Re: Haproxy 1.7.10 constantly restarting

2018-03-11 Thread Aleksey Gordeev 
Thank you for answer. Sorry for stupid question. Found it. I forget about
letsencrypt. it restarts when renewing certificates.


Best regards, Alexey Gordeev
С уважением Гордеев А.Д.

On Mon, Mar 12, 2018 at 12:23 AM, Vincent Bernat  wrote:

>  ❦ 11 mars 2018 07:19 -0400, Aleksey Gordeev  :
>
> > I'm sorry is that question is not suitable. Please give correct channel
> to contact.
> >
> > It's started about a month ago. I have separate instances of same
> > version haproxy. One of them restarts every 2 or 3 days.
> >
> > I have only this in log
> >
> > Mar 11 06:43:21  systemd[1]: Stopping HAProxy Load Balancer...
> > Mar 11 06:43:21  haproxy-systemd-wrapper[10939]:
> haproxy-systemd-wrapper: SIGTERM -> 10942.
> > Mar 11 06:43:21  haproxy-systemd-wrapper[10939]:
> haproxy-systemd-wrapper: exit, haproxy RC=0
> > Mar 11 06:43:21  systemd[1]: Starting HAProxy Load Balancer...
> > Mar 11 06:43:21  systemd[1]: Started HAProxy Load Balancer.
> > Mar 11 06:43:21  haproxy-systemd-wrapper[19642]:
> haproxy-systemd-wrapper: executing /usr/sbin/haproxy
>
> This seems to happen because something is just restarting haproxy. Maybe
> logrotate? "rgrep haproxy /etc" may give a clue.
> --
> Write clearly - don't be too clever.
> - The Elements of Programming Style (Kernighan & Plauger)
>

Re: Haproxy 1.7.10 constantly restarting

2018-03-11 Thread Vincent Bernat 
 ❦ 11 mars 2018 07:19 -0400, Aleksey Gordeev  :

> I'm sorry is that question is not suitable. Please give correct channel to 
> contact. 
>
> It's started about a month ago. I have separate instances of same
> version haproxy. One of them restarts every 2 or 3 days.
>
> I have only this in log 
>
> Mar 11 06:43:21  systemd[1]: Stopping HAProxy Load Balancer... 
> Mar 11 06:43:21  haproxy-systemd-wrapper[10939]: haproxy-systemd-wrapper: 
> SIGTERM -> 10942. 
> Mar 11 06:43:21  haproxy-systemd-wrapper[10939]: haproxy-systemd-wrapper: 
> exit, haproxy RC=0 
> Mar 11 06:43:21  systemd[1]: Starting HAProxy Load Balancer... 
> Mar 11 06:43:21  systemd[1]: Started HAProxy Load Balancer. 
> Mar 11 06:43:21  haproxy-systemd-wrapper[19642]: haproxy-systemd-wrapper: 
> executing /usr/sbin/haproxy 

This seems to happen because something is just restarting haproxy. Maybe
logrotate? "rgrep haproxy /etc" may give a clue.
-- 
Write clearly - don't be too clever.
- The Elements of Programming Style (Kernighan & Plauger)

[PATCH 3/3] CLEANUP: cli: Fix a typo in the 'set rate-limit' usage

2018-03-11 Thread Aurélien Nephtali 
Hello,

The attached patch fixes a typo in the usage message of 'set
rate-limit'.

-- 
Aurélien.
>From bb62cb61291fe07eee3ce2cbc92dfcadc30d7622 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aur=C3=A9lien=20Nephtali?= 
Date: Sun, 11 Mar 2018 16:55:02 +0100
Subject: [PATCH 3/3] CLEANUP: cli: Fix a typo in the 'set rate-limit' usage
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The correct keyword is 'ssl-sessions' (vs. 'ssl-session').
The typo was introduced in 45c742be05 ('REORG: cli: move the "set
rate-limit" functions to their own parser').

Signed-off-by: Aurélien Nephtali 
---
 src/cli.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/cli.c b/src/cli.c
index 65914451..3cae0f31 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -1184,7 +1184,7 @@ static int cli_parse_set_ratelimit(char **args, struct appctx *appctx, void *pri
 			"   - 'connections global' to set the per-process maximum connection rate\n"
 			"   - 'sessions global' to set the per-process maximum session rate\n"
 #ifdef USE_OPENSSL
-			"   - 'ssl-session global' to set the per-process maximum SSL session rate\n"
+			"   - 'ssl-sessions global' to set the per-process maximum SSL session rate\n"
 #endif
 			"   - 'http-compression global' to set the per-process maximum compression speed in kB/s\n";
 		appctx->st0 = CLI_ST_PRINT;
-- 
2.11.0

[PATCH 2/3] CLEANUP: cli: Remove a leftover debug message

2018-03-11 Thread Aurélien Nephtali 
Hello,

The attached patch removes a printf() that was probably used for
debugging purposes.

-- 
Aurélien.
>From 220e631e6f209ed51af772b12f7f60a1a1ce5857 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aur=C3=A9lien=20Nephtali?= 
Date: Sat, 10 Mar 2018 20:59:56 +0100
Subject: [PATCH 2/3] CLEANUP: cli: Remove a leftover debug message
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This printf() was added in f886e3478d ("MINOR: cli: Add a command to
send listening sockets.").

