How about writing a bash script that checks LDAP status somehow and have
this script managed by xinetd?
The script should return "HTTP/1.1 200 OK\r\n" if the LDAP server is
fine or something else if not (e.g. "HTTP/1.1 503 Service Unavailable\r\n").
Xinetd could be configured in such a way that the script is invoked upon
connecting to a defined port, let's say 9200.
Then, we could have on the HAProxy configuration something like this:
listen LDAP IP:389
mode tcp
option httpchk
server ldap_srv1 ip:389 check port 9200 inter 5000 rise 3 fall 3
What would you think of that approach?
unai
Willy Tarreau wrote:
On Mon, Jan 19, 2009 at 10:16:46PM +0100, Jordi Espasa wrote:
Jordi's question got me thinking. Does haproxy support externally
scripted healthchecks? If not, this would be useful for implementing a
variety of healthchecks that aren't built into haproxy.
Yes. It would be a very cool feature.
No it does not. Yes it would be cool, but it's somewhat incompatible
with chroot. The possible long-term solutions include :
- shared library support, in order to load external plugins,
including complex health-checks plugins ;
- performing the checks in an independant process. That would
be very nice since it would allow better support for
multi-process usage.
Another solution would be to state that chroot is incompatible
with external scripts, and let the user make a choice. Maybe we
can try to think about the required parameters for an external
script, and see how that could be implemented. We might even
reuse some parts of what I had developped for Keepalived (VRRP
tracking scripts). It was quite advanced (cache of last result,
etc...), and keepalived's and haproxy's architectures are quite
similar.
Now, speaking about the LDAP checks, I was about to implement
one in the past due to a customer's need, and finally let go
because the customer was not interested due to some aspects
which were not covered (detection of end of replication). So
right now there's no LDAP check.
Regards,
willy
