diff options
| author |   Michele Baldessari <michele@acksyn.org> | 2017-03-08 15:23:59 +0100 |
|---|---|---|
| committer |   Alex Schultz <aschultz@redhat.com> | 2017-03-13 22:20:05 +0000 |
| commit | 5f8607711bb85150bb9631559f0538254ba5c5cc (patch) | |
| tree | aceeb69fbe640440fa6f6d6d4a159288024d9db8 | |
| parent | cc3d236ce409041d606d717a61d098d39185b70d (diff) | |
Correct haproxy's stat unix socket path
We currently set the haproxy stat socket to /var/run/haproxy.sock.
On Centos/RHEL with selinux enabled this will break:
avc: denied { link } for pid=284010 comm="haproxy"
name="haproxy.sock" dev="tmpfs" ino=330803
scontext=system_u:system_r:haproxy_t:s0
tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file
The blessed/correctly-labeled path is /var/lib/haproxy/stats
Note: I am setting only Partial-Bug because I would still like
to make this a parameter so other distros may just override the path.
But that change is more apt for pike and not for ocata.
Change-Id: I62aab6fb188a9103f1586edac1c2aa7949fdb08c
Patial-Bug: #1671119
| -rw-r--r-- | manifests/haproxy.pp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index 517df4b..92edd71 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -808,7 +808,7 @@ class tripleo::haproxy ( 'ssl-default-bind-ciphers' => $ssl_cipher_suite, 'ssl-default-bind-options' => $ssl_options, 'stats' => [ - 'socket /var/run/haproxy.sock mode 600 level user', + 'socket /var/lib/haproxy/stats mode 600 level user', 'timeout 2m' ], }, |