search

mesosphere / marathon-lb

Marathon-lb is a service discovery & load balancing tool for DC/OS
Apache License 2.0
449 stars 300 forks source link

Haproxy not accepting configuration file generated by marathon-lb #168

Closed pmann91 closed 8 years ago

pmann91 commented 8 years ago

Hi,

I was trying to invoke marathon-lb directly from the script as given in README.md

I executed ./marathon_lb.py --marathon http://localhost:8080 --group external but got Error(s) found in configuration file : /tmp/tmpz14ex4nj

Following is the whole output

marathon_lb: fetching apps
marathon_lb: GET http://localhost:8080/v2/apps?embed=apps.tasks
marathon_lb: got apps ['/basic-0']
marathon_lb: setting default value for HAPROXY_HTTP_FRONTEND_HEAD
marathon_lb: setting default value for HAPROXY_BACKEND_SERVER_OPTIONS
marathon_lb: setting default value for HAPROXY_BACKEND_HTTP_OPTIONS
marathon_lb: setting default value for HAPROXY_HTTP_FRONTEND_ACL_ONLY
marathon_lb: setting default value for HAPROXY_HTTPS_FRONTEND_ACL
marathon_lb: setting default value for HAPROXY_HTTPS_FRONTEND_ACL_ONLY_WITH_PATH
marathon_lb: setting default value for HAPROXY_HTTP_FRONTEND_ACL_WITH_AUTH_AND_PATH
marathon_lb: setting default value for HAPROXY_BACKEND_STICKY_OPTIONS
marathon_lb: setting default value for HAPROXY_BACKEND_HTTP_HEALTHCHECK_OPTIONS
marathon_lb: setting default value for HAPROXY_HTTPS_FRONTEND_AUTH_REQUEST_ONLY
marathon_lb: setting default value for HAPROXY_HTTP_FRONTEND_APPID_ACL
marathon_lb: setting default value for HAPROXY_BACKEND_TCP_HEALTHCHECK_OPTIONS
marathon_lb: setting default value for HAPROXY_HTTP_FRONTEND_ROUTING_ONLY_WITH_AUTH
marathon_lb: setting default value for HAPROXY_HTTPS_FRONTEND_AUTH_ACL_ONLY
marathon_lb: setting default value for HAPROXY_HTTP_BACKEND_PROXYPASS
marathon_lb: setting default value for HAPROXY_HTTPS_FRONTEND_ACL_WITH_AUTH
marathon_lb: setting default value for HAPROXY_HTTP_FRONTEND_ACL_WITH_AUTH
marathon_lb: setting default value for HAPROXY_HTTP_BACKEND_REVPROXY
marathon_lb: setting default value for HAPROXY_FRONTEND_HEAD
marathon_lb: setting default value for HAPROXY_HTTPS_FRONTEND_HEAD
marathon_lb: setting default value for HAPROXY_HTTP_FRONTEND_ACL_ONLY_WITH_PATH
marathon_lb: setting default value for HAPROXY_BACKEND_SERVER_HTTP_HEALTHCHECK_OPTIONS
marathon_lb: setting default value for HAPROXY_BACKEND_HEAD
marathon_lb: setting default value for HAPROXY_HTTP_FRONTEND_ACL_ONLY_WITH_PATH_AND_AUTH
marathon_lb: setting default value for HAPROXY_BACKEND_SERVER_TCP_HEALTHCHECK_OPTIONS
marathon_lb: setting default value for HAPROXY_HTTPS_FRONTEND_ACL_WITH_PATH
marathon_lb: setting default value for HAPROXY_USERLIST_HEAD
marathon_lb: setting default value for HAPROXY_HTTP_FRONTEND_ACL_WITH_PATH
marathon_lb: setting default value for HAPROXY_HTTP_FRONTEND_ROUTING_ONLY
marathon_lb: setting default value for HAPROXY_HTTPS_FRONTEND_ROUTING_ONLY_WITH_PATH_AND_AUTH
marathon_lb: setting default value for HAPROXY_HTTP_FRONTEND_ROUTING_ONLY_WITH_PATH
marathon_lb: setting default value for HAPROXY_BACKEND_REDIRECT_HTTP_TO_HTTPS_WITH_PATH
marathon_lb: setting default value for HAPROXY_BACKEND_REDIRECT_HTTP_TO_HTTPS
marathon_lb: setting default value for HAPROXY_HTTPS_FRONTEND_ACL_WITH_AUTH_AND_PATH
marathon_lb: setting default value for HAPROXY_HEAD
marathon_lb: setting default value for HAPROXY_HTTP_FRONTEND_ROUTING_ONLY_WITH_PATH_AND_AUTH
marathon_lb: setting default value for HAPROXY_HTTP_BACKEND_REDIR
marathon_lb: setting default value for HAPROXY_BACKEND_HSTS_OPTIONS
marathon_lb: setting default value for HAPROXY_HTTP_FRONTEND_ACL
marathon_lb: setting default value for HAPROXY_FRONTEND_BACKEND_GLUE
marathon_lb: setting default value for HAPROXY_HTTP_FRONTEND_APPID_HEAD
marathon_lb: generating config
marathon_lb: reading running config from /etc/haproxy/haproxy.cfg
marathon_lb: running config is different from generated config - reloading
marathon_lb: writing config to temp file /tmp/tmpllatj_k7
marathon_lb: checking config with command: ['haproxy', '-f', '/tmp/tmpllatj_k7', '-c']
[ALERT] 116/154356 (28038) : parsing [/tmp/tmpllatj_k7:12] : unknown keyword 'server-state-file' in 'global' section
[ALERT] 116/154356 (28038) : parsing [/tmp/tmpllatj_k7:13] : unknown keyword 'server-state-base' in 'global' section
[ALERT] 116/154356 (28038) : parsing [/tmp/tmpllatj_k7:14] : unknown keyword 'lua-load' in 'global' section
[ALERT] 116/154356 (28038) : parsing [/tmp/tmpllatj_k7:15] : unknown keyword 'lua-load' in 'global' section
[ALERT] 116/154356 (28038) : parsing [/tmp/tmpllatj_k7:17] : unknown keyword 'load-server-state-from-file' in 'defaults' section
[ALERT] 116/154356 (28038) : parsing [/tmp/tmpllatj_k7:40]: 'http-request' expects 'allow', 'deny', 'auth', 'redirect', 'tarpit', 'add-header', 'set-header', 'replace-header', 'replace-value', 'set-nice', 'set-tos', 'set-mark', 'set-log-level', 'add-acl', 'del-acl', 'del-map', 'set-map', but got 'use-service'.
[ALERT] 116/154356 (28038) : Error(s) found in configuration file : /tmp/tmpllatj_k7
marathon_lb: haproxy returned non-zero when checking config
marathon_lb: skipping reload: config not valid

