Re: HAProxy proxying JDBC requests two a percona cluster
Hi! Thanks for answering. (You might consider running garbd arbitrator on a third server (or a third node), because if the two pxc nodes loose connection between each other - split brain and both nodes won't work http://www.percona.com/blog/2012/07/25/percona-xtradb-cluster-failure-scenarios-with-only-2-nodes/) Yes, I am already planning this. Do you get any errors if you use direct jdbc connection from hybris to your PXC nodes (no haproxy in between) ? No. Because of this and my tests with the Active/Passive-setup, I already ruled out the Percona cluster. Have you enabled logging in haproxy and do you get any errors in haproxy logs ? Kinda (see my haproxy.cfg below). You're right. I will check out the logging options and optimize logging. What kind of server / client timeouts do you use in haproxy or are you reaching maxconn etc. limits ? I don't think, I reach maxconn, because the maximum connections HATop shows are 23 and my limit is around 2000. Here's my haproxy.cfg btw: global log /dev/loglocal0 log /dev/loglocal1 notice chroot /var/lib/haproxy user haproxy group haproxy daemon stats socket /var/run/haproxy.sock mode 600 level admin stats timeout 2m defaults log global modehttp option tcplog option dontlognull retries 3 option redispatch timeout connect 5 timeout client 5 timeout server 5 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http listen mysql-cluster 127.0.0.1:3306 mode tcp balance roundrobin option httpchk server shopclusterdb1 10.10.42.82:3306 check port 9200 inter 12000 rise 3 fall 3 server shopclusterdb2 10.10.42.83:3306 check port 9200 inter 12000 rise 3 fall 3 backup Kind regards Dennis -- Dennis Plöger Systemadministrator und Berater -- Besuchen Sie uns auf unseren nächsten Veranstaltungen: - HartmanEVENT 2014, 09.10.2014, Utrecht, Niederlande -- getit - Gesellschaft für Technologie- und Informationstransfer mbH Emil-Figge-Straße 76-80 44227 Dortmund Tel: +49.231.9742.355 Fax: +49.231.9742.356 http://www.getit.de Amtsgericht Dortmund, HRB-Nr. 26548 Geschäftsführung: Dr. Thomas Krämerkämper (Vorsitzender) Christoph Hecker
Re: HAProxy proxying JDBC requests two a percona cluster
Hi! Me again. Kinda (see my haproxy.cfg below). You're right. I will check out the logging options and optimize logging. I just checked the configuration options again and saw, that I'm already logging enough (I think). However, no errors are logged. What kind of server / client timeouts do you use in haproxy or are you reaching maxconn etc. limits ? I don't think, I reach maxconn, because the maximum connections HATop shows are 23 and my limit is around 2000. Hmm... I just understood, that we're probably talking about different things here. As you can see in my configuration, I haven't specify a maxconn value. From the configuration documentation I didn't understand, what the default value is. I just updated my configuration based on this tutorial and will try again: http://www.percona.com/doc/percona-xtradb-cluster/5.5/howtos/haproxy.html Kind regards Dennis
Issues with HTTP CONNECT proxying
Are there any known issues with using HAProxy to load balance forward proxies? I'm seeing an issue where when I put HAProxy in front of the forward proxies, the connection just hangs after the forward proxy replies 200 Connection Established. All other HTTP methods work fine. And if I connect directly from a browser like Firefox to the forward proxies, HTTP CONNECT works fine. Is there something HAProxy is expecting besides the 200 Connection Established? Thank you in advance. -J
Re: HAProxy proxying JDBC requests two a percona cluster
Hi! Hmm... I just understood, that we're probably talking about different things here. As you can see in my configuration, I haven't specify a maxconn value. From the configuration documentation I didn't understand, what the default value is. I just updated my configuration based on this tutorial and will try again: http://www.percona.com/doc/percona-xtradb-cluster/5.5/howtos/haproxy.html Same error (nothing in the logs however). My haproxy.cfg now looks like this: global log /dev/log local1 log /dev/log local0 debug chroot /var/lib/haproxy maxconn 4096 user haproxy group haproxy daemon stats socket /var/run/haproxy.sock mode 600 level admin stats timeout 2m defaults log global modehttp option tcplog option dontlognull retries 3 option redispatch maxconn 2000 