RE: Help required ehhe

[Andy.ANTHOINE.ext]

Thanks a lot man, i'll take a look at that ! really appreciate it :) i'll come 
back to you if needed, but the help was great! :)

-Message d'origine-
De : Aleksandar Lazic [mailto:al-hapr...@none.at]
Envoyé : vendredi 23 août 2019 11:14
À : ANTHOINE Andy (EXT) 
Cc : haproxy@formilux.org
Objet : Re: Help required ehhe



Am 23-08-2019 02:04, schrieb andy.anthoine@opt.nc:
> REALLY SORRY ABOUT THAT lo
>
> I'll copy paste my bad :D
>
> admin@sld-loadb-01-prd-cit:~$ curl -v -o /dev/null --max-time 5
> --http1.0 http://10.154.2.29:8080/iws/ curl -v -o /dev/null --max-time
> 5 --http1.0 http://10.154.2.29:8080/eoc/login
> -bash: curl: command not found
>
> Ok, i'll separate the commands next time :)
>
> The lb i m working on is the production one, i'll check, but can't
> really do anything like installing on it.

Okay.

> Telnet works :) if it's enough for you ?

should work.

> admin@sld-loadb-01-prd-cit:~$ telnet 10.154.2.29 8080 Trying
> 10.154.2.29...
> Connected to 10.154.2.29.
> Escape character is '^]'.
>
>
>> So on the back ends are the check ports reachable and you get a 200
>> back.
>
> server sli-ecmapp-01-prd-cit 10.154.2.29:8443 server
> sli-ecmapp-02-prd-cit 10.154.2.31:8443
>
> admin@sld-loadb-01-prd-cit:~$ telnet 10.154.2.29 8443 Trying
> 10.154.2.29...
> telnet: Unable to connect to remote host: No route to host

That's the problem!

The test was wrong. you make a telnet to 8443 but the check port is 8080 Try 
this.

echo -e 'GET /iws/ HTTP/1.0\n\r\n\r'|telnet 10.154.2.29 8080

> admin@sld-loadb-01-prd-cit:~$ telnet 10.154.2.31 8443 Trying
> 10.154.2.31...
> Connected to 10.154.2.31.
> Escape character is '^]'.
> ^CConnection closed by foreign host.

That's another one.

echo -e 'GET /iws/ HTTP/1.0\n\r\n\r'|telnet 10.154.2.31 8080

> Seems like i got one of my answer

Yes looks like.

>> Is there any firewall in between the LB & BE?
> Yes there is one

Are both ports (8080 & 8443) open from LB top both BE?

Looks like not a haproxy issue.

Regards
Aleks


> -Message d'origine-
> De : Aleksandar Lazic [mailto:al-hapr...@none.at] Envoyé : vendredi 23
> août 2019 10:57 À : ANTHOINE Andy (EXT)  Cc
> : haproxy@formilux.org Objet : Re: Help required ehhe
>
> Hi.
>
> Am 23-08-2019 01:43, schrieb andy.anthoine@opt.nc:
>
>> Hi,
>>
>> I can't launch the command from the LB
>
> I love screenshots! It's so easy to copy paste from them 8-/
>
> do you have any other tool which you can use to check if the
> connection is possible from LB to Backend?
>
> nc?
> telnet?
> ...?
>
>> But from the server he is what i get
>>
>> [root@sli-ecmapp2-prd ~]# curl -v -o /dev/null --max-time 5 --http1.0
>> http://10.154.2.29:8080/iws/  curl -v -o /dev/null --max-time 5
>> --http1.0 http://10.154.2.29:8080/eoc/login
>
> Please one curl AFTER the other, the next time, just separate the
> commands with ;.
>
> curl -v -o /dev/null --max-time 5 --http1.0
> http://10.154.2.29:8080/iws/ ; curl -v -o /dev/null --max-time 5
> --http1.0 http://10.154.2.29:8080/eoc/login
>
>> * About to connect() to 10.154.2.29 port 8080 (#0)
>> *   Trying 10.154.2.29...
> ...
>> 0 00 00 0  0  0 --:--:-- --:--:-- --:--:--
>>0* Connected to 10.154.2.29 (10.154.2.29) port 8080 (#0)
>>
>>> GET /iws/ HTTP/1.0
>>> User-Agent: curl/7.29.0
>>> Host: 10.154.2.29:8080
>>> Accept: */*
>>>
>>
>> < HTTP/1.1 200 OK
>> < Server: Apache-Coyote/1.1
>
> [snipp]
>
>> curl: (28) Resolving timed out after 5515 milliseconds
>
> That looks strange, but maybe not the issue for now.
>
>> * About to connect() to 10.154.2.29 port 8080 (#2)
>> *   Trying 10.154.2.29...
>> * Connected to 10.154.2.29 (10.154.2.29) port 8080 (#2)
>>
>>> GET /eoc/login HTTP/1.0
>>> User-Agent: curl/7.29.0
>>> Host: 10.154.2.29:8080
>>> Accept: */*
>>>
>>
>> < HTTP/1.1 200 OK
>> < Server: Apache-Coyote/1.1
>
> [snipp]
>
>> * Closing connection 2
>
> So on the back ends are the check ports reachable and you get a 200
> back.
> Is there any firewall in between the LB & BE?
>
> What's your haproxy version?
>
> haproxy -vv
>
>
>> Best regards
>>
>> Andy
>>
>> -Message d'origine-
>> De : Aleksandar Lazic [mailto:al-hapr...@none.at] Envoyé : vendredi
>> 23 août 2019 10:33 À : ANTHOINE Andy (EXT) 
>> Cc
>> : haproxy@formilux.org Objet : Re: Hel