It seems as the haproxy is not accepting the config file generated by the script.

I even checked the config file generated in /tmp and compared it to default config file given in repo and they are same. I am not able to figure out the problem or steps that I am doing wrong.

Following is the config file generated by marathon-lb

global
  daemon
  log /dev/log local0
  log /dev/log local1 notice
  maxconn 50000
  tune.ssl.default-dh-param 2048
  ssl-default-bind-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
  ssl-default-bind-options no-sslv3 no-tls-tickets
  ssl-default-server-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
  ssl-default-server-options no-sslv3 no-tls-tickets
  stats socket /var/run/haproxy/socket
  server-state-file global
  server-state-base /var/state/haproxy/
  lua-load /marathon-lb/getpids.lua
  lua-load /marathon-lb/getconfig.lua
defaults
  load-server-state-from-file global
  log               global
  retries                   3
  backlog               10000
  maxconn               10000
  timeout connect          3s
  timeout client          30s
  timeout server          30s
  timeout tunnel        3600s
  timeout http-keep-alive  1s
  timeout http-request    15s
  timeout queue           30s
  timeout tarpit          60s
  option            redispatch
  option            http-server-close
  option            dontlognull
listen stats
  bind 0.0.0.0:9090
  balance
  mode http
  stats enable
  monitor-uri /_haproxy_health_check
  acl getpid path /_haproxy_getpids
  http-request use-service lua.getpids if getpid
  acl getconfig path /_haproxy_getconfig
  http-request use-service lua.getconfig if getconfig

frontend marathon_http_in
  bind *:80
  mode http

frontend marathon_http_appid_in
  bind *:9091
  mode http

frontend marathon_https_in
  bind *:443 ssl crt /etc/ssl/mesosphere.com.pem
  mode http
brndnmtthws commented 8 years ago

You're presumably not using the Docker image? What version of HAProxy are you trying to use? Does it have Lua support built in?

pmann91 commented 8 years ago

I am not using the docker image.

I am using haproxy 1.7-dev2 version and it seems that it doesn't have Lua support

brndnmtthws commented 8 years ago

I haven't made any attempt to support 1.7 yet.

pmann91 commented 8 years ago

Ok,

I changed my haproxy version to 1.6 built with Lua support and now I am getting

 marathon_lb: generating config
marathon_lb: reading running config from /etc/haproxy/haproxy.cfg
marathon_lb: running config is different from generated config - reloading
marathon_lb: writing config to temp file /tmp/tmponiyv1rb
marathon_lb: checking config with command: ['haproxy', '-f', '/tmp/tmponiyv1rb', '-c']
[ALERT] 117/152934 (15110) : parsing [/tmp/tmponiyv1rb:14] : error in lua file '/marathon-lb/getpids.lua': cannot open /marathon-lb/getpids.lua: No such file or directory
[ALERT] 117/152934 (15110) : parsing [/tmp/tmponiyv1rb:15] : error in lua file '/marathon-lb/getconfig.lua': cannot open /marathon-lb/getconfig.lua: No such file or directory
[ALERT] 117/152934 (15110) : parsing [/tmp/tmponiyv1rb:40] : error detected in proxy 'stats' while parsing 'http-request use-service' rule : 'lua.getpids' unknown service name..
[ALERT] 117/152934 (15110) : Error(s) found in configuration file : /tmp/tmponiyv1rb
marathon_lb: haproxy returned non-zero when checking config
marathon_lb: skipping reload: config not valid

What may be the problem?

brndnmtthws commented 8 years ago

I guess the paths /marathon-lb/getpids.lua and /marathon-lb/getconfig.lua don't exist. Perhaps you could try changing these to relative paths?

pmann91 commented 8 years ago

Thanks for your help!! Got it working after some time :)

rorysavage77 commented 8 years ago

What did you do to get it working?