[PATCH v2 3/4] MEDIUM: Only report drain state in stats if server has SRV_ADMF_DRAIN set
There are some similarities between a weight of zero and the
administratively set drain state: both allow existing connections
to continue while not accepting any new ones.
However, when reporting a server state generally a distinction is made
between state=UP,weight=0 and state=DRAIN,weight=*. This patch makes
stats reporting consistent in this regard.
This patch does not alter the behaviour that if a server's weight
is zero then its stats row is blue when accessed via HTML. This remains
the case regardless of if the state is UP or DRAIN.
Signed-off-by: Simon Horman
---
v2
* Reworked to use SRV_*
* Keep blue for zero weight regardless of state
---
src/dumpstats.c | 11 ++-
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/src/dumpstats.c b/src/dumpstats.c
index b505d4e2e172..5704fe4fdcf4 100644
--- a/src/dumpstats.c
+++ b/src/dumpstats.c
@@ -3906,13 +3906,14 @@ static int stats_dump_proxy_to_buffer(struct
stream_interface *si, struct proxy
sv_colour = SRV_STATS_COLOUR_UP;
}
- if (server_is_draining(sv)) {
- if (sv_state ==
SRV_STATS_STATE_UP_GOING_DOWN) {
+ if (sv_state == SRV_STATS_STATE_UP &&
!svs->uweight)
+ sv_colour = SRV_STATS_COLOUR_DRAINING;
+
+ if (sv->admin & SRV_ADMF_DRAIN) {
+ if (sv_state ==
SRV_STATS_STATE_UP_GOING_DOWN)
sv_state =
SRV_STATS_STATE_DRAIN_GOING_DOWN;
- } else {
+ else
sv_state =
SRV_STATS_STATE_DRAIN;
- sv_colour =
SRV_STATS_COLOUR_DRAINING;
- }
}
if (sv_state == SRV_STATS_STATE_UP &&
!(svs->check.state & CHK_ST_ENABLED)) {
--
2.1.4
[PATCH v2 2/4] MEDIUM: Separate server state and colour in stats
There is a relationship between the state and colour of a server in
stats, however, it is not a one-to-one relationship and the current
implementation has proved fragile.
This patch attempts to address that problem by clearly separating
state and colour.
A follow-up patch will further distinguish between DRAIN states
and DRAINING colours.
Signed-off-by: Simon Horman
---
v2
* First post
---
src/dumpstats.c | 134 +++-
1 file changed, 83 insertions(+), 51 deletions(-)
diff --git a/src/dumpstats.c b/src/dumpstats.c
index 402fb0ae98ad..b505d4e2e172 100644
--- a/src/dumpstats.c
+++ b/src/dumpstats.c
@@ -2934,13 +2934,35 @@ enum srv_stats_state {
SRV_STATS_STATE_COUNT, /* Must be last */
};
+enum srv_stats_colour {
+ SRV_STATS_COLOUR_DOWN = 0,
+ SRV_STATS_COLOUR_GOING_UP,
+ SRV_STATS_COLOUR_GOING_DOWN,
+ SRV_STATS_COLOUR_UP,
+ SRV_STATS_COLOUR_NOLB,
+ SRV_STATS_COLOUR_DRAINING,
+ SRV_STATS_COLOUR_NO_CHECK,
+
+ SRV_STATS_COLOUR_COUNT, /* Must be last */
+};
+
+static const char *srv_stats_colour_st[SRV_STATS_COLOUR_COUNT] = {
+ [SRV_STATS_COLOUR_DOWN] = "down",
+ [SRV_STATS_COLOUR_GOING_UP] = "going_up",
+ [SRV_STATS_COLOUR_GOING_DOWN] = "going_down",
+ [SRV_STATS_COLOUR_UP] = "up",
+ [SRV_STATS_COLOUR_NOLB] = "nolb",
+ [SRV_STATS_COLOUR_DRAINING] = "draining",
+ [SRV_STATS_COLOUR_NO_CHECK] = "no_check",
+};
+
/* Dumps a line for server and proxy to the trash and uses the state
* from stream interface , stats flags , and server state .
* The caller is responsible for clearing the trash if needed. Returns non-zero
* if it emits anything, zero otherwise.