Re: Help required ehhe

[Aleksandar Lazic]

Am 23-08-2019 02:04, schrieb andy.anthoine@opt.nc:

REALLY SORRY ABOUT THAT lo

I'll copy paste my bad :D

admin@sld-loadb-01-prd-cit:~$ curl -v -o /dev/null --max-time 5
--http1.0 http://10.154.2.29:8080/iws/ curl -v -o /dev/null --max-time
5 --http1.0 http://10.154.2.29:8080/eoc/login
-bash: curl: command not found

Ok, i'll separate the commands next time :)

The lb i m working on is the production one, i'll check, but can't
really do anything like installing on it.


Okay.


Telnet works :) if it's enough for you ?


should work.


admin@sld-loadb-01-prd-cit:~$ telnet 10.154.2.29 8080
Trying 10.154.2.29...
Connected to 10.154.2.29.
Escape character is '^]'.


So on the back ends are the check ports reachable and you get a 200 
back.


server sli-ecmapp-01-prd-cit 10.154.2.29:8443
server sli-ecmapp-02-prd-cit 10.154.2.31:8443

admin@sld-loadb-01-prd-cit:~$ telnet 10.154.2.29 8443
Trying 10.154.2.29...
telnet: Unable to connect to remote host: No route to host


That's the problem!

The test was wrong. you make a telnet to 8443 but the check port is 8080
Try this.

echo -e 'GET /iws/ HTTP/1.0\n\r\n\r'|telnet 10.154.2.29 8080


admin@sld-loadb-01-prd-cit:~$ telnet 10.154.2.31 8443
Trying 10.154.2.31...
Connected to 10.154.2.31.
Escape character is '^]'.
^CConnection closed by foreign host.


That's another one.

echo -e 'GET /iws/ HTTP/1.0\n\r\n\r'|telnet 10.154.2.31 8080


Seems like i got one of my answer


Yes looks like.


Is there any firewall in between the LB & BE?

Yes there is one


Are both ports (8080 & 8443) open from LB top both BE?

Looks like not a haproxy issue.

Regards
Aleks



-Message d'origine-
De : Aleksandar Lazic [mailto:al-hapr...@none.at]
Envoyé : vendredi 23 août 2019 10:57
À : ANTHOINE Andy (EXT) 
Cc : haproxy@formilux.org
Objet : Re: Help required ehhe

Hi.

Am 23-08-2019 01:43, schrieb andy.anthoine@opt.nc:


Hi,

I can't launch the command from the LB


I love screenshots! It's so easy to copy paste from them 8-/

do you have any other tool which you can use to check if the
connection is possible from LB to Backend?

nc?
telnet?
...?


But from the server he is what i get

[root@sli-ecmapp2-prd ~]# curl -v -o /dev/null --max-time 5 --http1.0
http://10.154.2.29:8080/iws/  curl -v -o /dev/null --max-time 5
--http1.0 http://10.154.2.29:8080/eoc/login


Please one curl AFTER the other, the next time, just separate the
commands with ;.

curl -v -o /dev/null --max-time 5 --http1.0
http://10.154.2.29:8080/iws/ ; curl -v -o /dev/null --max-time 5
--http1.0 http://10.154.2.29:8080/eoc/login


* About to connect() to 10.154.2.29 port 8080 (#0)
*   Trying 10.154.2.29...

...

