Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Election triggered every minute #1150

Closed
evanccnyc opened this issue Aug 3, 2015 · 11 comments
Closed

Election triggered every minute #1150

evanccnyc opened this issue Aug 3, 2015 · 11 comments

Comments

@evanccnyc
Copy link

Hi there,

We have a 3 node consul cluster on AWS (1 server in us-east-1e, us-east-1d, and us-east-1c). And they constantly flap, every minute or so we get the log below. The systems are not under heavy load and have subsecond connection between them.

2015/08/03 20:20:41 [ERR] yamux: Failed to write header: use of closed network connection
    2015/08/03 20:21:12 [WARN] raft: Failed to contact 10.0.128.6:8300 in 1.206230169s
    2015/08/03 20:21:12 [WARN] raft: Failed to contact 10.0.0.6:8300 in 1.225785077s
    2015/08/03 20:21:12 [WARN] raft: Failed to contact quorum of nodes, stepping down
    2015/08/03 20:21:12 [INFO] raft: Node at 10.0.64.6:8300 [Follower] entering Follower state
    2015/08/03 20:21:12 [INFO] raft: aborting pipeline replication to peer 10.0.0.6:8300
    2015/08/03 20:21:12 [INFO] raft: aborting pipeline replication to peer 10.0.128.6:8300
    2015/08/03 20:21:12 [ERR] consul: failed to wait for barrier: node is not the leader
    2015/08/03 20:21:12 [INFO] consul: cluster leadership lost
    2015/08/03 20:21:12 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:12 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:12 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:12 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:12 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:12 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:12 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:12 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:12 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:12 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:12 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:12 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:13 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:13 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:13 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:13 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:13 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:13 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:13 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:13 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:13 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:13 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:13 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:13 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:13 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:13 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:13 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:13 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:13 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:13 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:13 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:13 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:13 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:13 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:13 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:13 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:13 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:13 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:13 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:13 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:13 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:13 [WARN] raft: Heartbeat timeout reached, starting election
    2015/08/03 20:21:13 [INFO] raft: Node at 10.0.64.6:8300 [Candidate] entering Candidate state
    2015/08/03 20:21:13 [INFO] raft: Duplicate RequestVote for same term: 262
    2015/08/03 20:21:14 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:14 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:14 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:14 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:14 [ERR] dns: rpc error: No cluster leader
    2015/08/03 20:21:14 [INFO] raft: Duplicate RequestVote for same term: 262
    2015/08/03 20:21:15 [INFO] raft: Node at 10.0.64.6:8300 [Follower] entering Follower state
    2015/08/03 20:21:15 [INFO] consul: New leader elected: consul-us-east-1e
    2015/08/03 20:21:47 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:21:47 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:21:47 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:21:47 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:21:47 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:21:47 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:21:47 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:21:47 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:21:47 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:21:47 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:21:47 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:21:47 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:21:47 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:21:47 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:21:47 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:21:47 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:21:47 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:21:47 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:21:47 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:21:47 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:21:47 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:21:47 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:21:47 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:21:47 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:21:47 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:21:47 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:21:47 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:21:47 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:21:47 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:21:47 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:21:47 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:21:47 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:21:47 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:21:48 [WARN] raft: Rejecting vote from 10.0.0.6:8300 since we have a leader: 10.0.128.6:8300
    2015/08/03 20:21:48 [INFO] consul: New leader elected: consul-us-east-1c
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:03 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:04 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:04 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:04 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:04 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:04 [ERR] dns: rpc error: rpc error: No cluster leader
    2015/08/03 20:22:04 [WARN] raft: Rejecting vote from 10.0.0.6:8300 since we have a leader: 10.0.0.6:8300
    2015/08/03 20:22:04 [WARN] raft: Rejecting vote from 10.0.128.6:8300 since we have a leader: 10.0.0.6:8300
    2015/08/03 20:22:05 [WARN] raft: Heartbeat timeout reached, starting election
    2015/08/03 20:22:05 [INFO] raft: Node at 10.0.64.6:8300 [Candidate] entering Candidate state
    2015/08/03 20:22:06 [INFO] raft: Node at 10.0.64.6:8300 [Follower] entering Follower state
    2015/08/03 20:22:06 [INFO] consul: New leader elected: consul-us-east-1c```
@armon
Copy link
Member

armon commented Aug 6, 2015

@evanccnyc Could you provide some more information? Specifically more of the following:

  • Consul configurations
  • Version
  • Deployment setup
  • Potentially relevant networking details
  • Debug level log traces
  • Telemetry output (SIGUSR1)

It is pretty hard to diagnose or understand the issue with the given information.

@evanccnyc
Copy link
Author

Unfortunately, it was our production consul cluster so we didnt have time to debug it much. We had to completely recycle the cluster in order to get it to work again.

We think it was related to consul-template, which we had deployed on a large number of nodes that may have made it unstable.

@slackpad
Copy link
Contributor

slackpad commented Aug 6, 2015

There's a similar issue in hashicorp/consul-template#331that's tracking performance issues when there are a large number of watches. Take a look at the linked thread that has some info about upcoming changes to make this better.

@evanccnyc
Copy link
Author

@slackpad That may well be it. It was our cluster that showed the elections as I said, I dont remember nodes leaving and joining every minute but they well could of been joining and leaving.

@armon More details, it was a 0.5.2 cluster with 3 nodes running m4.medium's one in each az zone. We rolled out consul-template to 100+ nodes and consul never recovered.

First thing we noticed was that one our nodes ran out of open files, consul had something like 5000+ open files when we ran lsof. Most of them looked like connections from clients requests the consul template data.

We recycled the node and turned off consul template but that node never seemed to recover, with the other nodes often complaining of timeouts to that one (500ms or more).

At that point we recycled the entire cluster and kept consul-template turned off, it appears stable.

The debug logs were not much help unfortunately, they showed little more than what we had above. Again, this broke a huge amount of things in our setup, so I grabbed what I could before completely redoing the cluster.

@armon
Copy link
Member

armon commented Aug 6, 2015

@evanccnyc Cool, this helps. CT is the likely culprit. Can you share the template that you rolled out? I want to just get a feel for how many depedencies / watchers it had.

@evanccnyc
Copy link
Author 

global
  log 127.0.0.1   local0 notice
  maxconn 2048
  #debug
  #quiet
  user haproxy
  group haproxy
  pidfile /var/run/haproxy/seatgeek_prod.pid
  stats socket /var/run/haproxy/seatgeek_prod.stats mode 777

defaults
  log     global
  mode    http
  retries 3
  option abortonclose
  option dontlognull
  option forwardfor
  option httpchk GET / HTTP/1.0
  option httpclose
  option redispatch
  timeout client 20s
  timeout connect 10s
  timeout http-request 10s
  timeout queue 60s
  timeout server 300s
  balance  roundrobin
  no option tcp-smart-accept
  errorfile 500 /etc/haproxy/500.http
  errorfile 502 /etc/haproxy/502.http
  errorfile 503 /etc/haproxy/503.http


frontend sg-prod-service :21100
  mode http
  option httplog
  errorfile 400 /etc/haproxy/400.json.http
  errorfile 403 /etc/haproxy/403.json.http
  errorfile 408 /etc/haproxy/408.json.http
  errorfile 500 /etc/haproxy/500.json.http
  errorfile 502 /etc/haproxy/502.json.http
  errorfile 503 /etc/haproxy/503.json.http
  errorfile 504 /etc/haproxy/504.json.http
  reqadd           via:service-14-04-i-af7a6152
  acl bypass path_beg -i /images /stylesheets /javascripts /css /js /favicon.ico
  default_backend    sg_prod_api_hosts

frontend sg-prod-service :28125
  mode http
  option httplog
  errorfile 400 /etc/haproxy/400.json.http
  errorfile 403 /etc/haproxy/403.json.http
  errorfile 408 /etc/haproxy/408.json.http
  errorfile 500 /etc/haproxy/500.json.http
  errorfile 502 /etc/haproxy/502.json.http
  errorfile 503 /etc/haproxy/503.json.http
  errorfile 504 /etc/haproxy/504.json.http
  reqadd           via:service-14-04-i-af7a6152
  acl bypass path_beg -i /images /stylesheets /javascripts /css /js /favicon.ico
  default_backend    sg_prod_service_hosts

frontend sg-prod-service :29200
  mode http
  option httplog
  reqadd           via:service-14-04-i-af7a6152
  acl bypass path_beg -i /images /stylesheets /javascripts /css /js /favicon.ico
  default_backend    sg_prod_service_hosts

frontend sg-prod-service :28083
  mode http
  option httplog
  reqadd           via:service-14-04-i-af7a6152
  acl bypass path_beg -i /images /stylesheets /javascripts /css /js /favicon.ico
  default_backend    sg_prod_service_hosts

frontend sg-prod-service :29845
  mode http
  option httplog
  reqadd           via:service-14-04-i-af7a6152
  acl bypass path_beg -i /images /stylesheets /javascripts /css /js /favicon.ico
  default_backend    sg_prod_service_hostsg_prod_service_hostss

frontend sg-prod-service :30700
  mode http
  option httplog
  reqadd           via:service-14-04-i-af7a6152
  acl bypass path_beg -i /images /stylesheets /javascripts /css /js /favicon.ico
  default_backend    sg_prod_service_hosts

frontend sg-prod-service :30800
  mode http
  option httplog
  reqadd           via:service-14-04-i-af7a6152
  acl bypass path_beg -i /images /stylesheets /javascripts /css /js /favicon.ico
  default_backend    sg_prod_service_hosts

frontend sg-prod-service :30600
  mode http
  option httplog
  reqadd           via:service-14-04-i-af7a6152
  acl bypass path_beg -i /images /stylesheets /javascripts /css /js /favicon.ico
  default_backend    sg_prod_service_hosts

frontend sg-prod-service :30200
  mode http
  option httplog
  reqadd           via:service-14-04-i-af7a6152
  acl bypass path_beg -i /images /stylesheets /javascripts /css /js /favicon.ico
  default_backend    sg_prod_service_hosts

frontend sg-prod-service :30300
  mode http
  option httplog
  reqadd           via:service-14-04-i-af7a6152
  acl bypass path_beg -i /images /stylesheets /javascripts /css /js /favicon.ico
  default_backend    sg_prod_service_hosts

frontend sg-prod-service :30400
  mode http
  option httplog
  reqadd           via:service-14-04-i-af7a6152
  acl bypass path_beg -i /images /stylesheets /javascripts /css /js /favicon.ico
  default_backend    sg_prod_service_hosts

frontend sg-prod-service :30450
  mode http
  option httplog
  reqadd           via:service-14-04-i-af7a6152
  acl bypass path_beg -i /images /stylesheets /javascripts /css /js /favicon.ico
  default_backend    sg_prod_service_hosts

frontend sg-prod-service :30500
  mode http
  option httplog
  reqadd           via:service-14-04-i-af7a6152
  acl bypass path_beg -i /images /stylesheets /javascripts /css /js /favicon.ico
  default_backend    sg_prod_service_hosts

frontend sg-prod-service :28000
  mode http
  option httplog
  reqadd           via:service-14-04-i-af7a6152
  acl bypass path_beg -i /images /stylesheets /javascripts /css /js /favicon.ico
  default_backend    sg_prod_service_hosts

