[Ubuntu-ha] [Bug 1828496] Re: service haproxy reload sometimes fails to pick up new TLS certificates

Sun, 15 Mar 2020 00:16:27 -0700 

Saw this elsewhere, on Bionic:

| root      6522  0.0  0.7 2089380 2035060 ?     Ss   Mar11   0:36 
/usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -sf 60208 
12488 19796 -x /run/haproxy/admin.sock
| haproxy  19796  0.0  0.5 8374612 1518588 ?     Ssl  Mar12 370:39  \_ 
/usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -sf 62903 
-x /run/haproxy/admin.sock
| haproxy  63249  0.0  0.5 8490864 1468892 ?     Ssl  19:13 185:53  \_ 
/usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -sf 60208 
12488 19796 -x /run/haproxy/admin.sock

New configs weren't made live because the old process was still around,
even after a reload and HAProxy spawning a new.

** Also affects: haproxy (Ubuntu Bionic)
   Importance: Undecided
       Status: New

** Also affects: haproxy (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Changed in: haproxy (Ubuntu Xenial)
       Status: New => Confirmed

** Changed in: haproxy (Ubuntu Bionic)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
High Availability Team, which is subscribed to haproxy in Ubuntu.
https://bugs.launchpad.net/bugs/1828496

Title:
  service haproxy reload sometimes fails to pick up new TLS certificates

Status in haproxy package in Ubuntu:
  Confirmed
Status in haproxy source package in Xenial:
  Confirmed
Status in haproxy source package in Bionic:
  Confirmed

Bug description:
  I suspect this is the same thing reported on StackOverflow:

  "I had this same issue where even after reloading the config, haproxy
  would randomly serve old certs. After looking around for many days the
  issue was that "reload" operation created a new process without
  killing the old one. Confirm this by "ps aux | grep haproxy"."

  https://stackoverflow.com/questions/46040504/haproxy-wont-recognize-
  new-certificate

  In our setup, we automate Let's Encrypt certificate renewals, and a
  fresh certificate will trigger a reload of the service. But
  occasionally this reload doesn't seem to do anything.

  Will update with details next time it happens, and hopefully confirm
  the multiple process theory.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/haproxy/+bug/1828496/+subscriptions

_______________________________________________
Mailing list: https://launchpad.net/~ubuntu-ha
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~ubuntu-ha
More help   : https://help.launchpad.net/ListHelp

Reply via email to