Re: My roundrobin setup is not roundrobin-ing
I don’t know why I didn’t see that the two cookies were named the same. In fact, I don’t need a cookie for the sso backend since it is not load balancing. oops :) Thanx for seeing my over sight. I changed the cookie id and that fixed the problem (makes perfect sense). Everything is now working perfectly, but since you asked, here is the explanation of what I am trying to accomplish: I have haproxy in front of a set of tomcat servers. These applications look for an authentication token. If the user does not have a valid auth token, redirects them to another server for authentication. Right now, that server is running on the same box that haproxy is running on. I could modify the code so that the redirect does not go through haproxy (takes a little more cert management work — which I typically procrastinate :)). In this case, I took a shortcut and just told haproxy to use a different backend for any url that starts with “/cas” and send those requests over to this other server. That server, then redirects back to the application. The frontend is simply taking requests from stunnel. Port 80 is setup to redirect back through https (stunnel) which then forwards through port 81. I really appreciate your time. Hopefully I can return the favor sometime. LES On Oct 29, 2010, at 12:13 PM, Willy Tarreau wrote: What I don't understand is that you're having multiple backends with the same cookie name, and with colliding values. So either this is deliberate, then I find it strange that cookie value A is once for a server on port 8080 and once on port 18080. Or it's not expected at all and in this case what happens is that haproxy sticks on the cookie value when switching from one farm to the other one. In this case, you should simply have different cookie names for each backend. Maybe you should start by renaming your SSO cookie SSO_ID instead of SERVERID. Also, is it on purpose that you have a persistence cookie and only one server in the SSO backend ? Regards, Willy On Fri, Oct 29, 2010 at 11:52:57AM -0400, Les Stroud wrote: My config file is below. By way of explanation, I am using an acl to redirect urls that start with /cas to my single signon server. Everything else goes to my tomcat servers. If I run ab without using a url that goes to /cas, then everything roundrobins fine. However, my applications redirect to /cas which in turn redirects them back to the haproxy cluster once authenticated. When I go through this process, haproxy always puts the session on the first tomcat instance. Is there a way for me to debug how haproxy/my config is making decisions on which backend to use for a new session? Thanx, LES = global log 127.0.0.1 local0 info maxconn 25000 stats socket/tmp/haproxy.sock level admin defaults log global clitimeout 6 srvtimeout 30 contimeout 4000 retries 3 option redispatch option httpclose option abortonclose listen http_https_redirect *:80 mode http acl stunnel src 192.168.xxx.zzz/32 redirect prefix https://erp.barnhardt.local unless stunnel frontend tomcat *:81 mode http acl ssorequest path_beg /cas use_backend sso if ssorequest default_backend tomcat_cluster backend sso mode http balance roundrobin option forwardfor except 0.0.0.0 reqadd X-Forwarded-Proto:\ https cookie SERVERID insert indirect option httpchk HEAD /check.html HTTP/1.0 server sso 192.168.xxx.zzz:18080 cookie A check backend tomcat_cluster mode http stats uri /haproxy?stats stats enable balance roundrobin option httplog option forwardfor except 0.0.0.0 reqadd X-Forwarded-Proto:\ https cookie SERVERID insert indirect option httpchk HEAD /check.html HTTP/1.0 server tomcat01-instance1 192.168.xxx.xxx:8080 cookie A check port 8081 inter 2000 server tomcat01-instance2 192.168.xxx.xxx:18080 cookie B check port 18081 inter 2000 server tomcat02-instance1 192.168.xxx.yyy:8080 cookie C check port 8081 inter 2000 server tomcat02-instance2 192.168.xxx.yyy:18080 cookie D check port 18081 inter 2000 server bkup-tomcat01-instance1 192.168.xxx.xxx:8080 cookie A check port 8080 inter 2000 backup server bkup-tomcat01-instance2 192.168.xxx.xxx:18080 cookie B check port 18080 inter 2000 backup server bkup-tomcat02-instance1 192192.168.xxx.yyy168.60.157:8080 cookie C check port 8080 inter 2000 backup server bkup-tomcat02-instance2 192.168.xxx.yyy:18080 cookie D check port 18080 inter 2000 backup
