Twitter this

Powered by MariaDB Powered by nginx ...

Rolling your own haproxy deb package

Biting ubuntu
I think I will not be the only one that wanted to try out haproxy 1.5 release on an older Ubuntu release to enjoy the new goodies like enhanced SSL support.

The easiest way to create your own packages is to download a version of the haproxy source code for building a new haproxy deb file.  Then you go and steal the debian templates from a prior version.  You will have to do editing for some of the files involved.  It's good to satisfy dpkg.  Since working with debian,  I find it very rewarding to keep my package manager(s) working well.  It helps stability, I could just copy over the executable over the old one but that's just not how it's done well.

The goal is to have a more recent version of haproxy running on a Ubuntu 10.10 Maverick ( 32bit / 64bit ) install.  The cool thing about manually rolling a deb with haproxy is that it is small, there is really only 1 executable of concern and it needs to go in /usr/sbin  (so prefix =/usr ).  That's the debian way.
If you use  the debian templates from the official package like haproxy-1.4.8, you will create a good .deb that will not overwrite your existing configuration as the groundwork you use already covers that scenario, no need to reinvent it.  You will have to tweak some files though.   And for safety sake, just make a copy of your haproxy config files before reading this further.

First, you need a complete build environment, as root or with sudo do:

1
apt-get install build-essentials dpkg-dev debhelper devscripts fakeroot

You will also need a few more packages to satisfy dependencies for building haproxy itself , you need those too (last 2 are optional if you don't sign the package with a key ... most of us won't) , but it will be a few warnings less. You will still get some since you're not signing it (see later in the article).

1
apt-get install libpcre3-dev quilt pgp gpg

Now we are all set, we need to get the sources we will use as a template from the maverick source launchpad.

- haproxy_1.4.8-1.debian.tar.gz
- haproxy_1.4.8-1.dsc
- haproxy_1.4.8.orig.tar.gz

Put them somewhere, I prefer doing this sort of work in a subdir under /usr/local/src , for instance /usr/local/src/haproxy_old and unpack them all. (you don't really need the dsc file either):

1
2
tar -xzvf haproxy_1.4.8-1.debian.tar.gz
tar -xzvf haproxy_1.4.8.orig.tar.gz

This will create 2 directories, one called debian the other one haproxy-1.4.8. It is the debian directory we want in particular. I don't even think I touched the original source but I unpacked it anyway so I could compair that source with the one I'm about to build.

At this point we will create a new directory for our future version, let's call it /usr/local/src/haproxy_new , we will have to download the haproxy 1.5 sources now. I see on the homepage that dev17 version looks like a good candidate, I will probably be very happy if that runs with what I have in my haproxy.cfg configuration now, before testing new features.

At the time of writing this, the file of that version was called haproxy-ss-LATEST.tar.gz. Download it and change the name to haproxy_1.5.orig.tar.gz and unpack it.

1
tar -xzvf haproxy_1.5.orig.tar.gz

It should unpack in this sub-directory: haproxy-1.5-dev17

At this point you can already try and build it manually, before debianizing the process. Read the README file. I found valuable info in order to create my make command. I used that info to change the debian build.

- USE_PCRE=1 to use libpcre, in whatever form is available on your system (shared or static)
- USE_STATIC_PCRE=1 to use a static version of libpcre even if the dynamic one is available. This will enhance portability.
- USE_OPENSSL=1
- USE_ZLIB=1

I wanted it to be fairly portable but built for the machine, so I include a static PCRE, according to the docs, this speeds up haproxy times 3 when using regexes. I also wanted the new SSL goodies and ZLIB support. Try to make haproxy now. All the builds are destined to run on a kernel > 2.6.28.

1
2
cd haproxy-1.5-dev17
make TARGET=linux2628 USE_PCRE=1 CPU=native USE_OPENSSL=1 USE_ZLIB=1 USE_STATIC_PCRE=1

Any errors here will have to be taken care of before building .deb files. But if it works, you can now proceed and copy the unpacked debian from /usr/local/src/haproxy_old/debian and move it under haproxy-1.5-dev17 sub-directory.

1
2
cd /usr/local/src/haproxy_new/
cp -a /usr/local/src/haproxy_old/debian .

Before building this package, we have to mod some files ( rules , changelog, control )

I added a section to the changelog , It's cleaner for the people behind you even though it isn't official, pay good attention to the syntax of that file, it's picky. I added this at the top:

1
2
3
4
5
haproxy (1.5-dev17) unstable; urgency=low

* Custom built package for maverick ubuntu

-- Glenn Plas   Sun, 06 Jun 2013 00:42:53 +0100

Next in line is the control file, since I'll be building a version that includes pcre static, I don't require it on the target host. I also added myself as author, I don't wan't others to receive hate mail destined for me, so I changed this (diff format):

1
2
3
4
5
6
7
8
4c4
< Maintainer: Glenn Plas
---
> Maintainer: Arnaud Cornet

6c6
< Build-Depends: debhelper (>= 7.0.50~), quilt (>= 0.46-7~)
---
> Build-Depends: debhelper (>= 7.0.50~), libpcre3-dev, quilt (>= 0.46-7~)

Finally, to modify the rules file properly, you need to have a working make combination, so a make command line that builds haproxy successfully. Using my make command line, the top of the rules files looks like :

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
#!/usr/bin/make -f

MAKEARGS=DESTDIR=debian/haproxy \
PREFIX=/usr \
IGNOREGIT=true \
MANDIR=/usr/share/man \
DOCDIR=/usr/share/doc/haproxy \
USE_PCRE=1  \
USE_STATIC_PCRE=1 \
USE_OPENSSL=1  \
USE_ZLIB=1

ifeq ($(shell dpkg-architecture -qDEB_HOST_ARCH_OS),linux)
MAKEARGS+= TARGET=linux2628 \
CPU=native
else
MAKEARGS+= TARGET=generic
endif
ifeq ($(shell dpkg-architecture -qDEB_HOST_ARCH_CPU),i386)
MAKEARGS+= USE_REGPARM=1
endif
....