*/
static int stats_dump_sv_stats(struct stream_interface *si, struct proxy *px,
int flags, struct server *sv,
- enum srv_stats_state state)
+ enum srv_stats_state state, enum
srv_stats_colour colour)
{
struct appctx *appctx = __objt_appctx(si->end);
struct server *via, *ref;
@@ -2974,8 +2996,8 @@ static int stats_dump_sv_stats(struct stream_interface
*si, struct proxy *px, in
chunk_appendf(&trash, "");
else
chunk_appendf(&trash,
- "",
- (sv->flags & SRV_F_BACKUP) ? "backup" :
"active", state);
+ "",
+ (sv->flags & SRV_F_BACKUP) ? "backup" :
"active", srv_stats_colour_st[colour]);
if ((px->cap & PR_CAP_BE) && px->srv &&
(appctx->ctx.stats.flags & STAT_ADMIN))
chunk_appendf(&trash,
@@ -3853,6 +3875,7 @@ static int stats_dump_proxy_to_buffer(struct
stream_interface *si, struct proxy
/* stats.sv has been initialized above */
for (; appctx->ctx.stats.sv != NULL; appctx->ctx.stats.sv =
sv->next) {
enum srv_stats_state sv_state;
+ enum srv_stats_colour sv_colour;
if (buffer_almost_full(rep->buf)) {
si->flags |= SI_FL_WAIT_ROOM;
@@ -3875,37 +3898,52 @@ static int stats_dump_proxy_to_buffer(struct
stream_interface *si, struct proxy
if (sv->state == SRV_ST_RUNNING || sv->state ==
SRV_ST_STARTING) {
if ((svs->check.state & CHK_ST_ENABLED) &&
- (svs->check.health < svs->check.rise +
svs->check.fall - 1))
+ (svs->check.health < svs->check.rise +
svs->check.fall - 1)) {
sv_state =
SRV_STATS_STATE_UP_GOING_DOWN;
- else
+ sv_colour = SRV_STATS_COLOUR_GOING_DOWN;
+ } else {
sv_state = SRV_STATS_STATE_UP;
+ sv_colour = SRV_STATS_COLOUR_UP;
+ }
if (server_is_draining(sv)) {
- if (sv_state ==
SRV_STATS_STATE_UP_GOING_DOWN)
+ if (sv_state ==
SRV_STATS_STATE_UP_GOING_DOWN) {
sv_state =
SRV_STATS_STATE_DRAIN_GOING_DOWN;
- else
+ } else {
sv_state =
SRV_STATS_STATE_DRAIN;
+ sv_colour =
SRV_STATS_COLOUR_DRAINING;
+ }
}
- if (sv_state == SRV_STATS_STATE_UP &&
!(svs->check.state & CHK_ST_ENABLED))
+
[PATCH v2 1/4] MEDIUM: Add enum srv_stats_state
Add an enumeration to make the handling of the states of servers
in status messages somewhat clearer.
This is the first of a two-step attempt to disentangle the state and
colour of status information. A subsequent patch will separate state
colours from the states themselves.
This patch should not make any functional changes.
Signed-off-by: Simon Horman
---
v2
* First post
---
src/dumpstats.c | 104 +++-
1 file changed, 57 insertions(+), 47 deletions(-)
diff --git a/src/dumpstats.c b/src/dumpstats.c
index d82ce8538841..402fb0ae98ad 100644
--- a/src/dumpstats.c
+++ b/src/dumpstats.c
@@ -2919,14 +2919,28 @@ static int stats_dump_li_stats(struct stream_interface
*si, struct proxy *px, st
return 1;
}
+enum srv_stats_state {
+ SRV_STATS_STATE_DOWN = 0,
+ SRV_STATS_STATE_DOWN_AGENT,
+ SRV_STATS_STATE_GOING_UP,
+ SRV_STATS_STATE_UP_GOING_DOWN,
+ SRV_STATS_STATE_UP,
+ SRV_STATS_STATE_NOLB_GOING_DOWN,
+ SRV_STATS_STATE_NOLB,
+ SRV_STATS_STATE_DRAIN_GOING_DOWN,
+ SRV_STATS_STATE_DRAIN,
+ SRV_STATS_STATE_NO_CHECK,
+
+ SRV_STATS_STATE_COUNT, /* Must be last */
+};
+
/* Dumps a line for server and proxy to the trash and uses the state
* from stream interface , stats flags , and server state .
* The caller is responsible for clearing the trash if needed. Returns non-zero
- * if it emits anything, zero otherwise. The parameter can take the
- * following values : 0=DOWN, 1=DOWN(agent) 2=going up, 3=going down, 4=UP,
5,6=NOLB,
- * 7,8=DRAIN, 9=unchecked.
+ * if it emits anything, zero otherwise.
