Re: haproxy can't bind to mysql port
> > By run I meant you have to start it as root user which you are doing > anyway. Can you run: > # nc -l -p 80 > as root just to confirm you can bind to port 80? If I stop haproxy and run that command this is what I get: [root@ha1:~] #nc -l -p 80 POST /index.php?title=Special%3ARunJobs&tasks=jobs&maxjobs=1&sigexpiry=1437841644&signature=2f2d2dbd28afbc4ecf7e1f59708ff018a30427a9 HTTP/1.1 Host: wiki.example.com Connection: Close Content-Length: 0 Odd, since haproxy isnt' running currently. On Sat, Jul 25, 2015 at 12:07 PM, Igor Cicimov < ig...@encompasscorporation.com> wrote: > By run I meant you have to start it as root user which you are doing > anyway. Can you run: > > # nc -l -p 80 > > as root just to confirm you can bind to port 80? > On 25/07/2015 2:10 PM, "Igor Cicimov" > wrote: > >> You need to run haproxy as root to bind to ports lower than 1024 >> On 25/07/2015 1:36 PM, "Tim Dunphy" wrote: >> >>> Hi Yuan, >>> >>> Nice. >>>> Do you use selinux in prod. >>>> regards, >>>> ; Yuan >>> >>> >>> Yep! Actually I use it every chance I get. Prod/stage/dev and my own >>> hobby environments. And right now actually what I was discussing was a >>> hobby environment. >>> >>> And actually if I could bother you guys one more time, I do have one >>> more issue to solve. LOL >>> >>> And this time it's guaranteed not to be an SELinux issue. Because I >>> tried running haproxy with SELInux on and off this time. >>> >>> But what's happening now, is that HA/Proxy is not creating the http port >>> for the 'stats' interface. I've setup stats to listen on port 80. But for >>> some reason that's not happening. >>> >>> Here's my config one more time, with the trouble part in bold: >>> >>> global >>> log 127.0.0.1 local0 notice >>> user haproxy >>> group haproxy >>> >>> defaults >>> log global >>> retries 2 >>> timeout connect 3000 >>> timeout server 5000 >>> timeout client 5000 >>> >>> listen mysql-cluster >>> bind 0.0.0.0:3306 >>> mode tcp >>> option mysql-check user haproxy_check >>> balance roundrobin >>> server mysql-1 52.3.28.48:3306 check >>> server mysql-2 52.2.0.176:3306 check >>> >>> >>> >>> >>> >>> >>> >>> >>> *listen 0.0.0.0:80 <http://0.0.0.0:80>mode httpstats enable >>> stats uri /stats realm Strictly\ Privatestats auth admin:secret* >>> Currently haproxy is listening on the first port specified* - 3306 - *but >>> not listening on port 80. >>> >>> Observe: >>> >>> [root@ha1:/etc/haproxy] #lsof -i :3306 >>> COMMAND PIDUSER FD TYPE DEVICE SIZE/OFF NODE NAME >>> *haproxy 11653 haproxy4u IPv4 7145270 0t0 TCP *:mysql >>> (LISTEN)* >>> >>> [root@ha1:/etc/haproxy] #lsof -i :80 >>> [root@ha1:/etc/haproxy] # >>> >>> [root@ha1:/etc/haproxy] #telnet localhost 80 >>> Trying 127.0.0.1... >>> telnet: connect to address 127.0.0.1: Connection refused >>> >>> Port 80 simply isn't listening. >>> >>> And this time, I can't blame it on SELinux being on: >>> >>> [root@ha1:/etc/haproxy] #getenforce >>> Permissive >>> >>> I've grepped thru /var/log/messages but not turned up any clues to this >>> one. >>> >>> And I really would like to get the stats interface up and running. >>> >>> Any thoughts here? I'm wondering what I can do to get stats working. >>> >>> Thanks, >>> Tim >>> >>> >>> >>> On Fri, Jul 24, 2015 at 10:52 PM, Gmail wrote: >>> >>>> Nice. >>>> Do you use selinux in prod. >>>> regards, >>>> ; Yuan >>>> >>>> On 07/25/2015 09:17 AM, Tim Dunphy wrote: >>>> >>>>> Bingo!!! >>>>> >>>>> The problem was with SELinux. Not sure what took me so long to think of >>>>> it...!!! >>>>> >>>>> So set the mysql listener back to port 3306. Turned off SELinux with >>>>> setenforce 0. Then it started right up!!! And port 3306 was listening. >>>>> >>>
Re: haproxy can't bind to mysql port
Yuan, maybe something here http://lnxmon.com/haproxy/ > Thanks, > ; Yuan I modified a config from your blog that you showed me and came up with this: global log 127.0.0.1 local0 notice maxconn 2000 user haproxy group haproxy defaults log global modehttp option httplog option dontlognull retries 3 option redispatch timeout connect 5000 timeout client 1 timeout server 1 listen jokefire 0.0.0.0:80 mode http stats enable stats uri /haproxy?stats stats realm Strictly\ Private stats auth admin:secret balance roundrobin option httpclose option forwardfor server varnish1 10.10.10.5:80 check server varnish2 10.10.10.6:80 check listen mysql-cluster bind 0.0.0.0:3306 mode tcp balance roundrobin maxconn 5200 option mysql-check user haproxy_root server mysql-1 10.10.10.7:3306 check server mysql-2 10.10.10.8:3306 check And that seemed to work. I can see that both ports are listening now: [root@ha1:/etc/haproxy] #lsof -i :80 -i :3306 COMMAND PIDUSER FD TYPE DEVICE SIZE/OFF NODE NAME haproxy 27136 haproxy4u IPv4 7563913 0t0 TCP *:http (LISTEN) haproxy 27136 haproxy6u IPv4 7563915 0t0 TCP *:mysql (LISTEN) Although I am not aware of the real difference between this and my previous config that allows this to work is. Not a huge issue at this point since it's working. But if anyone wants to take a stab at this, be my guest! Thanks, Tim On Sat, Jul 25, 2015 at 12:15 AM, Gmail wrote: > maybe something here http://lnxmon.com/haproxy/ > > Thanks, > ; Yuan > > > On 07/25/2015 12:10 PM, Igor Cicimov wrote: > >> You need to run haproxy as root to bind to ports lower than 1024 >> On 25/07/2015 1:36 PM, "Tim Dunphy" wrote: >> >> Hi Yuan, >>> >>> Nice. >>> >>>> Do you use selinux in prod. >>>> regards, >>>> ; Yuan >>>> >>> >>> Yep! Actually I use it every chance I get. Prod/stage/dev and my own >>> hobby >>> environments. And right now actually what I was discussing was a hobby >>> environment. >>> >>> And actually if I could bother you guys one more time, I do have one more >>> issue to solve. LOL >>> >>> And this time it's guaranteed not to be an SELinux issue. Because I tried >>> running haproxy with SELInux on and off this time. >>> >>> But what's happening now, is that HA/Proxy is not creating the http port >>> for the 'stats' interface. I've setup stats to listen on port 80. But for >>> some reason that's not happening. >>> >>> Here's my config one more time, with the trouble part in bold: >>> >>> global >>> log 127.0.0.1 local0 notice >>> user haproxy >>> group haproxy >>> >>> defaults >>> log global >>> retries 2 >>> timeout connect 3000 >>> timeout server 5000 >>> timeout client 5000 >>> >>> listen mysql-cluster >>> bind 0.0.0.0:3306 >>> mode tcp >>> option mysql-check user haproxy_check >>> balance roundrobin >>> server mysql-1 52.3.28.48:3306 check >>> server mysql-2 52.2.0.176:3306 check >>> >>> >>> >>> >>> >>> >>> >>> >>> *listen 0.0.0.0:80 <http://0.0.0.0:80>mode httpstats enable >>> stats uri /stats realm Strictly\ Privatestats auth admin:secret* >>> Currently haproxy is listening on the first port specified* - 3306 - *but >>> not listening on port 80. >>> >>> Observe: >>> >>> [root@ha1:/etc/haproxy] #lsof -i :3306 >>> COMMAND PIDUSER FD TYPE DEVICE SIZE/OFF NODE NAME >>> *haproxy 11653 haproxy4u IPv4 7145270 0t0 TCP *:mysql >>> (LISTEN)* >>> >>> >>> [root@ha1:/etc/haproxy] #lsof -i :80 >>> [root@ha1:/etc/haproxy] # >>> >>> [root@ha1:/etc/haproxy] #telnet localhost 80 >>> Trying 127.0.0.1... >>> telnet: connect to address 127.0.0.1: Connection refused >>> >>> Port 80 simply isn't listening. >>> >>> And this time, I can't blame it on SELinux being on: >>> >>> [root@ha1:/etc/haproxy] #getenforce >>> Permissive >>> >>> I've grepped thru /var/log/messages but not turned up any clues to this >>> one. >>> >>> And I really would like to get the stats interface up
Re: haproxy can't bind to mysql port
>
> You need to run haproxy as root to bind to ports lower than 1024
I tried running haproxy as root/root:
[root@ha1:/etc/haproxy] #egrep "user|group" haproxy.cfg| grep -v option
user root
group root
Then restarted the service. No difference!
[root@ha1:/etc/haproxy] #systemctl restart haproxy
[root@ha1:/etc/haproxy] #lsof -i :80
[root@ha1:/etc/haproxy] #getenforce
Permissive
Thanks for the suggestion anyway!
On Sat, Jul 25, 2015 at 12:10 AM, Igor Cicimov <
ig...@encompasscorporation.com> wrote:
> You need to run haproxy as root to bind to ports lower than 1024
> On 25/07/2015 1:36 PM, "Tim Dunphy" wrote:
>
>> Hi Yuan,
>>
>> Nice.
>>> Do you use selinux in prod.
>>> regards,
>>> ; Yuan
>>
>>
>> Yep! Actually I use it every chance I get. Prod/stage/dev and my own
>> hobby environments. And right now actually what I was discussing was a
>> hobby environment.
>>
>> And actually if I could bother you guys one more time, I do have one more
>> issue to solve. LOL
>>
>> And this time it's guaranteed not to be an SELinux issue. Because I tried
>> running haproxy with SELInux on and off this time.
>>
>> But what's happening now, is that HA/Proxy is not creating the http port
>> for the 'stats' interface. I've setup stats to listen on port 80. But for
>> some reason that's not happening.
>>
>> Here's my config one more time, with the trouble part in bold:
>>
>> global
>> log 127.0.0.1 local0 notice
>> user haproxy
>> group haproxy
>>
>> defaults
>> log global
>> retries 2
>> timeout connect 3000
>> timeout server 5000
>> timeout client 5000
>>
>> listen mysql-cluster
>> bind 0.0.0.0:3306
>> mode tcp
>> option mysql-check user haproxy_check
>> balance roundrobin
>> server mysql-1 52.3.28.48:3306 check
>> server mysql-2 52.2.0.176:3306 check
>>
>>
>>
>>
>>
>>
>>
>>
>> *listen 0.0.0.0:80 <http://0.0.0.0:80>mode httpstats enable
>> stats uri /stats realm Strictly\ Privatestats auth admin:secret*
>> Currently haproxy is listening on the first port specified* - 3306 - *but
>> not listening on port 80.
>>
>> Observe:
>>
>> [root@ha1:/etc/haproxy] #lsof -i :3306
>> COMMAND PIDUSER FD TYPE DEVICE SIZE/OFF NODE NAME
>> *haproxy 11653 haproxy4u IPv4 7145270 0t0 TCP *:mysql (LISTEN)*
>>
>> [root@ha1:/etc/haproxy] #lsof -i :80
>> [root@ha1:/etc/haproxy] #
>>
>> [root@ha1:/etc/haproxy] #telnet localhost 80
>> Trying 127.0.0.1...
>> telnet: connect to address 127.0.0.1: Connection refused
>>
>> Port 80 simply isn't listening.
>>
>> And this time, I can't blame it on SELinux being on:
>>
>> [root@ha1:/etc/haproxy] #getenforce
>> Permissive
>>
>> I've grepped thru /var/log/messages but not turned up any clues to this
>> one.
>>
>> And I really would like to get the stats interface up and running.
>>
>> Any thoughts here? I'm wondering what I can do to get stats working.
>>
>> Thanks,
>> Tim
>>
>>
>>
>> On Fri, Jul 24, 2015 at 10:52 PM, Gmail wrote:
>>
>>> Nice.
>>> Do you use selinux in prod.
>>> regards,
>>> ; Yuan
>>>
>>> On 07/25/2015 09:17 AM, Tim Dunphy wrote:
>>>
>>>> Bingo!!!
>>>>
>>>> The problem was with SELinux. Not sure what took me so long to think of
>>>> it...!!!
>>>>
>>>> So set the mysql listener back to port 3306. Turned off SELinux with
>>>> setenforce 0. Then it started right up!!! And port 3306 was listening.
>>>>
>>>> Then I consulted with audit2why and saw the following:
>>>>
>>>> type=AVC msg=audit(1437786617.963:28856863): avc: denied {
>>>> name_connect }
>>>> for pid=29175 comm="haproxy" dest=3306
>>>> scontext=system_u:system_r:haproxy_t:s0
>>>> tcontext=system_u:object_r:mysqld_port_t:s0 tclass=tcp_socket
>>>>
>>>> Was caused by:
>>>> The boolean haproxy_connect_any was set incorrectly.
>>>> Description:
>>>> Allow haproxy to connect any
>>>>
>>>> Allow access by executing:
>>>> # *setsebool -P haproxy_connect_any 1*
>>>>
>>>>
>&g
Re: haproxy can't bind to mysql port
Hi Yuan,
Nice.
> Do you use selinux in prod.
> regards,
> ; Yuan
Yep! Actually I use it every chance I get. Prod/stage/dev and my own hobby
environments. And right now actually what I was discussing was a hobby
environment.
And actually if I could bother you guys one more time, I do have one more
issue to solve. LOL
And this time it's guaranteed not to be an SELinux issue. Because I tried
running haproxy with SELInux on and off this time.
But what's happening now, is that HA/Proxy is not creating the http port
for the 'stats' interface. I've setup stats to listen on port 80. But for
some reason that's not happening.
Here's my config one more time, with the trouble part in bold:
global
log 127.0.0.1 local0 notice
user haproxy
group haproxy
defaults
log global
retries 2
timeout connect 3000
timeout server 5000
timeout client 5000
listen mysql-cluster
bind 0.0.0.0:3306
mode tcp
option mysql-check user haproxy_check
balance roundrobin
server mysql-1 52.3.28.48:3306 check
server mysql-2 52.2.0.176:3306 check
*listen 0.0.0.0:80 <http://0.0.0.0:80>mode httpstats enable
stats uri /stats realm Strictly\ Privatestats auth admin:secret*
Currently haproxy is listening on the first port specified* - 3306 - *but
not listening on port 80.
Observe:
[root@ha1:/etc/haproxy] #lsof -i :3306
COMMAND PIDUSER FD TYPE DEVICE SIZE/OFF NODE NAME
*haproxy 11653 haproxy4u IPv4 7145270 0t0 TCP *:mysql (LISTEN)*
[root@ha1:/etc/haproxy] #lsof -i :80
[root@ha1:/etc/haproxy] #
[root@ha1:/etc/haproxy] #telnet localhost 80
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
Port 80 simply isn't listening.
And this time, I can't blame it on SELinux being on:
[root@ha1:/etc/haproxy] #getenforce
Permissive
I've grepped thru /var/log/messages but not turned up any clues to this one.
And I really would like to get the stats interface up and running.
Any thoughts here? I'm wondering what I can do to get stats working.
Thanks,
Tim
On Fri, Jul 24, 2015 at 10:52 PM, Gmail wrote:
> Nice.
> Do you use selinux in prod.
> regards,
> ; Yuan
>
> On 07/25/2015 09:17 AM, Tim Dunphy wrote:
>
>> Bingo!!!
>>
>> The problem was with SELinux. Not sure what took me so long to think of
>> it...!!!
>>
>> So set the mysql listener back to port 3306. Turned off SELinux with
>> setenforce 0. Then it started right up!!! And port 3306 was listening.
>>
>> Then I consulted with audit2why and saw the following:
>>
>> type=AVC msg=audit(1437786617.963:28856863): avc: denied { name_connect
>> }
>> for pid=29175 comm="haproxy" dest=3306
>> scontext=system_u:system_r:haproxy_t:s0
>> tcontext=system_u:object_r:mysqld_port_t:s0 tclass=tcp_socket
>>
>> Was caused by:
>> The boolean haproxy_connect_any was set incorrectly.
>> Description:
>> Allow haproxy to connect any
>>
>> Allow access by executing:
>> # *setsebool -P haproxy_connect_any 1*
>>
>>
>> I just ran that command you see above in bold, and then all was right with
>> the world.
>>
>> [root@ha1:/etc/haproxy] #systemctl status haproxy
>> haproxy.service - HAProxy Load Balancer
>> Loaded: loaded (/usr/lib/systemd/system/haproxy.service; disabled)
>> Active: active (running) since Sat 2015-07-25 01:14:53 UTC; 33s ago
>> Main PID: 30618 (haproxy-systemd)
>> CGroup: /system.slice/haproxy.service
>> ├─30618 /usr/sbin/haproxy-systemd-wrapper -f
>> /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
>> ├─30619 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p
>> /run/haproxy.pid -Ds
>> └─30620 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p
>> /run/haproxy.pid -Ds
>>
>> Jul 25 01:14:53 ha1 systemd[1]: Starting HAProxy Load Balancer...
>> Jul 25 01:14:53 ha1 systemd[1]: Started HAProxy Load Balancer.
>> Jul 25 01:14:53 ha1 haproxy-systemd-wrapper[30618]:
>> haproxy-systemd-wrapper: executing /usr/sbin/haproxy -f
>> /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds
>>
>> [root@ha1:/etc/haproxy] #lsof -i :3306
>> COMMAND PIDUSER FD TYPE DEVICE SIZE/OFF NODE NAME
>> haproxy 30620 haproxy1u IPv4 7075172 0t0 TCP
>> ha1.example.com:55499->ec2-52-2-0-xxx.compute-1.amazonaws.com:mysql
>> (SYN_SENT)
>> haproxy 30620 haproxy4u IPv4 7074731 0t0 TCP *:mysql (LISTEN)
>>
>>
>> Thanks for nudging me in the right direction. All I had to hear was the
>> word 'selinux' and from there it all fell into place!
>>
Re: haproxy can't bind to mysql port
Bingo!!!
The problem was with SELinux. Not sure what took me so long to think of
it...!!!
So set the mysql listener back to port 3306. Turned off SELinux with
setenforce 0. Then it started right up!!! And port 3306 was listening.
Then I consulted with audit2why and saw the following:
type=AVC msg=audit(1437786617.963:28856863): avc: denied { name_connect }
for pid=29175 comm="haproxy" dest=3306
scontext=system_u:system_r:haproxy_t:s0
tcontext=system_u:object_r:mysqld_port_t:s0 tclass=tcp_socket
Was caused by:
The boolean haproxy_connect_any was set incorrectly.
Description:
Allow haproxy to connect any
Allow access by executing:
# *setsebool -P haproxy_connect_any 1*
I just ran that command you see above in bold, and then all was right with
the world.
[root@ha1:/etc/haproxy] #systemctl status haproxy
haproxy.service - HAProxy Load Balancer
Loaded: loaded (/usr/lib/systemd/system/haproxy.service; disabled)
Active: active (running) since Sat 2015-07-25 01:14:53 UTC; 33s ago
Main PID: 30618 (haproxy-systemd)
CGroup: /system.slice/haproxy.service
├─30618 /usr/sbin/haproxy-systemd-wrapper -f
/etc/haproxy/haproxy.cfg -p /run/haproxy.pid
├─30619 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p
/run/haproxy.pid -Ds
└─30620 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p
/run/haproxy.pid -Ds
Jul 25 01:14:53 ha1 systemd[1]: Starting HAProxy Load Balancer...
Jul 25 01:14:53 ha1 systemd[1]: Started HAProxy Load Balancer.
Jul 25 01:14:53 ha1 haproxy-systemd-wrapper[30618]:
haproxy-systemd-wrapper: executing /usr/sbin/haproxy -f
/etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds
[root@ha1:/etc/haproxy] #lsof -i :3306
COMMAND PIDUSER FD TYPE DEVICE SIZE/OFF NODE NAME
haproxy 30620 haproxy1u IPv4 7075172 0t0 TCP
ha1.example.com:55499->ec2-52-2-0-xxx.compute-1.amazonaws.com:mysql
(SYN_SENT)
haproxy 30620 haproxy4u IPv4 7074731 0t0 TCP *:mysql (LISTEN)
Thanks for nudging me in the right direction. All I had to hear was the
word 'selinux' and from there it all fell into place!
Thanks!!
Tim
On Fri, Jul 24, 2015 at 8:20 PM, Gmail wrote:
> I could be completely wrong here and I am curious to know the answer
> myself. Please don't take this as a solution, just my thoughts.
>
> First, you can not use backend ip-address of 10.x.x.x subnet because each
> account's VPC is seggregated. If you do want to use 10.X.X.X ipadress you
> have to setup a inter VPC endpoint in AWS. I would just use EIP.
>
> For the port 3306, try to use nc to listen on that port or iperf. Do yo
> uhave iptables turned on.
>
> I would check "systemctl -l status haproxy.service"
>
> I would check lsof -i why can't bind to 3306 on loopback ipaddress.
>
> I would check iptables or selinux preventing the bind.
>
> It wil be interesting to know the source ipaddress of MySQL client ec2
> instance.
> Interesting if you can Copy/paste output of "telnet
> 3306" from mysql client ec2 instance , here.
> Interesting if you can Copy/paste output of "telnet 10.10.10.10 3306"
> from haproxy ec2 instances, here.
> Interesting if you can Copy/paste output of "telnet 10.10.10.11 3306"
> from haproxy ec2 instances, here.
>
> I I was doing this, maybe I would consider testing something like ;
> ..
> frontend mysql_lb_fe 0.0.0.0:3306
>
> acl host_myql_lb hdr(host) -i mysql-lb
> ..
> ..
> use_backend mysql_lb_backend if host mysql_lb
> ..
> ..
> backend mysql_lb_be
> ..
> ..
>
> option mysql-check user haproxy_check
> balance roundrobin
> server mysql-1 10.10.10.10:3306 check
> server mysql-2 10.10.10.11:3306 check
>
> Thanks,
> ; Yuan
>
>
> On 07/25/2015 06:41 AM, Tim Dunphy wrote:
>
>> Hello Nenad,
>>
>> Jul 24 03:44:18 ha1 haproxy-systemd-wrapper[25034]: [ALERT]
>>
>>> 204/034418 (25035) : *Starting proxy mysql-cluster: cannot bind
>>> s...:3306]*
>>>
>>
>> Nothing listening on the port I'm trying to bind to: 3306
>>
>> [root@ha1:~] #ss -lpt | fgrep 3306
>> [root@ha1:~] #lsof -i :3306
>> [root@ha1:~] #netstat -tulpn | grep -i listen | grep 3306
>> [root@ha1:~] #
>>
>> While we're on the subject of listening ports, here's a list of all
>> listening ports on the haproxy host:
>>
>> [root@ha1:~] #netstat -tulpn | grep -i listen
>> tcp0 0 0.0.0.0:35145 0.0.0.0:*
>> LISTEN -
>> tcp0 0 0.0.0.0:56814 0.0.0.0:*
>> LISTEN 16346/rpc.statd
>> tcp0 0 0.0.0.0:111 0.0.0.0:*
>> LISTEN 16455/rpcbind
>> tcp0
Re: haproxy can't bind to mysql port
Hello Nenad, Jul 24 03:44:18 ha1 haproxy-systemd-wrapper[25034]: [ALERT] > 204/034418 (25035) : *Starting proxy mysql-cluster: cannot bind > s...:3306]* Nothing listening on the port I'm trying to bind to: 3306 [root@ha1:~] #ss -lpt | fgrep 3306 [root@ha1:~] #lsof -i :3306 [root@ha1:~] #netstat -tulpn | grep -i listen | grep 3306 [root@ha1:~] # While we're on the subject of listening ports, here's a list of all listening ports on the haproxy host: [root@ha1:~] #netstat -tulpn | grep -i listen tcp0 0 0.0.0.0:35145 0.0.0.0:* LISTEN - tcp0 0 0.0.0.0:56814 0.0.0.0:* LISTEN 16346/rpc.statd tcp0 0 0.0.0.0:111 0.0.0.0:* LISTEN 16455/rpcbind tcp0 0 0.0.0.0:22 0.0.0.0:* LISTEN 16396/sshd tcp6 0 0 :::49349:::* LISTEN 16346/rpc.statd tcp6 0 0 :::111 :::* LISTEN 16455/rpcbind tcp6 0 0 :::47314:::* LISTEN - tcp6 0 0 :::22 :::* LISTEN 16396/sshd I thought I was beginning to understand this problem. That haproxy was trying to bind on port 3306 from the mysql host on another machine. But come to think of it, that doesn't make a lot of sense. Because I already have haproxy setup for some web servers, and there it creates port 80 on the haproxy node. It's not trying to connect to a foreign source. Not sure where I got that idea!! I also tried binding the mysql section to another port that wasn't in use. I tried port 3307,3308. I even tried binding the mysql section of the config to a weird port I just grabbed off of the top of my head. I tried binding it to port . And there I still got a bind error: [ALERT] 204/223303 (13081) : Starting proxy mysql-cluster: cannot bind socket [0.0.0.0:] Now watch this!! If I bind the mysql section to port 80 instead of any other port.. haproxy starts up without complaint! listen mysql-cluster bind 0.0.0.0:80 mode tcp option mysql-check user haproxy_check balance roundrobin server mysql-1 10.0.0.xxx :3306 check server mysql-2 10.0.0.xxx:3306 check [root@ha1:/etc/haproxy] #systemctl status haproxy haproxy.service - HAProxy Load Balancer Loaded: loaded (/usr/lib/systemd/system/haproxy.service; enabled) Active: active (running) since Fri 2015-07-24 22:35:03 UTC; 4s ago Main PID: 13213 (haproxy-systemd) CGroup: /system.slice/haproxy.service ├─13213 /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid ├─13214 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds └─13215 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds Jul 24 22:35:03 ha1 systemd[1]: Starting HAProxy Load Balancer... *Jul 24 22:35:03 ha1 systemd[1]: Started HAProxy Load Balancer.* Jul 24 22:35:03 ha1 haproxy-systemd-wrapper[13213]: haproxy-systemd-wrapper: executing /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds Ok. What...the...heck!! So why do you think that haproxy is only happy starting up on port 80? I would think that I should be able to specify any arbitrary port for it to listen on in a 'listen' sub-block. I guess I could have my app contact the database using port 80. But that's a little... weird. I installed haproxy using yum from the 'updates' repository. Is there any reason anyone can think of as to why haproxy refuses to start on any port other than port 80?? Thanks, Tim On Fri, Jul 24, 2015 at 4:59 PM, Nenad Merdanovic wrote: > Hello Tim, > > > On Fri, Jul 24, 2015 at 1:46 PM, Tim Dunphy > <mailto:bluethu...@gmail.com>> wrote: > > > listen mysql-cluster > > bind 127.0.0.1:3306 <http://127.0.0.1:3306> > > > > mode tcp > > option mysql-check user haproxy_check > > balance roundrobin > > server mysql-1 10.10.10.10:3306 <http://10.10.10.10:3306> > check > > server mysql-2 10.10.10.11:3306 <http://10.10.10.11:3306> > check > > > > Jul 24 03:44:18 ha1 haproxy-systemd-wrapper[25034]: [ALERT] > > 204/034418 (25035) : *Starting proxy mysql-cluster: cannot bind > > s...:3306]* > > Can you check if something is listening on 127.0.0.1:3306 (netstat, ss, > lsof)? For example: > ss -lpt | fgrep 3306 > > Regards, > Nenad > -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B On Fri, Jul 24, 2015 at 4:59 PM, Nenad Merdanovic wrote: > Hello Tim, > > > On Fri, Jul 24, 2015 at 1:46 PM, Tim Dunphy > <mailto:bluethu...@gmail.com>> wrote: > > > listen mysql-cluster > >
Re: haproxy can't bind to mysql port
Hi there Igor, > How did you do that? By putting the haproxy's security group or the > haproxy's ip to the mysql group inbound rule? Sorry but which non local IP > is that? > I put the external IP of the haproxy server into the security group on the mysql server. In this case the external IP from the haproxy host is an elastic IP. And I saw that when I did that and performed a grant on the database I could log into the db from the haproxy machine. How many interfaces haproxy has? Is it connected to the 10.10.10.0/24 network > at all? > Looks to me you are trying to use VIP's or something which does not work > in same way as in normal lan's. Don't forget that in AWS we are dealing > with SDN's so giving l0 or any other interface a second IP address localy > on the instance using ip tool lets say will simply not work. That IP is not > visible to the SDN and the interface will never send or receive any > traffic. You need that IP allocated to the haproxy interface (no option for > l0 here) via EC2 console or aws cli tool. The IP's I was using in the example config I posted to the thread earlier was using fake IP's, not the real ones. In reality I had used the external IP's which are on a 52.3.22 subnet (for example on one host). The haproxy machines have just one interface, and they're both on the same VPC. This is needed for failover. Those IPs actually are 10-net addresses. So maybe I'll need to put those IP's into the SG's on the database nodes to get this working? So for example if I do a command like this: [root@ha1:/etc/haproxy] #ifconfig | grep inet | grep -v inet6 inet 10.0.0.XXX netmask 255.255.255.0 broadcast 10.0.0.255 inet 127.0.0.1 netmask 255.0.0.0 What I get back is a 10-net address and the loopback. Only thing is that the database hosts are on separate AWS accounts. So I don't know how the database nodes will be able to recognize the internal 10-net addresses from the haproxy hosts. Do you have any suggestions on how this can (or can't) work? Thanks, Tim On Fri, Jul 24, 2015 at 1:11 AM, Igor Cicimov < ig...@encompasscorporation.com> wrote: > > > On Fri, Jul 24, 2015 at 1:46 PM, Tim Dunphy wrote: > >> Hi all, >> >> I'm attempting to setup mysql load balancing using HA/Proxy. Seemed >> pretty straight forward at first. >> >> I'm using Amazon ec2 for all nodes. First I made sure that the >> haproxy nodes could contact the mysql boxes by opening up the security >> group from the mysql boxes to the haproxy ones on port 3306. >> > > How did you do that? By putting the haproxy's security group or the > haproxy's ip to the mysql group inbound rule? If IP which one is that? > > >> >> I setup the following config: >> >> global >> log 127.0.0.1 local0 notice >> user haproxy >> group haproxy >> >> defaults >> log global >> retries 2 >> timeout connect 3000 >> timeout server 5000 >> timeout client 5000 >> >> listen mysql-cluster >> bind 127.0.0.1:3306 >> > mode tcp >> option mysql-check user haproxy_check >> balance roundrobin >> server mysql-1 10.10.10.10:3306 check >> server mysql-2 10.10.10.11:3306 check >> >> listen 0.0.0.0:80 >> mode http >> stats enable >> stats uri / >> stats realm Strictly\ Private >> stats auth admin:secret >> >> And ensured that haproxy could bind to non local IP's: >> > > Sorry but which non local IP is that? How many interfaces haproxy has? Is > it connected to the 10.10.10.0/24 network at all? > > Looks to me you are trying to use VIP's or something which does not work > in same way as in normal lan's. Don't forget that in AWS we are dealing > with SDN's so giving l0 or any other interface a second IP address localy > on the instance using ip tool lets say will simply not work. That IP is not > visible to the SDN and the interface will never send or receive any > traffic. You need that IP allocated to the haproxy interface (no option for > l0 here) via EC2 console or aws cli tool. > > >> >> [root@ha1:/etc/haproxy] #grep ipv4 /etc/sysctl.conf >> net.ipv4.ip_nonlocal_bind=1 >> >> [root@ha1:/etc/haproxy] #sysctl -p >> net.ipv4.ip_nonlocal_bind = 1 >> >> Yet when I try to start up haproxy I get the following result: >> >> [root@ha1:/etc/haproxy] #systemctl status haproxy >> haproxy.service - HAProxy Load Balancer >>Loaded: loaded (/usr/lib/systemd/system/haproxy.service; enabled) >>Active: inactive (dea
haproxy can't bind to mysql port
Hi all, I'm attempting to setup mysql load balancing using HA/Proxy. Seemed pretty straight forward at first. I'm using Amazon ec2 for all nodes. First I made sure that the haproxy nodes could contact the mysql boxes by opening up the security group from the mysql boxes to the haproxy ones on port 3306. I setup the following config: global log 127.0.0.1 local0 notice user haproxy group haproxy defaults log global retries 2 timeout connect 3000 timeout server 5000 timeout client 5000 listen mysql-cluster bind 127.0.0.1:3306 mode tcp option mysql-check user haproxy_check balance roundrobin server mysql-1 10.10.10.10:3306 check server mysql-2 10.10.10.11:3306 check listen 0.0.0.0:80 mode http stats enable stats uri / stats realm Strictly\ Private stats auth admin:secret And ensured that haproxy could bind to non local IP's: [root@ha1:/etc/haproxy] #grep ipv4 /etc/sysctl.conf net.ipv4.ip_nonlocal_bind=1 [root@ha1:/etc/haproxy] #sysctl -p net.ipv4.ip_nonlocal_bind = 1 Yet when I try to start up haproxy I get the following result: [root@ha1:/etc/haproxy] #systemctl status haproxy haproxy.service - HAProxy Load Balancer Loaded: loaded (/usr/lib/systemd/system/haproxy.service; enabled) Active: inactive (dead) since Fri 2015-07-24 03:44:18 UTC; 9s ago Process: 25034 ExecStart=/usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid (code=exited, status=0/SUCCESS) Main PID: 25034 (code=exited, status=0/SUCCESS) Jul 24 03:44:18 ha1 systemd[1]: Starting HAProxy Load Balancer... Jul 24 03:44:18 ha1 systemd[1]: Started HAProxy Load Balancer. Jul 24 03:44:18 ha1 haproxy-systemd-wrapper[25034]: haproxy-systemd-wrapper: executing /usr/sbin/haproxy -f /etc/haproxy/hap...id -Ds Jul 24 03:44:18 ha1 haproxy-systemd-wrapper[25034]: [ALERT] 204/034418 (25035) : *Starting proxy mysql-cluster: cannot bind s...:3306]* Jul 24 03:44:18 ha1* h*aproxy-systemd-wrapper[25034]: haproxy-systemd-wrapper: exit, haproxy RC=256 Hint: Some lines were ellipsized, use -l to show in full. So it seems that haproxy is expecting to have mysql already listening on port 3306. But mysql is runnign on two external nodes with port 3306 open to the two haproxy machines. What am I doing wrong? And how can I get this to work? Thanks, TIm -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
haproxy / mysql can't bind to socket
Hello, I'm trying to get haproxy to work with two database servers. But I'm getting stuck on an error when trying to start up haproxy. Saying that it can't bind to the socket. [root@aoadbld00036la haproxy]# service haproxy start Starting haproxy: [ALERT] 105/160506 (29040) : Starting proxy mysql-cluster: cannot bind socket [FAILED] Mysql is running and listening on port 3306 on all interfaces: [root@aoadbld00036la haproxy]# lsof -i :3306 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME mysqld 28711 mysql 22u IPv4 6614552 0t0 TCP *:mysql (LISTEN) mysqld 28711 mysql 44u IPv4 6614952 0t0 TCP aoadbld00036la:mysql-> aoadbld00036lb.stg-tfayd.com:56669 (ESTABLISHED) I have a virtual IP being provided by keepalived. I have a mysql database listening to this ip. I'm not using the real IP for this post. But I can log into the database using this virtual IP. I have non local binds setup in sysctl.conf : [root@aoadbld00036la ~]# grep ipv4 /etc/sysctl.conf | grep bind net.ipv4.ip_nonlocal_bind = 1 But for some reason this configuration still isn't giving me any luck! global log 127.0.0.1 local0 notice user haproxy group haproxy defaults log global retries 2 timeout connect 3000 timeout server 5000 timeout client 5000 listen mysql-cluster bind 10.10.10.163:3306 mode tcp option mysql-check user haproxy_check balance roundrobin server mysql-1 10.10.10.248:3306 check server mysql-2 10.10.10.249:3306 check listen stats *:80 mode http stats enable stats uri / stats realm Strictly\ Private stats auth admin:secret Can someone please help me out on the solution here? I think the answer may be to get mysql to listen on a different port locally. And have the VIP address provide the service on the load balacned VIP address. Please correct me if I'm wrong there. Thanks, Tim -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
Re: cannot bind to socket error
> > You need to set net.ipv4.ip_nonlocal_bind=1 to allow processes to bind to > an IP address not currently on the host. Hey guys, Yup! That's what I tried. And that's what worked. I have haproxy running on both nodes. Thanks for your input! Tim On Thu, Apr 2, 2015 at 5:30 PM, Lukas Tribus wrote: > > Hey folks, > > > > I'm setting up HAProxy and keepalived on 2 nodes today. And I'm able > > to start HAProxy on the first node, but not on the 2nd node. > > If you bind to a virtual IP it will by default only work on if that > virtual IP > is currently active on that particular box, which is not what you want. > > Configuring the transparent keyword on the bind line of (both!) haproxy > instances should fix that problem, by binding to a non-local IP. > > > Lukas > > -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
cannot bind to socket error
Hey folks, I'm setting up HAProxy and keepalived on 2 nodes today. And I'm able to start HAProxy on the first node, but not on the 2nd node. I've tested failover of the VIP for keepalived and it stays up if either node is running keepalived. I have the same haproxy config on both nodes. This is the config I have setup: global log 127.0.0.1 local0 notice user haproxy group haproxy defaults log global retries 2 timeout connect 3000 timeout server 5000 timeout client 5000 listen web-cluster bind 3.3.87.23:80 mode http balance roundrobin server web-1 3.3.86.246:8080 check server web-2 3.3.86.247:8080 check listen 3.3.87.23:80 bind 3.3.87.23:80 mode http stats enable stats uri / stats realm Strictly\ Private stats auth admin:wouldntYouLikeToKnow And I notice that on the first node if I do a netstat I can see the keepalived vip listening on the port I specify. [root@aoaapld00130la haproxy]# netstat -tulpn | grep -i listen | grep haproxy tcp0 0 3.3.87.23:800.0.0.0:* LISTEN 57332/haproxy And on the first node haproxy runs without complaint: [root@aoaapld00130la haproxy]# service haproxy status haproxy (pid 57332) is running... But on the second node, I'm getting an error saying that HAProxy cannot bind to socket. [root@aoaapld00130lb haproxy]# service haproxy start Starting haproxy: [ALERT] 091/171840 (22084) : Starting proxy web-cluster: cannot bind socket [3.3.87.23:80] [ALERT] 091/171840 (22084) : Starting proxy 3.3.87.23:80: cannot bind socket [3.3.87.23:80] [FAILED] Can someone please help me understsand why haproxy is failing on the second node? Thanks! Tim -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
Re: simple failover is failing
Hello again list, I have a little more info to add.. I was able to start up both lb's in debug mode. And I found some interesting info.. on lb1 (the functioning node) I see activity in the debug logs as I access the sites. But in the debug logs of lb2 this is all I see: [root@VIRTCENT02:~] #haproxy -d -f /etc/haproxy/haproxy.cfg Available polling systems : sepoll : pref=400, test result OK poll : pref=200, test result OK select : pref=150, test result OK epoll : disabled, test result OK Total: 4 (3 usable), will use sepoll. Using sepoll() as the polling mechanism. 0001:www.accept(0004)=0006 from [192.168.1.34:46634] 0001:www.clireq[0006:]: GET /admin?stats;csv HTTP/1.1 0001:www.clihdr[0006:]: TE: deflate,gzip;q=0.3 0001:www.clihdr[0006:]: Connection: TE, close 0001:www.clihdr[0006:]: Host: 192.168.1.200 0001:www.clihdr[0006:]: User-Agent: check_haproxy.pl 0001:www.srvcls[0006:] 0001:www.clicls[0006:] 0001:www.closed[0006:] What you see here is the nagios server checking for a CSV file to indicate that the server is alive. And the nagios check is successful and reports the site is alive. But the sites will not appear in any browser. If I fire up lb1 the sites start to work and I see this in the debug logs: [root@VIRTCENT01:~] #haproxy -f /etc/haproxy/haproxy.cfg -d Available polling systems : sepoll : pref=400, test result OK poll : pref=200, test result OK select : pref=150, test result OK epoll : disabled, test result OK Total: 4 (3 usable), will use sepoll. Using sepoll() as the polling mechanism. :www.accept(0004)=0006 from [71.187.226.165:1024] :www.clireq[0006:]: GET /cake/ HTTP/1.1 :www.clihdr[0006:]: Host: stage.jokefire.com :www.clihdr[0006:]: User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 :www.clihdr[0006:]: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 :www.clihdr[0006:]: Accept-Language: en-us,en;q=0.5 :www.clihdr[0006:]: Accept-Encoding: gzip, deflate :www.clihdr[0006:]: Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 :www.clihdr[0006:]: Connection: keep-alive :www.clihdr[0006:]: Cookie: CAKEPHP=l8ug7fl47khnhvhjmcgtc3kcu2; SERVERID=B :www.clihdr[0006:]: Cache-Control: max-age=0 :app.srvrep[0006:0007]: HTTP/1.1 200 OK :app.srvhdr[0006:0007]: Date: Sat, 15 Oct 2011 18:06:20 GMT :app.srvhdr[0006:0007]: Server: Apache/2.2.20 (CentOS) :app.srvhdr[0006:0007]: X-Powered-By: PHP/5.3.6 :app.srvhdr[0006:0007]: P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" :app.srvhdr[0006:0007]: Content-Length: 4937 :app.srvhdr[0006:0007]: Connection: close :app.srvhdr[0006:0007]: Content-Type: text/html; charset=UTF-8 :app.srvcls[0006:0007] :app.clicls[0006:0007] :app.closed[0006:0007] 0001:www.accept(0004)=0006 from [71.187.226.165:1025] 0001:www.clireq[0006:]: GET /cake/app/webroot/css/cake.generic.css HTTP/1.1 0001:www.clihdr[0006:]: Host: stage.jokefire.com 0001:www.clihdr[0006:]: User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0001:www.clihdr[0006:]: Accept: text/css,*/*;q=0.1 0001:www.clihdr[0006:]: Accept-Language: en-us,en;q=0.5 0001:www.clihdr[0006:]: Accept-Encoding: gzip, deflate 0001:www.clihdr[0006:]: Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Thanks once again for any insight you may have to share! Tim - Original Message ----- From: "Tim Dunphy" To: haproxy@formilux.org Sent: Saturday, October 15, 2011 12:07:54 PM Subject: simple failover is failing Hello List, I have a very simple HAProxy configuration that is balancing two web servers. This configuration was failing over from node 1 to node 2, and from node 2 to node 1.. but now the only node that displays the web sites is node 1. If node 1 is stopped and node 2 is the only load balancer running going to the urls that worked under node 1 displays page not found. This is a little puzzling because the configurations between the two nodes is identical. The only difference between the two configuration files are the node and description entries. ## lb1 haproxy config -- this load balancer works - it shows the sites global log 127.0.0.1 local0 log 127.0.0.1 local1 notice maxconn 384 user haproxy group haproxy noepoll daemon node lb1 description jokefire lb 1 spread-checks 5 defaults log global modehttp option httplog option httpchk option httpclose option forwardfor option redispatch retries 3 contimeout
simple failover is failing
Hello List, I have a very simple HAProxy configuration that is balancing two web servers. This configuration was failing over from node 1 to node 2, and from node 2 to node 1.. but now the only node that displays the web sites is node 1. If node 1 is stopped and node 2 is the only load balancer running going to the urls that worked under node 1 displays page not found. This is a little puzzling because the configurations between the two nodes is identical. The only difference between the two configuration files are the node and description entries. ## lb1 haproxy config -- this load balancer works - it shows the sites global log 127.0.0.1 local0 log 127.0.0.1 local1 notice maxconn 384 user haproxy group haproxy noepoll daemon node lb1 description jokefire lb 1 spread-checks 5 defaults log global modehttp option httplog option httpchk option httpclose option forwardfor option redispatch retries 3 contimeout 5 clitimeout 500 srvtimeout 500 stats uri /admin?stats #stats auth bluethundr:secret stats refresh 5s frontend www 192.168.1.200:80 log global default_backend app backend app log global balance roundrobin stats enable cookie SERVERID insert indirect option httpchk HEAD /check.txt HTTP/1.0 server web1 web1.summitnjhome.com:80 cookie A check maxconn 128 server web2 web2.summitnjhome.com:80 cookie B check maxconn 128 ## lb2 haproxy config - this load balacer does not -- sites are page not found! global log 127.0.0.1 local0 log 127.0.0.1 local1 notice maxconn 384 user haproxy group haproxy noepoll daemon node lb2 description jokefire lb 1 spread-checks 5 defaults log global modehttp option httplog option httpchk option httpclose option forwardfor option redispatch retries 3 contimeout 5 clitimeout 500 srvtimeout 500 stats uri /admin?stats #stats auth bluethundr:secret stats refresh 5s frontend www 192.168.1.200:80 log global default_backend app backend app log global balance roundrobin stats enable cookie SERVERID insert indirect option httpchk HEAD /check.txt HTTP/1.0 server web1 web1.summitnjhome.com:80 cookie A check maxconn 128 server web2 web2.summitnjhome.com:80 cookie B check maxconn 128 ## machine info haproxy-1.3.25-1 CentOS release 5.7 (Final) i686 Heartbeat is being provided by keepalived but that appears to be functioning well. Well this is a slightly embarrassing situation but I greatly appreciate any help you may have to offer. Thanks in advance! Tim
haproxy start problem
hello list.. for some reason I broke my config when I tried to move the web servers out of the wrong group and into the right one..I was hoping I could get your opinion on this. ## machine info [root@VIRTCENT01:~] #cat /etc/redhat-release CentOS release 5.5 (Final) [root@VIRTCENT01:~] #uname -a Linux VIRTCENT01 2.6.18-238.1.1.1.el5xen #1 SMP Mon Jan 24 11:02:21 NOVT 2011 x86_64 x86_64 x86_64 GNU/Linux ## haproxy version [root@VIRTCENT01:~] #haproxy -v HA-Proxy version 1.3.25 2010/06/16 Copyright 2000-2009 Willy Tarreau ## haproxy error [root@VIRTCENT01:~] #service haproxy restart [ALERT] 171/142949 (13008) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg [ALERT] 171/142949 (13008) : Fatal errors found in configuration. Errors in configuration file, check with haproxy check. ## this haproxy.cfg doesn't work [root@VIRTCENT01:~] #cat /etc/haproxy/haproxy.cfg global log 127.0.0.1 local0 log 127.0.0.1 local1 notice maxconn 384 user haproxy group haproxy noepoll daemon node lb1 description jokefire lb 2 spread-checks 5 defaults log global modehttp option httplog option httpchk option httpclose option forwardfor option redispatch retries 3 contimeout 5 clitimeout 500 srvtimeout 500 stats uri /admin?stats stats auth bluethundr:4hrim4n0 stats refresh 5s frontend www 192.168.1.200:80 log global balance roundrobin stats enable cookie SERVERID insert indirect option httpchk HEAD /check.txt HTTP/1.0 server web1 web1.summitnjhome.com:80 cookie A check maxconn 128 server web2 web2.summitnjhome.com:80 cookie B check maxconn 128 #backend app #log global #balance roundrobin #stats enable #cookie SERVERID insert indirect #option httpchk HEAD /check.txt HTTP/1.0 #server web1 web1.summitnjhome.com:80 cookie A check maxconn 128 #server web2 web2.summitnjhome.com:80 cookie B check maxconn 128 #backend backup #log global #server web3 web3.summitnjhome.com:80 cookie C check maxconn 128 defaults mode tcp contimeout 5000 clitimeout 5 srvtimeout 5 backend cluster_db_write # # - max 1 db server available at all times # - db01 is preferred (top of list) # - db_backups set their 'up' or 'down' based on results from monitor_dbs # modetcp option tcpka balance roundrobin #option httpchk GET /dbs server db1 192.168.1.31:3306 weight 1 inter 1s rise 2 fall 1 server db3 192.168.1.41:3306 weight 1 inter 1s rise 2 fall 1 backup ## this haproxy.cfg does work but the web servers are in the wrong section [root@VIRTCENT01:~] #cat /etc/haproxy/haproxy.cfg.bak global log 127.0.0.1 local0 log 127.0.0.1 local1 notice maxconn 384 user haproxy group haproxy noepoll daemon node lb1 description jokefire lb 2 spread-checks 5 defaults log global modehttp option httplog option httpchk option httpclose option forwardfor option redispatch retries 3 contimeout 5 clitimeout 500 srvtimeout 500 stats uri /admin?stats stats auth bluethundr:4hrim4n0 stats refresh 5s frontend www 192.168.1.200:80 log global default_backend app backend app log global balance roundrobin stats enable cookie SERVERID insert indirect option httpchk HEAD /check.txt HTTP/1.0 server web1 web1.summitnjhome.com:80 cookie A check maxconn 128 server web2 web2.summitnjhome.com:80 cookie B check maxconn 128 backend cluster_db_write # # - max 1 db server available at all times # - db01 is preferred (top of list) # - db_backups set their 'up' or 'down' based on results from monitor_dbs # modetcp option tcpka balance roundrobin #option httpchk GET /dbs server db1 192.168.1.31:3306 weight 1 inter 1s rise 2 fall 1 server db3 192.168.1.41:3306 weight 1 inter 1s rise 2 fall 1 backup thanks in advance for your help!! tim
