search

haproxytech / haproxy-consul-connect

HaProxy Connector for Consul Connect. Enables Service Mesh with Consul and HaProxy using TLS and Consul Discovery
Apache License 2.0
95 stars 20 forks source link

changes to dataplane-api causing issues #6

Closed pvyaka01 closed 4 years ago

pvyaka01 commented 4 years ago

I setup a test service in consul and tried starting this with the following command: ./haproxy-consul-connect -sidecar-for test_v1

HAProxy binary and dataplaneapi are in the path so it finds them. However, haproxy-consul-connect exits with this:

INFO[0000] consul: watching service test_v1 INFO[0000] consul: watching service test_v1-sidecar-proxy INFO[0000] consul: leaf cert for service test changed, serial: 98:04, valid before: 2020-02-17 04:12:05 +0000 UTC, valid after: 2020-02-14 04:12:05 +0000 UTC INFO[0000] consul: leaf cert for test ready INFO[0000] consul: CA certs changed, active root id: 98:c3:ff:ca:a7:1a:f2:a5:ed:0b:04:3a:80:2c:62:a8:ec:35:3c:64 INFO[0000] consul: CA certs ready INFO[0000] received consul config update INFO[0000] handling new configuration INFO[0000] haproxy: 045/195724 (15416) : New worker #1 (15417) forked ERRO[0005] timeout waiting for dataplaneapi: error calling GET /v1/specification: response was 404: "{"code":404,"message":"path /v1/specification was not found"}" INFO[0005] Shutting down because timeout waiting for dataplaneapi: error calling GET /v1/specification: response was 404: "{"code":404,"message":"path /v1/specification was not found"}"... INFO[0005] cleaning config... INFO[0005] killing dataplane-api with sig 15 INFO[0005] killing haproxy with sig 15 WARN[0005] haproxy: 045/195729 (15416) : Exiting Master process... ERRO[0005] haproxy exited ERRO[0005] dataplane-api exited

Noticed dataplaneapi now has /v2 instead of /v1. Also, it's now called dataplaneapi, not dataplane-api. Ofcourse, renamed dataplaneapi to dataplane-api go get this working.

Can anyone pls look into this?

Thanks!

pvyaka01 commented 4 years ago

By changing v1 with v2 in the code, was able to bring it up. However, there are issues ... Even if we specify stats address, cannot access stats page - says 404 not found. Connections to haproxy port are not going through. Here's the log: ./haproxy-consul-connect -sidecar-for test_v1 -haproxy-cfg-base-path /opt/haproxy/conf -haproxy /opt/haproxy/bin/haproxy -dataplane /opt/haproxy/bin/dataplaneapi -stats-addr 127.0.0.1:1936 -stats-service-register INFO[0000] consul: watching service test_v1 INFO[0000] consul: watching service test_v1-sidecar-proxy INFO[0000] consul: CA certs changed, active root id: 98:c3:ff:ca:a7:1a:f2:a5:ed:0b:04:3a:80:2c:62:a8:ec:35:3c:64 INFO[0000] consul: CA certs ready INFO[0000] consul: leaf cert for service test changed, serial: f2:68, valid before: 2020-02-19 20:39:02 +0000 UTC, valid after: 2020-02-16 20:39:02 +0000 UTC INFO[0000] consul: leaf cert for test ready INFO[0000] received consul config update INFO[0000] handling new configuration INFO[0000] haproxy: 046/230904 (1655) : New worker #1 (1657) forked INFO[0000] Starting stats server at 127.0.0.1:1936 INFO[0000] state applied WARN[0001] haproxy: 046/230905 (1655) : Reexecuting Master process INFO[0001] haproxy: 046/230905 (1655) : New worker #1 (1672) forked WARN[0001] haproxy: 046/230905 (1657) : Stopping frontend GLOBAL in 0 ms. WARN[0001] haproxy: 046/230905 (1657) : Proxy GLOBAL stopped (FE: 1 conns, BE: 1 conns). WARN[0002] haproxy: 046/230906 (1655) : Former worker #1 (1657) exited with code 0 (Exit)

pvyaka01 commented 4 years ago

While i can see downstream port is correct as specified in the service config (and we can access using http://localhost:8090 with the right return value), it binds to a default port 21000. Is there a way to change this? I tried specifying a port for connect in the service configuration but that did not have any affect. Also, curl http://localhost:21000 does not return anything...merely says: curl: (52) Empty reply from server

May be i'm missing something?

Here's the haproxy.conf it generated:

_version=2

global master-worker nbproc 1 nbthread 2 stats socket /opt/haproxy/conf/haproxy-connect-014820268/haproxy.sock mode 600 level admin expose-fd listeners stats timeout 2m tune.ssl.default-dh-param 1024

userlist controller user haproxy insecure-password pass

frontend front_downstream mode http bind 0.0.0.0:21000 name front_downstream_bind crt /opt/haproxy/conf/haproxy-connect-014820268/c09d4b5a453358a0e88f84ae693f4e14a6a55ea82ba5bf716d595437612494b6 ca-file /opt/haproxy/conf/haproxy-connect-014820268/57f2efdcc7d285819fb28cab4b1cd6f09d816b0dd8b5a5f7e8a6d084145acb4d ssl verify required timeout client 30000 default_backend back_downstream

backend back_downstream mode http timeout server 60000 timeout connect 1000 server downstream_node 127.0.0.1:8090

ShimmerGlass commented 4 years ago

Hello,

The default name for dataplaneapi binary is already dataplaneapi (cf https://github.com/haproxytech/haproxy-consul-connect/blob/master/haproxy/haproxy.go#L42). However, the flag to specify its path is -dataplane-api which is perhaps misleading. We could rename it, what do you think?