ERR 20: Auth Rejected Credentials (client should begin new session)

Hey All, Wondering if anyone seen this message from a tcpdump of a simple mount session: psql01: mount nfs-c01:/n /m Yields this message ERR 20: Auth Rejected Credentials (client should begin new session) and the mount attempt never exits and never mounts /m . nfs-c01 is a VIP that's

Re: [PATCH] BUG/MINOR: cli: Ensure appctx->ctx.cli.err is always set when using CLI_ST_PRINT_FREE

On Mon, Apr 16, 2018 at 07:19:15PM +0200, Aurélien Nephtali wrote: > Hello Willy (not being rude this time :p), Great, now applied, thank you! Willy PS: you were not rude (or I didn't sense it at least)

Re: [PATCH] BUG/MINOR: cli: Ensure appctx->ctx.cli.err is always set when using CLI_ST_PRINT_FREE

Hello Willy (not being rude this time :p), On Mon, Apr 16, 2018 at 05:01:18PM +0200, Willy Tarreau wrote: > I agree on the principle, but memprintf(, "foo") will set err to NULL > if there's no more memory. And I personally care a lot about staying rock > solid even under harsh memory conditions,

Re: Version 1.5.12, getting 502 when server check fails, but server is still working

Hello Shawn, On 16 April 2018 at 17:39, Shawn Heisey wrote: > I enabled the admin socket so that I could renew OCSP stapling. As far as I > understand, it can only be used on the load balancer machine itself, and I > think this is the only way to renew stapling other than

Re: 1.8.7 http-tunnel doesn't seem to work? (but default http-keep-alive does)

Hi, On Mon, Apr 16, 2018 at 03:37:34PM +0200, Olivier Houchard wrote: > Hi Pieter, > > On Fri, Apr 13, 2018 at 06:50:50AM +, Pi Ba wrote: > > Using poll (startup with -dk) the request works properly. > > After some discussion with Willy, we came with a solution that may fix your > problem

Re: Version 1.5.12, getting 502 when server check fails, but server is still working

On 4/16/2018 9:15 AM, Lukas Tribus wrote: Hello Shawn, please keep the mailing-list in the loop. Sorry about that.  Looks like the haproxy list doesn't set a reply-to header sending replies to the list.  Most mailing lists I have dealt with do this, so just hitting "reply" does the right

Re: Version 1.5.12, getting 502 when server check fails, but server is still working

Hello Shawn, please keep the mailing-list in the loop. On 16 April 2018 at 16:53, Shawn Heisey wrote: >> Having said that, you'd be better off setting the server to >> maintenance mode instead of letting the health check fail (via >> webinterface or stats socket): >>

Re: [PATCH] BUG/MINOR: cli: Ensure appctx->ctx.cli.err is always set when using CLI_ST_PRINT_FREE

On Mon, Apr 16, 2018 at 4:19 PM, Willy Tarreau wrote: > Hi Aurélien, > > On Sun, Apr 15, 2018 at 09:58:49AM +0200, Aurélien Nephtali wrote: >> Hello, >> >> Here is a small patch to fix a potential crash when using >> CLI_ST_PRINT_FREE in an error path in the 'map' code. >> The

Re: [PATCH] BUG/MINOR: cli: Ensure appctx->ctx.cli.err is always set when using CLI_ST_PRINT_FREE

On Mon, Apr 16, 2018 at 04:41:27PM +0200, Aurélien Nephtali wrote: > On Mon, Apr 16, 2018 at 4:19 PM, Willy Tarreau wrote: > > Hi Aurélien, > > > > On Sun, Apr 15, 2018 at 09:58:49AM +0200, Aurélien Nephtali wrote: > >> Hello, > >> > >> Here is a small patch to fix a potential crash

Re: Version 1.5.12, getting 502 when server check fails, but server is still working

On 4/16/2018 6:43 AM, Jarno Huuskonen wrote: There's also http-check disable-on-404 (http://cbonte.github.io/haproxy-dconv/1.5/configuration.html#4.2-http-check%20disable-on-404) So maybe first set flag that returns 404 on health check and only after thirty seconds fail the health check. This

Re: Version 1.5.12, getting 502 when server check fails, but server is still working

On 4/16/2018 6:43 AM, Jarno Huuskonen wrote: There's also http-check disable-on-404 (http://cbonte.github.io/haproxy-dconv/1.5/configuration.html#4.2-http-check%20disable-on-404) I couldn't get this to work at first.  If I put the disable-on-404 option in the actual back end, it complains

Re: Fix building haproxy 1.8.5 with LibreSSL 2.6.4

> On 07 Apr 2018, at 17:38, Emmanuel Hocdet wrote: > > > I Andy > >> Le 31 mars 2018 à 16:43, Andy Postnikov a écrit : >> >> I used to rework previous patch from Alpinelinux to build with latest stable >> libressl >> But found no way to run tests with

Re: Version 1.5.12, getting 502 when server check fails, but server is still working

Hi, On Mon, Apr 16, Lukas Tribus wrote: > On 15 April 2018 at 21:53, Shawn Heisey wrote: > > I'm working on making my application capable of handling service restarts on > > the back end with zero loss or interruption. It runs on two servers behind > > haproxy. > > > > At

