Re: 'http-check connect default linger proto fcgi' keeps connections open?

2020-05-02 Thread Aleksandar Lazic 
On 02.05.20 14:25, Aleksandar Lazic wrote:
> Hi.
> 
> May 2, 2020 9:43:40 AM Christopher Faulet :
> 
>> Le 02/05/2020 à 00:05, Aleksandar Lazic a écrit :
>>
>>> Hi.
>>> I wanted to use the shiny new http-check feature and have seen that the 
>>> connection keeps alive after the health check.
>>> I have also tried to remove "linger" but this does not change anything.
>>> Maybe I make something wrong.
>>>
>>>
>> Hi Aleks,
>>
>> You're right. There is a bug. And trying to fix it, I found 2 others :) It 
>> was a wrong test on the FCGI connection flags. Because of this bug, the 
>> connection remains opened till the server timeout. I pushed fixes in 
>> upstream. It should be ok now.
> 
> Ah cool.
> 
> I will try the next snapshot.

Okay I was to impatient to see if it works and have now build the Docker image 
from git clone ;-)
I can confirm that this bug was fixed.

Now we have a active testing loadbalancer for php-fpm and other fcgi backends 
8-O

>> Thanks,

Thanks Christopher.

Best regards
Aleks

Re: 'http-check connect default linger proto fcgi' keeps connections open?

2020-05-02 Thread Aleksandar Lazic 
Hi.

May 2, 2020 9:43:40 AM Christopher Faulet :

> Le 02/05/2020 à 00:05, Aleksandar Lazic a écrit :
>
> > Hi.
> > I wanted to use the shiny new http-check feature and have seen that the 
> > connection keeps alive after the health check.
> > I have also tried to remove "linger" but this does not change anything.
> > Maybe I make something wrong.
> >
> >
> Hi Aleks,
>
> You're right. There is a bug. And trying to fix it, I found 2 others :) It 
> was a wrong test on the FCGI connection flags. Because of this bug, the 
> connection remains opened till the server timeout. I pushed fixes in 
> upstream. It should be ok now.

Ah cool.

I will try the next snapshot.

> Thanks,
>
>

Re: 'http-check connect default linger proto fcgi' keeps connections open?

2020-05-02 Thread Christopher Faulet 

Le 02/05/2020 à 00:05, Aleksandar Lazic a écrit :

Hi.

I wanted to use the shiny new http-check feature and have seen that the 
connection keeps alive after the health check.
I have also tried to remove "linger" but this does not change anything.
Maybe I make something wrong.



Hi Aleks,

You're right. There is a bug. And trying to fix it, I found 2 others :) It was a 
wrong test on the FCGI connection flags. Because of this bug, the connection 
remains opened till the server timeout. I pushed fixes in upstream. It should be 
ok now.


Thanks,
--
Christopher Faulet

'http-check connect default linger proto fcgi' keeps connections open?

2020-05-01 Thread Aleksandar Lazic 
Hi.

I wanted to use the shiny new http-check feature and have seen that the 
connection keeps alive after the health check.
I have also tried to remove "linger" but this does not change anything.
Maybe I make something wrong.

My setup:

I used here the docker hub haproxy Dockerfile and just used the snapshot from 
1st May.
Shell 01: podman run --rm -it -p 8080:8080 -v 
/tmp/haproxy-config:/usr/local/etc/haproxy --network host hap-snap
Shell 02: podman run --rm -it -p 9000:9000 --network host -v 
/tmp/php-root:/var/www/html -v /tmp/php-conf:/mnt php:7.4-fpm --fpm-config 
/mnt/php-fpm.conf --force-stderr
Shell 03: ss  --tcp |egrep 9000 # this shows 'ESTAB  0   0  
127.0.0.1:58076  127.0.0.1:9000'

You can easily replace podman with docker.

I get without any user request the following message from php-fpm.
```
[01-May-2020 21:50:32] NOTICE: fpm is running, pid 1
[01-May-2020 21:50:32] NOTICE: ready to handle connections
[01-May-2020 21:51:12] WARNING: [pool www] server reached pm.max_children 
setting (20), consider raising it
^C[01-May-2020 21:51:33] NOTICE: Terminating ...
[01-May-2020 21:51:33] NOTICE: exiting, bye-bye!

