Re: DNS Resolver Issues
Hello! I am currently on vacation for two weeks, but I'll see to it when I get back. There is no particular reason for the specific check address here, as you correctly figured. It is just an artefact of the template used to create the configuration. I can remove that, but there might be cases were it matters (though I don't think we have any ATM AFAIR). Would not have guessed there would be different resolution paths; if this is intentional, a note in the documentation would be helpful. I can provide that when I am back and when there is clarity on why it would be like this. Thank you very much for your help! Cheers, Daniel > On 23. Mar 2019, at 14:53, PiBa-NL wrote: > > Hi Daniel, Baptiste, > > @Daniel, can you remove the 'addr loadbalancer-internal.xxx.yyy' from the > server check? It seems to me that that name is not being resolved by the > 'resolvers'. And even if it would it would be kinda redundant as it is in the > example as it is the same as the servername.?. Not sure how far below > scenarios are all explained by this though.. > > @Baptiste, is it intentional that a wrong 'addr' dns name makes haproxy fail > to start despite having the supposedly never failing 'default-server > init-addr last,libc,none' ? Is it possibly a good feature request to support > re-resolving a dns name for the addr setting as well ? > > Regards, > PiBa-NL (Pieter) > > Op 21-3-2019 om 20:37 schreef Daniel Schneller: >> Hi! >> >> Thanks for the response. I had looked at the "hold" directives, but since >> they all seem to have reasonable defaults, I did not touch them. >> I specified 10s explictly, but it did not make a difference. >> >> I did some more tests, however, and it seems to have more to do with the >> number of responses for the initial(?) DNS queries. >> Hopefully these three tables make sense and don't get mangled in the mail. >> The "templated" >> proxy is defined via "server-template" with 3 "slots". The "regular" one >> just as "server". >> >> >> Test 1: Start out with both "valid" and "broken" DNS entries. Then comment >> out/add back >> one at a time as described in (1)-(5). >> Each time after changing /etc/hosts, restart dnsmasq and check haproxy via >> hatop. >> Haproxy started fresh once dnsmasq was set up to (1). >> >>| state state >> /etc/hosts | regular templated >>|- >> (1) BRK| UP/L7OK DOWN/L4TOUT >> VALID | MAINT/resolution >>| UP/L7OK >>| >> >> (2) BRK| DOWN/L4TOUT DOWN/L4TOUT >> #VALID | MAINT/resolution >>| MAINT/resolution >>| >> (3) #BRK | UP/L7OK UP/L7OK >> VALID | MAINT/resolution >>| MAINT/resolution >>| >> (4) BRK| UP/L7OK UP/L7OK >> VALID | DOWN/L4TOUT >>| MAINT/resolution >>| >> (5) BRK| DOWN/L4TOUT DOWN/L4TOUT >> #VALID | MAINT/resolution >>| MAINT/resolution >> This all looks normal and as expected. As soon as the >> "VALID" DNS entry is present, the >> UP state follows within a few seconds. >> >> >> Test 2: Start out "valid only" (1) and proceed as described in (2)-(5), >> again restarting >> dnsmasq each time, and haproxy reloaded after dnsmasq was set up to (1). >> >>| state state >> /etc/hosts | regular templated >>| >> (1) #BRK | UP/L7OK MAINT/resolution >> VALID | MAINT/resolution >>| UP/L7OK >>| >> (2) BRK| UP/L7OK DOWN/L4TOUT >> VALID | MAINT/resolution >>| UP/L7OK >>| >> (3) #BRK | UP/L7OK MAINT/resolution >> VALID | MAINT/resolution >>| UP/L7OK >>| >> (4) BRK| UP/L7OK DOWN/L4TOUT >> VALID | MAINT/resolution >>| UP/L7OK >
Re: segfault in eb32sc_lookup_ge (1.9.4)
