HAProxy fails to start if backend server names don't resolve

Help!
21

Well the address cannot be resolved:

[WARNING] 304/124345 (8) : parsing [/usr/local/etc/haproxy/haproxy.cfg:39] : ‘server q1’ : could not resolve address ‘gporev-queue1’, disabling server.
gporev_gporev-queue.1.9umcjoy7k86e@c3cueat2 | [WARNING] 304/124345 (8) : parsing [/usr/local/etc/haproxy/haproxy.cfg:40] : ‘server q2’ : could not resolve address ‘gporev-queue2’, disabling server.
gporev_gporev-queue.1.9umcjoy7k86e@c3cueat2 | [WARNING] 304/124345 (8) : parsing [/usr/local/etc/haproxy/haproxy.cfg:41] : ‘server q3’ : could not resolve address ‘gporev-queue3’, disabling server.

If you want to disable libc resolution completely, set init-addr to none:
default-server init-addr none

22

right, because the docker container at that address isn’t up yet, and docker engine hasn’t created the dns entry. It comes up 30-60 seconds later, but at that point haproxy is no longer trying to connect :frowning: becuase it has disabled the server.

I think in a container worlds this is a common scenario: haproxy comes up before other servers in a docker engine, unable to resolve dns, other servers come up, haproxy needs to try to resolve dns again instead of disabling server?

23

Right, that’s exactly why we have init-addr and runtime dns resolution in haproxy 1.7.

Can you share your configuration, so I can see what’s wrong?

24

Sure, love to have a second set of eyes on it…

global
      log /dev/log local0 debug
      log-send-hostname
      debug
      maxconn 4096
      pidfile /var/run/haproxy.pid
      daemon
      stats socket /var/run/haproxy.stats level admin
      ssl-default-bind-options no-sslv3
      ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE
    defaults
      balance roundrobin
      log global
      mode tcp
      option redispatch
      option httplog
      option dontlognull
      timeout connect 5000
      timeout client 50000
      timeout server 50000
      default-server init-addr last,libc
      retries 999
    listen stats
      bind :1936
      mode http
      stats enable
      timeout connect 10s
      timeout client 1m
      timeout server 1m
      stats hide-version
      stats realm Haproxy\ Statistics
      stats uri /
      stats auth stats:stats
    listen gporev-queue
      mode tcp
      option tcplog
      bind :5672
      balance roundrobin
      server q1 gporev-queue1:5672 check fall 3 rise 2
      server q2 gporev-queue2:5672 check fall 3 rise 2
      server q3 gporev-queue3:5672 check fall 3 rise 2
25

Hi,

Where is your resolvers section?
You need one which points to your docker DNS server and add the resolvers
keyword on the server line.

Baptiste

26

Just upgrading to haproxy 1.7 is not enough. You do have to configure the resolver (and health checks).

Take a look at the documentation, section 5.3 about the resolver [1] or at least read the previous posts in this thread.

[1] https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#5.3

27

I added resolver but it didn’t change anything. When haproxy comes up it cannot resolve the server names (because they don’t exist yet) and it does not seem to try again.

resolvers docker_resolver
    nameserver dns 127.0.0.11:53
28

And did you reference docker_resolver somewhere or did you just define it?