Hello William,

Thank you for your answer.

On Tue, Oct 6, 2020 at 7:17 PM William Lallemand <wlallem...@haproxy.com> wrote:
> The problem with activating SSL on-the-fly is that SSL is not only an
> on/off option but there are a lot of parameters that can be configured,
> and that won't fit the server state file. I fear it will complicate a
> lot of things in the future in this form.

My plan was to iterate on this and add other possible parameters to be
updatable on the fly. But now that you raised the "server state file",
I remember it is used for the "load-server-state-from-file". So it is
starting to be tricky if we add other parameters.
I indeed overlooked the problem around `server state` as we use it
externally in our control plane: if we detect a diff, we either try to
make the change through the API, or through a reload in the worst case
I overlooked the origin use case for "load-server-state-from-file" and
we have built a lot of things on top of `show servers state`.

> Maybe you could have pre-configured but disabled servers with SSL in your
> configuration and enable them progressively with the CLI instead ?

this is not an option for us as it would over-complexify our control plane.

That being said, I now completely understand this patchset cannot be
accepted as is unless we would agree on a list of parameters to be
added to `show servers state`? Maybe a good opportunity to start a
discussion and find alternative ways?

Reply via email to