Bug #15932
closed
HAProxy entries disappear after saving with MIM enabled
Added by Chad High 4 months ago. Updated 3 months ago.
0%
Description
After testing I am running into an issue with HAproxy adding more than 1 ACL and backend to a frontend. It seems like the logic to add multiple ACL's is broken. I am not seeing any logs with errors either.
I have tried to reinstall haproxy and still running into this issue.
Steps to reproduce:- Open frontend and edit
- Add more than 2 ACL's and attach then to a backend
- Save frontend
- all entries disappear
Updated by Kris Phillips 4 months ago
- Status changed from New to Incomplete
Tested this on 24.11 with the latest HAProxy. I'm not able to reproduce this. I have three ACLs with two different backends and all of the entries are still there and work.
Marking Incomplete until we have more info.
Updated by Andrew Almond 3 months ago
I have also experienced this issue.
I can create a frontend with 1 ACL and it's fine. If I add a second ACL then all the ACLs and Actions disappear.
It doesn't matter if I add 1, save, and then add more, or if I add them all at once and save.
It works correctly if I make a shared frontend for service and put 1 ACL in each.
I've tested with both HAproxy 2.9 and HAproxy 3.0 devel.
The device that has the problem was updated to 24.11 and never previously had HAproxy.
2 devices with existing HAproxy configs that were updated to 24.11 are working correctly with multiple ACLs and Actions under a frontend.
Not sure if this is relevant or not.
My guess is some kind of bug in the page logic/scripting that causes it to lose the ACLs during the ACL merge and config generation.
Updated by Marcos M 3 months ago
It would be helpful to see the respective config section before and after reproducing the issue. It can be found in /cf/conf/config.xml at <installedpackages>...<haproxy>.
Alternatively, the following patch can be tested using the System Patches package (make sure to set the strip count to 4): Edit: removed
Updated by Chad High 3 months ago
When I had a single entry I saved the output of the installed packaged in HAproxy and then after adding a second entry the XML did not change. Also, I tried your patch and there was no success. Please let me know what else you want me to try.
Conf:
<package>
<name>haproxy</name>
<pkginfolink>https://docs.netgate.com/pfsense/en/latest/packages/haproxy.html</pkginfolink>
<descr><![CDATA[The Reliable, High Performance TCP/HTTP(S) Load Balancer.<br />
This package implements the TCP, HTTP and HTTPS balancing features from haproxy.<br />
Supports ACLs for smart backend switching.]]></descr>
<website>http://haproxy.1wt.eu/</website>
<version>0.63_9</version>
<configurationfile>haproxy.xml</configurationfile>
<logging>
<logsocket>/tmp/haproxy_chroot/var/run/log</logsocket>
<facilityname>haproxy</facilityname>
<logfilename>haproxy.log</logfilename>
</logging>
<filter_rule_function>haproxy_generate_rules</filter_rule_function>
<include_file>/usr/local/pkg/haproxy/haproxy.inc</include_file>
<plugins>
<item>
<type>plugin_carp</type>
</item>
<item>
<type>plugin_certificates</type>
</item>
</plugins>
</package>
Updated by Marcos M 3 months ago
I'm not able to replicate the issue with that config either.
Perhaps the devices that it's not working on have not upgraded to 24.11 successfully. If you run pfSense-upgrade from the console/SSH, are any upgrades listed? What's the output for pkg-static info | egrep 'pfSense-[^pSm]|pkg-[0-9]'? Do these systems have any custom patches applied (other than the one I shared above)?
Updated by Chad High 3 months ago
No custom patches installed other than the one you provided.
pfSense-upgrade:
>>> Updating repositories metadata...
Updating pfSense-core repository catalogue...
Fetching meta.conf: . done
Fetching data.pkg: . done
Processing entries: . done
pfSense-core repository update completed. 7 packages processed.
Updating pfSense repository catalogue...
Fetching meta.conf: . done
Fetching data.pkg: .......... done
Processing entries: .......... done
pfSense repository update completed. 735 packages processed.
All repositories are up to date.
>>> Upgrading pfSense-upgrade...done.
>>> Setting vital flag on pfSense-upgrade...done.
>>> Updating repositories metadata...
Updating pfSense-core repository catalogue...
Fetching meta.conf: . done
Fetching data.pkg: . done
Processing entries: . done
pfSense-core repository update completed. 7 packages processed.
Updating pfSense repository catalogue...
Fetching meta.conf: . done
Fetching data.pkg: .......... done
Processing entries: .......... done
pfSense repository update completed. 735 packages processed.
All repositories are up to date.
>>> Setting vital flag on pkg...done.
>>> Setting vital flag on pfSense...done.
Your packages are up to date
pkg-static:
pfSense-24.11 Main pfSense package
pfSense-base-24.11 pfSense core files
pfSense-boot-24.11 pfSense boot files
pfSense-composer-deps-0.1 pfSense deps from composer
pfSense-default-config-24.11 Default config.xml
pfSense-gnid-0.20 GNID tool.
pfSense-kernel-pfSense-24.11 pfSense kernel (pfSense)
pfSense-repo-24.11 Setup pfSense pkg(8) repositories
pfSense-repoc-20241121 pfSense dynamic repository client
pfSense-upgrade-1.2.30 pfSense upgrade script
pkg-1.21.3_4 Package manager
Updated by Chad High 3 months ago
My fault. It looks like there is something wrong with the original patch. I get the following error.
/usr/bin/patch --directory='/' -t --strip '4' -i '/var/patches/67979d67f0434.patch' --check --forward --ignore-whitespace
Hmm... Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|diff --git a/net/pfSense-pkg-haproxy-devel/files/usr/local/www/haproxy/haproxy_listeners_edit.php b/net/pfSense-pkg-haproxy-devel/files/usr/local/www/haproxy/haproxy_listeners_edit.php
|index 6ec2344b0ac1..480c82a4ac38 100644
|--- a/net/pfSense-pkg-haproxy-devel/files/usr/local/www/haproxy/haproxy_listeners_edit.php
|+++ b/net/pfSense-pkg-haproxy-devel/files/usr/local/www/haproxy/haproxy_listeners_edit.php
--------------------------
Patching file usr/local/www/haproxy/haproxy_listeners_edit.php using Plan A...
Hunk #1 failed at 425.
Hunk #2 failed at 462.
2 out of 2 hunks failed while patching usr/local/www/haproxy/haproxy_listeners_edit.php
done
Updated by Marcos M 3 months ago
- Subject changed from HAProxy entries disappear to HAProxy entries disappear after saving with MIM enabled
- Status changed from Incomplete to Duplicate
This shares the same root cause as https://redmine.pfsense.org/issues/15989 which has been fixed for the upcoming release of 25.03. If needed, you may disable MIM on the affected device(s) to work around the issue.