Hi Dmitri, On Tue, Jul 13, 2010 at 06:20:57PM -0700, Dmitri Smirnov wrote: > However, elastic Ips are not exactly what they seem. While the > public DNS names and addresses remain the same, for within > the cloud connections they still resolve to internal 10 dot addresses. > > Those can change when instances go up and down. Because haproxy caches the > actual addresses from the start it presents a problem.
Well, quite honnestly, don't you think that the *real* problem is having a server whose address randomly changes ? Not only it does prevent anything from working reliably, it also poses a security issue : any server might receive traffic it should never have received. > The only solution that I could think of is to have a side cron job that > would check for the backend addresses change and force haproxy graceful > restart. This creates an outage window however small. You could also rely on haproxy's logs indicating that a server went down. That way it would be detected earlier. Also, there's no real outage window, it's just that one of your servers is not in the pool anymore, unless someone else has been reassigned your previous IP address and takes your traffic. > While haproxy is a old school design that avoids playing with dynamic > DNS, this is the cloudy reality. It would be nice if there was a way to > ask haproxy to re-resolve backend entries. Haproxy is designed with security and reliability as primary goals, and among other things, it chroots itself once started. This also means that once started, it will not be able to resolve anything anymore. One thing we might think about would be to be able to replace a server's address from the unix socket. But quite frankly, it would be cleaner to remove the server and create a new one, because today you're asking to replace an IP address and tomorrow you'll come saying that amazon has broken other well-established standards to save a little more fake resources, and we'll get other trouble. In fact, there is zero technical reason to have dynamic IPs on a server. I sometimes wonder if they're not doing that just to sell you their own LB solutions which can take care of that ! > Is there any other solution out there? Am I missing something? In my opinion, there are a lot of other clouds that work cleanly and which don't play with their customer's addresses all the day. Having a few instances running at vps.net, I can't even imagine why I would have to suffer any unexpected IP address change. Also, there are commercial solutions such as RightScale to address EC2's shortcomings. They will completely manage your farm and your haproxy config so that you don't have to care about these addresses issues. Regards, Willy
