Hi
We recently started seeing 100+ haproxy processes running. This is quite surprise and never saw this behaviour in the past. wondering what might caused this behaviour?
$ ps -ef | grep haproxy | wc -l
128
root 2888 21695 3 Feb11 ? 01:14:24 haproxy -W -db -f /usr/local/etc/haproxy/haproxy.cfg -sf 355 356 28 49 47 29 116 115 44 97 48 7 26 57 341 342 80 41 337 338 43 19 234 24 70 50 13 37 16 23 225 228 223 152 154 224 151 153 226 318 315 316 149 142 150 312 147 35 36 145 69 141 303 304 31 61 299 14 205 146 295 296 293 294 291 292 289 137 138 288 25 59 283 284 281 282 279 280 134 133 129 132 196 130 191 128 187 127 27 192 265 131 263 264 186 185 183 188 257 184 255 20 8 52 119
root 2889 21695 3 Feb11 ? 01:06:51 haproxy -W -db -f /usr/local/etc/haproxy/haproxy.cfg -sf 355 356 28 49 47 29 116 115 44 97 48 7 26 57 341 342 80 41 337 338 43 19 234 24 70 50 13 37 16 23 225 228 223 152 154 224 151 153 226 318 315 316 149 142 150 312 147 35 36 145 69 141 303 304 31 61 299 14 205 146 295 296 293 294 291 292 289 137 138 288 25 59 283 284 281 282 279 280 134 133 129 132 196 130 191 128 187 127 27 192 265 131 263 264 186 185 183 188 257 184 255 20 8 52 119
root 2929 21695 0 Feb06 ? 00:08:55 haproxy -W -db -f /usr/local/etc/haproxy/haproxy.cfg -sf 143 144 141 142 61 31 137 138 25 59 133 134 131 132 129 130 127 128 27 57 20 8 52 29 119 7 49 47 115 116 80 28 48 26 24 43 41 23 44 50 69 13 16 70 37 19 97 35 36 14
root 2930 21695 0 Feb06 ? 00:09:22 haproxy -W -db -f /usr/local/etc/haproxy/haproxy.cfg -sf 143 144 141 142 61 31 137 138 25 59 133 134 131 132 129 130 127 128 27 57 20 8 52 29 119 7 49 47 115 116 80 28 48 26 24 43 41 23 44 50 69 13 16 70 37 19 97 35 36 14
root 3423 21695 3 Feb02 ? 09:06:39 haproxy -W -db -f /usr/local/etc/haproxy/haproxy.cfg -sf 17 18 15 16 13 14 8 7
root 3424 21695 4 Feb02 ? 10:31:45 haproxy -W -db -f /usr/local/etc/haproxy/haproxy.cfg -sf 17 18 15 16 13 14 8 7
root 3894 21695 0 Feb08 ? 00:18:43 haproxy -W -db -f /usr/local/etc/haproxy/haproxy.cfg -sf 289 290 287 288 25 59 283 284 281 282 279 280 134 133 129 132 196 130 191 128 187 127 27 192 265 131 263 264 186 185 183 188 257 184 255 20 8 52 119 57 7 29 47 115 116 49 44 28 97 48 26 80 41 23 19 37 43 234 24 70 50 13 16 228 225 226 223 224 154 152 153 151 142 149 150 147 35 145 36 69 141 14 31 61 205 146 137 138
Donât understand what is numbers attached to processes after -sf? never saw these numbers in our environment so far.
global
daemon
pidfile /var/run/haproxy-ssl.pid
log 127.0.0.1 local0 info
log 127.0.0.1 local1 notice
maxconn 20000
stats socket /var/run/haproxy-ssl.stat mode 600 level admin
stats timeout 2m
nbproc 2
ca-base /opt/haproxy/ssl/ca/
tune.ssl.default-dh-param 2048
ssl-default-bind-options no-sslv3
ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
defaults
log global
stats enable
mode http
option forwardfor except 127.0.0.0/8
option dontlognull
option httplog clf
balance roundrobin
retries 3
maxconn 20000
timeout http-keep-alive 60s
timeout client 10m
timeout server 10m
timeout queue 1m
timeout connect 10s
timeout check 10s
timeout http-request 10s
errorfile 503 /opt/haproxy/errors/503.html
errorfile 400 /opt/haproxy/errors/400.html
errorfile 403 /opt/haproxy/errors/403.html
errorfile 500 /opt/haproxy/errors/500.html
errorfile 502 /opt/haproxy/errors/502.html
errorfile 504 /opt/haproxy/errors/504.html
errorfile 408 /dev/null
frontend ssl_server
mode http
# Redirect routes from 80 to 443 (in case they try to come in on http://)
bind *:80
# Disable TLS v1.0 for CAE-2676
bind *:443 ssl no-tlsv10 crt /opt/haproxy/ssl/certs alpn h2,http/1.1
monitor-uri /proxy.html
log-format [%pid]\ [%Ts.%ms]\ %ac/%fc/%bc/%bq/%sc/%sq/%rc\ %Tq/%Tw/%Tc/%Tr/%Tt\ %tsc\ %ci:%cp\ %fi:%fp\ %si:%sp\ %ft\ %sslc\ %sslv\ %{+Q}r\ %ST\ %b:%s\ â%CCâ\ â%hrâ\ â%CSâ\ â%hsâ\ req_size=%U\ resp_size=%B
unique-id-format %{+X}o\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid
unique-id-header X-Unique-ID
Redirect routes from 80 to 443 (in case they try to come in on http://)
redirect scheme https code 308 if !{ ssl_fc }
default_backend apache_rp
backend apache_rp
default-server maxconn 3200 inter 2s fall 1 rise 3
server RP_0 server1:443 check ssl verify none
server RP_1 server2:443 check ssl verify none
server RP_2 server3:443 check ssl verify none
listen stats
bind *:8000
mode http
stats enable
stats hide-versio
The only changes recently we made was to enable http 2 support and nbproc to 2
Out of 16 GB memory, HAPROXY consuming 12 GB and that is surprise.
$ ps -eo rss,command --sort -size | grep haproxy | awk â{ hr=$1/1024 ; sum +=hr} END {print sum}â
15352.9
any idea what is happening here ? really appreciate for any pointers