0 00 00 0  0  0 --:--:-- --:--:-- --:--:--
   0* Connected to 10.154.2.29 (10.154.2.29) port 8080 (#0)


GET /iws/ HTTP/1.0
User-Agent: curl/7.29.0
Host: 10.154.2.29:8080
Accept: */*



< HTTP/1.1 200 OK
< Server: Apache-Coyote/1.1


[snipp]


curl: (28) Resolving timed out after 5515 milliseconds


That looks strange, but maybe not the issue for now.


* About to connect() to 10.154.2.29 port 8080 (#2)
*   Trying 10.154.2.29...
* Connected to 10.154.2.29 (10.154.2.29) port 8080 (#2)


GET /eoc/login HTTP/1.0
User-Agent: curl/7.29.0
Host: 10.154.2.29:8080
Accept: */*



< HTTP/1.1 200 OK
< Server: Apache-Coyote/1.1


[snipp]


* Closing connection 2


So on the back ends are the check ports reachable and you get a 200 
back.

Is there any firewall in between the LB & BE?

What's your haproxy version?

haproxy -vv



Best regards

Andy

-Message d'origine-
De : Aleksandar Lazic [mailto:al-hapr...@none.at] Envoyé : vendredi 23
août 2019 10:33 À : ANTHOINE Andy (EXT)  Cc
: haproxy@formilux.org Objet : Re: Help required ehhe

Am 23-08-2019 00:49, schrieb andy.anthoine@opt.nc:


Hi,







Ehhe not an external ip don't worry, or i would have deleted it hehe







No change, the problem seems to be there since before i m here, and



they now need it to be fixed







I don't see anything in particular in the logs, beside that kind of



thing which is normal since the server is rebooted at this time ;)







Aug 22 05:00:23 sld-loadb-01-prd-cit local1.alert haproxy[2244]:



Server ecmapp-prd-be-8443/sli-ecmapp-01-prd-cit is DOWN, reason:



Layer4 connection problem, info: "Connection refused at step 1 of



tcp-check (connect port 8080)", check duration: 0ms. 1 active and 0



backup servers left. 62 sessions active, 0 requeued, 0 remaining in



queue.


this looks to me that the loadbalancer can't connect to the backend
check port, is something listen on the backend server on port 8080?

Please can you try the following command from the loadbalancer.

curl -v -o /dev/null --max-time 5 --http1.0
http://10.154.2.29:8080/iws/ curl -v -o /dev/null --max-time 5
--http1.0 http://10.154.2.29:8080/

RE: Help required ehhe

[Andy.ANTHOINE.ext]

REALLY SORRY ABOUT THAT lo

I'll copy paste my bad :D

admin@sld-loadb-01-prd-cit:~$ curl -v -o /dev/null --max-time 5 --http1.0 
http://10.154.2.29:8080/iws/ curl -v -o /dev/null --max-time 5 --http1.0 
http://10.154.2.29:8080/eoc/login
-bash: curl: command not found

Ok, i'll separate the commands next time :)

The lb i m working on is the production one, i'll check, but can't really do 
anything like installing on it.

Telnet works :) if it's enough for you ?

admin@sld-loadb-01-prd-cit:~$ telnet 10.154.2.29 8080
Trying 10.154.2.29...
Connected to 10.154.2.29.
Escape character is '^]'.


So on the back ends are the check ports reachable and you get a 200 back.

server sli-ecmapp-01-prd-cit 10.154.2.29:8443
server sli-ecmapp-02-prd-cit 10.154.2.31:8443

admin@sld-loadb-01-prd-cit:~$ telnet 10.154.2.29 8443
Trying 10.154.2.29...
telnet: Unable to connect to remote host: No route to host
admin@sld-loadb-01-prd-cit:~$ telnet 10.154.2.31 8443
Trying 10.154.2.31...
Connected to 10.154.2.31.
Escape character is '^]'.
^CConnection closed by foreign host.

Seems like i got one of my answer


Is there any firewall in between the LB & BE? Yes there is one




-Message d'origine-
De : Aleksandar Lazic [mailto:al-hapr...@none.at]
Envoyé : vendredi 23 août 2019 10:57
À : ANTHOINE Andy (EXT) 
Cc : haproxy@formilux.org
Objet : Re: Help required ehhe

Hi.

Am 23-08-2019 01:43, schrieb andy.anthoine@opt.nc:

> Hi,
>
> I can't launch the command from the LB

I love screenshots! It's so easy to copy paste from them 8-/

do you have any other tool which you can use to check if the connection is 
possible from LB to Backend?

nc?
telnet?
...?

