bind function doesn't work

strelok899 commented 11 months ago

Description

i have machine with 2 interfaces with 2 addresses 1.1.1.1 1.1.1.2 what i trying to achieve is :

backend with tcp mode pointing to "list-a" of servers port 443
backend with tcp mode pointing to "list-b" of servers port 443
frontend bound to 1.1.1.1 pointing to backend "list-a"
frontend bound to 1.1.1.2 pointing to backend "list-b"

Steps to Reproduce

create haproxy_backend mode tcp
create haproxy_servers using backend as parent
create haproxy_frontend using backend as backend mode tcp
create haproxy_bind using frontend as parent mode tcp using address 1.1.1.1
create second set all same just different servers adress names and bind adress

Expected behavior: `frontend http_443 mode tcp bind 1.1.1.1:443 stats uri /haproxy?stats default_backend ingress_443

backend ingress_443 mode tcp balance source server pve-master-2 2.2.2.2:443 check check-ssl verify none server pve-master-3 2.2.2.3:443 check check-ssl verify none server pve-master-1 2.2.2.1:443 check check-ssl verify none

`

Actual behavior:

` frontend http_443 mode tcp stats uri /haproxy?stats default_backend ingress_443

backend ingress_443 mode tcp balance source server pve-master-2 2.2.2.2:443 check check-ssl verify none server pve-master-3 2.2.2.3:443 check check-ssl verify none server pve-master-1 2.2.2.1:443 check check-ssl verify none `

Reproduces how often: always

Versions

Not required yet

Additional Information

Any additional information, configuration or data that might be necessary to reproduce the issue.

SepehrImanian commented 11 months ago

Thank you for taking the time to report this issue. It seems like there might be the resource priority in your Terraform code. I suspect that setting a depend_on attribute for the haproxy_bind resource to ensure it is created before haproxy_front might resolve the problem ( In fact, the haproxy_bind resource binds a port to the frontend configuration of HAProxy configuration ). To better assist you, Could you please share your Terraform code ? @strelok899

strelok899 commented 11 months ago

resource "haproxy_backend" "kubernetes_api_backend" {
  count = var.external_loadbalancer_enabled ? 1 : 0
  name  = "${var.cluster-name}-kubeapi"
  mode  = "tcp"
  balance {
    algorithm = "source"
  }
}

resource "haproxy_server" "kubernetes_api_backend_server" {
  for_each    = { for k, v in local.master_nodes_map : k => v if var.external_loadbalancer_enabled }
  name        = each.key
  port        = var.kubernetes_api_port
  address     = each.value.server_ip
  parent_name = haproxy_backend.kubernetes_api_backend[0].name
  parent_type = "backend"
  check       = true
  inter       = 10
  rise        = 2
  fall        = 2
  depends_on  = [haproxy_backend.kubernetes_api_backend]
}

resource "haproxy_frontend" "kubernetes_api_front" {
  count   = var.external_loadbalancer_enabled ? 1 : 0
  name    = "${var.cluster-name}-kubeapi"
  backend = haproxy_backend.kubernetes_api_backend[0].name
  mode    = "tcp"
  tcplog  = true

  depends_on = [haproxy_backend.kubernetes_api_backend]
}

resource "haproxy_bind" "kubernetes_api_front_bind" {
  count       = var.external_loadbalancer_enabled ? 1 : 0
  name        = "${var.cluster-name}-kubeapi-bind"
  port        = var.kubernetes_api_bind_port
  address     = var.kubernetes_api_bind_address
  mode        = "tcp"
  parent_name = haproxy_frontend.kubernetes_api_front[0].name
  parent_type = "frontend"
  depends_on  = [haproxy_frontend.kubernetes_api_front]
}

@SepehrImanian

SepehrImanian commented 11 months ago

It appears there's an issue with the HAProxy data plane API when configuring a frontend as TCP and then attempting to set a TCP bind. This results in the following error:

bind '' in section 'frontend' 'mode' missing or invalid mode 'tcp'

To resolve this issue, you can simply remove the mode = "tcp" setting from the haproxy_bind resource.

Additionally, I'll be enhancing error handling for HAProxy data plane responses in version v0.0.8.

@strelok899

strelok899 commented 11 months ago

resource "haproxy_backend" "kubernetes_api_backend" {
  count = var.external_loadbalancer_enabled ? 1 : 0
  name  = "${var.cluster-name}-kubeapi"
  mode  = "tcp"
  balance {
    algorithm = "source"
  }
}

resource "haproxy_server" "kubernetes_api_backend_server" {
  for_each    = { for k, v in local.master_nodes_map : k => v if var.external_loadbalancer_enabled }
  name        = each.key
  port        = var.kubernetes_api_port
  address     = each.value.server_ip
  parent_name = haproxy_backend.kubernetes_api_backend[0].name
  parent_type = "backend"
  check       = true
  inter       = 10
  rise        = 2
  fall        = 2
  depends_on  = [haproxy_backend.kubernetes_api_backend]
}

resource "haproxy_frontend" "kubernetes_api_front" {
  count   = var.external_loadbalancer_enabled ? 1 : 0
  name    = "${var.cluster-name}-kubeapi"
  backend = haproxy_backend.kubernetes_api_backend[0].name
  mode    = "tcp"
  tcplog  = true

  depends_on = [haproxy_bind.kubernetes_api_front_bind]
}

resource "haproxy_bind" "kubernetes_api_front_bind" {
  count       = var.external_loadbalancer_enabled ? 1 : 0
  name        = "${var.cluster-name}-kubeapi-bind"
  port        = var.kubernetes_api_bind_port
  address     = var.kubernetes_api_bind_address
  parent_name = haproxy_frontend.kubernetes_api_front[0].name
  parent_type = "frontend"
}

@SepehrImanian , so basically like this should work?

maybe you can help me on second issue server pve-master-2 2.2.2.2:443 check check-ssl verify none

how to set check-ssl verify none in the server

strelok899 commented 11 months ago

and superb work on the provider! really high quality project @SepehrImanian kudos

SepehrImanian commented 11 months ago

The HAProxy data plane API currently supports features like "check-ssl," "verify," and "none," but these functionalities have not yet been integrated into provider. However, I plan to include them in the upcoming release. @strelok899

SepehrImanian / terraform-provider-haproxy