On 11.02.2016 20:23, Edward Hart (c) wrote: > Q1: Can HAProxy be configured to 'roll back' if a patch update causes a > HAProxy failure on a production server? > Q2: Can HAProxy be configured to fail to a known safe state in the event of > server failure during operation? > > I am developing a Security Technical Implement Guide (STIG) for HAProxy. A > STIG is essentially a detailed checklist for hardening a given technology. > DoD uses them to provide cyber defense. > > Finding configurable ways to satisfy the below 2 requirements is proving > difficult. > > Req 1 : The web server must augment re-creation to a stable and known > baseline.
The best way to handle this is by using git for the configuration files as it also has the added benefit of providing an audit trail. If that is not possible then simply copy the current config to haproxy.conf.old before you make changes. If the changes don't work simply copy that file back to haproxy.conf and reload the configuration to restore the previous configuration. > Req 2 : The web server must be built to fail to a known safe state if system > initialization fails, shutdown fails, or aborts fail. Maybe I don't understand this requirement properly but if the system fails how is it supposed to automatically "unfail" itself? Can you provide a specific example of such a failure and what state haproxy is supposed to return to in that case? Regards, Dennis