> But from the server he is what i get
>
> [root@sli-ecmapp2-prd ~]# curl -v -o /dev/null --max-time 5 --http1.0
> http://10.154.2.29:8080/iws/  curl -v -o /dev/null --max-time 5
> --http1.0 http://10.154.2.29:8080/eoc/login

Please one curl AFTER the other, the next time, just separate the commands with 
;.

curl -v -o /dev/null --max-time 5 --http1.0 http://10.154.2.29:8080/iws/ ; curl 
-v -o /dev/null --max-time 5 --http1.0 http://10.154.2.29:8080/eoc/login

> * About to connect() to 10.154.2.29 port 8080 (#0)
> *   Trying 10.154.2.29...
...
> 0 00 00 0  0  0 --:--:-- --:--:-- --:--:--
>0* Connected to 10.154.2.29 (10.154.2.29) port 8080 (#0)
>
>> GET /iws/ HTTP/1.0
>> User-Agent: curl/7.29.0
>> Host: 10.154.2.29:8080
>> Accept: */*
>>
>
> < HTTP/1.1 200 OK
> < Server: Apache-Coyote/1.1

[snipp]

> curl: (28) Resolving timed out after 5515 milliseconds

That looks strange, but maybe not the issue for now.

> * About to connect() to 10.154.2.29 port 8080 (#2)
> *   Trying 10.154.2.29...
> * Connected to 10.154.2.29 (10.154.2.29) port 8080 (#2)
>
>> GET /eoc/login HTTP/1.0
>> User-Agent: curl/7.29.0
>> Host: 10.154.2.29:8080
>> Accept: */*
>>
>
> < HTTP/1.1 200 OK
> < Server: Apache-Coyote/1.1

[snipp]

> * Closing connection 2

So on the back ends are the check ports reachable and you get a 200 back.
Is there any firewall in between the LB & BE?

What's your haproxy version?

haproxy -vv


> Best regards
>
> Andy
>
> -Message d'origine-
> De : Aleksandar Lazic [mailto:al-hapr...@none.at] Envoyé : vendredi 23
> août 2019 10:33 À : ANTHOINE Andy (EXT)  Cc
> : haproxy@formilux.org Objet : Re: Help required ehhe
>
> Am 23-08-2019 00:49, schrieb andy.anthoine@opt.nc:
>
>> Hi,
>
>>
>
>> Ehhe not an external ip don't worry, or i would have deleted it hehe
>
>>
>
>> No change, the problem seems to be there since before i m here, and
>
>> they now need it to be fixed
>
>>
>
>> I don't see anything in particular in the logs, beside that kind of
>
>> thing which is normal since the server is rebooted at this time ;)
>
>>
>
>> Aug 22 05:00:23 sld-loadb-01-prd-cit local1.alert haproxy[2244]:
>
>> Server ecmapp-prd-be-8443/sli-ecmapp-01-prd-cit is DOWN, reason:
>
>> Layer4 connection problem, info: "Connection refused at step 1 of
>
>> tcp-check (connect port 8080)", check duration: 0ms. 1 active and 0
>
>> backup servers left. 62 sessions active, 0 requeued, 0 remaining in
>
>> queue.
>
> this looks to me that the loadbalancer can't connect to the backend
> check port, is something listen on the backend server on port 8080?
>
> Please can you try the following command from the loadbalancer.
>
> curl -v -o /dev/null --max-time 5 --http1.0
> http://10.154.2.29:8080/iws/ curl -v -o /dev/null --max-time 5
> --http1.0 http://10.154.2.29:8080/eoc/login
>
> The same for 10.154.2.31

Re: Help required ehhe

[Aleksandar Lazic]

Hi.

Am 23-08-2019 01:43, schrieb andy.anthoine@opt.nc:


Hi,

I can't launch the command from the LB


I love screenshots! It's so easy to copy paste from them 8-/

do you have any other tool which you can use to check if the
connection is possible from LB to Backend?

nc?
telnet?
...?


But from the server he is what i get

[root@sli-ecmapp2-prd ~]# curl -v -o /dev/null --max-time 5 --http1.0
http://10.154.2.29:8080/iws/  curl -v -o /dev/null --max-time 5
--http1.0 http://10.154.2.29:8080/eoc/login


Please one curl AFTER the other, the next time, just separate the
commands with ;.

curl -v -o /dev/null --max-time 5 --http1.0 http://10.154.2.29:8080/iws/
; curl -v -o /dev/null --max-time 5 --http1.0
http://10.154.2.29:8080/eoc/login


* About to connect() to 10.154.2.29 port 8080 (#0)
*   Trying 10.154.2.29...

...

0 00 00 0  0  0 --:--:-- --:--:-- --:--:--
   0* Connected to 10.154.2.29 (10.154.2.29) port 8080 (#0)


GET /iws/ HTTP/1.0
User-Agent: curl/7.29.0
Host: 10.154.2.29:8080
Accept: */*



< HTTP/1.1 200 OK
< Server: Apache-Coyote/1.1


[snipp]


curl: (28) Resolving timed out after 5515 milliseconds


That looks strange, but maybe not the issue for now.


* About to connect() to 10.154.2.29 port 8080 (#2)
*   Trying 10.154.2.29...
* Connected to 10.154.2.29 (10.154.2.29) port 8080 (#2)


GET /eoc/login HTTP/1.0
User-Agent: curl/7.29.0
Host: 10.154.2.29:8080
Accept: */*



< HTTP/1.1 200 OK
< Server: Apache-Coyote/1.1


[snipp]


* Closing connection 2


So on the back ends are the check ports reachable and you get a 200
back.
Is there any firewall in between the LB & BE?

What's your haproxy version?

haproxy -vv



Best regards

Andy

-Message d'origine-
De : Aleksandar Lazic [mailto:al-hapr...@none.at]
Envoyé : vendredi 23 août 2019 10:33
À : ANTHOINE Andy (EXT) 
Cc : haproxy@formilux.org
Objet : Re: Help required ehhe

Am 23-08-2019 00:49, schrieb andy.anthoine@opt.nc:


Hi,







Ehhe not an external ip don't worry, or i would have deleted it hehe







No change, the problem seems to be there since before i m here, and



they now need it to be fixed







I don't see anything in particular in the logs, beside that kind of



thing which is normal since the server is rebooted at this time ;)







Aug 22 05:00:23 sld-loadb-01-prd-cit local1.alert haproxy[2244]:



Server ecmapp-prd-be-8443/sli-ecmapp-01-prd-cit is DOWN, reason:



Layer4 connection problem, info: "Connection refused at step 1 of



tcp-check (connect port 8080)", check duration: 0ms. 1 active and 0



backup servers left. 62 sessions active, 0 requeued, 0 remaining in



queue.


this looks to me that the loadbalancer can't connect to the backend
check port, is something listen on the backend server on port 8080?

Please can you try the following command from the loadbalancer.

curl -v -o /dev/null --max-time 5 --http1.0
http://10.154.2.29:8080/iws/ curl -v -o /dev/null --max-time 5
--http1.0 http://10.154.2.29:8080/eoc/login

The same for 10.154.2.31


What do you mean by that ?


I have shorten the config to reduce the size of the mail.


mode http







[snip more config]







-Message d'origine-



De : Aleksandar Lazic [mailto:al-hapr...@none.at] Envoyé : vendredi 23



août 2019 09:41 À : ANTHOINE Andy (EXT)  Cc



: haproxy@formilux.org Objet : Re: Help required ehhe







Hi.







Am 23-08-2019 00:28, schrieb andy.anthoine@opt.nc:







Hi,







I got that email on this site, not sure if it's still working etc



https://www.slideshare.net/haproxytech/haproxy-best-practice


[snipp]


What's your haproxy version?







haproxy -vv







Application load balancing & high availability v8.5.7 (8546)


That's not the full output of the command line call haproxy -vv .


Thanks a lot for the answer man !















Thanks !







Andy


Regards

Aleks

Ce
message et toutes les pièces jointes (ci-après le « message ») sont à
l'attention exclusive des destinataires désignés. Il peut contenir des
informations confidentielles. Si vous le recevez par erreur, merci d'en
informer immédiatement l'émetteur et de le détruire. Toute utilisation,
diffusion ou toute publication, totale ou partielle, est interdite,
sauf autorisation. Tout message électronique étant susceptible
d'altération, l'OPT NC décline toute responsabilité au titre de ce
message dans l'hypothèse où il aurait été modifié.
This message and any attachments (the «
message ») are intended solely for the addresses. It may contain
privileged information. If you receive this message in error, please
immediately notify the sender and delete it. Any use, dissemination or
disclosure, either whole or partial, is prohibited unless formal
approval. Emails are susceptible to alteration; OPT NC shall not
therefore be liable for the message if modified.

Pensez à l'environnement, n'imprimez que si nécessaire.

RE: Help required ehhe

[Andy.ANTHOINE.ext]

Hi,



I can't launch the command from the LB



[cid:image001.png@01D5599F.9D2D6E10]

But from the server he is what i get



[root@sli-ecmapp2-prd ~]# curl -v -o /dev/null --max-time 5 --http1.0 
http://10.154.2.29:8080/iws/ curl -v -o /dev/null --max-time 5 --http1.0 
http://10.154.2.29:8080/eoc/login

* About to connect() to 10.154.2.29 port 8080 (#0)

*   Trying 10.154.2.29...

