HAProxy Active-Standby

LucasRey · October 22, 2018, 2:31pm

Hello community,
I’m trying to make a simple HAProxy Server Active-StandBy. I have 2 ports to handle, with two servers. What I have to do, is redirect requests from port 8123 and 1883 to respective ports on active server.

defaults
    log     global
    option  dontlognull
    option redispatch
    retries 3
frontend ft_app
 bind *:8123
 bind *:1883
 default_backend bk_app
backend bk_app
 server node1-gui 192.168.2.50:8123 check   
 server node1-sonoff 192.168.2.51:1883 check
 server node2-gui 192.168.2.51:8123 check backup   
 server node2-sonoff 192.168.2.51:1883 check backup

Unfortunately the above configuration doesn’t work (it doesn’t rederect to the server. If I configure the server in the following way, it works:

 server node1-sonoff 192.168.2.50 check
 server node2-gui 192.168.2.50 check backup

THe problem is that if the primary node goes down, HAProzy never route requests to the other node and the logs says:

[ALERT] 294/152920 (43307) : parsing [/usr/local/etc/haproxy.conf:11] : server s1 has neither service port nor check port nor tcp_check rule ‘connect’ with port information. Check has been disabled.
[ALERT] 294/152920 (43307) : parsing [/usr/local/etc/haproxy.conf:12] : server s2 has neither service port nor check port nor tcp_check rule ‘connect’ with port information. Check has been disabled.
Starting haproxy.
[ALERT] 294/152920 (43308) : parsing [/usr/local/etc/haproxy.conf:11] : server s1 has neither service port nor check port nor tcp_check rule ‘connect’ with port information. Check has been disabled.
[ALERT] 294/152920 (43308) : parsing [/usr/local/etc/haproxy.conf:12] : server s2 has neither service port nor check port nor tcp_check rule ‘connect’ with port information. Check has been disabled.

Could someone help me?

Thank you
Lucas

lukastribus · October 22, 2018, 5:21pm

What happens is that a) you need to forward port 8123 on the haproxy instance to port 8123 on the backend server, and the same thing for 1883. However haproxy must not mix the two, because obviously they need to be separated.

This can be done by not specifying the destination port, like you already tried. The problem there is simply that you enabled health-checks, but without port information haproxy does not know what port to health-check.

You can specify the health-check port, without specifying the actual destination port with the port directive:

 server node1 192.168.2.50 check port 8123
 server node2 192.168.2.51 check port 8123 backup

However, perhaps the entire setup would be more straightforward (and the configuration easier to read) if you’d just separate the applications in the first place, using dedicated front and backends for gui vs sonoff:

frontend ft_app_gui
 bind *:8123
 default_backend bk_app_gui
frontend ft_app_sonoff
 bind *:1883
 default_backend bk_app_sonoff
backend bk_app_gui
 server node1-gui 192.168.2.50:8123 check   
 server node2-gui 192.168.2.51:8123 check backup   
backend bk_app_sonoff
 server node1-sonoff 192.168.2.50:1883 check
 server node2-sonoff 192.168.2.51:1883 check backup

LucasRey · October 22, 2018, 5:59pm

Thank you @lukastribus it works perfect (I tried the config with separated applications)!!!
…and also thank you for explanation!

EDIT: DAMN! There is a downside with this config. If I shutdown the node1, all ports will be redirect to second server (node2). That’s ok! But when Node1 come up again, port 8123 will be redirect to node1 (ok!) but port 1883 remains on node2… This is not good for me because the requests must be redirect to the same node… Is there a way to avoid that behaviour?

lukastribus · October 23, 2018, 9:46am

Sessions that are up and running against a working server are never aborted/closed.

I assume one application here is a HTTP interface (GUI), which closes the sockets fast, therefor switching back to the primary server fast. The other application I guess is a long-lived TCP application, which does not close or switch, just because the primary server got back up, but stays on the backup server?

Is that assumption correct?

You can tell haproxy to shutdown sessions to backup-servers, that will probably meet your expectations, but you are going to kill a perfectly working connection to the backup server:

backend bk_app_gui
 server node1-gui 192.168.2.50:8123 check on-marked-up shutdown-backup-sessions
 server node2-gui 192.168.2.51:8123 check backup   
backend bk_app_sonoff
 server node1-sonoff 192.168.2.50:1883 check on-marked-up shutdown-backup-sessions
 server node2-sonoff 192.168.2.51:1883 check backup

Or you could make sure the specific client IP address continuous to use the backup server, even after the primary server came backup, by using IP stickiness.

LucasRey · October 23, 2018, 11:15am

Yes, your assumption is correct. The port 8123 handles a web interface (hass.io - home assistant), so next http requests will be redirected to node1 when it comes up.
Instead, The port 1883 handles mosquitto server (for sonoff devices). So, when the lamps (sonoff) connect to backup server, even if primary server goes up, they remain connected to backup. That’s not correct, because otherwise I have GUI HASS.IO requests to primary, but sonoff devices connected to backup.
I’ll try your mod config asap (I’m not at home right now) and report it back. Thank you.

EDIT: Thank you, it works perfect now.

Topic		Replies	Views
Service failed when check is added Help!	5	818	March 25, 2019
Server goes UP without tcp-check if it resolves again Help!	1	1509	February 28, 2019
Option tcp-check FAILED with HA-Proxy version 1.7.8 Help!	0	2567	July 13, 2017
Haproxy Script to monitor application port Help!	2	769	May 24, 2017
Load balancing with HAProxy Help!	0	153	January 26, 2024

HAProxy Active-Standby

Related Topics