Skip to content

Add socat to the image #59

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
rodlogic opened this issue Jan 23, 2018 · 10 comments
Closed

Add socat to the image #59

rodlogic opened this issue Jan 23, 2018 · 10 comments

Comments

@rodlogic
Copy link

So that we can manage the server with socat /var/run/haproxy.sock readline
@tianon
Copy link
Member

tianon commented Jan 23, 2018

Since this isn't necessary for most users of the image, and is trivial to add after the fact, I don't think we'll be adding it.

Here are some example Dockerfiles to install socat in the haproxy image:

FROM haproxy:1.8
RUN apt-get update && apt-get install -y socat && rm -rf /var/lib/apt/lists/*
FROM haproxy:1.8-alpine
RUN apk add --no-cache socat

Combine that with automated builds (https://docs.docker.com/docker-hub/builds/) and repository links (https://docs.docker.com/docker-hub/builds/#repository-links) and it's reasonably easy to have an up-to-date image built FROM this one with socat built-in. 👍

@tianon tianon closed this as completed Jan 23, 2018
@rodlogic
Copy link
Author

What you ask is reasonable, but it doesn't compare to just executing docker run -ti haproxy:1.8-alpine and getting all the functionality. Instead of focusing on 'most users', why don't you focus on 'all users'? After all it is a 300K (?) addition to the image. My 2 cents.

@tianon
Copy link
Member

tianon commented Jan 29, 2018

We can't possibly please "all users", which is why we target "most" instead (and honestly, we really target "upstream focused experience", so your argument will be a lot more compelling if you can find a link directly from upstream's documentation which explains why socat is necessary for proper or even suggested use of HAProxy).

While your ask is a modest 300k addition of just socat, the next fellow will see that we include socat, and want curl, and the next may be even more esoteric wanting mysql-client or something. What we end up with is a slippery slope that ends up including the full kitchen sink, and we get to maintain that long-term.

Another potential solution you might consider is putting /var/run in your image on a volume (-v /var/run) so that you can trivially do --volumes-from in a separate container which includes socat to interact with it (that's how my personal tianon/network-toolbox image is intended to be used, although it's normally via --network foo or --network container:bar). In fact, if my network-toolbox image doesn't already include socat, I'd be hip to doing so (since it's explicitly intended to be that "kitchen sink included" style image).

@wglambert wglambert mentioned this issue Aug 1, 2019
Closed
@sandvige
Copy link

The major difference between mysql-client and socat is that mysql-client is not part of the official doc of haproxy. Just add the minimum to manage an haproxy instance without having to install an haproxy kitchen sink on the docker host to send basic commands :)

@tianon
Copy link
Member

tianon commented Sep 10, 2024

your argument will be a lot more compelling if you can find a link directly from upstream's documentation which explains why socat is necessary for proper or even suggested use of HAProxy

(I'd love a link ❤️)

@sandvige
Copy link

https://www.haproxy.com/documentation/haproxy-runtime-api/installation/

@sandvige
Copy link

Another potential solution you might consider is putting /var/run in your image on a volume (-v /var/run) so that you can trivially do --volumes-from in a separate container which includes socat to interact with it (that's how my personal tianon/network-toolbox image is intended to be used, although it's normally via --network foo or --network container:bar). In fact, if my network-toolbox image doesn't already include socat, I'd be hip to doing so (since it's explicitly intended to be that "kitchen sink included" style image).

Maybe you don't know (or I'm unable to) there's no way to put a socket into a docker volume because HA Proxy fails with Binding [/usr/local/etc/haproxy/haproxy.cfg:4] for frontend GLOBAL: protocol unix_stream: cannot bind UNIX socket (Permission denied) [/socket/haproxy.sock].

@sandvige
Copy link

Actually, this is possible, but we have to use /tmp because no other directory is having the correct rights set at haproxy docker image startup, which is a bit tedious

@sandvige
Copy link

@tianon ?

@yosifkit
Copy link
Member

If you set haproxy to listen on a port (like localhost:9999) instead of a socket file, you can take advantage of bash features to send commands and get responses directly:

( exec 3<> /dev/tcp/localhost/9999 && echo 'help' >&3 && cat <&3 )
( exec 3<> /dev/tcp/localhost/9999 && echo 'show info; show stat' >&3 && cat <&3 )

# or a little differently
{ echo 'echo hello from haproxy' >&3; cat; } 3<>/dev/tcp/localhost/9999 <&3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tianon @yosifkit @sandvige @rodlogic