weights
we are using haproxy (1.4)to distribute traffic to 30 of our db nodes. we are facing an issue with weights. sample configs = defaults mode tcp retries2 option redispatch maxconn256000 timeoutconnect 10s timeoutclient10s timeoutserver10s log global option dontlognull listen newone :4000 mode tcp balance leastconn option mysql-check user abcd serverx.x.x.3:3306 weight 125 check inter 3s rise 2 fall 2 server y.com x.x.x.4:3306 weight 12 check inter 3s rise 2 fall 2 server y.com x.x.x.4:3306 weight 12 check inter 3s rise 2 fall 2 = issue is we are getting only 150qps on server x.com even with weight 125. but on y.com we are getting 500qps with a weight of 12 , but mentioned twice. can you explain why it is so? -- = Vijeesh K The temptation to quit will be greatest just before you are about to succeed
Re: weights
Hi, this may be due to your load-balancing algorithm and the speed of your servers. leastconn applies to currently established connections, not to number of connections established per second. could you enable haproxy stats page and share us (or to me directly) a screenshot of it? You could give a try to 'balance roundrobin' and see what happens. Baptiste On Fri, Feb 28, 2014 at 9:41 AM, vijeesh vijayan vijeeshk.vija...@gmail.com wrote: we are using haproxy (1.4)to distribute traffic to 30 of our db nodes. we are facing an issue with weights. sample configs = defaults mode tcp retries2 option redispatch maxconn256000 timeoutconnect 10s timeoutclient10s timeoutserver10s log global option dontlognull listen newone :4000 mode tcp balance leastconn option mysql-check user abcd serverx.x.x.3:3306 weight 125 check inter 3s rise 2 fall 2 server y.com x.x.x.4:3306 weight 12 check inter 3s rise 2 fall 2 server y.com x.x.x.4:3306 weight 12 check inter 3s rise 2 fall 2 = issue is we are getting only 150qps on server x.com even with weight 125. but on y.com we are getting 500qps with a weight of 12 , but mentioned twice. can you explain why it is so? -- = Vijeesh K The temptation to quit will be greatest just before you are about to succeed
Re: Haproxy
Hi, You can also move the mouse on the number itself. A tooltip will be printed with some details. Baptiste On Thu, Feb 27, 2014 at 8:26 PM, Lukas Tribus luky...@hotmail.com wrote: Hi. Hello,I have installed haproxy 1.4.23 on Cnetos 6.3 .And I can see the haproxy stats through WEB,but I don't the meaning of 'Resp'(in the following picture).What does it means? Its the eresp column in the csv output and means response errors on the server side. It also includes srv_abrt (number of data transfers aborted by the server). If you look at the csv output, you can check if the errors are coming from srv_abrt or not. 141,138,209,1971 is the meaning of there are 141,138,209,1971 response error on each server ? Or it means there are 141,138,209,1971 response error on each server since the haproxy service started ? In simple,the value means how many response errors per second,or it's a aggregate value? Its the amount of errors per server since haproxy was started. Regards, Lukas
Re: Haproxy 1.4 url redirection issue
It may not fix the issue. But at least the configuration will do what you expect from it... That said, the issue may be in the application too :) It is commonly seen that applications don't behave properly when SSL offloading is enabled in front of them. Baptiste On Thu, Feb 27, 2014 at 4:16 PM, Amol mandm_z...@yahoo.com wrote: Thanks Baptiste, let me give that a try On Thursday, February 27, 2014 9:37 AM, Baptiste bed...@gmail.com wrote: Hi Amol, There are a few improvement you can do. First update your frontend acl to: acl host_xx hdr(host) -i xx.com then in your backend, this ACL should never match: acl login_page url_beg /xyz replace url_beg by path_beg. Your problem is not there as well. I think your application server is sending hardcoded data or Location headers. analyzing the body of the pages and HAProxy logs may help here. Baptiste On Tue, Feb 25, 2014 at 4:56 PM, Amol mandm_z...@yahoo.com wrote: Hi i am using HA-Proxy version 1.4.12 and i have an issue trying to redirect my website to http requirement : when a user types in http://website_name.com he should not be redirected to https://website_name.com currently it does that and some of the video links on our main page do not work (basically vimeo has http links while our page is https so it throws a security exception) at the same time we need users with http://website_name.com/xyz to be redirected to https://website_name.com/xyz (this helps users login to secure application) so under my current configurations i cannot get the first part to work, basically (www.website_name.com works and stays http but when i type http://website_name.com it does a redirection to https) frontend http-in bind xx.xx.xx.xx:80 name http bind 10.xx.xx.xx:8000 name https # forwared by stunnel acl host_xx hdr_beg(host) -i xx.com use_backend xx-http if host_xx default_backend xx-https backend xx-http balance roundrobin cookie BALANCEID insert indirect nocache option http-server-close option httpchk OPTIONS /check.txt HTTP/1.1\r\nHost:\ www server xx-app1 xx.xx.xx.xx:80 cookie A check server xx-app6 xx.xx.xx.xx:80 cookie B check backup acl secure dst_port eq 8000 acl login_page url_beg /xyz redirect prefix https://xx.com if login_page !secure backend xx-https mode http balance roundrobin cookie BALANCEID insert indirect nocache option http-server-close # option forwardfor except 127.0.0.1 option httpchk OPTIONS /check.txt HTTP/1.1\r\nHost:\ www server xx-app1 xx.xx.xx.xx:80 cookie s1 weight 1 maxconn 5000 check server xx-app6 xx.xx.xx.xx:80 cookie s2 weight 1 maxconn 5000 check backup any suggestions?
Re: HAproxy native SSL production release plans
Hi Phil, Let say soon :) Sooner that ever! We've never been so close to 1.5 It is a question of a very few weeks. At haproxy Tech (haproxy.com) we use it in our appliances for a long time, it is stable enough. Baptiste On Wed, Feb 26, 2014 at 5:58 AM, Phil Ayres phil.ay...@repse.com wrote: I'm looking to release a new set of servers in the next month out so, and I'm wondering if there are plans to release HAproxy with SSL support in a production supported version any time soon? I see there have been several updates to the current dev line since SSL was released, so I'm keeping my fingers crossed. I understand you can't commit to anything, but a quick idea of a release timeframe would be great. Many thanks, Phil
Re: inspecting incoming tcp content
Hi, and where is your problem exactly? Baptiste On Tue, Feb 25, 2014 at 7:39 AM, anup katariya anup.katar...@gmail.com wrote: Hi, I wanted to inspect incoming tcp request. I wanted to something like below payload(0, 100) match with string like 49=ABC. Thanks, Anup
reqrep with a match/backref into Host: header?
Hi, current functional setup: frontend f acl ssfc_dev hdr(host) -m str dev.example.com acl ssfc_img hdr(host) -m str img.example.com [..] reqrep ^GET[\ \t]*/(.*) GET\ /dev.example.com/\1 if ssfc_dev reqrep ^GET[\ \t]*/(.*) GET\ /img.example.com/\1 if ssfc_img the backend webserver treats that accordingly. So far so good.. but given that this list will grow over time, it'll be a bit of a pain to manage this. Is there any way to make that happen by dynamic matches instead of a 1:1 acl/reqrep pairing? Generating such a config isnt that much of a problem, but it lacks elegancy in my eyes ;-) TIA
