Hello,
I want to use haproxy with mysql-cluster but I have problems with
"mysql flush-hosts". So I took the latest version 1.4 with haproxy
"option mysql-check" but I still have the same problems "mysql
flush-hosts&quo
Hello all,
I have updated the mysql-check with idea and code from Cyril. I send()
the authentication packet the same way as the ssl hello packet,
i think it is more cleaner than send() in the event_srv_chk_r().
I now handle a correct banner but with error after sending the
authentication
Hi,
I was trying to make HAProxy's mysql-check option work with the MySQL
Servers on Windows. HAProxy is on linux, MySQL on windows.There are 2 MySQL
servers - Server1 and Server2. It was not working (HAProxy was always
marking the servers down). I tried changing one of the MySQL server en
Hi Hervé,
I have a few comments and concerns about possibly missing tests below.
On Fri, Jan 15, 2010 at 06:30:28PM +0100, Hervé COMMOWICK wrote:
> + unsigned int first_packet_len;
> + first_packet_len = ((unsigned int) trash[0]) + (((unsigned int)
> trash[1]) << 8) + (((
Hi Hervé and Willy,
I'm answering to your 2 previous mails in this one.
Le Vendredi 15 Janvier 2010 18:30:28, Hervé COMMOWICK a écrit :
> I have updated the mysql-check with idea and code from Cyril. I send()
> the authentication packet the same way as the ssl hello packet,
> i th
fr
Copie à: haproxy@formilux.org
Date: Fri, 15 Jan 2010 23:26:59 +0100
-
> Hi Herv� and Willy,
>
> I'm answering to your 2 previous mails in this one.
>
> Le Vendredi 15 Janvier 2010 18:30:28, Herv� COMMOWICK a �crit :
&
Hi Hervé,
On Sat, Jan 16, 2010 at 11:34:38PM +0100, Herve COMMOWICK wrote:
> Hi Cyril,
>
> You forgot the log-error option that much sysadmin use for correct debugging
> without pollution, but i don't think it logs incorrect logging (if i
> remember well).
>
> The Authentication packet is mandat
Hi all,
Le Samedi 16 Janvier 2010 23:58:25, Willy Tarreau a écrit :
> Hi Hervé,
>
> On Sat, Jan 16, 2010 at 11:34:38PM +0100, Herve COMMOWICK wrote:
> > Hi Cyril,
> >
> > You forgot the log-error option that much sysadmin use for correct debugging
> > without pollution, but i don't think it logs
Hi,
On Sun, Jan 17, 2010 at 06:36:06PM +0100, Cyril Bonté wrote:
(...)
> Hervé's patch is near the lightest check haproxy can do, the
> "haproxy" user can be provided in the authentication request
> (or not) and I'd prefer the response to be ignored as it can
> have side effect on the backend serv
start/stop messages and
> critical errors (engines integrity errors, server/thread crashes, ...) but
> authentication is not logged in it.
Oh ok, I think I get it...maybe you talked about log-warnings. In that case,
the mysql-check will add logs on the mysql server, but only if the "haprox
Hi,
On Fri, Jun 14, 2013 at 03:38:25PM +0530, Jayadevan M wrote:
> Hi,
>
> I was trying to make HAProxy's mysql-check option work with the MySQL
> Servers on Windows. HAProxy is on linux, MySQL on windows.There are 2 MySQL
> servers - Server1 and Server2. It was not working
Hi,
The port is correct. I am running MySQL on 3406. Will try to take tcpdum.
Regards,
Jayadevan
On Fri, Jun 14, 2013 at 3:43 PM, Willy Tarreau wrote:
> Hi,
>
> On Fri, Jun 14, 2013 at 03:38:25PM +0530, Jayadevan M wrote:
> > Hi,
> >
> > I was trying to make HAProx
Hi,
>-Original Message-
>From: Willy Tarreau [mailto:w...@1wt.eu]
>Sent: Friday, June 14, 2013 3:44 PM
>To: Jayadevan M
>Cc: haproxy@formilux.org; Jayadevan M
>Subject: Re: haproxy mysql-check
>
>Hi,
>
>On Fri, Jun 14, 2013 at 03:38:25PM +0530, Jayadev
On Fri, Jun 14, 2013 at 10:30:14AM +, Jayadevan M wrote:
> Telnet works -
> -bash-3.00# telnet 192.168.8.37 3406
> Trying 192.168.8.37...
> Connected to 192.168.8.37.
> Escape character is '^]'.
> B
> 5.1.34-community-logÂBjon[]Ax<`OI_&<;Qg3^CConnection to 192.168.8.37 closed
> by foreign host
Hi,
>-Original Message-
>From: Willy Tarreau [mailto:w...@1wt.eu]
>Sent: Friday, June 14, 2013 5:53 PM
>To: Jayadevan M
>Cc: Jayadevan M; haproxy@formilux.org
>Subject: Re: haproxy mysql-check
>
>On Fri, Jun 14, 2013 at 10:30:14AM +, Jayadevan M wrote:
>>
Hi Jayadevan,
On Mon, Jun 17, 2013 at 04:55:42AM +, Jayadevan M wrote:
> Here is the output. 192.168.2.27 (MySQL on linux) works. 192.168.8.37 (MySQL
> on Windows) does not.
OK so linux part here :
> 10:25:57.474629 connect(5, {sa_family=AF_INET, sin_port=htons(3306),
> sin_addr=inet_addr(
HI,
>OK so linux part here :
>
>> 10:25:57.474629 connect(5, {sa_family=AF_INET, sin_port=htons(3306),
>> sin_addr=inet_addr("192.168.2.27")}, 16) = -1 EINPROGRESS (Operation
>> now in progress) <0.000202>
>> 10:25:57.475000 sendto(5,
>> "\16\0\0\1\0\200\0\0\1haproxy\0\0\1\0\0\0\1", 23,
>> MSG_DONT
On Mon, Jun 17, 2013 at 05:50:29AM +, Jayadevan M wrote:
> >What version of haproxy is this ?
> >
> It is haproxy-1.4.22
OK. That's really strange. I'll recheck here by copy-pasting your
data to a fake responder, just in case we missed something.
> What does " MSG_DONTWAIT|MSG_NOSIGNAL, NULL,
Hi,
>OK. That's really strange. I'll recheck here by copy-pasting your data to a
>fake
>responder, just in case we missed something.
Does the following parameter have anything to do with this? I tried changing a
few parameters and now it seems to be working. Will test some more. In the real
sc
On Mon, Jun 17, 2013 at 06:29:55AM +, Jayadevan M wrote:
> Hi,
>
> >OK. That's really strange. I'll recheck here by copy-pasting your data to a
> >fake
> >responder, just in case we missed something.
>
> Does the following parameter have anything to do with this? I tried changing
> a few pa
t server 3
listen stats :1936
mode http
stats enable
stats realm Haproxy\ Statistics
stats uri /
frontend mysql_proxy *:3309
mode tcp
default_backend request_mysql
backend request_mysql
mode tcp
option mysql-check user haproxy
server svr2 19
tics
> stats uri /
>
> frontend mysql_proxy *:3309
> mode tcp
> default_backend request_mysql
>
> backend request_mysql
> mode tcp
> option mysql-check user haproxy
> server svr2 192.168.8.37:3406 weight 1 check port 3406 inter
Hi,
> listen stats :1936
> mode http
> stats enable
> stats realm Haproxy\ Statistics
> stats uri /
>
> frontend mysql_proxy *:3309
> mode tcp
> default_backend request_mysql
One error to another - How can I make HAProxy use a new MySQL client/libraries?
I am getting
ckup servers left. 0 sessions active, 0
> requeued, 0 remaining in queue.
You should specify a username with the check I believe, please look at
"option mysql-check" in the doc, it includes an example of how to set it
up.
Hoping this helps,
Willy
Hello,
I have tracked this down to the new authentication method used in MySQL
5.6 since version 5.6.6.
Verify this for the user you specified in option mysql-check:
select plugin from mysql.user where user='monitor' \G
*** 1. row
Hi,
>
>Verify this for the user you specified in option mysql-check:
>
>select plugin from mysql.user where user='monitor' \G
>*** 1. row ***
>plugin: sha256_password
>1 row in set (0.00 sec)
>
>If you see sha
On 06/18/2013 09:29 AM, Jayadevan M wrote:
> [...]
>> CREATE USER monitor@ IDENTIFIED WITH
>> 'mysql_native_password';
>>
>> Verify it is working by doing:
>>
>> select plugin from mysql.user where user='monitor' \G
>> *** 1. row ***
>> plugin: mysq
>
>Did you change authentication plugin to make it work ? If this is due to auth
>plugin, we definitely need to update the documentation.
>
I did. But that did not help. So I used latest version of HAProxy. That worked.