*/
-static int stats_dump_sv_stats(struct stream_interface *si, struct proxy *px,
int flags, struct server *sv, int state)
+static int stats_dump_sv_stats(struct stream_interface *si, struct proxy *px,
int flags, struct server *sv,
+ enum srv_stats_state state)
{
struct appctx *appctx = __objt_appctx(si->end);
struct server *via, *ref;
@@ -2943,17 +2957,17 @@ static int stats_dump_sv_stats(struct stream_interface
*si, struct proxy *px, in
ref = ref->track;
if (appctx->ctx.stats.flags & STAT_FMT_HTML) {
- static char *srv_hlt_st[10] = {
- "DOWN",
- "DOWN (agent)",
- "DN %d/%d ↑",
- "UP %d/%d ↓",
- "UP",
- "NOLB %d/%d ↓",
- "NOLB",
- "DRAIN %d/%d ↓",
- "DRAIN",
- "no check"
+ static char *srv_hlt_st[SRV_STATS_STATE_COUNT] = {
+ [SRV_STATS_STATE_DOWN] = "DOWN",
+ [SRV_STATS_STATE_DOWN_AGENT]= "DOWN
(agent)",
+ [SRV_STATS_STATE_GOING_UP] = "DN %d/%d
↑",
+ [SRV_STATS_STATE_UP_GOING_DOWN] = "UP %d/%d
↓",
+ [SRV_STATS_STATE_UP]= "UP",
+ [SRV_STATS_STATE_NOLB_GOING_DOWN] = "NOLB %d/%d
↓",
+ [SRV_STATS_STATE_NOLB] = "NOLB",
+ [SRV_STATS_STATE_DRAIN_GOING_DOWN] = "DRAIN %d/%d
↓",
+ [SRV_STATS_STATE_DRAIN] = "DRAIN",
+ [SRV_STATS_STATE_NO_CHECK] = "no
check",
};
if (sv->admin & SRV_ADMF_MAINT)
@@ -3197,17 +3211,17 @@ static int stats_dump_sv_stats(struct stream_interface
*si, struct proxy *px, in
chunk_appendf(&trash, "-\n");
}
else { /* CSV mode */
- static char *srv_hlt_st[10] = {
- "DOWN,",
- "DOWN (agent),",
- "DOWN %d/%d,",
- "UP %d/%d,",
- "UP,",
- "NOLB %d/%d,",
- "NOLB,",
- "DRAIN %d/%d,",
- "DRAIN,",
- "no check,"
+ static char *srv_hlt_st[SRV_STATS_STATE_COUNT] = {
+ [SRV_STATS_STATE_DOWN] = "DOWN,",
+ [SRV_STATS_STATE_DOWN_AGENT]= "DOWN
(agent),",
+ [SRV_STATS_STATE_GOING_UP] = "DOWN %d/%d,",
+ [SRV_STATS_STATE_UP_GOING_DOWN] = "UP %d/%d,",
+ [SRV_STATS_STATE_UP]= "UP,",
+ [SRV_STATS_STATE_NOLB_GOING_DOWN] = "NOLB %d/%d,",
+ [SRV_STATS_STATE_NOLB] = "NOLB,",
+ [SRV_STATS_STATE_DRAIN_GOING_DOWN] = "DRAIN
%d/%d,",
+ [SRV_STATS_STATE_DRAIN] = "DRAIN,",
+ [SRV_STATS_STATE_NO_CHECK]
[PATCH v2 0/4] MEDIUM: Enhancements to reporting of drain in stats
Hi, the motivation for this series is to enhance reporting of the drain state to: 1. Only report drain state in stats if server has SRV_ADMF_DRAIN set The motivation is to consistently differentiate between between state=UP,weight=0 and state=DRAIN,weight=* when reporting stats. 2. Differentiate between DRAIN and DRAIN (agent) The motivation here is to make DRAIN consistent with DOWN. A simpler version of this series was previously posted as "[PATCH 0/2] Minor enhancements to drain state". Thanks to Willy it became apparent to me that series had some side effects in relation to the colour used to report servers using HTML. This series attempts to address that problem by first disentangling the state and colour of servers in the first two patches, which are new - arguably a worthwhile clean-up in its own right. The remaining two patches implement the changes to reporting of the drain state, as described above. Patches have been lightly tested. Simon Horman (4): MEDIUM: Add enum srv_stats_state MEDIUM: Separate server state and colour in stats MEDIUM: Only report drain state in stats if server has SRV_ADMF_DRAIN set MEDIUM: Differentiate between DRAIN and DRAIN (agent) src/dumpstats.c | 236 ++-- 1 file changed, 142 insertions(+), 94 deletions(-) -- 2.1.4
[PATCH v2 4/4] MEDIUM: Differentiate between DRAIN and DRAIN (agent)
Differentiate between DRAIN and DRAIN (agent) when reporting stats.
This is consistent with the distinction made between DOWN and DOWN (agent).