Re: 1.5-dev22 crash with kernel messages, 1.4.18 is fine
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, On 28.02.2014 01:33, Federico Iezzi wrote: Guys we fix these problems using a kernel = 3.8 With Ubuntu 12.04.4 we are using Kernel 3.8 and 3.11 from Canonical official repository with out any issue. With 3.5 and stock 3.2 we had a lot trouble. I can confirm that 3.4.80+ is running fine even with grsec. Regards, Federico Il giorno 27/feb/2014, alle ore 13:01, Sander Klein roe...@roedie.nl ha scritto: Hi, I can confirm that using grsec kernel with haproxy can sometimes be a bit tricky. For instance, 3.2.54 with grsec crashes with me after ~8 hours while 3.2.55 and 3.2.52 with grsec do not. Kernels with grsec just need more testing because their stability can vary. Greets, Sander On 27.02.2014 11:29, Cedric Maion wrote: I agree that it does indeed look like a kernel issue (in the intel eth driver?), however 1.5 is doing something new that triggers this. Any idea of a significant 1.4 - 1.5 change that can affect what is happening in the kernel? This kernel is indeed not the stock Ubuntu kernel, but the default one provided by the hosting company (OVH in that case)... I would really like not having to recompile the kernel and play too much with the production environment (sadly this issue never popped in my dev lab environments). So any haproxy related idea would be very welcome...! On Thu, Feb 27, 2014 at 11:06:38AM +0100, Lukas Tribus wrote: Hi, Just upgraded a production node from 1.4.18 to 1.5-dev22. Ran fine for a couple of minutes then crashed with the following kernel messages: WARNING: at mm/page_alloc.c:2107 __alloc_pages_nodemask+0x1fd/0x790() Hardware name: X9SRE/X9SRE-3F/X9SRi/X9SRi-3F Pid: 23190, comm: haproxy Not tainted 3.2.13-grsec--grs-ipv6-64 #1 Call Trace: [810f1ded] ? __alloc_pages_nodemask+0x1fd/0x790 [81089f3b] warn_slowpath_common+0x7b/0xc0 [81089f95] warn_slowpath_null+0x15/0x20 [810f1ded] __alloc_pages_nodemask+0x1fd/0x790 Thats definitely a kernel issue. Are you building your own kernel? That doesn't look like the default Ubuntu kernel. I would suggest to upgrade your kernel to 3.2.55 (of course use an updated grsec patch as well). If that doesn't fix the issue, try vanilla 3.2.55 (no grsec). If the issue persists, report it upstream (either to lkml/netdev or grsec, depending whether the vanilla 3.2.55 has the issue or not). Regards, Lukas -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTEJa1AAoJEOH/xsXYK8GtvyoQAJXsMyEVXbQWOaa+53MvmA1C aNs4TruU/Qj3kUZweczH+E/61MWknY7otcOWXHNvrLJkdx2FiLbUSQw6RwnpYcpZ l6qHBwwx029Al9MNn6uAcTbrAKghx/vgfjYxbtsmExMMbM/el/07GEp/jOMsi5zp 1pkSY9MjbqqlexjTmwKXxkPbp/kIROLRD9CNznCTO8L6j3OYES/b+k7nkXcNWZ6P OnSswuGvcMNAQtNyzybel1I0nKn7wHfJsApaDlF5IkYXfBc2zotlAvYL1e54uYGx CqZKpKBcNylzSpC/jFoOSn3ypL2CgJ3OttVeHDLSRPWIUkhrVSGgO2Kl43EhATA2 4mC/RRxOEthmtetsHP9RNU0Pe/igpy/D32o8pOG6E8NyiED9Z7ZfriOIHavoIsbo FnQ8Lc/BgLYVrsRnbsYFBcv9ODI2D39ROu1Glqrf1jl/t1IkuWKtZQEuKDoQjaVd khHk4lqpabO/4u13T78n6EoI0DRuUDst+eIsAOiG/5vTnZERGORyGzeXb6JI1V7G xf6m5f92syA4dqSa7mmtjFxlTa5QaaQqup/kwEL1hjoB5vJyrVP81OCA9xGHnMFG 7OoEl3I1M1L5OJ8msIyA1uehMpbF7O/c8Snr5JY6AZ/X3c8L/vQHUTmlilf+QCmu s54PVuLFtQlciQ87U7IR =vU8c -END PGP SIGNATURE-
Re: reqrep with a match/backref into Host: header?
