Hi there, From the configuration snippet, I see you have "inter 12000" (12 seconds between health checks), and "fall 3" configured. This means that HAProxy will not consider the backend member failed until after roughly 36 seconds. Because of that "fall 3" (which is also the default) configuration, HAProxy will consider the member "up", even though it may not be, during this 36 second window. Maybe this is the behavior you are observing? Michael On Tue, Feb 20, 2024 at 8:50 AM Gk Gk <ygk.kmr@gmail.com> wrote:
Hi,
We have the latest version of openstack setup. The rabbitmq backend health check is getting successful even though the curl to its ssl url is failing as shown below:
----
backend rabbitmq_mgmt-back mode http balance leastconn stick-table type ipv6 size 256k expire 10s store http_err_rate(10s) http-request track-sc0 src http-request deny deny_status 429 if { sc_http_err_rate(0) gt 20 } !{ src 192.168.0.0/16 } !{ src 172.16.0.0/12 } !{ src 10.0.0.0/8 } option forwardfor option httpchk HEAD / HTTP/1.0\r\nUser-agent:\ osa-haproxy-healthcheck
server rabbit_mq_container-527affef <ip>:15671 check port 15671 inter 12000 rise 3 fall 3 ssl check-ssl verify none server rabbit_mq_container-68b39094 <IP>:15671 check port 15671 inter 12000 rise 3 fall 3 ssl check-ssl verify none server rabbit_mq_container-83661288 <IP>:15671 check port 15671 inter 12000 rise 3 fall 3 ssl check-ssl verify none
------
But the ssl curl to its ip and port 15671 is failing:
1234567
curl -vvv 172.21.152.187:15671 * Trying 172.21.152.187:15671... * TCP_NODELAY set * connect to 172.21.152.187 port 15671 failed: Connection refused * Failed to connect to 172.21.152.187 port 15671: Connection refused * Closing connection 0 curl: (7) Failed to connect to 172.21.152.187 port 15671: Connection refused
How then, the haproxy is still able to detect it as green and status ok in the haproxy stats page ?