```

The configs:

```
podman run --rm -it -p 8080:8080 -v /tmp/haproxy-config:/usr/local/etc/haproxy 
--network host hap-snap haproxy -vv
HA-Proxy version 2.2-dev6-a911548 2020/04/30 - https://haproxy.org/
Status: development branch - not safe for use in production.
Known bugs: https://github.com/haproxy/haproxy/issues?q=is:issue+is:open
Running on: Linux 5.3.0-45-generic #37-Ubuntu SMP Thu Mar 26 20:41:27 UTC 2020 
x86_64
Build options :
  TARGET  = linux-glibc
  CPU = generic
  CC  = gcc
  CFLAGS  = -O2 -g -Wall -Wextra -Wdeclaration-after-statement -fwrapv 
-Wno-unused-label -Wno-sign-compare -Wno-unused-parameter 
-Wno-old-style-declaration -Wno-ignored-qualifiers -Wno-clobbered 
-Wno-missing-field-initializers -Wno-implicit-fallthrough 
-Wno-stringop-overflow -Wno-cast-function-type -Wtype-limits 
-Wshift-negative-value -Wshift-overflow=2 -Wduplicated-cond -Wnull-dereference
  OPTIONS = USE_PCRE2=1 USE_PCRE2_JIT=1 USE_GETADDRINFO=1 USE_OPENSSL=1 
USE_LUA=1 USE_ZLIB=1

Feature list : +EPOLL -KQUEUE +NETFILTER -PCRE -PCRE_JIT +PCRE2 +PCRE2_JIT 
+POLL -PRIVATE_CACHE +THREAD -PTHREAD_PSHARED +BACKTRACE -STATIC_PCRE 
-STATIC_PCRE2 +TPROXY +LINUX_TPROXY +LINUX_SPLICE +LIBCRYPT +CRYPT_H 
+GETADDRINFO +OPENSSL +LUA +FUTEX +ACCEPT4 +ZLIB -SLZ +CPU_AFFINITY +TFO +NS 
+DL +RT -DEVICEATLAS -51DEGREES -WURFL -SYSTEMD -OBSOLETE_LINKER +PRCTL 
+THREAD_DUMP -EVPORTS

Default settings :
  bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Built with multi-threading support (MAX_THREADS=64, default=8).
Built with OpenSSL version : OpenSSL 1.1.1d  10 Sep 2019
Running on OpenSSL version : OpenSSL 1.1.1d  10 Sep 2019
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3
Built with Lua version : Lua 5.3.3
Built with network namespace support.
Built with gcc compiler version 8.3.0
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT 
IP_FREEBIND
Built with PCRE2 version : 10.32 2018-09-10
PCRE2 library supports JIT : yes
Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.11
Running on zlib version : 1.2.11
Compression algorithms supported : identity("identity"), deflate("deflate"), 
raw-deflate("deflate"), gzip("gzip")
Built with the Prometheus exporter as a service

Available polling systems :
  epoll : pref=300,  test result OK
   poll : pref=200,  test result OK
 select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.

Available multiplexer protocols :
(protocols marked as  cannot be specified using 'proto' keyword)
  h2 : mode=HTTP   side=FE|BE mux=H2
fcgi : mode=HTTP   side=BEmux=FCGI
: mode=HTTP   side=FE|BE mux=H1
: mode=TCPside=FE|BE mux=PASS

Available services :
prometheus-exporter

Available filters :
[SPOE] spoe
[CACHE] cache
[FCGI] fcgi-app
[TRACE] trace
[COMP] compression
```

HAProxy config:
```
global
log stdout format raw daemon debug

defaults
log global

modehttp
option  httplog
option  dontlognull
option log-health-checks

timeout connect 5s
timeout client  50s
timeout server  50s

frontend myproxy
bind :8080
default_backend phpservers

backend phpservers
use-fcgi-app php-fpm

option httpchk
http-check connect default linger proto fcgi
http-check send meth GET uri /ping ver HTTP/1.1
http-check expect string pong

server server1 127.0.0.1:9000 proto fcgi check

fcgi-app php-fpm
log-stderr global
docroot /var/www/html
index index.php
path-info ^(/.+\.php)(/.*)?$

```

PHP Config
```
egrep -v '^(;|$)' /tmp/php-conf/php-fpm.conf
[global]
pid = /run/php7.4-fpm.pid