Hi Philipp, You can't do this in current HAProxy. That said, it may happen soon, since the you can already use some header values in the http-request rules: IE: http-request redirect code 301 location www.%[hdr(host)]%[req.uri] unless { hdr_beg(host) -i www } Note: I tried to use this syntax with reqirep and it does not work ;) Baptiste On Fri, Feb 28, 2014 at 12:35 PM, Philipp e1c1bac6253dc54a1e89ddc046585...@posteo.net wrote: Hi, current functional setup: frontend f acl ssfc_dev hdr(host) -m str dev.example.com acl ssfc_img hdr(host) -m str img.example.com [..] reqrep ^GET[\ \t]*/(.*) GET\ /dev.example.com/\1 if ssfc_dev reqrep ^GET[\ \t]*/(.*) GET\ /img.example.com/\1 if ssfc_img the backend webserver treats that accordingly. So far so good.. but given that this list will grow over time, it'll be a bit of a pain to manage this. Is there any way to make that happen by dynamic matches instead of a 1:1 acl/reqrep pairing? Generating such a config isnt that much of a problem, but it lacks elegancy in my eyes ;-) TIA
[no subject]
unsubscribe
Re: Haproxy 1.4 url redirection issue
could it also be due to the apache settings on the application server where i have setenv HTTPS on ? here is a snippet from my apache2 default.conf file VirtualHost *:80 ServerAdmin webmaster@localhost DocumentRoot /var/www Directory / Options FollowSymLinks AllowOverride All /Directory Directory /var/www/ setenv HTTPS on Options FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all /Directory On Friday, February 28, 2014 4:55 AM, Baptiste bed...@gmail.com wrote: It may not fix the issue. But at least the configuration will do what you expect from it... That said, the issue may be in the application too :) It is commonly seen that applications don't behave properly when SSL offloading is enabled in front of them. Baptiste On Thu, Feb 27, 2014 at 4:16 PM, Amol mandm_z...@yahoo.com wrote: Thanks Baptiste, let me give that a try On Thursday, February 27, 2014 9:37 AM, Baptiste bed...@gmail.com wrote: Hi Amol, There are a few improvement you can do. First update your frontend acl to: acl host_xx hdr(host) -i xx.com then in your backend, this ACL should never match: acl login_page url_beg /xyz replace url_beg by path_beg. Your problem is not there as well. I think your application server is sending hardcoded data or Location headers. analyzing the body of the pages and HAProxy logs may help here. Baptiste On Tue, Feb 25, 2014 at 4:56 PM, Amol mandm_z...@yahoo.com wrote: Hi i am using HA-Proxy version 1.4.12 and i have an issue trying to redirect my website to http requirement : when a user types in http://website_name.com he should not be redirected to https://website_name.com currently it does that and some of the video links on our main page do not work (basically vimeo has http links while our page is https so it throws a security exception) at the same time we need users with http://website_name.com/xyz to be redirected to https://website_name.com/xyz (this helps users login to secure application) so under my current configurations i cannot get the first part to work, basically (www.website_name.com works and stays http but when i type http://website_name.com it does a redirection to https) frontend http-in bind xx.xx.xx.xx:80 name http bind 10.xx.xx.xx:8000 name https # forwared by stunnel acl host_xx hdr_beg(host) -i xx.com use_backend xx-http if host_xx default_backend xx-https backend xx-http balance roundrobin cookie BALANCEID insert indirect nocache option http-server-close option httpchk OPTIONS /check.txt HTTP/1.1\r\nHost:\ www server xx-app1 xx.xx.xx.xx:80 cookie A check server xx-app6 xx.xx.xx.xx:80 cookie B check backup acl secure dst_port eq 8000 acl login_page url_beg /xyz redirect prefix https://xx.com if login_page !secure backend xx-https mode http balance roundrobin cookie BALANCEID insert indirect nocache option http-server-close # option forwardfor except 127.0.0.1 option httpchk OPTIONS /check.txt HTTP/1.1\r\nHost:\ www server xx-app1 xx.xx.xx.xx:80 cookie s1 weight 1 maxconn 5000 check server xx-app6 xx.xx.xx.xx:80 cookie s2 weight 1 maxconn 5000 check backup any suggestions?
