Going into the maintenance in multi-process mode does not work?


#1

Hi, community.

We are using haproxy-1.6.6 with ssl option on CentOS 7.2 and the multi-process mode is on (nbproc 20). When we put a server into maintenance mode by disabling it through CLI, we found the server kept getting requests while it properly works in non-multi-process mode.

We tried to disable the server through all the sockets, to no avail. There is no persist option, either. Is this supposed to work in the multi-process mode in the fist place? Upgrading to haproxy-1.6.9 didn’t fix our problem.

Here goes the gist of configuration:
global
log 127.0.0.1 local0 debug
maxconn 8000
maxsslconn 4096
chroot /usr/share/haproxy
uid 99
gid 99
daemon
debug
tune.ssl.default-dh-param 2048
stats socket /tmp/haproxy level admin process 1
stats socket /tmp/haproxy-monitor mode 777 level user process 1
stats socket /tmp/haproxy2 level admin process 2
stats socket /tmp/haproxy3 level admin process 3
stats socket /tmp/haproxy4 level admin process 4
stats socket /tmp/haproxy5 level admin process 5
stats socket /tmp/haproxy6 level admin process 6
stats socket /tmp/haproxy7 level admin process 7
stats socket /tmp/haproxy8 level admin process 8
stats socket /tmp/haproxy9 level admin process 9
stats socket /tmp/haproxy10 level admin process 10
stats socket /tmp/haproxy11 level admin process 11
stats socket /tmp/haproxy12 level admin process 12
stats socket /tmp/haproxy13 level admin process 13
stats socket /tmp/haproxy14 level admin process 14
stats socket /tmp/haproxy15 level admin process 15
stats socket /tmp/haproxy16 level admin process 16
stats socket /tmp/haproxy17 level admin process 17
stats socket /tmp/haproxy18 level admin process 18
stats socket /tmp/haproxy19 level admin process 19
stats socket /tmp/haproxy20 level admin process 20
ssl-default-bind-options no-sslv3
nbproc 20
stats bind-process 20

defaults
log global
mode http
balance leastconn
retries 3
option httplog
option dontlognull
option forwardfor
option redispatch
timeout connect 5s
timeout client 310s
timeout server 310s

frontend www-front
bind 10.24.244.132:443,10.24.244.133:443,10.34.243.132:443,10.34.243.133:443 ssl crt /etc/haproxy/certs/www.pem
default_backend www-end

backend www-end
no log
option httpchk GET /hc/healthcheck.html
http-check expect string CHECK_HEALTH_CHECK_HTML
compression algo gzip
compression type text/html text/plain text/css text/javascript
cookie line0 insert nocache indirect
server 001-101 p1-genesis-front001e:8001 check inter 10s rise 3 fall 3 cookie p1-fr001-101
server 001-102 p1-genesis-front001e:8002 check inter 10s rise 3 fall 3 cookie p1-fr001-102
server 001-201 p1-genesis-front001e:8011 check inter 10s rise 3 fall 3 cookie p1-fr001-201
server 001-202 p1-genesis-front001e:8012 check inter 10s rise 3 fall 3 cookie p1-fr001-202
server 002-101 p1-genesis-front002e:8001 check inter 10s rise 3 fall 3 cookie p1-fr002-101
server 002-102 p1-genesis-front002e:8002 check inter 10s rise 3 fall 3 cookie p1-fr002-102
server 002-201 p1-genesis-front002e:8011 check inter 10s rise 3 fall 3 cookie p1-fr002-201
server 002-202 p1-genesis-front002e:8012 check inter 10s rise 3 fall 3 cookie p1-fr002-202
server 003-101 p1-genesis-front003e:8001 check inter 10s rise 3 fall 3 cookie p1-fr003-101
server 003-102 p1-genesis-front003e:8002 check inter 10s rise 3 fall 3 cookie p1-fr003-102
server 003-201 p1-genesis-front003e:8011 check inter 10s rise 3 fall 3 cookie p1-fr003-201
server 003-202 p1-genesis-front003e:8012 check inter 10s rise 3 fall 3 cookie p1-fr003-202
server 004-101 p1-genesis-front004e:8001 check inter 10s rise 3 fall 3 cookie p1-fr004-101
server 004-102 p1-genesis-front004e:8002 check inter 10s rise 3 fall 3 cookie p1-fr004-102
server 004-201 p1-genesis-front004e:8011 check inter 10s rise 3 fall 3 cookie p1-fr004-201
server 004-202 p1-genesis-front004e:8012 check inter 10s rise 3 fall 3 cookie p1-fr004-202
server 005-101 p1-genesis-front005e:8001 check inter 10s rise 3 fall 3 cookie p1-fr005-101
server 005-102 p1-genesis-front005e:8002 check inter 10s rise 3 fall 3 cookie p1-fr005-102
server 005-201 p1-genesis-front005e:8011 check inter 10s rise 3 fall 3 cookie p1-fr005-201
server 005-202 p1-genesis-front005e:8012 check inter 10s rise 3 fall 3 cookie p1-fr005-202
server 006-101 p1-genesis-front006e:8001 check inter 10s rise 3 fall 3 cookie p1-fr006-101
server 006-102 p1-genesis-front006e:8002 check inter 10s rise 3 fall 3 cookie p1-fr006-102
server 006-201 p1-genesis-front006e:8011 check inter 10s rise 3 fall 3 cookie p1-fr006-201
server 006-202 p1-genesis-front006e:8012 check inter 10s rise 3 fall 3 cookie p1-fr006-202
server 007-101 p1-genesis-front007e:8001 check inter 10s rise 3 fall 3 cookie p1-fr007-101
server 007-102 p1-genesis-front007e:8002 check inter 10s rise 3 fall 3 cookie p1-fr007-102
server 007-201 p1-genesis-front007e:8011 check inter 10s rise 3 fall 3 cookie p1-fr007-201
server 007-202 p1-genesis-front007e:8012 check inter 10s rise 3 fall 3 cookie p1-fr007-202
server 008-101 p1-genesis-front008e:8001 check inter 10s rise 3 fall 3 cookie p1-fr008-101
server 008-102 p1-genesis-front008e:8002 check inter 10s rise 3 fall 3 cookie p1-fr008-102
server 008-201 p1-genesis-front008e:8011 check inter 10s rise 3 fall 3 cookie p1-fr008-201
server 008-202 p1-genesis-front008e:8012 check inter 10s rise 3 fall 3 cookie p1-fr008-202

Thanks.


#2

Works… but you need to reach each stats process, and put in maintenance. Some like this:

listen stats1
    mode http
    bind :9001
    bind-process 1
    stats enable
    stats uri /haproxy_stats
    stats auth admin:xxx
    stats admin if TRUE

listen stats2
    mode http
    bind :9002
    bind-process 2
    stats enable
    stats uri /haproxy_stats
    stats auth admin:xxx
    stats admin if TRUE