I have 2 backend servers that are part of a VDI solution. They have an inbuilt method for maintenance (quiesce). The idea is that when I put them into quiesce mode they continue to serve existing clients but the load balancer stops sending new sessions to them. It looks HAProxy calls this MAINT.
When I put them into quiesce mode HAProxy reports them as L7STS/503 (Service unavailable) and existing sessions are disconnected.
I would prefer that HAProxy sees the 503 status and sets the backend server to MAINT.
I’ve done some searching and looked through the manual. It looks like “http-check expect” might be what I need?
This is configured for the backend:
option httpchk GET /favicon.ico HTTP/1.1
Any help greatly appreciated. Apologies in advance for the newbness!
@lukastribus, thanks for this. I’m using a config that I found on the internet!
I need to correct an earlier statement. If I do not use Quiesce on the UAG and use DRAIN in HAProxy the sessions continue without any issues.
My goal is that when HAProxy detects status code 503 it places the backend that failed the health check into DRAIN.
From a Windows box this is the status code I get when not in Quiesce:
Invoke-WebRequest -Uri https://uag01.corp.lan -Method Get -UseBasicParsing | Select StatusCode,StatusDescription
StatusCode StatusDescription
---------- -----------------
200 OK
This is what I get in Quiesce:
Invoke-WebRequest -Uri https://uag01.corp.lan/favicon.ico -Method Get -UseBasicParsing | Select StatusCode,StatusDescription
Invoke-WebRequest : The remote server returned an error: (503) Server Unavailable.
Here is my config:
root@lb01 [ /etc/haproxy ]# cat haproxy.cfg
# HAProxy configuration
#Global definitions
global
chroot /var/lib/haproxy
stats socket /var/lib/haproxy/stats
daemon
defaults
timeout connect 5s
timeout client 30s
timeout server 30s
### Statistics & Admin configuration ###
userlist stats-auth
group admin users admin
user admin insecure-password My_Admin_PWD
group ro users stats
user stats insecure-password My_Stats_PWD
frontend HAProxy-Stats-http8404
mode http
bind 172.31.115.210:8404
default_backend HAProxy-Statistics
backend HAProxy-Statistics
mode http
stats enable
stats show-legends
stats show-node
stats refresh 30s
acl AUTH http_auth(stats-auth)
acl AUTH_ADMIN http_auth_group(stats-auth) admin
stats http-request auth unless AUTH
stats admin if AUTH_ADMIN
stats uri /stats
######
### Horizon Connection UAGs ###
frontend Horizon-HTTP-Redirect
mode http
bind 172.31.115.211:80
# Redirect http to https
redirect scheme https if !{ ssl_fc }
frontend Horizon-HTTPS
mode tcp
bind 172.31.115.211:443
timeout client 91s
default_backend Horizon-UAGs
backend Horizon-UAGs
mode tcp
# option ssl-hello-chk
balance leastconn
stick-table type ip size 1m expire 200m
stick on src
option httpchk GET /favicon.ico HTTP/1.1
timeout server 91s
server uag01 172.31.115.141:443 weight 1 check check-ssl verify none inter 30s fastinter 2s downinter 5s rise 3 fall 3
server uag02 172.31.115.142:443 weight 1 check check-ssl verify none inter 30s fastinter 2s downinter 5s rise 3 fall 3
The backend UAG that is in Quiesce mode appears like this:
