I'll change my haproxy.cfg to haproxy user and see if it changes anything regarding the undying pids
Le 28/07/2017 à 13:36, Vincent Bernat a écrit : > ❦ 28 juillet 2017 12:09 +0200, "Arnaud B." <arn...@arnaudb.net> : > >> I'm having an issue on debian 9's stable version of HAProxy : >> >> https://dooby.fr/y/j9qgknb >> >> I have to regularly reload haproxy to fetch new configurations, and it >> now always result on a set of undying pids. >> >> If I strace pid 2677 on this screenshot : >> $ strace -p 2677 >> strace: Process 2677 attached >> epoll_wait(0, [], 200, 18) = 0 >> epoll_wait(0, [], 200, 0) = 0 >> epoll_wait(0, [], 200, 12) = 0 >> epoll_wait(0, [], 200, 0) = 0 >> epoll_wait(0, [], 200, 14) = 0 >> epoll_wait(0, [], 200, 0) = 0 >> epoll_wait(0, [], 200, 13) = 0 >> epoll_wait(0, [], 200, 0) = 0 >> epoll_wait(0, [], 200, 121) = 0 >> epoll_wait(0, [], 200, 0) = 0 >> epoll_wait(0, [], 200, 6) = 0 >> epoll_wait(0, [], 200, 0) = 0 >> epoll_wait(0, [], 200, 22) = 0 >> >> if I check what's going on on the network level for this pid : >> $ ss -lntpuae |grep -i 'pid=2677' >> udp UNCONN 0 0 *:28382 >> *:* >> users:(("haproxy",pid=2677,fd=14),("haproxy",pid=2611,fd=14)) >> ino:1822334707 sk:aa61 --> > For information, haproxy -vv is: > > HA-Proxy version 1.7.5-2 2017/05/17 > Copyright 2000-2017 Willy Tarreau <wi...@haproxy.org> > > Build options : > TARGET = linux2628 > CPU = generic > CC = gcc > CFLAGS = -g -O2 -fdebug-prefix-map=/build/haproxy-2dHYaz/haproxy-1.7.5=. > -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time > -D_FORTIFY_SOURCE=2 > OPTIONS = USE_GETADDRINFO=1 USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1 > USE_LUA=1 USE_PCRE=1 USE_NS=1 > > Default settings : > maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200 > > Encrypted password support via crypt(3): yes > Built with zlib version : 1.2.8 > Running on zlib version : 1.2.8 > Compression algorithms supported : identity("identity"), deflate("deflate"), > raw-deflate("deflate"), gzip("gzip") > Built with OpenSSL version : OpenSSL 1.1.0e 16 Feb 2017 > Running on OpenSSL version : OpenSSL 1.1.0f 25 May 2017 > OpenSSL library supports TLS extensions : yes > OpenSSL library supports SNI : yes > OpenSSL library supports prefer-server-ciphers : yes > Built with PCRE version : 8.39 2016-06-14 > Running on PCRE version : 8.39 2016-06-14 > PCRE library supports JIT : no (USE_PCRE_JIT not set) > Built with Lua version : Lua 5.3.3 > Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT > IP_FREEBIND > Built with network namespace support > > Available polling systems : > epoll : pref=300, test result OK > poll : pref=200, test result OK > select : pref=150, test result OK > Total: 3 (3 usable), will use epoll. > > Available filters : > [COMP] compression > [TRACE] trace > [SPOE] spoe > > On your screenshot, the user is www-data while on lsof, this is > haproxy. Handover between HAProxy instances is done through signal, > maybe you reloaded the configuration with a change of user. The new > HAProxy cannot signal the old one to shutdown in this case. However, > this wouldn't explain why lsof and htop don't agree.
