Re: Couchsurfing hiring Senior Linux DevOps for incredible social travel community

[Jonathan Matthews]

I think you might have a mail-merge problem, Anthony.
But thanks for making this all public ... ;-)

On 27 March 2013 22:12, Anthony Mansfield
 wrote:
> Vikram:
>
> I came across your profile and saw your depth in System Engineering &
> High-Availability Systems as well as experience with Python.  Our user base
> has more than doubled in the last year and we now have 6MM users.  We have a
> new user every 5 seconds and are sending over 100MM peer-to-peer emails a
> month.  Also, We have completely rebuilt our web platform in Ruby on Rails
> and have green field architecture.
>
> I'd love to chat more about what we are doing, and how you might be able to
> contribute.
>
> Some news about us:  CouchSurfing received a Series B investment of $15M by
> Benchmark and Menlo Ventures, adding Matt Cohler (5th employee at Facebook;
> 1st VP of Product)  to our board who will be working closely with us on
> product strategy. We are looking to build out our iOS and Android mobile
> teams, which are currently only 3 engineers and will quadruple in size soon.
> We have a ton of architecture and new location-based and P2P features to
> add, and will soon develop for a number of tablets.  Our web platform team
> is a dozen mid-senior level engineers and will be developing a slew of new
> analytics, performance and search improvements.  We're located in lower
> Potrero Hill in SF near Caltrain and have some quite unusual perks.
>
> regards,
> Anthony
>
> --
> Anthony Mansfield -  Technical Recruiter - couchsurfing.com
> anthony.mansfi...@couchsurfing.com



-- 
Jonathan Matthews // Oxford, London, UK
http://www.jpluscplusm.com/contact.html

Couchsurfing hiring Senior Linux DevOps for incredible social travel community

[Anthony Mansfield]

Vikram:

I came across your profile and saw your depth in System Engineering &
High-Availability Systems as well as experience with Python.  Our user base
has more than doubled in the last year and we now have 6MM users.  We have
a new user every 5 seconds and are sending over 100MM peer-to-peer emails a
month.  Also, We have completely rebuilt our web platform in Ruby on Rails
and have green field architecture.

I'd love to chat more about what we are doing, and how you might be able to
contribute.

Some news about us:  CouchSurfing received a Series B investment of $15M by
Benchmark and Menlo Ventures, adding Matt Cohler (5th employee at Facebook;
1st VP of Product)  to our board who will be working closely with us on
product strategy. We are looking to build out our iOS and Android mobile
teams, which are currently only 3 engineers and will quadruple in size
soon. We have a ton of architecture and new location-based and P2P features
to add, and will soon develop for a number of tablets.  Our web platform
team is a dozen mid-senior level engineers and will be developing a slew of
new analytics, performance and search improvements.  We're located in lower
Potrero Hill in SF near Caltrain and have some quite unusual perks.

regards,
Anthony

-- 
Anthony Mansfield -  Technical Recruiter -
couchsurfing.com
anthony.mansfi...@couchsurfing.com 

Re: help on http post use_backend when dst port is 8080

[Jonathan Matthews]

On 27 March 2013 10:39, qyf128  wrote:
[snip]
> But when a packet
> is method POST with dst port 8080, it does not forward to 127.0.0.1:4800,
> does any one know why?
[snip]
> frontend f_tcp
>   bind :5800
[snip]
>   acl is_port_80 dst_port 80
>   acl is_port_8080 dst_port 8080

I don't understand how you hope to see traffic aimed at ports 80 or
8080 on a frontend bound to port 5800.

If you believe this /should/ work, I suggest you've misunderstood
HAProxy's role somehow, and should reread the fine documentation.

Jonathan

PS Please avoid sending HTML email to the list
-- 
Jonathan Matthews // Oxford, London, UK
http://www.jpluscplusm.com/contact.html

help on http post use_backend when dst port is 8080

[qyf128]

Hi, All


Can anyone help me about haproxy use_backend doesn't work if dst port is 8080, 
protocol is POST when using 'if HTTP'.


The problem is that I want to balance my gateway http traffic to one program 
(which can proxy traffic, listen on 127.0.0.1:4800). And I write my haproxy.cfg 
as follow:



frontend f_tcp   
  bind :5900
  mode  tcp  
  maxconn  4096 
  
  tcp-request inspect-delay   3s
  tcp-request content accept if HTTP
  
  use_backend b_http if HTTP
  default_backendb_tcp


backend b_tcp   
  modetcp  
  fullconn4096
  option  transparent 
 
backend b_http  
  modehttp 
  log global   
  option  accept-invalid-http-response 
 
   fullconn4096 
   server  s1 127.0.0.1:4800   
##


when the packet came to haproxy with dst port 80, all the packet are forward to 
127.0.0.1:4800, including method POST with dst port 80. But when a packet is 
method POST with dst port 8080, it does not forward to 127.0.0.1:4800, does any 
one know why?


Later on, I decide to use acl for packet dst port matching, an change of 
frontend is as follow, with backend not modify:

frontend f_tcp   
  bind :5800
  mode  tcp  
  maxconn  4096 
  
  acl is_port_80 dst_port 80  
  acl is_port_8080 dst_port 8080  
  use_backend b_http if is_port_80 is_port_8080
  default_backend b_tcp 


backend b_tcp  
.



But it won't work completely, even the packet with dst port 80 are not send to 
127.0.0.1:4800. 


Can any one help me? Thanks in advance

RE: IPv6 vrrp and bind transparent

[Lukas Tribus]

What kernel are you running? You need at least 2.6.37 to do this
with non-local IPv6 binds.




