Hello Willy,
Thank you for giving time after a large 1.8.0 release to provide us vectors
on testing HAProxy work mode. This community's intensity and laser focus
are a standout. Below is all the information you asked us to look at. By
any chance, was there any critical change between 1.8-dev3 and 1.8-rc
series/1.8.0?
New checks: Loads stats page and accesses all backends
SUCCESS: 1.8-dev0/dev1/dev2/dev3
FAILS: 1.8-rc1/rc2rc3/rc4 and 1.8.0
Browser message:
This site can't be reached
coscend.com took too long to respond.
SUCCESS: 1.7.9
Below are captured:
1. 1.8.0 process and port checks
2. 1.8.0 binary location ascertained
3. Systemd's logs related to HAProxy startup.
4. listen stats config (just to see, if we anything conflicts with
1.8.0)
=========== LOGS ==============
We are logging in as root.
(1) check if the process is still present (ps aux)
root 2801 0.0 0.1 74928 11560 ? S 11:28 0:00
/usr/local/sbin/haproxy -Ws -V -C /usr/local/haproxy-1.8.0/conf -f
/usr/local/haproxy-1.8.0/conf -f <path to configuration files> -D -p
/var/run/haproxy.pid
haproxy 2802 99.5 0.1 75620 12408 ? Rs 11:28 10:50
/usr/local/sbin/haproxy -Ws -V -C /usr/local/haproxy-1.8.0/conf -f
/usr/local/haproxy-1.8.0/conf -f <path to configuration files> -D -p
/var/run/haproxy.pid
root 3132 0.0 0.0 112644 964 tty1 S+ 11:39 0:00 grep
--color=auto haproxy
are the ports properly listening (netstat -ltnp)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 <server_IP>:10681 0.0.0.0:* LISTEN
2802/haproxy
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
2802/haproxy
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
1319/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
2141/master
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
2802/haproxy
tcp6 0 0 :::22 :::* LISTEN
1319/sshd
tcp6 0 0 ::1:25 :::* LISTEN
2141/master
(2) are you certain that the binary in this absolute path is the one you
expect ?
We are using symlink for HAProxy binaries.
drwxr-xr-x. 2 root root 4096 Nov 28 11:37 .
drwxr-xr-x. 24 root root 4096 Nov 27 23:20 ..
lrwxrwxrwx. 1 root root 36 Nov 27 09:52 haproxy ->
/usr/local/haproxy-1.8.0/bin/haproxy
lrwxrwxrwx. 1 root root 36 Nov 27 00:06 haproxy-1.7.9 ->
/usr/local/haproxy-1.7.9/bin/haproxy
(3) Do you have anything in systemd's logs related to the startup ?
Nov 28 11:28:57 localhost systemd: [/etc/systemd/system/haproxy.service:40]
Unknown lvalue 'ExecCheck' in section 'Service'
Nov 28 11:28:57 localhost systemd:
[/etc/systemd/system/haproxy.service.d/haproxy.service.conf:1] Assignment
outside of section. Ignoring.
Nov 28 11:28:57 localhost systemd:
[/etc/systemd/system/haproxy.service.d/haproxy.service.conf:2] Assignment
outside of section. Ignoring.
...similar 9 lines
Nov 28 11:28:57 localhost systemd: Starting HAProxy Load Balancer...
Nov 28 11:28:57 localhost haproxy: Available polling systems :
Nov 28 11:28:57 localhost haproxy: epoll : pref=300, test result OK
Nov 28 11:28:57 localhost haproxy: poll : pref=200, test result OK
Nov 28 11:28:57 localhost haproxy: select : pref=150, test result FAILED
Nov 28 11:28:57 localhost haproxy: Total: 3 (2 usable), will use epoll.
Nov 28 11:28:57 localhost haproxy: Available filters :
Nov 28 11:28:57 localhost haproxy: [SPOE] spoe
Nov 28 11:28:57 localhost haproxy: [COMP] compression
Nov 28 11:28:57 localhost haproxy: [TRACE] trace
Nov 28 11:28:57 localhost haproxy: [info] 331/112857 (2799) : [acme] http-01
plugin v0.1.1
Nov 28 11:28:57 localhost haproxy: Using epoll() as the polling mechanism.
Nov 28 11:28:57 localhost haproxy: Using epoll() as the polling mechanism.
Nov 28 11:28:57 localhost systemd: Started HAProxy Load Balancer.
(4) Stats configuration
userlist admin_users
group admin_group users admin
user admin password $6$bxgj6QAG/MkcB8i.$....TD0V/lZp4K8F/
listen HAProxy-stats
bind <server_IP>:10681 name https_stats ssl crt
"PATH_TO_CRT_FILE/FILENAME"
mode http
timeout queue 10s
timeout client 50000ms
timeout server 50000ms
timeout connect 5000ms
timeout http-keep-alive 10s
timeout http-request 5s
timeout check 10s
stats enable
acl auth_readonly http_auth(admin_users)
acl auth_admin http_auth_group(admin_users) admin_group
stats http-request auth realm HAProxy.stats unless auth_readonly
stats admin if auth_admin
stats hide-version
stats show-node
stats uri /HAProxy.stats
stats refresh 10s
stats show-legends
stats show-desc "Master load balancer, reverse proxy server
and HTTP security server"
-----Original Message-----
From: Willy Tarreau [mailto:[email protected]]
Sent: Tuesday, November 28, 2017 12:46 AM
To: Coscend@Coscend <[email protected]>
Cc: [email protected]
Subject: Re: Does HAProxy 1.8.0 need new param vs 1.7.9
Hi Hemant,
On Mon, Nov 27, 2017 at 12:11:25PM -0600, Coscend@Coscend wrote:
> Dear HAProxy community,
>
> We have been successfully loading Stats page and other applications
> via HAProxy 1.7.9. We successfully compiled, installed and ran 1.8.0
> as a systemd service. However, with 1.8.0, we are unable to access
> the same stats page or any other application. We are using the same
> set of multiple HAProxy configuration files for both 1.8.0 and 1.7.9.
> Ports on firewalls are open and policies are enabled, as verified by a
working v. 1.7.9.
>
> No log is being captured by HAProxy during access to these pages /
> applications. Router log gives HAProxy is resetting the request. The
> Web page on browser states "the connection was reset."
>
> Would you be kind enough to provide any vectors on what new
> configuration parameter we should add / modify for 1.8.0 (different from
1.7.9)?
Nothing in theory. Can you check if the process is still present (ps aux) ?
If it is, are the ports properly listening (netstat -ltnp) ?
> Below is haproxy -vv. Command to start HAProxy:
>
> CONFIG=<path to config file directory and config files>
>
> ExecStart=/usr/local/sbin/haproxy -Ws -V -C $CONFIG -f $CONFIG -f
> $<BACKENDS_DEFAULT> -f $<BACKENDS_PRODUCTS_FILES> -D -p $PIDFILE
Just out of curiosity, are you certain that the binary in this absolute path
is the one you expect ? For example if you had installed it in another place
still in your path, haproxy -vv would find the new one but the one above
would be the old one and would fail on "-Ws". Do you have anything in
systemd's logs related to the startup ?
Regards,
Willy
---
This email has been checked for viruses by AVG.
http://www.avg.com
