Apologies, I had a copy/paste error in the "disable server" command I provided at the end. The actual command I'm using is this:
echo "disable server nodes/web01" | sudo socat stdio /run/haproxy/admin.sock On Thu, Jul 17, 2014 at 8:49 AM, Abe Voelker <a...@abevoelker.com> wrote: > My use case is that I have a non-backwards compatible database migration > to run, so there is a brief period of time where I do not want any requests > to be serviced by frontends. So I would like HAProxy to temporarily queue > all traffic while the database migration runs, buffering it until I bring > the frontend back up. I found an interesting article[1] that explains how > to do this that I am trying to replicate for my own purposes. > > Basically the article explains dynamically setting maxconn to 0 while the > migration runs, then setting it back to the original value when done. This > works perfectly when I test it with curl or with a browser that doesn't > have a pre-existing session with the frontend server. But when I do have a > pre-existing session, I am still let in to the frontend with maxconn 0. > And if I disable the frontend server, then I see an HTTP 503 error with > "No server is available to handle this request". > > So basically I'm wondering if there is a way to "expire" these > pre-existing sessions or connections or somehow force them to behave like a > new one so that they will queue up in HAProxy? > > Here is my haproxy.cfg; I installed from the Ubuntu > vbernat/haproxy-1.5 PPA and have left the global and defaults sections > unchanged, only adding the frontend/backend sections: > > global > log /dev/log local0 > log /dev/log local1 notice > chroot /var/lib/haproxy > stats socket /run/haproxy/admin.sock mode 660 level admin > stats timeout 30s > user haproxy > group haproxy > daemon > > # Default SSL material locations > ca-base /etc/ssl/certs > crt-base /etc/ssl/private > > # Default ciphers to use on SSL-enabled listening sockets. > # For more information, see ciphers(1SSL). > ssl-default-bind-ciphers > kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL > > defaults > log global > mode http > option httplog > option dontlognull > timeout connect 5000 > timeout client 50000 > timeout server 50000 > errorfile 400 /etc/haproxy/errors/400.http > errorfile 403 /etc/haproxy/errors/403.http > errorfile 408 /etc/haproxy/errors/408.http > errorfile 500 /etc/haproxy/errors/500.http > errorfile 502 /etc/haproxy/errors/502.http > errorfile 503 /etc/haproxy/errors/503.http > errorfile 504 /etc/haproxy/errors/504.http > > frontend localnodes > bind *:8081 > mode http > default_backend nodes > > backend nodes > mode http > balance roundrobin > option forwardfor > http-request set-header X-Forwarded-Port %[dst_port] > option httpchk HEAD / HTTP/1.1\r\nHost:localhost > server web01 127.0.0.1:3000 check > > These are the commands I'm running to test: > > echo "set maxconn frontend localnodes 0" | socat stdio > /run/haproxy/admin.sock > echo "disable server localnodes/web01" | socat stdio > /run/haproxy/admin.sock > echo "set maxconn frontend localnodes 100" | socat stdio > /run/haproxy/admin.sock > echo "enable server nodes/web01" | socat stdio /run/haproxy/admin.sock > > Thanks, > Abe > > [1]: > http://blog.balancedpayments.com/payments-infrastructure-suspending-traffic-zero-downtime-migrations/ >