Hi. Please can you try to use 1.9.5 and see if still happen. Best regards Aleks Ursprüngliche Nachricht Von: "Максим Куприянов" Gesendet: 24. März 2019 16:59:59 MEZ An: HAProxy Betreff: segfault in eb32sc_lookup_ge (1.9.4) Hi! I caught 2 segfaults on different machines. Both look the same: haproxy[483437]: segfault at 8 ip 55d7185283fa sp 7f257955f5b8 error 4 in haproxy[55d7183b1000+1d7000] Unfortunately I don't have core files and their configs are too big and complex to share, but I figured out, the point of segfault if it could help: pointer from segfault record: 0x55d7185283fa - 0x55d7183b1000 = 0x1773fa (gdb) info line *0x1773fa Line 121 of "ebtree/eb32sctree.h" starts at address 0x1773fa and ends at 0x1773fe . executable info: haproxy -v HA-Proxy version 1.9.4-2 2019/02/28 - https://haproxy.org/ Build options : TARGET = linux2628 CPU = generic CC = gcc CFLAGS = -O2 -g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-old-style-declaration -Wno-ignored-qualifiers -Wno-clobbered -Wno-missing-field-initializers -Wtype-limits OPTIONS = USE_GETADDRINFO=1 USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1 USE_LUA=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_TFO=1 USE_NS=1 Default settings : maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200 Built with OpenSSL version : OpenSSL 1.0.1f 6 Jan 2014 Running on OpenSSL version : OpenSSL 1.0.1f 6 Jan 2014 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports : SSLv3 TLSv1.0 TLSv1.1 TLSv1.2 Built with Lua version : Lua 5.3.1 Built with network namespace support. Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Built with zlib version : 1.2.8 Running on zlib version : 1.2.8 Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip") Built with PCRE version : 8.31 2012-07-06 Running on PCRE version : 8.31 2012-07-06 PCRE library supports JIT : no (libpcre build without JIT?) Encrypted password support via crypt(3): yes Built with multi-threading support. Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. Available multiplexer protocols : (protocols marked as cannot be specified using 'proto' keyword) h2 : mode=HTXside=FE|BE h2 : mode=HTTP side=FE : mode=HTXside=FE|BE : mode=TCP|HTTP side=FE|BE Available filters : [SPOE] spoe [COMP] compression [CACHE] cache [TRACE] trace -- Best regards, Maksim Kupriianov
segfault in eb32sc_lookup_ge (1.9.4)
Hi! I caught 2 segfaults on different machines. Both look the same: haproxy[483437]: segfault at 8 ip 55d7185283fa sp 7f257955f5b8 error 4 in haproxy[55d7183b1000+1d7000] Unfortunately I don't have core files and their configs are too big and complex to share, but I figured out, the point of segfault if it could help: pointer from segfault record: 0x55d7185283fa - 0x55d7183b1000 = 0x1773fa (gdb) info line *0x1773fa Line 121 of "ebtree/eb32sctree.h" starts at address 0x1773fa and ends at 0x1773fe . executable info: haproxy -v HA-Proxy version 1.9.4-2 2019/02/28 - https://haproxy.org/ Build options : TARGET = linux2628 CPU = generic CC = gcc CFLAGS = -O2 -g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-old-style-declaration -Wno-ignored-qualifiers -Wno-clobbered -Wno-missing-field-initializers -Wtype-limits OPTIONS = USE_GETADDRINFO=1 USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1 USE_LUA=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_TFO=1 USE_NS=1 Default settings : maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200 Built with OpenSSL version : OpenSSL 1.0.1f 6 Jan 2014 Running on OpenSSL version : OpenSSL 1.0.1f 6 Jan 2014 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports : SSLv3 TLSv1.0 TLSv1.1 TLSv1.2 Built with Lua version : Lua 5.3.1 Built with network namespace support. Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Built with zlib version : 1.2.8 Running on zlib version : 1.2.8 Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip") Built with PCRE version : 8.31 2012-07-06 Running on PCRE version : 8.31 2012-07-06 PCRE library supports JIT : no (libpcre build without JIT?) Encrypted password support via crypt(3): yes Built with multi-threading support. Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. Available multiplexer protocols : (protocols marked as cannot be specified using 'proto' keyword) h2 : mode=HTXside=FE|BE h2 : mode=HTTP side=FE : mode=HTXside=FE|BE : mode=TCP|HTTP side=FE|BE Available filters : [SPOE] spoe [COMP] compression [CACHE] cache [TRACE] trace -- Best regards, Maksim Kupriianov