charm-haproxy

/charm/data/openssl.cnf No such file or directory

Bug #2029385 reported by Natalia Litvinova on 2023-08-02

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	charm-haproxy	Fix Released	High	Unassigned

Bug Description

New revisions of the charm do not work with SELFSIGNED certificate parameter.

I tested revisions 70 and 72. Revision 66 works for me.

/var/log/juju/unit-haproxy.log says the following:

2023-08-02 14:39:54 INFO juju.worker.uniter resolver.go:161 awaiting error resolution for "config-changed" hook
2023-08-02 14:39:54 INFO unit.haproxy72/0.juju-log server.go:325 Unknown source: ''
2023-08-02 14:39:56 INFO unit.haproxy72/0.juju-log server.go:325 Installing ['haproxy', 'python3-jinja2'] with options: ['--option=Dpkg::Options::=--force-confold']
2023-08-02 14:39:58 INFO unit.haproxy72/0.juju-log server.go:325 Generating self-signed certificate
2023-08-02 14:39:58 WARNING unit.haproxy72/0.config-changed logger.go:60 Can't open "/var/lib/juju/agents/unit-haproxy72-0/charm/data/openssl.cnf" for reading, No such file or directory
2023-08-02 14:39:58 WARNING unit.haproxy72/0.config-changed logger.go:60 40D7E3D7797F0000:error:80000002:system library:BIO_new_file:No such file or directory:../crypto/bio/bss_file.c:67:calling fopen(/var/lib/juju/agents/unit-haproxy72-0/charm/data/openssl.cnf, r)
2023-08-02 14:39:58 WARNING unit.haproxy72/0.config-changed logger.go:60 40D7E3D7797F0000:error:10000080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:75:
2023-08-02 14:39:58 WARNING unit.haproxy72/0.config-changed logger.go:60 Traceback (most recent call last):
2023-08-02 14:39:58 WARNING unit.haproxy72/0.config-changed logger.go:60 File "/var/lib/juju/agents/unit-haproxy72-0/charm/hooks/config-changed", line 1575, in <module>
2023-08-02 14:39:58 WARNING unit.haproxy72/0.config-changed logger.go:60 main(hook_name)
2023-08-02 14:39:58 WARNING unit.haproxy72/0.config-changed logger.go:60 File "/var/lib/juju/agents/unit-haproxy72-0/charm/hooks/config-changed", line 1530, in main
2023-08-02 14:39:58 WARNING unit.haproxy72/0.config-changed logger.go:60 config_changed()
2023-08-02 14:39:58 WARNING unit.haproxy72/0.config-changed logger.go:60 File "/var/lib/juju/agents/unit-haproxy72-0/charm/hooks/config-changed", line 1031, in config_changed
2023-08-02 14:39:58 WARNING unit.haproxy72/0.config-changed logger.go:60 _notify_reverseproxy()
2023-08-02 14:39:58 WARNING unit.haproxy72/0.config-changed logger.go:60 File "/var/lib/juju/agents/unit-haproxy72-0/charm/hooks/config-changed", line 1102, in _notify_reverseproxy
2023-08-02 14:39:58 WARNING unit.haproxy72/0.config-changed logger.go:60 ssl_cert = base64.b64encode(get_selfsigned_cert()[0])
2023-08-02 14:39:58 WARNING unit.haproxy72/0.config-changed logger.go:60 File "/var/lib/juju/agents/unit-haproxy72-0/charm/hooks/config-changed", line 1329, in get_selfsigned_cert
2023-08-02 14:39:58 WARNING unit.haproxy72/0.config-changed logger.go:60 gen_selfsigned_cert(cert_file, key_file)
2023-08-02 14:39:58 WARNING unit.haproxy72/0.config-changed logger.go:60 File "/var/lib/juju/agents/unit-haproxy72-0/charm/hooks/config-changed", line 1433, in gen_selfsigned_cert
2023-08-02 14:39:58 WARNING unit.haproxy72/0.config-changed logger.go:60 os.chown(key_file, uid, -1)
2023-08-02 14:39:58 WARNING unit.haproxy72/0.config-changed logger.go:60 FileNotFoundError: [Errno 2] No such file or directory: '/var/lib/haproxy/selfsigned.key'
2023-08-02 14:39:58 ERROR juju.worker.uniter.operation runhook.go:180 hook "config-changed" (via explicit, bespoke hook script) failed: exit status 1
2023-08-02 14:39:58 INFO juju.worker.uniter resolver.go:161 awaiting error resolution for "config-changed" hook
2023-08-02 14:41:27 INFO juju.worker.uniter resolver.go:161 awaiting error resolution for "config-changed" hook