Signed-off-by: Aurélien Nephtali 
---
 src/cli.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/cli.c b/src/cli.c
index fbd26464..65914451 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -1416,7 +1416,6 @@ static int _getsocks(char **args, struct appctx *appctx, void *private)
 iov.iov_len = curoff;
 if (sendmsg(fd, , 0) != curoff) {
 	ha_warning("Failed to transfer sockets\n");
-	printf("errno %d\n", errno);
 	goto out;
 }
 /* Wait for an ack */
-- 
2.11.0

[PATCH 1/3] CLEANUP: ssl: Remove a duplicated #include

2018-03-11 Thread Aurélien Nephtali 
Hello,

The attached patch removes a duplicated #include in the SSL code.

-- 
Aurélien.
>From 3955f2cd7f820e46710c1e610d4aaa2eace92c88 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aur=C3=A9lien=20Nephtali?= 
Date: Tue, 20 Feb 2018 19:23:07 +0100
Subject: [PATCH 1/3] CLEANUP: ssl: Remove a duplicated #include
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

openssl/x509.h is included twice since commit fc0421fde ("MEDIUM: ssl:
add support for SNI and wildcard certificates").

Signed-off-by: Aurélien Nephtali 
---
 src/ssl_sock.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index e3db4e17..e2cde197 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -43,7 +43,6 @@
 #include 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
-- 
2.11.0

Updating the unofficial GitHub mirror

2018-03-11 Thread Dan Kohn 
I'm the author of the CNCF Cloud Native Interactive Landscape, which tracks
projects and products used in open source. We include HAProxy:

https://landscape.cncf.io/grouping=no=ha-proxy=latest-commit

However, our info on latest commit is out of date because
https://github.com/haproxy/haproxy is no longer mirroring
http://www.haproxy.org/. Would it be possible to update the mirror, please?
--
Dan Kohn 
Executive Director, Cloud Native Computing Foundation https://www.cncf.io
+1-415-233-1000 https://www.dankohn.com

Haproxy 1.7.10 constantly restarting

2018-03-11 Thread Aleksey Gordeev 
I'm sorry is that question is not suitable. Please give correct channel to 
contact. 

It's started about a month ago. I have separate instances of same version 
haproxy. One of them restarts every 2 or 3 days. 

I have only this in log 

Mar 11 06:43:21  systemd[1]: Stopping HAProxy Load Balancer... 
Mar 11 06:43:21  haproxy-systemd-wrapper[10939]: haproxy-systemd-wrapper: 
SIGTERM -> 10942. 
Mar 11 06:43:21  haproxy-systemd-wrapper[10939]: haproxy-systemd-wrapper: 
exit, haproxy RC=0 
Mar 11 06:43:21  systemd[1]: Starting HAProxy Load Balancer... 
Mar 11 06:43:21  systemd[1]: Started HAProxy Load Balancer. 
Mar 11 06:43:21  haproxy-systemd-wrapper[19642]: haproxy-systemd-wrapper: 
executing /usr/sbin/haproxy 

I'm not very good in linux. So, what additional info can I provide? 

cat /proc/sys/net/ipv4/ip_local_port_range 
1024 65535 

ss -s 

Total: 4535 (kernel 5526) 
TCP: 7563 (estab 4341, closed 2934, orphaned 227, synrecv 0, timewait 2931/0), 
ports 0 

Transport Total IP IPv6 
* 5526 - - 
RAW 0 0 0 
UDP 10 8 2 
TCP 4629 4627 2 
INET 4639 4635 4 
FRAG 0 0 0 

Haproxy -vv 

A-Proxy version 1.7.10 2018/01/02 
Copyright 2000-2018 Willy Tarreau  

Build options : 
TARGET = linux2628 
CPU = generic 
CC = gcc 
CFLAGS = -O2 -g -fno-strict-aliasing -DTCP_USER_TIMEOUT=18 
OPTIONS = USE_LINUX_TPROXY=1 USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1 USE_PCRE=1 
USE_PCRE_JIT=1 

Default settings : 
maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200 

Encrypted password support via crypt(3): yes 
Built with zlib version : 1.2.7 
Running on zlib version : 1.2.7 
Compression algorithms supported : identity("identity"), deflate("deflate"), 
raw-deflate("deflate"), gzip("gzip") 
Built with OpenSSL version : OpenSSL 1.0.2n 7 Dec 2017 
Running on OpenSSL version : OpenSSL 1.0.2n 7 Dec 2017 
OpenSSL library supports TLS extensions : yes 
OpenSSL library supports SNI : yes 
OpenSSL library supports prefer-server-ciphers : yes 
Built with PCRE version : 8.32 2012-11-30 
Running on PCRE version : 8.32 2012-11-30 
PCRE library supports JIT : yes 
Built without Lua support 
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT 
IP_FREEBIND 

Available polling systems : 
epoll : pref=300, test result OK 
poll : pref=200, test result OK 
select : pref=150, test result OK 
Total: 3 (3 usable), will use epoll. 

Available filters : 
[COMP] compression 
[TRACE] trace 
[SPOE] spoe 

- 
С Уважением Гордеев А.Д. 



haproxy-main1
Description: Binary data


haproxy-global.cfg
Description: Binary data