roadmap icon indicating copy to clipboard operation
roadmap copied to clipboard
verified publisher icon docker

HAProxy external health checks being killed, only on RHEL9/10 based OS

Open nmcc1212 opened this issue 4 months ago • 1 comments

Detailed Description of the Problem

When using external health checks on Almalinux 9, Almalinux 10 and Rocky 9 with HAProxy running in docker, the healthchecks are being killed [WARNING] (8) : kill 12 even if the external check is something simple like

echo "my test"
exit 0

But when running on Ubuntu (24.04) or macOS it works perfectly fine

Expected Behavior

HAProxy should run the health check script successfully (and not kill it) on Almalinux 9 as it does when using Ubuntu/macOS

Steps to Reproduce the Behavior

  1. git clone https://gist.github.com/nmcc1212/ddf90e337653da1b8d3f6a73436b73c9
  2. cd ddf90e337653da1b8d3f6a73436b73c9
  3. chmod +x primary-check.sh
  4. docker compose up

(on almalinux 9) the below output

haproxy  | [NOTICE]   (1) : Initializing new worker (8)
haproxy  | [NOTICE]   (1) : Loading success.
haproxy  | [WARNING]  (8) : kill 12
haproxy  | [WARNING]  (8) : Server primary/t1 is DOWN, reason: External check timeout, code: 0, check duration: 3003ms. 1 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
haproxy  | [WARNING]  (8) : kill 13
haproxy  | [WARNING]  (8) : Server primary/t2 is DOWN, reason: External check timeout, code: 0, check duration: 3002ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
haproxy  | [ALERT]    (8) : proxy 'primary' has no server available!
haproxy  | [WARNING]  (8) : kill 14
haproxy  | [WARNING]  (8) : kill 15
haproxy  | [WARNING]  (8) : kill 16
haproxy  | [WARNING]  (8) : kill 17
Image

(on ubuntu 24.04 and macOS Tahoe) - works as expected

haproxy  | [NOTICE]   (1) : Initializing new worker (8)
haproxy  | [NOTICE]   (1) : Loading success.
haproxy  | my test
haproxy  | my test
haproxy  | my test
Image

Configuration?

see https://gist.github.com/nmcc1212/ddf90e337653da1b8d3f6a73436b73c9

Additional Information

both Ubuntu 24.04 and Almalinux 9 vms are using Docker version 28.4.0, build d8eb465 A HAProxy dev was able to reproduce too both on Alma 9 and 10 See https://github.com/haproxy/haproxy/issues/3142 and https://forums.almalinux.org/t/haproxy-external-health-checks-being-killed-running-in-docker/6627/15 for more info

Already Tried

Disabling SELinux adding seccomp=unconfined to container am able to execute script from within the haproxy container when exec’d in am able to execute script from within a busybox container Works when using podman nothing useful in /var/log/messages (see HAProxy prematurely killing healthchecks on Almalinux 9 (running in Docker) · Issue #3142 · haproxy/haproxy · GitHub)

nmcc1212 avatar Oct 13 '25 10:10 nmcc1212

Got exactly same behavior with Rocky 8, Docker 28.5.1, disabled SELinux

akurdyukov avatar Oct 28 '25 10:10 akurdyukov