New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Opentracing filter doesn't work with chroot in the HAproxy 2.4 #1274
Comments
Hello @Kaminari-Y, you did not put the configuration file for the opentracing filter (ot.cfg) but only for HAProxy. I will assume, the problem is that the opentracing library loaded from that configuration cannot load all the libraries it depends on after chroot. Check with the command 'ldd' the dependence of the opentracing library (it is the one specified in the ot.cfg configuration) and the availability of the required libraries after chroot. Best regards. |
Thank you very much for replying. First let me share my opentracing filter, I only changed below 2 lines from the origal ot.cfg example file from addons/ot/test/ctx/ot.cfg
and cfg-jaeger.yml is also same as example addons/ot/test/ctx/cfg-jaeger.yml My chroot directory is
I also did a ldd after chroot
Maybe I didn't do enough what you suggested, sorry about that and would you guide me a little more. Thank you very much! |
Hello @Kaminari-Y, the problem is that HAProxy also executes chdir("/") during chroot process, so the paths written in the opentracing configuration are no longer correct. This could be easily solved by writing the absolute path when using the 'config' and 'plugin' keywords, but the problem remains that the validity of these paths is also checked before the chroot process. This means that one will need to commit one small patch to correct this. :) It will probably be resolved tomorrow. Thank you for reporting the bug. Best regards. |
Hello @zaga00 Understood the issue now, thank you very much for help! |
Miroslav, if we're facing such an issue, there's a deeper problem. It means that some files are accessed at run time, which must never happen. Probably that a few things are missing in the filter's initialization code. Some libraries are a bit tricky because they're using lazy loading. For example, openssl only opens /dev/urandom on first crypto use, which is why we're performing an early dummy call to force it to initialize. You may need to perform a few early calls to the libs during init to make sure all needed files are completely loaded before chrooting. |
Hello Willy, the problem is the initialization of the opentracing API library, which starts an additional thread through which the opentracing communicates with the tracer (the server on which the tracing data is stored). Initializing the API library requires as arguments the path to the plugin library and its configuration. Initialization was done before the chroot call but there was a problem if HAProxy is used in daemon mode. Then something in the process of daemonization killed the opentracing thread and the filter could no longer work. That was the reason i put the initialization of the opentracing library after switching the HAProxy to daemon mode (and this is also after the chroot process). Perhaps we should further investigate what it is that kills the opentracing thread when switching HAProxy to daemon mode. |
And in fact, the only access to these files is achieved only once at the beginning of the HAProxy process, in the initialization of threads. After this initialization, no access to the file system is performed. |
…d/or chroot mode This patch solves the problem reported in github issue #1204, where the OpenTracing filter cannot communicate with the selected tracer if HAProxy is run in daemon mode. This commit also solves github issue #1274, where the problem manifests itself when using the 'chroot' keyword in the HAProxy configuration. This is solved so that the initialization of the OpenTracing plugin is split into two operations, first the plugin (dynamic library) is loaded before switching the HAProxy to daemon mode (or chroot) and then the tracer thread is started. This means that nothing is retrieved from the file system in runtime. After applying this commit, opentracing C wrapper version 1.1.0 should be used because the earlier version does not have separated initialization functions. This resolves GitHub issues #1204 and #1274.
Hello @Kaminari-Y, the issue you reported has been resolved, please test if it is working properly now. You don't need to specify the full path to the tracer configuration and plugin library, in fact the only change is that you need to add the keyword 'chroot' to the haproxy configuration. Best regards. |
…d/or chroot mode This patch solves the problem reported in github issue haproxy#1204, where the OpenTracing filter cannot communicate with the selected tracer if HAProxy is run in daemon mode. This commit also solves github issue haproxy#1274, where the problem manifests itself when using the 'chroot' keyword in the HAProxy configuration. This is solved so that the initialization of the OpenTracing plugin is split into two operations, first the plugin (dynamic library) is loaded before switching the HAProxy to daemon mode (or chroot) and then the tracer thread is started. This means that nothing is retrieved from the file system in runtime. After applying this commit, opentracing C wrapper version 1.1.0 should be used because the earlier version does not have separated initialization functions. This resolves GitHub issues haproxy#1204 and haproxy#1274. (cherry picked from commit 9425ed4) Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
It's in the latest 2.4 branch, but not yet in any released version. We should emit 2.4.1 this week so it will be there :-) |
@wtarreau @zaga00 @VigneshSP94 I've tested 2.4.1 and the issue is gone. Thank you guys very much for helping !! |
Thank you for the test! I'm closing the issue then. |
Detailed description of the problem
We are trying to PoC the opentracing implementation available in the HAproxy 2.4, everything works well unless we add the
chroot
to the config file.When we add the chroot and restart the service, it fails with the below error.
Our configuration is -
Expected behavior
haproxy opentracing should run with chroot.
Steps to reproduce the behavior
Using the exact config I posted above should be sufficient to reproduce this issue.
Do you have any idea what may have caused this?
No
Do you have an idea how to solve the issue?
No
What is your configuration?
Posted above
Output of
haproxy -vv
anduname -a
The text was updated successfully, but these errors were encountered: