Hi all,
Le Samedi 16 Janvier 2010 23:58:25, Willy Tarreau a écrit :
> Hi Hervé,
>
> On Sat, Jan 16, 2010 at 11:34:38PM +0100, Herve COMMOWICK wrote:
> > Hi Cyril,
> >
> > You forgot the log-error option that much sysadmin use for correct debugging
> > without pollution, but i don't think it logs incorrect logging (if i
> > remember well).
Actually, the "log-error" file contains mysql start/stop messages and critical
errors (engines integrity errors, server/thread crashes, ...) but
authentication is not logged in it.
> > The Authentication packet is mandatory for preventing blocking, but i don't
> > know if the check of the response is really interesting.
> > My first thought was it can detect integrity error on the "mysql" database,
> > but i hope MySQL can detect this kind of error in another way and display
> > errors in the Handshake initialization packet.
Yes, your thought is very interesting, but it can be a hard task to check all
the cases internally in haproxy.
> > On the other side, it can
> > detect server load, but i also think it can be detected in another way
> > because it is not so reliable.
Exactly, for example server load can vary from user to user, depending on
MAX_CONNECTIONS_PER_HOUR, MAX_USER_CONNECTIONS, ...
which can make the test easily unreliable.
> >
> > By the way, Willy, do what you think better. ;-)
>
> I don't know mysql and don't even have one for testing. But experience
> shows that for a default test to be widely used, it must be easy to
> set up, not have side effects, and if possible not cause undesired
> logging. For instance, I'm pretty sure that most users would prefer
> a lighter check which does not require setting up a user than a deeper
> one which requires a user. However, if providing the user brings a far
> better test coverage, it can be nice to have it as an option. That way
> users decide how to check their servers.
Hervé's patch is near the lightest check haproxy can do, the "haproxy" user can
be provided in the authentication request (or not) and I'd prefer the response
to be ignored as it can have side effect on the backend server stability (going
up and down depending on the number of packets received), this happened to me
during all my tests. Maybe the documentation can be updated to make the
"haproxy" insert optional, and needed only for users who don't want to see the
"Aborted_connects" counter increase due to health-checks.
Then, for more complex checks, haproxy's external check (using a different
port) is a great feature.
It was previously possible to write http health-checks but now the patch also
allows mysql protocol health-checks, by sending a well formed Handshake
Initialisation packet or an Error Packet (which lets validate the script with a
mysql client).
As an example :
#!/usr/bin/python
import sys
if complex_mysql_healthcheck():
sys.stdout.write(
"\x33\x00\x00" # packet length
"\x00" # packet number
"\x0a" # protocol version
"All tests passed !\x00" # server version
"\x00\x00\x00\x00" # thread id
"\x00\x00\x00\x00\x00\x00\x00\x00" # scramble buff
"\x00" # filler (1 byte)
"\x00\x00" # server capabilities
"\x00" # server language
"\x00\x00" # server_status
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" # filler
(13 bytes)
)
sys.stdout.write(
"\x01\x00\x00" # packet length
"\x02" # packet number
"\xfe" # EOF Packet to accept the authentication request
)
else:
sys.stdout.write(
"\x12\x00\x00" # packet length
"\x00" # packet number
"\xff" # Error packet
"\x00\x00" # errno
"Error detected\x00" # message (null terminated string)
)
This could be the next step for this patch (or a more general step) : build a
centralized knowledge base of the "most useful/used" external checks, by server
types...I guess this is a lot of work :)
> Hoping this helps you figure how to arrange this test. If you want we
> can discuss that on monday.
I also hope this won't take you too much time ;)
--
Cyril Bonté
