Re: backend has no server available!

[Igor Cicimov]

On Mon, Nov 13, 2017 at 11:28 PM, James Stroehmann <
james.stroehm...@proquest.com> wrote:

> I had a similar problem, and I believe reducing my ‘hold valid’ setting to
> 1s fixed it.
>
>
>
>
>

​Possible explanation is the "inter" parameter which is by default set to
2s for the "check" operation, see
https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#inter for
details.

In other words, read the docs about ALL timeouts set in Haproxy to figure
out how they correlate between each other and how to set the proper values
for your user case.​




> *From:* DHAVAL JAISWAL [mailto:dhava...@gmail.com]
> *Sent:* Monday, November 13, 2017 2:31 AM
> *To:* HAproxy Mailing Lists 
> *Subject:* backend has no server available!
>
>
>
> [External Email]
>
> I had the following config where we are using AWS ELB for load balancing.
> However, now we are keep getting backend test_cluster has no server
> available!
>
>
>
> Under this ELB two servers attached. Both instance are in healthy state.
> Healthy state we are checking on port 80 and tomcat response sending on
> port 8080
>
>
>
> internal-testtomcatautoscale-1314784611.ap-southeast-1.elb.amazonaws.com
>
>
>
>
>
> resolvers testresolver
>
>   nameserver dns1 169.254.169.253:53
>
>   resolve_retries   3
>
>   timeout retry 1s
>
>   hold valid   10s
>
>
>
> backend test_cluster
>
> mode http
>
> option forwardfor
>
> fullconn 1
>
> option httpchk /test-testalive
>
> http-check expect string OK
>
> option http-server-close
>
> option abortonclose
>
> balance roundrobin
>
> server server1 internal-testtomcatautoscale-1314784611.ap-southeast-1.elb.
> amazonaws.com:8080 check resolvers testresolver
>
>
>
>
>
> What could be the cause of this issue. How can i fix it.
>
>
>



-- 
Igor Cicimov | DevOps


p. +61 (0) 433 078 728
e. ig...@encompasscorporation.com 
w*.* www.encompasscorporation.com
a. Level 4, 65 York Street, Sydney 2000

Re: HAProxy fails to compile against BoringSSL since 1.8-rc1

[Jamie Hewland]

Ah, this stuff moves too quickly! I got it to build with the BoringSSL
version in Chrome Beta (63).

Thank you for your time!

Jamie

On Mon, 13 Nov 2017 at 11:15 Emmanuel Hocdet  wrote:

>
> Hi Jamie,
>
> you need to take a up to date BoringSSL commit (
> https://github.com/JayH5/docker-haproxy-boringssl/blob/master/1.8-dev/Dockerfile#L10
> )
>
> ++
> Manu
>
> Le 11 nov. 2017 à 16:32, Jamie Hewland  a écrit :
>
> Hi there,
>
> I maintain a Docker-based build of HAProxy built against BoringSSL,
> tracking the BoringSSL version in Google Chrome:
> https://github.com/JayH5/docker-haproxy-boringssl
>
> I'm not really using this for anything... it's mostly just for fun and to
> try out TLS 1.3.
>
> This used to build okay on the 1.8 branch with the 1.8-dev releases, but
> since 1.8-rc1, the build has broken with errors as follows:
>
> gcc -Iinclude -Iebtree -Wall  -O2 -g -fno-strict-aliasing 
> -Wdeclaration-after-statement -fwrapv   -Wno-null-dereference 
> -Wno-unused-label   -DCONFIG_HAP_LINUX_SPLICE -DTPROXY 
> -DCONFIG_HAP_LINUX_TPROXY -DCONFIG_HAP_CRYPT -DUSE_ZLIB  -DENABLE_POLL 
> -DENABLE_EPOLL -DUSE_CPU_AFFINITY -DASSUME_SPLICE_WORKS -DUSE_ACCEPT4 
> -DNETFILTER -DUSE_THREAD -DUSE_OPENSSL -I/usr/local/boringssl/include 
> -DUSE_SYSCALL_FUTEX -DUSE_LUA -I/usr/local/lua/include 
> -I/usr/local/lua/include -DUSE_PCRE2 -DPCRE2_CODE_UNIT_WIDTH=8  
> -I/usr/include -DUSE_PCRE2_JIT  -DCONFIG_HAPROXY_VERSION=\"1.8-rc3-34650d5\" 
> -DCONFIG_HAPROXY_DATE=\"2017/11/11\" -c -o src/hlua.o src/hlua.c
> src/ssl_sock.c: In function 'ctx_set_TLSv10_func':
> src/ssl_sock.c:1956:20: warning: implicit declaration of function 
> 'SSL_CTX_set_ssl_version' [-Wimplicit-function-declaration]
>   c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_server_method())
> ^~~
> src/ssl_sock.c: In function 'ssl_sock_switchctx_cbk':
> src/ssl_sock.c:2271:64: error: 'SET_MIN' undeclared (first use in this 
> function)
>  methodVersions[conf->ssl_methods.min].ssl_set_version(ssl, SET_MIN);
> ^~~
> src/ssl_sock.c:2271:64: note: each undeclared identifier is reported only 
> once for each function it appears in
> src/ssl_sock.c:2272:64: error: 'SET_MAX' undeclared (first use in this 
> function)
>  methodVersions[conf->ssl_methods.max].ssl_set_version(ssl, SET_MAX);
> ^~~
> make: *** [Makefile:896: src/ssl_sock.o] Error 1
> make: *** Waiting for unfinished jobs
>
>
> I haven't really had the time/energy to properly dig through things but I
> think there are some problems with the ifdefs in ssl_sock.c. I thought it
> might be worth reporting before the final 1.8 version is released.
>
> An example of the full logs of a Travis build are here:
> https://travis-ci.org/JayH5/docker-haproxy-boringssl/builds/300625108
>
> Thank you for a very useful piece of software!
>
>
> Jamie
>
>
>