Signed-off-by: Simon Horman
---
v2
* Reworked to use SRV_STATS_STATE_*
---
src/dumpstats.c | 7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/dumpstats.c b/src/dumpstats.c
index 5704fe4fdcf4..095371fd4ae3 100644
--- a/src/dumpstats.c
+++ b/src/dumpstats.c
@@ -2929,6 +2929,7 @@ enum srv_stats_state {
SRV_STATS_STATE_NOLB,
SRV_STATS_STATE_DRAIN_GOING_DOWN,
SRV_STATS_STATE_DRAIN,
+ SRV_STATS_STATE_DRAIN_AGENT,
SRV_STATS_STATE_NO_CHECK,
SRV_STATS_STATE_COUNT, /* Must be last */
@@ -2989,6 +2990,7 @@ static int stats_dump_sv_stats(struct stream_interface
*si, struct proxy *px, in
[SRV_STATS_STATE_NOLB] = "NOLB",
[SRV_STATS_STATE_DRAIN_GOING_DOWN] = "DRAIN %d/%d
↓",
[SRV_STATS_STATE_DRAIN] = "DRAIN",
+ [SRV_STATS_STATE_DRAIN_AGENT] = "DRAIN
(agent)",
[SRV_STATS_STATE_NO_CHECK] = "no
check",
};
@@ -3243,6 +3245,7 @@ static int stats_dump_sv_stats(struct stream_interface
*si, struct proxy *px, in
[SRV_STATS_STATE_NOLB] = "NOLB,",
[SRV_STATS_STATE_DRAIN_GOING_DOWN] = "DRAIN
%d/%d,",
[SRV_STATS_STATE_DRAIN] = "DRAIN,",
+ [SRV_STATS_STATE_DRAIN_AGENT] = "DRAIN
(agent)",
[SRV_STATS_STATE_NO_CHECK] = "no check,"
};
@@ -3910,7 +3913,9 @@ static int stats_dump_proxy_to_buffer(struct
stream_interface *si, struct proxy
sv_colour = SRV_STATS_COLOUR_DRAINING;
if (sv->admin & SRV_ADMF_DRAIN) {
- if (sv_state ==
SRV_STATS_STATE_UP_GOING_DOWN)
+ if (svs->agent.state & CHK_ST_ENABLED)
+ sv_state =
SRV_STATS_STATE_DRAIN_AGENT;
+ else if (sv_state ==
SRV_STATS_STATE_UP_GOING_DOWN)
sv_state =
SRV_STATS_STATE_DRAIN_GOING_DOWN;
else
sv_state =
SRV_STATS_STATE_DRAIN;
--
2.1.4
make install wants to install haproxy-systemd-wrapper
The makefile is trying to install the systemd wrapper on all platforms even if it isn't built. This is from the current build haproxy-ss-20150422 as well as haproxy-1.5.11. Makefile has this: install-bin: haproxy haproxy-systemd-wrapper install -d "$(DESTDIR)$(SBINDIR)" install haproxy "$(DESTDIR)$(SBINDIR)" install haproxy-systemd-wrapper "$(DESTDIR)$(SBINDIR)" The easy soltuion for non-linux systems is drop it to this: install-bin: haproxy install -d "$(DESTDIR)$(SBINDIR)" install haproxy "$(DESTDIR)$(SBINDIR)" Perhaps makefile could be properly fixed? Thanks, -tim
Stats for "other responses" not calculated for server 1
Hello We are using HAProxy version 1.5.11, released 2015/01/31 in front of Exchange 2013 in lab. Not sure if it a bug but stats for server 1 don't show "other responses" but in total of the backend the "other responses" show number. Server 1 stats == Cum. sessions: 132 Cum. HTTP responses:67 - HTTP 1xx responses: 0 (0%) - HTTP 2xx responses: 1 (1%) - HTTP 3xx responses: 0 (0%) - HTTP 4xx responses: 66 (98%) - HTTP 5xx responses: 0 (0%) - other responses: 0 (0%) Avg over last 1024 success. conn. - Queue time: 0 ms - Connect time: 1 ms - Response time:1 ms - Total time: 114 ms Server 2 stats == Cum. sessions: 132 Cum. HTTP responses:131 - HTTP 1xx responses: 0 (0%) - HTTP 2xx responses: 65 (49%) - HTTP 3xx responses: 0 (0%) - HTTP 4xx responses: 66 (50%) - HTTP 5xx responses: 0 (0%) - other responses: 0 (0%) Avg over last 1024 success. conn. - Queue time: 0 ms - Connect time: 1 ms - Response time:2 ms - Total time: 4508ms Total of the backend = Cum. sessions: 264 Cum. HTTP requests: 258 - HTTP 1xx responses: 0 - HTTP 2xx responses: 63 Compressed 2xx: 0 (0%) - HTTP 3xx responses: 0 - HTTP 4xx responses: 132 - HTTP 5xx responses: 0 - other responses: 63 Intercepted requests: 0 Avg over last 1024 success. conn. - Queue time: 0 ms - Connect time: 1 ms - Response time:2 ms - Total time: 4332ms Regards, Eric Bellavance
Re: abortonclose for established connections?
