HAProxy -无法着色/var/lib/haproxy

Question

我正试图在docker中运行haproxy，方法是跟随haproxy博客的这篇文章。https://www.haproxy.com/blog/haproxy-on-docker-swarm-load-balancing-and-dns-service-discovery/我得到了下面的错误Cannot chroot /var/lib/haproxy

hap_haproxy.3.j24pbth7qsup@prox1    | [NOTICE]   (1) : New worker #1 (9) forked
hap_haproxy.3.j24pbth7qsup@prox1    | [NOTICE]   (9) : haproxy version is 2.4.7-b5e51a5
hap_haproxy.3.j24pbth7qsup@prox1    | [NOTICE]   (9) : path to executable is /usr/local/sbin/haproxy
hap_haproxy.3.j24pbth7qsup@prox1    | [ALERT]    (9) : [haproxy.main()] Cannot chroot(/var/lib/haproxy).
hap_haproxy.3.j24pbth7qsup@prox1    | [WARNING]  (1) : Current worker #1 (9) exited with code 1 (Exit)

这是我的Here配置

global
    log          fd@2 local2
#    log     stdout format raw local0 info
    chroot       /var/lib/haproxy
    pidfile      /var/lib/haproxy/haproxy.pid
    maxconn      4000
    user         haproxy 
    group        haproxy
    stats socket /var/lib/haproxy/stats user haproxy group haproxy mode 660 level admin expose-fd listeners
    master-worker

resolvers docker
    nameserver dns1 127.0.0.11:53
    resolve_retries 3
    timeout resolve 1s
    timeout retry   1s
    hold other      10s
    hold refused    10s
    hold nx         10s
    hold timeout    10s
    hold valid      10s
    hold obsolete   10s

defaults
    timeout connect 10s
    timeout client 30s
    timeout server 30s
    log global
    mode http
    option httplog

frontend  fe_web
    bind *:8080
    use_backend stat if { path -i /stats }
    default_backend be_service

backend be_service
    balance roundrobin
    server-template nginx- 6 nginx-Service:80 check resolvers docker init-addr libc,none

backend be_service_wrong_case
    balance roundrobin
    server-template nginx- 6 nginx-service:80 check resolvers docker init-addr libc,none

backend stat
    stats enable
    stats uri /stats
    stats refresh 15s
    stats show-legends
    stats show-node

我检查了官方映像的dockerfile，并创建了路径/var/lib/haproxy。谁能告诉我出了什么问题吗？(编辑)

Answer 1

当我在中发现同样的问题时。也许这是我不明白的事。无论如何，一个简单的解决方案是：

若要创建要发送的简单停靠器上下文，请执行以下操作：

mkdir haproxy && cd haproxy

创建一个Dockerfile如下：

FROM debian:bullseye-slim

# roughly, https://salsa.debian.org/haproxy-team/haproxy/-/blob/732b97ae286906dea19ab5744cf9cf97c364ac1d/debian/haproxy.postinst#L5-6
RUN set -eux; \
    groupadd --gid 99 --system haproxy; \
    useradd \
        --gid haproxy \
        --home-dir /var/lib/haproxy \
        --no-create-home \
        --system \
        --uid 99 \
        haproxy \
    ; \
    mkdir /var/lib/haproxy; \
    chown haproxy:haproxy /var/lib/haproxy

ENV HAPROXY_VERSION 2.5.4
ENV HAPROXY_URL https://www.haproxy.org/download/2.5/src/haproxy-2.5.4.tar.gz
ENV HAPROXY_SHA256 dc4015d85c7fef811b459803b763001d809b07a9251dc1864fedb9a07b44aefb

# see https://sources.debian.net/src/haproxy/jessie/debian/rules/ for some helpful navigation of the possible "make" arguments
RUN set -eux; \
    \
    savedAptMark="$(apt-mark showmanual)"; \
    apt-get update && apt-get install -y --no-install-recommends \
        ca-certificates \
        gcc \
        libc6-dev \
        liblua5.3-dev \
        libpcre2-dev \
        libssl-dev \
        make \
        wget \
    ; \
    rm -rf /var/lib/apt/lists/*; \
    \
    wget -O haproxy.tar.gz "$HAPROXY_URL"; \
    echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c; \
    mkdir -p /usr/src/haproxy; \
    tar -xzf haproxy.tar.gz -C /usr/src/haproxy --strip-components=1; \
    rm haproxy.tar.gz; \
    \
    makeOpts=' \
        TARGET=linux-glibc \
        USE_GETADDRINFO=1 \
        USE_LUA=1 LUA_INC=/usr/include/lua5.3 \
        USE_OPENSSL=1 \
        USE_PCRE2=1 USE_PCRE2_JIT=1 \
        USE_PROMEX=1 \
        \
        EXTRA_OBJS=" \
        " \
    '; \
# https://salsa.debian.org/haproxy-team/haproxy/-/commit/53988af3d006ebcbf2c941e34121859fd6379c70
    dpkgArch="$(dpkg --print-architecture)"; \
    case "$dpkgArch" in \
        armel) makeOpts="$makeOpts ADDLIB=-latomic" ;; \
    esac; \
    \
    nproc="$(nproc)"; \
    eval "make -C /usr/src/haproxy -j '$nproc' all $makeOpts"; \
    eval "make -C /usr/src/haproxy install-bin $makeOpts"; \
    \
    mkdir -p /usr/local/etc/haproxy; \
    cp -R /usr/src/haproxy/examples/errorfiles /usr/local/etc/haproxy/errors; \
    rm -rf /usr/src/haproxy; \
    \
    apt-mark auto '.*' > /dev/null; \
    [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \
    find /usr/local -type f -executable -exec ldd '{}' ';' \
        | awk '/=>/ { print $(NF-1) }' \
        | sort -u \
        | xargs -r dpkg-query --search \
        | cut -d: -f1 \
        | sort -u \
        | xargs -r apt-mark manual \
    ; \
    apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
    \
# smoke test
    haproxy -v

# https://www.haproxy.org/download/1.8/doc/management.txt
# "4. Stopping and restarting HAProxy"
# "when the SIGTERM signal is sent to the haproxy process, it immediately quits and all established connections are closed"
# "graceful stop is triggered when the SIGUSR1 signal is sent to the haproxy process"
STOPSIGNAL SIGUSR1

COPY docker-entrypoint.sh /usr/local/bin/
ENTRYPOINT ["docker-entrypoint.sh"]

USER haproxy
CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg"]

然后按照以下方式创建docker-entrypoint.sh：

touch docker-entrypoint.sh

并粘贴以下内容：

#!/bin/sh
set -e

# first arg is `-f` or `--some-option`
if [ "${1#-}" != "$1" ]; then
    set -- haproxy "$@"
fi

if [ "$1" = 'haproxy' ]; then
    shift # "haproxy"
    # if the user wants "haproxy", let's add a couple useful flags
    #   -W  -- "master-worker mode" (similar to the old "haproxy-systemd-wrapper"; allows for reload via "SIGUSR2")
    #   -db -- disables background mode
    set -- haproxy -W -db "$@"
fi

exec "$@"

在这些步骤之后，您可以构建您的工作haproxy映像：docker build -t haproxy .