Re: Haproxy 1.4 url redirection issue
well the application behind haproxy in this case is wordpress on apache2.2, any settings there? On Friday, February 28, 2014 4:57 AM, Baptiste bed...@gmail.com wrote: It may not fix the issue. But at least the configuration will do what you expect from it... That said, the issue may be in the application too :) It is commonly seen that applications don't behave properly when SSL offloading is enabled in front of them. Baptiste On Thu, Feb 27, 2014 at 4:16 PM, Amol mandm_z...@yahoo.com wrote: Thanks Baptiste, let me give that a try On Thursday, February 27, 2014 9:37 AM, Baptiste bed...@gmail.com wrote: Hi Amol, There are a few improvement you can do. First update your frontend acl to: acl host_xx hdr(host) -i xx.com then in your backend, this ACL should never match: acl login_page url_beg /xyz replace url_beg by path_beg. Your problem is not there as well. I think your application server is sending hardcoded data or Location headers. analyzing the body of the pages and HAProxy logs may help here. Baptiste On Tue, Feb 25, 2014 at 4:56 PM, Amol mandm_z...@yahoo.com wrote: Hi i am using HA-Proxy version 1.4.12 and i have an issue trying to redirect my website to http requirement : when a user types in http://website_name.com he should not be redirected to https://website_name.com currently it does that and some of the video links on our main page do not work (basically vimeo has http links while our page is https so it throws a security exception) at the same time we need users with http://website_name.com/xyz to be redirected to https://website_name.com/xyz (this helps users login to secure application) so under my current configurations i cannot get the first part to work, basically (www.website_name.com works and stays http but when i type http://website_name.com it does a redirection to https) frontend http-in bind xx.xx.xx.xx:80 name http bind 10.xx.xx.xx:8000 name https # forwared by stunnel acl host_xx hdr_beg(host) -i xx.com use_backend xx-http if host_xx default_backend xx-https backend xx-http balance roundrobin cookie BALANCEID insert indirect nocache option http-server-close option httpchk OPTIONS /check.txt HTTP/1.1\r\nHost:\ www server xx-app1 xx.xx.xx.xx:80 cookie A check server xx-app6 xx.xx.xx.xx:80 cookie B check backup acl secure dst_port eq 8000 acl login_page url_beg /xyz redirect prefix https://xx.com if login_page !secure backend xx-https mode http balance roundrobin cookie BALANCEID insert indirect nocache option http-server-close # option forwardfor except 127.0.0.1 option httpchk OPTIONS /check.txt HTTP/1.1\r\nHost:\ www server xx-app1 xx.xx.xx.xx:80 cookie s1 weight 1 maxconn 5000 check server xx-app6 xx.xx.xx.xx:80 cookie s2 weight 1 maxconn 5000 check backup any suggestions?
AW: Keeping statistics after a reload
Hi all, the list is normally really responsive. In this case nobody gave an answer. So, I don't know whether my question was such a stupid one that nobody wanted to answer. So, I bring it up again in the hope someone is answering: Is there a way to reload the configuration without loosing current statistics? Or is this conceptually not possible? Best regards Andreas Mock -Ursprüngliche Nachricht- Von: Andreas Mock [mailto:andreas.m...@drumedar.de] Gesendet: Montag, 24. Februar 2014 16:36 An: haproxy@formilux.org Betreff: Keeping statistics after a reload Hi all, is there a way to reload a haproxy config without resetting the statistics shown on the stats page? I used haproxy -p /var/run/haproxy.pid -sf $(cat /var/run/haproxy.pid) to make such a reload. But after that all statistics are reset. Best regards Andreas Mock
Re: AW: Keeping statistics after a reload
Hi Andreas, Its not like your question was wrong, but probably there is no good/satisfying short answer to this, and it was overrun by other mails... As far as i know it is not possible to keep this kind information persisted in haproxy itself when a config restart is needed. The -sf only makes sure old connections will nicely be closed when they are 'done'. I have 'heard' of statistics gathering tools that use the haproxy unix stats socket to query the stats and store the information in a separate database that way you could get continued statistics after the config is changed.. I don't have any examples on how to do this or have a name of such a tool in mind though.. Though googling for haproxy monitoring quickly shows some commercial tools that have haproxy plugins and probably would provide answers to the questions you have. Maybe others on the list do use programs/scripts/tools to also keep historical/cumulative data for haproxy and can share their experience with it? Greets PiBa-NL Andreas Mock schreef op 28-2-2014 16:33: Hi all, the list is normally really responsive. In this case nobody gave an answer. So, I don't know whether my question was such a stupid one that nobody wanted to answer. So, I bring it up again in the hope someone is answering: Is there a way to reload the configuration without loosing current statistics? Or is this conceptually not possible? Best regards Andreas Mock -Ursprüngliche Nachricht- Von: Andreas Mock [mailto:andreas.m...@drumedar.de] Gesendet: Montag, 24. Februar 2014 16:36 An: haproxy@formilux.org Betreff: Keeping statistics after a reload Hi all, is there a way to reload a haproxy config without resetting the statistics shown on the stats page? I used haproxy -p /var/run/haproxy.pid -sf $(cat /var/run/haproxy.pid) to make such a reload. But after that all statistics are reset. Best regards Andreas Mock
Re: FW: SSL OCSP Stapling
Firefox will most likely move to OCSP stapling only in the next 3 to 6 months. Classic OCSP is too slow, and too error prone. We've been working with Riverbed to deploy OCSP Stapling on Stingray (formally Zeus) load balancer. They have a solid implementation that can be used as a reference. I'd love to see OCSP Stapling in HAProxy, because that's a big performance win, but I don't know how hard it would be to implement. However, I know a few people in the Firefox security team who would be happy to help with design QA (myself included). Here's a sample OCSP response from one of our site: $ openssl s_client -connect monitor.mozillalabs.com:443 -status CONNECTED(0003) depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA verify return:1 depth=1 C = US, O = GeoTrust, Inc., CN = GeoTrust SSL CA verify return:1 depth=0 serialNumber = 8DZwltU1cw7OP-08XVgEwK/bh8Icw4zX, C = US, ST = California, L = Mountain View, O = Mozilla Corporation, OU = Mozilla Labs, CN = *.mozillalabs.com verify return:1 OCSP response: == OCSP Response Data: OCSP Response Status: successful (0x0) Response Type: Basic OCSP Response Version: 1 (0x0) Responder Id: C = US, O = GeoTrust, Inc., CN = GeoTrust SSL OCSP-TGV Responder Produced At: Feb 22 10:39:04 2014 GMT Responses: Certificate ID: Hash Algorithm: sha1 Issuer Name Hash: 3F9B7E858F6044D7D54161744EEB6CEB808629D2 Issuer Key Hash: 4279541B61CD552B3E63D53C4857F59FFB45CE4A Serial Number: 02567C Cert Status: good This Update: Feb 22 10:39:04 2014 GMT Next Update: Mar 1 10:39:04 2014 GMT Signature Algorithm: sha1WithRSAEncryption 24:f6:68:ec:e9:f5:17:f9:4e:b6:f5:eb:92:4e:16:94:3e:38: 5b:69:c8:24:85:28:71:0f:06:2d:03:a2:15:89:87:ca:e9:fb: 91:9b:ca:9a:ca:b8:2f:f3:dc:a1:d3:e5:3c:53:ec:c7:5b:ac: ad:17:c0:0c:00:a1:8f:b6:85:b3:6d:a7:f2:f0:94:4f:e3:44: a2:01:59:f6:43:22:a5:f7:22:2d:dd:5e:ec:0f:9f:94:57:31: 13:f3:f8:eb:62:42:89:12:93:59:83:b4:91:cb:4d:a3:b4:6e: 04:09:13:89:0f:e2:b8:07:14:0c:49:d3:14:08:41:8c:01:49: a9:69:56:33:c7:d1:38:ba:2d:98:f8:82:79:98:a6:be:b5:77: 90:2d:ca:53:41:7a:c1:14:69:42:99:cc:44:a2:3f:91:b9:c9: f9:ef:59:27:15:cf:82:c4:2f:da:e5:b2:94:fa:e6:e6:33:bf: 73:97:8d:79:c6:25:54:93:22:ec:ad:2d:0e:43:6f:c3:e3:dc: 8f:4e:2e:96:3f:9c:c3:fe:1b:db:d0:9f:f3:61:cc:6d:93:a8: 