diff --git a/doc/source/gitea.rst b/doc/source/gitea.rst
index 87d5635890..6e471d5911 100644
--- a/doc/source/gitea.rst
+++ b/doc/source/gitea.rst
@@ -44,22 +44,22 @@ run as root.
To see the current status of all servers::
- echo "show stat" | socat /var/haproxy/run/stats stdio
+ echo "show stat" | socat /var/lib/haproxy/run/stats stdio
To disable a server (eg, gitea09)::
- echo "disable server balance_git_http/gitea09.opendev.org" | socat /var/haproxy/run/stats stdio
- echo "disable server balance_git_https/gitea09.opendev.org" | socat /var/haproxy/run/stats stdio
+ echo "disable server balance_git_http/gitea09.opendev.org" | socat /var/lib/haproxy/run/stats stdio
+ echo "disable server balance_git_https/gitea09.opendev.org" | socat /var/lib/haproxy/run/stats stdio
To re-enable a server::
- echo "enable server balance_git_http/gitea09.opendev.org" | socat /var/haproxy/run/stats stdio
- echo "enable server balance_git_https/gitea09.opendev.org" | socat /var/haproxy/run/stats stdio
+ echo "enable server balance_git_http/gitea09.opendev.org" | socat /var/lib/haproxy/run/stats stdio
+ echo "enable server balance_git_https/gitea09.opendev.org" | socat /var/lib/haproxy/run/stats stdio
To run these commands and others interactively, issue the prompt
command to haproxy::
- socat readline /var/haproxy/run/stats
+ socat readline /var/lib/haproxy/run/stats
prompt
Deploy a New Backend
diff --git a/playbooks/roles/haproxy/files/rsyslog.d/49-haproxy.conf b/playbooks/roles/haproxy/files/rsyslog.d/49-haproxy.conf
index 402c122984..e2d6dae420 100644
--- a/playbooks/roles/haproxy/files/rsyslog.d/49-haproxy.conf
+++ b/playbooks/roles/haproxy/files/rsyslog.d/49-haproxy.conf
@@ -1,6 +1,6 @@
# Create additional haproxy socket to be mapped into container
-$AddUnixListenSocket /var/haproxy/dev/log
+$AddUnixListenSocket /var/lib/haproxy/dev/log
:programname, startswith, "haproxy" {
/var/log/haproxy.log
diff --git a/playbooks/roles/haproxy/tasks/main.yaml b/playbooks/roles/haproxy/tasks/main.yaml
index c3a5d73a7b..064032e0c8 100644
--- a/playbooks/roles/haproxy/tasks/main.yaml
+++ b/playbooks/roles/haproxy/tasks/main.yaml
@@ -3,10 +3,13 @@
name: socat
state: present
-- name: Ensure registry volume directories exists
+- name: Ensure haproxy volume directories exists
+ # Note on the host side we create everything under /var/lib/haproxy to
+ # make rsyslog apparmor rules for /var/lib/haproxy/dev/log happy.
+ # But within the containers /var/haproxy paths are still used.
