Re: My roundrobin setup is not roundrobin-ing

2010-10-29 Thread Les Stroud 
I don’t know why I didn’t see that the two cookies were named the same.  In 
fact, I don’t need a cookie for the sso backend since it is not load balancing. 
oops :)  Thanx for seeing my over sight.   I changed the cookie id and that 
fixed the problem (makes perfect sense).

Everything is now working perfectly, but since you asked, here is the 
explanation of what I am trying to accomplish:

I have haproxy in front of a set of tomcat servers.  These applications look 
for an authentication token.  If the user does not have a valid auth token, 
redirects them to another server for authentication.  Right now, that server is 
running on the same box that haproxy is running on.  I could modify the code so 
that the redirect does not go through haproxy (takes a little more cert 
management work — which I typically procrastinate :)).  In this case, I took a 
shortcut and just told haproxy to use a different backend for any url that 
starts with “/cas” and send those requests over to this other server.  That 
server, then redirects back to the application. The frontend is simply taking 
requests from stunnel.  Port 80 is setup to redirect back through https 
(stunnel) which then forwards through port 81.

I really appreciate your time.  Hopefully I can return the favor sometime.
LES




On Oct 29, 2010, at 12:13 PM, Willy Tarreau wrote:

 What I don't understand is that you're having multiple backends
 with the same cookie name, and with colliding values. So either
 this is deliberate, then I find it strange that cookie value A
 is once for a server on port 8080 and once on port 18080. Or it's
 not expected at all and in this case what happens is that haproxy
 sticks on the cookie value when switching from one farm to the other
 one. In this case, you should simply have different cookie names for
 each backend.
 
 Maybe you should start by renaming your SSO cookie SSO_ID instead
 of SERVERID. Also, is it on purpose that you have a persistence
 cookie and only one server in the SSO backend ?
 
 Regards,
 Willy
 
 On Fri, Oct 29, 2010 at 11:52:57AM -0400, Les Stroud wrote:
 My config file is below.  By way of explanation, I am using an acl to 
 redirect urls that start with /cas to my single signon server.  Everything 
 else goes to my tomcat servers.  If I run ab without using a url that goes 
 to /cas, then everything roundrobins fine.  However, my applications 
 redirect to /cas which in turn redirects them back to the haproxy cluster 
 once authenticated.  When I go through this process, haproxy always puts 
 the session on the first tomcat instance.  Is there a way for me to debug 
 how haproxy/my config is making decisions on which backend to use for a new 
 session?
 
 Thanx,
 LES
 
 =
 global
 log 127.0.0.1 local0 info
 maxconn 25000
 stats socket/tmp/haproxy.sock level admin
 defaults
 log global
 clitimeout 6
 srvtimeout 30
 contimeout 4000
 retries 3
 option redispatch
 option httpclose
 option abortonclose
 
 listen http_https_redirect *:80
 mode http
 acl stunnel src 192.168.xxx.zzz/32
 redirect prefix https://erp.barnhardt.local unless stunnel
 
 frontend tomcat *:81
 mode http
 acl ssorequest path_beg /cas
 use_backend sso if ssorequest
 default_backend tomcat_cluster
 
 backend sso 
 mode http
 balance roundrobin
 option forwardfor except 0.0.0.0
 reqadd X-Forwarded-Proto:\ https
 cookie SERVERID insert indirect
 option httpchk HEAD /check.html HTTP/1.0
 server sso 192.168.xxx.zzz:18080 cookie A check
 
 backend tomcat_cluster 
 mode http
 stats  uri /haproxy?stats  
   stats enable
 balance roundrobin
 option httplog
 option forwardfor except 0.0.0.0
 reqadd X-Forwarded-Proto:\ https
 cookie SERVERID insert indirect
 option httpchk HEAD /check.html HTTP/1.0
 server tomcat01-instance1 192.168.xxx.xxx:8080 cookie A check port 8081 
 inter 2000
 server tomcat01-instance2 192.168.xxx.xxx:18080 cookie B check port 
 18081 inter 2000
 server tomcat02-instance1 192.168.xxx.yyy:8080 cookie C check port 8081 
 inter 2000
 server tomcat02-instance2 192.168.xxx.yyy:18080 cookie D check port 
 18081 inter 2000
 
 server bkup-tomcat01-instance1 192.168.xxx.xxx:8080 cookie A check port 
 8080 inter 2000 backup
   server bkup-tomcat01-instance2 192.168.xxx.xxx:18080 cookie B check 
 port 18080 inter 2000 backup
   server bkup-tomcat02-instance1 192192.168.xxx.yyy168.60.157:8080 
 cookie C check port 8080 inter 2000 backup
   server bkup-tomcat02-instance2 192.168.xxx.yyy:18080 cookie D check 
 port 18080 inter 2000 backup

Re: My roundrobin setup is not roundrobin-ing

2010-10-29 Thread Willy Tarreau 
On Fri, Oct 29, 2010 at 02:29:10PM -0400, Les Stroud wrote:
 I don?t know why I didn?t see that the two cookies were named the same.  In 
 fact, I don?t need a cookie for the sso backend since it is not load 
 balancing. oops :)  Thanx for seeing my over sight.   I changed the cookie id 
 and that fixed the problem (makes perfect sense).