frontend sg-prod-service :29250
  mode http
  option httplog
  reqadd           via:service-14-04-i-af7a6152
  acl bypass path_beg -i /images /stylesheets /javascripts /css /js /favicon.ico
  default_backend    sg_prod_service_hosts

frontend sg-prod-service :30000
  mode http
  option httplog
  reqadd           via:service-14-04-i-af7a6152
  acl bypass path_beg -i /images /stylesheets /javascripts /css /js /favicon.ico
  default_backend    sg_prod_service_hosts

frontend sg-prod-service :29275
  mode http
  option httplog
  reqadd           via:service-14-04-i-af7a6152
  acl bypass path_beg -i /images /stylesheets /javascripts /css /js /favicon.ico
  default_backend    sg_prod_service_hosts

frontend sg-prod-service :22500
  mode http
  option httplog
  reqadd           via:service-14-04-i-af7a6152
  acl bypass path_beg -i /images /stylesheets /javascripts /css /js /favicon.ico
  default_backend    sg_prod_service_hosts

frontend sg-prod-service :28400
  mode http
  option httplog
  reqadd           via:service-14-04-i-af7a6152
  acl bypass path_beg -i /images /stylesheets /javascripts /css /js /favicon.ico
  default_backend    sg_prod_service_hosts

frontend sg-prod-service :28450
  mode http
  option httplog
  reqadd           via:service-14-04-i-af7a6152
  acl bypass path_beg -i /images /stylesheets /javascripts /css /js /favicon.ico
  default_backend    sg_prod_service_hosts

frontend sg-prod-service :22200
  mode http
  option httplog
  reqadd           via:service-14-04-i-af7a6152
  acl bypass path_beg -i /images /stylesheets /javascripts /css /js /favicon.ico
  default_backend    sg_prod_service_hosts

frontend sg-prod-service :30100
  mode http
  option httplog
  reqadd           via:service-14-04-i-af7a6152
  acl bypass path_beg -i /images /stylesheets /javascripts /css /js /favicon.ico
  default_backend    sg_prod_service_hosts

frontend sg-prod-service :29225
  mode http
  option httplog
  reqadd           via:service-14-04-i-af7a6152
  acl bypass path_beg -i /images /stylesheets /javascripts /css /js /favicon.ico
  default_backend    sg_prod_service_hosts

frontend sg-prod-service :29800
  mode http
  option httplog
  reqadd           via:service-14-04-i-af7a6152
  acl bypass path_beg -i /images /stylesheets /javascripts /css /js /favicon.ico
  default_backend    sg_prod_service_hosts

frontend sg-prod-service :31100
  mode http
  option httplog
  reqadd           via:service-14-04-i-af7a6152
  acl bypass path_beg -i /images /stylesheets /javascripts /css /js /favicon.ico
  default_backend    sg_prod_service_hosts

frontend sg-prod-service :29400
  mode http
  option httplog
  reqadd           via:service-14-04-i-af7a6152
  acl bypass path_beg -i /images /stylesheets /javascripts /css /js /favicon.ico
  default_backend    sg_prod_service_hosts

frontend sg-staging-service :41100
  mode http
  option httplog
  errorfile 400 /etc/haproxy/400.json.http
  errorfile 403 /etc/haproxy/403.json.http
  errorfile 408 /etc/haproxy/408.json.http
  errorfile 500 /etc/haproxy/500.json.http
  errorfile 502 /etc/haproxy/502.json.http
  errorfile 503 /etc/haproxy/503.json.http
  errorfile 504 /etc/haproxy/504.json.http
  reqadd           via:service-14-04-i-af7a6152
  acl bypass path_beg -i /images /stylesheets /javascripts /css /js /favicon.ico
  default_backend    sg_staging_service_hosts

frontend sg-staging-service :49200
  mode http
  option httplog
  reqadd           via:service-14-04-i-af7a6152
  acl bypass path_beg -i /images /stylesheets /javascripts /css /js /favicon.ico
  default_backend    sg_staging_service_hosts

