Table of Contents

Home tmade.de

Home Wiki

Manuell Start

For testing issues the haproxy-service can be executed via:

/usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/conf/test.cfg

Test configuration:

/usr/local/haproxy/sbin/haproxy -f master.cfg -c

https://www.haproxy.com/de/blog/the-four-essential-sections-of-an-haproxy-configuration/

HAProxy

Example HAProxy-Configuration:

global
  log 127.0.0.1 local0
  maxconn 4000

  #Sets the maximum size of the Diffie-Hellman parameters used for generating
  #the ephemeral/temporary Diffie-Hellman key in case of DHE key exchange. The
  #final size will try to match the size of the server's RSA (or DSA) key (e.g,
  #a 2048 bits temporary DH key for a 2048 bits RSA key), but will not exceed
  #this maximum value. Default value if 1024. Only 1024 or higher values are
  #allowed. Higher values will increase the CPU load, and values greater than
  #1024 bits are not supported by Java 7 and earlier clients. This value is not
  #used if static Diffie-Hellman parameters are supplied via the certificate file.
  tune.ssl.default-dh-param 2048

  daemon
  user haproxy
  group haproxy

  #change name to service-name!
  stats socket /var/run/haproxy_service_login level admin

  #change name to service-name!
  pidfile /var/run/haproxy_service_login.pid

defaults
  log     global
  mode    http
  option  httplog
  option  dontlognull
  timeout server 5s
  timeout connect 5s
  timeout client 5s

listen stats 10.6.3.120:3389
#listen stats 10.6.3.100:3389
  mode http
  stats enable
  #stats refresh 5s
  stats admin if TRUE
  stats hide-version
  stats realm Haproxy\ Statistics
  stats auth admin:secret-pw
  stats uri /haproxy?stats

frontend http_frontend
  #bind 10.6.3.100:80
  bind 10.6.3.120:80
  mode http
  option httpclose
  option forwardfor
  reqadd X-Forwarded-Proto:\ http
  #reqadd X-Forwarded-Proto:\ https
  default_backend web_server

frontend https_frontend
  #bind 10.6.3.100:443
  bind 10.6.3.120:443
  mode tcp
  option tcplog
  log global
  default_backend sweb_server

backend web_server
  mode http
  balance roundrobin
  #cookie JSESSIONID prefix
  cookie SERVERID insert indirect nocache
  server server1.local 10.6.11.32:80 check cookie s1
  server server2.local 10.6.11.33:80 check cookie s2
  server server3.local 10.6.11.37:80 check cookie s3

backend sweb_server
  mode tcp
  balance roundrobin
  #maximum SSL session ID length is 32 bytes
  stick-table type binary len 32 size 30k expire 30m

  acl clienthello req_ssl_hello_type 1
  acl serverhello rep_ssl_hello_type 2

  #use tcp content accepts to detects ssl client and server hello
  tcp-request inspect-delay 5s
  tcp-request content accept if clienthello

  #no timeout on response inspect delay by default
  tcp-response content accept if serverhello

  # SSL session ID (SSLID) may be present on a client or server hello.
  # Its length is coded on 1 byte at offset 43 and its value starts
  # at offset 44.
  stick on payload_lv(43,1) if clienthello
  stick store-response payload_lv(43,1) if serverhello

  #server s1 192.168.250.47:443
  #server s2 192.168.250.49:443

  server server1.local 10.6.11.32:443 check
  server server1.local 10.6.11.33:443 check
  server server1.local 10.6.11.37:443 check

Example OCF-script:

#!/bin/sh
#
# Resource script for haproxy daemon
#
# Description:  Manages haproxy daemon as an OCF resource in
#               an High Availability setup.
#
# HAProxy OCF script's Author: Russki
# Rsync OCF script's Author: Dhairesh Oza <odhairesh@novell.com>
# License: GNU General Public License (GPL)
#
#
#       usage: $0 {start|stop|status|monitor|validate-all|meta-data}
#
#       The "start" arg starts haproxy.
#
#       The "stop" arg stops it.
#
# OCF parameters:
# OCF_RESKEY_binpath
# OCF_RESKEY_conffile
# OCF_RESKEY_extraconf
#
# Note:This RA requires that the haproxy config files has a "pidfile"
# entry so that it is able to act on the correct process
##########################################################################
# Initialization:

OCF_ROOT=/usr/lib/ocf
: ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/resource.d/heartbeat}
. ${OCF_FUNCTIONS_DIR}/.ocf-shellfuncs

COMMAND=/usr/local/haproxy/sbin/haproxy

#Edit confile-name!!
OCF_RESKEY_conffile=/usr/local/haproxy/conf/haproxy_customer.cfg

USAGE="Usage: $0 {start|stop|status|monitor|validate-all|meta-data}";

##########################################################################

usage()
{
        echo $USAGE >&2
}

meta_data()
{
cat <<END
<?xml version="1.0"?>
<!DOCTYPE resource-agent SYSTEM "ra-api-1.dtd">
<resource-agent name="haproxy">
<version>1.0</version>
<longdesc lang="en">
This script manages haproxy daemon
</longdesc>
<shortdesc lang="en">Manages an haproxy daemon</shortdesc>

<parameters>

<parameter name="binpath">
<longdesc lang="en">
The haproxy binary path.
For example, "/usr/sbin/haproxy"
</longdesc>
<shortdesc lang="en">Full path to the haproxy binary</shortdesc>
<content type="string" default="/usr/sbin/haproxy"/>
</parameter>

<parameter name="conffile">
<longdesc lang="en">
The haproxy daemon configuration file name with full path.
For example, "/etc/haproxy/haproxy.cfg"
</longdesc>
<shortdesc lang="en">Configuration file name with full path</shortdesc>
<content type="string" default="/etc/haproxy/haproxy.cfg" />
</parameter>

<parameter name="extraconf">
<longdesc lang="en">
Extra command line arguments to pass to haproxy.
For example, "-f /etc/haproxy/shared.cfg"
</longdesc>
<shortdesc lang="en">Extra command line arguments for haproxy</shortdesc>
<content type="string" default="" />
</parameter>

</parameters>

<actions>
<action name="start" timeout="20s"/>
<action name="stop" timeout="20s"/>
<action name="monitor" depth="0" timeout="20s" interval="60s" />
<action name="validate-all" timeout="20s"/>
<action name="meta-data"  timeout="5s"/>
</actions>
</resource-agent>
END
exit $OCF_SUCCESS
}

get_pid_and_conf_file()
{
        if [ -n "$OCF_RESKEY_conffile" ]; then
                CONF_FILE=$OCF_RESKEY_conffile
        else
                CONF_FILE="/etc/haproxy/haproxy.cfg"
        fi

        PIDFILE="`grep -v \"#\" ${CONF_FILE} | grep \"pidfile\" | sed 's/^[ \t]*pidfile[ \t]*//'`"
        if [ "${PIDFILE}" = '' ]; then
                PIDFILE="/var/run/${OCF_RESOURCE_INSTANCE}.pid"
        fi
}

haproxy_status()
{
        if [ -n "$PIDFILE" -a -f "$PIDFILE" ]; then
                # haproxy is probably running
                PID=`cat $PIDFILE`
                echo "PID=$PID"
                if [ -n "$PID" ]; then
                        if ps -p $PID | grep haproxy >/dev/null ; then
                                ocf_log info "haproxy daemon running"
                                return $OCF_SUCCESS
                        else
                                ocf_log info "haproxy daemon is not running but pid file exists"
                                return $OCF_NOT_RUNNING
                        fi
                else
                        ocf_log err "PID file empty!"
                        return $OCF_ERR_GENERIC
                fi
        fi

