Backend server in haproxy online, in real switched off


#1

Hello,

i got a strange problem, but maybe i’m misunderstanding the hole situation.
as you can see in my config, there’re 9 rdp backend servers, but in real there are only 5 off them switched on. the last 4 will be installed in future.

in haproxy the status for these rdp servers is “L7OK/0 in 0ms” ´; up and running, displayed in the attachment pic.
any idea whats wrong with my config?

best regards

Julian

frontend ft_rdp
mode tcp
bind 10.1.0.4:3389 name rdp
timeout client 1h
log global
option tcplog
tcp-request inspect-delay 2s
tcp-request content accept if RDP_COOKIE
#tcp-request content reject if { req_ssl_hello_type 1 }
default_backend bk_rdp

backend bk_rdp
mode tcp
balance leastconn
persist rdp-cookie
timeout server 1h
timeout connect 20s
log global
option tcplog
option tcp-check
tcp-check connect port 3389
server SRV-TS01 10.1.0.51:3389 weight 100 check agent-check agent-port 3333 inter 2000 rise 2 fall 3 minconn 0 maxconn 0 on-marked-down shutdown-sessions
server SRV-TS02 10.1.0.52:3389 weight 100 check agent-check agent-port 3333 inter 2000 rise 2 fall 3 minconn 0 maxconn 0 on-marked-down shutdown-sessions
server SRV-TS03 10.1.0.53:3389 weight 100 check agent-check agent-port 3333 inter 2000 rise 2 fall 3 minconn 0 maxconn 0 on-marked-down shutdown-sessions
server SRV-TS04 10.1.0.54:3389 weight 100 check agent-check agent-port 3333 inter 2000 rise 2 fall 3 minconn 0 maxconn 0 on-marked-down shutdown-sessions
server SRV-TS05 10.1.0.55:3389 weight 100 check agent-check agent-port 3333 inter 2000 rise 2 fall 3 minconn 0 maxconn 0 on-marked-down shutdown-sessions
server SRV-TS06 10.1.0.56:3389 weight 100 check agent-check agent-port 3333 inter 2000 rise 2 fall 3 minconn 0 maxconn 0 on-marked-down shutdown-sessions
server SRV-TS07 10.1.0.57:3389 weight 100 check agent-check agent-port 3333 inter 2000 rise 2 fall 3 minconn 0 maxconn 0 on-marked-down shutdown-sessions
server SRV-TS08 10.1.0.58:3389 weight 100 check agent-check agent-port 3333 inter 2000 rise 2 fall 3 minconn 0 maxconn 0 on-marked-down shutdown-sessions
server SRV-TS09 10.1.0.59:3389 weight 100 check agent-check agent-port 3333 inter 2000 rise 2 fall 3 minconn 0 maxconn 0 on-marked-down shutdown-sessions
option redispatch


#2

You didn’t configure the check keyword, so haproxy only relies on the agent-check.

Read:
https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#check
https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#5.2-agent-check


#3

i tried a check like this one:

option tcp-check
tcp-check connect port 3389
default-server inter 3s rise 2 fall 3
server SRV-TS01 10.1.0.51:3389 weight 10 check

but the server was still available, even if the server is offline. strange thing


#4

I’d suggest you try removing these, which are unnecessary:

option tcp-check
tcp-check connect port 3389

#5

to clarify - unnecessary because this is the default behaviour if you only specific the “check” keyword on the server, correct?


#6

this looks like a problem with the agent-checks, I’d try removing these temporarily, confirm the behaviour is as you expect when just using a basic TCP check. Then if needed, reintroduce the agent checks and investigate any errors


#7

Thank you, you suggested right.

i changed my config to this:

mode tcp
balance leastconn
persist rdp-cookie
timeout server 1h
timeout connect 4s
log global
option tcplog
default-server inter 3s fall 3 rise 2
server SRV-TS01 10.1.0.51:3389 weight 100 check port 3389 verify none agent-check agent-port 3333 minconn 0 maxconn 0 on-marked-down shutdown-sessions

everything work as expected. thank you.


#8

@aidofitz My understanding is that option tcp-check requires a command list of send/expect sequences, which were not provided leading to odd behaviour and which I don’t think @mavnezz needed or wanted.


#9

Great, you’re welcome.