Re: My roundrobin setup is not roundrobin-ing
On Fri, Oct 29, 2010 at 02:29:10PM -0400, Les Stroud wrote: I don?t know why I didn?t see that the two cookies were named the same. In fact, I don?t need a cookie for the sso backend since it is not load balancing. oops :) Thanx for seeing my over sight. I changed the cookie id and that fixed the problem (makes perfect sense). Cool, thanks for the update Les. Cheers, Willy
Re: VM benchmarks
On Oct 28, 2010, at 5:38 PM, Cyril Bonté wrote: I reproduced nearly the same environment as you described and could not reproduce this latency (only 1 nginx instance in my case). First, I want to say thank you for your tests! I learned a lot from seeing what you did. The VirtualBox server I was using before is in another building. I've asked many times but still don't know much about how it is set up. I just know that if I ask for a new VM for development, the guy will set one up for me. So to come closer to the tests you did, I installed VirtualBox at home. Also, I added option http-server-close to haproxy.cfg because this is closer to what it would be in my desired environment. (And I also realize my first test didn't need two backends because without this option, it would maintain keepalive with the backend server and not switch until my keepalive expired. I feel a little silly!) My computer at home: - OS: Windows 7 Ultimate x64 CPU: Intel(R) Core(TM) i5 CPU 750 @ 2.67Ghz Memory: 4Gb DDR3-1066 VM1: -- Virtualbox 3.2.10 OS: Ubuntu 10.04 (new install) Running haproxy 1.4.8 Kernel: 2.6.32-25-server #45-Ubuntu SMP x86_64 GNU/Linux 1 CPU, 512MB RAM, VT-x Enabled Adapter Type: Intel PRO/1000 MT Desktop (82540EM) (Bridged) VM2 (same as above): -- Running nginx 0.7.65 I ran my browser from the host OS clicking the button to call ajax and my results were much like yours. Almost always 2-3ms for every HTTP 200 status response directly to nginx (no proxy). Going through haproxy gave 3-4ms very consistently. I tried connecting from my office to the computer at home, directly to nginx I got 10ms-11ms (8ms low, 14ms high). Through haproxy was exactly the same. So I think the high latency that I saw in my first VirtualBox environment (I still get the same strange results today, 150ms or so when using haproxy) is because other VMs on that computer are using lots of resources or maybe it is not configured correctly. I tried running rose...@home on my computer at home (on the host OS) to maintain very high CPU usage and ran the tests again. I got the same results as before... everything was very fast and haproxy is barely noticeable. I also tried the `ab` utility you showed me but at home I have a D-Link router and it explodes when getting 10 requests per second. This was the best result that finished without crashing from the office: `ab -n1000 -c1 http://my public ip address at home:9091/ajax.txt` Requests per second:8.48 [#/sec] (mean) Time per request: 117.906 [ms] (mean) I will try to make a network as close to what we have in production right now and keep testing. Thank you very much for showing me how you did your tests! What other tools like ab should I try? I see JMeter a lot in google, and one person mentioned httperf. -a
RE: VM benchmarks
Hi Ariel, If u want i can do some tests on Intel modular server with empty vtrak storage on vmware virtualization platform. Met een vriendelijke groet, Mike Hoffs
Re: rpms for rhel5?
Hi Angelo, Will you build the 1.4.9 version for x86_64 and i386 would also be great ! thanks 2010/10/25 Angelo Höngens a.hong...@netmatch.nl On 25-10-2010 10:54, Pasi Kärkkäinen wrote: You might want to add: --define 'dist .el5' to your rpmbuild command :) Thanks, that looks better :) http://files.netmatch.nl/RPMS/haproxy-1.4.8-1.el5.x86_64.rpm This building stuff is all quite new to me ;) -- With kind regards, Angelo Höngens systems administrator MCSE on Windows 2003 MCSE on Windows 2000 MS Small Business Specialist -- NetMatch tourism internet software solutions Ringbaan Oost 2b 5013 CA Tilburg +31 (0)13 5811088 +31 (0)13 5821239 a.hong...@netmatch.nl www.netmatch.nl -- -- Guillaume Bourque, B.Sc., consultant, infrastructures technologiques libres Logisoft Technologies inc. http://www.logisoftech.com 514 576-7638, http://ca.linkedin.com/in/GuillaumeBourque/fr