Re: Host name resolution in IPv6 only entry in /etc/hosts

[Willy Tarreau]

Hi Nenad,

On Mon, Jul 25, 2016 at 10:30:55AM +0200, Nenad Merdanovic wrote:
> Hello Willy,
> 
> On 7/20/2016 9:28 PM, Willy Tarreau wrote:
> > I vaguely remind such a conversation in the past with reports of
> > getaddrinfo() not returning what was expected. Maybe that's something
> > to consider for a next major version (eg: 1.7). However we could
> > possibly have something intermediary for 1.6 : having the option to
> > force to use GAI and not use it by default. That wouldn't break existing
> > setups and would allow those who need it to use it as-is. We'd basically
> > build with "USE_GHBN_FIRST" in addition to "USE_GETADDRINFO", it would
> > then use only gethostbyname except if the option forces the other one.
> > 
> > Does this sound like a reasonable option ?
> 
> It sounds fine, until I think all the various ways we enable or disable
> this. We have:
> - Build option to build with gai(), preferring it
> - Runtime flag to disable gai(), falling back to ghbn()
> - Configuration option to disable gai(), falling back to ghbn()
> 
> Now we would need to add:
> - Build option to prefer ghbn() when gai() is enabled
> - A configuration option/runtime flag to switch back to gai() in the
> case above
> 
> I am pretty familiar with this part of the code, and it makes my head
> hurt :)
> 
> I'd vote to keep 1.6 as is, and completely break 1.7 by removing the
> build option USE_GETADDRINFO and building with it by default, perhaps
> switching to NO_GETADDRINFO for any platforms that are broken (if such
> exist). We then just keep the runtime flag/config option for people who
> wish to disable it.

We definitely need to have an option to disable it, because getaddrinfo
is broken on *many* platforms. In fact when implementing it I had a hard
time finding a really working one. Not kidding. Things have evolved since,
but legacy systems are still used quite a lot with either no or a broken
implementation (broken in various ways), and several embedded libraries
don't have a working one either or only recently fixed theirs.

Otherwise I'm fine with your proposal (ie make it the default starting
with 1.7 and not touch 1.6).

Regards,
willy

Re: Host name resolution in IPv6 only entry in /etc/hosts

[Nenad Merdanovic]

Hello Willy,

On 7/20/2016 9:28 PM, Willy Tarreau wrote:
> I vaguely remind such a conversation in the past with reports of
> getaddrinfo() not returning what was expected. Maybe that's something
> to consider for a next major version (eg: 1.7). However we could
> possibly have something intermediary for 1.6 : having the option to
> force to use GAI and not use it by default. That wouldn't break existing
> setups and would allow those who need it to use it as-is. We'd basically
> build with "USE_GHBN_FIRST" in addition to "USE_GETADDRINFO", it would
> then use only gethostbyname except if the option forces the other one.
> 
> Does this sound like a reasonable option ?

It sounds fine, until I think all the various ways we enable or disable
this. We have:
- Build option to build with gai(), preferring it
- Runtime flag to disable gai(), falling back to ghbn()
- Configuration option to disable gai(), falling back to ghbn()

Now we would need to add:
- Build option to prefer ghbn() when gai() is enabled
- A configuration option/runtime flag to switch back to gai() in the
case above

I am pretty familiar with this part of the code, and it makes my head
hurt :)

I'd vote to keep 1.6 as is, and completely break 1.7 by removing the
build option USE_GETADDRINFO and building with it by default, perhaps
switching to NO_GETADDRINFO for any platforms that are broken (if such
exist). We then just keep the runtime flag/config option for people who
wish to disable it.

Regards,
Nenad

Re: Host name resolution in IPv6 only entry in /etc/hosts

[Willy Tarreau]

Hi Nenad,

On Tue, Jul 19, 2016 at 03:06:30PM +0200, Nenad Merdanovic wrote:
> Adding Vincent here, as he maintains the Debian package.
> 
> On 7/19/2016 2:21 PM, Albert Casademont wrote:
> > Makes sense, I assumed that the Debian package was compiled with that
> > option by default...it's a PITA that it is not, do you think this is
> > something to be reported to the maintainers of the package?
> 
> I am in favor of this change, especially since there are command line
> and configuration options to disable gai() even though it is enabled
> during build time.
> 
> That being said, this change could break current configurations in such
> a way that IPv6 starts being used over IPv4, leading to backends not
> being available or silently breaking (RPAF/mod_realip or MySQL grants
> don't get updated are the first breakages that come to mind)

I vaguely remind such a conversation in the past with reports of
getaddrinfo() not returning what was expected. Maybe that's something
to consider for a next major version (eg: 1.7). However we could
possibly have something intermediary for 1.6 : having the option to
force to use GAI and not use it by default. That wouldn't break existing
setups and would allow those who need it to use it as-is. We'd basically
build with "USE_GHBN_FIRST" in addition to "USE_GETADDRINFO", it would
then use only gethostbyname except if the option forces the other one.

