[[http://tmade.de|Home tmade.de]]
[[http://wiki.tmade.de|Home Wiki]]
==== Manuell Start ====
For testing issues the haproxy-service can be executed via:
/usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/conf/test.cfg
Test configuration:
/usr/local/haproxy/sbin/haproxy -f master.cfg -c
====Links====
https://www.haproxy.com/de/blog/the-four-essential-sections-of-an-haproxy-configuration/
===== HAProxy =====
Example HAProxy-Configuration:
global
log 127.0.0.1 local0
maxconn 4000
#Sets the maximum size of the Diffie-Hellman parameters used for generating
#the ephemeral/temporary Diffie-Hellman key in case of DHE key exchange. The
#final size will try to match the size of the server's RSA (or DSA) key (e.g,
#a 2048 bits temporary DH key for a 2048 bits RSA key), but will not exceed
#this maximum value. Default value if 1024. Only 1024 or higher values are
#allowed. Higher values will increase the CPU load, and values greater than
#1024 bits are not supported by Java 7 and earlier clients. This value is not
#used if static Diffie-Hellman parameters are supplied via the certificate file.
tune.ssl.default-dh-param 2048
daemon
user haproxy
group haproxy
#change name to service-name!
stats socket /var/run/haproxy_service_login level admin
#change name to service-name!
pidfile /var/run/haproxy_service_login.pid
defaults
log global
mode http
option httplog
option dontlognull
timeout server 5s
timeout connect 5s
timeout client 5s
listen stats 10.6.3.120:3389
#listen stats 10.6.3.100:3389
mode http
stats enable
#stats refresh 5s
stats admin if TRUE
stats hide-version
stats realm Haproxy\ Statistics
stats auth admin:secret-pw
stats uri /haproxy?stats
frontend http_frontend
#bind 10.6.3.100:80
bind 10.6.3.120:80
mode http
option httpclose
option forwardfor
reqadd X-Forwarded-Proto:\ http
#reqadd X-Forwarded-Proto:\ https
default_backend web_server
frontend https_frontend
#bind 10.6.3.100:443
bind 10.6.3.120:443
mode tcp
option tcplog
log global
default_backend sweb_server
backend web_server
mode http
balance roundrobin
#cookie JSESSIONID prefix
cookie SERVERID insert indirect nocache
server server1.local 10.6.11.32:80 check cookie s1
server server2.local 10.6.11.33:80 check cookie s2
server server3.local 10.6.11.37:80 check cookie s3
backend sweb_server
mode tcp
balance roundrobin
#maximum SSL session ID length is 32 bytes
stick-table type binary len 32 size 30k expire 30m
acl clienthello req_ssl_hello_type 1
acl serverhello rep_ssl_hello_type 2
#use tcp content accepts to detects ssl client and server hello
tcp-request inspect-delay 5s
tcp-request content accept if clienthello
#no timeout on response inspect delay by default
tcp-response content accept if serverhello
# SSL session ID (SSLID) may be present on a client or server hello.
# Its length is coded on 1 byte at offset 43 and its value starts
# at offset 44.
stick on payload_lv(43,1) if clienthello
stick store-response payload_lv(43,1) if serverhello
#server s1 192.168.250.47:443
#server s2 192.168.250.49:443
server server1.local 10.6.11.32:443 check
server server1.local 10.6.11.33:443 check
server server1.local 10.6.11.37:443 check
Example OCF-script:
#!/bin/sh
#
# Resource script for haproxy daemon
#
# Description: Manages haproxy daemon as an OCF resource in
# an High Availability setup.
#
# HAProxy OCF script's Author: Russki
# Rsync OCF script's Author: Dhairesh Oza
# License: GNU General Public License (GPL)
#
#
# usage: $0 {start|stop|status|monitor|validate-all|meta-data}
#
# The "start" arg starts haproxy.
#
# The "stop" arg stops it.
#
# OCF parameters:
# OCF_RESKEY_binpath
# OCF_RESKEY_conffile
# OCF_RESKEY_extraconf
#
# Note:This RA requires that the haproxy config files has a "pidfile"
# entry so that it is able to act on the correct process
##########################################################################
# Initialization:
OCF_ROOT=/usr/lib/ocf
: ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/resource.d/heartbeat}
. ${OCF_FUNCTIONS_DIR}/.ocf-shellfuncs
COMMAND=/usr/local/haproxy/sbin/haproxy
#Edit confile-name!!
OCF_RESKEY_conffile=/usr/local/haproxy/conf/haproxy_customer.cfg
USAGE="Usage: $0 {start|stop|status|monitor|validate-all|meta-data}";
##########################################################################
usage()
{
echo $USAGE >&2
}
meta_data()
{
cat <
1.0
This script manages haproxy daemon
Manages an haproxy daemon
The haproxy binary path.
For example, "/usr/sbin/haproxy"
Full path to the haproxy binary
The haproxy daemon configuration file name with full path.
For example, "/etc/haproxy/haproxy.cfg"
Configuration file name with full path
Extra command line arguments to pass to haproxy.
For example, "-f /etc/haproxy/shared.cfg"
Extra command line arguments for haproxy
END
exit $OCF_SUCCESS
}
get_pid_and_conf_file()
{
if [ -n "$OCF_RESKEY_conffile" ]; then
CONF_FILE=$OCF_RESKEY_conffile
else
CONF_FILE="/etc/haproxy/haproxy.cfg"
fi
PIDFILE="`grep -v \"#\" ${CONF_FILE} | grep \"pidfile\" | sed 's/^[ \t]*pidfile[ \t]*//'`"
if [ "${PIDFILE}" = '' ]; then
PIDFILE="/var/run/${OCF_RESOURCE_INSTANCE}.pid"
fi
}
haproxy_status()
{
if [ -n "$PIDFILE" -a -f "$PIDFILE" ]; then
# haproxy is probably running
PID=`cat $PIDFILE`
echo "PID=$PID"
if [ -n "$PID" ]; then
if ps -p $PID | grep haproxy >/dev/null ; then
ocf_log info "haproxy daemon running"
return $OCF_SUCCESS
else
ocf_log info "haproxy daemon is not running but pid file exists"
return $OCF_NOT_RUNNING
fi
else
ocf_log err "PID file empty!"
return $OCF_ERR_GENERIC
fi
fi
# haproxy is not running
ocf_log info "haproxy daemon is not running"
return $OCF_NOT_RUNNING
}
haproxy_start()
{
# if haproxy is running return success
echo "status"
haproxy_status
retVal=$?
if [ $retVal -eq $OCF_SUCCESS ]; then
exit $OCF_SUCCESS
elif [ $retVal -ne $OCF_NOT_RUNNING ]; then
ocf_log err "Error. Unknown status."
exit $OCF_ERR_GENERIC
fi
echo "test start"
COMMAND="$COMMAND -f $OCF_RESKEY_conffile"
if grep -v "#" "$OCF_RESKEY_conffile" | grep "pid" > /dev/null ; then
$COMMAND;
if [ $? -ne 0 ]; then
ocf_log err "Error. haproxy daemon returned error $?."
rm -f $PIDFILE 2>/dev/null
exit $OCF_ERR_GENERIC
fi
else
ocf_log err "Error. \"pid\" entry required in the haproxy config file."
return $OCF_ERR_GENERIC
fi
ocf_log info "Started haproxy."
exit $OCF_SUCCESS
#if [ -n "$OCF_RESKEY_binpath" ]; then
#COMMAND="$OCF_RESKEY_binpath"
#$COMMAND -c $OCF_RESKEY_conffile
#else
# COMMAND="/usr/sbin/haproxy"
#fi
#$COMMAND $OCF_RESKEY_extraconf -f $CONF_FILE -p $PIDFILE;
#if [ $? -ne 0 ]; then
# ocf_log err "Error. haproxy daemon returned error $?."
# exit $OCF_ERR_GENERIC
#fi
#ocf_log info "Started haproxy daemon."
#exit $OCF_SUCCESS
}
haproxy_stop()
{
if haproxy_status ; then
PID=`cat $PIDFILE`
if [ -n "$PID" ] ; then
kill $PID
if [ $? -ne 0 ]; then
kill -SIGKILL $PID
if [ $? -ne 0 ]; then
ocf_log err "Error. Could not stop haproxy daemon."
return $OCF_ERR_GENERIC
fi
fi
rm $PIDFILE 2>/dev/null
fi
fi
ocf_log info "Stopped haproxy daemon."
exit $OCF_SUCCESS
}
haproxy_monitor()
{
haproxy_status
}
haproxy_validate_all()
{
if [ -n "$OCF_RESKEY_binpath" -a ! -x "$OCF_RESKEY_binpath" ]; then
ocf_log err "Binary path $OCF_RESKEY_binpath does not exist."
exit $OCF_ERR_ARGS
fi
if [ -n "$OCF_RESKEY_conffile" -a ! -f "$OCF_RESKEY_conffile" ]; then
ocf_log err "Config file $OCF_RESKEY_conffile does not exist."
exit $OCF_ERR_ARGS
fi
if grep -v "^#" "$CONF_FILE" | grep "pidfile" > /dev/null ; then
:
else
ocf_log err "Error. \"pidfile\" entry required in the haproxy config file by haproxy OCF RA."
return $OCF_ERR_GENERIC
fi
return $OCF_SUCCESS
}
#
# Main
#
if [ $# -ne 1 ]; then
usage
exit $OCF_ERR_ARGS
fi
case $1 in
start) get_pid_and_conf_file
haproxy_start
;;
stop) get_pid_and_conf_file
haproxy_stop
;;
status) get_pid_and_conf_file
haproxy_status
;;
monitor)get_pid_and_conf_file
haproxy_monitor
;;
validate-all) get_pid_and_conf_file
haproxy_validate_all
;;
meta-data) meta_data
;;
usage) usage
exit $OCF_SUCCESS
;;
*) usage
exit $OCF_ERR_UNIMPLEMENTED
;;
esac