timeout connect 5 timeout client 5 timeout server 5 listen mysql-cluster 127.0.0.1:3306 mode tcp balance roundrobin option httpchk server shopclusterdb1 10.10.42.82:3306 check port 9200 inter 12000 rise 3 fall 3 server shopclusterdb2 10.10.42.83:3306 check port 9200 inter 12000 rise 3 fall 3 backup Kind regards Dennis -- Dennis Plöger Systemadministrator und Berater -- Besuchen Sie uns auf unseren nächsten Veranstaltungen: - konaktiva, 11.11.2014, Halle 3 B / Stand G4 (Westfalenhallen), Dortmund -- getit - Gesellschaft für Technologie- und Informationstransfer mbH Emil-Figge-Straße 76-80 44227 Dortmund Tel: +49.231.9742.355 Fax: +49.231.9742.356 http://www.getit.de Amtsgericht Dortmund, HRB-Nr. 26548 Geschäftsführung: Dr. Thomas Krämerkämper (Vorsitzender) Christoph Hecker
haproxy issue
Hi, i have configure haproxy-1.5.4-1.el6.x86_64 with this config frontend inbound-https bind :443 #ssl crt ./my_view_cert.pem mode tcp option tcplog default_backend view_https backend view_https mode tcp option tcplog option httpchk OPTIONS / http-check expect status 200 option ssl-hello-chk #make sure we can talk SSL, not just TCP balance source balance roundrobin stick on src stick-table type ip size 100m expire 1h server milap9900 172.16.74.17:443 check id 1 inter 10s rise 5 fall 2 server milap9901 172.16.74.18:443 check id 2 inter 10s rise 5 fall 2 but when one server responding with 503 haproxy not exclude a fail node from haproxy machine i check: wget https://172.16.74.17 --no-check-certificate --2014-10-15 16:17:15-- https://172.16.74.17/ Connessione a 172.16.74.17:443...connesso. AVVERTIMENTO: impossibile verificare il certificato di 172.16.74.17, rilasciato da /O=VMware, Inc./OU=VMware View default certificate/CN=milap9900: Impossibile verificare localmente l'autorità dell'emittente. AVVERTIMENTO: certificate common name milap9900 doesn't match requested host name 172.16.74.17. HTTP richiesta inviata, in attesa di risposta... 503 Service Unavailable 2014-10-15 16:17:36 ERRORE 503: Service Unavailable. where am I wrong? Best Regard Pasquale
Re: Issues with HTTP CONNECT proxying
On Wed, Oct 15, 2014 at 8:57 AM, Jason J. W. Williams jasonjwwilli...@gmail.com wrote: Are there any known issues with using HAProxy to load balance forward proxies? I'm seeing an issue where when I put HAProxy in front of the forward proxies, the connection just hangs after the forward proxy replies 200 Connection Established. All other HTTP methods work fine. And if I connect directly from a browser like Firefox to the forward proxies, HTTP CONNECT works fine. Is there something HAProxy is expecting besides the 200 Connection Established? Thank you in advance. -J Not enough information to help you. Can you post HAProxy logs and your configuration as well??? Can you also give a try to this option in your frontend section: option http-use-proxy-header Baptiste
Re: Segmentation fault with version 1.5.5
Hi Willy, here's the config. Simply checking it with /usr/sbin/haproxy -c -f /etc/haproxy/haproxy.cfg causes the segmentation fault. --- global nbproc 1 defaults mode http frontend http-in bind :10080 bind :10443 ssl crt /tmp/certandkey.pem default_backend www mode http backend www mode http server srv01 www.web.de:443 ssl verify required verifyhost www.nono.com --- Thanks, Marco
Re: Segmentation fault with version 1.5.5
Hi Marco, Le 15/10/2014 23:08, Marco a écrit : Hi Willy, here's the config. Simply checking it with /usr/sbin/haproxy -c -f /etc/haproxy/haproxy.cfg causes the segmentation fault. --- global nbproc 1 defaults mode http frontend http-in bind :10080 bind :10443 ssl crt /tmp/certandkey.pem default_backend www mode http backend www mode http server srv01 www.web.de:443 ssl verify required verifyhost www.nono.com Is it the full configuration which can trigger the segfault ? I don't see any ca-file. Also, the question may be stupid but I prefer to ask. Did you perform a make clean before compiling haproxy 1.5.5 ? -- Cyril Bonté
Re: Segmentation fault with version 1.5.5
Hi Cyril, Did you perform a make clean before compiling haproxy 1.5.5 ? Thanks for the hint! Indeed, that was the error. Recompiling with make TARGET=linux2628 ARCH=native USE_OPENSSL=yes clean all helped. Works like a charm now. Regards, Marco
Re: SSL to backend not working (verifyhost)
Recompiling with make TARGET=linux2628 ARCH=native USE_OPENSSL=yes clean all helped. Thanks to Cyril. Regards, Marco