Hi Willy, thank you for the very detailed information. On Wed, Apr 22, 2015 at 8:57 AM, Willy Tarreau wrote: > That's normal, this is httpterm and it doesn't monitor the connection while > it's waiting. But in your case it should definitely work. Or it means that > your server ignores the client abort. It would be nice if you could double- > check this. > This could very well be the case. I will check and let you know. If your server does indeed not support client-abort, then there's a > workaround. Haproxy 1.5 supports half-closed timeouts. You can simply > add a directive "timeout server-fin 1s" and it will automatically close > the server connection 1 second after sending it the close if the server > doesn't respond (and then report a server error) : > My server is nginx, I will see if I can configure it to "abortonclose" as well. Otherwise the server-fin option looks viable. I suspect it could match your needs if the normal solution doesn't work. > This *does* require abortonclose since you want the shutdown() to have been > done first. Please keep us updated. > I will let you know, thanks again! Ludovico
Re: abortonclose for established connections?
Hi again Ludovico,
so I ran some tests here with latest 1.5. I telnet to haproxy, send
"GET /?t=1 HTTP/1.1" then quit. It forwards to a server which
waits 10s before responding.
First, without "option abortonclose" :
17:47:40.174784 accept4(7, {sa_family=AF_INET, sin_port=htons(53833),
sin_addr=inet_addr("127.0.0.1")}, [16], SOCK_NONBLOCK) = 12
17:47:40.174879 setsockopt(12, SOL_TCP, TCP_NODELAY, [1], 4) = 0
17:47:40.174927 accept4(7, 0x7fff89a6c8d0, [128], SOCK_NONBLOCK) = -1 EAGAIN
(Resource temporarily unavailable)
17:47:40.174994 recvfrom(12, 0x743234, 7000, 0, 0, 0) = -1 EAGAIN (Resource
temporarily unavailable)
17:47:40.175043 epoll_ctl(3, EPOLL_CTL_ADD, 12, {EPOLLIN|0x2000, {u32=12,
u64=12}}) = 0
17:47:40.175075 epoll_wait(3, {}, 200, 1000) = 0
17:47:41.176196 epoll_wait(3, {}, 200, 1000) = 0
17:47:42.177325 epoll_wait(3, {}, 200, 1000) = 0
17:47:43.178458 epoll_wait(3, {{EPOLLIN, {u32=12, u64=12}}}, 200, 1000) = 1
17:47:44.071505 recvfrom(12, "GET /?t=1 HTTP/1.1\r\n", 7000, 0, NULL, NULL)
= 24
17:47:44.071564 setsockopt(12, SOL_TCP, TCP_QUICKACK, [1], 4) = 0
17:47:44.071612 epoll_wait(3, {{EPOLLIN, {u32=12, u64=12}}}, 200, 1000) = 1
17:47:44.411719 recvfrom(12, "\r\n", 6976, 0, NULL, NULL) = 2
17:47:44.411809 socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 13
17:47:44.411841 fcntl(13, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
17:47:44.411864 setsockopt(13, SOL_TCP, TCP_NODELAY, [1], 4) = 0
17:47:44.411891 connect(13, {sa_family=AF_INET, sin_port=htons(8080),
sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EINPROGRESS (Operation now in
progress)
17:47:44.411969 epoll_wait(3, {}, 200, 0) = 0
17:47:44.411998 sendto(13, "GET /?t=1 HTTP/1.1\r\n\r\n", 26,
MSG_DONTWAIT|MSG_NOSIGNAL, NULL, 0) = 26
17:47:44.412047 epoll_wait(3, {}, 200, 0) = 0
17:47:44.412071 recvfrom(13, 0x745224, 7000, 0, 0, 0) = -1 EAGAIN (Resource
temporarily unavailable)
17:47:44.412096 epoll_ctl(3, EPOLL_CTL_ADD, 13, {EPOLLIN|0x2000, {u32=13,
u64=13}}) = 0
17:47:44.412121 epoll_wait(3, {}, 200, 1000) = 0
17:47:45.413235 epoll_wait(3, {{EPOLLIN|0x2000, {u32=12, u64=12}}}, 200, 1000)
= 1
17:47:46.288142 recvfrom(12, "", 7000, 0, NULL, NULL) = 0
=> the close was received
17:47:46.288210 epoll_ctl(3, EPOLL_CTL_DEL, 12, {0, {u32=12, u64=12}}) = 0
17:47:46.288242 epoll_wait(3, {}, 200, 1000) = 0
17:47:47.289369 epoll_wait(3, {}, 200, 1000) = 0
... but not forwarded, as expected.
