Re: DNS Resolver Issues
Hello! I am currently on vacation for two weeks, but I'll see to it when I get back. There is no particular reason for the specific check address here, as you correctly figured. It is just an artefact of the template used to create the configuration. I can remove that, but there might be cases were it matters (though I don't think we have any ATM AFAIR). Would not have guessed there would be different resolution paths; if this is intentional, a note in the documentation would be helpful. I can provide that when I am back and when there is clarity on why it would be like this. Thank you very much for your help! Cheers, Daniel > On 23. Mar 2019, at 14:53, PiBa-NL wrote: > > Hi Daniel, Baptiste, > > @Daniel, can you remove the 'addr loadbalancer-internal.xxx.yyy' from the > server check? It seems to me that that name is not being resolved by the > 'resolvers'. And even if it would it would be kinda redundant as it is in the > example as it is the same as the servername.?. Not sure how far below > scenarios are all explained by this though.. > > @Baptiste, is it intentional that a wrong 'addr' dns name makes haproxy fail > to start despite having the supposedly never failing 'default-server > init-addr last,libc,none' ? Is it possibly a good feature request to support > re-resolving a dns name for the addr setting as well ? > > Regards, > PiBa-NL (Pieter) > > Op 21-3-2019 om 20:37 schreef Daniel Schneller: >> Hi! >> >> Thanks for the response. I had looked at the "hold" directives, but since >> they all seem to have reasonable defaults, I did not touch them. >> I specified 10s explictly, but it did not make a difference. >> >> I did some more tests, however, and it seems to have more to do with the >> number of responses for the initial(?) DNS queries. >> Hopefully these three tables make sense and don't get mangled in the mail. >> The "templated" >> proxy is defined via "server-template" with 3 "slots". The "regular" one >> just as "server". >> >> >> Test 1: Start out with both "valid" and "broken" DNS entries. Then comment >> out/add back >> one at a time as described in (1)-(5). >> Each time after changing /etc/hosts, restart dnsmasq and check haproxy via >> hatop. >> Haproxy started fresh once dnsmasq was set up to (1). >> >>| state state >> /etc/hosts | regular templated >>|- >> (1) BRK| UP/L7OK DOWN/L4TOUT >> VALID | MAINT/resolution >>| UP/L7OK >>| >> >> (2) BRK| DOWN/L4TOUT DOWN/L4TOUT >> #VALID | MAINT/resolution >>| MAINT/resolution >>| >> (3) #BRK | UP/L7OK UP/L7OK >> VALID | MAINT/resolution >>| MAINT/resolution >>| >> (4) BRK| UP/L7OK UP/L7OK >> VALID | DOWN/L4TOUT >>| MAINT/resolution >>| >> (5) BRK| DOWN/L4TOUT DOWN/L4TOUT >> #VALID | MAINT/resolution >>| MAINT/resolution >> This all looks normal and as expected. As soon as the >> "VALID" DNS entry is present, the >> UP state follows within a few seconds. >> >> >> Test 2: Start out "valid only" (1) and proceed as described in (2)-(5), >> again restarting >> dnsmasq each time, and haproxy reloaded after dnsmasq was set up to (1). >> >>| state state >> /etc/hosts | regular templated >>| >> (1) #BRK | UP/L7OK MAINT/resolution >> VALID | MAINT/resolution >>| UP/L7OK >>| >> (2) BRK| UP/L7OK DOWN/L4TOUT >> VALID | MAINT/resolution >>| UP/L7OK >>| >> (3) #BRK | UP/L7OK MAINT/resolution >> VALID | MAINT/resolution >>| UP/L7OK >>| >> (4) BRK| UP/L7OK DOWN/L4TOUT >> VALID | MAINT/resolution >>| UP/L7OK >
Re: segfault in eb32sc_lookup_ge (1.9.4)
Hi.
Please can you try to use 1.9.5 and see if still happen.
Best regards
Aleks
Ursprüngliche Nachricht
Von: "Максим Куприянов"
Gesendet: 24. März 2019 16:59:59 MEZ
An: HAProxy
Betreff: segfault in eb32sc_lookup_ge (1.9.4)
Hi!
