Hi Michael,
On Fri, Apr 17, 2009 at 04:47:38PM +0100, Michael Miller wrote:
> Hi,
>
> I am doing some intial testing with HAProxy and have come across a
> problem I don't seem to be able to resolve.
>
> A summary of what I am initially trying to achieve follows. I am trying
> to use HAProxy to provide a VIP that passes on a tcp (SMTP as it
> happens) stream to a backend server. If that server is down, I would
> like the connection forwarded to a backup server.
>
> Doing some testing and watching the status page reveals that if both
> servers are configured as normal, rather than backup, servers the tcp
> connection is rerouted when the initial attempt to connect fails.
> However, when one server is configured as backup, the connection never
> gets to the backup server.
>
> The config I am using is:
> global
> log 127.0.0.1 local0
> log 127.0.0.1 local1 notice
> maxconn 4096
> pidfile /var/run/haproxy.pid
> ##chroot /usr/share/haproxy
> user haproxy
> group haproxy
> daemon
> #debug
> #quiet
> spread-checks 10
>
> defaults default_settings
> log global
> modehttp
> option httplog
> option dontlognull
> option abortonclose
> ## option allbackups
> option clitcpka
> option srvtcpka
> option forwardfor
> retries 10
> option redispatch
> maxconn 2000
> backlog 256
> timeout connect 5000
> timeout client 5
> timeout server 1
>
> listen www-health
> bind 0.0.0.0:8080
> mode http
> monitor-uri /haproxy
> stats enable
> stats uri /stats
>
> listen smtp
> log global
> bind 0.0.0.0:25
> mode tcp
> #option smtpchk HELO haproxy.local
> option tcplog
> balance roundrobin
> rate-limit sessions 10
> timeout connect 1
> timeout client 6
> timeout server 6
>
> server smtp01 10.1.1.5:25
> server smtp02 10.1.1.6:25 backup
>
>
>
>
> Note that I am trying to avoid using active health checks and am hoping
> that the tcp connection failure when connecting to the primary will fall
> back to the backup server. This works as expected when both servers are
> configured as "active" rather than "backup" servers. Looking at the
> status page when one is down, the 10 retries against the "down" server
> are shown and then the tcp connection succeeds to the second server.
>
> Is this a bug that the tcp connection is not forwarded to the backup
> server, or am I missing some "obvious" configuration settings?
Neither :-)
It is designed to work like this though I agree that it is not
necessarily obvious. As documented, a backup server is only activated
when all other servers are down. Here, since you are not checking the
active server, it is never down. That's as simple as that. May I ask
why you don't want to enable health-checks ? That's a rather strange
choice, as it means you don't care about the server's status but
still hope that a failure will be detected fast enough to hope a
redispatch would work. You might destroy a lot of traffic acting
like this.
Also, there is an "smtpchk" option which is able to check that your
server responds on port 25. You should really use it. You don't
necessarily need to check every second, for SMTP generally, checking
once a minute may be enough for small setups.
Regards,
Willy
