Hey All
I’m setting up our HAProxy cluster to load balance our rabbit clusters which are using keepalived at the moment. RabbitMQ has a health api called aliveness-test which I’d like to make use of.
Issue is that the alivenes-test api requires user authentication which I haven’t been able to make work so far.
Here’s my (sanitized) configuration for the front end and backend:
frontend fe_rabbit
bind 10.0.0.15:5672
bind 10.0.0.15:25672
bind 10.0.0.15:15672
bind 10.0.0.15:1883
bind 10.0.0.15:4369
mode http
option forwardfor
acl acl_rabbit hdr_dom(host) -i rabbitdomain
use_backend be_rabbit if acl_rabbitbackend be_rabbit
balance source
mode http
option httpchk HTTP/1.1\r\nAuthorization:\ Basic\ aGFwcm94eWNoZWNrOmhhaGFuaWNldHJ5YnVkZHk=
http-check send meth get uri /api/aliveness-test/%2F
server rabbitmq01 10.0.0.11 check port 15672
server rabbitmq02 10.0.0.12 check port 15672 backup
When testing the same GET request in something like curl or Postman i get the correct response back: {“status”:“ok”}
When reloading the haproxy service though, the check fails with this error:
Mar 21 12:19:53 haproxy01 haproxy[1921690]: [WARNING] 079/121953 (1921690) : Backup Server be_rabbit/rabbitmq02 is DOWN, reason: Layer7 wrong status, code: 501, info: “Not Implemented”, check duration: 1ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
It works fine when commenting out the option httpchk and http-check lines.
Any ideas to what the problem could be?
EDIT:
I figured out the correct format for this. (I’m running HAProxy CE 2.2.20)
backend be_rabbit
balance source
mode http
option httpchk
http-check send meth GET hdr Host rabbitclu01.domain.local:15672 ver HTTP/1.1 uri /api/aliveness-test/%2F hdr Authorization Basic\ aGFwcm94eWNoZWNrOmhhaGFuaWNldHJ5YnVkZHk=
server rabbitmq01 10.0.0.11 check port 15672
server rabbitmq02 10.0.0.12 check port 15672 backup