Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

net/haproxy: Allow to have no DNS servers defined in SYSTEM: SETTINGS: GENERAL -> Networking #4159

Open
3 tasks done
cookiemonsteruk opened this issue Aug 6, 2024 · 0 comments
Open
3 tasks done

net/haproxy: Allow to have no DNS servers defined in SYSTEM: SETTINGS: GENERAL -> Networking #4159

cookiemonsteruk opened this issue Aug 6, 2024 · 0 comments
Assignees
@fraenki

Comments

@cookiemonsteruk
Copy link

Important notices
Before you add a new report, we ask you kindly to acknowledge the following:

Is your feature request related to a problem? Please describe.
Today I upgraded the firewall from 23.7 to 24.7 with 24.1 as first step. Reviewing the services I noticed a problem with HAProxy. I remembered seeing something similar.
From https://forum.opnsense.org/index.php?topic=39484.0
It seems that from OPN 24.1 onwards, if in SYSTEM: SETTINGS: GENERAL -> Networking there is no DNS server defined, HAProxy plugin syntax parsing will fail with the following errors:

HAProxy configtest found critical errors
[NOTICE] (58508) : haproxy version is 2.8.10-f28885f
[NOTICE] (58508) : path to executable is /usr/local/sbin/haproxy
[ALERT] (58508) : config : Proxy '<OCSP-UPDATE>': Can't find resolvers section 'default' for do-resolve action.
[ALERT] (58508) : config : Proxy '<HTTPCLIENT>': Can't find resolvers section 'default' for do-resolve action.
[ALERT] (58508) : config : Fatal errors found in configuration.

However I think the service does go ahead and start. After all these are alerts. My guess is that a new version of HAProxy shipped with new requirements.
That said we also have the message in the plugin's settings:
There are pending configuration changes that must be applied in order for them to take effect. To review them visit the [Config Diff](https://192.168.5.1:55443/ui/haproxy/export#diff) page.
That diff shows:

--- /usr/local/etc/haproxy.conf	2024-07-28 03:48:10.914848000 +0100
+++ /usr/local/etc/haproxy.conf.staging	2024-08-06 16:33:40.105273000 +0100
@@ -13,6 +13,9 @@
     hard-stop-after             60s
     no strict-limits
     maxconn                     10
+    tune.ssl.ocsp-update.mindelay 300
+    tune.ssl.ocsp-update.maxdelay 3600
+    httpclient.resolvers.prefer   ipv4
     tune.ssl.default-dh-param   2048

I have not applied the dfiff.

Describe the solution you'd like
I would like the plugin to satisfy the requirement of the service so we have a clean systax tester and we can apply any required diffs of changes without worry of breakage.

Describe alternatives you've considered
N/A

Additional context
N/A
@fraenki fraenki self-assigned this Aug 6, 2024
@fraenki fraenki changed the title Allow the HAProxy plugin to have no DNS servers defined in SYSTEM: SETTINGS: GENERAL -> Networking net/haproxy: Allow to have no DNS servers defined in SYSTEM: SETTINGS: GENERAL -> Networking Aug 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fraenki fraenki

Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fraenki @cookiemonsteruk