Correct haproxy's stat unix socket path

We currently set the haproxy stat socket to /var/run/haproxy.sock. On Centos/RHEL with selinux enabled this will break: avc: denied { link } for pid=284010 comm="haproxy" name="haproxy.sock" dev="tmpfs" ino=330803 scontext=system_u:system_r:haproxy_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file The blessed/correctly-labeled path is /var/lib/haproxy/stats Note: I am setting only Partial-Bug because I would still like to make this a parameter so other distros may just override the path. But that change is more apt for pike and not for ocata. Change-Id: I62aab6fb188a9103f1586edac1c2aa7949fdb08c Patial-Bug: #1671119
2017-03-08 15:23:59 +01:00 · 2017-03-08 15:23:59 +01:00 · 5f8607711b
commit 5f8607711b
parent cc3d236ce4
1 changed files with 1 additions and 1 deletions
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@ -808,7 +808,7 @@ class tripleo::haproxy (
      'ssl-default-bind-ciphers' => $ssl_cipher_suite,
      'ssl-default-bind-options' => $ssl_options,
      'stats'                    => [
-        'socket /var/run/haproxy.sock mode 600 level user',
+        'socket /var/lib/haproxy/stats mode 600 level user',
        'timeout 2m'
      ],
    },