are expanded during the configuration parsing. Variable names must be
preceded by a dollar ("$") and optionally enclosed with braces ("{}")
similarly to what is done in Bourne shell.
Thus, it should work once you enclose your bind values into double
quotes (without the potential linebreak added by my mail client):
bind ":${ROUTER_SERVICE_HTTP_PORT}"
"${ROUTER_SERVICE_HTTP_PORT_BIND_OPTONS}"
This will however prevent you from setting multiple (space-separated)
bind options as they will only be recognized as a single value due to
the quotes.
Thanks for answer.
Here the tests which I have done.
#
bind ":${ROUTER_SERVICE_HTTP_PORT}"
"${ROUTER_SERVICE_HTTP_PORT_BIND_OPTONS}"
+ /usr/sbin/haproxy -f /var/lib/haproxy/conf/haproxy.config -p
/var/lib/haproxy/run/haproxy.pid
[ALERT] 140/141739 (19) : parsing
[/var/lib/haproxy/conf/haproxy.config:55] : 'bind' : invalid address:
'"' in '":${ROUTER_SERVICE_HTTP_PORT}"'
[ALERT] 140/141739 (19) : Error(s) found in configuration file :
/var/lib/haproxy/conf/haproxy.config
[ALERT] 140/141739 (19) : Fatal errors found in configuration.
#
#
bind :"${ROUTER_SERVICE_HTTP_PORT}"
"${ROUTER_SERVICE_HTTP_PORT_BIND_OPTONS}"
+ /usr/sbin/haproxy -f /var/lib/haproxy/conf/haproxy.config -p
/var/lib/haproxy/run/haproxy.pid
[ALERT] 140/142049 (18) : parsing
[/var/lib/haproxy/conf/haproxy.config:55] : 'bind' : invalid character
'"' in port number '"9080"' in ':"${ROUTER_SERVICE_HTTP_PORT}"'
[ALERT] 140/142049 (18) : Error(s) found in configuration file :
/var/lib/haproxy/conf/haproxy.config
[ALERT] 140/142049 (18) : Fatal errors found in configuration.
#
#
bind :${ROUTER_SERVICE_HTTP_PORT}
"${ROUTER_SERVICE_HTTP_PORT_BIND_OPTONS}"
+ /usr/sbin/haproxy -f /var/lib/haproxy/conf/haproxy.config -p
/var/lib/haproxy/run/haproxy.pid
[ALERT] 140/142259 (19) : parsing
[/var/lib/haproxy/conf/haproxy.config:55] : 'bind
:${ROUTER_SERVICE_HTTP_PORT}' unknown keyword
'"${ROUTER_SERVICE_HTTP_PORT_BIND_OPTONS}"'. Registered keywords :
[ ALL] accept-proxy
[ ALL] backlog
[ ALL] id
[ ALL] maxconn
[ ALL] name
[ ALL] nice
[ ALL] process
[UNIX] gid
[UNIX] group
[UNIX] mode
[UNIX] uid
[UNIX] user
[STAT] level
[ TCP] defer-accept
[ TCP] interface
[ TCP] mss
[ TCP] tcp-ut
[ TCP] tfo
[ TCP] transparent
[ TCP] v4v6
[ TCP] v6only
[ SSL] alpn
[ SSL] ca-file
[ SSL] ca-ignore-err
[ SSL] ciphers
[ SSL] crl-file
[ SSL] crt
[ SSL] crt-ignore-err
[ SSL] crt-list
[ SSL] ecdhe
[ SSL] force-sslv3
[ SSL] force-tlsv10
[ SSL] force-tlsv11
[ SSL] force-tlsv12
[ SSL] no-sslv3
[ SSL] no-tlsv10
[ SSL] no-tlsv11
[ SSL] no-tlsv12
[ SSL] no-tls-tickets
[ SSL] ssl
[ SSL] strict-sni
[ SSL] verify
[ SSL] npn
[ALERT] 140/142259 (19) : Error(s) found in configuration file :
/var/lib/haproxy/conf/haproxy.config
[ALERT] 140/142259 (19) : Fatal errors found in configuration.