frontend sg-staging-service :48200
  mode http
  option httplog
  reqadd           via:service-14-04-i-af7a6152
  acl bypass path_beg -i /images /stylesheets /javascripts /css /js /favicon.ico
  default_backend    sg_staging_service_hosts

frontend sg-staging-service :50000
  mode http
  option httplog
  reqadd           via:service-14-04-i-af7a6152
  acl bypass path_beg -i /images /stylesheets /javascripts /css /js /favicon.ico
  default_backend    sg_staging_service_hosts

frontend sg-staging-service :42500
  mode http
  option httplog
  reqadd           via:service-14-04-i-af7a6152
  acl bypass path_beg -i /images /stylesheets /javascripts /css /js /favicon.ico
  default_backend    sg_staging_service_hosts

frontend sg-staging-service :42200
  mode http
  option httplog
  reqadd           via:service-14-04-i-af7a6152
  acl bypass path_beg -i /images /stylesheets /javascripts /css /js /favicon.ico
  default_backend    sg_staging_service_hosts

frontend sg-staging-service :49800
  mode http
  option httplog
  reqadd           via:service-14-04-i-af7a6152
  acl bypass path_beg -i /images /stylesheets /javascripts /css /js /favicon.ico
  default_backend    sg_staging_service_hosts

frontend sg-staging-service :51100
  mode http
  option httplog
  reqadd           via:service-14-04-i-af7a6152
  acl bypass path_beg -i /images /stylesheets /javascripts /css /js /favicon.ico
  default_backend    sg_staging_service_hosts

frontend sg-staging-service :49400
  mode http
  option httplog
  reqadd           via:service-14-04-i-af7a6152
  acl bypass path_beg -i /images /stylesheets /javascripts /css /js /favicon.ico
  default_backend    sg_staging_service_hosts


backend sg_prod_service_hosts
  option httpchk GET /_status HTTP/1.0
  http-check expect status 200
  balance roundrobin{{range service "service"}}
  server {{.Node}} {{.Address}}:{{.Port}} check inter 5000 fastinter 1000 maxconn 1024 slowstart 300s{{end}}

backend sg_prod_service_hosts
  http-check expect status 200
  balance roundrobin{{range service "service"}}
  server {{.Node}} {{.Address}}:{{.Port}} check inter 5000 fastinter 1000 maxconn 50 slowstart 300s{{end}}

backend sg_prod_service_hosts
  option httpchk GET /_status HTTP/1.0
  http-check expect status 200
  balance roundrobin{{range service "service"}}
  server {{.Node}} {{.Address}}:{{.Port}} check inter 5000 fastinter 1000 maxconn 1024 slowstart 300s{{end}}

backend sg_prod_service_hosts
  http-check expect status 200
  balance roundrobin{{range service "service"}}
  server {{.Node}} {{.Address}}:{{.Port}} check inter 5000 fastinter 1000 maxconn 1024{{end}}

backend sg_prod_service_hosts
  option httpchk GET /_status HTTP/1.0
  http-check expect status 200
  balance roundrobin{{range service "service"}}
  server {{.Node}} {{.Address}}:{{.Port}} check inter 5000 fastinter 1000 maxconn 1024{{end}}

backend sg_prod_service_hosts
  option httpchk GET /_status HTTP/1.0
  http-check expect status 200
  balance roundrobin{{range service "service"}}
  server {{.Node}} {{.Address}}:{{.Port}} check inter 5000 fastinter 1000 maxconn 1024{{end}}

backend sg_prod_service_hosts
  option httpchk GET /_status HTTP/1.0
  http-check expect status 200
  balance roundrobin{{range service "serviceservice"}}
  server {{.Node}} {{.Address}}:{{.Port}} check inter 5000 fastinter 1000 maxconn 1024{{end}}

