Hi guys,
Thanks for the responses, my replies are below!
On 2 May 2013 17:48, Lukas Tribus <luky...@hotmail.com> wrote:
>> I always receive a HTTP 200 response to my browser
>
> How do you know that?
tcpdump
> In what condition does this happen (when you have less than 2
> backends alive or even with 2 or more backends alive?)
With 2, 1, or 0 back ends alive (I have been adding iptables rules to
the Apache servers [there are two] one at a time so that haproxy
backend server checks fail, and I can see this reflected in the
haproxy log) .
>> default_backend http--servers
>> [...]
>> backend http-servers
> The config doesn't seem to match
That was just a typo from me copying the config into my original
email, sorry about that!
> Please post the output of haproxy -vv.
sudo haproxy -vv
HA-Proxy version 1.4.8 2010/06/16
Copyright 2000-2010 Willy Tarreau <w...@1wt.eu>
Build options :
TARGET = linux26
CPU = generic
CC = gcc
CFLAGS = -O2 -g
OPTIONS =
Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200
Encrypted password support via crypt(3): yes
Available polling systems :
sepoll : pref=400, test result OK
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 4 (4 usable), will use sepoll.
On 2 May 2013 22:39, Bryan Talbot <btal...@aeriagames.com> wrote:
> On Thu, May 2, 2013 at 8:55 AM, James Bensley <jwbens...@gmail.com> wrote:
>>
>> acl backend_down nbsrv(http--servers) lt 2 # HAProxy can see
>> lee than 2 backend servers
>> monitor-uri /checkuri
>> monitor-net 172.22.0.0/24
>
> What's the address of the computer making the requests? If it's in the
> 172.22.0.0/24 network, all responses for any URI will be 200 as long as
> "monitor fail" is false.
Ah! This was the information I was missing. I changed that to a /32
and tried from another machine and the behaviour is now more like what
I expected is seen. The other machine passes through haproxy to the
backends as it should, and requests to the monitor URL return 404,
which is what I wanted.
However I do still have another problem, I always get HTTP 200 from
the machine in "monitor-net". I can add an iptables rules on either of
my two Apache servers or both, to stop haproxy from contacting them
(which I can verify via tcpdump on Apache and tcpump on the haproxy
server. I can see it can't get past TCP syn because there is no
syn-ack back from the apache servers).
This first paste bin entry shows the haproxy server detecting the
first Apache server as down, I browse to my monitor uri and as you can
see from the tcpdump output, I get HTTP 200 back:
http://pastebin.com/raw.php?i=va57gf0K
In this second paste bin entry I have added the log line from haproxy
after adding a drop rule to the second Apache server iptables config,
you can see here that haproxy can now see neither Apache server. yet I
still get HTTP 200; http://pastebin.com/raw.php?i=bPcNP8kH
If anyone can shed any light on this I would be very grateful.
Cheers,
James.
