hi all, As you may have noticed already, HAProxy 1.6-dev2 version has integrated a new feature: server IP address resolution using DNS. Main purpose of this dev is to make HAProxy aware of a server IP change when using environment such as AWS or docker.
Here is the current status of HAProxy and server name resolution: - when parsing the configuration, HAProxy uses libc functions and resolvers provided by the operating system => if the server can't be resolved at this step, then HAProxy can't start - in order to make DNS resolution operational at run time, health checks must be enabled on the server. Actually, the health check triggers name resolution - HAProxy uses its own resolvers using the new section called "resolvers". - HAProxy queries ALL resolvers and take the first non-error response - a resolution is considered in error when ALL resolvers failed (whatever the failure was) - When a resolution is successful, HAProxy keep it for "hold valid" period. Once "hold valid" has expired, next health check will trigger a new DNS resolution Documentation about it: - http://cbonte.github.io/haproxy-dconv/snapshot/configuration-1.6.html#resolvers%20%28Server%20and%20default-server%20options%29 - http://cbonte.github.io/haproxy-dconv/snapshot/configuration-1.6.html#5.3 Now current status is briefly explained, we have a few WIP tasks we want to discuss with the community. We want to here feedback about additional features we have in mind. First, we want to fix the error when HAProxy fails starting up because the resolvers pointed by the system can't resolve a server's IP address (but HAProxy resolvers could). The idea here would to create a new flag on the server to tell HAProxy which IP to use. The server would be enabled when the IP has been provided by the expected tool. IE, a new server directive could be "init-addr" (for inital IP address) and would take a list of directive from 'libc', 'dns', 'a.b.c.d' (arbitrary IP address), etc... (non exhaustive live, more to come...) Currently, HAProxy works like this: "init-addr libc,dns" A new value could be "init-addr dns" Or "init-addr 1.2.3.4,dns" Second, we want to log server IP changes. For now, there are 2 ways to change a server IP address: DNS resolution or using the stats socket command: "set server addr" 2 options: - we setup a parameter to enable logging server IP changes, whatever has updated the server IP - we allow HAProxy to log server IP changes from a specific source only. IE, log only when DNS change a server's IP Third, we have to handle DNS response errors. We thought about the 4 following cases: - NX domain : all DNS servers can't resolve this host name - response timeout : no response was received - query refused : the DNS servers refused our query - other : all other cases => For each error, we can maintain the latest good IP for a period decided by the user. IE, if you want to keep a server up for 5 minutes while your servers return NX, then setup "hold nx 5m" in your resolvers section Fourth, we need a new server state when a DNS resolution is in error. Currently, we have 2 types of state: operational or administrative - administrative states: ready, maint, drain - operational states: down, failed, stopped We have to create a new state (should be operational) which reports that HAProxy is not able to perform a proper DNS resolution for this server. Once in that state, the server won't be able to get new traffic, health checks will be stopped too. HAProxy will turn the server in this state after the hold period described in step #3. That's all for now. Looking forward to read your feedback! Baptiste