Hello,
On Fri, Feb 26, 2010 at 03:11:07PM -0300, Ariel Moreno wrote:
> Dear Sir.
> We are testing HAProxy in our network to balance some proxy
> servers and I was wandering about how the front-end and back-end interact to
> make the solution reliable.
> In this particular case, I have simulated a full back-end proxy fail in
> order to know if there will be any change in the front-end listening, but
> nothing happened.
This is expected because a frontend can connect to multiple backends.
> Question: Does the HAProxy have any setting to disable the frontend when
> there is a failure of all back-end servers?
Yes, there is a solution. For this you need to use "monitor-uri" and
"monitor fail". For instance, let's say that an external equipment
checks haproxy every second on URI "/haproxy-health". You want haproxy
to report that it's unusable if there are less than two servers in
either of the two backend connected to the frontend :
frontend www
mode http
bind :80
acl bk1_dead nbsrv(bk1) lt 2
acl bk2_dead nbsrv(bk2) lt 2
monitor-uri /haproxy-health
monitor fail if bk1_dead or bk2_dead
...
use_backend bk1 if ...
use_backend bk2 if ...
backend bk1
...
backend bk2
...
But you must keep in mind that the frontend will always respond to
the port, so you must really perform an HTTP check there. There are
2 reasons to that :
- if you just perform a TCP connection, you're not testing
connectivity to haproxy but to the OS which queues the
connection request into the TCP backlog. So haproxy's status
would not necessarily be reflected outside.
- no most OSes, if you unbind stop listening on a port without
unbinding, you can't listen again afterwards. In fact I've only
found Linux to support that. And if you unbind, you can't rebind
after you have dropped privileges.
Anyway that's not specific to haproxy, as a simple TCP connect does
not reflect services availability in general. That's the reason why
the "monitor-uri" was implemented.
Hoping this helps,
Willy