Re: backend has no server available!

[DHAVAL JAISWAL]

I will apply the suggested setting.

Any other parameters need to modify or add here.

On Mon, Nov 13, 2017 at 5:58 PM, James Stroehmann <
james.stroehm...@proquest.com> wrote:

> I had a similar problem, and I believe reducing my ‘hold valid’ setting to
> 1s fixed it.
>
>
>
>
>
> *From:* DHAVAL JAISWAL [mailto:dhava...@gmail.com]
> *Sent:* Monday, November 13, 2017 2:31 AM
> *To:* HAproxy Mailing Lists 
> *Subject:* backend has no server available!
>
>
>
> [External Email]
>
> I had the following config where we are using AWS ELB for load balancing.
> However, now we are keep getting backend test_cluster has no server
> available!
>
>
>
> Under this ELB two servers attached. Both instance are in healthy state.
> Healthy state we are checking on port 80 and tomcat response sending on
> port 8080
>
>
>
> internal-testtomcatautoscale-1314784611.ap-southeast-1.elb.amazonaws.com
>
>
>
>
>
> resolvers testresolver
>
>   nameserver dns1 169.254.169.253:53
>
>   resolve_retries   3
>
>   timeout retry 1s
>
>   hold valid   10s
>
>
>
> backend test_cluster
>
> mode http
>
> option forwardfor
>
> fullconn 1
>
> option httpchk /test-testalive
>
> http-check expect string OK
>
> option http-server-close
>
> option abortonclose
>
> balance roundrobin
>
> server server1 internal-testtomcatautoscale-1314784611.ap-southeast-1.elb.
> amazonaws.com:8080 check resolvers testresolver
>
>
>
>
>
> What could be the cause of this issue. How can i fix it.
>
>
>



-- 
Thanks & Regards
Dhaval Jaiswal

RE: backend has no server available!

[James Stroehmann]

I had a similar problem, and I believe reducing my ‘hold valid’ setting to 1s 
fixed it.


From: DHAVAL JAISWAL [mailto:dhava...@gmail.com]
Sent: Monday, November 13, 2017 2:31 AM
To: HAproxy Mailing Lists 
Subject: backend has no server available!

[External Email]
I had the following config where we are using AWS ELB for load balancing. 
However, now we are keep getting backend test_cluster has no server available!

Under this ELB two servers attached. Both instance are in healthy state. 
Healthy state we are checking on port 80 and tomcat response sending on port 
8080

internal-testtomcatautoscale-1314784611.ap-southeast-1.elb.amazonaws.com


resolvers testresolver
  nameserver dns1 169.254.169.253:53
  resolve_retries   3
  timeout retry 1s
  hold valid   10s

backend test_cluster
mode http
option forwardfor
fullconn 1
option httpchk /test-testalive
http-check expect string OK
option http-server-close
option abortonclose
balance roundrobin
server server1 
internal-testtomcatautoscale-1314784611.ap-southeast-1.elb.amazonaws.com:8080
 check resolvers testresolver


What could be the cause of this issue. How can i fix it.