Now with "option abortonclose" :
17:50:30.406154 accept4(7, {sa_family=AF_INET, sin_port=htons(53838),
sin_addr=inet_addr("127.0.0.1")}, [16], SOCK_NONBLOCK) = 12
17:50:30.406247 setsockopt(12, SOL_TCP, TCP_NODELAY, [1], 4) = 0
17:50:30.406297 accept4(7, 0x7fff407d3740, [128], SOCK_NONBLOCK) = -1 EAGAIN
(Resource temporarily unavailable)
17:50:30.406352 recvfrom(12, 0x743234, 7000, 0, 0, 0) = -1 EAGAIN (Resource
temporarily unavailable)
17:50:30.406415 epoll_ctl(3, EPOLL_CTL_ADD, 12, {EPOLLIN|0x2000, {u32=12,
u64=12}}) = 0
17:50:30.406444 epoll_wait(3, {}, 200, 1000) = 0
17:50:31.407562 epoll_wait(3, {}, 200, 1000) = 0
17:50:32.408696 epoll_wait(3, {}, 200, 1000) = 0
17:50:33.409768 epoll_wait(3, {{EPOLLIN, {u32=12, u64=12}}}, 200, 1000) = 1
17:50:33.451660 recvfrom(12, "GET /?t=1 HTTP/1.1\r\n", 7000, 0, NULL, NULL)
= 24
17:50:33.451715 setsockopt(12, SOL_TCP, TCP_QUICKACK, [1], 4) = 0
17:50:33.451762 epoll_wait(3, {{EPOLLIN, {u32=12, u64=12}}}, 200, 1000) = 1
17:50:33.736088 recvfrom(12, "\r\n", 6976, 0, NULL, NULL) = 2
17:50:33.736186 socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 13
17:50:33.736222 fcntl(13, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
17:50:33.736246 setsockopt(13, SOL_TCP, TCP_NODELAY, [1], 4) = 0
17:50:33.736272 connect(13, {sa_family=AF_INET, sin_port=htons(8080),
sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EINPROGRESS (Operation now in
progress)
17:50:33.736349 epoll_wait(3, {}, 200, 0) = 0
17:50:33.736378 sendto(13, "GET /?t=1 HTTP/1.1\r\n\r\n", 26,
MSG_DONTWAIT|MSG_NOSIGNAL, NULL, 0) = 26
17:50:33.736427 epoll_wait(3, {}, 200, 0) = 0
17:50:33.736451 recvfrom(13, 0x745224, 7000, 0, 0, 0) = -1 EAGAIN (Resource
temporarily unavailable)
17:50:33.736475 epoll_ctl(3, EPOLL_CTL_ADD, 13, {EPOLLIN|0x2000, {u32=13,
u64=13}}) = 0
17:50:33.736500 epoll_wait(3, {{EPOLLIN|0x2000, {u32=12, u64=12}}}, 200, 1000)
= 1
17:50:34.378879 recvfrom(12, "", 7000, 0, NULL, NULL) = 0
==> close was received
17:50:34.378929 shutdown(13, 1 /* send */) = 0
==> and immediately forwarded.
