Hello Aurélien,

On Mon, Mar 05, 2018 at 03:34:11PM +0100, Aurélien Nephtali wrote:
> Hello,
> 
> I'm working on a feature to add or delete SSL certificates without
> reloading HAProxy and I'm facing a problem regarding the way to feed
> the new certificates to the admin socket.
> 
> The certificates contain \n so the parser will trip on them and
> incorrectly process the command.
> 
> Those are my ideas so far:
> 
>     - base64 the certificate content,
>     - add a binary protocol to the socket to handle this special case
> (intrusive, not the best idea),
>     - add support for quotes.
> 
> (some months ago there was also an idea in
> https://www.mail-archive.com/haproxy@formilux.org/msg23857.html)
> 
> What would be the best/upstreamable way to do ?

I tend to think (first idea out of my head) that for such file types,
we could very well consider that the command reads multiple lines and
stops at the first empty line. That's very convenient to use in scripts
and even by hand in copy-paste sessions. It would work with almost all
of the data types we have to feed via the CLI, including the maps/acls.

And a script writing there would just have to run grep -v "^$" to be
save, which is pretty easy.

In fact that's already the format used for the output : the output of
each command is defined as running till the first empty line.

I also thought about escaping end of lines with a backslash but that
becomes very painful to place in scripts.

Just my two cents, I'm also interested in people's ideas regarding this.

Thanks,
Willy

Reply via email to