Re: Emulating Active/passing application clustering with HAProxy
Op 16 feb. 2014, om 00:16 heeft Cyril Bonté cyril.bo...@free.fr het volgende geschreven: Le 16/02/2014 00:00, Mark Ruys a écrit : Hi Cyril, Awesome, that's exactly what I need. Thanks for sharing it, I'll definitely implement it this way! OK, please feel free to provide some feedbacks once implemented ;-) So far, I have one observation: To switch back to the active backend : # echo clear table passive | socat stdio /var/run/haproxy.sock Although the table is declared with peer stickiness (stick-table type integer size 1 peers LB), clearing the table does not propagate to the other peers. So you have to clear the tables on all peers by hand. If this is not a bug, then I would call it a feature request :) Mark Note for Willy, while working on the example I found 2 bugs : 1. Integer stick tables are not consistent against peers : integers sent over the network are converted with hotnl() but are not converted again in the read path. I'm working on a patch for that. 2. a peers section without a name will segfault. I think both will have to be backported to haproxy 1.4. -- Cyril Bonté --- dr M.P.J. Ruys :: Lead Software Engineer Peercode Oudenhof 4c, 4191NW Geldermalsen, The Netherlands Web site and travel directions: www.peercode.nl Phone +31.88.0084124 :: Mobile +31.6.51298623
RE: Patch for ALPN compatibility with OpenSSL development
Hi, I’ve updated the patch which now does actual negotiation. The logic comes from the example OpenSSL server application that also was committed in the commit that adds ALPN support to OpenSSL: Great, it works correctly now. When negotiating spdy I now get a ERR_SPDY_PROTOCOL_ERROR in Chrome, which indicates that Chrome switches in fact to spdy. This was not the case with the prior patch. We should probably replace the #ifdef OPENSSL_ALPN_NEGOTIATED with #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation everywhere, instead of defining OPENSSL_ALPN_NEGOTIATED when TLSEXT_TYPE_application_layer_protocol_negotiation is set. OPENSSL_ALPN_NEGOTIATED is another leftover from the old alpn patch. Other than that, I think this can be committed. Willy? Regards, Lukas
Re: Emulating Active/passing application clustering with HAProxy
Hi Mark, On Sun, Feb 16, 2014 at 01:27:18PM +0100, Mark Ruys wrote: So far, I have one observation: To switch back to the active backend : # echo clear table passive | socat stdio /var/run/haproxy.sock Although the table is declared with peer stickiness (stick-table type integer size 1 peers LB), clearing the table does not propagate to the other peers. So you have to clear the tables on all peers by hand. If this is not a bug, then I would call it a feature request :) Stick tables are only synchronized on updates. Clearing or inserting values from the CLI are not updates but what I'd call local maintenance. In practice however, if you clear one LB's entry, the next time it'll get a request, it will load balance it, update the table and propagate the update. Also, if you're running with automatic expiration after a certain delay, both of your LB's tables will expire after inactivity. Regards, Willy
Re: Patch for ALPN compatibility with OpenSSL development
Hi all, Yes, of course! The ALPN patch was an early incantation I did based on initially available patches so that people could start to experiment with it. Now that we're finally getting closer to something official in openssl, better stick to it! Dirkjan, could you please adjust your patch with Lukas' suggestions above ? I'll happily merge it. I’ve updated the patch with the suggestion given. — Dirkjan 0001-Use-ALPN-support-as-it-will-be-available-in-OpenSSL-.patch Description: Binary data
Re: Patch for ALPN compatibility with OpenSSL development
On Sun, Feb 16, 2014 at 07:45:08PM +0100, Dirkjan Bussink wrote: Hi all, Yes, of course! The ALPN patch was an early incantation I did based on initially available patches so that people could start to experiment with it. Now that we're finally getting closer to something official in openssl, better stick to it! Dirkjan, could you please adjust your patch with Lukas' suggestions above ? I'll happily merge it. I?ve updated the patch with the suggestion given. Great, thank you Dirkjan, I've just merged it now. Best regards, Willy