Re: Host name resolution in IPv6 only entry in /etc/hosts
Hi Nenad, On Mon, Jul 25, 2016 at 10:30:55AM +0200, Nenad Merdanovic wrote: > Hello Willy, > > On 7/20/2016 9:28 PM, Willy Tarreau wrote: > > I vaguely remind such a conversation in the past with reports of > > getaddrinfo() not returning what was expected. Maybe that's something > > to consider for a next major version (eg: 1.7). However we could > > possibly have something intermediary for 1.6 : having the option to > > force to use GAI and not use it by default. That wouldn't break existing > > setups and would allow those who need it to use it as-is. We'd basically > > build with "USE_GHBN_FIRST" in addition to "USE_GETADDRINFO", it would > > then use only gethostbyname except if the option forces the other one. > > > > Does this sound like a reasonable option ? > > It sounds fine, until I think all the various ways we enable or disable > this. We have: > - Build option to build with gai(), preferring it > - Runtime flag to disable gai(), falling back to ghbn() > - Configuration option to disable gai(), falling back to ghbn() > > Now we would need to add: > - Build option to prefer ghbn() when gai() is enabled > - A configuration option/runtime flag to switch back to gai() in the > case above > > I am pretty familiar with this part of the code, and it makes my head > hurt :) > > I'd vote to keep 1.6 as is, and completely break 1.7 by removing the > build option USE_GETADDRINFO and building with it by default, perhaps > switching to NO_GETADDRINFO for any platforms that are broken (if such > exist). We then just keep the runtime flag/config option for people who > wish to disable it. We definitely need to have an option to disable it, because getaddrinfo is broken on *many* platforms. In fact when implementing it I had a hard time finding a really working one. Not kidding. Things have evolved since, but legacy systems are still used quite a lot with either no or a broken implementation (broken in various ways), and several embedded libraries don't have a working one either or only recently fixed theirs. Otherwise I'm fine with your proposal (ie make it the default starting with 1.7 and not touch 1.6). Regards, willy
Re: Host name resolution in IPv6 only entry in /etc/hosts
Hello Willy, On 7/20/2016 9:28 PM, Willy Tarreau wrote: > I vaguely remind such a conversation in the past with reports of > getaddrinfo() not returning what was expected. Maybe that's something > to consider for a next major version (eg: 1.7). However we could > possibly have something intermediary for 1.6 : having the option to > force to use GAI and not use it by default. That wouldn't break existing > setups and would allow those who need it to use it as-is. We'd basically > build with "USE_GHBN_FIRST" in addition to "USE_GETADDRINFO", it would > then use only gethostbyname except if the option forces the other one. > > Does this sound like a reasonable option ? It sounds fine, until I think all the various ways we enable or disable this. We have: - Build option to build with gai(), preferring it - Runtime flag to disable gai(), falling back to ghbn() - Configuration option to disable gai(), falling back to ghbn() Now we would need to add: - Build option to prefer ghbn() when gai() is enabled - A configuration option/runtime flag to switch back to gai() in the case above I am pretty familiar with this part of the code, and it makes my head hurt :) I'd vote to keep 1.6 as is, and completely break 1.7 by removing the build option USE_GETADDRINFO and building with it by default, perhaps switching to NO_GETADDRINFO for any platforms that are broken (if such exist). We then just keep the runtime flag/config option for people who wish to disable it. Regards, Nenad
Re: Host name resolution in IPv6 only entry in /etc/hosts
Hi Nenad, On Tue, Jul 19, 2016 at 03:06:30PM +0200, Nenad Merdanovic wrote: > Adding Vincent here, as he maintains the Debian package. > > On 7/19/2016 2:21 PM, Albert Casademont wrote: > > Makes sense, I assumed that the Debian package was compiled with that > > option by default...it's a PITA that it is not, do you think this is > > something to be reported to the maintainers of the package? > > I am in favor of this change, especially since there are command line > and configuration options to disable gai() even though it is enabled > during build time. > > That being said, this change could break current configurations in such > a way that IPv6 starts being used over IPv4, leading to backends not > being available or silently breaking (RPAF/mod_realip or MySQL grants > don't get updated are the first breakages that come to mind) I vaguely remind such a conversation in the past with reports of getaddrinfo() not returning what was expected. Maybe that's something to consider for a next major version (eg: 1.7). However we could possibly have something intermediary for 1.6 : having the option to force to use GAI and not use it by default. That wouldn't break existing setups and would allow those who need it to use it as-is. We'd basically build with "USE_GHBN_FIRST" in addition to "USE_GETADDRINFO", it would then use only gethostbyname except if the option forces the other one. Does this sound like a reasonable option ? Willy
