Re: [PATCH] [MINOR] CSS HTML fun
On Mon, Oct 12, 2009 at 11:39:54PM +0200, Krzysztof Piotr Oledzki wrote: From 6fc49b084ad0f4513c36418dfac1cf1046af66da Mon Sep 17 00:00:00 2001 From: Krzysztof Piotr Oledzki o...@ans.pl Date: Mon, 12 Oct 2009 23:09:08 +0200 Subject: [MINOR] CSS HTML fun This patch makes stats page about 30% smaller and CSS 2.1 + HTML 4.01 Transitional compliant. There should be no visible differences. Changes: - add missing /ul End tag for ul is optional according to http://www.w3.org/TR/html401/struct/lists.html#edef-UL
Re: [PATCH] [MINOR] CSS HTML fun
Hello, 2009/10/13 Dmitry Sivachenko mi...@cavia.pp.ru: End tag for ul is optional according to really? Something new to me :) http://www.w3.org/TR/html401/struct/lists.html#edef-UL hmm. /li is optional (implied by next li or closing /{u,o}l, /{u,o}l not? !ELEMENT UL - - (LI)+ -- unordered list -- !ATTLIST UL %attrs; -- %coreattrs, %i18n, %events -- !ELEMENT OL - - (LI)+ -- ordered list -- !ATTLIST OL %attrs; -- %coreattrs, %i18n, %events -- Start tag: required, End tag: required the line stating Start tag: required, End tag: optional is for the li Just my 2cent Beni.
Re: [PATCH] [MINOR] CSS HTML fun
On Tue, Oct 13, 2009 at 02:16:12PM +0200, Benedikt Fraunhofer wrote: Hello, 2009/10/13 Dmitry Sivachenko mi...@cavia.pp.ru: End tag for ul is optional according to really? Something new to me :) OMG, sorry, I am blind. Forget about that.
RE: multiple applications using HAproxy LB
Hi, Ryan Sorry, I might not have explained this clearly. What I need is explained here: http://agiletesting.blogspot.com/2009/02/load-balancing-in-amazon-ec2-with.html However, I am having problem of acl Boolean statement: acl acl_domain1 url_sub domain1 -i acl acl_domain2 url_sub domain2 -i use_backend domain1_farm if acl_domain1 use_backend domain2_farm if acl_domain2 default_backend default_farm it seems that those url_sub domain* statement will never be true. If I change it to acl acl_domain1 always_true it obviously hit domain1_farm. Is there a way to see the value of url? BTW: are you the Ryan graduated from UCB and worked for a female professor in bioinformatics field? Thanks Xia -Original Message- From: randa...@bioinfo.wsu.edu [mailto:randa...@bioinfo.wsu.edu] Sent: Monday, October 12, 2009 3:39 PM To: Ryan Schlesinger Cc: haproxy@formilux.org; xji...@xignite.com Subject: Re: multiple applications using HAproxy LB I am using Nginx in front of HAProxy to provide similar functionality. I personally like Nginx because it is a little lighter in terms of resources, but that is just my opinion. Apache would work well to. Thanks, Randall Svancara Systems Administrator/DBA/Developer Main Bioinformatics Laboratory - Original Message - From: Ryan Schlesinger r...@instanceinc.com To: xji...@xignite.com Cc: haproxy@formilux.org Sent: Monday, October 12, 2009 2:42:20 PM Subject: Re: multiple applications using HAproxy LB It sounds like what you really want is to put apache (or some other web server) in front of haproxy to do name based virtual hosting. Requests for your two domains would work like this: client - apache:80 (domain1 virtual host) - haproxy:8080 client - apache:80 (domain2 virtual host) - haproxy:8081 I'm using mod_rewrite in different virtual hosts to proxy requests to haproxy in exactly this way. Also, in this setup, a request to http://ec2XX.compute-1.amazonaws.com /xhaproxy214591 would be caught by your first (default) virtual host and proxied correctly to haproxy. I hope I understood your question correctly. Ryan On 10/12/2009 02:30 PM, Xia Jiang wrote: Hello, I have a question regarding configuration for multiple applications using Haproxy. What I want: use Haproxy to handle LB among multiple instances, which each instance can have more than one servers. What I have: ~~~ # Configuration for one application: listen domain1 :8080 mode http balance roundrobin option httpclose option forwardfor stats uri /xhaproxy214591 option httpchk GET /healthcheck214591.php # Example server line (with optional cookie and check included) server i-41319a29 10.251.75.47:80 check inter 3000 rise 2 fall 3 maxconn 650 server i-41319a29 10.251.75.48:80 check inter 3000 rise 2 fall 3 maxconn 650 listen domain2 :8081 mode http balance roundrobin option httpclose option forwardfor stats uri /xhaproxy214591 option httpchk GET /healthcheck214591.php # Example server line (with optional cookie and check included) server i-71319a19 10.208.217.220:80 check inter 3000 rise 2 fall 3 maxconn 650 server i-71319a19 10.208.218.220:80 check inter 3000 rise 2 fall 3 maxconn 650 Question: 1. Do I have to set the one of the application port numbers to be 80? Otherwise it won’t show me the status page. 2. By setting one of the port number to be “80”, I can’t access the other application. i.e, by setting domain1 port number to be 80, by hitting http://ec2XX.compute-1.amazonaws.com , I can see the index page of “10.251.75.47” or “10.251.75.48” but I can’t view “10.208.217.220” or “10.208.218.220” by hitting http://ec2XX.compute-1.amazonaws.com :8081 Thanks! Your answer will be greatly appreciated. Xia
[PATCH] [MINOR] Collect provide http response codes received from servers
From a3aac1f1149db0b52dc66f9e70e5ab8d14418b71 Mon Sep 17 00:00:00 2001 From: Krzysztof Piotr Oledzki o...@ans.pl Date: Tue, 13 Oct 2009 21:14:09 +0200 Subject: [MINOR] Collect provide http response codes received from servers Additional data is provided on both html csv stats: - html: when passing a mouse over Sessions - Total (servers, backends) - cvs: by 6 additional fields (hrsp_1xx, hrsp_2xx, hrsp_3xx, hrsp_4xx, hrsp_5xx, hspr_other) Patch inspired by: http://www.formilux.org/archives/haproxy/0910/2528.html http://www.formilux.org/archives/haproxy/0910/2529.html --- doc/configuration.txt|6 +++ include/types/counters.h | 12 ++ src/dumpstats.c | 85 - src/proto_http.c |8 4 files changed, 101 insertions(+), 10 deletions(-) diff --git a/doc/configuration.txt b/doc/configuration.txt index 65a8cef..ef768f8 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -6726,6 +6726,12 @@ page. Both means provide a CSV format whose fields follow. L7STS - layer 7 response error, for example HTTP 5xx 37. check_code: layer5-7 code, if available 38. check_duration: time in ms took to finish last health check + 39. hrsp_1xx: http responces with 1xx code + 40. hrsp_2xx: http responces with 2xx code + 41. hrsp_3xx: http responces with 3xx code + 42. hrsp_4xx: http responces with 4xx code + 43. hrsp_5xx: http responces with 5xx code + 44. hrsp_other: http responces with other codes (protocol error) 9.2. Unix Socket commands diff --git a/include/types/counters.h b/include/types/counters.h index 6dfef22..f551bf0 100644 --- a/include/types/counters.h +++ b/include/types/counters.h @@ -38,6 +38,12 @@ struct pxcounters { long long denied_req, denied_resp; /* blocked requests/responses because of security concerns */ long long failed_req; /* failed requests (eg: invalid or timeout) */ + union { + struct { + long long rsp[6]; /* http resonse codes */ + } http; + } p; + long long failed_conns, failed_resp;/* failed connect() and responses */ long long retries, redispatches;/* retried and redispatched connections */ }; @@ -69,6 +75,12 @@ struct srvcounters { long long retries, redispatches;/* retried