17:50:34.378992 epoll_ctl(3, EPOLL_CTL_DEL, 12, {0, {u32=12, u64=12}}) = 0
17:50:34.379043 epoll_wait(3, {}, 200, 1000) = 0
17:50:35.380170 epoll_wait(3, {}, 200, 1000) = 0
17:50:36.381305 epoll_wait(3, {}, 200, 1000) = 0
==> the server didn't consider it, as is confirmed here :
$ netstat -atn|grep CLO
tcp0 0 127.0.0.1:8080 127.0.0.1:36255 CLOSE_WAIT
tcp0 0 127.0.0.1:18080 127.0.0.1:53838 CLOSE_WAIT
That's normal, this is httpterm and it doesn't monitor the connection while
it's waiting. But in your cas
[SPAM] Meubles de jardins : Jusqu'à 200 euros offerts à saisir
Afficher la version web. (http://trk.mix.uneoffredeouf.com/view/5ng-kwV3.php) | Me désinscrire. (http://trk.mix.uneoffredeouf.com/usb/5ng-kwV3.php) | Signaler comme courrier indésirable. (mailto:ab...@dgcnit.fr) http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cfa.php http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cfb.php TABLE, CHAISE (http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cfc.php) SALON DE JARDIN (http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cfd.php) TRANSAT, HAMAC, BALANCELLE (http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cfe.php) TONNELLE, PARASOL (http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cff.php) http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cg4.php http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cfi.php JE FONCE (http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cfj.php) http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cfk.php http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cfl.php http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cfm.php J'EN PROFITE (http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cfn.php) http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cfo.php http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cfp.php http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cg3.php http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cft.php PARASOL DÉPORTÉ FRESNO (http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cfu.php) http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cfv.php http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cfw.php TRANSAT OKINAWA (http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cfx.php) http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cfy.php http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cfz.php SALON CUBA (http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cfA.php) http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cfB.php http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cg1.php http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cfI.php J'EN PROFITE (http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cfJ.php) http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cfK.php http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cfL.php J'EN PROFITE (http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cfM.php) http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cfN.php http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cfO.php J'EN PROFITE (http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cfP.php) http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cfQ.php http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cg2.php http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cfU.php PAIEMENT100 % SÉCURISÉ (http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cfV.php) http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cfW.php GARANTIEHESPÉRIDE (http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cfX.php) http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cfY.php ENTRETIENPRODUITS (http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cfZ.php) *Voir promotions sur les produits signalés sur hesperide.com (http://trk.mix.uneoffredeouf.com/tk/5ng-kwV3-cg0.php) , offre valable jusqu'au 30 avril 2015. Espaces Promos, 12 rue Camille Desmoulins, 92300 Levallois Perret. Conformément à l'article 34 de la loi Informatique et Liberté du 6 janvier 1978, vous disposez d'un droit d'accès, de modification, de rectification et de suppression des données vous concernant en adressant votre demande à "rep...@dgcnit.fr". Déclaration CNIL - 1642645
Re: Backend status changes continuously
> Sometimes during the test, I also see many "nf_conntrack: table full, > dropping > packet" messages on the host system. First, increase conntrack table size with the following sysctl net.netfilter.nf_conntrack_max=655360 run your test again and report the reslut here Baptiste
www.formilux.org
Hello, My name is Ryan and I am a content writer. I stumbled on to your website and I thought it was very informative. If you are interested I would love to write a post for your website that I think your audience would really love. I have a list of content titles I can send you and if you like any of them I will write a blog post of about 1000 words including images and video. Also, I have a few websites I run myself I can post a content piece you have written and will link it back to your website if you like. The more high quality and relevant links we get the more Google loves us right? Please let me know if you like this post idea or if you would like me to write about something else and I can get started right away. Thanks! Sincerely, Ryan Content-Management-Expert AU IT SOLUTIONS Headquarters: 41 Bridge Rd Glebe, NSW 2037, Australia Other Offices: Hong Kong & China | USA | New Zealand | UAE | Singapore
Re: Backend status changes continuously