file:
state: directory
- path: "/var/haproxy/{{ item }}"
+ path: "/var/lib/haproxy/{{ item }}"
owner: 1000
group: 1000
loop:
@@ -43,7 +46,7 @@
- name: Write haproxy config file
template:
src: '{{ haproxy_config_template }}'
- dest: /var/haproxy/etc/haproxy.cfg
+ dest: /var/lib/haproxy/etc/haproxy.cfg
owner: 1000
group: 1000
mode: 0644
@@ -59,7 +62,7 @@
- name: Copy in OpenDev Infra CA (test only)
copy:
src: /etc/opendev-ca/ca.crt
- dest: /var/haproxy/etc/
+ dest: /var/lib/haproxy/etc/
when: _opendev_ca_crt.stat.exists
- name: Ensure docker compose configuration directory
diff --git a/playbooks/roles/haproxy/templates/docker-compose.yaml.j2 b/playbooks/roles/haproxy/templates/docker-compose.yaml.j2
index 3d0462cc4e..d9e08e88c7 100644
--- a/playbooks/roles/haproxy/templates/docker-compose.yaml.j2
+++ b/playbooks/roles/haproxy/templates/docker-compose.yaml.j2
@@ -35,9 +35,9 @@ services:
user: "root:root"
network_mode: host
volumes:
- - /var/haproxy/dev/log:/dev/log
- - /var/haproxy/etc:/usr/local/etc/haproxy:ro
- - /var/haproxy/run:/var/haproxy/run
+ - /var/lib/haproxy/dev/log:/dev/log
+ - /var/lib/haproxy/etc:/usr/local/etc/haproxy:ro
+ - /var/lib/haproxy/run:/var/haproxy/run
logging:
driver: journald
options:
@@ -50,7 +50,7 @@ services:
network_mode: host
user: "1000:1000"
volumes:
- - /var/haproxy/run:/var/haproxy/run
+ - /var/lib/haproxy/run:/var/haproxy/run
environment:
STATSD_HOST: graphite.opendev.org
STATSD_PORT: 8125
diff --git a/testinfra/test_gitea_lb.py b/testinfra/test_gitea_lb.py
index 02d7c24334..0b8ae73b87 100644
--- a/testinfra/test_gitea_lb.py
+++ b/testinfra/test_gitea_lb.py
@@ -50,8 +50,15 @@ def test_more_than_haproxy_maxconn_conns(host):
assert 'OpenDev: Free Software Needs Free Tools' in cmd.stdout
def test_haproxy_stats(host):
- cmd = host.run('echo "show servers state" | socat /var/haproxy/run/stats stdio | '
+ cmd = host.run('echo "show servers state" | socat /var/lib/haproxy/run/stats stdio | '
'tail +3 | awk \'{print $2,$4,$6}\'')
assert 'balance_git_http gitea99.opendev.org 2' in cmd.stdout
assert 'balance_git_https gitea99.opendev.org 2' in cmd.stdout
+
+def test_haproxy_logging(host):
+ # rsyslog is configured to add a unix socket at this path
+ assert host.file('/var/lib/haproxy/dev/log').is_socket
+ # Haproxy logs to syslog via the above socket which produces
+ # this logfile
+ assert host.file('/var/log/haproxy.log').is_file
diff --git a/testinfra/test_zuul_lb.py b/testinfra/test_zuul_lb.py
index 2543aee2d4..58b25d3044 100644
--- a/testinfra/test_zuul_lb.py
+++ b/testinfra/test_zuul_lb.py
@@ -32,3 +32,10 @@ def test_haproxy_statsd_running(host):
out = json.loads(cmd.stdout)
assert out[0]["State"]["Status"] == "running"
assert out[0]["RestartCount"] == 0
+
+def test_haproxy_logging(host):
+ # rsyslog is configured to add a unix socket at this path
+ assert host.file('/var/lib/haproxy/dev/log').is_socket
+ # Haproxy logs to syslog via the above socket which produces
+ # this logfile
+ assert host.file('/var/log/haproxy.log').is_file
diff --git a/zuul.d/system-config-run.yaml b/zuul.d/system-config-run.yaml
index 84708d9474..3edfe4b124 100644
--- a/zuul.d/system-config-run.yaml
+++ b/zuul.d/system-config-run.yaml
@@ -688,7 +688,7 @@
'/var/log/apache2': logs
gitea-lb02.opendev.org:
host_copy_output:
- '/var/haproxy/etc': logs
+ '/var/lib/haproxy/etc': logs
'/var/log/haproxy.log': logs
files:
- playbooks/bootstrap-bridge.yaml
@@ -1020,7 +1020,7 @@
'/etc/hosts': logs
zuul-lb02.opendev.org:
host_copy_output:
- '/var/haproxy/etc': logs
+ '/var/lib/haproxy/etc': logs
'/var/log/haproxy.log': logs
files:
- playbooks/bootstrap-bridge.yaml