Le mer. 19 févr. 2020 à 16:24, Christopher Faulet <cfau...@haproxy.com> a écrit :
> Le 19/02/2020 à 16:05, Olivier D a écrit : > > A bug was fixed in 2.0.12 that could explain such of crashes. The > upstream > > commit id is eec7f8ac0 (or 0ed1e8963 in the 2.0 tree). It is related > to the > > GitHub issue #420. > > > > But I don't know if it is the same bug because I don't know how it > is possible > > to apply an HTTP load-balancing algo on a TCP backend. I must take a > look at > > your configuration. You can send it to me in private. Maybe I'll > found > > something > > explaining your crashes. > > > > > > I have hundreds of frontend/backends in this config. What made you think > this is > > related to a tcp backend ? That would help me a lot. > > > > > > Because the mentioned commit fixes a bug where it was possible to assign a > TCP > backend to an HTX stream. It is possible to hit this bug when dynamic > rules are > used to choose the backend. In such case, we are unable to detect bad > configuration during HAProxy startup. > We do use some use_backend if {}, but only on http frontends (I checked). Never on tcp. We have a mix between "listen" blocks with "server" defined inside, and some frontend/backend blocks. So one "listen" block may also have a "use_backend if". Yes, it's bad, but it has been auto-generated since we use HAProxy 1.5 and we never rewrite this part. So, if you have TCP frontends that can be dynamically routed to HTTP or TCP > backends, you may hit the bug. See github issue #420. > I don't think it is this one. Our only tcp frontends are all formated like this : listen xxxxx id 20609 bind-process 18 balance source hash-type consistent mode tcp bind X.X.X.X:443 server s1 X.X.X.X:443 id 4567 check weight 5 send-proxy-v2-ssl-cn check-ssl verify none server s2 X.X.X.X:443 id 1234 check weight 5 send-proxy-v2-ssl-cn check-ssl verify none > There is another source of bugs. In HAProxy 2.0, the HTX mode is not > enabled by > default. If you have dynamic routing rules, be careful to have the same > mode > (legacy or HTX) everywhere. I will do some tests to be sure this case it > properly handled. > I thought HTX was default mode since 2.0-dev3 ( https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#no%20option%20http-use-htx ) We don't have custom config on this, so default mode was used everywhere. > > > > Did you make any recent changes on HAproxy or your servers ? I'm > surprised the > > segaults appear spontaneously after 2 months without any problem. > > > > > > Only minor modifications in the last few days ... > > minor modifications may have huge impact especially if you hit an hidden > bug :) > Config file is auto-generated from a central server, so we always add frontends, backends or certificates. That's all. I can send you the config file, but it's 8k lines, so it wont help you much I guess. Can the coredump help you more, with the binary used ? Olivier > > -- > Christopher Faulet >