Re: Combining (kind of) http and tcp checks
Am 21.11.2019 um 11:23 schrieb Christian Ruppert:
Hi Aleks,
On 2019-11-21 11:01, Aleksandar Lazic wrote:
Hi.
Am 21.11.2019 um 10:49 schrieb Christian Ruppert:
Hi list,
for an old exchange cluster I have some check listener like:
listen chk_s015023
[snipp]
The new healthcheck is marked as being down/up as expected, the problem is,
that the TCP check for that new health check "server chk_s015023_healthcheck
127.0.0.1:1003 check" doesn't work.
Even though we have that "tcp-request connection reject if { nbsrv lt 1 } {
src LOCALHOST }" within the new check, it doesn't seem to be enough for the
TCP check.
Is it somehow possible to combine both checks, to make it recognize the new
check's status properly?
I'd like to avoid using an external check script to do all those checks.
Maybe you can use the track feature from haproxy for that topic.
https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#5.2-track
I have never used it but it looks exactly what you want.
1 backend for tcp checks and 1 backend for http right?
Regards
Aleks
Thanks! That seems to do the trick:
listen chk_s015023_healthcheck
bind 0.0.0.0:1003
mode http
monitor-uri /check_exchange
tcp-request connection reject if { nbsrv lt 1 } { src LOCALHOST }
monitor fail if { nbsrv lt 1 }
default-server inter 3s rise 2 fall 3
option httpchk GET /owa/healthcheck.htm HTTP/1.0
server s015023_health 192.168.15.23:443 check ssl verify none
listen chk_s015023
bind 0.0.0.0:1001
mode http
monitor-uri /check
tcp-request connection reject if { nbsrv lt 6 } { src LOCALHOST }
monitor fail if { nbsrv lt 6 }
default-server inter 3s rise 2 fall 3
server s015023_smtp 192.168.15.23:25 check
server s015023_pop3 192.168.15.23:110 check
server s015023_imap 192.168.15.23:143 check
server s015023_https 192.168.15.23:443 track
chk_s015023_healthcheck/s015023_health
server s015023_imaps 192.168.15.23:993 check
server s015023_pop3s 192.168.15.23:995 check
Yes, HAProxy is so amazing ;-))
Re: Combining (kind of) http and tcp checks
Hi Aleks,
On 2019-11-21 11:01, Aleksandar Lazic wrote:
Hi.
Am 21.11.2019 um 10:49 schrieb Christian Ruppert:
Hi list,
for an old exchange cluster I have some check listener like:
listen chk_s015023
bind 0.0.0.0:1001
mode http
monitor-uri /check
tcp-request connection reject if { nbsrv lt 6 } { src
LOCALHOST }
monitor fail if { nbsrv lt 6 }
default-server inter 3s rise 2 fall 3
server s015023_smtp 192.168.15.23:25 check
server s015023_pop3 192.168.15.23:110 check
server s015023_imap 192.168.15.23:143 check
server s015023_https 192.168.15.23:443 check
server s015023_imaps 192.168.15.23:993 check
server s015023_pop3s 192.168.15.23:995 check
Which is then being used by the actual backends like:
backend bk_exchange_https
mode http
option httpchk HEAD /check HTTP/1.0
server s015023 192.168.15.23:443 ssl verify none check addr
127.0.0.1 port 1001 observe layer4
server s015024 192.168.15.24:443 ssl verify none check addr
127.0.0.1 port 1002 observe layer4
...
The old cluster is currently being updated and there's a included
health check available for Exchange which I'd like to include.
So I was thinking about something like:
listen chk_s015023_healthcheck
bind 0.0.0.0:1003
mode http
monitor-uri /check_exchange
tcp-request connection reject if { nbsrv lt 1 } { src
LOCALHOST }
monitor fail if { nbsrv lt 1 }
default-server inter 3s rise 2 fall 3
option httpchk GET /owa/healthcheck.htm HTTP/1.0
server s015023_health 192.168.15.23:443 check ssl verify none
listen chk_s015023
bind 0.0.0.0:1001
mode http
monitor-uri /check
tcp-request connection reject if { nbsrv lt 7 } { src
LOCALHOST }
monitor fail if { nbsrv lt 7 }
default-server inter 3s rise 2 fall 3
server s015023_smtp 192.168.15.23:25 check
server s015023_pop3 192.168.15.23:110 check
server s015023_imap 192.168.15.23:143 check
server s015023_https 192.168.15.23:443 check
server s015023_imaps 192.168.15.23:993 check
server s015023_pop3s 192.168.15.23:995 check
server chk_s015023_healthcheck 127.0.0.1:1003 check
The new healthcheck is marked as being down/up as expected, the
problem is, that the TCP check for that new health check "server
chk_s015023_healthcheck 127.0.0.1:1003 check" doesn't work.
Even though we have that "tcp-request connection reject if { nbsrv lt
1 } { src LOCALHOST }" within the new check, it doesn't seem to be
enough for the TCP check.
Is it somehow possible to combine both checks, to make it recognize
the new check's status properly?
I'd like to avoid using an external check script to do all those
checks.
Maybe you can use the track feature from haproxy for that topic.
https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#5.2-track
I have never used it but it looks exactly what you want.
1 backend for tcp checks and 1 backend for http right?
Regards
Aleks
Thanks! That seems to do the trick:
listen chk_s015023_healthcheck
bind 0.0.0.0:1003
mode http
monitor-uri /check_exchange
tcp-request connection reject if { nbsrv lt 1 } { src LOCALHOST
}
monitor fail if { nbsrv lt 1 }
default-server inter 3s rise 2 fall 3
option httpchk GET /owa/healthcheck.htm HTTP/1.0
server s015023_health 192.168.15.23:443 check ssl verify none
listen chk_s015023
bind 0.0.0.0:1001
mode http
monitor-uri /check
tcp-request connection reject if { nbsrv lt 6 } { src LOCALHOST
}
monitor fail if { nbsrv lt 6 }
default-server inter 3s rise 2 fall 3
server s015023_smtp 192.168.15.23:25 check
server s015023_pop3 192.168.15.23:110 check
server s015023_imap 192.168.15.23:143 check
server s015023_https 192.168.15.23:443 track
chk_s015023_healthcheck/s015023_health
server s015023_imaps 192.168.15.23:993 check
server s015023_pop3s 192.168.15.23:995 check
--
Regards,
Christian Ruppert
Re: Combining (kind of) http and tcp checks
Hi.
Am 21.11.2019 um 10:49 schrieb Christian Ruppert:
Hi list,
for an old exchange cluster I have some check listener like:
listen chk_s015023
bind 0.0.0.0:1001
mode http
monitor-uri /check
tcp-request connection reject if { nbsrv lt 6 } { src LOCALHOST }
monitor fail if { nbsrv lt 6 }
default-server inter 3s rise 2 fall 3
server s015023_smtp 192.168.15.23:25 check
server s015023_pop3 192.168.15.23:110 check
server s015023_imap 192.168.15.23:143 check
server s015023_https 192.168.15.23:443 check
server s015023_imaps 192.168.15.23:993 check
server s015023_pop3s 192.168.15.23:995 check
Which is then being used by the actual backends like:
backend bk_exchange_https
mode http
option httpchk HEAD /check HTTP/1.0
server s015023 192.168.15.23:443 ssl verify none check addr 127.0.0.1
port 1001 observe layer4
server s015024 192.168.15.24:443 ssl verify none check addr 127.0.0.1
port 1002 observe layer4
...
The old cluster is currently being updated and there's a included health check
available for Exchange which I'd like to include.
