arg. ok, it was SELinux... we recently re-worked how we prepare our base
image and the new method seems to leave SELinux enabled... turned that off
and everything's working peachy.
Thanks!
On Wed, May 20, 2015 at 4:16 PM Lukas Tribus wrote:
> > hi all,
> >
> > I'm working on standing up a new haproxy instance to manage redis
> > directly on our redis hosts since our main load-balancer does periodic
> > reloads and restarts for things like OCSP stapling that good ol'
> > amnesiac HTTP handles just fine, but longer-lived TCP connections like
> > our redis clients don't care too much for.
> >
> > I managed to put together a configuration that works fine in local
> > testing (vagrant configured by test-kitchen), but for some reason when
> > I try to push this to staging, haproxy is refusing to start,
> > complaining that it can't bind to the keepalived-managed VIP. For the
> > life of me I can't figure out what the problem is, but hopefully
> > someone here will be able to give me some pointers?
>
> Not sure, can you run haproxy directly (without systemd) through strace,
> to see what exactly the kernel returns?
>
> Whats the kernel release anyway?
>
> What happens if you add the transparent keyword on the bind
> configuration line (so that the sysctl setting is not needed)?
>
>
>
> Regards,
>
> Lukas
>
>