On Tue, May 29, 2018 at 08:35:19PM +0200, William Dauchy wrote: > I however don't see on which part haproxy would > need to do dns lookup on our side. Front end side is host matching and > backend side is IP only.
We studied the possibility that a reload happends at the exact moment the config finishes to be parsed and thought about such possibilities as well. We could imagine that you're using tons of certificates and that they take a bit of time to be processed on startup. But despite this apparently the startup sequence *looks* safe. > But I will have a closer look at this point. What I am missing for now > is how to know when haproxy is considered as "ready" to prevent new > reloads. >From what I understood it's when the workers are forked, at this point sd_notify is used. There's very likely a race somewhere there. We imagined several hypothesis, like reload signal being delivered before workers are started, etc, but William managed to rule them all out till now. All ideas and silly suggestions are welcome of course. Cheers, Willy
