I may be completely wrong, but one possible reason to cause 503 from haproxy is AppArmor.
@Xav, what happens if you disable apparmor, i.e. aa-disable /usr/bin /neutron-lbaasv2-agent? As you see in an unrelated bug[1], the apparmor profile installed by neutron-gateway charm blocks lbaasv2 if it's set in enforced mode. [kernel log] Sep 21 19:46:44 HOSTNAME kernel: audit: type=1400 audit(1506023204.857:304): apparmor="DENIED" operation="connect" info="Failed name lookup - disconnected path" error=-13 profile="/usr/bin/neutron-lbaasv2-agent" name="var/lib/neutron/lbaas/v2/496d6d2b-8bf7-42b7-822f-c3f31d8db43f/haproxy_stats.sock" pid=736613 comm="neutron-lbaasv2" requested_mask="wr" denied_mask="wr" fsuid=115 ouid=0 [/var/log/neutron/neutron-lbaasv2-agent.log] 2017-09-21 19:44:44.850 736613 WARNING neutron_lbaas.drivers.haproxy.namespace_driver [-] Error while connecting to stats socket: [Errno 13] EACCES In complain mode, if you see "ALLOWED" message for operation="connect" and info="Failed name lookup - disconnected path", but still see EACCES from lbaasv2 log. It may be hit by a bug in apparmor which blocks operation="connect" even in complain mode[2][3]. [1] https://bugs.launchpad.net/charm-neutron-gateway/+bug/1718768 [2] https://bugs.launchpad.net/apparmor/+bug/1624497 [3] https://bugs.launchpad.net/apparmor/+bug/1624300 ** Changed in: charm-neutron-gateway Status: Invalid => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1770040 Title: lbaas load balancer does not forward traffic unless agent restarted To manage notifications about this bug go to: https://bugs.launchpad.net/charm-neutron-gateway/+bug/1770040/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
