Can haproxy sync configuration to another instance for configuration updates?
Hi,all I want to deploy keepalived + haproxy to supply one high availability cluster with master-slave mode. But I am anxious about whether the configuration updates made in the master node can sync to the slave. Any suggestiones will be appreciated. Looking forward to your reply. Thank you!
回复: Can haproxy sync configuration to another instance forconfiguration updates?
I got it.Thank you very much! -- 原始邮件 -- 发件人: Bryan Talbot; 发送时间: 2014年9月17日(星期三) 凌晨1:31 收件人: Zebra; 抄送: haproxy; 主题: Re: Can haproxy sync configuration to another instance forconfiguration updates? There is nothing to be anxious about because there is no support in haproxy or keepalived for synchronization of configuration files -- it's something you'll need to handle using whatever node configuration tools you wish (puppet, chef, scripts, etc). On Tue, Sep 16, 2014 at 4:24 AM, Zebra max...@unitedstack.com wrote: Hi,all I want to deploy keepalived + haproxy to supply one high availability cluster with master-slave mode. But I am anxious about whether the configuration updates made in the master node can sync to the slave. Any suggestiones will be appreciated. Looking forward to your reply. Thank you!
回复: Can I add one new server without stop the haproxy process?
I got it. Thank you very much! -- 原始邮件 -- 发件人: Juho Mäkinen; 发送时间: 2014年9月15日(星期一) 中午1:49 收件人: Zebra; 抄送: haproxy; 主题: Re: Can I add one new server without stop the haproxy process? You can't. The socket admin interface allows you to only disable existing servers and then re-enable them, but you can't add a completely new server. However you can reload haproxy so that it minimises and on some platforms eliminates dropping any existing connections. Probably your init script already does this with the reload-command. For example this blog post tells about this https://medium.com/@Drew_Stokes/actual-zero-downtime-with-haproxy-18318578fde6 but I've also hear that on modern linux kernels even the iptables syn trick isn't needed, but I can't confirm. On Mon, Sep 15, 2014 at 3:02 AM, Zebra max...@unitedstack.com wrote: Hi,all How can I add one new server without stop the haproxy process? Looking forward to your reply! Thanks, Zebra
Re: 回复: About the health check
Hi,PiBa-NL Have you tried removing that 'option tcp-check' from your configuration like i wrote before.? It should then default to a simple layer4 3way. It is indeed as what you say. Thank you for your candid reply, and I gain a lot. Greatly appreciated. Kind regards. Zebra -- Original -- From: PiBa-NLpiba.nl@gmail.com; Date: Wed, Sep 17, 2014 01:45 AM To: Zebramax...@unitedstack.com; haproxyhaproxy@formilux.org; Subject: Re: 回复: About the health check Hi Zebra, I think it stops after the 3way because your configuration is not using any send/expect values, so after the connection is made its immediately done 'checking' the layer 7 part.. Something like this would be the proper way to use tcp-check: |option tcp-check tcp-check send PING\r\n tcp-check expect +PONG tcp-check send info\ replication\r\n tcp-check expect string role:master tcp-check send QUIT\r\n tcp-check expect string +OK| Have you tried removing that 'option tcp-check' from your configuration like i wrote before.? It should then default to a simple layer4 3way. Zebra schreef op 16-9-2014 3:53: Hi, PiBa-NL Thank you for your reply . But I used tcpdump and find the check only try to make one tcp three-way handshake and even the packet for tcp ACK will not send. This is the result : root@ubuntuforhaproxy:/home# tcpdump -lnvvvXei eth0 tcp port 22 and src 192.168.10.95 or dst 192.168.10.95 tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 01:52:21.188205 fa:16:3e:29:d8:8e fa:16:3e:05:d6:dd, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 46206, offset 0, flags [DF], proto TCP (6), length 60) 192.168.10.94.60528 192.168.10.95.22: Flags [S], cksum 0x963c (incorrect - 0xa91a), seq 1728571217, win 29200, options [mss 1460,sackOK,TS val 146297647 ecr 0,nop,wscale 7], length 0 0x: 4500 003c b47e 4000 4006 f02f c0a8 0a5e E...~@.@../...^ 0x0010: c0a8 0a5f ec70 0016 6707 e751 ..._.p..g..Q 0x0020: a002 7210 963c 0204 05b4 0402 080a ..r 0x0030: 08b8 532f 0103 0307 ..S/ 01:52:21.189789 fa:16:3e:05:d6:dd fa:16:3e:29:d8:8e, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60) 192.168.10.95.22 192.168.10.94.60528: Flags [S.], cksum 0x7eeb (correct), seq 952013707, ack 1728571218, win 28960, options [mss 1460,sackOK,TS val 146298380 ecr 146297647,nop,wscale 7], length 0 0x: 4500 003c 4000 4006 a4ae c0a8 0a5f E@.@.._ 0x0010: c0a8 0a5e 0016 ec70 38be 938b 6707 e752 ...^...p8...g..R 0x0020: a012 7120 7eeb 0204 05b4 0402 080a ..q.~... 0x0030: 08b8 560c 08b8 532f 0103 0307 ..V...S/ 01:52:21.189819 fa:16:3e:29:d8:8e fa:16:3e:05:d6:dd, ethertype IPv4 (0x0800), length 54: (tos 0x0, ttl 64, id 878, offset 0, flags [DF], proto TCP (6), length 40) 192.168.10.94.60528 192.168.10.95.22: Flags [R], cksum 0xdef1 (correct), seq 1728571218, win 0, length 0 0x: 4500 0028 036e 4000 4006 a154 c0a8 0a5e E..(.n@.@..T...^ 0x0010: c0a8 0a5f ec70 0016 6707 e752 ..._.p..g..R 0x0020: 5004 def1 P... -- 原始邮 件 -- *发件人:* PiBa-NL; *发送时间:* 2014年9月16日(星期二) 上午9:31 *收件人:* Zebra; haproxy; *主题:* Re: About the health check Zebra schreef op 16-9-2014 3:08: Hi,all I configure the backend with one server and want to make the health check for it using tcp.And the configuration as below. backend httpservers option tcp-check This actually makes it perform tests on a higher layer: Perform health checks using tcp-check send/expect sequences If you remove the option tcp-check from the config it will probably do layer4. server server2 192.168.10.95:22 check inter 5s fall 1 maxconn 32000 But I find the log output below: Sep 16 01:03:34 localhost haproxy[30429]: Health check for server httpservers/server2 succeeded, reason: Layer7 check passed, code: 0, info: (tcp-check), check duration: 0ms, status: 1/1 UP. I could not understand why Layer 7 check passed for I think the tcp-check only work for Layer 4. Could you tell me more about this ? Looking forward to your reply, thanks!
About the health check
Hi,all I configure the backend with one server and want to make the health check for it using tcp.And the configuration as below. backend httpservers option tcp-check server server2 192.168.10.95:22 check inter 5s fall 1 maxconn 32000 But I find the log output below: Sep 16 01:03:34 localhost haproxy[30429]: Health check for server httpservers/server2 succeeded, reason: Layer7 check passed, code: 0, info: (tcp-check), check duration: 0ms, status: 1/1 UP. I could not understand why Layer 7 check passed for I think the tcp-check only work for Layer 4. Could you tell me more about this ? Looking forward to your reply, thanks!
About the haproxy proces/thread number
Hi,all I configure one frontend named https_proxy and one backend named httpservers. When I start the haproxy in my machine which has 2 cpus,I find the log below. Sep 16 01:03:34 localhost haproxy[30429]: Proxy https_proxy started. Sep 16 01:03:34 localhost haproxy[30429]: Proxy https_proxy started. Sep 16 01:03:34 localhost haproxy[30429]: Proxy httpservers started. Sep 16 01:03:34 localhost haproxy[30429]: Proxy httpservers started. I know it is recommended to make the nbproc 1, so is the log makes sense ?