and redispatched connections */ long long failed_secu; /* blocked responses because of security concerns */ + union { + struct { + long long rsp[6]; /* http resonse codes */ + } http; + } p; + long long failed_checks, down_trans;/* failed checks and up-down transitions */ }; diff --git a/src/dumpstats.c b/src/dumpstats.c index 849e2da..522c3f8 100644 --- a/src/dumpstats.c +++ b/src/dumpstats.c @@ -244,6 +244,7 @@ int print_csv_header(struct chunk *msg) pid,iid,sid,throttle,lbtot,tracked,type, rate,rate_lim,rate_max, check_status,check_code,check_duration, + hrsp_1xx,hrsp_2xx,hrsp_3xx,hrsp_4xx,hrsp_5xx,hspr_other, \n); } @@ -1300,6 +1301,8 @@ int stats_dump_proxy(struct session *s, struct proxy *px, struct uri_auth *uri) %u,%u,%u, /* check_status, check_code, check_duration */ ,,, +/* http response: 1xx, 2xx, 3xx, 4xx, 5xx, other */ +,, \n, px-id, px-feconn, px-counters.feconn_max, px-maxconn, px-counters.cum_feconn, @@ -1391,6 +1394,8 @@ int stats_dump_proxy(struct session *s, struct proxy *px, struct uri_auth *uri) ,,, /* check_status, check_code, check_duration */ ,,, +/* http response: 1xx, 2xx, 3xx, 4xx, 5xx, other */ +,, \n, px-id, l-name, l-nbconn, l-counters-conn_max, @@ -1467,16 +1472,32 @@ int stats_dump_proxy(struct session *s, struct proxy *px, struct uri_auth *uri) td%s/tdtd%s/tdtd%s/td /* sessions rate : current, max, limit */ td%s/tdtd%s/tdtd/td -/* sessions : current, max, limit, total, lbtot */ +/* sessions: current, max, limit */ td%s/tdtd%s/tdtd%s/td -
Re: Small patch for the appsession feature
Le lundi 12 octobre 2009 23:17:43, Aleksandar Lazic a écrit : Hi Cyril, good catch. +} + +/* -#if defined(DEBUG_HASH) -Alert(manage_client_side_cookies\n); - appsession_hash_dump((t-be-htbl_proxy)); -#endif After a quick look I think it would be nice to dump the sessions also in the client. Yes, you're right, I missed it after several tests on different snapshots. Here comes a second patch to reintroduce these debug lines : diff -Naur haproxy-1.4-dev4-appsession/src/proto_http.c haproxy-1.4-dev4-appsession2/src/proto_http.c --- haproxy-1.4-dev4-appsession/src/proto_http.c2009-10-12 21:56:38.0 +0200 +++ haproxy-1.4-dev4-appsession2/src/proto_http.c 2009-10-13 21:26:19.0 +0200 @@ -3862,6 +3862,10 @@ /* Cool... it's the right one */ manage_client_side_appsession(t, p3); +#if defined(DEBUG_HASH) + Alert(manage_client_side_cookies\n); + appsession_hash_dump((t-be-htbl_proxy)); +#endif }/* end if ((t-proxy-appsession_name != NULL) ... */ } @@ -4450,6 +4454,10 @@ request_line += t-be-appsession_name_len + 1; manage_client_side_appsession(t, request_line); +#if defined(DEBUG_HASH) + Alert(get_srv_from_appsession\n); + appsession_hash_dump((t-be-htbl_proxy)); +#endif } -- Cyril Bonté
RE: Problems with long connect times
netstat -ant | grep tcp | tr -s ' ' ' ' | awk '{print $6}' | sort | uniq -c 193 CLOSE_WAIT 316 CLOSING 215 ESTABLISHED 252 FIN_WAIT1 4 FIN_WAIT2 1 LAST_ACK 10 LISTEN 237 SYN_RECV 61384 TIME_WAIT So, clearly there's a time_wait problem. I've already tuned the kernel to set the time_wait counter to 20 seconds (down from 60). I'm tempted to crank it down further, although googling around recommends against it. Is it possible to up the number of outstanding time_wait connections? This host looks like it's hitting a 65536 connection limit. -Original Message- From: Hank A. Paulson [mailto:h...