Hi.
Today I tried some fancy stuff ;-).
https://github.com/git001/openshift_custom_haproxy_ext/commit/d30fdb4fae0988b9a35ee43fef5cf247ae822f6f#diff-f81691f60803593ee683f75fb91cdd03
###
bind :${ROUTER_SERVICE_HTTP_PORT}
${ROUTER_SERVICE_HTTP_PORT_BIND_OPTONS}
###
It's look to me that this is not possible.
####
/usr/sbin/haproxy -f /var/lib/haproxy/conf/haproxy.config -p
/var/lib/haproxy/run/haproxy.pid
[ALERT] 140/092135 (19) : parsing
[/var/lib/haproxy/conf/haproxy.config:55] : 'bind
:${ROUTER_SERVICE_HTTP_PORT}' unknown keyword
'${ROUTER_SERVICE_HTTP_PORT_BIND_OPTONS}'. Registered keywords :
[ ALL] accept-proxy
[ ALL] backlog <arg>
[ ALL] id <arg>
[ ALL] maxconn <arg>
[ ALL] name <arg>
[ ALL] nice <arg>
[ ALL] process <arg>
[UNIX] gid <arg>
[UNIX] group <arg>
[UNIX] mode <arg>
[UNIX] uid <arg>
[UNIX] user <arg>
[STAT] level <arg>
[ TCP] defer-accept
[ TCP] interface <arg>
[ TCP] mss <arg>
[ TCP] tcp-ut <arg>
[ TCP] tfo
[ TCP] transparent
[ TCP] v4v6
[ TCP] v6only
[ SSL] alpn <arg>
[ SSL] ca-file <arg>
[ SSL] ca-ignore-err <arg>
[ SSL] ciphers <arg>
[ SSL] crl-file <arg>
[ SSL] crt <arg>
[ SSL] crt-ignore-err <arg>
[ SSL] crt-list <arg>
[ SSL] ecdhe <arg>
[ SSL] force-sslv3
[ SSL] force-tlsv10
[ SSL] force-tlsv11
[ SSL] force-tlsv12
[ SSL] no-sslv3
[ SSL] no-tlsv10
[ SSL] no-tlsv11
[ SSL] no-tlsv12
[ SSL] no-tls-tickets
[ SSL] ssl
[ SSL] strict-sni
[ SSL] verify <arg>
[ SSL] npn <arg>
[ALERT] 140/092135 (19) : parsing
[/var/lib/haproxy/conf/haproxy.config:81] : 'bind
:${ROUTER_SERVICE_HTTPS_PORT}' unknown keyword
'${ROUTER_SERVICE_HTTPS_PORT_BIND_OPTONS}'.
[ALERT] 140/092135 (19) : Error(s) found in configuration file :
/var/lib/haproxy/conf/haproxy.config
[ALERT] 140/092135 (19) : Fatal errors found in configuration.
####
Looks like that bind_find_kw() is not able to do the ENV evaluation in
${...} syntax
http://git.haproxy.org/?p=haproxy-1.5.git;a=blob;f=src/cfgparse.c#l2319
http://git.haproxy.org/?p=haproxy-1.5.git;a=blob;f=src/listener.c#l538
That's the reason why I get the error massage.
http://git.haproxy.org/?p=haproxy-1.5.git;a=blob;f=src/cfgparse.c#l2361
What do you think make it sense to add the possibility for
bind_find_kw() to parse first the ${...} content and then go further in
the process?
If you ask 'Why he want to do this'.
I want to be able to add some options to the bind line, currently
accept-proxy, dynamically in a docker/openshift image to avoid to build
the image just to add a bind option.
I need to do this because we run openshift router in front of AWS ELB
and want to be able to do this
http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/enable-proxy-protocol.html
I want to be able to just make a
oc env dc/router ROUTER_SERVICE_HTTP_PORT_BIND_OPTONS="accept-proxy"
if the ELB is configured with the proxy protocol option.
For Openshift I will add a PR to add similar like with
ROUTER_SERVICE_HTTP_PORT
https://github.com/openshift/origin/blob/master/images/router/haproxy/conf/haproxy-config.template#L67
but for plain haproxy it would nice to have this feature also ;-)
Opinions?
Best regards
Aleks