Re: [PATCH][MINOR]: config: Warn if resolvers section has no namerservers configured

Hi Ben, On Fri, Apr 13, 2018 at 03:51:17PM -0600, Ben Draut wrote: > This implements a simple warning for 'resolvers' sections that have no > nameservers. Thank you, now merged. However : > (Also trimmed lines with trailing whitespace in this file.) Please don't do this, it needlessly inflates

Re: 1.8.7 http-tunnel doesn't seem to work? (but default http-keep-alive does)

Hi Pieter, On Fri, Apr 13, 2018 at 06:50:50AM +, Pi Ba wrote: > Using poll (startup with -dk) the request works properly. After some discussion with Willy, we came with a solution that may fix your problem with kqueue. Can you test the attached patch and let me know if it fixes it for you ?

Re: MINOR: proxy: Add fe_defbe fetcher

Hi Marcin, On Fri, Apr 13, 2018 at 03:41:18PM +0200, Marcin Deranek wrote: > Hi, > > New fetcher which adds ability to retrieve default backend name for > frontend. Should cleanly apply to both 1.8 & 1.9 branches. Now merged, thank you! Willy

Re: Version 1.5.12, getting 502 when server check fails, but server is still working

On Mon, Apr 16, 2018 at 10:03:44AM -0600, Shawn Heisey wrote: > I am curious about why I couldn't use "track". "track" means that your current server will always be in the same state as the designated one. It will never run its own checks, and will receive notifications from the other one's state

Re: 1.8.7 http-tunnel doesn't seem to work? (but default http-keep-alive does)

Hi Olivier, Op 16-4-2018 om 17:09 schreef Olivier Houchard: After some discussion with Willy, we came with a solution that may fix your problem with kqueue. Can you test the attached patch and let me know if it fixes it for you ? Minor variation of the patch, that uses EV_RECEIPT if available,

Re: Version 1.5.12, getting 502 when server check fails, but server is still working

On 4/16/2018 1:46 PM, Willy Tarreau wrote: > On Mon, Apr 16, 2018 at 10:03:44AM -0600, Shawn Heisey wrote: >> I am curious about why I couldn't use "track". > "track" means that your current server will always be in the same state > as the designated one. It will never run its own checks, and will

Re: Question regarding haproxy backend behaviour

Hi Moemen, Thanks for your response. But I think I need to clarify a few things here. On Mon, Apr 16, 2018 at 4:33 AM Moemen MHEDHBI wrote: > Hi > > On 12/04/2018 19:16, Ayush Goyal wrote: > > Hi, > > I have a question regarding haproxy backend connection behaviour. We

[PATCH] BUG/MINOR: http: Return an error in proxy mode when url2sa fails

Hi, Here is a patch fixing an old bug in proxy mode, when you mix valid requests (using an IP) with invalid ones (with a domain name for instance). With following configuration: listen test mode http bind *: option http_proxy try to do: $> printf "GET

Re: [PATCH] BUG/MINOR: http: Return an error in proxy mode when url2sa fails

On Mon, Apr 16, 2018 at 10:29:11AM +0200, Christopher Faulet wrote: > Here is a patch fixing an old bug in proxy mode, when you mix valid requests > (using an IP) with invalid ones (with a domain name for instance). > > With following configuration: > > listen test > mode http >

Re: [PATCH] BUG/MINOR: cli: Ensure appctx->ctx.cli.err is always set when using CLI_ST_PRINT_FREE

Hi Aurélien, On Sun, Apr 15, 2018 at 09:58:49AM +0200, Aurélien Nephtali wrote: > Hello, > > Here is a small patch to fix a potential crash when using > CLI_ST_PRINT_FREE in an error path in the 'map' code. > The problematic part is in the 'add' feature but all other usages have > ben modified

Re: Haproxy 1.8 with OpenSSL 1.1.1-pre4 stops working after 1 hour

Reading my email again it looks like somehow I messed up part of it, retrying: Hi all, I built Haproxy (1.8.7) against openssl 1.1.1-pre4, and now after 1 hour running haproxy stops accepting new SSL connections. When I restart it works again for almost(?) exactly 1 hour, then stops. Any idea

Re: Question regarding haproxy backend behaviour

On Mon, 16 Apr 2018 6:09 pm Ayush Goyal wrote: > Hi Moemen, > > Thanks for your response. But I think I need to clarify a few things here. > > On Mon, Apr 16, 2018 at 4:33 AM Moemen MHEDHBI > wrote: > >> Hi >> >> On 12/04/2018 19:16, Ayush Goyal wrote:

Re: Version 1.5.12, getting 502 when server check fails, but server is still working

On Sun, 15 Apr 2018 at 20:56, Shawn Heisey wrote: > Would I need to upgrade beyond 1.5 to get that working? I don't have any info about your precise problem, but here's a quote from Willy's 1.9 thread within the last couple of months: "Oh, before I forget, since nobody

Re: Version 1.5.12, getting 502 when server check fails, but server is still working

Hello, On 15 April 2018 at 21:53, Shawn Heisey wrote: > I'm working on making my application capable of handling service restarts on > the back end with zero loss or interruption. It runs on two servers behind > haproxy. > > At application shutdown, I'm setting a flag