[ZBX-13060] Server continuously attempts to poll mis-configured passive proxy Created: 2017 Nov 17  Updated: 2024 Apr 10  Resolved: 2018 Jan 28

Status: Closed
Project: ZABBIX BUGS AND ISSUES
Component/s: Server (S)
Affects Version/s: 3.4.5rc1, 4.0.0alpha1
Fix Version/s: 3.4.7rc1, 4.0.0alpha3, 4.0 (plan)

Type: Problem report Priority: Trivial
Reporter: Glebs Ivanovskis (Inactive) Assignee: Viktors Tjarve
Resolution: Fixed Votes: 0
Labels: configuration, logging, passiveproxy
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Sub-task
depends on ZBX-12974 Incorrect handling of passive proxy w... Closed
Team: Team A
Sprint: Sprint 21, Sprint 22, Sprint 23, Sprint 25, Sprint 26
Story Points: 1

 Description   

Pre-3.4 versions have the same issue, but starting with 3.4 it becomes a bit more painful due to hardcoded 1 second task sending period.

Steps to reproduce:

  1. Create new proxy in Administration->Proxies
  2. Choose Proxy mode: Passive
  3. Put non-existing and non-numeric macro in Port
  4. See server's log file

Similar result can be achieved if you choose TLS connection to be used with proxy and server does not support it.

Result:
Every second there is a message about failed connection to proxy.
Expected:
Since the root cause of connection failure is misconfiguration there is no chance it can be solved sooner than next reload of configuration cache by server. It makes no sense to continue polling mis-configured passive proxy until then.

Similar woes with invalid item update intervals were faced and solved in ZBXNEXT-1675.

 Comments   
Comment by richlv [ 2018 Jan 16 ]

Since the root cause of connection failure is misconfiguration there is no chance it can be solved sooner than next reload of configuration cache by server. It makes no sense to continue polling mis-configured passive proxy until then.

the misconfiguration could be on the proxy side, right (the TLS scenario) ? in that case it could have been resolved sooner than the next config cache update.
non-numeric port is unlikely to be solved, but in that case maybe it's better to validate this when building the config cache and not even attempt such a connection ?

Comment by Viktors Tjarve [ 2018 Jan 17 ]

Changes here will apply only to cases when TLS had not been included onto configuration of server or port is specified as non-existing macro. So this all is server side specific when the intention is to use passive proxy.

Comment by richlv [ 2018 Jan 17 ]

sort of blacklisting known bad cases ? if so, sounds great - thank you for the update.

Comment by Glebs Ivanovskis (Inactive) [ 2018 Jan 17 ]

maybe it's better to validate this when building the config cache

That's arguable for the following reasons:

  1. config cache update blocks the whole operation of Zabbix server/proxy, situation has improved, but still, not good to add additional checks here;
  2. config cache operations and logging are both using mutexes, there is a chance of deadlocks if they are mixed up without care.

Maybe it's better to not let faulty configurations into DB. I'm looking at you, API

Comment by richlv [ 2018 Jan 17 ]

a very good point. i don't have a solution for it, unfortunately.
parallel, non-blocking cache build process has been discussed, but it would double the memory usage for the cache.
even if api was improved, or even moved into the server, a bit of defensive programming could be helpful - unexpected config has always appeared in the db. the more resilient the server is to that, the better.

Comment by Andris Mednis [ 2018 Jan 25 ]

Successfully tested. See proposed modifications in r77155, r77157, r77158, r77159, r77163, r77164, r77165, r77166.

<viktors.tjarve> These all are good changes. CLOSED

Comment by Viktors Tjarve [ 2018 Jan 25 ]

Released in:

  • 3.4.7rc1 r77204
  • 4.0.0alpha3 r77205
Generated at Fri Apr 26 17:42:04 EEST 2024 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.