allows to use unix-bind settings in config file for both stats and master
sockets; this will save some double painful config when you can rely on
the global unix-bind.
Local settings will still overload the default global.
Signed-off-by: William Dauchy <w.dau...@criteo.com>
---
doc/configuration.txt | 1 +
doc/management.txt | 1 +
src/cli.c | 8 ++++++++
3 files changed, 10 insertions(+)
diff --git a/doc/configuration.txt b/doc/configuration.txt
index d0bb9741..c3aedb9e 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -1293,6 +1293,7 @@ stats socket [<address:port>|<path>] [param*]
All parameters supported by "bind" lines are supported, for instance to
restrict access to some users or their access rights. Please consult
section 5.1 for more information.
+ "unix-bind" settings have also an effect on this socket settings.
stats timeout <timeout, in milliseconds>
The default timeout on the stats socket is set to 10 seconds. It is possible
diff --git a/doc/management.txt b/doc/management.txt
index 973b6f3a..2c48db1f 100644
--- a/doc/management.txt
+++ b/doc/management.txt
@@ -283,6 +283,7 @@ list of options is :
For security reasons, it is recommended to bind the master CLI to a local
UNIX socket. The bind options are the same as the keyword "bind" in
the configuration file with words separated by commas instead of spaces.
+ "unix-bind" settings have also an effect on this socket settings.
Note that this socket can't be used to retrieve the listening sockets from
an old process during a seamless reload.
diff --git a/src/cli.c b/src/cli.c
index ba48d147..07a74067 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -256,6 +256,10 @@ static int stats_parse_global(char **args, int
section_type, struct proxy *curpx
bind_conf = bind_conf_alloc(global.stats_fe, file, line,
args[2], xprt_get(XPRT_RAW));
bind_conf->level &= ~ACCESS_LVL_MASK;
bind_conf->level |= ACCESS_LVL_OPER; /* default access level */
+ /* use default settings for unix sockets */
+ bind_conf->ux.uid = global.unix_bind.ux.uid;
+ bind_conf->ux.gid = global.unix_bind.ux.gid;
+ bind_conf->ux.mode = global.unix_bind.ux.mode;
if (!str2listener(args[2], global.stats_fe, bind_conf, file,
line, err)) {
memprintf(err, "parsing [%s:%d] : '%s %s' : %s\n",
@@ -2547,6 +2551,10 @@ int mworker_cli_proxy_new_listener(char *line)
bind_conf->level &= ~ACCESS_LVL_MASK;
bind_conf->level |= ACCESS_LVL_ADMIN;
+ /* use default settings for unix sockets */
+ bind_conf->ux.uid = global.unix_bind.ux.uid;
+ bind_conf->ux.gid = global.unix_bind.ux.gid;
+ bind_conf->ux.mode = global.unix_bind.ux.mode;
if (!str2listener(args[0], mworker_proxy, bind_conf, "master-socket",
0, &err)) {
ha_alert("Cannot create the listener of the master CLI\n");
--
2.24.1
