Hi there Igor,
> How did you do that? By putting the haproxy's security group or the
> haproxy's ip to the mysql group inbound rule? Sorry but which non local IP
> is that?
>
I put the external IP of the haproxy server into the security group on the
mysql server. In this case the external IP from the haproxy host is an
elastic IP. And I saw that when I did that and performed a grant on the
database I could log into the db from the haproxy machine.
How many interfaces haproxy has? Is it connected to the 10.10.10.0/24 network
> at all?
> Looks to me you are trying to use VIP's or something which does not work
> in same way as in normal lan's. Don't forget that in AWS we are dealing
> with SDN's so giving l0 or any other interface a second IP address localy
> on the instance using ip tool lets say will simply not work. That IP is not
> visible to the SDN and the interface will never send or receive any
> traffic. You need that IP allocated to the haproxy interface (no option for
> l0 here) via EC2 console or aws cli tool.
The IP's I was using in the example config I posted to the thread earlier
was using fake IP's, not the real ones. In reality I had used the external
IP's which are on a 52.3.22 subnet (for example on one host).
The haproxy machines have just one interface, and they're both on the same
VPC. This is needed for failover. Those IPs actually are 10-net addresses.
So maybe I'll need to put those IP's into the SG's on the database nodes to
get this working?
So for example if I do a command like this:
[root@ha1:/etc/haproxy] #ifconfig | grep inet | grep -v inet6
inet 10.0.0.XXX netmask 255.255.255.0 broadcast 10.0.0.255
inet 127.0.0.1 netmask 255.0.0.0
What I get back is a 10-net address and the loopback.
Only thing is that the database hosts are on separate AWS accounts. So I
don't know how the database nodes will be able to recognize the internal
10-net addresses from the haproxy hosts.
Do you have any suggestions on how this can (or can't) work?
Thanks,
Tim
On Fri, Jul 24, 2015 at 1:11 AM, Igor Cicimov <
ig...@encompasscorporation.com> wrote:
>
>
> On Fri, Jul 24, 2015 at 1:46 PM, Tim Dunphy <bluethu...@gmail.com> wrote:
>
>> Hi all,
>>
>> I'm attempting to setup mysql load balancing using HA/Proxy. Seemed
>> pretty straight forward at first.
>>
>> I'm using Amazon ec2 for all nodes. First I made sure that the
>> haproxy nodes could contact the mysql boxes by opening up the security
>> group from the mysql boxes to the haproxy ones on port 3306.
>>
>
> How did you do that? By putting the haproxy's security group or the
> haproxy's ip to the mysql group inbound rule? If IP which one is that?
>
>
>>
>> I setup the following config:
>>
>> global
>> log 127.0.0.1 local0 notice
>> user haproxy
>> group haproxy
>>
>> defaults
>> log global
>> retries 2
>> timeout connect 3000
>> timeout server 5000
>> timeout client 5000
>>
>> listen mysql-cluster
>> bind 127.0.0.1:3306
>>
> mode tcp
>> option mysql-check user haproxy_check
>> balance roundrobin
>> server mysql-1 10.10.10.10:3306 check
>> server mysql-2 10.10.10.11:3306 check
>>
>> listen 0.0.0.0:80
>> mode http
>> stats enable
>> stats uri /
>> stats realm Strictly\ Private
>> stats auth admin:secret
>>
>> And ensured that haproxy could bind to non local IP's:
>>
>
> Sorry but which non local IP is that? How many interfaces haproxy has? Is
> it connected to the 10.10.10.0/24 network at all?
>
> Looks to me you are trying to use VIP's or something which does not work
> in same way as in normal lan's. Don't forget that in AWS we are dealing
> with SDN's so giving l0 or any other interface a second IP address localy
> on the instance using ip tool lets say will simply not work. That IP is not
> visible to the SDN and the interface will never send or receive any
> traffic. You need that IP allocated to the haproxy interface (no option for
> l0 here) via EC2 console or aws cli tool.
>
>
>>
>> [root@ha1:/etc/haproxy] #grep ipv4 /etc/sysctl.conf
>> net.ipv4.ip_nonlocal_bind=1
>>
>> [root@ha1:/etc/haproxy] #sysctl -p
>> net.ipv4.ip_nonlocal_bind = 1
>>
>> Yet when I try to start up haproxy I get the following result:
>>
>> [root@ha1:/etc/haproxy] #systemctl status haproxy
>> haproxy.service - HAProxy Load Balancer
>> Loaded: loaded (/usr/lib/systemd/system/haproxy.service; enabled)
>> Active: inactive (dead) since Fri 2015-07-24 03:44:18 UTC; 9s ago
>> Process: 25034 ExecStart=/usr/sbin/haproxy-systemd-wrapper -f
>> /etc/haproxy/haproxy.cfg -p /run/haproxy.pid (code=exited, status=0/SUCCESS)
>> Main PID: 25034 (code=exited, status=0/SUCCESS)
>>
>> Jul 24 03:44:18 ha1 systemd[1]: Starting HAProxy Load Balancer...
>> Jul 24 03:44:18 ha1 systemd[1]: Started HAProxy Load Balancer.
>> Jul 24 03:44:18 ha1 haproxy-systemd-wrapper[25034]:
>> haproxy-systemd-wrapper: executing /usr/sbin/haproxy -f
>> /etc/haproxy/hap...id -Ds
>> Jul 24 03:44:18 ha1 haproxy-systemd-wrapper[25034]: [ALERT] 204/034418
>> (25035) : *Starting proxy mysql-cluster: cannot bind s...:3306]*
>> Jul 24 03:44:18 ha1* h*aproxy-systemd-wrapper[25034]:
>> haproxy-systemd-wrapper: exit, haproxy RC=256
>> Hint: Some lines were ellipsized, use -l to show in full.
>>
>>
>
>> So it seems that haproxy is expecting to have mysql already listening on
>> port 3306. But mysql is runnign on two external nodes with port 3306 open
>> to the two haproxy machines.
>>
>> What am I doing wrong? And how can I get this to work?
>>
>> Thanks,
>> TIm
>> --
>> GPG me!!
>>
>> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
>>
>>
>
>
> --
> Igor Cicimov | DevOps
>
>
> p. +61 (0) 433 078 728
> e. ig...@encompasscorporation.com <http://encompasscorporation.com/>
> w*.* encompasscorporation.com
> a. Level 4, 65 York Street, Sydney 2000
>
--
GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
