VR: fix haproxy check when ssl offloading is configured

[weizhouapache]

Description

This PR fixes #12591

Types of changes

• Breaking change (fix or feature that would cause existing functionality to change)
• New feature (non-breaking change which adds functionality)
• Bug fix (non-breaking change which fixes an issue)
• Enhancement (improves an existing feature and functionality)
• Cleanup (Code refactoring and cleanup, that may add test cases)
• Build/CI
• Test (unit or integration test code)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

• Major
• Minor

Bug Severity

• BLOCKER
• Critical
• Major
• Minor
• Trivial

Screenshots (if appropriate):

How Has This Been Tested?

How did you try to break this feature and the system with this change?

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 17.62%. Comparing base (30d3066) to head (fc1cc74).
⚠️ Report is 1 commits behind head on 4.22.

Additional details and impacted files

@@            Coverage Diff            @@
##               4.22   #12596   +/-   ##
=========================================
  Coverage     17.62%   17.62%           
- Complexity    15664    15665    +1     
=========================================
  Files          5915     5915           
  Lines        531144   531171   +27     
  Branches      64930    64938    +8     
=========================================
+ Hits          93591    93608   +17     
- Misses       427015   427023    +8     
- Partials      10538    10540    +2     

Flag	Coverage Δ
uitests	3.71% <ø> (-0.01%)	⬇️
unittests	18.69% <ø> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[DaanHoogland]

@blueorangutan package

[blueorangutan]

@DaanHoogland a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✖️ el8 ✖️ el9 ✔️ debian ✖️ suse15. SL-JID 16713

[weizhouapache]

@blueorangutan package

[blueorangutan]

@weizhouapache a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✔️ debian ✔️ suse15. SL-JID 16715

[weizhouapache]

@blueorangutan test

[blueorangutan]

@weizhouapache a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

[blueorangutan]

[SF] Trillian test result (tid-15403)
Environment: kvm-ol8 (x2), zone: Advanced Networking with Mgmt server ol8
Total time taken: 53144 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr12596-t15403-kvm-ol8.zip
Smoke tests completed. 146 look OK, 3 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File
ContextSuite context=TestListIdsParams>:teardown	Error	1.17	test_list_ids_parameter.py
test_01_snapshot_root_disk	Error	4.01	test_snapshots.py
test_02_list_snapshots_with_removed_data_store	Error	46.94	test_snapshots.py
test_02_list_snapshots_with_removed_data_store	Error	46.94	test_snapshots.py
ContextSuite context=TestSnapshotStandaloneBackup>:teardown	Error	27.66	test_snapshots.py
test_01_snapshot_usage	Error	48.28	test_usage.py
test_01_vpn_usage	Error	1.10	test_usage.py

[Copilot]

Pull request overview

This PR addresses issue #12591 by adjusting the SystemVM HAProxy advanced health check to tolerate additional bind options appended when SSL offloading is configured, avoiding false health check failures while keeping HAProxy config validation intact.

Changes:

• Relax bind line matching in haproxy_check.py to accept bind <ip:port> ... (with trailing options) rather than requiring an exact string match.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Using startswith(bindStr) can incorrectly accept mismatched ports (e.g., expected 1.2.3.4:80 but config has 1.2.3.4:8000, which still starts with 1.2.3.4:80). To allow extra HAProxy bind options while keeping correctness, compare only the first whitespace-delimited token of the bind directive (or otherwise parse the address:port portion) instead of a raw prefix match.

Suggested change

	if not cfgSection["bind"][0].startswith(bindStr):
	bind_line = cfgSection["bind"][0]
	bind_token = bind_line.split()[0] if bind_line else ""
	if bind_token != bindStr: