Re: Haproxy plus ices protocol (99.999% similar to HTTP)

2012-06-21 Thread Carlo Flores 
(great thread.)

On Thursday, June 21, 2012, Willy Tarreau wrote:

> On Fri, Jun 22, 2012 at 01:51:12AM -0400, Martin Konecny wrote:
> > Hi Willy,
> >
> > I can only answer your question by saying that other clients that use
> this
> > protocol but replace ICE/1.0 with HTTP/1.0 have no problem with HAProxy.
> >
> > It seems that those other clients realized it wasn't a good idea to
> change
> > that part for no good reason :).
> >
> >
> > I thought I had found a solution when I started playing with reqrep
> > (replace ICE with HTTP) but then I noticed only "valid" HTTP requests
> were
> > being passed through this operator.
>
> exactly.
>
> > Any other ideas? There is no official documentation, but this post
> > http://stackoverflow.com/a/9985297/276949 should give you a brief
> overview.
>
> Thanks, that's useful information. From the info there and on the forum
> linked to from there, there are incompatibilities. The link above suggests
> that the server responds with "HTTP/1.0 200 OK". The other link says it
> responds with "ICY 200 OK". None of the links suggest any form of
> keep-alive
> either. So I think that some experimentation is required.
>
> If you're willing to make a few changes to the code, here's what I'm
> suggesting :
>
> 1) add the I, C and E letters to http_is_ver_token[] in proto_http.c, so
> that
>   the protocol is not rejected anymore in requests nor responses.
>
> 2) in http_wait_for_request(), after the HTTP/0.9 to 1.0 conversion,
>   add this to convert from ICE/1.0 to HTTP/1.0 :
>
>/* 4. We may have to convert ICE/1.0 requests to HTTP/1.0 */
>if (unlikely(msg->sl.rq.v_l == 7) &&
> !http_upgrade_ice10_to_httpv10(txn))
>goto return_bad_req;
>
> 3) duplicate http_upgrade_v09_to_v10() and call the new one
>   http_upgrade_ice10_to_httpv10(). Make it transform only the version
>   tag from ICE/1.0 to HTTP/1.0.
>
> The rest of the processing would then remain unaffected since the request
> would have been turned very early into HTTP/1.0.
>
> If this works, we'll look how to more reliably implement this.
>
> Regards,
> Willy
>
>
>

Re: FW: problem with haproxy reload

2012-06-06 Thread Carlo Flores 
Its toally dirty, but we have our wrapper check for such exceptions, then
force a listener if an haproxy listener doesn't exist after a
reload/restart to the existing (now dead) haproxy process. I've grown to
not fret about such dirty when running haproxy dev branch, but ymmv.

https://github.com/flores/haproxyctl

On Wednesday, June 6, 2012, Senthil  wrote:
>
>
> Hi,
>
>
>
>   We faced with haproxy, we have a script which deletes the
>
>   frontend and backend entries of haproxy based on name and does a reload
of
>
>   haproxy after haproxy file check is done.
>
>
>
>
>
>
>
>   In one such scenario after deleting the frontend and backend and
reloading
>
>   we found that haproxy was in stop state
>
>
>
>
>
>
>
>   Below are the logs which shows the backend was started again during
reload
>
>but the frontends were not started and the same are  shown in logs
after we manually restarted
>
>   haproxy
>
>
>
>
>
>
>
>  Any feedback regarding this will be very useful.
>
>
>
> Regards
>
> Senthil
>
>
>
>
>
>
>
> May 18 19:36:10 indya-lb haproxy[7375]: Stopping frontend ssl_frontend_1
in  0 ms.
>
>
>
>   May 18 19:36:10 indya-lb haproxy[7375]: Stopping backend
ssl_frontend_1BACK  in 0 ms.
>
>
>
>   May 18 19:36:10 indya-lb haproxy[7375]: Stopping frontend
ssl_frontend_2 in  0 ms.
>
>
>
>   May 18 19:36:10 indya-lb haproxy[7375]: Stopping backend
ssl_frontend_2BACK  in 0 ms.
>
>
>
>   May 18 19:36:10 indya-lb haproxy[7375]: Stopping frontend Star in 0 ms.
>
>
>
>   May 18 19:36:10 indya-lb haproxy[7375]: Stopping backend StarBACK in 0
ms.
>
>
>
>   May 18 19:36:10 indya-lb haproxy[7375]: Stopping frontend Staging in 0
ms.
>
>
>
>   May 18 19:36:10 indya-lb haproxy[7375]: Stopping backend StagingBACK in
0  ms.
>
>
>
>   May 18 19:36:10 indya-lb haproxy[13147]: Proxy ssl_frontend_2BACK
started.
>
>
>
>   May 18 19:36:10 indya-lb haproxy[13147]: Proxy StarBACK started.
>
>
>
>   May 18 19:36:10 indya-lb haproxy[13147]: Proxy StagingBACK started.
>
>
>
>   May 18 19:36:10 indya-lb haproxy[7375]: Proxy ssl_frontend_1 stopped
(FE:  3886 conns, BE: 0 conns).
>
>
>
>   May 18 19:36:10 indya-lb haproxy[7375]: Proxy ssl_frontend_1BACK
stopped  (FE: 0 conns, BE: 3583 conns).
>
>
>
>   May 18 19:36:10 indya-lb haproxy[7375]: Proxy ssl_frontend_2 stopped
(FE: 0  conns, BE: 0 conns).
>
>
>
>   May 18 19:36:10 indya-lb haproxy[7375]: Proxy ssl_frontend_2BACK
stopped  (FE: 0 conns, BE: 0 conns).
>
>
>
>   May 18 19:36:10 indya-lb haproxy[7375]: Proxy Star stopped (FE:
60927284  conns, BE: 0 conns).
>
>
>
>   May 18 19:36:10 indya-lb haproxy[7375]: Proxy StarBACK stopped (FE: 0
conns,  BE: 59690087 conns).
>
>
>
>   May 18 19:36:10 indya-lb haproxy[7375]: Proxy Staging stopped (FE: 0
conns,  BE: 0 conns).
>
>
>
>   May 18 19:36:10 indya-lb haproxy[7375]: Proxy StagingBACK stopped (FE:
0  conns, BE: 0 conns).
>
>
>
>   May 18 20:09:32 indya-lb haproxy[13204]: Proxy ssl_frontend_2 started.
>
>
>
>   May 18 20:09:32 indya-lb haproxy[13204]: Proxy ssl_frontend_2BACK
started.
>
>
>
>   May 18 20:09:32 indya-lb haproxy[13204]: Proxy Star started.
>
>
>
>   May 18 20:09:32 indya-lb haproxy[13204]: Proxy StarBACK started.
>
>
>
>   May 18 20:09:32 indya-lb haproxy[13204]: Proxy Staging started.
>
>
>
>   May 18 20:09:32 indya-lb haproxy[13204]: Proxy StagingBACK started.
>
>
>
>
>
>  We are the using the init script to reload haproxy "service haproxy
reload" in centos and the script is as follows
>
>
>
> #!/bin/sh
>
>
>
>   #
>
>
>
>   # chkconfig: - 85 15
>
>
>
>   # description: HA-Proxy is a TCP/HTTP reverse proxy which is
particularly
>
>   suited
>
>
>
>\
>
>
>
>   #  for high availability environments.
>
>
>
>   # processname: haproxy
>
>
>
>   # config: /etc/haproxy.cfg
>
>
>
>   # pidfile: /var/run/haproxy.pid
>
>
>
>
>
>
>
>   # Source function library.
>
>
>
>   if [ -f /etc/init.d/functions ]; then
>
>
>
> . /etc/init.d/functions
>
>
>
>   elif [ -f /etc/rc.d/init.d/functions ] ; then
>
>
>
> . /etc/rc.d/init.d/functions
>
>
>
>   else
>
>
>
> exit 0
>
>
>
>   fi
>
>
>
>
>
>
>
>   # Source networking configuration.
>
>
>
>   . /etc/sysconfig/network
>
>
>
>
>
>
>
>   # Check that networking is up.
>
>
>
>   [ ${NETWORKING} = "no" ] && exit 0
>
> --
>  CAUTION - Disclaimer * This e-mail
contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the
use of the addressee(s). If you are not the intended recipient, please
notify the sender by e-mail and delete the original message. Further, you
are not to copy, disclose, or distribute this e-mail or its contents to any
other person and any such actions are unlawful. This e-mail may contain
viruses. Netmagic Solutions Pvt. Ltd. has taken every reasonable precaution
to minimize this risk, but is not liable for any damage you may sustain as
a result of any virus in this e-mail. You should carry out your own virus
checks before opening the e-mail or attachment. Netmagic Solutions Pvt.
Ltd. reserves the right to mo

Re: Performance decrease with HAproxy

2012-04-14 Thread Carlo Flores 
One more general q: Any measurable latency between the HAProxy and Squid boxes?

2012/4/14 Willy Tarreau :
> Hi,
>
> On Sun, Apr 15, 2012 at 04:00:39AM +0700, Thái Lę Trí wrote:
>> I have trouble with HAproxy.
>> using HAproxy for load balance and backend have 3 squid proxy. But the time
>> to load a web page with haproxy in front of squid is much more slower than
>> using squid directly.
>
> What's the connection rate and/or request rate when you observe this ?
> I'm not seeing anything suspicious in your config. Do you observe anything
> in your logs, such as long response times ? And what version of haproxy are
> you running ?
>
> Willy
>
>

Re: Re: How to select a server based on client ip ?

2012-03-16 Thread Carlo Flores 
Hey wsq003.  I don't believe it can be simpler because of the nature of
creating ACLs in HAProxy.  However, you could make this much more elegant
by a) programmatically creating the ACLs and/or b) using something like
haproxy_join ( https://github.com/joewilliams/haproxy_join ) or Puppet's
concat module ( https://github.com/ripienaar/puppet-concat ) to break up
the configuration files into a more readable format.

Even a simpler format that constantly changes would be hairy and needs
automation to not be hairy, right? :)

On Thu, Mar 15, 2012 at 12:39 AM, wsq003  wrote:

> **
>
> Thanks, Carlo. It works.
>
> But can it be simpler? such as:
>
>  frontend http
>  bind :80
>  mode http
>  default_backend pool
>
> backend pool
>  server s01 2.3.4.1:80 <http://2.3.4.1/>
>  server s02 2.3.4.2:80 <http://2.3.4.2/>
>  server s03 2.3.4.3:80 <http://2.3.4.3/>
>   use_server s01 if { src 217.192.7.0/24 }
>
> We have many servers for different developers, the rules may be complex
> and changing.
> It is not elegant to define hundreds of backend.
>
>
>  *From:* Carlo Flores 
> *Date:* 2012-03-15 14:45
> *To:* wsq003 
> *CC:* haproxy 
> *Subject:* Re: How to select a server based on client ip ?
>  See the src entry under section 7.5.1 of the HAProxy docs.  There's
> actually many examples of this acl you'll find throughout the doc.  You'd
> use something like this:
>
>  frontend http
>   bind :80
>   mode http
>   acl always_s01 src 217.192.7.0/24
>   use_backend s01 if always_s01
>   default_backend pool
>
> backend s01
>   server s01 2.3.4.1:80
>
> backend pool
>   server s01 2.3.4.1:80
>   server s02 2.3.4.2:80
>   server s03 2.3.4.3:80
>
>
> On Wed, Mar 14, 2012 at 11:09 PM, wsq003  wrote:
>
>> Hi,
>>
>> If we have 5 servers within a back-end, how can we specify some request
>> to certain server based on client ip?
>>
>> For example:
>>
>> backend
>>server s01
>>server s02
>>server s03
>>server s04
>>server s05
>>
>> How can we make all requests comes from 217.192.7.* goes to server s01 ?
>>
>> Thanks.
>>
>
>

Re: problems with enabling/disabling servers via socket

2012-03-15 Thread Carlo Flores 
Hey Michele.

I'm confused as to how "show stat" is correct...

>According to the statistics I have retrieved by means of "show stat" after
enabling disabling servers, it looks like the socket is working as
expected.

But your script does not correspond to this even though it uses "show
stat"...

>After executing the code above, I use a different socket to retrieve the
stats and check that the number of active servers corresponds to the
expected one.

You're sure it's not an issue with this script and the autoheal you have
going on to see the number of expected servers?

If you stop that script and simply disable a server via socat, then refresh
the interface as well as get a new show stat, then enable a server via
socat, then refresh the interface as well as get a new show stat, are your
results as expected?


On Wed, Mar 14, 2012 at 11:46 PM, Willy Tarreau  wrote:

> Hi Michele,
>
> On Wed, Mar 14, 2012 at 01:07:51PM +0200, Michele Mazzucco wrote:
> > Hello Willy,
> >
> > I have tried to follow your advice, but it didn't solve the matter -- it
> > looks like the problem is not the web interface.
> > After executing the code above, I use a different socket to retrieve the
> > stats and check that the number of active servers corresponds to the
> expected
> > one.
> > This is the log
> >
> >
> > 2012-03-14 10:50:56,568 Enabling reserves
> > 2012-03-14 10:50:56,568 enable server www/i-932dbef7
> > <-- command sent over the socket
> > 2012-03-14 10:50:56,569 Expected 5 active serves, have 4, calling
> change_state() again
> > 2012-03-14 10:50:56,569 enable server www/i-932dbef7
> > <--- command sent over the socket
> > ... server enabled
>
> Just to be sure, is it the disabling of servers which causes trouble or
> enabling them back ?
>
> I'm asking because we (very) recently fixed an issues related to servers
> leaving maintenance mode which was introduced by fixing another issue with
> server tracking, but the regression did not affect any 1.4 releases.
> However, since both fixes have been backported into 1.4.20, it is possible
> there was another corner case we did not identify and which is solved now.
>
> Just in case, would you please check if 1.4.20 still behaves the same ?
> Maybe we're trying to troubleshoot an already fixed issue.
>
> Regards,
> Willy
>
>
>

Re: How to select a server based on client ip ?

2012-03-14 Thread Carlo Flores 
See the src entry under section 7.5.1 of the HAProxy docs.  There's
actually many examples of this acl you'll find throughout the doc.  You'd
use something like this:

frontend http
  bind :80
  mode http
  acl always_s01 src 217.192.7.0/24
  use_backend s01 if always_s01
  default_backend pool

backend s01
  server s01 2.3.4.1:80

backend pool
  server s01 2.3.4.1:80
  server s02 2.3.4.2:80
  server s03 2.3.4.3:80


On Wed, Mar 14, 2012 at 11:09 PM, wsq003  wrote:

> Hi,
>
> If we have 5 servers within a back-end, how can we specify some request to
> certain server based on client ip?
>
> For example:
>
> backend
>server s01
>server s02
>server s03
>server s04
>server s05
>
> How can we make all requests comes from 217.192.7.* goes to server s01 ?
>
> Thanks.
>

Re: Create Backed by Unix Socket

2012-02-06 Thread carlo flores 
Oh missed that; cool.  Sorry for my mistake with your name while
multitasking as well :)

On Mon, Feb 6, 2012 at 4:52 PM, Jeff Buchbinder <
jbuchbin...@ravemobilesafety.com> wrote:

>  There is an API text file in the root of the git repo with some more 
> information. I try to keep it sync'd with Willy's upstream copy.
>
> carlo flores  wrote:
>
>
> John,
>
>  Where's the documentation for your patch?  I'm up for playing with this
> neat idea even if we don't use it in Prod.
>
>  Might hook in some suff to haproxyctl if you can output a version
> number/patch/something so the ctl script can recognize when someone is
> using this version...
>
> On Mon, Feb 6, 2012 at 4:39 PM, Jeff Buchbinder <
> jbuchbin...@ravemobilesafety.com> wrote:
>
>> The api patch I have been working on at
>> https://github.com/jbuchbinder/haproxy has that functionality, but needs
>> more testing.
>>
>> Willy has said that he has no plans to include this patch, primarily due
>> to the potential for configuration issues in dynamically configured
>> frontends, backends, etc.
>>
>> Thanks,
>> Jeff
>>
>> Ivan Ator  wrote:
>>
>>
>> Going from the documentation, there doesn't appear to be functionality
>> for creating/destroying backends.
>>
>> Personally, I have accomplished your task by creating a series of
>> scripts for maintaining the configuration file and reloading it while
>> live.
>>
>> On 2/6/2012 3:21 PM, Dziuba, Ted wrote:
>> > Hi,
>> >
>> > I am wondering if it possible to create an haproxy backend
>> > programmatically, using the unix socket facility. I see that you can
>> > enable and disable existing back-ends, but I want to add a new one. This
>> > is my use case:
>> >
>> > HTTP server starts on a host, binding to port 0
>> >
>> > HTTP server announces itself to a load balancer, asking to be put into
>> > the pool
>> >
>> > Load balancer acknowledges HTTP server and starts sending it traffic
>> >
>> > Thanks,
>> >
>> > Ted
>> >
>> > ---
>> >
>> > Ted Dziuba
>> >
>> > Co-Founder, Milo.com
>> >
>> > t...@milo.com
>> >
>>
>>
>>
>

Re: Create Backed by Unix Socket

2012-02-06 Thread carlo flores 
John,

Where's the documentation for your patch?  I'm up for playing with this
neat idea even if we don't use it in Prod.

Might hook in some suff to haproxyctl if you can output a version
number/patch/something so the ctl script can recognize when someone is
using this version...

On Mon, Feb 6, 2012 at 4:39 PM, Jeff Buchbinder <
jbuchbin...@ravemobilesafety.com> wrote:

> The api patch I have been working on at
> https://github.com/jbuchbinder/haproxy has that functionality, but needs
> more testing.
>
> Willy has said that he has no plans to include this patch, primarily due
> to the potential for configuration issues in dynamically configured
> frontends, backends, etc.
>
> Thanks,
> Jeff
>
> Ivan Ator  wrote:
>
>
> Going from the documentation, there doesn't appear to be functionality
> for creating/destroying backends.
>
> Personally, I have accomplished your task by creating a series of
> scripts for maintaining the configuration file and reloading it while live.
>
> On 2/6/2012 3:21 PM, Dziuba, Ted wrote:
> > Hi,
> >
> > I am wondering if it possible to create an haproxy backend
> > programmatically, using the unix socket facility. I see that you can
> > enable and disable existing back-ends, but I want to add a new one. This
> > is my use case:
> >
> > HTTP server starts on a host, binding to port 0
> >
> > HTTP server announces itself to a load balancer, asking to be put into
> > the pool
> >
> > Load balancer acknowledges HTTP server and starts sending it traffic
> >
> > Thanks,
> >
> > Ted
> >
> > ---
> >
> > Ted Dziuba
> >
> > Co-Founder, Milo.com
> >
> > t...@milo.com
> >
>
>
>

Re: another round for configuration.txt => html

2011-11-02 Thread carlo flores 
Just curious: why not rewrite the docs in markdown?

Would a rewrite formulinix could just add to be welcome?

On Wednesday, November 2, 2011, Baptiste  wrote:
> Hi Aleks,
>
> It's a good and interesting start.
> I already talked to Willy about the doc format, and unfortunately for
> you, the way you're doing is not the one wanted by him.
>
> As you have remarked, the doc format is quite "open", each
> documentation contributors tries to maintain the format, but there is
> no strict verification on the shape (only on the content).
> What Willy wants, is not a translation of the doc in a new format that
> would force devs to follow strong recommendation, otherwise the
> integrity of the whole doc would be broken.
> He considers the documentation is readable for a human eye, so it
> should be for an automatic tool which could then translate it into a
> nicer format.
>
> Purpose is double:
> 1. don't bother the devs when they have to write documentation
> 2. have a nice readable documentation
>
> So basically, a lot of people are interested by a nicer version of the
> doc, I already started working on the subject and I might push
> something in my github very soon: a bash/sed/awk tool to translate the
> HAProxy documentation in Markdown format (could be HTML as well).
> Contribution will be welcome :)
>
> cheers
>
> On Thu, Nov 3, 2011 at 12:57 AM, Aleksandar Lazic 
wrote:
>> Hi all,
>>
>> I have now started do change the configuration.txt in that way
>> that asciidoc an produce nice HTML output.
>>
>> asciidoc -b html5 -o haproxy-conf.html configuration.txt
>>
>> http://www.none.at/haproxy-conf.html
>>
>> I have stopped at section 2.3 to get your feedback.
>>
>> As you can see in the diff there is not to much to change,
>> yet.
>>
>> http://www.none.at/haproxy-conf.diff
>>
>> Thank you for your feedback
>>
>> Aleks
>>
>>
>
>

Re: Timeout values

2011-10-26 Thread carlo flores 
I can appreciate having to keep a slow application layer highly available
via long timeouts, but as a suggestion:

a) keep lots of available sockets open and think about the "timeout wait"
sysctl reuse/recycle variables

And

b) think about creating a simple page (in whatever language and environment
that your application uses) that returns 200 OK for the healthcheck on the
backend servers. With your current parameters, figure a standard 2 fails and
5 ok recovers for a backend health check, at 30s increments with a 40s
timeout, and you're down a lot longer than you need to.

Just ideas. But if you're dealing with such a slow application layer, I'm
doubt posting large timeout values will lead to anyone's approval -- more
likely Baptiste's reasonable response -- or sympathy an a call for a faster
application layer via knowns and optimization/iteration -- the dev/ops
response.

But I hope this helps,
C.

On Tuesday, October 25, 2011, Erik Torlen 
wrote:
> Hi,
>
> I would like to get feedback on these timeout values.
>
>timeout http-request40s
>timeout queue   1m
>timeout connect 120s
>timeout client  1m
>timeout server  1m
>timeout http-keep-alive 40s
>timeout check   40s
>
> I have done alot of different loadtests with different values using stud
in front of haproxy and backend on separate instances
> in the cloud (meaning there is higher latency then normal against
backend).
>
> Can't see any big difference in the loadtest result when having these
timeout fairly high. I guess that really low values will affect
> the loadtest result more.
>
> /E
>
>

Re: Makefile.bsd'd SYSTEM_MAXCONN=1024 ?

2011-09-26 Thread carlo flores 
Thanks much Willy. We are moving forward with commenting this out in our
installs, FYI.

On Monday, September 26, 2011, Willy Tarreau  wrote:
> Hi Carlo,
>
> On Mon, Sep 26, 2011 at 04:18:38PM -0700, carlo flores wrote:
>> Just wondering if this is enabled in Makefile.bsd for a particular
reason?
>>  We're building automated installers and noticed it is commented out in
>> other Makefiles but is still active for BSD installs.
>>
>> Maybe we'll be able to update the version in OpenBSD'd ports, too...
>
> There is no particular reason I can think of. I think it was removed
> from the other ones when we made DEFAULT_MAXCONN configurable, but since
> I don't build for BSD anymore, I did not notice it.
>
> Regards,
> Willy
>
>

Re: Makefile.bsd'd SYSTEM_MAXCONN=1024 ?

2011-09-26 Thread carlo flores 
I'm seeing this in and playing with 1.4.18, by the way.

Thanks!

On Mon, Sep 26, 2011 at 4:18 PM, carlo flores  wrote:

> Just wondering if this is enabled in Makefile.bsd for a particular reason?
>  We're building automated installers and noticed it is commented out in
> other Makefiles but is still active for BSD installs.
>
> Maybe we'll be able to update the version in OpenBSD'd ports, too...
>
> Thanks!
>

Makefile.bsd'd SYSTEM_MAXCONN=1024 ?

2011-09-26 Thread carlo flores 
Just wondering if this is enabled in Makefile.bsd for a particular reason?
 We're building automated installers and noticed it is commented out in
other Makefiles but is still active for BSD installs.

Maybe we'll be able to update the version in OpenBSD'd ports, too...

Thanks!

Re: Haproxy notifications

2011-09-24 Thread carlo flores 
Hey Ibrahim.  Continued on your GitHub issue!

On Sat, Sep 24, 2011 at 1:25 AM, İbrahim Ercan
wrote:

> Hi Carlo, I tried to install it but i got that error when run it.
>
> -# service haproxyctl "show health"
> /etc/init.d/haproxyctl:17:in `require': no such file to load -- haproxyctl
> (LoadError)
> from /etc/init.d/haproxyctl:17
>
>
>
> On 22 September 2011 21:42, carlo flores  wrote:
>
>> Here's an HAProxy ctl/init script that includes Nagios and Cloudkick
>> checks (to the UNIX socket and lsof listeners) to go with the regular
>> start/stop/init stuff: https://github.com/flores/haproxyctl
>>
>> The advantage of using a wrapper around the UNIX socket is you can also
>> add checks for available backends, hosts down, and so forth.  This should be
>> in addition to whatever TCP/HTTP checks that come default in any monitoring
>> solution.
>>
>> (The script above is easy to edit to add such things.)
>>
>>
>>
>>
>>
>> On Thu, Sep 22, 2011 at 10:02 AM, Ben Timby  wrote:
>>
>>> On Thu, Sep 22, 2011 at 11:30 AM, Guillaume Bourque
>>>  wrote:
>>> > option  log-health-checks
>>>
>>> :-) I took notification to mean something other than logging.
>>>
>>>
>>
>
>
> --
> *İbrahim Ercan
> * *Gsm: 0 505 608 24 37*
>

Re: Haproxy notifications

2011-09-22 Thread carlo flores 
Here's an HAProxy ctl/init script that includes Nagios and Cloudkick checks
(to the UNIX socket and lsof listeners) to go with the regular
start/stop/init stuff: https://github.com/flores/haproxyctl

The advantage of using a wrapper around the UNIX socket is you can also add
checks for available backends, hosts down, and so forth.  This should be in
addition to whatever TCP/HTTP checks that come default in any monitoring
solution.

(The script above is easy to edit to add such things.)




On Thu, Sep 22, 2011 at 10:02 AM, Ben Timby  wrote:

> On Thu, Sep 22, 2011 at 11:30 AM, Guillaume Bourque
>  wrote:
> > option  log-health-checks
>
> :-) I took notification to mean something other than logging.
>
>

What do you think about Zed Shaw / Mongrel2's "SuperPoll"?

2011-08-04 Thread carlo flores 
Hey Willy, all.

We are playing with Mongrel2 and found this post from Zed interesting and --
for myself -- surprising: http://sheddingbikes.com/posts/1280829388.html

Have you had a chance to read, think about, or respond to it with regards to
poll vs epoll in HAProxy versus the number of active and total connections?

Thanks!

Re: 5000 CPS for haproxy

2011-08-02 Thread carlo flores 
This is true; however, in application your first concern with the
infrastructure is the first bottleneck, and (frankly) in many archotectures
it's probably not (properly tuned) HAProxy. That's all I'm saying and again
I understand why that's not relevant. I hope others on this list understand
why I mention this when folks talk of benchmarks.

We are not yet ready to release our benchmark examples. This is Ops' (my)
fault. We will, however, release them under our public repositories at
https://github.com/borderstylo.

On Tuesday, August 2, 2011, Baptiste  wrote:
> Hi Carlo,
>
> Before testing the application itself, you must first test the
infrastructure ;)
> Once you know how much your infrastructure can deliver, then your
> bench makes sense.
> This is a step by step method, from the lower layer to the higher one.
>
> Before testing your application in a virtualized environment, you
> should bench it on physical servers.
> Because on a virtualized environment, you're sharing resources with
> anybody and the behavior may be odd under "heavy" load.
>
> By the way, do you have a few ruby examples, I'm interested by your
> way of testing applications.
> Long time ago, I used perl and libwww.
>
> cheers :)
>
>
> On Tue, Aug 2, 2011 at 9:08 AM, carlo flores  wrote:
>> To add to this is a great automated tool and ideas from The Chicago
Tribune
>> called Bees With Machine Guns, which spins up n AWS micro instances to
push
>> traffic to the target server.
>>
>> https://github.com/newsapps/beeswithmachineguns
>>
>> My CTO makes the argument that connections/s or sessions/s don't mean
much
>> unless those sessions are testing realistic user traffic (which tests the
>> application/database/etc). This is not the methodology you're using to
test
>> HAProxy, of course, but it is something I think about enough that I feel
>> obligated to type about it.  If you care, we do this with Ruby's Net:HTTP
>> libraries making specific calls on existing sessions to our RESTful
servers,
>> and those calls are built on random but real user data.
>>
>>
>> On Monday, August 1, 2011, Willy Tarreau  wrote:
>>> Hello,
>>>
>>> On Mon, Aug 01, 2011 at 07:00:37PM +0530, appasaheb bagali wrote:
>>>> hello,
>>>>
>>>> we have deployed the Haproxy on amazon cloud.
>>>>
>>>> its working fine we would like to do testing  5000 CPS .
>>>> Please suggest the way to test
>>>
>>> There are various tools for that. The principle is that you should
>>> start some dummy servers on other instances (or at least fast static
>>> servers such as nginx), and run injection tools on other instances.
>>> Such tools might be httperf, ab, inject or any such thing. You will
>>> then configure your haproxy to forward to the dummy servers and will
>>> send your injectors' requests to haproxy. The tools will tell you
>>> the data rate, connection rate, etc... You're encouraged to enable
>>> the stats page on haproxy so that you can check rates and errors in
>>> live.
>>>
>>> In general, for 5k CPS, you need a bit of system tuning, because most
>>> Linux distros come with a conntrack setting which is only valid for a
>>> desktop usage but not for a server usage, so the traffic will suddenly
>>> stop after a few seconds. Or better, simply disable the module.
>>>
>>> Also, it is important that you have at least two machines for the
>>> servers and at least two for the clients, because in such environments,
>>> you have no visibility on anything, and it's quite common that some VMs
>>> are struggling or that some network paths are saturated. If you see that
>>> two servers behave differently, at least it's easier to spot where the
>>> problem is.
>>>
>>> Regards,
>>> Willy
>>>
>>>
>>>
>

Re: 5000 CPS for haproxy

2011-08-02 Thread carlo flores 
To add to this is a great automated tool and ideas from The Chicago Tribune
called Bees With Machine Guns, which spins up n AWS micro instances to push
traffic to the target server.

https://github.com/newsapps/beeswithmachineguns

My CTO makes the argument that connections/s or sessions/s don't mean much
unless those sessions are testing realistic user traffic (which tests the
application/database/etc). This is not the methodology you're using to test
HAProxy, of course, but it is something I think about enough that I feel
obligated to type about it.  If you care, we do this with Ruby's Net:HTTP
libraries making specific calls on existing sessions to our RESTful servers,
and those calls are built on random but real user data.


On Monday, August 1, 2011, Willy Tarreau  wrote:
> Hello,
>
> On Mon, Aug 01, 2011 at 07:00:37PM +0530, appasaheb bagali wrote:
>> hello,
>>
>> we have deployed the Haproxy on amazon cloud.
>>
>> its working fine we would like to do testing  5000 CPS .
>> Please suggest the way to test
>
> There are various tools for that. The principle is that you should
> start some dummy servers on other instances (or at least fast static
> servers such as nginx), and run injection tools on other instances.
> Such tools might be httperf, ab, inject or any such thing. You will
> then configure your haproxy to forward to the dummy servers and will
> send your injectors' requests to haproxy. The tools will tell you
> the data rate, connection rate, etc... You're encouraged to enable
> the stats page on haproxy so that you can check rates and errors in
> live.
>
> In general, for 5k CPS, you need a bit of system tuning, because most
> Linux distros come with a conntrack setting which is only valid for a
> desktop usage but not for a server usage, so the traffic will suddenly
> stop after a few seconds. Or better, simply disable the module.
>
> Also, it is important that you have at least two machines for the
> servers and at least two for the clients, because in such environments,
> you have no visibility on anything, and it's quite common that some VMs
> are struggling or that some network paths are saturated. If you see that
> two servers behave differently, at least it's easier to spot where the
> problem is.
>
> Regards,
> Willy
>
>
>

Re: Increasing amount of spam on the mailing list

2011-07-25 Thread carlo flores 
I love the suggestion and offer to administrate the mail list (and I too
volunteer), but, ultimately: whatever. SPAM is part of most any list and the
more time the guys spend on one of the best pieces of software in the world,
the better. I happily skip these messages in hopes Willy Cyril and the guys
never care about wasting their time with mailman and postgix plugins or
whatever this list uses.

On Monday, July 25, 2011, Karl Kloppenborg  wrote:
> Whilst I agree that you can filter, it's not exactly responsible that the
> mailinglist have this many viral infections running across it...
>
>
> Karl Kloppenborg
> Head of Development
> Phone: 1300 884 839 (AU Only - Business Hours)
> Website: AU http://www.crucial.com.au | US http://www.crucialp.com
>
>
>
> -Original Message-
> From: Allan Wind [mailto:allan_w...@lifeintegrity.com]
> Sent: Tuesday, 26 July 2011 10:34 AM
> To: haproxy@formilux.org
> Subject: Re: Increasing amount of spam on the mailing list
>
> On 2011-07-26 09:25:42, Karl Kloppenborg wrote:
>> Surely, like surely you don't need an entirely open mailinglist, it's so
>> easy to implement a verification of identity confirmation these days?
>
> I filter spam so the main problem I see is bounce messages which
> are sent to the list for some strange reason.  Noted this a few
> months back.
>
>
> /Allan
> --
> Allan Wind
> Life Integrity, LLC
> 
>
>
>

Re: nice wiki doc of haproxy

2011-06-15 Thread carlo flores 
Looks trivial to fork this and turn the regex.txt into a script.  I'm up for
taking that once we have free cycles at work (couple days max).

https://github.com/tmslnz/HAProxy_Markdown

On Wed, Jun 15, 2011 at 1:12 PM, Willy Tarreau  wrote:

> On Wed, Jun 15, 2011 at 06:43:14PM +0530, shreyas pandya wrote:
> > There is a nice wiki doc on haproxy configuration at
> > http://code.google.com/p/haproxy-docs/
> > I m sharing this because i didn't see it's mention on main site
> > http://haproxy.1wt.eu/
> >
> > it's easy to read than original txt doc
>
> Yes, this one is really nice. However it seems it was converted by
> hand, and as anything converted by hand, it eventually dies by lack
> of time.
>
> What we need is an automatic converter for various formats. Some very
> nice conversions were posted something like one year ago, which were
> almost automatic but unfortunately nobody had time to takeover the
> project and continue on this work.
>
> Regards,
> Willy
>
>
>

Re: Rate Limiting Blog Link

2011-04-19 Thread carlo flores 
Hey Bradford.

Have you considered doing this with iptables (Linux) or pf (BSD)?  You'll
want to use port 443 for your HTTPs problem, of course...

http://codingfreak.blogspot.com/2010/01/iptables-rate-limit-incoming.html

But be wary of NATs and such, especially if you have a high traffic site.
 For example, our shop was hit by many connections at a university that
triggered our alerts (just a scripted sort of IPs into the HAProxy front
ends via Netstat) that we suspected a DDoS attack.  Turns out we just got
popular behind this NAT.

regards!
Carlo

On Tue, Apr 19, 2011 at 4:12 PM, bradford  wrote:

> My whole concern is simplifying the rate limiting process and being able to
> have it work with https traffic (where it's not susceptible to spoofing).
> Can HAProxy do the latter without its own HTTPS implementation?
>
> Thanks for the tip and the post, Kyle.
>
> Bradford
>
>
> On Tue, Apr 19, 2011 at 11:38 AM, Kyle Brandt wrote:
>
>> Hi Bradford,
>>
>> To send to violators to a different backend, based of the example I used
>> in that post you want something like:
>>
>> In Frontend:
>> use_backend go-away if source_is_abuser
>>
>> Then a backend like:
>> backend go-away
>> mode http
>> errorfile 503 /etc/haproxy/errors/503rate.http
>>
>> Not sure off hand how to make it work with a reserved word however, hope
>> this helps.
>> -Kyle
>>
>> On Tue, Apr 12, 2011 at 9:37 AM, bradford  wrote:
>>
>>> Excellent point, Jonathan.  So, would having HAProxy support/implement
>>> HTTPS be the only way to allow HTTPS rate limiting (in HTTPS only and HTTP
>>> and HTTPS mixed environments)?
>>>
>>> As for my other point.  Have you looked at the sample configuration on 
>>> http://blog.serverfault.com/post/101649187use_backend
>>> go-away if source_is_abuser3/
>>>
>>>
>>> It's a lot of configuration.  And in that post it even describes part of
>>> the configuration as "more cryptic but is not too complicated."  I don't
>>> know many people who could configure their server to do rate limiting
>>> without that blog post (and just the documentation).  Moreover, if you took
>>> over a project and saw this configuration, it'd take you a bit to figure out
>>> what's going on.  There are also statements in that post such as "the expire
>>> argument is how long to keep an entry in the table (In this case it just
>>> needs to be twice the length of the longest rate argument for a smoothed
>>> average). The time arguments for connection rate and bytes out rate are how
>>> long to calculate the average over."
>>>
>>> I just want a rate-limit reserved word that allows me to control
>>> connection rate / second (and bytes out rate), where i can send to some
>>> additional backend if violated.
>>>
>>>
>>> On Mon, Apr 11, 2011 at 5:47 AM, Jonathan Matthews <
>>> cont...@jpluscplusm.com> wrote:
>>>
 On 6 April 2011 16:42, bradford  wrote:
 > Also, in a previous email I mentioned something about
 > X-Forwarded-For IP addresses being comma delimited.  This table would
 have
 > to take that into consideration, I guess.

 No it shouldn't.
 If you rate-limit based on information that you find in the XFF header
 you allow malicious users to

 a) bypass the rate-limit by faking up different XFF headers each time or
 b) DoS legitimate users by faking up the same, matching, XFF header
 each time and letting haproxy do the DoS for them

 Also, above and beyond "I haven't understood it yet", the rest of your
 email was rather light on *detail*. If other people are comprehending
 and happily using the functionality based on the existing config
 requirements and documentation, then perhaps the flaw doesn't lie with
 the config and/or documentation.

 My 2-pence,
 Jonathan
 --
 Jonathan Matthews
 London, UK
 http://www.jpluscplusm.com/contact.html


>>>
>>
>

Re: Apache error log problem

2011-04-07 Thread carlo flores 
Hey Greg.  You're welcome!

Only for clarity, rpaf is enabled?

l:~# a2enmod rpaf
Module rpaf already enabled
l:~# ls /etc/apache2/mods-enabled |grep rpaf
rpaf.conf
rpaf.load

Also for clarity, that RPAFproxy_ips have to match the proxy host
(HAProxy).  For example, check out what happens when I change the ip
here.  (HAProxy is on localhost/127.0.0.1 on this test box):

l:~# vim /etc/apache2/mods-enabled/rpaf.conf
l:~# cat /etc/apache2/mods-enabled/rpaf.conf

RPAFenable On
RPAFsethostname On
RPAFproxy_ips 127.0.0.2

l:~# /etc/init.d/apache2 restart
Restarting web server: apache2
 ... waiting apache2:
l:~# tail -f /var/log/apache2/error.log

[Thu Apr 07 13:33:35 2011] [error] [client 77.211.205.178] File does
not exist: /var/www/res/]||!o.support.htmlSerialize&&[1,
[Thu Apr 07 13:34:59 2011] [error] [client 93.158.148.31] File does
not exist: /var/www/drop_calc_v2/robots.txt
[Thu Apr 07 14:37:14 2011] [notice] caught SIGTERM, shutting down
[Thu Apr 07 14:37:15 2011] [notice] Apache/2.2.17 (Debian) PHP/5.3.6-7
with Suhosin-Patch mod_perl/2.0.4 Perl/v5.10.1 configured -- resuming
normal operations
# after restart with wrong proxyip...
[Thu Apr 07 14:37:50 2011] [error] [client 127.0.0.1] File does not
exist: /var/www/ei/asdasd

Elsewise, rpaf won't go through the trouble of finding the last
X-Forwarded-For header.

On Thu, Apr 7, 2011 at 1:51 PM, Greg Connolly  wrote:
> Thanks for the quick reply, all that you pointed out is in place but this no 
> joy.
>
>
> # dpkg -l | grep -i rpaf
> ii  libapache2-mod-rpaf                 0.5-3                      module for 
> Apache2 which takes the last IP from the 'X-Forward
> # cat /etc/apache2/mods-available/rpaf.conf
> 
> RPAFenable On
> RPAFsethostname On
> RPAFproxy_ips 127.0.0.1
> 
>
> # tail /vat/log/apache/error.log
> [Thu Apr 07 13:45:21 2011] [error] [client my.proxy.ip] File does not exist:  
> /var/www/asdasdsadasdasdsad
>
> Any more ideas? B^>
>
> Thanks Greg
>
> -Original Message-
> From: carlo flores [mailto:ca...@petalphile.com]
> Sent: Thursday, April 07, 2011 12:27 PM
> To: Greg Connolly
> Subject: Re: Apache error log problem
>
> We've been aggravated by this as well: LogFormat seemingly only works on 
> access logs and not error log.  Is it possible to install mod-rpaf?
>  This is in Debian stable (libapache2-mod-rpaf), as a for-example of its 
> availability, and after stating the Proxy's IP will grab the X-Forwarded-For.
>
> l:/etc/apache2# dpkg -l |grep -i rpaf
> ii  libapache2-mod-rpaf              0.5-3
> module for Apache2 which takes the last IP from the 'X-Forwarded-For'
> header
> l:/etc/apache2# cat mods-enabled/rpaf.conf  RPAFenable 
> On RPAFsethostname On RPAFproxy_ips 127.0.0.1  l:/etc/apache2# 
> tail -1 /var/log/apache2/error.log [Thu Apr 07 12:25:55 2011] [error] [client 
> my.re.al.ip] File does not
> exist: /var/www/asdasdsadasdasdsad
>
>
>
> On Thu, Apr 7, 2011 at 11:44 AM, Greg Connolly  wrote:
>> I’m having an issue getting the apache error logs to receive the
>> client ip’s. the proxy ip is the only one showing up. I have the
>> apache access log working using the forward-for but not the error
>> logs. Can anyone shed most light in this issue? Here is the current 
>> configuration.
>>
>>
>>
>> Apache2.conf
>>
>>
>>
>> LogFormat "%v:%p %{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\"
>> \"%{User-Agent}i\"" vhost_combined
>>
>> LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\"
>> \"%{User-Agent}i\"" combined
>>
>> LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common
>>
>> LogFormat "%{Referer}i -> %U" referer
>>
>> LogFormat "%{User-agent}i" agent
>>
>>
>>
>> Haproxy.cfg
>>
>>
>>
>> listen Test01 10.1.8.52:80
>>
>>    mode http
>>
>>    maxconn 1000
>>
>>    balance roundrobin
>>
>>    cookie JSESSIONID prefix
>>
>>    option httplog
>>
>>    option httpclose
>>
>>    option forwardfor except 10.0.0.0/16
>>
>>    option httpchk HEAD /haproxy_check.txt HTTP/1.0
>>
>>    stick-table type ip size 200k expire 18m
>>
>>    stick on src
>>
>>    server 10.1.109.52 10.1.109.52:80 weight 60 cookie B check
>>
>>    server 10.1.108.52 10.1.108.52:80 weight 40 cookie A check
>>
>>
>>
>> Thanks Greg
>
>

Re: Marking servers disabled-by-default (until checks return)

2011-04-05 Thread carlo flores 
Hey Charles.  This may be totally jank for you, but works for us in a
different scenario.  It's really just a loop to match a server name to
a backend name, and the EXCEPT flag can be toggled:

https://gist.github.com/904958

https://github.com/flores/haproxyctl

Perhaps you'll find it useful...

carlo

On Thu, Mar 24, 2011 at 1:09 PM, Willy Tarreau  wrote:
> Hi Charles,
>
> On Thu, Mar 24, 2011 at 05:14:09PM +, Charles Duffy wrote:
>> Howdy!
>>
>> I'm using HAProxy in TCP mode to redirect traffic to my database servers,
>> with a HTTP check to filter for servers appropriate to each pool -- a
>> master pool (of only one server, the identity of which may change on
>> failover events), a pool for slaves not more than 30 seconds out of date,
>> a pool for servers not more than 10 minutes out of date, etc.
>>
>> The problem I have here is that on startup or restart, all servers are
>> briefly considered eligible candidates for the master pool until the
>> layer 7 checks come back. This is not acceptable for my use case -- I
>> need to be able to flag all servers expected to be slaves as down-by-
>> default in this backend (or have all checks assumed to be "down" until
>> determined otherwise, such that traffic goes to the backup pool).
>>
>> Does HAProxy currently have an appropriate mechanism for this?
>
> Ideally we should be able to decide whether the servers start up or down
> until the check returns a verdict.
>
> Right now you can at least specify "disabled" on each server line. The
> server will not even be checked, so you'll be able to do what you want
> with it. Once you've finished, you connect to the stats socket and enter
> "enable server XXX" and the checks will start again. Alternatively, you
> can enable them from the stats interface. Obviously this requires a stats
> socket or interface in admin mode.
>
> Hoping this helps,
> Willy
>
>
>

Re: TCP proxy capabilities

2011-03-14 Thread carlo flores 
Hi Guy,

If you only want HAProxy to queue connections and not send that immediate
"ok" any longer, check out how these folks are doing it to queue to MySQL.
http://flavio.tordini.org/a-more-stable-mysql-with-haproxy/comment-page-1

On Mon, Mar 14, 2011 at 5:15 PM, g...@desgames.com  wrote:

> Actually, I should clarify something. We don't really actually want the
> 'black hole' situation I described - instead, what we want is for haproxy to
> accept and queue the messages that come in from the requesting server, but
> to still deliver them when a backend server becomes available. In this way,
> the requesting process can continue executing and not having to wait for a
> response. Obviously, we intend to do this only for async type calls.
>
>
> On Mon, Mar 14, 2011 at 4:52 PM, g...@desgames.com wrote:
>
>> Hi,
>>
>> We have a tcp service we'd like to proxy requests to, and we were
>> investigating haproxy as a possible solution for our requirements. So far,
>> it doesn't seem like haproxy is suitable but I thought I'd run it by the
>> community to confirm what I understand to be the case.
>>
>> What we want is a proxy that will accept tcp connections on a specific
>> port and always send a tcp 'ok' response to the requesting process whether
>> or not there is a backend server available. If a backend server (we only
>> plan on having one at the moment) is available then we want the request
>> passed transparently through to the backend server. If the backend server is
>> *not* available, then we want haproxy to operate as a kind of 'black hole',
>> and just accept whatever is sent to it, dumping it to the equivalent of
>> /dev/null. Basically, acting as an equivalent of the backend server.
>>
>> Is the above possible with haproxy? Based on what I've read in the
>> configuration documentation, the answer is no. However, there are a *lot* of
>> options in there so I thought perhaps there's some obscure setting which
>> would allow this to work.
>>
>> Alternatively, does anyone know of a utility that could do what we want?
>>
>> Thanks,
>> Guy
>>
>
>
>
> --
> Guy Knights
> Systems Administrator
> DES Games
> www.desgames.com
> g...@desgames.com
>

Re: Configuration API?

2011-02-06 Thread carlo flores 
Your last suggestion is what are suits call auto-scaling, and the idea of
doing that with HAProxy is really appealing and would be a big plus for us.


As a test tomorrow with 1.4.10/stable idea, let's say a pool of 10 servers
had two servers with zero weight, and a script watching the unix socket set
their weight proportionate to the rest if a) the leastconn queue size was
past some threshold or b) too many servers have gone unavailable.  What do
you think?


On Sun, Feb 6, 2011 at 10:18 PM, Willy Tarreau  wrote:

> Hi Joel,
>
> On Fri, Feb 04, 2011 at 03:04:40PM -0800, Joel Krauska wrote:
> > Awesome - This is a great start.
> >
> > Putting a server in backup or primary mode would be a nice addition.
>
> Do you have an example of what purpose it would serve ? I'm asking
> because it's not very easy to implement with table-based algorithms,
> since the size of the table is determined by the GCD of all active
> servers' weights. Thus adding a new server will change the size of
> the table.
>
> It's also a feature I've never seen on other products either, which
> makes be doubt about its usefulness.
>
> What I'd like to implement however is the notion of spare servers,
> servers which are activated only above a certain load or when too
> many servers were lost. Maybe this is in fact what you're looking
> for ?
>
> > Adding new servers would also be nice, but that's likely to be a harder
> > project.
>
> Yes, it was already proposed but there are quite a number of structural
> issues. This as simple as file descriptors to check the servers, and
> table size for load balancing come to mind. I'd really prefer that we
> spend our time working on a hot reconfiguration (which will bring this
> benefit) than on border-line features that are supposed to work around
> the lack of hot reconf.
>
> Regards,
> Willy
>
>
>

Re: Configuration API?

2011-02-04 Thread carlo flores 
As an example, our shop extends your wish list with the ability to pull
stats from the UNIX socket and trigger alerts via Nagios or Cloudkick ass we
need.  If you want it, easy to add whatever you need to a fork of this.
 We'll commit it back in: https://github.com/flores/haproxyctl

I believe you can only enable or disable already configured servers in your
pool.  A way around this could be to set disabled servers to some floating
ip address/dns you assign to new servers.  Still limited by the number of
preconfigured ips/dns records of course.

Maybe there's a better way...

On Fri, Feb 4, 2011 at 12:46 PM, John Marrett  wrote:

> Check out section "9.2. Unix Socket commands"
>
> http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
>
> -JohnF
>
>
> On 11-02-04 03:40 PM, Joel Krauska wrote:
>
>> Has there ever been effort in building out a configuration API for
>> HAProxy?
>>
>> It would be nice to be able to tweak configs externally to do things.
>> (simpler things now, but obviously being able to tweak /ANY/ config
>> parameter might be nice down the road)
>>
>> My wish list:
>>  - put a server in backup mode or primary node as needed
>>  - raise or lower a server weight
>>  - add a new server to an existing pool
>>
>> How do other folks do this in a programmatic fashion?
>> (just adjust config files and HUP?)
>>
>> --Joel
>>
>>
>
>

Re: Error during Apache AB benchmarking test -- HAProxy

2011-02-03 Thread carlo flores 
I've never seen this on one of our HAProxy benchmarks.  We usually use siege
and our own application (also testing the HTTP applications/user behavior).

For clarity, you do not see timeouts when going direct to, say, nginx
serving "hi" on port 80?  I ask because maybe this is really a ulimit or
kernel tuning thing or a haproxy.cfg maxconn thing behind a slow
application.

On Thu, Feb 3, 2011 at 7:43 PM, Amol  wrote:

> i was running some simple benchmarking tests for apache webservers using HA
> proxy as the load balancer and i am getting this error when i increase the
> load on the servers
>
> ab -n 1 -c 100 http:/x
> apr_socket_recv: Connection timed out (110)
>
>
> ab -n 1 -c 10 http:/x
> Benchmarking load.iformbuilder.com (be patient)
> Completed 1000 requests
> Completed 2000 requests
> Completed 3000 requests
> apr_socket_recv: Connection timed out (110)
> Total of 3867 requests completed
>
> any one has seen this before on the webservers?
>
> Regards
>
>
>

Re: haproxy installation

2011-01-04 Thread carlo flores 
Try this guy as a test, Gorakhnath?  ( I suspect either user haproxy cannot
bind that port or -- maybe more likely? -- that the listening ip is
incorrect)

# cat /etc/haproxy.cfg.quicktest
global
log 127.0.0.1   local0
log 127.0.0.1   local1 notice
#log loghostlocal0 info
maxconn 4096
#debug
#quiet
#user haproxy
#group haproxy

defaults
log global
modehttp
option  httplog
option  dontlognull
retries 3
option redispatch
maxconn 2000
contimeout  5000
clitimeout  5
srvtimeout  5
listen webfarm
   bind :80
   mode http
   stats enable
   stats auth jhon:x
   balance roundrobin
   cookie JSESSIONID prefix
   option httpclose
   option forwardfor
   option httpchk HEAD /check.txt HTTP/1.0
   server webA 192.168.1.34:80 cookie A check
  server webB 192.168.1.41:80 cookie B check

Then

# haproxy -f /etc/haproxy.cfg.quicktest

Double checking the interface is good if the above does not work:

# ip addr

regards!
Carlo

On Tue, Jan 4, 2011 at 4:45 PM, Gorakhnath Mishra <
gorakhnath.mis...@netmagicsolutions.com> wrote:

>  Hi,
>
> I am using CentOS 5.5(32 bit)
>
> Details:
> [r...@gnm haproxy-1.3.20]# ps aux|grep httpd
> root  8077  0.0  0.0   4000   680 pts/3S+   06:12   0:00 grep httpd
> [r...@gnm haproxy-1.3.20]# ps aux|grep haproxy
> root  8080  0.0  0.0   4000   680 pts/3S+   06:12   0:00 grep
> haproxy
> [r...@gnm haproxy-1.3.20]# cat /etc/haproxy.cfg
> global
> log 127.0.0.1   local0
> log 127.0.0.1   local1 notice
> #log loghostlocal0 info
> maxconn 4096
> #debug
> #quiet
> user haproxy
> group haproxy
>
> defaults
> log global
> modehttp
> option  httplog
> option  dontlognull
> retries 3
> option redispatch
> maxconn 2000
> contimeout  5000
> clitimeout  5
> srvtimeout  5
> listen webfarm 192.168.1.99:80
>mode http
>stats enable
>stats auth jhon:x
>balance roundrobin
>cookie JSESSIONID prefix
>option httpclose
>option forwardfor
>option httpchk HEAD /check.txt HTTP/1.0
> server webA 192.168.1.34:80 cookie A check
> server webB 192.168.1.41:80 cookie B check
>
> In my case both the server does not up right now.
>
> Thanks
>
>
>
> On 05-01-2011 06:10, Karl Kloppenborg wrote:
>
> Gorakhnath,
>
>  That won't help you, you need to know your config file and know which
> port haproxy is supposed to be connecting on,
>
>  Also, do the following please:
>
>  ps aux | grep httpd
>
>  ps aux | grep haproxy
>
>  and please output each of them to this list, as well please provide your
> config and what operating system your using...
>
>  Thanks.
>
>   *Karl Kloppenborg*
> Head of Development
> *Phone:* 1300 884 839 *(AU Only - Business Hours)*
> *Website:* AU http://www.crucial.com.au| US http://www.crucialp.com
>
>
>  On 05/01/2011, at 11:35, Gorakhnath Mishra wrote:
>
>  Hi,
>
> Thanks for quick response and help.
>
> [r...@gnm network-scripts]# netstat -ano |grep :80
> [r...@gnm network-scripts]# /etc/init.d/haproxy restart
> Shutting down HAproxy: [FAILED]
> Starting HAproxy: [ALERT] 004/060455 (8011) : Starting proxy webfarm:
> cannot bind socket
>[FAILED]
>
> Thanks
>
>
> On 05-01-2011 06:00, carlo flores wrote:
>
> Same line of thought: perhaps there's a process already running listening
> on your target port.  I'd suggest you do a netstat or lsof to see if Karl is
> right and it is an old HAProxy.  (Just as likely to be another process.)
>
>  For example, if HAProxy is to listen on port 80...
>
>  # netstat -ano |grep :80
>
>
>  On Tue, Jan 4, 2011 at 4:26 PM, Karl Kloppenborg wrote:
>
>> Hi,
>>
>>  Okay, that is basically caused when you have the socket still binded
>> after shutdown...
>>
>>  What user are you running haproxy under? also, can you give us an idea
>> of your cluster setup? operating system etc?
>>
>>  You cannot bind to an already binded socket, so it will collapse when
>> this error occurs.
>>
>>  --Karl
>>
>>  On 05/01/2011, at 11:22, Gorakhnath Mishra wrote:
>>
>>   Hi,
>>
>> Actually I was getting below error:
>>
>> Shutting down HAproxy: [FAILED]
&

Re: haproxy installation

2011-01-04 Thread carlo flores 
Same line of thought: perhaps there's a process already running listening on
your target port.  I'd suggest you do a netstat or lsof to see if Karl is
right and it is an old HAProxy.  (Just as likely to be another process.)

For example, if HAProxy is to listen on port 80...

# netstat -ano |grep :80


On Tue, Jan 4, 2011 at 4:26 PM, Karl Kloppenborg  wrote:

> Hi,
>
> Okay, that is basically caused when you have the socket still binded after
> shutdown...
>
> What user are you running haproxy under? also, can you give us an idea of
> your cluster setup? operating system etc?
>
> You cannot bind to an already binded socket, so it will collapse when this
> error occurs.
>
> --Karl
>
> On 05/01/2011, at 11:22, Gorakhnath Mishra wrote:
>
>  Hi,
>
> Actually I was getting below error:
>
> Shutting down HAproxy: [FAILED]
> Starting HAproxy: [ALERT] 004/053031 (7134) : Starting proxy webfarm:
> cannot bind socket
>[FAILED]
> [r...@gnm network-scripts]#
>
> Trying to resolve but I will be thankful to u if u give me tips on this.
>
> Thanks.
>
>
> On 05-01-2011 05:46, Karl Kloppenborg wrote:
>
> Hi Gorakhnath,
>
>  Have you even read the documentation?
>
>  It is very clear and precise about the prerequisites ...
>
>  Also as for a howto? why not just search google, or even howtoforge.com?
>
>
>  Thanks,
> Karl.
>
>
>   *Karl Kloppenborg*
> Head of Development
> *Phone:* 1300 884 839 *(AU Only - Business Hours)*
> *Website:* AU http://www.crucial.com.au| US http://www.crucialp.com
>
> 
>
>  On 05/01/2011, at 11:11, Gorakhnath Mishra wrote:
>
>  Hi,
>
> Can sombody give me notes/howto on haproxy and
> what are the prerequisite etc.
>
> Thanks
> Gorakhnath Mishra
>
>
>
>
>
> --
>  CAUTION - Disclaimer *
> This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended
> solely
> for the use of the addressee(s). If you are not the intended recipient,
> please
> notify the sender by e-mail and delete the original message. Further, you
> are
> not to copy, disclose, or distribute this e-mail or its contents to any
> other
> person and any such actions are unlawful. This e-mail may contain viruses.
> Netmagic Solutions Pvt. Ltd. has taken every reasonable precaution to
> minimize
> this risk, but is not liable for any damage you may sustain as a result of
> any
> virus in this e-mail. You should carry out your own virus checks before
> opening the e-mail or attachment. Netmagic Solutions Pvt. Ltd. reserves the
> right to monitor and review the content of all messages sent to or from
> this
> e-mail address.
>
> Messages sent to or from this e-mail address may be stored on the Netmagic
> Solutions Pvt. Ltd.'s e-mail system.
> * End of Disclaimer ***
>
>
>
>
>
>
>
> --
>  CAUTION - Disclaimer * This e-mail
> contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use
> of the addressee(s). If you are not the intended recipient, please notify
> the sender by e-mail and delete the original message. Further, you are not
> to copy, disclose, or distribute this e-mail or its contents to any other
> person and any such actions are unlawful. This e-mail may contain viruses.
> Netmagic Solutions Pvt. Ltd. has taken every reasonable precaution to
> minimize this risk, but is not liable for any damage you may sustain as a
> result of any virus in this e-mail. You should carry out your own virus
> checks before opening the e-mail or attachment. Netmagic Solutions Pvt. Ltd.
> reserves the right to monitor and review the content of all messages sent to
> or from this e-mail address. Messages sent to or from this e-mail address
> may be stored on the Netmagic Solutions Pvt. Ltd.'s e-mail system.
> * End of Disclaimer ***
>
>
>
>

Re: stunnel patch updates

2010-12-08 Thread carlo flores 
Thank you Cyril and bartavelle!