backend sg_prod_service_hosts
  option httpchk GET /_status HTTP/1.0
  http-check expect status 200
  balance roundrobin{{range service "serviceservice"}}
  server {{.Node}} {{.Address}}:{{.Port}} check inter 5000 fastinter 1000 maxconn 1024{{end}}

backend sg_prod_service_hosts
  option httpchk GET /_status HTTP/1.0
  http-check expect status 200
  balance roundrobin{{range service "serviceservice"}}
  server {{.Node}} {{.Address}}:{{.Port}} check inter 5000 fastinter 1000 maxconn 1024{{end}}

backend sg_prod_service_hosts
  option httpchk GET /_status HTTP/1.0
  http-check expect status 200
  balance roundrobin{{range service "serviceservice"}}
  server {{.Node}} {{.Address}}:{{.Port}} check inter 5000 fastinter 1000 maxconn 1024{{end}}

backend sg_prod_service_hosts
  option httpchk GET /_status HTTP/1.0
  http-check expect status 200
  balance roundrobin{{range service "serviceservice"}}
  server {{.Node}} {{.Address}}:{{.Port}} check inter 5000 fastinter 1000 maxconn 1024{{end}}

backend sg_prod_service_hostsg_prod_service_hostss
  option httpchk GET /_status HTTP/1.0
  http-check expect status 200
  balance roundrobin{{range service "serviceservice"}}
  server {{.Node}} {{.Address}}:{{.Port}} check inter 5000 fastinter 1000 maxconn 1024{{end}}

backend sg_prod_service_hostsg_prod_service_hostss
  option httpchk GET /_status HTTP/1.0
  http-check expect status 200
  balance roundrobin{{range service "serviceservice"}}
  server {{.Node}} {{.Address}}:{{.Port}} check inter 5000 fastinter 1000 maxconn 1024{{end}}

backend sg_prod_service_hosts
  http-check expect status 200
  balance roundrobin{{range service "serviceservice"}}
  server {{.Node}} {{.Address}}:{{.Port}} check inter 5000 fastinter 1000 maxconn 1024{{end}}

backend sg_prod_service_hosts
  http-check expect status 200
  balance roundrobin{{range service "service"}}
  server {{.Node}} {{.Address}}:{{.Port}} check inter 5000 fastinter 1000 maxconn 50 slowstart 300s{{end}}

backend sg_prod_service_hosts
  http-check expect status 200
  balance roundrobin{{range service "service"}}
  server {{.Node}} {{.Address}}:{{.Port}} check inter 5000 fastinter 1000 maxconn 1024{{end}}

backend sg_prod_service_hosts
  http-check expect status 200
  balance roundrobin{{range service "service"}}
  server {{.Node}} {{.Address}}:{{.Port}} check inter 5000 fastinter 1000 maxconn 50 slowstart 300s{{end}}

backend sg_prod_service_hosts
  option httpchk GET /_status HTTP/1.0
  http-check expect status 200
  balance roundrobin{{range service "service"}}
  server {{.Node}} {{.Address}}:{{.Port}} check inter 5000 fastinter 1000 maxconn 1024{{end}}

backend sg_prod_service_hosts
  http-check expect status 200
  balance roundrobin{{range service "service"}}
  server {{.Node}} {{.Address}}:{{.Port}} check inter 5000 fastinter 1000 maxconn 1024 slowstart 300s{{end}}

backend sg_prod_service_hosts
  http-check expect status 200
  balance roundrobin{{range service "service"}}
  server {{.Node}} {{.Address}}:{{.Port}} check inter 5000 fastinter 1000 maxconn 1024{{end}}

backend sg_prod_service_hosts
  option httpchk GET /_status HTTP/1.0
  http-check expect status 200
  balance roundrobin{{range service "service"}}
  server {{.Node}} {{.Address}}:{{.Port}} check inter 5000 fastinter 1000 maxconn 1024{{end}}