  % Total% Received % Xferd  Average Speed   TimeTime Time  Current

 Dload  Upload   Total   SpentLeft  Speed

  0 00 00 0  0  0 --:--:-- --:--:-- --:--:-- 0* 
Connected to 10.154.2.29 (10.154.2.29) port 8080 (#0)

> GET /iws/ HTTP/1.0

> User-Agent: curl/7.29.0

> Host: 10.154.2.29:8080

> Accept: */*

>

< HTTP/1.1 200 OK

< Server: Apache-Coyote/1.1

< Accept-Ranges: bytes

< ETag: W/"1283-1552374458000"

< Last-Modified: Tue, 12 Mar 2019 07:07:38 GMT

< Content-Type: text/html

< Content-Length: 1283

< Date: Thu, 22 Aug 2019 23:42:28 GMT

< Connection: close

<

{ [data not shown]

100  1283  100  12830 0   632k  0 --:--:-- --:--:-- --:--:-- 1252k

* Closing connection 0

  0 00 00 0  0  0 --:--:--  0:00:04 --:--:-- 0* 
Resolving timed out after 5515 milliseconds

  0 00 00 0  0  0 --:--:--  0:00:06 --:--:-- 0

* Closing connection 1

curl: (28) Resolving timed out after 5515 milliseconds

* About to connect() to 10.154.2.29 port 8080 (#2)

*   Trying 10.154.2.29...

* Connected to 10.154.2.29 (10.154.2.29) port 8080 (#2)

> GET /eoc/login HTTP/1.0

> User-Agent: curl/7.29.0

> Host: 10.154.2.29:8080

> Accept: */*

>

< HTTP/1.1 200 OK

< Server: Apache-Coyote/1.1

< Date: Thu, 22 Aug 2019 23:42:34 GMT

< Cache-Control: no-cache

< Cache-Control: no-store

< Cache-Control: max-age=0

< X-Content-Type-Options: nosniff

< X-XSS-Protection: 1

< Set-Cookie: JSESSIONID=hr-UQa5y1CpyiQvYjONLkNyf; Path=/eoc

< Content-Type: text/html;charset=UTF-8

< Content-Length: 4398

< Connection: close

<







Login



var cwWebappPrefix='/eoc';var cwComma=",";var 
cwDecimal=".";var cwSessionTimeout=3000;var cwSessionTimeoutWarning=0;var 
cwHtEsc=false;var cwEnumHtEsc=true;var cwSkinnedWarnDialog = false;var 
formCount=0;var startLoading=false;function finishLoading(id){if(window[id] != 
null) {startLoading = false; return true;} else return false;}function 
loading(){return startLoading;}function 
increaseFormCount(){formCount++;}function decreaseFormCount(){formCount--;}var 
cwDefaultDialogMaskOpacity = 0;;var cwUE0311='Invalid date value. Valid format 
is ';

var cwUE0328='Start date must occur BEFORE End Date. Please correct 
the\n\t\t\tcriteria.';

var cwUE0116='This document contains errors and will not be saved.';

var cwUU0313='Warning';

var cwUU0315=' could not be matched to the display format: ';

var cwUU0316=' row(s) fetched (more exist but are not shown).';

var cwUU0317=' row(s) fetched.';

var cwUU0059='Please wait, operation in progress...';

var cwUU0318='Cancel';

var cwUU0319='Save';

var cwUU0322='No items found.';

var cwUU0324=' row(s) fetched out of ';

var cwUU0325=' row(s) found in total ';

var cwUU0326=' page(s).';





var isomorphicDir="/eoc/isomorphic/";var 
cwDir="../";









if(window.Browser.isIE){window.isc.Canvas.addClassProperties({$42a: 
"margin:0px;border:0px;padding:0px;background-color:transparent;background-image:none;",neverUsePNGWorkaround
 : true});window.isc.Canvas.addProperties({$r9:false});}

















if(window.Browser.isIE){isc.defineClass("MyResultSet", 
"ResultSet").addProperties({fetchRemoteDataReply : function (dsResponse, data, 
request) {if (dsResponse.httpResponseCode == 12152) 
{isc.RPCManager.handleError(dsResponse, request);} else {return 
this.Super("fetchRemoteDataReply", 
arguments);}}});isc.DataSource.addProperties({resultSetClass : 
"MyResultSet"});window.isc.RPCManager.addClassProperties({handleError : 
function (response, request) {Log.logWarn("httpResponseCode:  " + 
response.httpResponseCode);if (response.httpResponseCode == 12152) 
{window.isc.RPCManager.suspendTransaction(response.transactionNum);window.isc.Timer.setTimeout(function
 () 
{window.isc.RPCManager.resendTransaction(response.transactionNum);});}}});}







var $cwCurrentCss = '/css/ui_common.css'



isc.setAutoDraw(false);





