On Mon, Apr 23, 2018 at 08:32:39PM +0200, Willy Tarreau wrote:
> On Mon, Apr 23, 2018 at 06:36:29PM +0300, Slawa Olhovchenkov wrote:
> > On Sat, Apr 21, 2018 at 04:38:48PM +0300, Slawa Olhovchenkov wrote:
> >
> > > On Fri, Apr 20, 2018 at 03:55:25PM +0200, Willy Tarreau wrote:
> > >
> > > > Thus for you it's better to stick to a single listener, and if you want
> > > > to
> > > > increase the fairness between the sockets, you can reduce
> > > > tune.maxaccept in
> > > > the global section like below :
> > > >
> > > > global
> > > > tune.maxaccept 8
> > > >
> > > > The kqueue issue you report is still unclear to me however, I'm not much
> > > > used to kqueue and always having a hard time decoding it.
> > >
> > > I am try to decode first event on looped thread.
> > >
> > > ev0 id 21 filt -2 flag 0 fflag 0 data 2400 udata 0
> > >
> > > This is EVFILT_WRITE (available 2400 bytes) on socket 21.
> > >
> > > This is DNS socket:
> > >
> > > 12651 haproxy 21 s - rw---n-- 9 0 UDP
> > > 185.38.13.221:28298 8.8.8.8:53
> > >
> > > Actualy I am have only one dns requests per 2 seconds.
> >
> > Can this (DNS use) cause 100% CPU use?
>
> It should not but there could be a bug. Olivier tried to reproduce here but
> failed to get any such problem. We'll definitely need your configuration,
> we've been guessing too much now and we're not making any progress on this
> issue.
I am mean need some (timing) combonation of http requests and DNS
request/response.
global
nbproc 1
nbthread 8
cpu-map auto:1/1-8 0-7
log /dev/log local0
tune.ssl.default-dh-param 2048
tune.ssl.cachesize 1000000
tune.ssl.lifetime 600
tune.ssl.maxrecord 1460
tune.maxaccept 1
tune.maxpollevents 20
maxconn 140000
stats socket /var/run/haproxy.sock level admin
user www
group www
daemon
defaults
log global
mode http
http-reuse always
option http-keep-alive
option httplog
option dontlognull
retries 3
maxconn 140000
backlog 4096
timeout connect 5000
timeout client 15000
timeout server 50000
listen stats
bind :xxxx
mode http
log global
maxconn 10
timeout client 100s
timeout server 100s
timeout connect 100s
timeout queue 100s
stats enable
stats hide-version
stats refresh 30s
stats show-node
stats uri /haproxy?stats
frontend balancer
bind *:80
bind *:443 ssl crt XXXX
# remove X-Forwarded-For header
http-request set-header X-Forwarded-Port %[dst_port]
http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Proto http if ! { ssl_fc }
reqidel ^X-Forwarded-For:.*
option dontlog-normal
option forwardfor
timeout client 50000ms
timeout client 50000ms
use_backend ssl-pool if { ssl_fc }
default_backend default-pool
backend default-pool
balance roundrobin
option httpchk GET /health-check
timeout connect 1000ms
timeout server 5000ms
server elb1 x.eu-west-1.elb.amazonaws.com:80 maxconn 7000 id 1 check
resolvers mydns resolve-prefer ipv4
server elb2 y.eu-west-1.elb.amazonaws.com:80 maxconn 7000 id 2 check
resolvers mydns resolve-prefer ipv4
backend ssl-pool
balance roundrobin
option httpchk GET /health-check
timeout connect 1000ms
timeout server 35s
server elb1 x.eu-west-1.elb.amazonaws.com:443 ssl verify none maxconn
7000 id 1 check resolvers mydns resolve-prefer ipv4
server elb2 y.eu-west-1.elb.amazonaws.com:443 ssl verify none maxconn
7000 id 2 check resolvers mydns resolve-prefer ipv4
resolvers mydns
nameserver dns1 8.8.8.8:53
resolve_retries 3
timeout retry 1s
hold other 30s
hold refused 30s
hold nx 30s
hold timeout 30s
hold valid 10s