backend sg_prod_service_hosts
  http-check expect status 200
  balance roundrobin{{range service "service"}}
  server {{.Node}} {{.Address}}:{{.Port}} check inter 5000 fastinter 1000 maxconn 50 slowstart 300s{{end}}

backend sg_prod_service_hosts
  http-check expect status 200
  balance roundrobin{{range service "service"}}
  server {{.Node}} {{.Address}}:{{.Port}} check inter 5000 fastinter 1000 maxconn 4{{end}}

backend sg_prod_service_hosts
  http-check expect status 200
  balance roundrobin{{range service "service"}}
  server {{.Node}} {{.Address}}:{{.Port}} check inter 5000 fastinter 1000 maxconn 1{{end}}

backend sg_prod_service_hosts
  option httpchk GET /_status HTTP/1.0
  http-check expect status 200
  balance roundrobin{{range service "service"}}
  server {{.Node}} {{.Address}}:{{.Port}} check inter 5000 fastinter 1000 maxconn 1024{{end}}

backend sg_prod_service_hosts
  http-check expect status 200
  balance roundrobin{{range service "service"}}
  server {{.Node}} {{.Address}}:{{.Port}} check inter 5000 fastinter 1000 maxconn 1024{{end}}

backend sg_staging_service_hosts
  option httpchk GET /_status HTTP/1.0
  http-check expect status 200
  balance roundrobin{{range service "staging_service"}}
  server {{.Node}} {{.Address}}:{{.Port}} check inter 5000 fastinter 1000 maxconn 1024 slowstart 300s{{end}}

backend sg_staging_service_hosts
  http-check expect status 200
  balance roundrobin{{range service "staging_service"}}
  server {{.Node}} {{.Address}}:{{.Port}} check inter 5000 fastinter 1000 maxconn 1024 slowstart 300s{{end}}

backend sg_staging_service_hosts
  option httpchk GET /_status HTTP/1.0
  http-check expect status 200
  balance roundrobin{{range service "staging_service"}}
  server {{.Node}} {{.Address}}:{{.Port}} check inter 5000 fastinter 1000 maxconn 1024{{end}}

backend sg_staging_service_hosts
  http-check expect status 200
  balance roundrobin{{range service "staging_service"}}
  server {{.Node}} {{.Address}}:{{.Port}} check inter 5000 fastinter 1000 maxconn 1024{{end}}

backend sg_staging_service_hosts
  option httpchk GET /_status HTTP/1.0
  http-check expect status 200
  balance roundrobin{{range service "staging_service"}}
  server {{.Node}} {{.Address}}:{{.Port}} check inter 5000 fastinter 1000 maxconn 1024{{end}}

backend sg_staging_service_hosts
  option httpchk GET /_status HTTP/1.0
  http-check expect status 200
  balance roundrobin{{range service "staging_service"}}
  server {{.Node}} {{.Address}}:{{.Port}} check inter 5000 fastinter 1000 maxconn 1024{{end}}

backend sg_staging_service_hosts
  http-check expect status 200
  balance roundrobin{{range service "staging_service"}}
  server {{.Node}} {{.Address}}:{{.Port}} check inter 5000 fastinter 1000 maxconn 1{{end}}

backend sg_staging_service_hosts
  option httpchk GET /_status HTTP/1.0
  http-check expect status 200
  balance roundrobin{{range service "staging_service"}}
  server {{.Node}} {{.Address}}:{{.Port}} check inter 5000 fastinter 1000 maxconn 1024{{end}}

backend sg_staging_service_hosts
  http-check expect status 200
  balance roundrobin{{range service "staging_service"}}
  server {{.Node}} {{.Address}}:{{.Port}} check inter 5000 fastinter 1000 maxconn 1024{{end}}

listen stats :81
  mode http
  stats uri /

@armon
Copy link
Member

armon commented Aug 11, 2015

@evanccnyc Hmm, so this looks like about ~35 services queries, and sounds like a few hundred nodes were involved.

