Re: lua TXN.set_tos not work

On Thu, Oct 29, 2015 at 10:57:47AM +, ??? wrote: > I have this in config file > > listen railgun > option transparent > bind *:5000 transparent > server main * > source * > tcp-request content lua.test > tcp-request content reject if

Re: ip_nonlocal_bind=1 set but sometimes get "cannot bind socket" on reload (-sf)

On Fri, Oct 30, 2015 at 08:04:48AM +0100, Vincent Bernat wrote: > ??? 30 octobre 2015 00:34 -0400, Chris Riley  : > > > The kernel version is 2.6.32-358.23.2.el6.x86_64, the OS is CentOS > > 6.4. > > With this version of the kernel, the previous instance of HAProxy has to >

Re: lua TXN.set_tos not work

On Fri, Oct 30, 2015 at 08:16:07AM +, ??? wrote: > ohh.. i want to modify backend side... how to to it? It was not implemented. I noticed that the choice of action names was rather poor because it's confusing, no side is indicated. I think in 1.7 we'll have to rename some actions

Re: ip_nonlocal_bind=1 set but sometimes get "cannot bind socket" on reload (-sf)

❦ 30 octobre 2015 00:34 -0400, Chris Riley  : > The kernel version is 2.6.32-358.23.2.el6.x86_64, the OS is CentOS > 6.4. With this version of the kernel, the previous instance of HAProxy has to release the port before the new one can bind. It seems that in your case, this

Re: lua TXN.set_tos not work

ohh.. i want to modify backend side... how to to it? Willy Tarreau 于2015年10月30日周五 下午3:17写道： > On Thu, Oct 29, 2015 at 10:57:47AM +, ??? wrote: > > I have this in config file > > > > listen railgun > > option transparent > > bind *:5000

Re: Need some help configuring backend health checks

On 30/10/2015 4:48 PM, "Daren Sefcik" wrote: > > So I think those links were the right idea and I have been trying different configurations but am not quite there and am hoping somebody can offer a bit more guidance. > > So when I telnet to the icap server I type in the

Re: [LUA] Lua advanced documentation

Hi guys, On Thu, Oct 29, 2015 at 01:22:31PM +0100, Thierry FOURNIER wrote: > Ok, this is a good comment ! My explaination was not clear. I will > improve the explaination. For your information, the function associated > with "core.register_task()" is executed once, if you want that the > function

HAProxy 1.6 in Fedora/Rawhide

I've build HAProxy 1.6.1 for Rawhide (Fedora 24), but I'm not currently planning to add this to Fedora 23. If there is enough interest, I will gladly provide HAProxy 1.6.1 packages for Fedora 23, but they will most likely not be pushed into the updates repository. Long story there. Anyway, just

Re: ip_nonlocal_bind=1 set but sometimes get "cannot bind socket" on reload (-sf)

Hi Vincent, > SigIgn is correct (SIGPIPE) is ignored. However, SigBlk seems > incorrect. HAProxy only blocks signals when dequeuing them. However, > no > signal is pending either, so they should be delivered? Maybe it was > bad luck? If you try again, does SigBlk become 0? No matter how many

Re: lua TXN.set_tos not work

if i manually modify source code and simply set tos directly. where should i add it. now I'm adding: # tcp_proto.c, tcp_connect_server, line 513 - 514. 511 if (global.tune.server_rcvbuf) 512 setsockopt(fd, SOL_SOCKET, SO_RCVBUF, _rcvbuf, sizeof(global.tune.server_rcvbuf)); 513 int tos=0x10; 514

[SPAM] Le placement 100 pourcent gagnant qui sécurise votre retraite

http://lb.notre-reponse.fr/r/?id=t2e9112d4,2085317,20853e2=haproxy@formilux.org=haproxy@formilux.org Signaler comme indésirable Pour visualiser ce message au format html,

Re: DNS resolution problem on 1.6.1-1ppa1~trusty

On Thu, Oct 29, 2015 at 1:43 PM, Ben Tisdall wrote: > Sorry, I'm misinterpreting the test results, please ignore that. One > ELB address has remained the same today so it's likely HAProxy has > been using that and has not needed to update. Ok, finally observed some

Re: DNS resolution problem on 1.6.1-1ppa1~trusty

On Fri, Oct 30, 2015 at 12:53 PM, Ben Tisdall wrote: > On Thu, Oct 29, 2015 at 1:43 PM, Ben Tisdall wrote: > >> Sorry, I'm misinterpreting the test results, please ignore that. One >> ELB address has remained the same today so it's likely