I caught 2 segfaults on different machines. Both look the same:
haproxy[483437]: segfault at 8 ip 55d7185283fa sp 7f257955f5b8
error 4 in haproxy[55d7183b1000+1d7000]
Unfortunately I don't have core files and their configs are too big and
complex to share, but I figured out, the point of segfault if it could help:
pointer from segfault record: 0x55d7185283fa - 0x55d7183b1000 = 0x1773fa
(gdb) info line *0x1773fa
Line 121 of "ebtree/eb32sctree.h" starts at address 0x1773fa
and ends at 0x1773fe .
executable info:
haproxy -v
HA-Proxy version 1.9.4-2 2019/02/28 - https://haproxy.org/
Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -O2 -g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4
-Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -fno-strict-aliasing
-Wdeclaration-after-statement -fwrapv -Wno-unused-label -Wno-sign-compare
-Wno-unused-parameter -Wno-old-style-declaration -Wno-ignored-qualifiers
-Wno-clobbered -Wno-missing-field-initializers -Wtype-limits
OPTIONS = USE_GETADDRINFO=1 USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1
USE_LUA=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_TFO=1 USE_NS=1
Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200
Built with OpenSSL version : OpenSSL 1.0.1f 6 Jan 2014
Running on OpenSSL version : OpenSSL 1.0.1f 6 Jan 2014
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : SSLv3 TLSv1.0 TLSv1.1 TLSv1.2
Built with Lua version : Lua 5.3.1
Built with network namespace support.
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT
IP_FREEBIND
Built with zlib version : 1.2.8
Running on zlib version : 1.2.8
Compression algorithms supported : identity("identity"),
deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with PCRE version : 8.31 2012-07-06
Running on PCRE version : 8.31 2012-07-06
PCRE library supports JIT : no (libpcre build without JIT?)
Encrypted password support via crypt(3): yes
Built with multi-threading support.
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
Available multiplexer protocols :
(protocols marked as cannot be specified using 'proto' keyword)
h2 : mode=HTXside=FE|BE
h2 : mode=HTTP side=FE
: mode=HTXside=FE|BE
: mode=TCP|HTTP side=FE|BE
Available filters :
[SPOE] spoe
[COMP] compression
[CACHE] cache
[TRACE] trace
--
Best regards,
Maksim Kupriianov
segfault in eb32sc_lookup_ge (1.9.4)
Hi!
I caught 2 segfaults on different machines. Both look the same:
haproxy[483437]: segfault at 8 ip 55d7185283fa sp 7f257955f5b8
error 4 in haproxy[55d7183b1000+1d7000]
Unfortunately I don't have core files and their configs are too big and
complex to share, but I figured out, the point of segfault if it could help:
pointer from segfault record: 0x55d7185283fa - 0x55d7183b1000 = 0x1773fa
(gdb) info line *0x1773fa
Line 121 of "ebtree/eb32sctree.h" starts at address 0x1773fa
and ends at 0x1773fe .
executable info:
haproxy -v
HA-Proxy version 1.9.4-2 2019/02/28 - https://haproxy.org/
Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -O2 -g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4
-Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -fno-strict-aliasing
-Wdeclaration-after-statement -fwrapv -Wno-unused-label -Wno-sign-compare
-Wno-unused-parameter -Wno-old-style-declaration -Wno-ignored-qualifiers
-Wno-clobbered -Wno-missing-field-initializers -Wtype-limits
OPTIONS = USE_GETADDRINFO=1 USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1
USE_LUA=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_TFO=1 USE_NS=1
Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200
Built with OpenSSL version : OpenSSL 1.0.1f 6 Jan 2014
Running on OpenSSL version : OpenSSL 1.0.1f 6 Jan 2014
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : SSLv3 TLSv1.0 TLSv1.1 TLSv1.2
Built with Lua version : Lua 5.3.1
Built with network namespace support.
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT
IP_FREEBIND
Built with zlib version : 1.2.8
Running on zlib version : 1.2.8
Compression algorithms supported : identity("identity"),
deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with PCRE version : 8.31 2012-07-06
Running on PCRE version : 8.31 2012-07-06
PCRE library supports JIT : no (libpcre build without JIT?)
Encrypted password support via crypt(3): yes
Built with multi-threading support.
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
Available multiplexer protocols :
(protocols marked as cannot be specified using 'proto' keyword)
h2 : mode=HTXside=FE|BE
h2 : mode=HTTP side=FE
: mode=HTXside=FE|BE
: mode=TCP|HTTP side=FE|BE
Available filters :
[SPOE] spoe
[COMP] compression
[CACHE] cache
[TRACE] trace
--
Best regards,
Maksim Kupriianov