On Wed, Dec 8, 2010 at 3:24 PM, Willy Tarreau  wrote:

> Hi guys,
>
> On Wed, Dec 08, 2010 at 07:54:19PM +0100, Cyril Bonté wrote:
> > Le mercredi 8 décembre 2010 13:11:10, Craig a écrit :
> > > Am 06.12.2010 22:31, Cyril Bonté wrote:
> > > > I don't know if you still need them, but as I'll also need them soon,
> > > > I've rediffed both patches.
> > > >
> > > > You'll find in attachment :
> > > > - stunnel-4.34-listen-queue.diff
> > > > - stunnel-4.34-xforwared-for.diff
> > > >
> > > > Hope this helps.
> > >
> > > Thanks from me, too! I think we still need the patches until 1.5 is
> > > stable and included in linux distributions.
> > >
> > > Willy, can you put them on the haproxy page?
> >
> > Just notice that I forgot to cleanup my working directory for the
> listen-queue
> > patch :-/
> > It's not a problem when applying the patch but prototypes.h~ and
> stunnel.c~
> > lines should be removed from the file.
>
> OK, thanks Cyril. I'll try to update that tomorrow or this week-end.
>
> Cheers,
> Willy
>
>
>

HAProxy init and stats socket script

2010-12-02 Thread carlo flores 
Hi folks.

For our company's convenience, we prefer to have our HAProxy unit
script also allow us to talk to the stats socket.  We also do a couple
other things, like show connections with a "status" argument. Perhaps
you can use it too.

Code and readme here: https://github.com/flores/haproxyctl

A copy of that readme with examples is below. Note you need to enclose
something like "show sess" (spaces) in quotes.   Suggestions or
requests for features is appreciated!

-

Simple wrapper to make life with HAProxy a little more convenient.  It talks to
or creates the stats socket and pid file, and doubles as an init script for
those folks who installed haproxy from source.

Here's a blog post about the inspiration for it:
http://borderstylo.com/posts/228-haproxy-the-quick-and-the-dirty

Examples of usage:

# ./haproxyctl
usage: ./haproxyctl 
where argument can be:
  start  : start haproxy unless it is already running
  stop   : stop an existing haproxy
  restart: restart the process
  status : is haproxy running?  on what ports per lsof?
  configcheck: check /etc/haproxy/haproxy.cfg
  cloudkick  : cloudkick.com-friendly status and metric for connected users
  clear counters : clear max statistics counters (add 'all' for all counters)
  help   : this message
  prompt : toggle interactive mode with prompt
  quit   : disconnect
  show info  : report information about the running process
  show stat  : report counters for each proxy and server
  show errors: report last request and response errors for each proxy
  show sess [id] : report the list of current sessions or dump this session
  get weight : report a server's current weight
  set weight : change a server's weight
  set timeout: change a timeout setting
  disable server : set a server in maintenance mode
  enable server  : re-enable a server that was previously in maintenance mode

# ./haproxyctl status
haproxy is running.  these ports are used and guys are connected.
*:www (LISTEN)
*:49122

# ./haproxyctl "show stat"
# 
pxname,svname,qcur,qmax,scur,smax,slim,stot,bin,bout,dreq,dresp,ereq,econ,eresp,wretr,wredis,status,weight,act,bck,chkfail,chkdown,lastchg,downtime,qlimit,pid,iid,sid,throttle,lbtot,tracked,type,rate,rate_lim,rate_max,check_status,check_code,check_duration,hrsp_1xx,hrsp_2xx,hrsp_3xx,hrsp_4xx,hrsp_5xx,hrsp_other,hanafail,req_rate,req_rate_max,req_tot,cli_abrt,srv_abrt,
http,FRONTEND,,,3,3,2000,4,1641,4353,0,0,0,OPEN,1,1,00,0,0,20,2,2,0,0,0,,0,2,4,,,
ei,guinea,0,0,0,0,,0,0,0,,0,,0,0,0,0,UP,1,1,0,0,0,28,0,,1,2,1,,0,,2,0,,0,L4OK,,0,0,0,0,0,0,0,00,0,
ei,belem,0,0,0,0,,0,0,0,,0,,0,0,0,0,UP,1,0,1,0,0,28,0,,1,2,2,,0,,2,0,,0,L4OK,,42,0,0,0,0,0,0,00,0,
ei,BACKEND,0,0,0,0,0,0,0,0,0,0,,0,0,0,0,UP,1,1,1,,0,28,0,,1,2,0,,0,,1,0,,00,0,0,0,0,0,0,0,
apache,guinea,0,0,0,0,,0,0,0,,0,,0,0,0,0,UP,1,1,0,0,0,28,0,,1,3,1,,0,,2,0,,0,L4OK,,0,0,0,0,0,0,0,00,0,
apache,belem,0,0,0,0,,0,0,0,,0,,0,0,0,0,UP,1,0,1,0,0,28,0,,1,3,2,,0,,2,0,,0,L4OK,,42,0,0,0,0,0,0,00,0,
apache,BACKEND,0,0,0,0,0,0,0,0,0,0,,0,0,0,0,UP,1,1,1,,0,28,0,,1,3,0,,0,,1,0,,00,0,0,0,0,0,0,0,
sinatra,sinatra_downoi,0,0,0,1,,1,484,3641,,0,,0,0,0,0,UP,1,1,0,0,0,28,0,,1,4,1,,1,,2,0,,1,L4OK,,46,0,1,0,0,0,0,00,0,
sinatra,sinatra_rindica,0,0,0,0,,0,0,0,,0,,0,0,0,0,UP,1,1,0,0,0,28,0,,1,4,2,,0,,2,0,,0,L4OK,,45,0,0,0,0,0,0,00,0,
sinatra,sinatra_guinea,0,0,0,0,,0,0,0,,0,,0,0,0,0,DOWN,1,1,0,0,1,2,2,,1,4,3,,0,,2,0,,0,L4CON,,0,0,0,0,0,0,0,00,0,
sinatra,BACKEND,0,0,0,1,0,1,484,3641,0,0,,0,0,0,0,UP,2,2,0,,0,28,0,,1,4,0,,1,,1,0,,10,1,0,0,0,0,0,0,
static,ngnix_downoi,0,0,0,1,,1,153,264,,0,,0,0,0,0,UP
1/2,1,1,0,0,0,28,0,,1,5,1,,1,,2,0,,1,INI,,,0,1,0,0,0,0,00,0,
static,ngnix_petite,0,0,0,1,,1,522,230,,0,,0,0,0,0,UP
1/2,1,1,0,0,0,28,0,,1,5,2,,1,,2,0,,1,INI,,,0,0,1,0,0,0,00,0,
static,ngnix_rindica,0,0,0,1,,3,0,0,,0,,0,0,2,1,UP
1/2,1,1,0,0,0,28,0,,1,5,3,,1,,2,0,,1,INI,,,0,0,0,0,0,0,00,0,
static,nginx_stellatus,0,0,0,1,,1,482,218,,0,,0,0,0,0,UP
1/2,1,1,0,0,0,28,0,,1,5,4,,1,,2,0,,1,INI,,,0,0,1,0,0,0,00,0,
static,nginx_belem,0,0,0,0,,0,0,0,,0,,0,0,0,0,UP
1/2,1,1,0,0,0,28,0,,1,5,5,,0,,2,0,,0,INI,,,0,0,0,0,0,0,00,0,
static,nginx_petite,0,0,0,0,,0,0,0,,0,,0,0,0,0,UP
1/2,1,1,0,0,0,28,0,,1,5,6,,0,,2,0,,0,INI,,,0,0,0,0,0,0,00,0,
static,apache_guinea,0,0,0,0,,0,0,0,,0,,0,0,0,0,UP
1/2,1,1,0,0,0,28,0,,1,5,7,,0,,2,0,,0,INI,,,0,0,0,0,0,0,00,0,
static,BACKEND,0,0,0,1,0,3,1157,712,0,0,,0,0,2,1,UP,7,7,0,,0,28,0,,1,5,0,,4,,1,0,,20,1,2,0,0,0,0,0,


The real magic in the script (talking to the stats socket) is under the else
case in the ARGV argument, or here: https://gist.github.com/632613

Thank you for HAProxy and a great list!
Carlo

Re: [ANNOUNCE] haproxy 1.4.9

2010-10-28 Thread Carlo Flores 
D'oh!  Thank you, Cyril!