Does this sound like a reasonable option ?

Willy

Re: Host name resolution in IPv6 only entry in /etc/hosts

[Nenad Merdanovic]

Adding Vincent here, as he maintains the Debian package.

On 7/19/2016 2:21 PM, Albert Casademont wrote:
> Makes sense, I assumed that the Debian package was compiled with that
> option by default...it's a PITA that it is not, do you think this is
> something to be reported to the maintainers of the package?

I am in favor of this change, especially since there are command line
and configuration options to disable gai() even though it is enabled
during build time.

That being said, this change could break current configurations in such
a way that IPv6 starts being used over IPv4, leading to backends not
being available or silently breaking (RPAF/mod_realip or MySQL grants
don't get updated are the first breakages that come to mind)

Regards,
Nenad

Re: Host name resolution in IPv6 only entry in /etc/hosts

[Albert Casademont]

Makes sense, I assumed that the Debian package was compiled with that
option by default...it's a PITA that it is not, do you think this is
something to be reported to the maintainers of the package?

HA-Proxy version 1.6.6 2016/06/26
Copyright 2000-2016 Willy Tarreau 

Build options :
  TARGET  = linux2628
  CPU = generic
  CC  = gcc
  CFLAGS  = -g -O2 -fPIE -fstack-protector-strong -Wformat
-Werror=format-security -D_FORTIFY_SOURCE=2
  OPTIONS = USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1 USE_LUA=1 USE_PCRE=1

Default settings :
  maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.8
Compression algorithms supported : identity("identity"),
deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with OpenSSL version : OpenSSL 1.0.1t  3 May 2016
Running on OpenSSL version : OpenSSL 1.0.1t  3 May 2016
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 8.35 2014-04-04
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with Lua version : Lua 5.3.1
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT
IP_FREEBIND

Available polling systems :
  epoll : pref=300,  test result OK
   poll : pref=200,  test result OK
 select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.



On Mon, Jul 18, 2016 at 11:53 PM, Nenad Merdanovic  wrote:

> Dropped ML by mistake
>
> On 07/18/2016 11:47 PM, Nenad Merdanovic wrote:
> > Hello,
> >
> > On 07/18/2016 02:41 PM, Albert Casademont wrote:
> >> Hi!
> >>
> >> I was trying to configure am IPv6 only backend using the hostname in
> >> /etc/hosts and the HAProxy kept failing to initialize. As soon as I put
> >> an IPV4 address for that hostname in /etc/hosts it worked. I have
> >> resorted to manualy putting the IPV6 address in the HAProxy config file,
> >> but ideally an IPV6 only hostname should work.
> >>
> >> Sample config:
> >>
> >> server test1 test1.domain:80
> >>
> >> In /etc/hosts
> >>
> >> ::1 test1.domain
> >>
> >> It will fail to initialize
> >>
> >
> > Can you check 'haproxy -vv' to see if HAproxy is compiled with
> > USE_GETADDRINFO, if not, compile it with that option "make TARGET=...
> > USE_GETADDRINFO=1"
> >
> > It should work then, if gai.conf is OK.
> >
> > Regards,
> > Nenad
> >
>

Re: Host name resolution in IPv6 only entry in /etc/hosts

[Nenad Merdanovic]

Dropped ML by mistake

On 07/18/2016 11:47 PM, Nenad Merdanovic wrote:
> Hello,
> 
> On 07/18/2016 02:41 PM, Albert Casademont wrote:
>> Hi!
>>
>> I was trying to configure am IPv6 only backend using the hostname in
>> /etc/hosts and the HAProxy kept failing to initialize. As soon as I put
>> an IPV4 address for that hostname in /etc/hosts it worked. I have
>> resorted to manualy putting the IPV6 address in the HAProxy config file,
>> but ideally an IPV6 only hostname should work.
>>
>> Sample config:
>>
>> server test1 test1.domain:80
>>
>> In /etc/hosts
>>
>> ::1 test1.domain
>>
>> It will fail to initialize
>>
> 
> Can you check 'haproxy -vv' to see if HAproxy is compiled with
> USE_GETADDRINFO, if not, compile it with that option "make TARGET=...
> USE_GETADDRINFO=1"
> 
> It should work then, if gai.conf is OK.
> 
> Regards,
> Nenad
> 

Host name resolution in IPv6 only entry in /etc/hosts

[Albert Casademont]

Hi!

I was trying to configure am IPv6 only backend using the hostname in
/etc/hosts and the HAProxy kept failing to initialize. As soon as I put an
IPV4 address for that hostname in /etc/hosts it worked. I have resorted to
manualy putting the IPV6 address in the HAProxy config file, but ideally an
IPV6 only hostname should work.

Sample config:

server test1 test1.domain:80

In /etc/hosts

::1 test1.domain

It will fail to initialize

Thank you!