Cool, thanks for the update Les.

Cheers,
Willy

Re: VM benchmarks

2010-10-29 Thread Ariel 
On Oct 28, 2010, at 5:38 PM, Cyril Bonté wrote:
 I reproduced nearly the same environment as you described and could not 
 reproduce this latency (only 1 nginx instance in my case).

First, I want to say thank you for your tests!  I learned a lot from seeing 
what you did.

The VirtualBox server I was using before is in another building.  I've asked 
many times but still don't know much about how it is set up.  I just know that 
if I ask for a new VM for development, the guy will set one up for me.  So to 
come closer to the tests you did, I installed VirtualBox at home.  Also, I  
added option  http-server-close to haproxy.cfg because this is closer to what 
it would be in my desired environment.  (And I also realize my first test 
didn't need two backends because without this option, it would maintain 
keepalive with the backend server and not switch until my keepalive expired.  I 
feel a little silly!)

My computer at home:
-
OS: Windows 7 Ultimate x64
CPU: Intel(R) Core(TM) i5 CPU 750 @ 2.67Ghz
Memory: 4Gb DDR3-1066

VM1:
--
Virtualbox 3.2.10
OS: Ubuntu 10.04 (new install)
Running haproxy 1.4.8
Kernel: 2.6.32-25-server #45-Ubuntu SMP x86_64 GNU/Linux
1 CPU, 512MB RAM, VT-x Enabled
Adapter Type: Intel PRO/1000 MT Desktop (82540EM)
(Bridged)

VM2 (same as above):
--
Running nginx 0.7.65

I ran my browser from the host OS clicking the button to call ajax and my 
results were much like yours.  Almost always 2-3ms for every HTTP 200 status 
response directly to nginx (no proxy).  Going through haproxy gave 3-4ms very 
consistently.

I tried connecting from my office to the computer at home, directly to nginx I 
got 10ms-11ms (8ms low, 14ms high).  Through haproxy was exactly the same.

So I think the high latency that I saw in my first VirtualBox environment (I 
still get the same strange results today, 150ms or so when using haproxy) is 
because other VMs on that computer are using lots of resources or maybe it is 
not configured correctly.  I tried running rose...@home on my computer at home 
(on the host OS) to maintain very high CPU usage and ran the tests again.  I 
got the same results as before... everything was very fast and haproxy is 
barely noticeable.

I also tried the `ab` utility you showed me but at home I have a D-Link router 
and it explodes when getting 10 requests per second.
This was the best result that finished without crashing from the office:
`ab -n1000 -c1 http://my public ip address at home:9091/ajax.txt`
Requests per second:8.48 [#/sec] (mean)
Time per request:   117.906 [ms] (mean)

I will try to make a network as close to what we have in production right now 
and keep testing.  Thank you very much for showing me how you did your tests!  
What other tools like ab should I try?  I see JMeter a lot in google, and one 
person mentioned httperf.

-a

RE: VM benchmarks

2010-10-29 Thread Mike Hoffs 
Hi Ariel,

If u want i can do some tests on Intel modular server with empty vtrak storage 
on vmware virtualization platform.


Met een vriendelijke groet,   


Mike Hoffs

Re: rpms for rhel5?

2010-10-29 Thread Guillaume Bourque 
Hi Angelo,

Will you build the 1.4.9 version for x86_64 and i386 would also be great !

thanks

2010/10/25 Angelo Höngens a.hong...@netmatch.nl

 On 25-10-2010 10:54, Pasi Kärkkäinen wrote:
  You might want to add: --define 'dist .el5'
  to your rpmbuild command :)

 Thanks, that looks better :)

 http://files.netmatch.nl/RPMS/haproxy-1.4.8-1.el5.x86_64.rpm

 This building stuff is all quite new to me ;)


 --


 With kind regards,


 Angelo Höngens
 systems administrator

 MCSE on Windows 2003
 MCSE on Windows 2000
 MS Small Business Specialist
 --
 NetMatch
 tourism internet software solutions

 Ringbaan Oost 2b
 5013 CA Tilburg
 +31 (0)13 5811088
 +31 (0)13 5821239

 a.hong...@netmatch.nl
 www.netmatch.nl
 --






-- 
Guillaume Bourque, B.Sc.,
consultant, infrastructures technologiques libres
Logisoft Technologies inc.  http://www.logisoftech.com
514 576-7638,  http://ca.linkedin.com/in/GuillaumeBourque/fr