arg. ok, it was SELinux... we recently re-worked how we prepare our base image and the new method seems to leave SELinux enabled... turned that off and everything's working peachy.
Thanks! On Wed, May 20, 2015 at 4:16 PM Lukas Tribus <[email protected]> wrote: > > hi all, > > > > I'm working on standing up a new haproxy instance to manage redis > > directly on our redis hosts since our main load-balancer does periodic > > reloads and restarts for things like OCSP stapling that good ol' > > amnesiac HTTP handles just fine, but longer-lived TCP connections like > > our redis clients don't care too much for. > > > > I managed to put together a configuration that works fine in local > > testing (vagrant configured by test-kitchen), but for some reason when > > I try to push this to staging, haproxy is refusing to start, > > complaining that it can't bind to the keepalived-managed VIP. For the > > life of me I can't figure out what the problem is, but hopefully > > someone here will be able to give me some pointers? > > Not sure, can you run haproxy directly (without systemd) through strace, > to see what exactly the kernel returns? > > Whats the kernel release anyway? > > What happens if you add the transparent keyword on the bind > configuration line (so that the sysctl setting is not needed)? > > > > Regards, > > Lukas > >
