squid between haproxy and backend server

2017-06-11 Thread Vivek Malik 
Hi,

I am using haproxy for path based routing and am trying to forward
traffic to another datacenter under certain conditions. However, the
traffic must go via explicit proxy server (squid). The traffic is
getting forwarded to an https endpoint in AWS fronted by ELB.

Is there a way to define "via proxy" in backend configuration? I did
configuration search, mailing list archive search and google search
but couldn't come up with anything.

Or is there any software which can forward traffic via squid to
another endpoint. (I checked stunnel but didn't find such feature)

Thanks for guiding me with ideas or pointers.

Regards,
Vivek

Re: MySQL layer7 balancing

2017-06-11 Thread Luis Daniel Lucio Quiroz 
Thanks to everyone

Le 11 juin 2017 1:13 PM, "Andrew Smalley"  a
écrit :

> HI Louis
>
> You asked about loadbalancing MySQL.
>
> What we suggest is two separate VIP's in TCP Mode on port 3306
>
> One will be your Write VIP and the other will be your Read VIP
>
> Below is an example configuration with a ReadWriteMaster Server along with
> read and write only servers in each VIP - You may not want a real server
> with ReadWriteMaster but I have included this as an example as I wanted my
> master server to be both read and write and the replication master. You may
> not opt for a multimaster but here is a link to set that up
>
> https://dev.mysql.com/doc/refman/5.7/en/mysql-cluster-
> replication-multi-master.html
>
> Its worth noting the option "option mysql-check user checkuser post-41"
> which will attempt to connect to MySQL real servers with user "checkuser"
>
>
> Now your application will connect to 192.168.0.99 for writes and
> 192.168.0.100 for reads. I hope this all makes sense
>
> listen MySQL_Write
> bind 192.168.0.99:3306 transparent
> mode tcp
> balance leastconn
> stick on src
> stick-table type ip size 10240k expire 30m peers loadbalancer_replication
> server backup 127.0.0.1:9081 backup  non-stick
> option mysql-check user checkuser post-41
> option redispatch
> option abortonclose
> maxconn 4
> email-alert mailers email_mailer
> server ReadWriteMaster 192.168.0.50  weight 100  check  inter 4000  rise 
> 2  fall 2  minconn 0  maxconn 0  on-marked-down shutdown-sessions server 
> Write1 172.16.0.10  weight 100  check  inter 4000  rise 2  fall 2  minconn 0  
> maxconn 0  on-marked-down shutdown-sessions
> server Write2 172.16.0.11  weight 100  check  inter 4000  rise 2  fall 2  
> minconn 0  maxconn 0  on-marked-down shutdown-sessions
>
> listen MySQL_Read
> bind 192.168.0.100:3306 transparent
> mode tcp
> balance leastconn
> stick on src
> stick-table type ip size 10240k expire 30m peers loadbalancer_replication
> server backup 127.0.0.1:9081 backup  non-stick
> option mysql-check user checkuser post-41
> option redispatch
> option abortonclose
> maxconn 4
> email-alert mailers email_mailer
> server ReadWriteMaster 192.168.0.50  weight 100  check  inter 4000  rise 
> 2  fall 2  minconn 0  maxconn 0  on-marked-down shutdown-sessions server 
> Read1 192.168.0.12  weight 100  check  inter 4000  rise 2  fall 2  minconn 0  
> maxconn 0  on-marked-down shutdown-sessions
> server Read2 192.168.0.13  weight 100  check  inter 4000  rise 2  fall 2  
> minconn 0  maxconn 0  on-marked-down shutdown-sessions
> server Read3 192.168.0.14  weight 100  check  inter 4000  rise 2  fall 2  
> minconn 0  maxconn 0  on-marked-down shutdown-sessions
>
>
> Andrew Smalley
>
> Loadbalancer.org
> www.loadbalancer.org 
>
> 
> 
> 
> 
> 
> +1 888 867 9504 / +44 (0)330 380 1064
> asmal...@loadbalancer.org
>
> Leave a Review
>  | Deployment
> Guides
> 
> | Blog 
>
> On 11 June 2017 at 17:51, Olivier Doucet  wrote:
>
>> Hi,
>>
>>
>> 2017-06-11 17:37 GMT+02:00 Luis Daniel Lucio Quiroz <
>> luis.daniel.lu...@gmail.com>:
>>
>>> Hi
>>>
>>> I'm new on the ML but not to haproxy. After googling I don't find what
>>> I'm looking for. Maybe one of you knows it.
>>>
>>> I would like to force a specific MySQL server for writing operations
>>> first policy (aka insert,update, delete) and let use round robin policy for
>>> reading operations.
>>>
>>> Is this possible with haproxy?
>>>
>>
>> Not with HAProxy. It does not understand MySQL L7, only HTTP.
>>
>> You can take a look at ProxySQL, MaxScale or MySQL Proxy for what you
>> would like to achieve.
>> A compare chart is available here : http://www.proxysql.com/compare
>>
>> Olivier
>>
>>
>

Re: MySQL layer7 balancing

2017-06-11 Thread Andrew Smalley 
HI Louis

You asked about loadbalancing MySQL.

What we suggest is two separate VIP's in TCP Mode on port 3306

One will be your Write VIP and the other will be your Read VIP

Below is an example configuration with a ReadWriteMaster Server along with
read and write only servers in each VIP - You may not want a real server
with ReadWriteMaster but I have included this as an example as I wanted my
master server to be both read and write and the replication master. You may
not opt for a multimaster but here is a link to set that up

https://dev.mysql.com/doc/refman/5.7/en/mysql-cluster-replication-multi-master.html

Its worth noting the option "option mysql-check user checkuser post-41"
which will attempt to connect to MySQL real servers with user "checkuser"


Now your application will connect to 192.168.0.99 for writes and
192.168.0.100 for reads. I hope this all makes sense

listen MySQL_Write
bind 192.168.0.99:3306 transparent
mode tcp
balance leastconn
stick on src
stick-table type ip size 10240k expire 30m peers loadbalancer_replication
server backup 127.0.0.1:9081 backup  non-stick
option mysql-check user checkuser post-41
option redispatch
option abortonclose
maxconn 4
email-alert mailers email_mailer
server ReadWriteMaster 192.168.0.50  weight 100  check  inter 4000
 rise 2  fall 2  minconn 0  maxconn 0  on-marked-down
shutdown-sessions server Write1 172.16.0.10  weight 100  check
inter 4000  rise 2  fall 2  minconn 0  maxconn 0  on-marked-down
shutdown-sessions
server Write2 172.16.0.11  weight 100  check  inter 4000  rise 2
fall 2  minconn 0  maxconn 0  on-marked-down shutdown-sessions

listen MySQL_Read
bind 192.168.0.100:3306 transparent
mode tcp
balance leastconn
stick on src
stick-table type ip size 10240k expire 30m peers loadbalancer_replication
server backup 127.0.0.1:9081 backup  non-stick
option mysql-check user checkuser post-41
option redispatch
option abortonclose
maxconn 4
email-alert mailers email_mailer
server ReadWriteMaster 192.168.0.50  weight 100  check  inter 4000
 rise 2  fall 2  minconn 0  maxconn 0  on-marked-down
shutdown-sessions server Read1 192.168.0.12  weight 100  check
inter 4000  rise 2  fall 2  minconn 0  maxconn 0  on-marked-down
shutdown-sessions
server Read2 192.168.0.13  weight 100  check  inter 4000  rise 2
fall 2  minconn 0  maxconn 0  on-marked-down shutdown-sessions
server Read3 192.168.0.14  weight 100  check  inter 4000  rise 2
fall 2  minconn 0  maxconn 0  on-marked-down shutdown-sessions


Andrew Smalley

Loadbalancer.org
www.loadbalancer.org 






+1 888 867 9504 / +44 (0)330 380 1064
asmal...@loadbalancer.org

Leave a Review
 | Deployment
Guides

| Blog 

On 11 June 2017 at 17:51, Olivier Doucet  wrote:

> Hi,
>
>
> 2017-06-11 17:37 GMT+02:00 Luis Daniel Lucio Quiroz <
> luis.daniel.lu...@gmail.com>:
>
>> Hi
>>
>> I'm new on the ML but not to haproxy. After googling I don't find what
>> I'm looking for. Maybe one of you knows it.
>>
>> I would like to force a specific MySQL server for writing operations
>> first policy (aka insert,update, delete) and let use round robin policy for
>> reading operations.
>>
>> Is this possible with haproxy?
>>
>
> Not with HAProxy. It does not understand MySQL L7, only HTTP.
>
> You can take a look at ProxySQL, MaxScale or MySQL Proxy for what you
> would like to achieve.
> A compare chart is available here : http://www.proxysql.com/compare
>
> Olivier
>
>

Re: MySQL layer7 balancing

2017-06-11 Thread Olivier Doucet 
Hi,


2017-06-11 17:37 GMT+02:00 Luis Daniel Lucio Quiroz <
luis.daniel.lu...@gmail.com>:

> Hi
>
> I'm new on the ML but not to haproxy. After googling I don't find what I'm
> looking for. Maybe one of you knows it.
>
> I would like to force a specific MySQL server for writing operations first
> policy (aka insert,update, delete) and let use round robin policy for
> reading operations.
>
> Is this possible with haproxy?
>

Not with HAProxy. It does not understand MySQL L7, only HTTP.

You can take a look at ProxySQL, MaxScale or MySQL Proxy for what you would
like to achieve.
A compare chart is available here : http://www.proxysql.com/compare

Olivier

Re: MySQL layer7 balancing

2017-06-11 Thread Daniel 
Hi,

i say this doese not work. Normaly this has to be setup in your application 
which uses mysql.


--
Grüsse

Daniel

Von: Luis Daniel Lucio Quiroz 
Datum: Sonntag, 11. Juni 2017 um 17:37
An: "haproxy@formilux.org" 
Betreff: MySQL layer7 balancing

Hi

I'm new on the ML but not to haproxy. After googling I don't find what I'm 
looking for. Maybe one of you knows it.

I would like to force a specific MySQL server for writing operations first 
policy (aka insert,update, delete) and let use round robin policy for reading 
operations.

Is this possible with haproxy?

Re: BUG: Seg fault when reloading from saved state after config change

2017-06-11 Thread Willy Tarreau 
Hi,

On Tue, May 30, 2017 at 06:14:48PM -0700, Shelley Shostak wrote:
> BUG:
> 
> Extra spaces inserted into the haproxy.cfg file cause haproxy reload with
> saved state to seg fault haproxy.
> 
> WORKAROUND:
> 
> Remove the existing state file OR remove save state from config.
> 
> REPRODUCE:
> 
>   - Enable save state across reloads
>   - Reload and save state file
>   - Insert extra space before "weight".
>   - Attempt to reload or validate the new config and haproxy will segv.

There's certainly something else but I have no idea what. The config is
tokenized around spaces so the parser doesn't even know that there are
spaces. This makes me think that the issue could in fact be related to
the position of certain words on the "server" lines, possibly while
comparing with the state file, but even then it looks very strange.

Could you provide a minimal configuration which exhibits the issue for
you ? I've run some tests here but failed to provoke it, so very likely
some other parts of your configuration have an impact to trigger this.

Thanks,
Willy

Re: haproxy 1.7.5 segfault on cookie/header parsing.

2017-06-11 Thread Willy Tarreau 
Hi Jean,

I finally found it by carefully unrolling the execution based on your core.
It's a regression introduced in 1.7 while fixing a problem of missing cookies
in logs when doing a tarpit... I could finally reproduce it and fix it with
the attached patch.

Thanks a lot for all the details you provided!

Willy
>From 6a0bca9e7862984b0edf8fc1e1edc54295a7a5e2 Mon Sep 17 00:00:00 2001
From: Willy Tarreau 
Date: Sun, 11 Jun 2017 17:56:27 +0200
Subject: BUG/MAJOR: http: call manage_client_side_cookies() before erasing
 the buffer

Jean Lubatti reported a crash on haproxy using a config involving cookies
and tarpit rules. It just happens that since 1.7-dev3 with commit 83a2c3d
("BUG/MINOR : allow to log cookie for tarpit and denied request"), function
manage_client_side_cookies() was called after erasing the request buffer in
case of a tarpit action. The problem is that this function must absolutely
not be called with an empty buffer since it moves parts of it. A typical
reproducer consists in sending :

"GET / HTTP/1.1\r\nCookie: S=1\r\n\r\n"

On such a config :

listen crash
bind :8001
mode http
reqitarpit .
cookie S insert indirect
server s1 127.0.0.1:8000 cookie 1

The fix simply consists in moving the call to the function before the call
to buffer_erase().

Many thanks to Jean for testing instrumented code and providing a usable
core.

This fix must be backported to all stable versions since the fix introducing
this bug was backported as well.
---
 src/proto_http.c | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/proto_http.c b/src/proto_http.c
index 357401f..a72f302 100644
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -4462,6 +4462,11 @@ int http_process_req_common(struct stream *s, struct 
channel *req, int an_bit, s
return 1;
 
  tarpit:
+   /* Allow cookie logging
+*/
+   if (s->be->cookie_name || sess->fe->capture_name)
+   manage_client_side_cookies(s, req);
+
/* When a connection is tarpitted, we use the tarpit timeout,
 * which may be the same as the connect timeout if unspecified.
 * If unset, then set it to zero because we really want it to
@@ -4474,11 +4479,6 @@ int http_process_req_common(struct stream *s, struct 
channel *req, int an_bit, s
 */
channel_dont_connect(req);
 
-   /* Allow cookie logging
-*/
-   if (s->be->cookie_name || sess->fe->capture_name)
-   manage_client_side_cookies(s, req);
-
txn->status = http_err_codes[deny_status];
 
req->analysers &= AN_REQ_FLT_END; /* remove switching rules etc... */
-- 
1.7.12.1

MySQL layer7 balancing

2017-06-11 Thread Luis Daniel Lucio Quiroz 
Hi

I'm new on the ML but not to haproxy. After googling I don't find what I'm
looking for. Maybe one of you knows it.

I would like to force a specific MySQL server for writing operations first
policy (aka insert,update, delete) and let use round robin policy for
reading operations.

Is this possible with haproxy?