set load-balancing haproxy service REF_PACLOAMYSQLTOINTER mode tcp
set load-balancing haproxy service REF_PACLOAMYSQLTOINTER port 3306
set load-balancing haproxy service REF_PACLOAMYSQLTOINTER backend REF_PACLOAMYSQLTOINTER
set load-balancing haproxy service REF_PACLOAMYSQLTOINTER listen-address 78.xxx.xxx.xxx
set load-balancing haproxy service REF_PACLOAMYSQLTOINTER listen-address 2001:1b40:4000:xxx:xxx:xxx:xxx
I get a “commit failed” saying that port 3306 on IP 2001:1b40:4000:xxx:xxx:xxx:xxx is already used. Which is not true, does it fail to see that this is a dual-stack interface with both an IPv4 and IPv6 listener?
Regarding config deletion: you are supposed to either clear the whole haproxy section, or leave some dummy backend/service entries behind. I.e. just run delete load-balancing haproxy if you don’t have any other haproxy configurations active.
I can’t help you with the other issues unfortunately.
As to the other issue: for some reason linux does not allow a bind on an IPv6 address if the associated interface is down, although it has no issue with an IPv4 bind on the same interface.
I found this out after I noticed everything I have running failed to bind on IPv6. The issue disappeared when I connected the interface to a dummy VLAN (as I have a live config running, but don’t want to go live yet).
p.s. For others finding this topic: I’ve worked around the CLI shortcomings by creating a dummy haproxy config (so VyOS starts haproxy on boot), and then created my own haproxy.cfg in /config, which is copied to /var/run/haproxy on boot in the boot post-config script (which also does a reload-or-restart to activate that config).
I found it a bit silly to install haproxy in a container as a workaround, knowing haproxy is already available in VyOS.
Im thinking above if there isnt some sysctl that perhaps should be set by default in VyOS to get the same behaviour between IPv4 and IPv6 service?
Or if this is a syntaxthingy for IPv6 services like listenaddress should be %ethX or such to bind it even if the interface is down instead of the IPv6 address itself or such?
The point of a VIP like you use for a load-balancer is that you don’t want it bound to a physical interface, it is virtual, haproxy creates it when it starts, and takes it with it when it fails over to another cluster node.
I don’t really see any issues and solutions mentioned there, or it has to be the oneliner about capabilities (called permissions there). But if that was the issue, it would still not work after the interface state changed to up.