On Thu, Oct 28, 2010 at 4:45 PM, Cyril Bonté  wrote:

> Le vendredi 29 octobre 2010 01:27:30, Carlo Flores a écrit :
> > I am especially excited about the new per-URL statistics, super
> especially
> > for the average time metric.  However, I can't use these flags with my
> > build of 1.4.9 from source.
> >
> > # /usr/local/sbin/haproxy -u -uc -ue -ut -ua -uto -uao (...)
>
> Those options are not for haproxy itself but for halog (see the directory
> contrib/halog in the sources archive) ;-)
>
> --
> Cyril Bonté
>

Re: [ANNOUNCE] haproxy 1.4.9

2010-10-28 Thread Carlo Flores 
... sorry about those broken new lines.   Here's the gist:
http://gist.github.com/652558

On Thu, Oct 28, 2010 at 4:27 PM, Carlo Flores  wrote:

> Thanks, Willy!
>
> I am especially excited about the new per-URL statistics, super especially
> for the average time metric.  However, I can't use these flags with my build
> of 1.4.9 from source.
>
> # /usr/local/sbin/haproxy -u -uc -ue -ut -ua -uto -uaoHA-Proxy version
> 1.4.9 2010/10/28
> Copyright 2000-2010 Willy Tarreau 
>
> Usage : /usr/local/sbin/haproxy [-f ]* [ -vdVD ] [ -n  ]
> [ -N  ]
> [ -p  ] [ -m  ]
> -v displays version ; -vv shows known build options.
> -d enters debug mode ; -db only disables background mode.
> -V enters verbose mode (disables quiet mode)
> -D goes daemon
> -q quiet mode : don't display messages
> -c check mode : only check config files and exit
> -n sets the maximum total # of connections (2000)
> -m limits the usable amount of memory (in MB)
> -N sets the default, per-proxy maximum # of connections (2000)
> -p writes pids of all children to this file
> -de disables epoll() usage even when available
> -ds disables speculative epoll() usage even when available
> -dp disables poll() usage even when available
> -sf/-st [pid ]* finishes/terminates old pids. Must be last
> arguments.
>
> # ### same with only -u and only -uc as sanity tests.
> # # haproxy -vvv HA-Proxy version 1.4.9 2010/10/28 Copyright
> 2000-2010 Willy Tarreau  Build options : TARGET = linux26 CPU =
> generic CC = gcc CFLAGS = -m32 -march=i386 -O2 -g OPTIONS = USE_PCRE=1
> Default settings : maxconn = 2000, bufsize = 16384, maxrewrite = 8192,
> maxpollevents = 200 Encrypted password support via crypt(3): yes Available
> polling systems : sepoll : pref=400, test result OK epoll : pref=300, test
> result OK poll : pref=200, test result OK select : pref=150, test result OK
> Total: 4 (4 usable), will use sepoll.
>
> # ### Thanks! Sorry if I'm just missing it! :)
>
>
>
>
>
> On Thu, Oct 28, 2010 at 3:40 PM, Willy Tarreau  wrote:
>
>  The new feature of halog is a per-URL statistics (req & error counts, avg
>> response time, total response time, and that for all or valid only
>> requests).
>> The output is sorted by a field specified from the command line flag,
>> among
>> which URL (-u), req count (-uc), err count (-ue), total time (-ut),
>> average
>> time (-ua), total time on OK reqs (-uto) and avg time on OK reqs (-uao).
>>
>
>
>

Re: [ANNOUNCE] haproxy 1.4.9

2010-10-28 Thread Carlo Flores 
Thanks, Willy!

I am especially excited about the new per-URL statistics, super especially
for the average time metric.  However, I can't use these flags with my build
of 1.4.9 from source.

# /usr/local/sbin/haproxy -u -uc -ue -ut -ua -uto -uaoHA-Proxy version 1.4.9
2010/10/28
Copyright 2000-2010 Willy Tarreau 

Usage : /usr/local/sbin/haproxy [-f ]* [ -vdVD ] [ -n  ] [
-N  ]
[ -p  ] [ -m  ]
-v displays version ; -vv shows known build options.
-d enters debug mode ; -db only disables background mode.
-V enters verbose mode (disables quiet mode)
-D goes daemon
-q quiet mode : don't display messages
-c check mode : only check config files and exit
-n sets the maximum total # of connections (2000)
-m limits the usable amount of memory (in MB)
-N sets the default, per-proxy maximum # of connections (2000)
-p writes pids of all children to this file
-de disables epoll() usage even when available
-ds disables speculative epoll() usage even when available
-dp disables poll() usage even when available
-sf/-st [pid ]* finishes/terminates old pids. Must be last
arguments.

# ### same with only -u and only -uc as sanity tests.
# # haproxy -vvv HA-Proxy version 1.4.9 2010/10/28 Copyright
2000-2010 Willy Tarreau  Build options : TARGET = linux26 CPU =
generic CC = gcc CFLAGS = -m32 -march=i386 -O2 -g OPTIONS = USE_PCRE=1
Default settings : maxconn = 2000, bufsize = 16384, maxrewrite = 8192,
maxpollevents = 200 Encrypted password support via crypt(3): yes Available
polling systems : sepoll : pref=400, test result OK epoll : pref=300, test
result OK poll : pref=200, test result OK select : pref=150, test result OK
Total: 4 (4 usable), will use sepoll.

# ### Thanks! Sorry if I'm just missing it! :)





On Thu, Oct 28, 2010 at 3:40 PM, Willy Tarreau  wrote:

 The new feature of halog is a per-URL statistics (req & error counts, avg
> response time, total response time, and that for all or valid only
> requests).
> The output is sorted by a field specified from the command line flag, among
> which URL (-u), req count (-uc), err count (-ue), total time (-ut), average
> time (-ua), total time on OK reqs (-uto) and avg time on OK reqs (-uao).
>

Re: hosting HAProxy and content servers in different locations

2010-09-07 Thread Carlo Flores 
You'll see the time for your health check to the content servers,
which is essentially the time for network transfer, from the stats
page or socket.  Obviously this time will impact the page load times
for your client.

Your own metrics for latency via curl or a # time  "wget
http://contentservers/expensiveresource"; may be valuable.

Carlo
SysAdmin, Border Stylo
On Tuesday, September 7, 2010, Daniel Storjordet  wrote:
>  Hi!
>
> Current implementation of HAProxy is working great for us. The other day we 
> had a server failure without us or our customers' noticing.
>
> Today our HAProxy solution is hosted on the same location as our content 
> servers. Unfortunately we have experienced problems with our hosting 
> companies. Changing the IP for all the domain names for the web pages hosted 
> on our servers every time we need to switch to a new host is too much work.
>
> To solve this we wish to relocate the HAProxy servers to a different location 
> than the content servers. The new host is placed at the backbone of our 
> countrys internet and the ips can be moved to another host if needed. With 
> this change we will be able to host our content servers and backup servers at 
> any location and can move them around without updating all the domain names 
> every time.
>
> However we are concerned about the performance penalty of hosting the HAProxy 
> servers at an different location that the content servers. Are there any 
> statistics on what kind of performance penalty we will receive, and any other 
> unforeseen effects this might have?
>
>
> --
> mvh.
>
> Daniel Storjordet
>
> D E S T ! N O :: Strandgata 117 :: 4307 Sandnes
> Mob 45 51 73 71 :: Tel 51 62 50 14  dan...@desti.no :: http://www.desti.no
> www.destinet.no - Webpublisering på nett
> www.func.no - Flysøk på nett
>
>
>

Re: Can't get server check to work with virtual hosts

2010-08-17 Thread Carlo Flores 
How about passing healthcheck.cluster6.corp.amiestreet.com for the option
httpchk, and also have the Apache VirtualHosts recognize "healthcheck" as a
ServerAlias?  The idea here is your healthcheck will be standardized to each
host in the cluster, which you'll also want when you split these hosts,
anyway.

On Tue, Aug 17, 2010 at 2:42 PM, Roy Smith  wrote:

> Ah, OK, that's getting me closer.  Thanks!  Now I've got
>
>option httpchk GET /index.html HTTP/1.1\r\nHost:
> test1.cluster6.corp.amiestreet.com
>
>server webA test1.cluster6.corp.amiestreet.com:80 cookie A check inter
> 2s
>server webB test2.cluster6.corp.amiestreet.com:80 cookie B check inter
> 2s
>
>
> and it's sending the correct headers, at least for test1.  The problem is
> that it's also sending "Host: test1..." to test2.  I don't see how to
> configure it to send each host the correct header.
>
>
> On Aug 17, 2010, at 5:23 PM, Graeme Donaldson wrote:
>
> Hi Roy
>
> You simply need to send an HTTP 1.1 request with a Host: header in the http
> check, like this:
>
> option httpchk GET /index.html\r\nHost: vhost.example.com
>
> Graeme.
>
> On 17 August 2010 23:19, Roy Smith  wrote:
>
>> I'm running "HA-Proxy version 1.3.22" on Ubuntu Linux.  I've got apache
>> set up with two virtual hosts, and I want to use haproxy to round-robin
>> between them.  Ultimately, these virtual hosts will be on different
>> machines, but for my testing environment, they're on the same box.  I've got
>> a config file I'm using for testing:
>>
>> > global
>> > maxconn 100
>> >
>> > listen webfarm cluster6:23000
>> >mode http
>> >option httpclose
>> >balance roundrobin
>> >cookie SERVERID insert indirect
>> >timeout server 5s
>> >timeout client 5s
>> >timeout connect 5s
>> >option httpchk GET /index.html HTTP/1.0
>> >server webA test1.cluster6.corp.amiestreet.com:80 cookie A check
>> inter 2s
>> >server webB test2.cluster6.corp.amiestreet.com:80 cookie B check
>> inter 2s
>>
>>
>> As soon as I start haproxy up, I get:
>>
>> > [WARNING] 228/171101 (20636) : Server webfarm/webA is DOWN. 1 active and
>> 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
>> > [WARNING] 228/171102 (20636) : Server webfarm/webB is DOWN. 0 active and
>> 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
>> > [ALERT] 228/171102 (20636) : proxy 'webfarm' has no server available!
>>
>>
>> The problem seems to be that when it sends the HTTP requests to apache, it
>> leaves out the Host: header.  For example, strace shows that wget does:
>>
>> > write(3, "GET /index.html HTTP/1.0\r\nUser-Agent: Wget/1.12
>> (linux-gnu)\r\nAccept: */*\r\nHost: 
>> test1.cluster6.corp.amiestreet.com\r\nConnection:
>> Keep-Alive\r\n\r\n", 142\
>> > ) = 142
>>
>>
>> but haproxy just does:
>>
>> > sendto(5, "GET /index.html HTTP/1.0\r\n\r\n", 28,
>> MSG_DONTWAIT|MSG_NOSIGNAL, NULL, 0) = 28
>>
>> How do I get haproxy to work and play well with virtual hosts?
>>
>>
>>
>
>