70:93:6f:a7:d6:57:f3:3a:2b:5f:fb:03:01:cc:c3:14:62:04: b4:d6:35:bb:18:60:13:fc:cd:af:c4:34:8e:52:85:d6:1c:ca: 57:9f:b9:bb Certificate: Data: Version: 3 (0x2) Serial Number: 148819 (0x24553) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=GeoTrust, Inc., CN=GeoTrust SSL CA Validity Not Before: May 28 17:35:51 2013 GMT Not After : May 27 17:35:51 2014 GMT Subject: C=US, O=GeoTrust, Inc., CN=GeoTrust SSL OCSP-TGV Responder Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:b2:c0:91:c8:08:2b:a5:d8:17:2b:28:d3:bc:ef: b7:2b:8d:ba:00:7e:40:e9:47:7c:30:81:9a:d3:3e: 0d:0f:70:a8:a8:ea:2e:2c:c9:69:6c:e4:1c:bd:cc: b5:84:98:e6:f0:ae:01:2b:c1:75:96:00:83:96:70: a4:43:3f:3c:06:fb:06:c1:d5:28:1f:1e:53:62:87: 26:2d:a1:96:c8:50:6d:17:ca:bc:fb:22:2c:ef:9b: 36:12:37:a0:ca:2a:12:03:12:52:eb:f7:fc:b6:88: ee:d4:24:25:8b:98:80:0b:42:a1:01:c9:ec:a3:9c: 7b:d1:d1:63:10:43:86:db:a4:8b:0e:8e:d3:52:55: 55:9d:b2:e5:19:d5:0a:c2:23:52:51:6c:86:17:79: c8:b2:39:99:d5:e3:70:40:f7:30:d2:27:ed:c6:7f: 82:95:8b:3e:d1:08:f1:4c:75:2c:3e:f4:9b:96:d5: 85:7d:c5:02:2f:21:a9:63:83:27:75:bd:e2:e3:28: da:ae:a4:c0:6d:39:2e:92:3b:7a:b3:35:81:2d:37: 89:e4:6c:6d:53:2a:e0:63:b6:22:70:67:dd:6d:07: 93:48:50:62:06:4d:bb:47:0d:b2:b9:4b:6a:bd:1c: 28:b2:b0:a7:46:6b:f8:d7:74:a1:5d:2c:6b:41:95: dc:75 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Authority Key Identifier: keyid:42:79:54:1B:61:CD:55:2B:3E:63:D5:3C:48:57:F5:9F:FB:45:CE:4A OCSP No Check: X509v3 Extended Key Usage: OCSP Signing X509v3 Key Usage: critical Digital Signature X509v3 Subject Alternative Name: DirName:/CN=2048-TGV-333 Signature Algorithm: sha1WithRSAEncryption 30:0c:30:4e:a2:e8:8d:68:88:f9:93:41:6c:3e:4b:19:ef:42: 23:72:fe:64:81:21:ad:5c:1a:51:62:f7:9a:2c:f8:ad:85:b5: 49:c3:ad:0f:b8:70:41:fd:1d:db:18:68:9c:8f:64:4e:f1:18:
Re: AW: Keeping statistics after a reload
I have seen feature requests in the past that when haproxy reloads, to pull the health status of the servers so that haproxy knows their state without having to health check them. Willy has said he liked the idea (http://marc.info/?l=haproxym=139064677914723). If this gets implemented, it would probably be a minor detail to not only dump the up/down state, but all stats. -Patrick *From: *PiBa-NL piba.nl@gmail.com *Sent: * 2014-02-28 11:15:19 E *To: *Andreas Mock andreas.m...@drumedar.de, haproxy@formilux.org haproxy@formilux.org *Subject: *Re: AW: Keeping statistics after a reload Hi Andreas, Its not like your question was wrong, but probably there is no good/satisfying short answer to this, and it was overrun by other mails... As far as i know it is not possible to keep this kind information persisted in haproxy itself when a config restart is needed. The -sf only makes sure old connections will nicely be closed when they are 'done'. I have 'heard' of statistics gathering tools that use the haproxy unix stats socket to query the stats and store the information in a separate database that way you could get continued statistics after the config is changed.. I don't have any examples on how to do this or have a name of such a tool in mind though.. Though googling for haproxy monitoring quickly shows some commercial tools that have haproxy plugins and probably would provide answers to the questions you have. Maybe others on the list do use programs/scripts/tools to also keep historical/cumulative data for haproxy and can share their experience with it? Greets PiBa-NL Andreas Mock schreef op 28-2-2014 16:33: Hi all, the list is normally really responsive. In this case nobody gave an answer. So, I don't know whether my question was such a stupid one that nobody wanted to answer. So, I bring it up again in the hope someone is answering: Is there a way to reload the configuration without loosing current statistics? Or is this conceptually not possible? Best regards Andreas Mock -Ursprüngliche Nachricht- Von: Andreas Mock [mailto:andreas.m...@drumedar.de] Gesendet: Montag, 24. Februar 2014 16:36 An: haproxy@formilux.org Betreff: Keeping statistics after a reload Hi all, is there a way to reload a haproxy config without resetting the statistics shown on the stats page? I used haproxy -p /var/run/haproxy.pid -sf $(cat /var/run/haproxy.pid) to make such a reload. But after that all statistics are reset. Best regards Andreas Mock
