我正在尝试按照 haproxy 博客中的这篇文章在 docker 中运行 haproxy。https://www.haproxy.com/blog/haproxy-on-docker-swarm-load-balancing-and-dns-service-discovery/
我收到以下错误Cannot chroot /var/lib/haproxy
hap_haproxy.3.j24pbth7qsup@prox1 | [NOTICE] (1) : New worker #1 (9) forked
hap_haproxy.3.j24pbth7qsup@prox1 | [NOTICE] (9) : haproxy version is 2.4.7-b5e51a5
hap_haproxy.3.j24pbth7qsup@prox1 | [NOTICE] (9) : path to executable is /usr/local/sbin/haproxy
hap_haproxy.3.j24pbth7qsup@prox1 | [ALERT] (9) : [haproxy.main()] Cannot chroot(/var/lib/haproxy).
hap_haproxy.3.j24pbth7qsup@prox1 | [WARNING] (1) : Current worker #1 (9) exited with code 1 (Exit)
这是我的 haproxy 配置
global
log fd@2 local2
# log stdout format raw local0 info
chroot /var/lib/haproxy
pidfile /var/lib/haproxy/haproxy.pid
maxconn 4000
user haproxy
group haproxy
stats socket /var/lib/haproxy/stats user haproxy group haproxy mode 660 level admin expose-fd listeners
master-worker
resolvers docker
nameserver dns1 127.0.0.11:53
resolve_retries 3
timeout resolve 1s
timeout retry 1s
hold other 10s
hold refused 10s
hold nx 10s
hold timeout 10s
hold valid 10s
hold obsolete 10s
defaults
timeout connect 10s
timeout client 30s
timeout server 30s
log global
mode http
option httplog
frontend fe_web
bind *:8080
use_backend stat if { path -i /stats }
default_backend be_service
backend be_service
balance roundrobin
server-template nginx- 6 nginx-Service:80 check resolvers docker init-addr libc,none
backend be_service_wrong_case
balance roundrobin
server-template nginx- 6 nginx-service:80 check resolvers docker init-addr libc,none
backend stat
stats enable
stats uri /stats
stats refresh 15s
stats show-legends
stats show-node
我检查了官方镜像的 dockerfile,路径/var/lib/haproxy已创建。有人能告诉我出了什么问题吗?(已编辑)
答案1
目前我在 Haproxy Dockerfile 中发现了同样的问题。也许是我没有注意到。无论如何,一个简单的解决方案:
创建一个简单的docker上下文来发送:
mkdir haproxy && cd haproxy
创建一个Dockerfile如下:
FROM debian:bullseye-slim
# roughly, https://salsa.debian.org/haproxy-team/haproxy/-/blob/732b97ae286906dea19ab5744cf9cf97c364ac1d/debian/haproxy.postinst#L5-6
RUN set -eux; \
groupadd --gid 99 --system haproxy; \
useradd \
--gid haproxy \
--home-dir /var/lib/haproxy \
--no-create-home \
--system \
--uid 99 \
haproxy \
; \
mkdir /var/lib/haproxy; \
chown haproxy:haproxy /var/lib/haproxy
ENV HAPROXY_VERSION 2.5.4
ENV HAPROXY_URL https://www.haproxy.org/download/2.5/src/haproxy-2.5.4.tar.gz
ENV HAPROXY_SHA256 dc4015d85c7fef811b459803b763001d809b07a9251dc1864fedb9a07b44aefb
# see https://sources.debian.net/src/haproxy/jessie/debian/rules/ for some helpful navigation of the possible "make" arguments
RUN set -eux; \
\
savedAptMark="$(apt-mark showmanual)"; \
apt-get update && apt-get install -y --no-install-recommends \
ca-certificates \
gcc \
libc6-dev \
liblua5.3-dev \
libpcre2-dev \
libssl-dev \
make \
wget \
; \
rm -rf /var/lib/apt/lists/*; \
\
wget -O haproxy.tar.gz "$HAPROXY_URL"; \
echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c; \
mkdir -p /usr/src/haproxy; \
tar -xzf haproxy.tar.gz -C /usr/src/haproxy --strip-components=1; \
rm haproxy.tar.gz; \
\
makeOpts=' \
TARGET=linux-glibc \
USE_GETADDRINFO=1 \
USE_LUA=1 LUA_INC=/usr/include/lua5.3 \
USE_OPENSSL=1 \
USE_PCRE2=1 USE_PCRE2_JIT=1 \
USE_PROMEX=1 \
\
EXTRA_OBJS=" \
" \
'; \
# https://salsa.debian.org/haproxy-team/haproxy/-/commit/53988af3d006ebcbf2c941e34121859fd6379c70
dpkgArch="$(dpkg --print-architecture)"; \
case "$dpkgArch" in \
armel) makeOpts="$makeOpts ADDLIB=-latomic" ;; \
esac; \
\
nproc="$(nproc)"; \
eval "make -C /usr/src/haproxy -j '$nproc' all $makeOpts"; \
eval "make -C /usr/src/haproxy install-bin $makeOpts"; \
\
mkdir -p /usr/local/etc/haproxy; \
cp -R /usr/src/haproxy/examples/errorfiles /usr/local/etc/haproxy/errors; \
rm -rf /usr/src/haproxy; \
\
apt-mark auto '.*' > /dev/null; \
[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \
find /usr/local -type f -executable -exec ldd '{}' ';' \
| awk '/=>/ { print $(NF-1) }' \
| sort -u \
| xargs -r dpkg-query --search \
| cut -d: -f1 \
| sort -u \
| xargs -r apt-mark manual \
; \
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
\
# smoke test
haproxy -v
# https://www.haproxy.org/download/1.8/doc/management.txt
# "4. Stopping and restarting HAProxy"
# "when the SIGTERM signal is sent to the haproxy process, it immediately quits and all established connections are closed"
# "graceful stop is triggered when the SIGUSR1 signal is sent to the haproxy process"
STOPSIGNAL SIGUSR1
COPY docker-entrypoint.sh /usr/local/bin/
ENTRYPOINT ["docker-entrypoint.sh"]
USER haproxy
CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg"]
然后创建docker-entrypoint.sh如下:
touch docker-entrypoint.sh
并粘贴以下内容:
#!/bin/sh
set -e
# first arg is `-f` or `--some-option`
if [ "${1#-}" != "$1" ]; then
set -- haproxy "$@"
fi
if [ "$1" = 'haproxy' ]; then
shift # "haproxy"
# if the user wants "haproxy", let's add a couple useful flags
# -W -- "master-worker mode" (similar to the old "haproxy-systemd-wrapper"; allows for reload via "SIGUSR2")
# -db -- disables background mode
set -- haproxy -W -db "$@"
fi
exec "$@"
完成这些步骤后,你可以构建你的工作 haproxy 镜像:docker build -t haproxy .