Saving HAProxy config causes config restore

TomTheOne · Mar 12, 2021, 1:10 PM

Hi all;

On pfSense 2.5.0, HAProxy, i try to save a new FrontEnd Configuration via GUI. I immediately get this error after clicking on save:

/haproxy/haproxy_listeners_edit.php: XML error: Undeclared entity error at line 2543 in /conf/config.xml
/haproxy/haproxy_listeners_edit.php: pfSense is restoring the configuration /cf/conf/backup/config-1615552899.xml
/haproxy/haproxy_listeners_edit.php: New alert found: pfSense is restoring the configuration /cf/conf/backup/config-1615552899.xml

I'm using haproxy 0.61_1 from the official packages repo.

Does anyboy else having this problem?

-- Update --

		<haproxy>
			<ha_backends></ha_backends>
			<ha_pools>
				<item>
					<ha_servers>                     <----- line 2543
						<item>
							<status>active</status>
							<name>gw-wan-003.xxxxx.xy</name>
							<address>1.2.3.4</address>
							<port>5001</port>
							<ssl>yes</ssl>
							<_index></_index>
							<id>101</id>
						</item>
					</ha_servers>
					<a_acl></a_acl>
					<a_actionitems></a_actionitems>
					<errorfiles></errorfiles>
					<advanced></advanced>
					<advanced_backend></advanced_backend>
					<name>gw-wan-003.xxxxx.xy</name>
					<balance></balance>
					<balance_urilen></balance_urilen>
					<balance_uridepth></balance_uridepth>
					<balance_uriwhole></balance_uriwhole>
					<transparent_clientip></transparent_clientip>
					<transparent_interface>lan</transparent_interface>
					<check_type>Basic</check_type>
					<checkinter></checkinter>
					<log-health-checks></log-health-checks>
					<httpcheck_method>OPTIONS</httpcheck_method>
					<monitor_uri></monitor_uri>
					<monitor_httpversion></monitor_httpversion>
					<monitor_username></monitor_username>
					<monitor_domain></monitor_domain>
					<monitor_agentport></monitor_agentport>
					<agent_check></agent_check>
					<agent_port></agent_port>
					<agent_inter></agent_inter>
					<connection_timeout></connection_timeout>
					<server_timeout></server_timeout>
					<retries></retries>
					<stats_enabled></stats_enabled>
					<stats_username></stats_username>
					<stats_password></stats_password>
					<stats_uri></stats_uri>
					<stats_scope></stats_scope>
					<stats_realm></stats_realm>
					<stats_admin></stats_admin>
					<stats_node></stats_node>
					<stats_desc></stats_desc>
					<stats_refresh></stats_refresh>
					<persist_stick_expire></persist_stick_expire>
					<persist_stick_tablesize></persist_stick_tablesize>
					<persist_stick_length></persist_stick_length>
					<persist_stick_cookiename></persist_stick_cookiename>
					<persist_sticky_type>none</persist_sticky_type>
					<persist_cookie_enabled></persist_cookie_enabled>
					<persist_cookie_name></persist_cookie_name>
					<persist_cookie_mode>passive</persist_cookie_mode>
					<persist_cookie_cachable></persist_cookie_cachable>
					<persist_cookie_postonly></persist_cookie_postonly>
					<persist_cookie_httponly></persist_cookie_httponly>
					<persist_cookie_secure></persist_cookie_secure>
					<haproxy_cookie_maxidle></haproxy_cookie_maxidle>
					<haproxy_cookie_maxlife></haproxy_cookie_maxlife>
					<haproxy_cookie_domains></haproxy_cookie_domains>
					<haproxy_cookie_dynamic_cookie_key></haproxy_cookie_dynamic_cookie_key>
					<strict_transport_security></strict_transport_security>
					<cookie_attribute_secure></cookie_attribute_secure>
					<email_level></email_level>
					<email_to></email_to>
					<id>100</id>
				</item>
			</ha_pools>
			<configversion>00.57</configversion>
			<files></files>
			<email_mailers></email_mailers>
			<dns_resolvers></dns_resolvers>
			<enable></enable>
			<maxconn>1000</maxconn>
			<logfacility>local0</logfacility>
			<loglevel>info</loglevel>
			<nbthread></nbthread>
			<hard_stop_after></hard_stop_after>
			<localstats_refreshtime></localstats_refreshtime>
			<localstats_sticktable_refreshtime></localstats_sticktable_refreshtime>
			<log-send-hostname></log-send-hostname>
			<ssldefaultdhparam>2048</ssldefaultdhparam>
			<email_level></email_level>
			<email_myhostname></email_myhostname>
			<email_from></email_from>
			<email_to></email_to>
			<resolver_retries></resolver_retries>
			<resolver_timeoutretry></resolver_timeoutretry>
			<resolver_holdvalid></resolver_holdvalid>
		</haproxy>

I also see my backend configuration in the scope of <item></item> and not in the scope of <ha_backends></ha_backends>.
Is this crazy or normal?

