Marcos Moreno reported recently that an "haproxy -c -f <cfgfile>" would
succeed even if some servers points to a "resolvers" section which does not
Then, starting up haproxy would fail, with the expected message "resolvers
section not found".

The patch in attachment fixes this behavior.

This patch should be backported into HAProxy 1.8 as well.

From 140432e3eeff0dfd36b48310a64b908bde7cc90f Mon Sep 17 00:00:00 2001
From: Baptiste Assmann <bed...@gmail.com>
Date: Fri, 10 Aug 2018 10:56:38 +0200
Subject: [PATCH] BUG/MINOR: dns: check and link servers' resolvers right after
 config parsing

On the Mailing list, Marcos Moreno reported that haproxy configuration
validation (through "haproxy -c cfgfile") does not detect when a
resolvers section does not exist for a server.
That said, this checking is done after HAProxy has started up.

The problem is that this can create production issue, since init
script can't detect the problem before starting / reloading HAProxy.

To fix this issue, this patch registers the function which validates DNS
configuration validity and run it right after configuration parsing is
finished (through cfg_register_postparser()).
Thanks to it, now "haproxy -c cfgfile" will fail when a server
points to a non-existing resolvers section (or any other validation made
by the function above).

Thanks to Christopher for helping on the fix :)

Backport: 1.8

 src/dns.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/dns.c b/src/dns.c
index 985ed0f..e50e8e0 100644
--- a/src/dns.c
+++ b/src/dns.c
@@ -19,6 +19,7 @@
 #include <sys/types.h>
+#include <common/cfgparse.h>
 #include <common/errors.h>
 #include <common/time.h>
 #include <common/ticks.h>
@@ -2056,7 +2057,7 @@ static void __dns_init(void)
 	dns_answer_item_pool = create_pool("dns_answer_item", sizeof(struct dns_answer_item), MEM_F_SHARED);
 	dns_resolution_pool  = create_pool("dns_resolution",  sizeof(struct dns_resolution),  MEM_F_SHARED);
-	hap_register_post_check(dns_finalize_config);
+	cfg_register_postparser("dns runtime resolver", dns_finalize_config);

Reply via email to