This is the status now -
mysql> select distinct user,HOST,plugin from mysql.u
Ok so it looks like changes i made a while ago to support mysql >=5.5,
must be ok since haproxy 1.4.16 :
http://git.1wt.eu/web?p=haproxy.git;a=commitdiff;h=212f778d6
Regards,
Hervé.
On 06/18/2013 12:01 PM, Jayadevan M wrote:
>>
>> Did you change authentication plugin to make it work ? If this is
ed.
Relevant part of the HAproxy configuration:
backend testback_mysql
balance roundrobin
mode tcp
option mysql-check user monitor
server localmysql-1 127.0.0.1:3306 weight 100 maxconn 768 inter
5000 fall 3 rise 3 check
On 06/18/2013 12:08 PM, Hervé COMMOWICK wrote:
>
ouldn't be that difficult to adjust the mysql-check.
Lukas
but it all sounds too much for me in order to
do this.
Another option is to add plugin option to the configuration, like
option mysql-check user monitor sha256
[1]
http://dev.mysql.com/doc/refman/5.6/en/sha256-authentication-plugin.html
IHMO, this is a plugin auth module and going down the route to
Hi,
>Jayadevan, can you tell us what version you are running (which works) and
>what release you where using before? Just double checking that commit
>212f778d6 fixed that problem ...
Initial - HA-Proxy version 1.4.9 2010/10/28
Now - HA-Proxy version 1.4.24 2013/06/17
>I guess you had to do both
Hi Willy,
Be careful with the new "mysql-check" option introduced in the development
branch.
http://haproxy.1wt.eu/git?p=haproxy.git;a=commit;h=698ae00fc272bf5f4e159922546347066bd66378
It won't work with distant backends :
mysql has a mechanism to block hosts that open conn
andle this in a cleaner way.
as a workaround, you can disable the mysql connection_errors checking by
adding max_connect_errors=9 in you my.cnf
Regards,
Hervé.
On 01/13/2010 11:48 AM, cyril.bo...@free.fr wrote:
Hi Willy,
Be careful with the new "mysql-check" option introduced
Hi Hervé,
First of all, sorry, I wanted to contact you directly to know the status of
this development, but I didn't find your email.
I realized too late that I saw it in the commit sooner in the morning :)
Le Mercredi 13 Janvier 2010 12:56:30, Hervé COMMOWICK a écrit :
> Hi Cyril,
>
> I know t
in
turn makes a "normal" mysql connection to the database, does a query,
checks the return value against a known good result, and then outputs
good or bad.
I don't know what the mysql-check does (sorry, haven't dug through the
actual changed commit.) I don't see any ref
Hi Paul,
On Wed, Jan 13, 2010 at 12:31:09PM -0800, Paul Hirose wrote:
(...)
> >> as a workaround, you can disable the mysql connection_errors checking by
> >> adding max_connect_errors=9 in you my.cnf
(...)
> I don't know what the mysql-check does (sorry, haven&
Hi Paul,
Le Mercredi 13 Janvier 2010 22:15:51, Willy Tarreau a écrit :
> On Wed, Jan 13, 2010 at 12:31:09PM -0800, Paul Hirose wrote:
> > (...)
> > So I
> > do have trouble with connections of a long duration but where there is
> > little actual data. Usually some client application that makes a
On Wed, Jan 13, 2010 at 1:15 PM, Willy Tarreau wrote:
>> One thing I've had trouble with when doing mysql though was the
>> connection timeouts. I tried using tcpka but that didn't do it.
>it would not change because tcpka enables tcp keepalives which just
>the system is aware of. It is not appli
Hi again Hervé,
Le Mercredi 13 Janvier 2010 12:56:30, Hervé COMMOWICK a écrit :
> Hi Cyril,
>
> I know the check is not perfect, because it doesn't handle a correct
> disconnection.
> Mysql expect the client to talk, and i think it's weird... in the
> future, i think it will be better to do a *
Le Jeudi 14 Janvier 2010 00:28:19, Cyril Bonté a écrit :
> "\x00\x00" /* client capabilities */
> "\x00\x00" /* extended client capabilities */
Well, this bytes are too simplified to work (it misses some bits for mysql 4.1
compatibility).
thos
On Thu, Jan 14, 2010 at 12:28:19AM +0100, Cyril Bonté wrote:
> Hi again Hervé,
>
> Le Mercredi 13 Janvier 2010 12:56:30, Hervé COMMOWICK a écrit :
> > Hi Cyril,
> >
> > I know the check is not perfect, because it doesn't handle a correct
> > disconnection.
> > Mysql expect the client to talk, an
Hi Cyril,
I'm happy, because i knew there are better developer than me on this list.