回复: About the health check
Hi, PiBa-NL Thank you for your reply . But I used tcpdump and find the check only try to make one tcp three-way handshake and even the packet for tcp ACK will not send. This is the result : root@ubuntuforhaproxy:/home# tcpdump -lnvvvXei eth0 tcp port 22 and src 192.168.10.95 or dst 192.168.10.95 tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 01:52:21.188205 fa:16:3e:29:d8:8e fa:16:3e:05:d6:dd, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 46206, offset 0, flags [DF], proto TCP (6), length 60) 192.168.10.94.60528 192.168.10.95.22: Flags [S], cksum 0x963c (incorrect - 0xa91a), seq 1728571217, win 29200, options [mss 1460,sackOK,TS val 146297647 ecr 0,nop,wscale 7], length 0 0x: 4500 003c b47e 4000 4006 f02f c0a8 0a5e E...~@.@../...^ 0x0010: c0a8 0a5f ec70 0016 6707 e751 ..._.p..g..Q 0x0020: a002 7210 963c 0204 05b4 0402 080a ..r 0x0030: 08b8 532f 0103 0307..S/ 01:52:21.189789 fa:16:3e:05:d6:dd fa:16:3e:29:d8:8e, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60) 192.168.10.95.22 192.168.10.94.60528: Flags [S.], cksum 0x7eeb (correct), seq 952013707, ack 1728571218, win 28960, options [mss 1460,sackOK,TS val 146298380 ecr 146297647,nop,wscale 7], length 0 0x: 4500 003c 4000 4006 a4ae c0a8 0a5f E@.@.._ 0x0010: c0a8 0a5e 0016 ec70 38be 938b 6707 e752 ...^...p8...g..R 0x0020: a012 7120 7eeb 0204 05b4 0402 080a ..q.~... 0x0030: 08b8 560c 08b8 532f 0103 0307..V...S/ 01:52:21.189819 fa:16:3e:29:d8:8e fa:16:3e:05:d6:dd, ethertype IPv4 (0x0800), length 54: (tos 0x0, ttl 64, id 878, offset 0, flags [DF], proto TCP (6), length 40) 192.168.10.94.60528 192.168.10.95.22: Flags [R], cksum 0xdef1 (correct), seq 1728571218, win 0, length 0 0x: 4500 0028 036e 4000 4006 a154 c0a8 0a5e E..(.n@.@..T...^ 0x0010: c0a8 0a5f ec70 0016 6707 e752 ..._.p..g..R 0x0020: 5004 def1 P... -- 原始邮件 -- 发件人: PiBa-NL; 发送时间: 2014年9月16日(星期二) 上午9:31 收件人: Zebra; haproxy; 主题: Re: About the health check Zebra schreef op 16-9-2014 3:08: Hi,all I configure the backend with one server and want to make the health check for it using tcp.And the configuration as below. backend httpservers option tcp-check This actually makes it perform tests on a higher layer: Perform health checks using tcp-check send/expect sequences If you remove the option tcp-check from the config it will probably do layer4. server server2 192.168.10.95:22 check inter 5s fall 1 maxconn 32000 But I find the log output below: Sep 16 01:03:34 localhost haproxy[30429]: Health check for server httpservers/server2 succeeded, reason: Layer7 check passed, code: 0, info: (tcp-check), check duration: 0ms, status: 1/1 UP. I could not understand why Layer 7 check passed for I think the tcp-check only work for Layer 4. Could you tell me more about this ? Looking forward to your reply, thanks!
Re: About the ssl check
I got it! Thank you very much! -- Original -- From: PiBa-NLpiba.nl@gmail.com; Date: Tue, Sep 16, 2014 09:28 AM To: Zebramax...@unitedstack.com; haproxyhaproxy@formilux.org; Subject: Re: About the ssl check Zebra schreef op 16-9-2014 2:58: Hi,all I configure one back-end using tcp mode,and I want to ssh the server(s) behind the back-end just for testing. So I used check-ssl to enable ssl check. backend ssh_servers mode tcp server server2 192.168.10.95:22 check-ssl check inter 5s fall 1 maxconn 32000 But this always failed, that is why? Looking forward to your reply. Thanks! SSH != SSL ssh uses a protocol not compatible with a normal ssl connection. I dont think a health-check currently exists in haproxy for a ssh connection. Maybe you could configure one with option tcp-check and configure your own send/expect values.. Not sure if that could work but the manual does mention ssh there, so it might work..
Can I add one new server without stop the haproxy process?
Hi,all How can I add one new server without stop the haproxy process? Looking forward to your reply! Thanks, Zebra