Now it's all ready to be built. Lets do it ...

1
2
3
debian/rules clean
debian/rules
debuild

at the end of the build process you get

1
2
3
4
5
6
7
8
9
10
11
...
W: haproxy source: ancient-standards-version 3.8.4 (current is 3.9.1)
E: haproxy: embedded-library ./usr/sbin/haproxy: pcre3
Finished running lintian.
Now signing changes and any dsc files...
signfile haproxy_1.5-dev17.dsc Glenn Plas <glenn@byte-consult.be>
gpg: skipped "Glenn Plas <glenn@byte-consult.be>": secret key not available
gpg: /tmp/debsign.wvUfqM5N/haproxy_1.5-dev17.dsc: clearsign failed: secret key not available
debsign: gpg error occurred!  Aborting....
debuild: fatal error at line 1258:
running debsign failed

If you got that far, it probably worked, but in the end it can't sign since I have no key, so that fails but if the rest all went well... you just cd to the parent directory and there will be 3 new files in there. For the 32bit version you get:

- haproxy_1.5-dev17_i386.build
- haproxy_1.5-dev17_i386.changes
- haproxy_1.5-dev17_i386.deb

If you built this on a x86_64 machine, you'll get:

- haproxy_1.5-dev17_amd64.build
- haproxy_1.5-dev17_amd64.changes
- haproxy_1.5-dev17_amd64.deb

Now you can just dpkg -i the appropriate package in your system. Before restarting haproxy you might want to check your config against the new version first, I like putting an alias in place for this. Use the appropriate paths. Installing it will probably mean restarting haproxy.

1
2
3
#alias hacheck='haproxy -c -f /etc/haproxy/haproxy.cfg'
#hacheck
Configuration file is valid

And you have haproxy under dpkg control on an EOL maverick. This can be redone on any platform of course. I used a XEN VM to build de 64bit Maverick, and a linode vps to build the 32bit version.

One more remark. This will build an executable with debuggin symbols inside, you can use strip command on the executable. If you want decent core dumps keep them in. But if you don't, do this

1
2
3
4
5
6
7
file haproxy
haproxy: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs),
for GNU/Linux 2.6.15, not stripped
strip haproxy
file haproxy
haproxy: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs),
for GNU/Linux 2.6.15, stripped

As this is dev, keep an eye on the workings, it looks pretty stable but I've not tested or stressed it too much yet. You can download the binary packages I made and try them out.

- haproxy_1.5-dev17_amd64.build
- haproxy_1.5-dev17_amd64.deb
- haproxy_1.5-dev17.dsc
- haproxy_1.5-dev17_i386.changes
- haproxy_1.5.orig.tar.gz
- haproxy_1.5-dev17_amd64.changes
- haproxy_1.5-dev17.debian.tar.gz
- haproxy_1.5-dev17_i386.build
- haproxy_1.5-dev17_i386.deb

7 comments to Rolling your own haproxy deb package

  • some of the packages seem to be wrong:
    - pgp – not existent – gnupg?
    - gpg – not existent – gpgv?

    haproxy-ss-LATEST.tar.gz unpacks into haproxy-ss-20130118

    state that changelog, rules and control are in the debian subdir

    debian/rules clean
    - dh clean
    - make: dh: Command not found
    - make: *** [clean] Error 127

    get this with original rules and patched rules

    will try your .deb

  • testing your haproxy_1.5-dev17_amd64.deb

    dpkg: dependency problems prevent configuration of haproxy:
    haproxy depends on libssl0.9.8 (>= 0.9.8m-1); however:
    Package libssl0.9.8 is not installed.

    however libssl1.0.0 is installed – Ubunto standard

    installed 0.9.8 as well – seems dangerous but really don’t know

    initial tests ok

  • glenn

    I think you are trying this on Precise… correct ? This package is made for Maverick. The instruction deviate a bit on Precise, I’ve haven’t put it in the article but a package like build-essentials , that doesn’t exist on Ubuntu 12:04 LTS Precise. Let me know what you are on. You seem to be lacking the maketools, as the debian/rules file is just a makefile. Let me know what you get. The lower dependancy for libssl is due to the Maverick fact, And you probably also need the libssl-dev package too imho.

  • glenn

    you don’t really need php/gpg , they are also named different on Ubuntu precise. Just like build-essentials is. Concerning the unpacking, I think to mention it somewhere you need to rename it, if not I will correct (not so much time left today). But use common sense for directories, rename if needed and cd to the right place.

  • in the end it compiled but could not make it fly. took cowards way out and used your `.deb`.

    have you ever thought about hosting the `.deb` – think it’d be quite a nice thing to do

  • got it to compile, but not load. took coward’s way out and used your `.deb`

    have you thought about hosting the `.deb` for 1.7? seems like it would be nice thing to do.

  • glenn

    Hi Maco,

    Sorry , I haven’t spotted those comments. Just been weeding out the spamfolder. I really need to install a better wordpress captcha.

    As for the hosting, you mean host it in a user ppa ? Since I’m hosting it already here :) Thing is, these are made for a few production sites, I carefully crafted the build so it would work well on older Ubuntu versions (things like the SSL dependancies for example, you really need the correct library). I’m using it on Precise as well since a few weeks and it seems to do fine as well. But it is still a dev version, although it looks quite stable -as always-

recruitment
recruitment
recruitment
recruitment