HAProxy routes stop working when invalid cert/key is uploaded for any of route #1706
Description
If a user misconfigures SSL for one of its routes then HAProxy stops completely serving all routes with message in log
2015-04-13T05:04:55.840373604Z [ALERT] 102/010455 (9097) : Fatal errors found in configuration.
2015-04-13T05:05:43.460748843Z E0413 01:05:43.460661 1 router.go:126] Error reloading router: exit status 1
2015-04-13T05:05:43.460748843Z Reload output: + config_file=/var/lib/haproxy/conf/haproxy.config
2015-04-13T05:05:43.460748843Z + pid_file=/var/lib/haproxy/run/haproxy.pid
2015-04-13T05:05:43.460748843Z + old_pid=
2015-04-13T05:05:43.460748843Z + '[' -f /var/lib/haproxy/run/haproxy.pid ']'
2015-04-13T05:05:43.460748843Z + old_pid=6061
2015-04-13T05:05:43.460748843Z + '[' -n 6061 ']'
2015-04-13T05:05:43.460748843Z + /usr/sbin/haproxy -f /var/lib/haproxy/conf/haproxy.config -p /var/lib/haproxy/run/haproxy.pid -sf 6061
2015-04-13T05:05:43.460748843Z [ALERT] 102/010543 (9100) : parsing [/var/lib/haproxy/conf/haproxy.config:66] : 'bind 127.0.0.1:10444' : inconsistencies between private key and certificate loaded from PEM file '/var/lib/containers/router/certs/ws.cloudapps.example.com.pem'.
2015-04-13T05:05:43.460748843Z [ALERT] 102/010543 (9100) : Error(s) found in configuration file : /var/lib/haproxy/conf/haproxy.config
2015-04-13T05:05:43.460748843Z [WARNING] 102/010543 (9100) : Setting tune.ssl.default-dh-param to 1024 by default, if your workload permits it you should set it to at least 2048. Please set a value >= 1024 to make this warning disappear.
2015-04-13T05:05:43.460748843Z [ALERT] 102/010543 (9100) : Fatal errors found in configuration.
Albeit all routes were remove the message still appears in the log.
I see two problems right now
- One route problem shuts down all routes
- The cert files are not removed after route removal
If I remove the offending file form container then it starts working again