Re: Combining (kind of) http and tcp checks
Am 21.11.2019 um 11:23 schrieb Christian Ruppert: Hi Aleks, On 2019-11-21 11:01, Aleksandar Lazic wrote: Hi. Am 21.11.2019 um 10:49 schrieb Christian Ruppert: Hi list, for an old exchange cluster I have some check listener like: listen chk_s015023 [snipp] The new healthcheck is marked as being down/up as expected, the problem is, that the TCP check for that new health check "server chk_s015023_healthcheck 127.0.0.1:1003 check" doesn't work. Even though we have that "tcp-request connection reject if { nbsrv lt 1 } { src LOCALHOST }" within the new check, it doesn't seem to be enough for the TCP check. Is it somehow possible to combine both checks, to make it recognize the new check's status properly? I'd like to avoid using an external check script to do all those checks. Maybe you can use the track feature from haproxy for that topic. https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#5.2-track I have never used it but it looks exactly what you want. 1 backend for tcp checks and 1 backend for http right? Regards Aleks Thanks! That seems to do the trick: listen chk_s015023_healthcheck bind 0.0.0.0:1003 mode http monitor-uri /check_exchange tcp-request connection reject if { nbsrv lt 1 } { src LOCALHOST } monitor fail if { nbsrv lt 1 } default-server inter 3s rise 2 fall 3 option httpchk GET /owa/healthcheck.htm HTTP/1.0 server s015023_health 192.168.15.23:443 check ssl verify none listen chk_s015023 bind 0.0.0.0:1001 mode http monitor-uri /check tcp-request connection reject if { nbsrv lt 6 } { src LOCALHOST } monitor fail if { nbsrv lt 6 } default-server inter 3s rise 2 fall 3 server s015023_smtp 192.168.15.23:25 check server s015023_pop3 192.168.15.23:110 check server s015023_imap 192.168.15.23:143 check server s015023_https 192.168.15.23:443 track chk_s015023_healthcheck/s015023_health server s015023_imaps 192.168.15.23:993 check server s015023_pop3s 192.168.15.23:995 check Yes, HAProxy is so amazing ;-))
Re: Combining (kind of) http and tcp checks
Hi Aleks, On 2019-11-21 11:01, Aleksandar Lazic wrote: Hi. Am 21.11.2019 um 10:49 schrieb Christian Ruppert: Hi list, for an old exchange cluster I have some check listener like: listen chk_s015023 bind 0.0.0.0:1001 mode http monitor-uri /check tcp-request connection reject if { nbsrv lt 6 } { src LOCALHOST } monitor fail if { nbsrv lt 6 } default-server inter 3s rise 2 fall 3 server s015023_smtp 192.168.15.23:25 check server s015023_pop3 192.168.15.23:110 check server s015023_imap 192.168.15.23:143 check server s015023_https 192.168.15.23:443 check server s015023_imaps 192.168.15.23:993 check server s015023_pop3s 192.168.15.23:995 check Which is then being used by the actual backends like: backend bk_exchange_https mode http option httpchk HEAD /check HTTP/1.0 server s015023 192.168.15.23:443 ssl verify none check addr 127.0.0.1 port 1001 observe layer4 server s015024 192.168.15.24:443 ssl verify none check addr 127.0.0.1 port 1002 observe layer4 ... The old cluster is currently being updated and there's a included health check available for Exchange which I'd like to include. So I was thinking about something like: listen chk_s015023_healthcheck bind 0.0.0.0:1003 mode http monitor-uri /check_exchange tcp-request connection reject if { nbsrv lt 1 } { src LOCALHOST } monitor fail if { nbsrv lt 1 } default-server inter 3s rise 2 fall 3 option httpchk GET /owa/healthcheck.htm HTTP/1.0 server s015023_health 192.168.15.23:443 check ssl verify none listen chk_s015023 bind 0.0.0.0:1001 mode http monitor-uri /check tcp-request connection reject if { nbsrv lt 7 } { src LOCALHOST } monitor fail if { nbsrv lt 7 } default-server inter 3s rise 2 fall 3 server s015023_smtp 192.168.15.23:25 check server s015023_pop3 192.168.15.23:110 check server s015023_imap 192.168.15.23:143 check server s015023_https 192.168.15.23:443 check server s015023_imaps 192.168.15.23:993 check server s015023_pop3s 192.168.15.23:995 check server chk_s015023_healthcheck 127.0.0.1:1003 check The new healthcheck is marked as being down/up as expected, the problem is, that the TCP check for that new health check "server chk_s015023_healthcheck 127.0.0.1:1003 check" doesn't work. Even though we have that "tcp-request connection reject if { nbsrv lt 1 } { src LOCALHOST }" within the new check, it doesn't seem to be enough for the TCP check. Is it somehow possible to combine both checks, to make it recognize the new check's status properly? I'd like to avoid using an external check script to do all those checks. Maybe you can use the track feature from haproxy for that topic. https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#5.2-track I have never used it but it looks exactly what you want. 1 backend for tcp checks and 1 backend for http right? Regards Aleks Thanks! That seems to do the trick: listen chk_s015023_healthcheck bind 0.0.0.0:1003 mode http monitor-uri /check_exchange tcp-request connection reject if { nbsrv lt 1 } { src LOCALHOST } monitor fail if { nbsrv lt 1 } default-server inter 3s rise 2 fall 3 option httpchk GET /owa/healthcheck.htm HTTP/1.0 server s015023_health 192.168.15.23:443 check ssl verify none listen chk_s015023 bind 0.0.0.0:1001 mode http monitor-uri /check tcp-request connection reject if { nbsrv lt 6 } { src LOCALHOST } monitor fail if { nbsrv lt 6 } default-server inter 3s rise 2 fall 3 server s015023_smtp 192.168.15.23:25 check server s015023_pop3 192.168.15.23:110 check server s015023_imap 192.168.15.23:143 check server s015023_https 192.168.15.23:443 track chk_s015023_healthcheck/s015023_health server s015023_imaps 192.168.15.23:993 check server s015023_pop3s 192.168.15.23:995 check -- Regards, Christian Ruppert
Re: Combining (kind of) http and tcp checks
Hi. Am 21.11.2019 um 10:49 schrieb Christian Ruppert: Hi list, for an old exchange cluster I have some check listener like: listen chk_s015023 bind 0.0.0.0:1001 mode http monitor-uri /check tcp-request connection reject if { nbsrv lt 6 } { src LOCALHOST } monitor fail if { nbsrv lt 6 } default-server inter 3s rise 2 fall 3 server s015023_smtp 192.168.15.23:25 check server s015023_pop3 192.168.15.23:110 check server s015023_imap 192.168.15.23:143 check server s015023_https 192.168.15.23:443 check server s015023_imaps 192.168.15.23:993 check server s015023_pop3s 192.168.15.23:995 check Which is then being used by the actual backends like: backend bk_exchange_https mode http option httpchk HEAD /check HTTP/1.0 server s015023 192.168.15.23:443 ssl verify none check addr 127.0.0.1 port 1001 observe layer4 server s015024 192.168.15.24:443 ssl verify none check addr 127.0.0.1 port 1002 observe layer4 ... The old cluster is currently being updated and there's a included health check available for Exchange which I'd like to include. So I was thinking about something like: listen chk_s015023_healthcheck bind 0.0.0.0:1003 mode http monitor-uri /check_exchange tcp-request connection reject if { nbsrv lt 1 } { src LOCALHOST } monitor fail if { nbsrv lt 1 } default-server inter 3s rise 2 fall 3 option httpchk GET /owa/healthcheck.htm HTTP/1.0 server s015023_health 192.168.15.23:443 check ssl verify none listen chk_s015023 bind 0.0.0.0:1001 mode http monitor-uri /check tcp-request connection reject if { nbsrv lt 7 } { src LOCALHOST } monitor fail if { nbsrv lt 7 } default-server inter 3s rise 2 fall 3 server s015023_smtp 192.168.15.23:25 check server s015023_pop3 192.168.15.23:110 check server s015023_imap 192.168.15.23:143 check server s015023_https 192.168.15.23:443 check server s015023_imaps 192.168.15.23:993 check server s015023_pop3s 192.168.15.23:995 check server chk_s015023_healthcheck 127.0.0.1:1003 check The new healthcheck is marked as being down/up as expected, the problem is, that the TCP check for that new health check "server chk_s015023_healthcheck 127.0.0.1:1003 check" doesn't work. Even though we have that "tcp-request connection reject if { nbsrv lt 1 } { src LOCALHOST }" within the new check, it doesn't seem to be enough for the TCP check. Is it somehow possible to combine both checks, to make it recognize the new check's status properly? I'd like to avoid using an external check script to do all those checks. Maybe you can use the track feature from haproxy for that topic. https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#5.2-track I have never used it but it looks exactly what you want. 1 backend for tcp checks and 1 backend for http right? Regards Aleks
Combining (kind of) http and tcp checks
Hi list, for an old exchange cluster I have some check listener like: listen chk_s015023 bind 0.0.0.0:1001 mode http monitor-uri /check tcp-request connection reject if { nbsrv lt 6 } { src LOCALHOST } monitor fail if { nbsrv lt 6 } default-server inter 3s rise 2 fall 3 server s015023_smtp 192.168.15.23:25 check server s015023_pop3 192.168.15.23:110 check server s015023_imap 192.168.15.23:143 check server s015023_https 192.168.15.23:443 check server s015023_imaps 192.168.15.23:993 check server s015023_pop3s 192.168.15.23:995 check Which is then being used by the actual backends like: backend bk_exchange_https mode http option httpchk HEAD /check HTTP/1.0 server s015023 192.168.15.23:443 ssl verify none check addr 127.0.0.1 port 1001 observe layer4 server s015024 192.168.15.24:443 ssl verify none check addr 127.0.0.1 port 1002 observe layer4 ... The old cluster is currently being updated and there's a included health check available for Exchange which I'd like to include. So I was thinking about something like: listen chk_s015023_healthcheck bind 0.0.0.0:1003 mode http monitor-uri /check_exchange tcp-request connection reject if { nbsrv lt 1 } { src LOCALHOST } monitor fail if { nbsrv lt 1 } default-server inter 3s rise 2 fall 3 option httpchk GET /owa/healthcheck.htm HTTP/1.0 server s015023_health 192.168.15.23:443 check ssl verify none listen chk_s015023 bind 0.0.0.0:1001 mode http monitor-uri /check tcp-request connection reject if { nbsrv lt 7 } { src LOCALHOST } monitor fail if { nbsrv lt 7 } default-server inter 3s rise 2 fall 3 server s015023_smtp 192.168.15.23:25 check server s015023_pop3 192.168.15.23:110 check server s015023_imap 192.168.15.23:143 check server s015023_https 192.168.15.23:443 check server s015023_imaps 192.168.15.23:993 check server s015023_pop3s 192.168.15.23:995 check server chk_s015023_healthcheck 127.0.0.1:1003 check The new healthcheck is marked as being down/up as expected, the problem is, that the TCP check for that new health check "server chk_s015023_healthcheck 127.0.0.1:1003 check" doesn't work. Even though we have that "tcp-request connection reject if { nbsrv lt 1 } { src LOCALHOST }" within the new check, it doesn't seem to be enough for the TCP check. Is it somehow possible to combine both checks, to make it recognize the new check's status properly? I'd like to avoid using an external check script to do all those checks. -- Regards, Christian Ruppert