Re: Truncated health check response from real servers

On 2010-02-11 15:29, Nick Chalk wrote:
> Hello Willy.
>
> On 11 February 2010 05:21, Willy Tarreau<w#1wt.eu> wrote:
>> On Wed, Feb 10, 2010 at 10:56:14PM +0000, Nick Chalk wrote:
>>> I believe so, following Cyril Bonté's suggestions last week. I'm still
>>> testing it, though.
>> OK, we talked with Cyril about all the issues in this patch, so it's
>> possible that you both finally got it right !
>
> Please don't expect a complete solution! All I've done so far is
> slightly modified the patch's checking code, not the configuration
> parameters.
>
>>> 2010/2/10 Krzysztof Ol??dzki<ole#ans.pl>:
>>>> Yep, it is worth to try it, but it is still a dirty fix. I have idea how to
>>>> make it right, but haven't been able to find time to do it, yet.
>>>
>>> Thanks - I'll try that tomorrow, and report my findings.
>
> With an increase in the minimum response length, that patch solves the
> problem. The code now detects an incomplete response, and retries
> until it has the complete page.
>
> Krzysztof, could you describe your idea for a clean fix? I'm working
> through the rc1 code, but I'm still some way from understanding the
> checking system.

There are several issues with the fix:

• we need to check if connection is not closed, as it is pointless to use MSG_PEEK and restarting such check if there is no more data we are able to read
• some servers return empty description so increasing minimum response length prevents haproxy from accepting such checks. Of course, if you are not using such server, it should be safe to do it in your locally patched version, but we mustn't do it on a public version.
• it may interfere with other, non http checks.

Long term we should implement the Willy's idea and merge http session processing and http checks, but for now I'll try to fix it in 1.4 with respect to mentioned above problems.

Best regards,

                        Krzysztof Olędzki Received on 2010/02/12 17:47