diff --git a/ansible/roles/haproxy/templates/haproxy.cfg.j2 b/ansible/roles/haproxy/templates/haproxy.cfg.j2
index 72c52cab73..a6507ed20a 100644
--- a/ansible/roles/haproxy/templates/haproxy.cfg.j2
+++ b/ansible/roles/haproxy/templates/haproxy.cfg.j2
@@ -1,5 +1,8 @@
 {% set tls_bind_info = 'ssl crt /etc/haproxy/haproxy.pem' if kolla_enable_tls_external | bool else '' %}
 global
+  chroot /var/lib/haproxy
+  user haproxy
+  group haproxy
   daemon
   log /var/lib/kolla/heka/log local0
   maxconn 4000
diff --git a/docker/haproxy/Dockerfile.j2 b/docker/haproxy/Dockerfile.j2
index d219696293..3d25277723 100644
--- a/docker/haproxy/Dockerfile.j2
+++ b/docker/haproxy/Dockerfile.j2
@@ -15,6 +15,10 @@ RUN apt-get install -y --no-install-recommends \
 
 {% endif %}
 
+RUN usermod -a -G kolla haproxy \
+    && mkdir -p /var/lib/kolla/haproxy \
+    && chown -R haproxy: /var/lib /run
+
 COPY ensure_latest_config.sh /usr/local/bin/kolla_ensure_haproxy_latest_config
 RUN chmod 755 /usr/local/bin/kolla_ensure_haproxy_latest_config