CentOS7 - Systemd and HAProxy

Issues related to applications and software problems
Post Reply
ldelossa
Posts: 4
Joined: 2012/04/11 14:56:09

CentOS7 - Systemd and HAProxy

Post by ldelossa » 2015/05/02 17:09:52

Hey guys,

I'm using latest version of CentOS 7 and using this as an HAProxy box. Right now I can only start HAproxy via command line i.e.

Code: Select all

sudo /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg
This starts up fine.

If I try

Code: Select all

sudo systemclt start haproxy
I get the following errors:

Code: Select all

May 02 10:19:40 haproxy1 haproxy[4334]: | While not properly invalid, you will certainly encounter various problems
May 02 10:19:40 haproxy1 haproxy[4334]: | with such a configuration. To fix this, please ensure that all following
May 02 10:19:40 haproxy1 haproxy[4334]: | timeouts are set to a non-zero value: 'client', 'connect', 'server'.
May 02 10:19:40 haproxy1 haproxy[4334]: [WARNING] 121/101940 (4334) : config : 'stats' statement ignored for proxy 'sm... mode.
May 02 10:19:40 haproxy1 haproxy[4334]: [ALERT] 121/101940 (4334) : Starting proxy smtp: cannot bind socket [0.0.0.0:25]
May 02 10:19:40 haproxy1 systemd[1]: haproxy.service: main process exited, code=exited, status=1/FAILURE
May 02 10:19:40 haproxy1 systemd[1]: Unit haproxy.service entered failed state.

The HAProxy startup script looks like this:

Code: Select all

[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target

[Service]
ExecStart=/usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID



[Install]
WantedBy=multi-user.target

I also changed it to this to try to make the service run just like the command line

Code: Select all

[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target

[Service]
ExecStart=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID
user=root
group=root


[Install]
WantedBy=multi-user.target

I don't like having that script start haproxy as root but I was trying to use the same conditions.

No matter what the systemctl method is unable to bind the port - seems like a permissions issue to me.

User avatar
avij
Retired Moderator
Posts: 3046
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: CentOS7 - Systemd and HAProxy

Post by avij » 2015/05/02 18:03:49

I would guess this is a SELinux issue. Try setenforce 0, then restart the HAProxy service. If HAProxy works after this change, restore the enforcing status with setenforce 1, and then run setsebool -P haproxy_connect_any to change the SELinux boolean that is probably affecting this, and restart the service again.

ldelossa
Posts: 4
Joined: 2012/04/11 14:56:09

Re: CentOS7 - Systemd and HAProxy

Post by ldelossa » 2015/05/02 18:50:20

The error persists with SElinux disabled.

ldelossa
Posts: 4
Joined: 2012/04/11 14:56:09

Re: CentOS7 - Systemd and HAProxy

Post by ldelossa » 2015/05/02 19:19:58

avij wrote:I would guess this is a SELinux issue. Try setenforce 0, then restart the HAProxy service. If HAProxy works after this change, restore the enforcing status with setenforce 1, and then run setsebool -P haproxy_connect_any to change the SELinux boolean that is probably affecting this, and restart the service again.
My Mistake - I had thought SELinux is not enforcing. You were correct in your solution. All is good now!

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CentOS7 - Systemd and HAProxy

Post by TrevorH » 2015/05/02 20:58:43

No, that's just a first step: put selinux permissive, gather logs, analyze them, generate a policy to allow what was denied and load it: repeat until it works. Use aureport, ausearch and audit2allow to get the info you need.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

azzaka
Posts: 1
Joined: 2015/05/27 07:09:29

Re: CentOS7 - Systemd and HAProxy

Post by azzaka » 2017/11/09 10:38:35

Leaving selinux in enforcing mode, I used the following:

Code: Select all

[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target

[Service]
ExecStart=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID
user=haproxy
group=haproxy


[Install]
WantedBy=multi-user.target
And it appears to work for me.

Post Reply