fix(deploy): move HAProxy admin socket to /tmp for correct permissions

NetworkCats · NetworkCats · commit 09f3b6bd72ba · 2026-03-20T08:17:36.000+08:00
The named Docker volume created /var/run/haproxy owned by root:root,
preventing the haproxy user (uid 99) from creating the socket file.
diff --git a/deploy/ansible/roles/app/tasks/main.yml b/deploy/ansible/roles/app/tasks/main.yml
@@ -221,7 +221,7 @@
       ansible.builtin.shell: |
         for i in $(seq 1 10); do
           if docker exec rustyip-haproxy sh -c \
-            'echo "set server app/{{ deploy_target }} state ready" | socat stdio unix:/var/run/haproxy/admin.sock' 2>/dev/null; then
+            'echo "set server app/{{ deploy_target }} state ready" | socat stdio unix:/tmp/admin.sock' 2>/dev/null; then
             echo "admin socket command succeeded on attempt $i"
             exit 0
           fi
@@ -293,7 +293,7 @@
       ansible.builtin.shell: |
         for i in $(seq 1 10); do
           if docker exec rustyip-haproxy sh -c \
-            'echo "set server app/{{ current_active }} state ready" | socat stdio unix:/var/run/haproxy/admin.sock' 2>/dev/null; then
+            'echo "set server app/{{ current_active }} state ready" | socat stdio unix:/tmp/admin.sock' 2>/dev/null; then
             echo "admin socket command succeeded on attempt $i"
             exit 0
           fi
diff --git a/deploy/ansible/roles/app/templates/docker-compose.yml.j2 b/deploy/ansible/roles/app/templates/docker-compose.yml.j2
@@ -9,7 +9,6 @@ services:
       - ./haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro
       - ./haproxy/ipv4_domain.lst:/usr/local/etc/haproxy/ipv4_domain.lst:ro
       - ./haproxy/certs:/etc/haproxy/certs:ro
-      - haproxy_run:/var/run/haproxy
 {% if ipv4_domain %}
       - ./haproxy/certs-ipv4:/etc/haproxy/certs-ipv4:ro
 {% endif %}
@@ -65,7 +64,6 @@ services:
       - internal
 
 volumes:
-  haproxy_run:
   db_data_blue:
   db_data_green:
 
diff --git a/deploy/ansible/roles/app/templates/haproxy.cfg.j2 b/deploy/ansible/roles/app/templates/haproxy.cfg.j2
@@ -1,7 +1,7 @@
 global
     log stderr local0 err
     maxconn 10000
-    stats socket /var/run/haproxy/admin.sock mode 660 level admin
+    stats socket /tmp/admin.sock mode 660 level admin expose-fd listeners
     # Performance tuning for high-throughput
     tune.bufsize 16384
     tune.maxrewrite 1024
