I am trying to disable a haproxy frontend from a systemd service in Debian 9 (haproxy 1.7.5-2). The default config sets up admin access via a unix socket at /run/haproxy/admin.sock so I use socat (1.7.3.1):
/bin/sh -c 'echo disable frontend http | /usr/bin/socat stdio unix-connect:/run/haproxy/admin.sock'
This works perfectly when I run it manually as root. It also works if I omit spawning a new sh instance too:
echo disable frontend http | /usr/bin/socat stdio unix-connect:/run/haproxy/admin.sock
When I attempt to run the same command as a systemd service, I consistently get a Connection refused error and I can't figure out why. Here is a simplified service file that reproduces the error:
[Unit]
Description=Test unit
After=network-online.target
[Service]
Type=oneshot
RemainAfterExit=false
ExecStartPre=/usr/bin/test -x /usr/bin/socat
ExecStart=/bin/sh -c 'echo disable frontend http | /usr/bin/socat stdio unix-connect:/run/haproxy/admin.sock'
The relevant error from systemctl status test.service:
sh[1305]: 2020/05/09 12:26:23 socat[1308] E connect(5, AF=1 "/run/haproxy/admin.sock", 25): Connection refused
I verified the path exists and I can run the command exactly as written in the ExecStart stanza manually as root immediately following the systemd failure. I thought I messed up the syntax for systemd, but that doesn't appear to be the problem. The same error occurs if I use bash or zsh instead of /bin/sh too. This has been driving me crazy for a couple of days. What am I missing?