-- Update --

I just found a config file with the file extenstion .bad:

		<haproxy>
			<ha_backends>
				<item>
					<name>gw-wan-003.xxxxx.xy</name>
					<desc>HTTPS Frontend f&uuml;r mehrere Backends</desc>    <------ line 2543
					<status>active</status>
					<type>http</type>
					<httpclose>http-keep-alive</httpclose>
					<ssloffloadcert>5ca52133bc774</ssloffloadcert>
					<ssloffloadacl_an>yes</ssloffloadacl_an>
					<advanced></advanced>
					<ha_acls>
						<item>
							<name>gw-wan-003.gw-wan-003.xxxxx.xy</name>
							<expression>host_matches</expression>
							<value>gw-wan-00.xxxxx.xy</value>
							<backendservercountbackend>gw-wan-003.xxxxx.xy</backendservercountbackend>
							<_index></_index>
						</item>
					</ha_acls>
					<ha_certificates>
					</ha_certificates>
					<clientcert_ca>
					</clientcert_ca>
					<clientcert_crl>
					</clientcert_crl>
					<a_extaddr>
						<item>
							<extaddr>wan_ipv4</extaddr>
							<extaddr_port>5001</extaddr_port>
							<extaddr_ssl>yes</extaddr_ssl>
							<_index></_index>
						</item>
					</a_extaddr>
					<a_actionitems>
						<item>
							<action>use_backend</action>
							<acl>gw-wan-003.xxxxx.xy</acl>
							<use_backendbackend>gw-wan-003.xxxxx.xy</use_backendbackend>
							<_index></_index>
						</item>
					</a_actionitems>
					<a_errorfiles>
					</a_errorfiles>
				</item>
			</ha_backends>
			<ha_pools>
				<item>
					<ha_servers>
						<item>
							<status>active</status>
							<name>gw-wan-003.xxxxx.xy</name>
							<address>1.2.3.4</address>
							<port>5001</port>
							<ssl>yes</ssl>
							<_index></_index>
							<id>101</id>
						</item>
					</ha_servers>
					<a_acl></a_acl>
					<a_actionitems></a_actionitems>
					<errorfiles></errorfiles>
					<advanced></advanced>
					<advanced_backend></advanced_backend>
					<name>gw-wan-003.xxxxx.xy</name>
					<balance></balance>
					<balance_urilen></balance_urilen>
					<balance_uridepth></balance_uridepth>
					<balance_uriwhole></balance_uriwhole>
					<transparent_clientip></transparent_clientip>
					<transparent_interface>lan</transparent_interface>
					<check_type>Basic</check_type>
					<checkinter></checkinter>
					<log-health-checks></log-health-checks>
					<httpcheck_method>OPTIONS</httpcheck_method>
					<monitor_uri></monitor_uri>
					<monitor_httpversion></monitor_httpversion>
					<monitor_username></monitor_username>
					<monitor_domain></monitor_domain>
					<monitor_agentport></monitor_agentport>
					<agent_check></agent_check>
					<agent_port></agent_port>
					<agent_inter></agent_inter>
					<connection_timeout></connection_timeout>
					<server_timeout></server_timeout>
					<retries></retries>
					<stats_enabled></stats_enabled>
					<stats_username></stats_username>
					<stats_password></stats_password>
					<stats_uri></stats_uri>
					<stats_scope></stats_scope>
					<stats_realm></stats_realm>
					<stats_admin></stats_admin>
					<stats_node></stats_node>
					<stats_desc></stats_desc>
					<stats_refresh></stats_refresh>
					<persist_stick_expire></persist_stick_expire>
					<persist_stick_tablesize></persist_stick_tablesize>
					<persist_stick_length></persist_stick_length>
					<persist_stick_cookiename></persist_stick_cookiename>
					<persist_sticky_type>none</persist_sticky_type>
					<persist_cookie_enabled></persist_cookie_enabled>
					<persist_cookie_name></persist_cookie_name>
					<persist_cookie_mode>passive</persist_cookie_mode>
					<persist_cookie_cachable></persist_cookie_cachable>
					<persist_cookie_postonly></persist_cookie_postonly>
					<persist_cookie_httponly></persist_cookie_httponly>
					<persist_cookie_secure></persist_cookie_secure>
					<haproxy_cookie_maxidle></haproxy_cookie_maxidle>
					<haproxy_cookie_maxlife></haproxy_cookie_maxlife>
					<haproxy_cookie_domains></haproxy_cookie_domains>
					<haproxy_cookie_dynamic_cookie_key></haproxy_cookie_dynamic_cookie_key>
					<strict_transport_security></strict_transport_security>
					<cookie_attribute_secure></cookie_attribute_secure>
					<email_level></email_level>
					<email_to></email_to>
					<id>100</id>
				</item>
			</ha_pools>
			<configversion>00.57</configversion>
			<files>
			</files>
			<email_mailers></email_mailers>
			<dns_resolvers></dns_resolvers>
			<enable></enable>
			<maxconn>1000</maxconn>
			<logfacility>local0</logfacility>
			<loglevel>info</loglevel>
			<nbthread></nbthread>
			<hard_stop_after></hard_stop_after>
			<localstats_refreshtime></localstats_refreshtime>
			<localstats_sticktable_refreshtime></localstats_sticktable_refreshtime>
			<log-send-hostname></log-send-hostname>
			<ssldefaultdhparam>2048</ssldefaultdhparam>
			<email_level></email_level>
			<email_myhostname></email_myhostname>
			<email_from></email_from>
			<email_to></email_to>
			<resolver_retries></resolver_retries>
			<resolver_timeoutretry></resolver_timeoutretry>
			<resolver_holdvalid></resolver_holdvalid>
		</haproxy>

Does it evetually having something to do with the Umlauts (ü = ü) of the german language?

Br, Tom

PiBa · Mar 14, 2021, 11:45 AM

@tomtheone said in Saving HAProxy config causes config restore:

Does it eventually having something to do with the Umlauts (ü = ü) of the german language?

That does seem to be the case.. Maybe saving description should check for 'strange' characters and not allow them to be entered for this field, or should try and store them in a different format in the config with CDATA[] around it perhaps.. Tricky part there might be not to loose old descriptions..

viktor_g · Mar 16, 2021, 5:08 AM

Redmine issue created:
https://redmine.pfsense.org/issues/11680