* Closing connection 2



Best regards



Andy



-Message d'origine-
De : Aleksandar Lazic [mailto:al-hapr...@none.at]
Envoyé : vendredi 23 août 2019 10:33
À : ANTHOINE Andy (EXT) 
Cc : haproxy@formilux.org
Objet : Re: Help require

Re: Help required ehhe

[Aleksandar Lazic]

Am 23-08-2019 00:49, schrieb andy.anthoine@opt.nc:

Hi,

Ehhe not an external ip don't worry, or i would have deleted it hehe

No change, the problem seems to be there since before i m here, and
they now need it to be fixed

I don't see anything in particular in the logs, beside that kind of
thing which is normal since the server is rebooted at this time ;)

Aug 22 05:00:23 sld-loadb-01-prd-cit local1.alert haproxy[2244]:
Server ecmapp-prd-be-8443/sli-ecmapp-01-prd-cit is DOWN, reason:
Layer4 connection problem, info: "Connection refused at step 1 of
tcp-check (connect port 8080)", check duration: 0ms. 1 active and 0
backup servers left. 62 sessions active, 0 requeued, 0 remaining in
queue.


this looks to me that the loadbalancer can't connect to the backend
check port, is something listen on the backend server on port 8080?

Please can you try the following command from the loadbalancer.

curl -v -o /dev/null --max-time 5 --http1.0 http://10.154.2.29:8080/iws/
curl -v -o /dev/null --max-time 5 --http1.0 
http://10.154.2.29:8080/eoc/login


The same for 10.154.2.31


What do you mean by that ?


I have shorten the config to reduce the size of the mail.


mode http


[snip more config]

-Message d'origine-
De : Aleksandar Lazic [mailto:al-hapr...@none.at]
Envoyé : vendredi 23 août 2019 09:41
À : ANTHOINE Andy (EXT) 
Cc : haproxy@formilux.org
Objet : Re: Help required ehhe

Hi.

Am 23-08-2019 00:28, schrieb andy.anthoine@opt.nc:


Hi,

I got that email on this site, not sure if it's still working etc
https://www.slideshare.net/haproxytech/haproxy-best-practice


[snipp]


What's your haproxy version?

haproxy -vv

  Application load balancing & high availability v8.5.7 (8546)


That's not the full output of the command line call haproxy -vv .



Thanks a lot for the answer man !




Thanks !

Andy


Regards
Aleks

RE: Help required ehhe

[Andy.ANTHOINE.ext]

Hi,

Ehhe not an external ip don't worry, or i would have deleted it hehe

No change, the problem seems to be there since before i m here, and they now 
need it to be fixed

I don't see anything in particular in the logs, beside that kind of thing which 
is normal since the server is rebooted at this time ;)

Aug 22 05:00:23 sld-loadb-01-prd-cit local1.alert haproxy[2244]: Server 
ecmapp-prd-be-8443/sli-ecmapp-01-prd-cit is DOWN, reason: Layer4 connection 
problem, info: "Connection refused at step 1 of tcp-check (connect port 8080)", 
check duration: 0ms. 1 active and 0 backup servers left. 62 sessions active, 0 
requeued, 0 remaining in queue.

What do you mean by that ?

> mode http

[snip more config]




-Message d'origine-
De : Aleksandar Lazic [mailto:al-hapr...@none.at]
Envoyé : vendredi 23 août 2019 09:41
À : ANTHOINE Andy (EXT) 
Cc : haproxy@formilux.org
Objet : Re: Help required ehhe

Hi.

Am 23-08-2019 00:28, schrieb andy.anthoine@opt.nc:

> Hi,
>
> I got that email on this site, not sure if it's still working etc
> https://www.slideshare.net/haproxytech/haproxy-best-practice
>
> I'm having some issue with a service (white page sometimes for a
> webservice), and i m not totally sure it has anything to do with issue
> on my load balancer (i'm not the one who configured it, just having to
> work on it, guy gone, no documentation left etc…)
>
> When i started looking, i noticed that only this service had so many
> warnings and errors, so i thought « maybe » it can have something to
> do with it…

Was any changes in the setup which cloud be the reason for the the behaviour or 
you just recognizes it and it's "normal"?
What's in the logs?