So I was thinking about something like:
listen chk_s015023_healthcheck
bind 0.0.0.0:1003
mode http
monitor-uri /check_exchange
tcp-request connection reject if { nbsrv lt 1 } { src LOCALHOST }
monitor fail if { nbsrv lt 1 }
default-server inter 3s rise 2 fall 3
option httpchk GET /owa/healthcheck.htm HTTP/1.0
server s015023_health 192.168.15.23:443 check ssl verify none
listen chk_s015023
bind 0.0.0.0:1001
mode http
monitor-uri /check
tcp-request connection reject if { nbsrv lt 7 } { src LOCALHOST }
monitor fail if { nbsrv lt 7 }
default-server inter 3s rise 2 fall 3
server s015023_smtp 192.168.15.23:25 check
server s015023_pop3 192.168.15.23:110 check
server s015023_imap 192.168.15.23:143 check
server s015023_https 192.168.15.23:443 check
server s015023_imaps 192.168.15.23:993 check
server s015023_pop3s 192.168.15.23:995 check
server chk_s015023_healthcheck 127.0.0.1:1003 check
The new healthcheck is marked as being down/up as expected, the problem is, that
the TCP check for that new health check "server chk_s015023_healthcheck
127.0.0.1:1003 check" doesn't work.
Even though we have that "tcp-request connection reject if { nbsrv lt 1 } { src
LOCALHOST }" within the new check, it doesn't seem to be enough for the TCP check.
Is it somehow possible to combine both checks, to make it recognize the new
check's status properly?
I'd like to avoid using an external check script to do all those checks.
Maybe you can use the track feature from haproxy for that topic.
https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#5.2-track
I have never used it but it looks exactly what you want.
1 backend for tcp checks and 1 backend for http right?
Regards
Aleks
Combining (kind of) http and tcp checks
Hi list,
for an old exchange cluster I have some check listener like:
listen chk_s015023
bind 0.0.0.0:1001
mode http
monitor-uri /check
tcp-request connection reject if { nbsrv lt 6 } { src LOCALHOST
}
monitor fail if { nbsrv lt 6 }
default-server inter 3s rise 2 fall 3
server s015023_smtp 192.168.15.23:25 check
server s015023_pop3 192.168.15.23:110 check
server s015023_imap 192.168.15.23:143 check
server s015023_https 192.168.15.23:443 check
server s015023_imaps 192.168.15.23:993 check
server s015023_pop3s 192.168.15.23:995 check
Which is then being used by the actual backends like:
backend bk_exchange_https
mode http
option httpchk HEAD /check HTTP/1.0
server s015023 192.168.15.23:443 ssl verify none check addr
127.0.0.1 port 1001 observe layer4
server s015024 192.168.15.24:443 ssl verify none check addr
127.0.0.1 port 1002 observe layer4
...
The old cluster is currently being updated and there's a included health
check available for Exchange which I'd like to include.
So I was thinking about something like:
listen chk_s015023_healthcheck
bind 0.0.0.0:1003
mode http
monitor-uri /check_exchange
tcp-request connection reject if { nbsrv lt 1 } { src LOCALHOST
}
monitor fail if { nbsrv lt 1 }
default-server inter 3s rise 2 fall 3
option httpchk GET /owa/healthcheck.htm HTTP/1.0
server s015023_health 192.168.15.23:443 check ssl verify none
listen chk_s015023
bind 0.0.0.0:1001
mode http
monitor-uri /check
tcp-request connection reject if { nbsrv lt 7 } { src LOCALHOST
}
monitor fail if { nbsrv lt 7 }
default-server inter 3s rise 2 fall 3
server s015023_smtp 192.168.15.23:25 check
server s015023_pop3 192.168.15.23:110 check
server s015023_imap 192.168.15.23:143 check
server s015023_https 192.168.15.23:443 check
server s015023_imaps 192.168.15.23:993 check
server s015023_pop3s 192.168.15.23:995 check
server chk_s015023_healthcheck 127.0.0.1:1003 check
The new healthcheck is marked as being down/up as expected, the problem
is, that the TCP check for that new health check "server
chk_s015023_healthcheck 127.0.0.1:1003 check" doesn't work.
Even though we have that "tcp-request connection reject if { nbsrv lt 1
} { src LOCALHOST }" within the new check, it doesn't seem to be enough
for the TCP check.
Is it somehow possible to combine both checks, to make it recognize the
new check's status properly?
I'd like to avoid using an external check script to do all those checks.
--
Regards,
Christian Ruppert