Re: option redispatch clarification

[Arthur Țițeică]

Hello,

Thank you for taking the time to answer in detail.

În ziua de vineri, 10 noiembrie 2017, la 18:24:09 EET, Willy Tarreau a scris:
> On Fri, Nov 10, 2017 at 06:05:06PM +0200, Arthur Titeica wrote:
> > If this doesn't work is there some other mechanism to achieve something
> > like this?
> 
> Aside the fact that you MUST never ever do this on non-idempotent requests,
> I don't see an easy way to do it as it would require to keep a complete copy
> of the request and to try to send it again. We've already thought about
> ugly solutions like rebuilding a new request upon certain responses, but
> for now there's nothing satisfying.

I understand that this is a complicated issue. I'm glad though that I got it 
out of the system as I always had the impression that it will work like that.

Regards
Arthur

Re: HAProxy fails to compile against BoringSSL since 1.8-rc1

[Emmanuel Hocdet]

Hi Jamie,

you need to take a up to date BoringSSL commit 
(https://github.com/JayH5/docker-haproxy-boringssl/blob/master/1.8-dev/Dockerfile#L10)

++
Manu

> Le 11 nov. 2017 à 16:32, Jamie Hewland  a écrit :
> 
> Hi there,
> 
> I maintain a Docker-based build of HAProxy built against BoringSSL, tracking 
> the BoringSSL version in Google Chrome: 
> https://github.com/JayH5/docker-haproxy-boringssl 
> 
> 
> I'm not really using this for anything... it's mostly just for fun and to try 
> out TLS 1.3.
> 
> This used to build okay on the 1.8 branch with the 1.8-dev releases, but 
> since 1.8-rc1, the build has broken with errors as follows:
> gcc -Iinclude -Iebtree -Wall  -O2 -g -fno-strict-aliasing 
> -Wdeclaration-after-statement -fwrapv   -Wno-null-dereference 
> -Wno-unused-label   -DCONFIG_HAP_LINUX_SPLICE -DTPROXY 
> -DCONFIG_HAP_LINUX_TPROXY -DCONFIG_HAP_CRYPT -DUSE_ZLIB  -DENABLE_POLL 
> -DENABLE_EPOLL -DUSE_CPU_AFFINITY -DASSUME_SPLICE_WORKS -DUSE_ACCEPT4 
> -DNETFILTER -DUSE_THREAD -DUSE_OPENSSL -I/usr/local/boringssl/include 
> -DUSE_SYSCALL_FUTEX -DUSE_LUA -I/usr/local/lua/include 
> -I/usr/local/lua/include -DUSE_PCRE2 -DPCRE2_CODE_UNIT_WIDTH=8  
> -I/usr/include -DUSE_PCRE2_JIT  -DCONFIG_HAPROXY_VERSION=\"1.8-rc3-34650d5\" 
> -DCONFIG_HAPROXY_DATE=\"2017/11/11\" -c -o src/hlua.o src/hlua.c
> src/ssl_sock.c: In function 'ctx_set_TLSv10_func':
> src/ssl_sock.c:1956:20: warning: implicit declaration of function 
> 'SSL_CTX_set_ssl_version' [-Wimplicit-function-declaration]
>   c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_server_method())
> ^~~
> src/ssl_sock.c: In function 'ssl_sock_switchctx_cbk':
> src/ssl_sock.c:2271:64: error: 'SET_MIN' undeclared (first use in this 
> function)
>  methodVersions[conf->ssl_methods.min].ssl_set_version(ssl, SET_MIN);
> ^~~
> src/ssl_sock.c:2271:64: note: each undeclared identifier is reported only 
> once for each function it appears in
> src/ssl_sock.c:2272:64: error: 'SET_MAX' undeclared (first use in this 
> function)
>  methodVersions[conf->ssl_methods.max].ssl_set_version(ssl, SET_MAX);
> ^~~
> make: *** [Makefile:896: src/ssl_sock.o] Error 1
> make: *** Waiting for unfinished jobs
> 
> I haven't really had the time/energy to properly dig through things but I 
> think there are some problems with the ifdefs in ssl_sock.c. I thought it 
> might be worth reporting before the final 1.8 version is released.
> 
> An example of the full logs of a Travis build are here: 
> https://travis-ci.org/JayH5/docker-haproxy-boringssl/builds/300625108 
> 
> 
> Thank you for a very useful piece of software!
> 
> 
> Jamie