Re: DNS resolution problem on 1.6.1-1ppa1~trusty

On Fri, Oct 30, 2015 at 2:10 PM, Lukas Tribus wrote: >> I sent patches to Willy, and they have been integrated a few minutes ago. >> You can git pull ; make clean ; make [...] > > Unless you use haproxy-1.6, in that case you have to wait for the backport > and the git push,

RE: DNS resolution problem on 1.6.1-1ppa1~trusty

> I sent patches to Willy, and they have been integrated a few minutes ago. > You can git pull ; make clean ; make [...] Unless you use haproxy-1.6, in that case you have to wait for the backport and the git push, which has not happened yet. Lukas

[SPAM] Construisez vous un nouveau patrimoine en Corse

http://lb.enquete-en-or.com/r/?id=t2eda1e22,20c2127,20ba62c=haproxy@formilux.org=haproxy@formilux.org Signaler comme indésirable Pour visualiser ce message au format html,

Re: DNS resolution problem on 1.6.1-1ppa1~trusty

On Fri, Oct 30, 2015 at 2:48 PM, Baptiste wrote: > On Fri, Oct 30, 2015 at 2:10 PM, Lukas Tribus wrote: >>> I sent patches to Willy, and they have been integrated a few minutes ago. >>> You can git pull ; make clean ; make [...] >> >> Unless you use

Re: questions for haproxy 1.5

On 31/10/2015 2:03 AM, "Igor Cicimov" wrote: > > > On 30/10/2015 11:18 PM, "Labedan, Alain" wrote: > > > > Hi, > > > > > > > > I have HAPROXY in front of servers backend which are load balanced. > > > > > > > > - For terminated SSL

Re: questions for haproxy 1.5

On 30/10/2015 11:18 PM, "Labedan, Alain" wrote: > > Hi, > > > > I have HAPROXY in front of servers backend which are load balanced. > > > > - For terminated SSL haproxy, I want HAproxy give the good certificate to the client associated with the good domain . > >

Re: ip_nonlocal_bind=1 set but sometimes get "cannot bind socket" on reload (-sf)

Hi Willy, The permissions where one of the first things I checked. consul-template runs as root in order to be able to reload/restart daemon and it's using the same init script that the system uses on startup. Not all of the reloads fail, the first few initial ones are successful. What's odd is

Multiple nameservers with the same ID is allowed

Hi, Following resolver section passes configuration check resolvers mydns1 nameserver ns1 8.8.8.8:53 nameserver ns1 8.8.4.4:53 resolve_retries 3 timeout retry 1s hold valid 10s IMHO: allowing same ID for 2 different objects, which

Re: ip_nonlocal_bind=1 set but sometimes get "cannot bind socket" on reload (-sf)

Hi Vincent, What's odd is that if I failover all virtual IPs to one server and set net.ipv4.ip_nonlocal_bind=0 on that server the issue goes away. The issue remains "fixed" when I fail half of the virtual IPs back to the secondary server and set net.ipv4.ip_nonlocal_bind=1. However, after a

Re: ip_nonlocal_bind=1 set but sometimes get "cannot bind socket" on reload (-sf)

❦ 30 octobre 2015 10:50 -0400, Chris Riley  : > I'm going to compile the 3.10 kernel from CentOS 7 for CentOS 6 and > see if the behavior persists and report back. With a 3.10, you are unlikely to get the same behaviour as two processes are allowed to listen to the same

[SPAM] -50 euros pour vous immediatement

http://lb.enquete-en-or.com/r/?id=t2ee1594c,20c6520,20c6698=haproxy@formilux.org=haproxy@formilux.org Signaler comme indésirable Pour visualiser ce message au format html,

Re: ip_nonlocal_bind=1 set but sometimes get "cannot bind socket" on reload (-sf)

Hi Chris, On Fri, Oct 30, 2015 at 11:18:30AM -0400, Chris Riley wrote: > Hi Willy, > > The permissions where one of the first things I checked. consul-template > runs as root in order to be able to reload/restart daemon and it's using > the same init script that the system uses on startup. Not

Re: Need some help configuring backend health checks

On Thu, Oct 29, 2015 at 11:15 PM, Igor Cicimov < ig...@encompasscorporation.com> wrote: > > On 30/10/2015 4:48 PM, "Daren Sefcik" wrote: > > > > So I think those links were the right idea and I have been trying > different configurations but am not quite there and am

Re: ip_nonlocal_bind=1 set but sometimes get "cannot bind socket" on reload (-sf)

Hi Willy, Thanks for your quick reply. > It should work better but will very likely hide the root cause. I suspect > you'll find two processes running after a reload because the old one > doesn't stop then. Yep, that's exactly what I'm seeing with 3.10. I've got a bunch of haproxy processes

L’actualité hebdomadaire par RFI - Viande et cancer: le vrai, le faux, la peur et la...

