Re: 1.8.1 backend stays 'DOWN' when dns resolvers and http health checks are used

Mon, 18 Dec 2017 06:53:36 -0800 

Le 16/12/2017 à 00:22, Holger Amann a écrit :

Hi,

when I use dns resolvers combined with http health checks, the backend either 
never goes to 'UP' when haproxy starts before the backend, or the backend stays 
'DOWN' when it wasn't resolvable for a while.


--> starting haproxy:

[WARNING] 348/224658 (10) : Server phoenix-backend/phoenix is DOWN, reason: 
Layer4 timeout, check duration: 1001ms. 0 active and 0 backup servers left. 0 
sessions active, 0 requeued, 0 remaining in queue.
[ALERT] 348/224658 (10) : backend 'phoenix-backend' has no server available!
[WARNING] 348/224727 (10) : Server phoenix-backend/phoenix was DOWN and now 
enters maintenance (DNS timeout status).

--> starting container:

[WARNING] 348/224914 (10) : phoenix-backend/phoenix changed its IP from 
46.38.243.234 to 172.19.0.7 by docker/docker.
[WARNING] 348/224914 (10) : Server phoenix-backend/phoenix administratively 
READY thanks to valid DNS answer.

then the process starts and is healthy, but backend stays 'down', no health 
checks got logged and I needed to restart haproxy which fixed everything.

--> stopping the process:

[WARNING] 348/225537 (10) : Server phoenix-backend/phoenix is DOWN, reason: Layer4 
connection problem, info: "Connection refused", check duration: 0ms. 0 active 
and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
[ALERT] 348/225537 (10) : backend 'phoenix-backend' has no server available!

--> starting process:

[WARNING] 348/225735 (10) : Server phoenix-backend/phoenix is UP, reason: Layer7 check 
passed, code: 200, info: "OK", check duration: 171ms. 1 active and 0 backup 
servers online. 0 sessions requeued, 0 total in queue.

--> stopping process and container and waiting a few seconds until 'DOWN' 
message appears

[WARNING] 348/225847 (10) : Server phoenix-backend/phoenix is DOWN, reason: Layer4 
connection problem, info: "Connection refused", check duration: 0ms. 0 active 
and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
[ALERT] 348/225847 (10) : backend 'phoenix-backend' has no serverver available!
[WARNING] 348/225923 (10) : Server phoenix-backend/phoenix was DOWN and now 
enters maintenance (DNS timeout status).

--> starting container again:
[WARNING] 348/230028 (10) : Server phoenix-backend/phoenix administratively 
READY thanks to valid DNS answer.

and starting the process, but nothing happens. again backend stays 'DOWN' and 
no health checks got logged.


haproxy -vv

HA-Proxy version 1.8.1 2017/12/03
Copyright 2000-2017 Willy Tarreau <wi...@haproxy.org>

Build options :
   TARGET  = linux2628
   CPU     = generic
   CC      = gcc
   CFLAGS  = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv 
-Wno-null-dereference -Wno-unused-label
   OPTIONS = USE_LINUX_SPLICE=1 USE_LIBCRYPT=1 USE_ZLIB=1 USE_OPENSSL=1 
USE_PCRE=1

Default settings :
   maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Built with OpenSSL version : OpenSSL 1.1.0f  25 May 2017
Running on OpenSSL version : OpenSSL 1.1.0f  25 May 2017
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT 
IP_FREEBIND
Encrypted password support via crypt(3): yes
Built with multi-threading support.
Built with PCRE version : 8.39 2016-06-14
Running on PCRE version : 8.39 2016-06-14
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with zlib version : 1.2.8
Running on zlib version : 1.2.8
Compression algorithms supported : identity("identity"), deflate("deflate"), 
raw-deflate("deflate"), gzip("gzip")
Built with network namespace support.

Available polling systems :
       epoll : pref=300,  test result OK
        poll : pref=200,  test result OK
      select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.

Available filters :
         [SPOE] spoe
         [COMP] compression
         [TRACE] trace



global
   log /dev/log local0
   log /dev/log local1 info

defaults
   log global
   mode http
   timeout connect 3s
   timeout client 30s
   timeout server 120s
   timeout tunnel 3600s
   timeout http-keep-alive  1s
   timeout http-request 15s
   option http-server-close
   option httplog
   option forwardfor
   errorfile 503 /code/docker/haproxy/503.html
   errorfile 408 /dev/null

resolvers docker
   nameserver docker 127.0.0.11:53
   hold valid 2s

listen stats
   bind :8444
   mode http
   stats enable
   stats realm Haproxy\ Statistics
   stats uri /

frontend http
   bind 0.0.0.0:80
   reqadd X-Forwarded-Proto:\ http

   default_backend phoenix-backend

frontend https
   bind 0.0.0.0:443 ssl crt "/code/certs/dev/dev-server-combined.pem" alpn 
h2,http/1.1 no-sslv3
   reqadd X-Forwarded-Proto:\ https

   default_backend phoenix-backend

backend phoenix-backend
   option httpchk GET /_check
   server phoenix phoenix:4000 resolvers docker init-addr libc,last,none check 
inter 1000



Hi,
There have been some fixes since the 1.8.1. One of them could fix your problem: http://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=80b92902
Could you check with the last 1.8 source snapshot (http://www.haproxy.org/download/1.8/src/snapshot/haproxy-ss-LATEST.tar.gz) ? 

Thanks
--
Christopher Faulet

Reply via email to