Hi guys
I'm wondering what ways of stopping *new* connections from hitting
backend nodes?
1) From the docs:
https://github.com/haproxy/haproxy-1.5/blob/master/doc/architecture.txt
under section '4.2 Soft-stop using backup servers', there is a
suggestion to set up iptables PREROUTING redirection from some other
ports and define same servers as backup (with same cookie name).
Since the docs are pretty old I'm wondering is this way of taking
servers down without killing sessions still viable?
If it is, I have a cleaner solution - run backend servers on 2 ports
(for examlpe Listen *:80 and Listen *:81), and just use firewall to drop
connections when we want to down a server.
Other then that, I don't quite understand principle behind this. Backup
servers should be used only when all nodes are down, and since only one
node is down how come backupA gets used for connections with cookie A ?
And, if the backup server is fully activated, how come it doesn't server
new incoming connections, which would make this excercise totally pointless?
2) Maintenance mode
Turning node to maintenance mode through socket is second solution. But
just to make sure I wanted to ask - will that kill sessions, or leave
them alive until they finish/expire?
3) Rejecting new packets?
I know this is a kludge, but just for the state of the argument, if I run:
iptables -I INPUT -p tcp --dport 80 -m state --state NEW -j REJECT
From my understanding, this would mark webserver as down in haproxy,
which would stop sending new connections to this specific node, but what
after that? Would it redispatch existing connections forcefully? How do
option redispatch and option persist play with this?