L’actualité hebdomadaire par RFI - 30/10/2015 Visualisez cet email dans votre navigateur http://rfi.nlfrancemm.com/HM?b=5M8CwQILhCGytX6Ga1letFxUOoGtUCbS3twePS0KWq-csjoaLIyf1lrKR0dgJ2Uo=0gw6JwOJIwzmY1VeDY5ZZQ Viande et cancer: le vrai, le faux, la peur et la raison En déclarant cancérogène

Re: ip_nonlocal_bind=1 set but sometimes get "cannot bind socket" on reload (-sf)

Hi Vincent, Thanks for your quick reply. I tried with 3.10 and the reloads don't "fail" as they do with 2.6 but the stacking up of haproxy processes that Willy mentioned might occur does happen. It looks like for some reason the new process is having an issue sending signals to the old process.

Re: ip_nonlocal_bind=1 set but sometimes get "cannot bind socket" on reload (-sf)

❦ 30 octobre 2015 14:50 -0400, Chris Riley  : > Good idea. I just tried and it appears to be in an epoll_wait loop. > This is after sending the PID SIGTTOU and SIGUSR1. SIGTERM also has no > effect, the process stays in this epoll_wait loop. > > strace -p11537 > Process

Re: ip_nonlocal_bind=1 set but sometimes get "cannot bind socket" on reload (-sf)

Hi Vincent, > It stays in the epoll loop even while you are sending the signals? Could > you also check what you get with "grep '^Sig' /proc/PID/status"? Yes, it stays in the epoll loop when sending any signal other than -SIGKILL. I'm poking around with gdb to see if I can see anything. This is

Re: ip_nonlocal_bind=1 set but sometimes get "cannot bind socket" on reload (-sf)

❦ 30 octobre 2015 15:14 -0400, Chris Riley  : > SigQ: 3/63840 > SigPnd: > SigBlk: fffe7bfa7a26 > SigIgn: 1000 > SigCgt: 000180300205 SigIgn is correct (SIGPIPE) is ignored. However, SigBlk seems incorrect. HAProxy only blocks signals

Re: ip_nonlocal_bind=1 set but sometimes get "cannot bind socket" on reload (-sf)

On Fri, Oct 30, 2015 at 12:23:57PM -0400, Chris Riley wrote: > Hi Willy, > > Thanks for your quick reply. > > > It should work better but will very likely hide the root cause. I suspect > > you'll find two processes running after a reload because the old one > > doesn't stop then. > > Yep,

possible crashing?

Hey all, I'm currently investigating some possible crashing in 1.5.14. I really hate to call it a crash since I've never seen haproxy crash in my life until now, but the process is suddenly not running and I can't figure out why. I've checked syslogs and puppet logs (and now disabled puppet)

Re: ip_nonlocal_bind=1 set but sometimes get "cannot bind socket" on reload (-sf)

gdb shows this when attached to the same process: 0x003bf84e8f23 in __epoll_wait_nocancel () from /lib64/libc.so.6 Regards, Chris On Fri, Oct 30, 2015 at 2:38 PM, Vincent Bernat wrote: > ❦ 30 octobre 2015 14:36 -0400, Chris Riley : > > > When the

Re: ip_nonlocal_bind=1 set but sometimes get "cannot bind socket" on reload (-sf)

Hi Willy, I tried manually sending SIGUSR1 and SIGTTOU as you suggested but I had mixed results. Sometimes the procs would do what I expected and sometimes they wouldn't. > Looks similar indeed. RHEL has selinux enabled by default I believe, I > don't know if that could prevent haproxy from

Re: ip_nonlocal_bind=1 set but sometimes get "cannot bind socket" on reload (-sf)

❦ 30 octobre 2015 14:36 -0400, Chris Riley  : > When the processes stack up, the old ones don't respond to anything > other than 'kill -9'. You could try to strace them to check where they currently are. -- If more of us valued food and cheer and song above hoarded gold,

Re: ip_nonlocal_bind=1 set but sometimes get "cannot bind socket" on reload (-sf)

When the processes stack up, the old ones don't respond to anything other than 'kill -9'. On Fri, Oct 30, 2015 at 1:20 PM, Willy Tarreau wrote: > On Fri, Oct 30, 2015 at 12:23:57PM -0400, Chris Riley wrote: > > Hi Willy, > > > > Thanks for your quick reply. > > > > > It should work

Re: Need some help configuring backend health checks

On 31/10/2015 3:14 AM, "Daren Sefcik" wrote: > > > > On Thu, Oct 29, 2015 at 11:15 PM, Igor Cicimov < ig...@encompasscorporation.com> wrote: >> >> >> On 30/10/2015 4:48 PM, "Daren Sefcik" wrote: >> > >> > So I think those links were the right