On Sat, Jan 31, 2015 at 12:59:34AM +0100, Lukas Tribus wrote:
> > The maxconn was set to 4096 before, and after 45 days, haproxy was
> > using 20gigs...
>
> Ok, can you set maxconn back to 4096, reproduce the leak (to at least
> a few gigabytes) and a run "show pools" a few times to see where
> exactly the memory consumption comes from?
Also, could you please send a network capture of the checks from
the firewall to haproxy (if possible, taken on the haproxy side) ?
It is possible that there is a specific sequence leading to an
improper close (eg: some SSL structs not being released at certain
steps in the handhskake, etc).
Please use this to take your capture :
tcpdump -vs0 -pi eth0 -w checks.cap host <firewall-ip> and port <local-port>
Wait for several seconds, then Ctrl-C. Be careful, your capture
will contain all the traffic flowing between haproxy and the
firewall's address facing it, so there might be confidential
information there, only send to the list if you think it's OK.
Ideally, in parallel you can try to strace haproxy during this
capture :
strace -tts200 -o checks.log -p $(pgrep haproxy)
Thanks,
Willy
