Search code examples
postgresqltcpsysloghaproxy

HAProxy not returning error in TCP mode

I have HAProxy routing to a list of PostgreSQL machines. When a host has PostgreSQL turned on, I can successfully connect using the line below. With PostgreSQL off on all hosts, I am expecting to see an error message from HAProxy, something along the lines of 'Connection refused', but not seeing anything... Here is my example config:

global

    log             127.0.0.1 local4 debug
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

defaults
    mode                    tcp
    log                     global
    option                  tcplog
    option                  dontlognull
    option                  redispatch
    retries                 3
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout check           10s
    maxconn                 3000

frontend cluster01
    bind *:33300
    mode tcp
    option tcplog
    default_backend cluster01

backend cluster01
    mode tcp
    option tcplog
    balance     roundrobin
    server host1 <host ip>:5432 check
    server host2 <host ip>:5432 check

Here is the command I am attempting to execute:

psql -U postgres -d <dbname> -p 33300 -h 127.0.0.1

Here is the 'response':

psql:

Here is the entry in syslog:

2014-05-28T21:17:15.486474+00:00 localhost.localdomain [info] haproxy[28503]: 127.0.0.1:58014 [28/May/2014:21:16:55.170] cluster01 cluster01/<NOSRV> -1/-1/0 0 SC 0/0/0/0/0 0/0

Two questions:

  1. Does my configuration look ok for logging errors?

  2. Does HAProxy support personalized error messages for TCP connections? I notice that upon particular HTTP response codes, HAProxy supports errorfile entries, but I see no such mention of this for anything related to TCP... am I wrong?

Any questions don't hesitate to ask

Solution

  • Your error was properly logged : "SC" flags mean that it failed to establish a server connection, and as the server name also implies that the connection was not delivered to any server. That's typically because your servers are down (or at least are seen as down by the check you have enabled).

    It is not possible (nor desirable) to send anything back in case of connection failure, as there's an almost infinite list of TCP-based protocols, all incompatible and many of them do not even expect a response to indicate an error. Instead haproxy tries to mimmick what it experiences on the other side, and even tries to send a reset to the client if it gets one from the server, though there is no way to guarantee that it will be delivered this way.