On Wed, Oct 14, 2020 at 03:35:30PM +0200, Tim Düsterhus wrote:
> I believe I already said it somewhere: The most valuable thing about
> monitor-uri is that it does not create entries within the access log. I
> don't think that can be replicated with http-request return as of now,
> but I am happy to learn otherwise.
I recently had to implement some health-of-HAProxy work, and went with
lua-services since HAProxy 1.8 didn't have 'http-request return', but the other
parts of the solution are still relevant.

'http-request set-log-level silent if ...' was the key to NOT logging the
health-checks of HAProxy.

The Lua service used in the below is fairly trivial, but it's in Lua rather
than errorfiles or something else, as we had some dynamic data built into it,
and that worked will with existing code.

Rest of what I had built:
# Fill these in with something meaningful for your use-case:
acl haproxy_maint ... # map or dynamic-acl
acl haproxy_drain ... # map or dynamic-acl
acl haproxy_drain stopping eq 1
acl health_permitted_src src ... # what IPs are allowed to health-check

# All of the paths:
acl health_ANY path -m beg /haproxy-health/
# Usual check point:
acl health_check path -m str /haproxy-health/check
# Special cases if you want to force an output:
acl health_force_up path -m str /haproxy-health/force-up
acl health_force_ready path -m str /haproxy-health/force-ready
acl health_force_down path -m str /haproxy-health/force-down
acl health_force_drain path -m str /haproxy-health/force-drain
acl health_force_maint path -m str /haproxy-health/force-maint

# Deny unauthorized access to healthcheck
# This will be logged!
http-request set-log-level warning if health_ANY !health_permitted_src
http-request deny if health_ANY !health_permitted_src

# Make normal access to healthcheck silent, so it does not spam logs
http-request set-log-level silent if health_ANY health_permitted_src

# Forced states
# all implicit health_permitted_src in these:
http-request use-service lua.health_up if health_force_up
http-request use-service lua.health_ready if health_force_ready
http-request use-service lua.health_down if health_force_down
http-request use-service lua.health_drain if health_force_drain
http-request use-service lua.health_maint if health_force_maint

# Actual check:
# all implicit health_permitted_src in these:
# 1. If the sysadmin created a maint flag, return that
http-request use-service lua.health_maint if health_check haproxy_maint
# 2. If HAProxy is stopping, return a DRAIN state
http-request use-service lua.health_drain if health_check haproxy_drain
# 3. If the backend is up, return up
http-request use-service lua.health_up if health_check
# 4. If the backend is down, return down
http-request use-service lua.health_down if !health_check

Robin Hugh Johnson
E-Mail     : robb...@orbis-terrarum.net
Home Page  : http://www.orbis-terrarum.net/?l=people.robbat2
GnuPG FP   : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85

Attachment: signature.asc
Description: PGP signature

Reply via email to