My current setup has 2 HAProxies configured with keepalived for High Availability, the 2 proxies serve as a Reverse Proxy and Load Balancer for virtual webservices. I know that HAProxy can check the health of its backend (I've already configured this) but my question is something else.
At my company there's a F5 Big-IP Load Balancer which serves as the first line of defense, it will redirect requests to my HAProxies when needed.
I need to know if there is a way to let my F5 Big-IP check the health of the HAProxies frontend, so when the proxies are booting no requests will be lost.
Thanks
Agent Health Checks With HAProxy, you can communicate with an external agent, which is software running on the server that's separate from the application being load balanced. Since the agent has full access to the system, it can check the machine's vitals more closely.
Enable Health CheckUnder Monitoring, select Health check. Select Enable and provide a valid URL path on your application, such as /health or /api/health . Select Save.
To troubleshoot HAProxy configuration issues, use the haproxy -c command. The tool will parse your HAProxy files and detect any errors or missing settings before attempting to start the server. Run the command like this on Ubuntu, Debian, CentOS, and Fedora based distributions.
The best way to ensure proper HAProxy performance and operation is by monitoring its key metrics in three broad areas: Frontend metrics such as client connections and requests. Backend metrics such as availability and health of backend servers. Health metrics that reflect the state of your HAProxy setup.
By default, HAProxy Enterprise sends a health check every two seconds. Change this by adding the inter parameter to the server line. In the next example, health checks are sent once every four seconds: backend be_myapp server srv1 10.0.0.1:80 check inter 4s server srv2 10.0.0.2:80 check inter 4s
If it returns a status 200 or 300 response, everything is good. Anything above that, such as a 500 status response, will be considered bad health and HAProxy will mark the backend server as offline. Example 1: This check will use a HEAD request against the index page of your domain using HTTP version 1.0.
In this tutorial, I will show you different ways of doing HAProxy health checks so to help maintain a great user experience. The standard and most basic check is a TCP check. It merely sends out a simple packet and waits for a reply back from the destination server. This verifies that the network interface on the host being checked is online.
Anything above that, such as a 500 status response, will be considered bad health and HAProxy will mark the backend server as offline. Example 1: This check will use a HEAD request against the index page of your domain using HTTP version 1.0.
There used to be a mode health
option but in recent versions the easiest way is to use a monitor-uri
on a given port:
listen health_check_http_url
bind :8888
mode http
monitor-uri /healthz
option dontlognull
You can use the monitor-uri
in a frontend and select it with an ACL too but the port version is much clear and straightforward.
https://cbonte.github.io/haproxy-dconv/1.6/configuration.html#4.2-mode
https://cbonte.github.io/haproxy-dconv/1.6/configuration.html#4.2-monitor-uri
From the HAProxy Reference Manual:
Health-checking mode
--------------------
This mode provides a way for external components to check the proxy's health.
It is meant to be used with intelligent load-balancers which can use send/expect
scripts to check for all of their servers' availability. This one simply accepts
the connection, returns the word 'OK' and closes it. If the 'option httpchk' is
set, then the reply will be 'HTTP/1.0 200 OK' with no data, so that it can be
tested from a tool which supports HTTP health-checks. To enable it, simply
specify 'health' as the working mode :
Example :
---------
# simple response : 'OK'
listen health_check 0.0.0.0:60000
mode health
# HTTP response : 'HTTP/1.0 200 OK'
listen http_health_check 0.0.0.0:60001
mode health
option httpchk
From the HAProxy Docs
Example:
frontend www
mode http
acl site_dead nbsrv(dynamic) lt 2
acl site_dead nbsrv(static) lt 2
monitor-uri /site_alive
monitor fail if site_dead
Checkout the reference documentation.
http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#4.2-monitor-uri
<uri> is the exact URI which we want to intercept to return HAProxy's
health status instead of forwarding the request.
When an HTTP request referencing <uri> will be received on a frontend,
HAProxy will not forward it nor log it, but instead will return either
"HTTP/1.0 200 OK" or "HTTP/1.0 503 Service unavailable", depending on failure
conditions defined with "monitor fail". This is normally enough for any
front-end HTTP probe to detect that the service is UP and running without
forwarding the request to a backend server. Note that the HTTP method, the
version and all headers are ignored, but the request must at least be valid
at the HTTP level. This keyword may only be used with an HTTP-mode frontend.
Monitor requests are processed very early. It is not possible to block nor
divert them using ACLs. They cannot be logged either, and it is the intended
purpose. They are only used to report HAProxy's health to an upper component,
nothing more. However, it is possible to add any number of conditions using
"monitor fail" and ACLs so that the result can be adjusted to whatever check
can be imagined (most often the number of available servers in a backend).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With