@spamproof.nospammail.net] Sent: Monday, October 12, 2009 9:14 PM To: haproxy@formilux.org Subject: Re: Problems with long connect times A couple of guesses you might look at - I have found the stats page to show deceptively low numbers at times. You might want to check the http log stats that show the global/frontend/backend queue numbers around the time those requests. My guess is that the cases where you are seeing 3 second times it is that the backends are slow to connect or they have reached maxconn. Also, you might want to double check that the clients are sending the requests in a timely fashion. netstat -ant | wc -l do you have conntrack running as in the recent situation here on the ml? Any other messages in /var/log/messages? netstat -s have any growing stats? I assume you have lots backends if they are all at only maxconn 20 On 10/12/09 5:15 PM, Jonah Horowitz wrote: I'm having a problem where occasionally under load, the time to complete the tcp handshake is taking much longer than it should: Picture (Device Independent Bitmap) My suspicion is that the number of connections available to the haproxy server are some how constrained and it can't answer connections for a moment. I'm not sure how to debug this. Has anyone else seen something like this? According to the haproxy stats page, I've never come close to my connection limit. I'm using about 1000 concurrent connections and my request rate maxes out at 4400 requests per second. I'm not seeing any messages in dmesg or my /var/log/messages. I'm running 1.4-dev3 on Linux 2.6.30.5. My config is below: TIA, Jonah --- compile options --- make USE_REGPARM=1 USE_STATIC_PCRE=1 USE_LINUX_SPLICE=1 TARGET=linux26 CPU_CFLAGS='-O2 -march=x86-64 -m64' --- config --- global maxconn 2000 pidfile /usr/pkg/haproxy/run/haproxy.pid stats socket /usr/pkg/haproxy/run/stats log /usr/pkg/haproxy/jail/log daemon user daemon group daemon defaults timeout queue 3000 timeout server 3000 timeout client 3000 timeout connect 3000 option splice-auto frontend stats bind :8080 mode http use_backend stats if TRUE backend stats mode http stats enable stats uri /stats stats refresh 5s frontend query log global option dontlog-normal option httplog bind :80 mode http use_backend query if TRUE backend query mode http balance roundrobin option httpchk GET /r?q=LOOKSMARTKEYWORDLISTINGMONITORisp=DROPus option forwardfor option httpclose server foo1 foo1:8080 weight 150 maxconn 20 check inter 1000 rise 2 fall 1 server foo2 foo2:8080 weight 150 maxconn 20 check inter 1000 rise 2 fall 1 server foo2 foo3:8080 weight 150 maxconn 20 check inter 1000 rise 2 fall 1 ...
Re: Small patch for the appsession feature
On Die 13.10.2009 21:34, Cyril Bonté wrote: Le lundi 12 octobre 2009 23:17:43, Aleksandar Lazic a écrit : Yes, you're right, I missed it after several tests on different snapshots. Here comes a second patch to reintroduce these debug lines : Thanks.
Re: multiple applications using HAproxy LB
On Die 13.10.2009 09:14, Xia Jiang wrote: Hi, Ryan Sorry, I might not have explained this clearly. What I need is explained here: http://agiletesting.blogspot.com/2009/02/load-balancing-in-amazon-ec2-with.html However, I am having problem of acl Boolean statement: how about to use this acl acl_domain1 url_sub domain1 -i acl acl_domain1 url_sub -i domain1 before pattern acl acl_domain2 url_sub domain2 -i acl acl_domain2 url_sub -i domain2 before pattern use_backend domain1_farm if acl_domain1 use_backend domain2_farm if acl_domain2 default_backend default_farm it seems that those url_sub domain* statement will never be true. If I change it to acl acl_domain1 always_true it obviously hit domain1_farm. Maybe the examples in examples/acl-content-sw.cfg in haproxy tarball will show you more possibilies ;-) Is there a way to see the value of url? I haven't seen any DEBUG defines in acl.c. I hope anybody else can answer this question. BR Aleks