On Wed, Apr 22, 2015 at 3:34 PM, Krishna Kumar (Engineering) < krishna...@flipkart.com> wrote: > Hi Baptists, > > Sorry I didn't provide more details earlier. > > > -- > 1. root@HAPROXY:~# haproxy -vv > > HA-Proxy version 1.5.8 2014/10/31 > Copyright 2000-2014 Willy Tarreau > > Build options : > TARGET = linux2628 > CPU = generic > CC = gcc > CFLAGS = -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat > -Werror=format-security -D_FORTIFY_SOURCE=2 > OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1 > > Default settings : > maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200 > > Encrypted password support via crypt(3): yes > Built with zlib version : 1.2.7 > Compression algorithms supported : identity, deflate, gzip > Built with OpenSSL version : OpenSSL 1.0.1e 11 Feb 2013 > Running on OpenSSL version : OpenSSL 1.0.1k 8 Jan 2015 > OpenSSL library supports TLS extensions : yes > OpenSSL library supports SNI : yes > OpenSSL library supports prefer-server-ciphers : yes > Built with PCRE version : 8.30 2012-02-04 > PCRE library supports JIT : no (USE_PCRE_JIT not set) > Built with transparent proxy support using: IP_TRANSPARENT > IPV6_TRANSPARENT IP_FREEBIND > > Available polling systems : > epoll : pref=300, test result OK >poll : pref=200, test result OK > select : pref=150, test result OK > Total: 3 (3 usable), will use epoll. > > -- > 2. Configuration file: > global > daemon > maxconn 6 > quiet > nbproc 2 > maxpipes 16384 > user haproxy > group haproxy > stats socket /var/run/haproxy.sock mode 600 level admin > stats timeout 2m > > defaults > option dontlognull > option forwardfor > option http-server-close > retries 3 > option redispatch > maxconn 6 > option splice-auto > option prefer-last-server > timeout connect 5000ms > timeout client 5ms > timeout server 5ms > > frontend www-http > bind *:80 > reqadd X-Forwarded-Proto:\ http > default_backend www-backend > > frontend www-https > bind *:443 ssl crt /etc/ssl/private/haproxy.pem ciphers > AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH > rspadd Strict-Transport-Security:\ max-age=31536000 > Just a note, if you want to use STS you need to put your site on the HSTS list for each browser ie Chrome and Firefox have separate ones etc. > reqadd X-Forwarded-Proto:\ https > default_backend www-backend > > userlist stats-auth > group adminusers admin > user admininsecure-password admin > group readonlyusers user > user userinsecure-password user > > backend www-backend > mode http > maxconn 6 > stats enable > stats uri /stats > acl AUTHhttp_auth(stats-auth) > acl AUTH_ADMINhttp_auth(stats-auth) admin > stats http-request auth unless AUTH > balance roundrobin > option prefer-last-server > option forwardfor > option splice-auto > option splice-request > option splice-response > compression offload > compression algo gzip > compression type text/html text/plain text/javascript > application/javascript application/xml text/css application/octet-stream > server nginx-1 192.168.122.101:80 maxconn 15000 cookie S1 check > server nginx-2 192.168.122.102:80 maxconn 15000 cookie S2 check > server nginx-3 192.168.122.103:80 maxconn 15000 cookie S3 check > server nginx-4 192.168.122.104:80 maxconn 15000 cookie S4 check > And where is your cookie and the checks setup? > > -- > > 3. A 24 processor Ubuntu system starts 2 nginx VM's (KVM, 2 vcpu, 1GB), > and 1 haproxy VM (KVM, 2 vcpu, 1GB). 'ab' runs on the host and tests with > either the haproxy VM, or directly to one of the 2 nginx VM's. > > Sometimes during the test, I also see many "nf_conntrack: table full, > dropping > packet" messages on the host system. > > Thanks. > - Krishna > > > On Tue, Apr 21, 2015 at 1:29 PM, Krishna Kumar (Engineering) < > krishna...@flipkart.com> wrote: > >> Hi all, >> >> While running the command: :" ab -n 10 -c 1000 192.168.122.110:80/256 >> ", >> the haproxy stats page shows the 4 different backend servers changing >> status >> between "Active up, going down", "Active or backup down", "Down", "Backup >> down, going UP", sometimes all 4 backends are in DOWN state. The result is >> very >> poor performance reported by 'ab' as compared to running directly against >> a >> single backend. >> >> What could be the reason for this continuous state change? >> >> root@HAPROXY:~# haproxy -vv >> HA-Proxy version 1.5.8 2014/10/31 >> Copyright 2000-2014 Willy Tarreau >> >> Build options : >>
Re: Access control for stats page
Actually deny if url_hastats !location_trusted !magic_cookie_trusted You could have another backend with a go away message and use_backend that rather than deny On 22 Apr 2015 03:54, "CJ Ess" wrote: > Very cool, thank you for the snippets! > > On Tue, Apr 21, 2015 at 6:55 PM, Neil - HAProxy List < > maillist-hapr...@iamafreeman.com> wrote: > >> heres are some relevent snips >> I run this in with same address as the service >> >> frontend SSL >> ... >> acl url_hastats url_beg /hastats >> acl location_trusted src 123.123.123.0/24 >> acl magic_cookie_trusted hdr_sub(cookie) >> magicforthissiteonly=foobar_SHA1value_etc >> use_backend hastats if url_hastats location_trusted >> use_backend hastats if url_hastats magic_cookie_trusted >> deny if url_hastats >> ... >> >> backend hastats >> mode http >> stats uri /hastats >> stats realm Service\ Loadbalancer >> stats show-desc url.domain: >> Service Loadbalancerrunning on >> hostname config version >> stats show-legends >> stats auth admin:password >> stats admin if TRUE >> >> >> On 21 April 2015 at 21:04, Neil - HAProxy List < >> maillist-hapr...@iamafreeman.com> wrote: >> >>> Hello >>> >>> Yep there is >>> >>> Have a frontend >>> >>> Send say /hastats to a hastats backend >>> >>> have the backend have its stats URL be /hastats too >>> >>> Set the acls in the frontend >>> >>> I'll post a config example in a bit. >>> >>> Neil >>> On 21 Apr 2015 20:09, "CJ Ess" wrote: >>> Is there a way to setup an ACL for the haproxy stats page? We do have authentication set up for the URL, but we would feel better if we could limit access to a white list of local networks. Is there a way to do that? >> >
