git.ipfire.org Git - thirdparty/haproxy.git/commit

author	Baptiste Assmann <bedis9@gmail.com>
	Thu, 1 Mar 2018 20:49:01 +0000 (21:49 +0100)
committer	Willy Tarreau <w@1wt.eu>
	Mon, 19 Mar 2018 12:53:59 +0000 (13:53 +0100)
commit	248f1173f272b10bf7ed2aa7061bfafd34160f70
tree	bf89702496bf44f370dada65a739400d9e25d87f	tree
parent	2986c0db88bdbe15c2e3b65cb45c44dba53dc811	commit \| diff

BUG/MEDIUM: tcp-check: single connect rule can't detect DOWN servers

When tcpcheck is used to do TCP port monitoring only and the script is
composed by a single "tcp-check connect" rule (whatever port and ssl
options enabled), then the server can't be seen as DOWN.
Simple configuration to reproduce:

  backend b
    [...]
    option tcp-check
    tcp-check connect
    server s1 127.0.0.1:22 check

The main reason for this issue is that the piece of code which validates
that we're not at the end of the chained list (of rules) prevents
executing the validation of the establishment of the TCP connection.
Since validation is not executed, the rule is terminated and the report
says no errors were encountered, hence the server is UP all the time.

The workaround is simple: move the connection validation outsied the
CONNECT rule processing loop, into the main function.
That way, if the connection status is not CONNECTED, then HAProxy will
now add more time to wait for it. If the time is expired, an error is
now well reported.

Backport status: 1.8