Hi Bren, On Wed, Sep 10, 2025 at 03:55:59PM +0000, Bren wrote: > Hello! > > Last night I was beating my head against the wall over this piece of config: > > acl toggle_delay str(delay),map(opt@/etc/haproxy/maps/toggles.map,on) -m str > on > > acl toggle_guard str(guard),map(opt@/etc/haproxy/maps/toggles.map,off) -m str > on > > acl toggle_ipinfo str(ipinfo),map(opt@/etc/haproxy/maps/toggles.map,on) -m > str on > > The map: > > delay on > guard off > ipinfo on > > I expected that I could enable guard via runtime CLI, but it wasn't working, > e.g. as a test I did: > > http-request deny if toggle_guard > > Yet the request wasn't being denied when setting guard to on. > > Then I did some show maps and noticed this: > > # id (file) description > 137 (/etc/haproxy/maps/toggles.map) pattern loaded from file > 'opt@/etc/haproxy/maps/toggles.map' used by map at file > '/etc/haproxy/haproxy.cfg' line 605. curr_ver=0 next_ver=0 entry_cnt=3 > 138 (/etc/haproxy/maps/toggles.map) pattern loaded from file > 'opt@/etc/haproxy/maps/toggles.map' used by map at file > '/etc/haproxy/haproxy.cfg' line 606. curr_ver=0 next_ver=0 entry_cnt=3 > 139 (/etc/haproxy/maps/toggles.map) pattern loaded from file > 'opt@/etc/haproxy/maps/toggles.map' used by map at file > '/etc/haproxy/haproxy.cfg' line 607. curr_ver=0 next_ver=0 entry_cnt=3 > > So it looks like haproxy creates three separate instances of this map, and > doing a 'set map /etc/haproxy/maps/toggles.map ...' only updates the first > entry! I would have expected haproxy to create just one instance of the map, > and to reference that same instance in subsequent calls. I can not find > anything in the docs about this at all. > > I don't know where I got the idea to use toggles like this, but I swear they > did more than one ACL each using map() for the lookup, but I can't find this > anywhere either. Every example uses just one toggle + ACL entry, or uses a > "use_backend ..." call to dynamically route traffic. > > Thought I'd email in to see if I'm doing something wrong, or if there is > perhaps a better way to do this. I can't seem to find anyone doing something > like this anywhere else! > > If I want to support multiple toggles like this with just one map entry per > file, is the only way to do this via multiple maps, or changing the logic of > my scripts to do a "show map" first, get the IDs, then loop through and "set > map ..." on each ID? Which I guess wouldn't be too hard to do.
Indeed I think that opt@ causes the map to be totally independent (and you'll notice that it's part of its name). Now the relevance of this choice is obviously questionnable based on your report, but I think that opt@ makes the map local for the sake of its creation in case the file is not found. I can't find a case where the current behavior could be useful either, so maybe we should change this. Willy
