Possible bug with the prometheus exporter in HAProxy 2.0.1

I have recently installed a HAProxy 2.0.1, but have been experiencing a strange problem where the CPU is maxed out after a little while.

I have tracked the problem down to the build-in prometheus exporter that doesn’t close the connection properly leaving it in CLOSE_WAIT after each hit to /metrics.
After a while it runs out of connections, stops serving requests and maxes out the CPU.

Here is my “stats” config:

frontend stats
    bind *:8404
    option http-use-htx
    http-request use-service prometheus-exporter if { path /metrics }
    stats enable
    stats uri /stats
    stats refresh 10s

haproxy -vv:

HA-Proxy version 2.0.1-1ppa1~bionic 2019/06/27 - https://haproxy.org/
Build options :                                                                                                                                                    [0/137]
TARGET  = linux-glibc
CPU     = generic
CC      = gcc
CFLAGS  = -O2 -g -O2 -fdebug-prefix-map=/build/haproxy-O7_wB6/haproxy-2.0.1=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2
-fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -Wno-format-truncation -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-old-style-declaration -Wn
o-ignored-qualifiers -Wno-clobbered -Wno-missing-field-initializers -Wno-implicit-fallthrough -Wno-stringop-overflow -Wtype-limits -Wshift-negative-value -Wshift-overflow
=2 -Wduplicated-cond -Wnull-dereference


Default settings :
bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Built with multi-threading support (MAX_THREADS=64, default=2).
Built with OpenSSL version : OpenSSL 1.1.1  11 Sep 2018
Running on OpenSSL version : OpenSSL 1.1.1  11 Sep 2018
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3
Built with Lua version : Lua 5.3.3
Built with network namespace support.
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Built with zlib version : 1.2.11
Running on zlib version : 1.2.11
Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with PCRE2 version : 10.31 2018-02-12
PCRE2 library supports JIT : yes
Encrypted password support via crypt(3): yes
Built with the Prometheus exporter as a service

Available polling systems :
    epoll : pref=300,  test result OK
    poll : pref=200,  test result OK
    select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.

Available multiplexer protocols :
(protocols marked as <default> cannot be specified using 'proto' keyword)
            h2 : mode=HTX        side=FE|BE     mux=H2
            h2 : mode=HTTP       side=FE        mux=H2
    <default> : mode=HTX        side=FE|BE     mux=H1
    <default> : mode=TCP|HTTP   side=FE|BE     mux=PASS

Available services :

Available filters :
        [SPOE] spoe
        [COMP] compression
        [CACHE] cache
        [TRACE] trace
1 Like

There are tons of bugs in 2.0.1 that are fixed in the git-tree. I suggest you either wait for 2.0.2 or compile haproxy yourself from the 2.0 git tree or the current snapshot tarballs.

edit: the prometheus issue specifically was also fixed: