On Wed, Oct 14, 2020 at 03:35:30PM +0200, Tim Düsterhus wrote: > I believe I already said it somewhere: The most valuable thing about > monitor-uri is that it does not create entries within the access log. I > don't think that can be replicated with http-request return as of now, > but I am happy to learn otherwise. I recently had to implement some health-of-HAProxy work, and went with lua-services since HAProxy 1.8 didn't have 'http-request return', but the other parts of the solution are still relevant.
'http-request set-log-level silent if ...' was the key to NOT logging the health-checks of HAProxy. The Lua service used in the below is fairly trivial, but it's in Lua rather than errorfiles or something else, as we had some dynamic data built into it, and that worked will with existing code. Rest of what I had built: ==== # Fill these in with something meaningful for your use-case: acl haproxy_maint ... # map or dynamic-acl acl haproxy_drain ... # map or dynamic-acl acl haproxy_drain stopping eq 1 acl health_permitted_src src ... # what IPs are allowed to health-check # All of the paths: acl health_ANY path -m beg /haproxy-health/ # Usual check point: acl health_check path -m str /haproxy-health/check # Special cases if you want to force an output: acl health_force_up path -m str /haproxy-health/force-up acl health_force_ready path -m str /haproxy-health/force-ready acl health_force_down path -m str /haproxy-health/force-down acl health_force_drain path -m str /haproxy-health/force-drain acl health_force_maint path -m str /haproxy-health/force-maint # Deny unauthorized access to healthcheck # This will be logged! http-request set-log-level warning if health_ANY !health_permitted_src http-request deny if health_ANY !health_permitted_src # Make normal access to healthcheck silent, so it does not spam logs http-request set-log-level silent if health_ANY health_permitted_src # Forced states # all implicit health_permitted_src in these: http-request use-service lua.health_up if health_force_up http-request use-service lua.health_ready if health_force_ready http-request use-service lua.health_down if health_force_down http-request use-service lua.health_drain if health_force_drain http-request use-service lua.health_maint if health_force_maint # Actual check: # all implicit health_permitted_src in these: # 1. If the sysadmin created a maint flag, return that http-request use-service lua.health_maint if health_check haproxy_maint # 2. If HAProxy is stopping, return a DRAIN state http-request use-service lua.health_drain if health_check haproxy_drain # 3. If the backend is up, return up http-request use-service lua.health_up if health_check # 4. If the backend is down, return down http-request use-service lua.health_down if !health_check ==== -- Robin Hugh Johnson E-Mail : robb...@orbis-terrarum.net Home Page : http://www.orbis-terrarum.net/?l=people.robbat2 GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
signature.asc
Description: PGP signature