Steps to reproduce:
$ juju deploy haproxy haproxy72 --revision=72 --channel=latest/stable
Located charm "haproxy" in charm-hub, revision 72
Deploying "haproxy72" from charm-hub charm "haproxy", revision 72 in channel latest/stable on ubuntu@22.04/stable
$ juju config haproxy72 ssl_cert=SELFSIGNED

$ juju status
Model Controller Cloud/Region Version SLA Timestamp
default aws-controller aws/us-east-1 3.1.5 unsupported 18:46:34+04:00

App Version Status Scale Charm Channel Rev Exposed Message
haproxy66 active 1 haproxy latest/stable 66 no Unit is ready
haproxy70 error 1 haproxy latest/stable 70 no hook failed: "config-changed"
haproxy72 error 1 haproxy latest/stable 72 no hook failed: "config-changed"

Unit Workload Agent Machine Public address Ports Message
haproxy66/0* active idle 2 54.224.7.53 Unit is ready
haproxy70/0* error idle 0 18.207.180.232 hook failed: "config-changed"
haproxy72/0* error idle 1 34.239.179.155 hook failed: "config-changed"

Machine State Address Inst id Base AZ Message
0 started 18.207.180.232 i-032d632215425e525 ubuntu@22.04 us-east-1d running
1 started 34.239.179.155 i-0b8124c93003c905b ubuntu@22.04 us-east-1f running
2 started 54.224.7.53 i-030a547a0672e28ad ubuntu@20.04 us-east-1c running

Related branches

lp://staging/~mthaddon/charm-haproxy/self-signed-write

Merged into lp://staging/charm-haproxy at revision 160

Canonical IS Reviewers: Pending requested 2023-08-03

haproxy-team: Pending requested 2023-08-03

Revision history for this message

Bartosz Woronicz (mastier1) wrote on 2023-08-02 (last edit on 2023-08-02):

That fails also for me. As a result the certificate is not created at /var/lib/haproxy/service_landscape-https/0.pem

root@landscapeha-1:/var/lib/juju/agents/unit-landscape-server-haproxy-0/charm# ./hooks/reverseproxy-relation-changed
Traceback (most recent call last):
  File "./hooks/reverseproxy-relation-changed", line 1575, in <module>
main(hook_name)
  File "./hooks/reverseproxy-relation-changed", line 1542, in main
reverseproxy_interface("changed")
  File "./hooks/reverseproxy-relation-changed", line 1095, in reverseproxy_interface
config_changed()

As a result the certificate is not created
  File "./hooks/reverseproxy-relation-changed", line 1032, in config_changed
if not create_services():
  File "./hooks/reverseproxy-relation-changed", line 754, in create_services
write_service_config(services_dict)
  File "./hooks/reverseproxy-relation-changed", line 848, in write_service_config
f.write(content)
TypeError: write() argument must be str, not bytes

for write() one may use write(content.decode('utf-8'))
That fixes the issue

Revision history for this message

Bartosz Woronicz (mastier1) wrote on 2023-08-02:

I suggest going back for stable release to 66
and leaving 72 for edge,candidate

Tom Haddon (mthaddon) on 2023-08-03

Changed in charm-haproxy:
status:	New → Confirmed
importance:	Undecided → High

Revision history for this message

Tom Haddon (mthaddon) wrote on 2023-08-03:

This has been fixed in revision 73. Sorry for the problems.

Changed in charm-haproxy:
status:	Confirmed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.