Hi there,

From the configuration snippet, I see you have "inter 12000" (12 seconds between health checks), and "fall 3" configured. This means that HAProxy will not consider the backend member failed until after roughly 36 seconds. Because of that "fall 3" (which is also the default) configuration, HAProxy will consider the member "up", even though it may not be, during this 36 second window.

Maybe this is the behavior you are observing?

Michael

On Tue, Feb 20, 2024 at 8:50 AM Gk Gk <ygk.kmr@gmail.com> wrote:

Hi,

We have the latest version of openstack setup. The rabbitmq backend health check is getting successful even though the curl to its ssl url is failing as shown below:

----

backend rabbitmq_mgmt-back
mode http
balance leastconn
stick-table type ipv6 size 256k expire 10s store http_err_rate(10s)
http-request track-sc0 src
http-request deny deny_status 429 if { sc_http_err_rate(0) gt 20 } !{ src 192.168.0.0/16 } !{ src 172.16.0.0/12 } !{ src 10.0.0.0/8 }
option forwardfor
option httpchk HEAD / HTTP/1.0\r\nUser-agent:\ osa-haproxy-healthcheck

server rabbit_mq_container-527affef <ip>:15671 check port 15671 inter 12000 rise 3 fall 3 ssl check-ssl verify none
server rabbit_mq_container-68b39094 <IP>:15671 check port 15671 inter 12000 rise 3 fall 3 ssl check-ssl verify none
server rabbit_mq_container-83661288 <IP>:15671 check port 15671 inter 12000 rise 3 fall 3 ssl check-ssl verify none

------

But the ssl curl to its ip and port 15671 is failing:
1
2
3
4
5
6
7
 curl -vvv 172.21.152.187:15671
*   Trying 172.21.152.187:15671...
* TCP_NODELAY set
* connect to 172.21.152.187 port 15671 failed: Connection refused
* Failed to connect to 172.21.152.187 port 15671: Connection refused
* Closing connection 0
curl: (7) Failed to connect to 172.21.152.187 port 15671: Connection refused
How then, the haproxy is still able to detect it as green and status ok in the haproxy stats page ?