Re: Automate backend registration
Jens, Many people have a script that builds a working configuration file from various bits and pieces. As the actual needed configuration typically isn't something which follows a common path but depends on the environment and the actual applications and a thousand other bits, there isn't a standard here. But it really isn't hard to throw together a small shell/perl/python whatever script which concatenates the final config file from various pieces or uses some templating language of your chosen language. An script we use is https://github.com/finnlabs/haproxy. It consists of a python script which assembles the config file from a certain directory structure. This script is then called before a start/reload of the haproxy in the init script. So basically, you need to create your script for generating your Haproxy configuration, hook it into your init script and then, as a post-install in your RPMs put the configuration in place for your configuration-file-creating-script and reload Haproxy. To enable/disable previously registered backend components, you might be able to use the socket, but that usage is rather limited and mainly intended for maintenance, not for actual configuration changes. Hope that helps and sorry if that was a bit recursive :) Holger On 2011-08-03 22:52, Jens Bräuer wrote: > Hi Baptiste, > > sorry for my wording. But you are right, with "registration" I mean > - add ACL > - add use_backend > - add backend section > so to sum it up "make haproxy aware of a new application". > > There might be cases there I want to "only" add a server to existing backend, > but that would be the second/third step. > The use-case is that I have HA-Proxy running and do a "yum/apt-get install" > and the RPM should come with everything to integrate with HA-Proxy. I am sure > that there must be some tool out there.. ;-) > > Cheers, > Jens > > > On 03.08.2011, at 20:24, Baptiste wrote: >> Hi Jens, >> >> What do you mean by "registration"? >> Is that "make haproxy aware of the freshly deployed application" ? >> >> cheers >> >> On Wed, Aug 3, 2011 at 5:46 PM, Jens Bräuer >> wrote: >>> Hi HA-Proxy guys, >>> >>> I wonder whats the current state of the art to automate the registration of >>> backend. My setup runs in on EC2 and I run HA-Proxy in front of local >>> applications to easy administration. So a typical config file would be like >>> this. >>> >>> frontend http >>>bind *:8080 >>>acl is-auth path_beg /auth >>>acl is-core path_beg /core >>>use_backend authif is-auth >>>use_backend coreif is-core >>> >>> backend auth >>>server auth-1 localhost:7778 check >>> >>> backend core >>>server core-1 localhost:1 check >>> >>> All applications are installed via RPMs and I would like couple the >>> installation with the backend registration. I like to do this as want to >>> configure everything in one place (the RPM) and the number of installed >>> applications may vary from host to host. >>> >>> I'd really appreciate hint where I can find tools or whats the current >>> state to handle this kind of task. >>> >>> Cheers, >>> Jens >>> >>> >>> > >
Re: Automate backend registration
Hi Baptiste, sorry for my wording. But you are right, with "registration" I mean - add ACL - add use_backend - add backend section so to sum it up "make haproxy aware of a new application". There might be cases there I want to "only" add a server to existing backend, but that would be the second/third step. The use-case is that I have HA-Proxy running and do a "yum/apt-get install" and the RPM should come with everything to integrate with HA-Proxy. I am sure that there must be some tool out there.. ;-) Cheers, Jens On 03.08.2011, at 20:24, Baptiste wrote: > Hi Jens, > > What do you mean by "registration"? > Is that "make haproxy aware of the freshly deployed application" ? > > cheers > > On Wed, Aug 3, 2011 at 5:46 PM, Jens Bräuer > wrote: >> Hi HA-Proxy guys, >> >> I wonder whats the current state of the art to automate the registration of >> backend. My setup runs in on EC2 and I run HA-Proxy in front of local >> applications to easy administration. So a typical config file would be like >> this. >> >> frontend http >>bind *:8080 >>acl is-auth path_beg /auth >>acl is-core path_beg /core >>use_backend authif is-auth >>use_backend coreif is-core >> >> backend auth >>server auth-1 localhost:7778 check >> >> backend core >>server core-1 localhost:1 check >> >> All applications are installed via RPMs and I would like couple the >> installation with the backend registration. I like to do this as want to >> configure everything in one place (the RPM) and the number of installed >> applications may vary from host to host. >> >> I'd really appreciate hint where I can find tools or whats the current state >> to handle this kind of task. >> >> Cheers, >> Jens >> >> >>
Re: Automate backend registration
Hi Jens, What do you mean by "registration"? Is that "make haproxy aware of the freshly deployed application" ? cheers On Wed, Aug 3, 2011 at 5:46 PM, Jens Bräuer wrote: > Hi HA-Proxy guys, > > I wonder whats the current state of the art to automate the registration of > backend. My setup runs in on EC2 and I run HA-Proxy in front of local > applications to easy administration. So a typical config file would be like > this. > > frontend http > bind *:8080 > acl is-auth path_beg /auth > acl is-core path_beg /core > use_backend auth if is-auth > use_backend core if is-core > > backend auth > server auth-1 localhost:7778 check > > backend core > server core-1 localhost:1 check > > All applications are installed via RPMs and I would like couple the > installation with the backend registration. I like to do this as want to > configure everything in one place (the RPM) and the number of installed > applications may vary from host to host. > > I'd really appreciate hint where I can find tools or whats the current state > to handle this kind of task. > > Cheers, > Jens > > >
Re: Question concerning "option forwardfor" and HTTP keep-alive
On Wed, Aug 03, 2011 at 11:41:03AM -0400, Guillaume Bourque wrote: > Hi all, > > So to answer the secific question from what I have seen as soon as > you use option > http-server-close > > In the apache or any backend log you will only see the client ip on the > fiist log of a specific http request and you will have a "-" for the client > ip on the other page request in the same session. > > Is this what we sould see ? no this is the opposite. If you have no option, you will have what you describe. If you have either "option httpclose" or better, "option http-server-close", then you'll have the IP for every request. > So my question now ;-) > > How do we get the client IP if we want to used the "option > http-server-close" ? see above ;-) Willy
Automate backend registration
Hi HA-Proxy guys, I wonder whats the current state of the art to automate the registration of backend. My setup runs in on EC2 and I run HA-Proxy in front of local applications to easy administration. So a typical config file would be like this. frontend http bind *:8080 acl is-auth path_beg /auth acl is-core path_beg /core use_backend authif is-auth use_backend coreif is-core backend auth server auth-1 localhost:7778 check backend core server core-1 localhost:1 check All applications are installed via RPMs and I would like couple the installation with the backend registration. I like to do this as want to configure everything in one place (the RPM) and the number of installed applications may vary from host to host. I'd really appreciate hint where I can find tools or whats the current state to handle this kind of task. Cheers, Jens
Re: Question concerning "option forwardfor" and HTTP keep-alive
Hi all, So to answer the secific question from what I have seen as soon as you use option http-server-close In the apache or any backend log you will only see the client ip on the fiist log of a specific http request and you will have a "-" for the client ip on the other page request in the same session. Is this what we sould see ? So my question now ;-) How do we get the client IP if we want to used the "option http-server-close" ? Thanks 2011/8/3 Willy Tarreau > Hi Holger, > > On Wed, Aug 03, 2011 at 02:55:15PM +0200, Holger Just wrote: > > Graeme, > > > > On 2011-08-03 14:41, Graeme Donaldson wrote: > > > So to get to my actual question, with 1.4.8, can I remove "option > > > httpclose", keep "option forwardfor" and still see the X-Forwarded-For > > > header added to each request made? Or does HAproxy still only analyze > > > the first request when client-side HTTP keep-alive is being used? > > > > The default in HAproxy still uses the tunnel mode, i.e. it analyzes only > > the very first headers in a TCP connection. This mode is used if you > > don't specify anything. > > > > The second mode is "option httpclose" which will instruct both the > > server and the client to close their connections directly after the > > first request of that TCP connection. It works the same as in 1.3. > > > > Haproxy 1.4 introduced a new mode with "option http-server-close". It > > still closed the connection to the server but maintains keep-alive > > towards the client if possible and used. On most setups, you probably > > want to use that as it helps with latency on the single high-latency > > part of your connection (between Haproxy and the client). > > > > There are a couple of additional options like "http-pretend-keepalive" > > or "forceclose" which help to beat unfriendly or non-conforming > > components into submission. These options are thus not needed most of > > the time. > > > > Details about all the options can be found in the documentation at > > http://haproxy.1wt.eu/download/1.4/doc/configuration.txt > > I'd like to congratulate you for this well detailed explanation, > you summed it up perfectly ! > > Willy > > > -- Guillaume Bourque, B.Sc., consultant, infrastructures technologiques libres 514 576-7638, http://ca.linkedin.com/in/GuillaumeBourque/fr
Re: Question concerning "option forwardfor" and HTTP keep-alive
Hi Holger, On Wed, Aug 03, 2011 at 02:55:15PM +0200, Holger Just wrote: > Graeme, > > On 2011-08-03 14:41, Graeme Donaldson wrote: > > So to get to my actual question, with 1.4.8, can I remove "option > > httpclose", keep "option forwardfor" and still see the X-Forwarded-For > > header added to each request made? Or does HAproxy still only analyze > > the first request when client-side HTTP keep-alive is being used? > > The default in HAproxy still uses the tunnel mode, i.e. it analyzes only > the very first headers in a TCP connection. This mode is used if you > don't specify anything. > > The second mode is "option httpclose" which will instruct both the > server and the client to close their connections directly after the > first request of that TCP connection. It works the same as in 1.3. > > Haproxy 1.4 introduced a new mode with "option http-server-close". It > still closed the connection to the server but maintains keep-alive > towards the client if possible and used. On most setups, you probably > want to use that as it helps with latency on the single high-latency > part of your connection (between Haproxy and the client). > > There are a couple of additional options like "http-pretend-keepalive" > or "forceclose" which help to beat unfriendly or non-conforming > components into submission. These options are thus not needed most of > the time. > > Details about all the options can be found in the documentation at > http://haproxy.1wt.eu/download/1.4/doc/configuration.txt I'd like to congratulate you for this well detailed explanation, you summed it up perfectly ! Willy
Re: Question concerning "option forwardfor" and HTTP keep-alive
Graeme, On 2011-08-03 14:41, Graeme Donaldson wrote: > So to get to my actual question, with 1.4.8, can I remove "option > httpclose", keep "option forwardfor" and still see the X-Forwarded-For > header added to each request made? Or does HAproxy still only analyze > the first request when client-side HTTP keep-alive is being used? The default in HAproxy still uses the tunnel mode, i.e. it analyzes only the very first headers in a TCP connection. This mode is used if you don't specify anything. The second mode is "option httpclose" which will instruct both the server and the client to close their connections directly after the first request of that TCP connection. It works the same as in 1.3. Haproxy 1.4 introduced a new mode with "option http-server-close". It still closed the connection to the server but maintains keep-alive towards the client if possible and used. On most setups, you probably want to use that as it helps with latency on the single high-latency part of your connection (between Haproxy and the client). There are a couple of additional options like "http-pretend-keepalive" or "forceclose" which help to beat unfriendly or non-conforming components into submission. These options are thus not needed most of the time. Details about all the options can be found in the documentation at http://haproxy.1wt.eu/download/1.4/doc/configuration.txt --Holger
Question concerning "option forwardfor" and HTTP keep-alive
Hi I've been looking at decreasing page load times, and as part of this I'm revisiting a decision that was made when we started using HAproxy back in the 1.3.x era. At the time, HAproxy had no support for HTTP keep-alive, and we needed to use "option forwardfor". As a result, we added "option httpclose", as suggested by the following paragraph: It is important to note that as long as HAProxy does not support keep-alive connections, only the first request of a connection will receive the header. For this reason, it is important to ensure that "option httpclose" is set when using this option. We are currently using 1.4.8, which has (as far as I understand) support for client-side HTTP keep-alive, yet the paragraph about using "option httpclose" with "option forwardfor" is untouched in the 1.4 documentation. So to get to my actual question, with 1.4.8, can I remove "option httpclose", keep "option forwardfor" and still see the X-Forwarded-For header added to each request made? Or does HAproxy still only analyze the first request when client-side HTTP keep-alive is being used? Graeme
代收境外货款,提供进口单证a
※办理各类出口单证:普惠证(FA)、一般原产地证(CO)及其他各种产地证,证明书,各大使馆加签,香港加签、熏蒸消毒证,出口许可证等。f金融财务:为没有进出口权,没有收汇额度的外贸公司代理境外收汇,结汇,调配额度等,提供进口整套单证。1 联系人 : 谢先生电话 :0755-25104800传真 :0755-25108286手机 :13922855969Q Q : 25421189