This is why i decide to send my code to willy (even if it is not
perfect) because i knew this wake up you guys ;)
I will try your "start of reflection" on "old" mysql server, stay up
Hervé.
On 01/14/2010 12
On Thu, Jan 14, 2010 at 07:09:51AM +0100, Willy Tarreau wrote:
Here is the error I talked about :
src/checks.c: In function 'event_srv_chk_r':
src/checks.c:869: warning: comparison is always true due to limited range of
data type
I finally fixed it that way since the comment above was about 0xf
Hi Hervé and Willy,
Le Jeudi 14 Janvier 2010 09:31:29, Hervé COMMOWICK a écrit :
> I will try your "start of reflection" on "old" mysql server, stay up
Today I had a mysql 4.0.30 available so I could try the current git code.
I got all the elements I wanted so I took a little time this evening to
Hi Cyril,
thanks for your tests. I'll leave it up to you and Hervé to improve
on existing code, since I really have no added value here (I don't
even have one mysql at hand).
Concerning possible choices, I agree that we must do our best not
to perturbate the service. Most of the time when people
Le Jeudi 14 Janvier 2010 22:20:20, Cyril Bonté a écrit :
> Please find the patch in attachment if you're interested.
Oops, 2 bugs were left in that version :
1. the 8 bytes for scramble buff are not needed when there's no password
2. sizeof(MYSQL40_HANDSHAKE_ACK) gives one more byte than required.
I can put username is there but not the password.
Is it there.
Regards,
Pankaj Bhardwaj
Final Year UnderGraduate(CSE)
IIT Rajasthan,jodhpur
/nenadmerdanovic
>From 2d7c2a566c7043b5233a7f1b529b1a3aedb9dd6e Mon Sep 17 00:00:00 2001
From: Nenad Merdanovic
Date: Fri, 30 May 2014 14:26:32 +0200
Subject: [PATCH 1/1] mysql-check: Add support for v4.1+ authentication
MySQL will in stop supporting pre-4.1 authentication packets in the future
far as 2.0.
---
doc/configuration.txt | 11 ++-
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/doc/configuration.txt b/doc/configuration.txt
index 5d1c97bd3..a9bbf6fa4 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -8982,12 +8982,13 @@ option mysql-check [ user
Hi Nenad!
On Fri, May 30, 2014 at 05:56:42PM +0200, Nenad Merdanovic wrote:
> Hello,
>
> As you might now, we are currently doing MySQL checks using the old
> authentication packets which work with old MySQL servers. This was fine
> until MySQL 5.6 decided to send warnings about old clients acces
Hello,
> Experience told us that
> having extra args on "options" lines is not the easiest thing to handle
> in the long run.
> Do you or anyone else have any preference
> or any strong reason for either choice ?
As a new major release is soon to be released (1.5.0), I would be even
more strict :
Hello Olivier,
On Wed, Jun 11, 2014 at 11:21:34AM +0200, Olivier wrote:
> Hello,
>
> > Experience told us that
> > having extra args on "options" lines is not the easiest thing to handle
> > in the long run.
> > Do you or anyone else have any preference
> > or any strong reason for either choice
;t have trouble with
> breaking some compatibility when opening 1.6-dev, but it's a bit late for
> 1.5.
An alternative could be to modify how the check is done. During the handshake,
the server notifies the client which version is supported.
It has the advantage that it doesn't add
> > 1.5.
>
> An alternative could be to modify how the check is done. During the
> handshake, the server notifies the client which version is supported.
> It has the advantage that it doesn't add any new option but the inconvenient
> is that the mysql check may need to be comp
> If we had introduced this option in 1.5-dev, I would
> have agreed, but it's been there for 4 years now since version 1.4, so
> we should not silently break it. Also, till now we have always maintained
> compatibility since 1.1 for all valid configs. I don't have trouble with
> breaking some comp
On Wed, Jun 11, 2014 at 12:06:11PM +0200, Olivier wrote:
> > If we had introduced this option in 1.5-dev, I would
> > have agreed, but it's been there for 4 years now since version 1.4, so
> > we should not silently break it. Also, till now we have always maintained
> > compatibility since 1.1 for
Hello Willy,
On 06/11/2014 12:10 PM, Willy Tarreau wrote:
> On Wed, Jun 11, 2014 at 12:06:11PM +0200, Olivier wrote:
>>> If we had introduced this option in 1.5-dev, I would
>>> have agreed, but it's been there for 4 years now since version 1.4, so
>>> we should not silently break it. Also, till n
Hello Nenad,
On Wed, Jun 11, 2014 at 01:19:48PM +0200, Nenad Merdanovic wrote:
> I think this might be the best option then. We can start of with an
> option and then rewrite the part to support detection of the version
> later on.