Re: Host name resolution in IPv6 only entry in /etc/hosts
Adding Vincent here, as he maintains the Debian package. On 7/19/2016 2:21 PM, Albert Casademont wrote: > Makes sense, I assumed that the Debian package was compiled with that > option by default...it's a PITA that it is not, do you think this is > something to be reported to the maintainers of the package? I am in favor of this change, especially since there are command line and configuration options to disable gai() even though it is enabled during build time. That being said, this change could break current configurations in such a way that IPv6 starts being used over IPv4, leading to backends not being available or silently breaking (RPAF/mod_realip or MySQL grants don't get updated are the first breakages that come to mind) Regards, Nenad
Re: Host name resolution in IPv6 only entry in /etc/hosts
Makes sense, I assumed that the Debian package was compiled with that option by default...it's a PITA that it is not, do you think this is something to be reported to the maintainers of the package? HA-Proxy version 1.6.6 2016/06/26 Copyright 2000-2016 Willy TarreauBuild options : TARGET = linux2628 CPU = generic CC = gcc CFLAGS = -g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 OPTIONS = USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1 USE_LUA=1 USE_PCRE=1 Default settings : maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200 Encrypted password support via crypt(3): yes Built with zlib version : 1.2.8 Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip") Built with OpenSSL version : OpenSSL 1.0.1t 3 May 2016 Running on OpenSSL version : OpenSSL 1.0.1t 3 May 2016 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports prefer-server-ciphers : yes Built with PCRE version : 8.35 2014-04-04 PCRE library supports JIT : no (USE_PCRE_JIT not set) Built with Lua version : Lua 5.3.1 Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. On Mon, Jul 18, 2016 at 11:53 PM, Nenad Merdanovic wrote: > Dropped ML by mistake > > On 07/18/2016 11:47 PM, Nenad Merdanovic wrote: > > Hello, > > > > On 07/18/2016 02:41 PM, Albert Casademont wrote: > >> Hi! > >> > >> I was trying to configure am IPv6 only backend using the hostname in > >> /etc/hosts and the HAProxy kept failing to initialize. As soon as I put > >> an IPV4 address for that hostname in /etc/hosts it worked. I have > >> resorted to manualy putting the IPV6 address in the HAProxy config file, > >> but ideally an IPV6 only hostname should work. > >> > >> Sample config: > >> > >> server test1 test1.domain:80 > >> > >> In /etc/hosts > >> > >> ::1 test1.domain > >> > >> It will fail to initialize > >> > > > > Can you check 'haproxy -vv' to see if HAproxy is compiled with > > USE_GETADDRINFO, if not, compile it with that option "make TARGET=... > > USE_GETADDRINFO=1" > > > > It should work then, if gai.conf is OK. > > > > Regards, > > Nenad > > >
Re: Host name resolution in IPv6 only entry in /etc/hosts
Dropped ML by mistake On 07/18/2016 11:47 PM, Nenad Merdanovic wrote: > Hello, > > On 07/18/2016 02:41 PM, Albert Casademont wrote: >> Hi! >> >> I was trying to configure am IPv6 only backend using the hostname in >> /etc/hosts and the HAProxy kept failing to initialize. As soon as I put >> an IPV4 address for that hostname in /etc/hosts it worked. I have >> resorted to manualy putting the IPV6 address in the HAProxy config file, >> but ideally an IPV6 only hostname should work. >> >> Sample config: >> >> server test1 test1.domain:80 >> >> In /etc/hosts >> >> ::1 test1.domain >> >> It will fail to initialize >> > > Can you check 'haproxy -vv' to see if HAproxy is compiled with > USE_GETADDRINFO, if not, compile it with that option "make TARGET=... > USE_GETADDRINFO=1" > > It should work then, if gai.conf is OK. > > Regards, > Nenad >
Host name resolution in IPv6 only entry in /etc/hosts
Hi! I was trying to configure am IPv6 only backend using the hostname in /etc/hosts and the HAProxy kept failing to initialize. As soon as I put an IPV4 address for that hostname in /etc/hosts it worked. I have resorted to manualy putting the IPV6 address in the HAProxy config file, but ideally an IPV6 only hostname should work. Sample config: server test1 test1.domain:80 In /etc/hosts ::1 test1.domain It will fail to initialize Thank you!