        # haproxy is not running
        ocf_log info "haproxy daemon is not running"
        return $OCF_NOT_RUNNING
}

haproxy_start()
{
        # if haproxy is running return success
        echo "status"
        haproxy_status
        retVal=$?
        if [ $retVal -eq $OCF_SUCCESS ]; then
                exit $OCF_SUCCESS
        elif [ $retVal -ne $OCF_NOT_RUNNING ]; then
                ocf_log err "Error. Unknown status."
                exit $OCF_ERR_GENERIC
        fi

        echo "test start"
        COMMAND="$COMMAND -f $OCF_RESKEY_conffile"
        if  grep -v "#" "$OCF_RESKEY_conffile" | grep "pid" > /dev/null ; then
                $COMMAND;
                if [ $? -ne 0 ]; then
                        ocf_log err "Error. haproxy daemon returned error $?."
                        rm -f $PIDFILE 2>/dev/null
                        exit $OCF_ERR_GENERIC
                fi
        else
                ocf_log err "Error. \"pid\" entry required in the haproxy config file."
                return $OCF_ERR_GENERIC
        fi

        ocf_log info "Started haproxy."
        exit $OCF_SUCCESS



        #if [ -n "$OCF_RESKEY_binpath" ]; then
                #COMMAND="$OCF_RESKEY_binpath"
                #$COMMAND -c $OCF_RESKEY_conffile
        #else
        #       COMMAND="/usr/sbin/haproxy"
        #fi

        #$COMMAND $OCF_RESKEY_extraconf -f $CONF_FILE -p $PIDFILE;
        #if [ $? -ne 0 ]; then
        #       ocf_log err "Error. haproxy daemon returned error $?."
        #       exit $OCF_ERR_GENERIC
        #fi

        #ocf_log info "Started haproxy daemon."
        #exit $OCF_SUCCESS

}


haproxy_stop()
{
        if haproxy_status ; then
                PID=`cat $PIDFILE`
                if [ -n "$PID" ] ; then
                        kill $PID
                        if [ $? -ne 0 ]; then
                                kill -SIGKILL $PID
                                if [ $? -ne 0 ]; then
                                        ocf_log err "Error. Could not stop haproxy daemon."
                                        return $OCF_ERR_GENERIC
                                fi
                        fi
                        rm $PIDFILE 2>/dev/null
                fi
        fi
        ocf_log info "Stopped haproxy daemon."
        exit $OCF_SUCCESS
}

haproxy_monitor()
{
        haproxy_status
}

haproxy_validate_all()
{
        if [ -n "$OCF_RESKEY_binpath" -a ! -x "$OCF_RESKEY_binpath" ]; then
                ocf_log err "Binary path $OCF_RESKEY_binpath does not exist."
                exit $OCF_ERR_ARGS
        fi
        if [ -n "$OCF_RESKEY_conffile" -a ! -f "$OCF_RESKEY_conffile" ]; then
                ocf_log err "Config file $OCF_RESKEY_conffile does not exist."
                exit $OCF_ERR_ARGS
        fi

        if  grep -v "^#" "$CONF_FILE" | grep "pidfile" > /dev/null ; then
                :
        else
                ocf_log err "Error. \"pidfile\" entry required in the haproxy config file by haproxy OCF RA."
                return $OCF_ERR_GENERIC
        fi

        return $OCF_SUCCESS
}


#
# Main
#

if [ $# -ne 1 ]; then
        usage
        exit $OCF_ERR_ARGS
fi

case $1 in
        start)  get_pid_and_conf_file
                haproxy_start
                ;;

        stop)   get_pid_and_conf_file
                haproxy_stop
                ;;

        status) get_pid_and_conf_file
                haproxy_status
                ;;

        monitor)get_pid_and_conf_file
                haproxy_monitor
                ;;

        validate-all)   get_pid_and_conf_file
                        haproxy_validate_all
                        ;;

        meta-data)      meta_data
                        ;;

        usage)  usage
                exit $OCF_SUCCESS
                ;;

        *)      usage
                exit $OCF_ERR_UNIMPLEMENTED
                ;;
esac