OK thanks. So I've just merged your patch now.
Thanks!
Willy
@ -8982,12 +8982,13 @@ option mysql-check [ user [ { post-41 |
pre-41 } ] ]
one Client Authentication packet, and one QUIT packet, to correctly close
MySQL session. We then parse the MySQL Handshake Initialization packet
and/or
Error packet. It is a basic but useful test which does n
Hello,
This is my first message here, so: hi everyone :)
And thanks to everyone involved in the Haproxy project !
I wanted to give an idea of a (minor) better default that should be improved:
=> enable by default the "post-41" parameter in *mysql-check*
Today, it's off by defa
les changed, 2 insertions(+), 1 deletions(-)
diff --git a/doc/configuration.txt b/doc/configuration.txt
index b22ac98..c7a6d6e 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -3583,7 +3583,7 @@ option mysql-check [ user ]
Remember that this does not check database presence
It seems users are still disturbed at creating passwordless users in
mysql for mysql-check.
https://discourse.haproxy.org/t/haproxy-mysql-check-user-removal/6685
I certainly understand not wanting to implement the truly ugly
implementation that is the protocol to support multiple password
parameter in *mysql-check*
Today, it's off by default, so Haproxy is using the "very very old"
authentication method (before MySQL 4.1) to do the health-checks.
But since MySQL 4.1 is now *16* years old (stable in 2004), we are
fairly sure that all new installations of Haproxy will cert
t; I wanted to give an idea of a (minor) better default that should be
> > improved:
> > => enable by default the "post-41" parameter in *mysql-check*
> >
> > Today, it's off by default, so Haproxy is using the "very very old"
> > authentica
On Fri, Jun 10, 2011 at 02:05:59PM +0200, Herv? COMMOWICK wrote:
> mysqld >= 5.5 want the client to announce 4.1+ authentication support, even
> if we have no password, so we do this.
> I also check on a debian potato mysqld 3.22 and it works too so i assume we
> are good from 3.22 to 5.5.
Merge
Le 7/1/21 à 7:14 AM, Daniel Black a écrit :
It seems users are still disturbed at creating passwordless users in
mysql for mysql-check.
https://discourse.haproxy.org/t/haproxy-mysql-check-user-removal/6685
I certainly understand not wanting to implement the truly ugly
implementation that is the
e MySQL reads between RDS
Master and Read Replica is
========
listen mysql-cluster 0.0.0.0:3306
mode tcp
balance roundrobin
option mysql-check user haproxy
server rds-master xxx.rds.amazonaws.com:3306 check
server rds-repl
on 1.4.8-1
Your haproxy version is too old for your need.
> option mysql-check user haproxy
This syntax was not supported in haproxy 1.4.8, it appeared in 1.4.9 with a
full handshake and a QUIT command to cleanly close the connection.
http://haproxy.1wt.eu/git?p=hap
On Wed, Jul 13, 2011 at 6:23 PM, Cyril Bonté wrote:
>
> This syntax was not supported in haproxy 1.4.8, it appeared in 1.4.9 with a
> full handshake and a QUIT command to cleanly close the connection.
>
> http://haproxy.1wt.eu/git?p=haproxy-1.4.git;a=commitdiff;h=a1e4dcfe5718311b7653d7dabfad65c00
Also Forgot to add
1) MySQL Client on HaProxy can connect to Amazon RDS.
mysql-client-5.15.1.54-1ubuntu4
root@lb1:/var/software/hap15/haproxy-1.4.15# mysql -h
.rds.amazonaws.com -u haproxy
Welcome
//git.1wt.eu/web?p=haproxy.git;a=commitdiff_plain;h=212f778d6
(just add "curproxy->check_req[5] = 128;" after check_req[3]) as in the
patch below.
Regards,
Willy
---
From: Hervé COMMOWICK
Date: Fri, 10 Jun 2011 12:05:59 + (+0200)
Subject: [BUG] checks: fix support of Mysqld >
On Fri, Jul 15, 2011 at 1:44 AM, Willy Tarreau wrote:
> We have a fix for this in the latest 1.4 snapshot that will be released
> as 1.4.16 as soon as I can check that nobody remains to be backported
> from 1.5.
>
Thanks a million Willy :-)
--Siju
74 matches
Mail list logo