My guess is this is similar to the issue #1154 #1165 and the other is the repro case @darron provided us. We are tracking those separately, but this seems like a related issue. We are working to address some of the read pressure issues CT causes in Consul 0.6 to increase the stability of the cluster under that kind of load.

A big improvement to his is the approach of running CT on a single node (or a few under consul lock) and storing the result template in a KV entry. Then the 100+ nodes only need to watch a single key for updates instead of 35+ endpoints. This dramatically reduces the load on the servers and helps with overall performance and stability.

@darron
Copy link
Contributor

darron commented Aug 11, 2015

To build on what @armon said - we were never able to run Consul Template with service queries across our cluster reliably once we hit around 100 nodes. Leadership transitions over and over that were really unstoppable.

If you can build the template on one of the server nodes - running under consul lock - and put the result into the KV store - a simple JSON watch on each node can easily pull it out and reload haproxy.

A few things to watch out for:

  1. Be careful you're not reloading a blank config file if something goes wrong with the CT build.
  2. Make sure to add a "wait" to Consul Template so that it can't happen every second if something's flapping - that can be painful.
  3. Build a "stop" mechanism so you can freeze the KV from being updated automatically - push out a known good one by manually updating the KV - and then fix the automatic process.
  4. Add some external logging so that you can see when it's updating and the changes. We are throwing an event and a diff at Datadog so that we can see precisely what's changing and when.
  5. We are also checksumming the version that is created and then syslogging the checksum that we write on each host - it's pretty fast and the addition of that data helps to make sure it's happening properly.

@mtchavez
Copy link
Contributor

mtchavez commented Sep 3, 2015

I am fairly certain that I just ran into this case with around 35-40 nodes, but also making attempts to use Consul Template pretty heavily. Normally the cluster has handled it well up until yesterday where the cluster of 3 was never able to be queried and all the log output made it appear that networking issues were the culprit. It has since sorted itself out with lower traffic, usage, and fewer nodes up.

@darron a few questions for you if you are able to answer:

  1. What kind of templates are you building with Consul Template? Are you doing larger files with multiple queries, using ranges, or a lot of smaller template files with few key queries?
  2. Are you building all templates for all nodes in your data centers on your consul server nodes?
  3. In your example watch what is the consulkv get hostsfile/data utility you are using to get the values?
  4. Are you using any prefix queries? Does a watch on a prefix have any difference in performance over using Consul Template with a range query over a directory?

@darron
Copy link
Contributor

darron commented Sep 3, 2015

  1. The template that caused the most problems was recursing through a list of services and building a hosts file out of the service names and ip addresses. The list of services was in the readme here.
  2. We're building a single template that works for all nodes on a single Consul server. There's always at least 1 process watching and building - we're running Consul Template using consul-lock.
  3. consulkv is just a simple shell script that we adapted to interact with the KV store:
  4. I didn't do all sorts of performance checks on Consul Template - we just moved the building process to the server nodes and that solved our problems.

Consul 0.6 should address some of the performance problems - we're anxiously awaiting that - we still likely won't move the build process to the nodes - it's not needed.

If you're using AWS - we also found some issues with heavy usage and networking here - there were several things that helped to correct it - the Xen "rides the rocket" fix was very important.

@slackpad slackpad mentioned this issue Sep 21, 2015
Closed
@slackpad
Copy link
Contributor

Consul 0.6 did rework the state store and increased read throughput, we've also introduced some tunes in https://www.consul.io/docs/guides/performance.html to help here, and Consul Template got https://github.com/hashicorp/consul-template#de-duplication-mode to help when there are a massive number of renderers of the same template.

@ekmixon ekmixon mentioned this issue Nov 4, 2023
Open
@ekmixon ekmixon mentioned this issue Dec 1, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@darron @mtchavez @armon @slackpad @evanccnyc