Is there a way to specify a program to run to do health checks with HAProxy? Right now, I do custom health checking by running a checking daemon started by x/inetd. So I set haproxy to do check against a different port (server ... check address localhost port somethingelse inter ....). Then connecting to that somethingelse port spawns a simple perl script launched by inetd, and that perl script in turn connects to my real server, checks for health, and then outputs HTTP 200 code if my real service is ok or HTTP 503 if it isn't.
I was hoping I could skip that process, if haproxy had the option to simply run the script itself and said script simply returned 0 or 1 (or HTTP 200/503 is ok too.) Ideally, if the script could be given an argument of the IP address of the server being checked. Perhaps part of this is because you don't want to have haproxy be possibly held hostage by some end-user script? For the most part, a basic TCP connection check is probably enough. But for some things, I'd like a full featured or more thorough check than that. Checking a MySQL server is a good example, where if you make too many TCP connections to the MySQL server and then just disconnect (having "verified" the health of the MySQL server via a basic tcp-connection check), the MySQL server will disallow connections from that source. Yes, that's configurable, but you get the idea. So I have a local perl script that connects to the MySQL server, makes a tiny query, compares the output of the query against a known good value (or whatever other logic you want), and then outputs HTTP 200/503 depending on what happened. Next, I think this is related to what Willy warned about in a previous thread about the default syslogd being slow. I fired off a giant batch of requests at my haproxy, and there were a lot of error/warning msgs on my window about log and no resources or something. Since the msgs didn't actually get logged but simply printed on the screen, I don't recall what that was. So for those of you who are running high rate connections, if you haven't yet switched away from basic syslogd, you might want to consider that. I just did "dontlog-normal" and I've never seen that come up again. incidentally, why is it "dontlognull" and not "dontlog-null" just to match the "dontlog-normal" syntax? Finally, I'm using Keeepalived to do the failover of the load-balancer actually running haproxy. This part isn't really a haproxy question per se, but since I'm here :) I can specify specific vrrp_scripts and whatnot in keepalived, and if there was a way to take advantage of that, I suppose that might work. But I'd like to keeep the load-balancing and health-checking w/in haproxy if possible, and leave the failover of the load-balancer itself to keepalived (or the vrrp part of keepalived, since I'm not using the virtual-server part of it.) Yes, keepalived could actually do both that and act as a load-balancer (thus removing haproxy from this entire setup.) But I don't have control over the actual real-servers, and thus can't change any of their configuration (namely setting the realserver's default gateway to be the keepalived server for LVS-NAT setup.) Hence, haproxy was my next (and frankly much easier) solution to the load-balancing part of the equation (and still use keepalived on my LB to do failover of the LBs.) Thank you, PH
