Le mer. 19 févr. 2020 à 16:24, Christopher Faulet <cfau...@haproxy.com> a
écrit :
> Le 19/02/2020 à 16:05, Olivier D a écrit :
> > A bug was fixed in 2.0.12 that could explain such of crashes. The
> upstream
> > commit id is eec7f8ac0 (or 0ed1e8963 in the 2.0 tree). It is related
> to the
> > GitHub issue #420.
> >
> > But I don't know if it is the same bug because I don't know how it
> is possible
> > to apply an HTTP load-balancing algo on a TCP backend. I must take a
> look at
> > your configuration. You can send it to me in private. Maybe I'll
> found
> > something
> > explaining your crashes.
> >
> >
> > I have hundreds of frontend/backends in this config. What made you think
> this is
> > related to a tcp backend ? That would help me a lot.
> >
> >
>
> Because the mentioned commit fixes a bug where it was possible to assign a
> TCP
> backend to an HTX stream. It is possible to hit this bug when dynamic
> rules are
> used to choose the backend. In such case, we are unable to detect bad
> configuration during HAProxy startup.
>
We do use some use_backend if {}, but only on http frontends (I checked).
Never on tcp.
We have a mix between "listen" blocks with "server" defined inside, and
some frontend/backend blocks. So one "listen" block may also have a
"use_backend if".
Yes, it's bad, but it has been auto-generated since we use HAProxy 1.5 and
we never rewrite this part.
So, if you have TCP frontends that can be dynamically routed to HTTP or TCP
> backends, you may hit the bug. See github issue #420.
>
I don't think it is this one. Our only tcp frontends are all formated like
this :
listen xxxxx
id 20609
bind-process 18
balance source
hash-type consistent
mode tcp
bind X.X.X.X:443
server s1 X.X.X.X:443 id 4567 check weight 5 send-proxy-v2-ssl-cn
check-ssl verify none
server s2 X.X.X.X:443 id 1234 check weight 5 send-proxy-v2-ssl-cn
check-ssl verify none
> There is another source of bugs. In HAProxy 2.0, the HTX mode is not
> enabled by
> default. If you have dynamic routing rules, be careful to have the same
> mode
> (legacy or HTX) everywhere. I will do some tests to be sure this case it
> properly handled.
>
I thought HTX was default mode since 2.0-dev3 (
https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#no%20option%20http-use-htx
)
We don't have custom config on this, so default mode was used everywhere.
>
>
> > Did you make any recent changes on HAproxy or your servers ? I'm
> surprised the
> > segaults appear spontaneously after 2 months without any problem.
> >
> >
> > Only minor modifications in the last few days ...
>
> minor modifications may have huge impact especially if you hit an hidden
> bug :)
>
Config file is auto-generated from a central server, so we always add
frontends, backends or certificates. That's all.
I can send you the config file, but it's 8k lines, so it wont help you much
I guess. Can the coredump help you more, with the binary used ?
Olivier
>
> --
> Christopher Faulet
>