> backend ecmapp-prd-be-8443
> acl kerberos hdr_beg(Authorization) -m beg Negotiate http-request
> replace-header Authorization (.*) "Basic " if kerberos

Ähm I hope this is not an U:P which is external visible

> mode http

[snip more config]

> Here is the configuration of the service, i m able to read half of it,
> chechking the documentation to find more information
>
> Thanks a lot of you can help, if not have a great day J

What's your haproxy version?

haproxy -vv

  Application load balancing & high availability v8.5.7 (8546)


Thanks a lot for the answer man !



> Thanks !
>
> Andy
>
> Ce
> message et toutes les pièces jointes (ci-après le « message ») sont à
> l'attention exclusive des destinataires désignés. Il peut contenir des
> informations confidentielles. Si vous le recevez par erreur, merci
> d'en informer immédiatement l'émetteur et de le détruire. Toute
> utilisation, diffusion ou toute publication, totale ou partielle, est
> interdite, sauf autorisation. Tout message électronique étant
> susceptible d'altération, l'OPT NC décline toute responsabilité au
> titre de ce message dans l'hypothèse où il aurait été modifié.
> This message and any attachments (the «
> message ») are intended solely for the addresses. It may contain
> privileged information. If you receive this message in error, please
> immediately notify the sender and delete it. Any use, dissemination or
> disclosure, either whole or partial, is prohibited unless formal
> approval. Emails are susceptible to alteration; OPT NC shall not
> therefore be liable for the message if modified.
>
> Pensez à l'environnement, n'imprimez que si nécessaire.

Always the same crap footer from the "enterprise" Companies to public mailing 
lists.

Regards
Aleks



Ce message et toutes les pièces jointes (ci-après le « message ») sont à 
l'attention exclusive des destinataires désignés. Il peut contenir des 
informations confidentielles. Si vous le recevez par erreur, merci d'en 
informer immédiatement l'émetteur et de le détruire. Toute utilisation, 
diffusion ou toute publication, totale ou partielle, est interdite, sauf 
autorisation. Tout message électronique étant susceptible d'altération, l'OPT 
NC décline toute responsabilité au titre de ce message dans l'hypothèse où il 
aurait été modifié.

This message and any attachments (the « message ») are intended solely for the 
addresses. It may contain privileged information. If you receive this message 
in error, please immediately notify the sender and delete it. Any use, 
dissemination or disclosure, either whole or partial, is prohibited unless 
formal approval. Emails are susceptible to alteration; OPT NC shall not 
therefore be liable for the message if modified.

Pensez à l'environnement, n'imprimez que si nécessaire.

Re: Help required ehhe

[Aleksandar Lazic]

Hi.

Am 23-08-2019 00:28, schrieb andy.anthoine@opt.nc:


Hi,

I got that email on this site, not sure if it's still working etc
https://www.slideshare.net/haproxytech/haproxy-best-practice

I'm having some issue with a service (white page sometimes for a
webservice), and i m not totally sure it has anything to do with issue
on my load balancer (i'm not the one who configured it, just having to
work on it, guy gone, no documentation left etc…)

When i started looking, i noticed that only this service had so many
warnings and errors, so i thought « maybe » it can have something to do
with it…


Was any changes in the setup which cloud be the reason for the the
behaviour or you just recognizes it and it's "normal"?
What's in the logs?


backend ecmapp-prd-be-8443
acl kerberos hdr_beg(Authorization) -m beg Negotiate
http-request replace-header Authorization (.*) "Basic " if
kerberos


Ähm I hope this is not an U:P which is external visible


mode http


[snip more config]


Here is the configuration of the service, i m able to read half of it,
chechking the documentation to find more information

Thanks a lot of you can help, if not have a great day J


What's your haproxy version?

haproxy -vv


Thanks !

Andy

Ce
message et toutes les pièces jointes (ci-après le « message ») sont à
l'attention exclusive des destinataires désignés. Il peut contenir des
informations confidentielles. Si vous le recevez par erreur, merci d'en
informer immédiatement l'émetteur et de le détruire. Toute utilisation,
diffusion ou toute publication, totale ou partielle, est interdite,
sauf autorisation. Tout message électronique étant susceptible
d'altération, l'OPT NC décline toute responsabilité au titre de ce
message dans l'hypothèse où il aurait été modifié.
This message and any attachments (the «
message ») are intended solely for the addresses. It may contain
privileged information. If you receive this message in error, please
immediately notify the sender and delete it. Any use, dissemination or
disclosure, either whole or partial, is prohibited unless formal
approval. Emails are susceptible to alteration; OPT NC shall not
therefore be liable for the message if modified.

Pensez à l'environnement, n'imprimez que si nécessaire.


Always the same crap footer from the "enterprise" Companies to public
mailing lists.

Regards
Aleks