Re: [BUG] 100% cpu on each threads

Fri, 12 Jan 2018 06:49:28 -0800 

> Le 12 janv. 2018 à 15:24, Willy Tarreau <[email protected]> a écrit :
> 
> On Fri, Jan 12, 2018 at 12:01:15PM +0100, Emmanuel Hocdet wrote:
>> When syndrome appear, i see such line on syslog:
>> (for one or all servers)
>> 
>> Server tls/L7_1 is DOWN, reason: Layer4 connection problem, info: "Bad file 
>> descriptor", check duration: 2018ms. 0 active and 1 backup servers left. 
>> Running on backup. 0 sessions active, 0 requeued, 0 remaining in queue.
> 

or new one:
Jan 12 13:25:13 webacc1 haproxy_ssl[31002]: Server tls/L7_1 is DOWN, reason: 
Layer4 connection problem, info: "General socket error (Bad file descriptor)", 
check duration: 0ms. 0 active and 1 backup servers left. Running on backup. 0 
sessions active, 0 requeued, 0 remaining in queue.


> So I tried a bit but found no way to reproduce this. I'll need some
> more info like the type of health-checks, probably the "server" line
> settings, stuff like this. Does it appear quickly or does it take a
> long time ? Also, does it recover from this on subsequent checks or
> does it stay stuck in this state ?

yep, conf include.
issue no seen without check (but without traffic)

Manu

global
    user haproxy
    group haproxy
    daemon

    # for master-worker (-W)
    stats socket /var/run/haproxy_ssl.sock expose-fd listeners
    nbthread 8

    log /dev/log daemon warning
    log /dev/log local0

    tune.ssl.cachesize 200000
    tune.ssl.lifetime 5m
    
    ssl-default-bind-options no-sslv3
    ssl-default-bind-ciphers 
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA
    

defaults
    log global
    log-tag "haproxy_ssl"
    option dontlognull
    maxconn 40000
    timeout connect 500ms
    source 0.0.0.0
    
    timeout client 207s
    retries 3
    timeout server 207s

listen tls

    mode tcp
    bind 127.0.0.1:463,X.Y.Z.B:463 accept-proxy ssl  tls-ticket-keys 
/var/lib/haproxy/ssl/tls_keys.cfg strict-sni crt-list 
/var/lib/haproxy/ssl/crtlist.cfg 

    log-format 'resumed:%[ssl_fc_is_resumed] cipher:%sslc tlsv:%sslv'

    balance roundrobin
    option allbackups
    fullconn 30000

    server L7_1 127.0.0.1:483 check send-proxy 

    server L7_2 X.Y.Z.C:483 check send-proxy backup

Reply via email to