AW: AW: Keeping statistics after a reload
Thank you both for answering. Have a nice weekend Andreas Mock Von: Patrick Hemmer [mailto:hapr...@stormcloud9.net] Gesendet: Freitag, 28. Februar 2014 17:24 An: haproxy@formilux.org Betreff: Re: AW: Keeping statistics after a reload I have seen feature requests in the past that when haproxy reloads, to pull the health status of the servers so that haproxy knows their state without having to health check them. Willy has said he liked the idea (http://marc.info/?l=haproxym=139064677914723). If this gets implemented, it would probably be a minor detail to not only dump the up/down state, but all stats. -Patrick From: PiBa-NL piba.nl@gmail.commailto:piba.nl@gmail.com Sent: 2014-02-28 11:15:19 E To: Andreas Mock andreas.m...@drumedar.demailto:andreas.m...@drumedar.de, haproxy@formilux.orgmailto:haproxy@formilux.org haproxy@formilux.orgmailto:haproxy@formilux.org Subject: Re: AW: Keeping statistics after a reload Hi Andreas, Its not like your question was wrong, but probably there is no good/satisfying short answer to this, and it was overrun by other mails... As far as i know it is not possible to keep this kind information persisted in haproxy itself when a config restart is needed. The -sf only makes sure old connections will nicely be closed when they are 'done'. I have 'heard' of statistics gathering tools that use the haproxy unix stats socket to query the stats and store the information in a separate database that way you could get continued statistics after the config is changed.. I don't have any examples on how to do this or have a name of such a tool in mind though.. Though googling for haproxy monitoring quickly shows some commercial tools that have haproxy plugins and probably would provide answers to the questions you have. Maybe others on the list do use programs/scripts/tools to also keep historical/cumulative data for haproxy and can share their experience with it? Greets PiBa-NL Andreas Mock schreef op 28-2-2014 16:33: Hi all, the list is normally really responsive. In this case nobody gave an answer. So, I don't know whether my question was such a stupid one that nobody wanted to answer. So, I bring it up again in the hope someone is answering: Is there a way to reload the configuration without loosing current statistics? Or is this conceptually not possible? Best regards Andreas Mock -Ursprüngliche Nachricht- Von: Andreas Mock [mailto:andreas.m...@drumedar.de] Gesendet: Montag, 24. Februar 2014 16:36 An: haproxy@formilux.orgmailto:haproxy@formilux.org Betreff: Keeping statistics after a reload Hi all, is there a way to reload a haproxy config without resetting the statistics shown on the stats page? I used haproxy -p /var/run/haproxy.pid -sf $(cat /var/run/haproxy.pid) to make such a reload. But after that all statistics are reset. Best regards Andreas Mock
Bytes In Per Second
Hello, Guys ! I would like to know if there is a possibility to add a conter for the number of packets/requests/streams per second like we do with bytes per second for in/out to haproxy ! If so it would be very cool ! Fred
Goodbye from our Newsletter
Goodbye from our Newsletter, sorry to see you go. You have been unsubscribed from our newsletters. This is the last email you will receive from us. Our newsletter system, phpList, will refuse to send you any further messages, without manual intervention by our administrator. If there is an error in this information, you can re-subscribe: please go to http://tuinforme.com.ar/lists/?p=subscribe and follow the steps. Thank you