Why is Varnish not probing the backend server?

Question

I have two backends for a Varnish configuration. The first backend works fine, the second backend seems to be completely ignored by Varnish. It seems that the .probe on the second backend is ignored in the sense that it never attempts to query the backend server. I say this because a tcpdump and logs on the backend server reveals no traffic at all.

A regular curl to the second backend server works well.

I've got the following configuration for a Varnish server.

vcl 4.0;

# import directors VMOD
import directors;

# define backend servers
backend apitomcat01 {
    .host = "apitomcat1";
    .port = "8080";
    .probe = {
        .timeout = 5s;
        .interval = 10s;
        .window = 10;
        .threshold = 3;
        .request =
            "HEAD /api3/health HTTP/1.1"
            "User-Agent: varnish-health"
            "Host: apitomcat1:8080"
            "Connection: Close"
            "Accept: */*"
            "Authorization: Basic ABCDEFGH";
    }

}
backend apitomcat02 {
    .host = "apitomcat2";
    .port = "8081";
    .probe = {
        .timeout = 5s;
        .interval = 10s;
        .window = 10;
        .threshold = 3;
        .request =
            "HEAD /api3/health HTTP/1.1"
            "User-Agent: varnish-health"
            "Host: apitomcat2:8081"
            "Connection: Close"
            "Accept: */*"
            "Authorization: ABCDEFGH";
    }

}

# create tomcat director
sub vcl_init {
    new tomcat = directors.round_robin();
    tomcat.add_backend(apitomcat01);
    tomcat.add_backend(apitomcat02);
}

sub vcl_recv {
    # send all traffic to the tomcat director:
    set req.backend_hint = tomcat.backend();

    # pass all traffic - do not perform any caching for now
    return (pass);
}

*It is intentional that apitomcat01 and apitomcat02 use different ports.

Why is it that the apitomcat02 probe never seem to send any requests to apitomcat2? When i run tcpdump -P inout | grep "apitomcat2" nothing happens. I would expect at least to see the probe requests.

When i run backend.list, I get the following.

200
Backend name                   Refs   Admin      Probe
apitomcat01(192.168.41.51,,8080) 2      probe      Healthy 10/10
apitomcat02(192.168.41.52,,8081) 1      probe      Sick 0/10

When I run debug.health, I get the following.

200        
Backend apitomcat01 is Healthy
Current states  good: 10 threshold:  3 window: 10
Average responsetime of good probes: 0.068237
Oldest                                                    Newest
================================================================
4444444444444444444444444444444444444444444444444444444444444444 Good IPv4
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Good Xmit
RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR Good Recv
HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH Happy
Backend apitomcat02 is Sick
Current states  good:  0 threshold:  3 window: 10
Average responsetime of good probes: 0.000000
Oldest                                                    Newest
================================================================
---------------------------------------------------------------- Happy

What is the output of ```varnishlog -g raw -i Backend_health```? Run it for a minute and post the output here, please. — Danila Vershinin, May 29 '17 at 13:25
Turned out, after troubleshooting the issue for 3 hours, that SELinux was preventing varnish to contact the backends. SELinux had previously been disabled, but after restarting the server it went active again. — sbrattla, May 29 '17 at 13:44

Why is Varnish not probing the backend server?

0 Answers0