#
My conclusion is that with or without " the ${...} is not substituted,
at least in the bind line.
Best regards
aleks
Re: use env variables in bind for bind options
Hi Aleks,
Aleksandar Lazic wrote:
> My conclusion is that with or without " the ${...} is not substituted,
> at least in the bind line.
>From your output, it looks like you are using an older version of
HAProxy. The behavior of quoted strings in the config changed in HAProxy
1.6. It appears you are using an older version (e.g. 1.5) which does
indeed not support this syntax.
That said, even on HAProxy 1.5.14, I have been able to validate your
syntax (there without the quotes).
Please ensure you are using a resonably up-to-date version of HAProxy
(which you can verify with `haproxy -vv`) and that you actually set all
used environment variables with their respective values when starting
HAProxy.
The last one is crucial as HAProxy does not replace environment
variables in the config file if the environment variable is not actually
defined. From your original output, it appears you are not defining the
${ROUTER_SERVICE_HTTPS_PORT_BIND_OPTONS} variable in the environment
which thus results in the parse error.
Regards,
Holger
Re: use env variables in bind for bind options
Hi Holger
Am 20-05-2016 17:02, schrieb Holger Just:
Hi Aleks,
Aleksandar Lazic wrote:
My conclusion is that with or without " the ${...} is not substituted,
at least in the bind line.
From your output, it looks like you are using an older version of
HAProxy.
yep.
[root@4a9889bfd2ac conf]# haproxy -vv
HA-Proxy version 1.5.14 2015/07/02
Copyright 2000-2015 Willy Tarreau
Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -O2 -g -fno-strict-aliasing -DTCP_USER_TIMEOUT=18
OPTIONS = USE_LINUX_TPROXY=1 USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1
USE_PCRE=1
Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents =
200
Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.7
Compression algorithms supported : identity, deflate, gzip
Built with OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013
Running on OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 8.32 2012-11-30
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with transparent proxy support using: IP_TRANSPARENT
IPV6_TRANSPARENT IP_FREEBIND
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
The behavior of quoted strings in the config changed in HAProxy
1.6. It appears you are using an older version (e.g. 1.5) which does
indeed not support this syntax.
That said, even on HAProxy 1.5.14, I have been able to validate your
syntax (there without the quotes).
Please ensure you are using a resonably up-to-date version of HAProxy
(which you can verify with `haproxy -vv`) and that you actually set all
used environment variables with their respective values when starting
HAProxy.
Okay I have now used more or less recent versions ;-).
curl -vO
http://www.haproxy.org/download/1.7/src/snapshot/haproxy-ss-20160520.tar.gz
curl -vO http://www.haproxy.org/download/1.6/src/haproxy-1.6.5.tar.gz
curl -vO http://www.haproxy.org/download/1.5/src/haproxy-1.5.18.tar.gz
The last one is crucial as HAProxy does not replace environment
variables in the config file if the environment variable is not
actually
defined. From your original output, it appears you are not defining the
${ROUTER_SERVICE_HTTPS_PORT_BIND_OPTONS} variable in the environment
which thus results in the parse error.
Looks like you are right.
test_env_haproxy.conf
https://gist.github.com/anonymous/4c9af7b622d072c7a58d85d5794e0fa7
20.05.2016 22:30 export PORT=8081
20.05.2016 22:30 export PORT_OPTS="accept-proxy"
OK
haproxy-1.6.5/haproxy -f test_env_haproxy.conf -d
haproxy-ss-20160520/haproxy -f test_env_haproxy.conf -d
NOK
haproxy-1.5.18/haproxy -f test_env_haproxy.conf -d
Thanks.
Best regards
Aleks