> Date: Wed, 27 Mar 2013 08:35:18 +0100
> From: kolm...@zid.tuwien.ac.at
> To: haproxy@formilux.org
> Subject: IPv6 vrrp and bind transparent
>
> Hi,
>
> I am new to the list. Please excuse if this has been discussed before,
> but I didn't find it in the archives.
>
> I have 2 linux boxes sharing ipv4 addressess for high available LDAP
> Access to our AD infrastructure with keepalived and then forwarding the
> requests to our 3 AD Servers.
>
> With ipv4 it works without issues:
>
> listen dc-intern-ldap
> bind 128.130.30.20:389 transparent
> mode tcp
> option tcplog
> log global
> balance leastconn
> server dc01 128.130.30.21:389 maxconn 5000 check
> server dc02 128.130.30.22:389 maxconn 5000 check
> server dc03 128.130.30.23:389 maxconn 5000 check
>
> if 128.130.30.20 is not assiged on the secondary node, nothing fails.
> when keepalived switches over, everything works as expected.
>
> with 1.5-dev13 I read the ipv6 transparent works now as well:
>
> listen dc-intern-ldap-v6
> bind 2001:629:1005:30::20:389 transparent
> mode tcp
> option tcplog
> log global
> balance leastconn
> server dc01 2001:629:1005:30::21:389 maxconn 5000 check
> server dc02 2001:629:1005:30::22:389 maxconn 5000 check
> server dc03 2001:629:1005:30::23:389 maxconn 5000 check
>
> Sadly, this fails on the secondary server, since 2001:629:1005:30::20 is
> not currently active:
> Starting haproxy: haproxy[ALERT] 085/083351 (31506) : Starting proxy
> dc-intern-ldap-v6: cannot bind socket [2001:629:1005:30::20:389] failed!
>
> Have I don't something wrong? I would like to also provide IPv6 access
> to our LDAP infrastructure (and www later on as well).
>
> thanks
> Philipp
>
  

Re: IPv6 vrrp and bind transparent

[Emeric BRUN]

 
 
original message-
De: "Philipp Kolmann" kolm...@zid.tuwien.ac.at
A: haproxy@formilux.org
Date: Wed, 27 Mar 2013 08:35:18 +0100
-
 
 
> Hi,
> 
> I am new to the list. Please excuse if this has been discussed before, 
> but I didn't find it in the archives.
> 
> I have 2 linux boxes sharing ipv4 addressess for high available LDAP 
> Access to our AD infrastructure with keepalived and then forwarding the 
> requests to our 3 AD Servers.
> 
> With ipv4 it works without issues:
> 
> listen dc-intern-ldap
> bind 128.130.30.20:389 transparent
> mode tcp
> option tcplog
> log global
> balance leastconn
> server dc01 128.130.30.21:389 maxconn 5000 check
> server dc02 128.130.30.22:389 maxconn 5000 check
> server dc03 128.130.30.23:389 maxconn 5000 check
> 
> if 128.130.30.20 is not assiged on the secondary node, nothing fails. 
> when keepalived switches over, everything works as expected.
> 
> with 1.5-dev13 I read the ipv6 transparent works now as well:
> 
> listen dc-intern-ldap-v6
> bind 2001:629:1005:30::20:389 transparent
> mode tcp
> option tcplog
> log global
> balance leastconn
> server dc01 2001:629:1005:30::21:389 maxconn 5000 check
> server dc02 2001:629:1005:30::22:389 maxconn 5000 check
> server dc03 2001:629:1005:30::23:389 maxconn 5000 check
> 
> Sadly, this fails on the secondary server, since 2001:629:1005:30::20 is 
> not currently active:
> Starting haproxy: haproxy[ALERT] 085/083351 (31506) : Starting proxy 
> dc-intern-ldap-v6: cannot bind socket [2001:629:1005:30::20:389] failed!

Your kernel or its configration (sysctl) seems to not support a none local
bind for ipv6.

> 
> Have I don't something wrong? I would like to also provide IPv6 access 
> to our LDAP infrastructure (and www later on as well).



> 
> thanks
> Philipp
> 
> 

IPv6 vrrp and bind transparent

[Philipp Kolmann]

Hi,

I am new to the list. Please excuse if this has been discussed before, 
but I didn't find it in the archives.


I have 2 linux boxes sharing ipv4 addressess for high available LDAP 
Access to our AD infrastructure with keepalived and then forwarding the 
requests to our 3 AD Servers.


With ipv4 it works without issues:

listen  dc-intern-ldap
bind 128.130.30.20:389 transparent
mode tcp
option  tcplog
log global
balance leastconn
server  dc01 128.130.30.21:389 maxconn 5000 check
server  dc02 128.130.30.22:389 maxconn 5000 check
server  dc03 128.130.30.23:389 maxconn 5000 check

if 128.130.30.20 is not assiged on the secondary node, nothing fails. 
when keepalived switches over, everything works as expected.


with 1.5-dev13 I read the ipv6 transparent works now as well:

listen  dc-intern-ldap-v6
bind 2001:629:1005:30::20:389 transparent
mode tcp
option  tcplog
log global
balance leastconn
server  dc01 2001:629:1005:30::21:389 maxconn 5000 check
server  dc02 2001:629:1005:30::22:389 maxconn 5000 check
server  dc03 2001:629:1005:30::23:389 maxconn 5000 check

Sadly, this fails on the secondary server, since 2001:629:1005:30::20 is 
not currently active:
Starting haproxy: haproxy[ALERT] 085/083351 (31506) : Starting proxy 
dc-intern-ldap-v6: cannot bind socket [2001:629:1005:30::20:389] failed!


Have I don't something wrong? I would like to also provide IPv6 access 
to our LDAP infrastructure (and www later on as well).


thanks
Philipp