We put our site into maintenance mode (no access) to do major upgrades, but have to take it out of maintenance mode to do sanity testing. The problem is users can hit the site and post issues while we are sanity testing. Recently, we had to roll back a change which lost a few posts my users. This is considered a big deal by management and we’d like to avoid this in the future. With that in mind, I’m trying to come up with a change to our haproxy settings that would do the job. That is reject anyone not on a special ip address whitelist, sending them to our “we’re in maintenance” web page. The script that kicks off maintenance is executed from a special system that sends out commands to various systems via mcollective. I can easily have it touch and remove a file using that tool, but I can’t figure out a way to take advantage of this in haproxy. I was hoping to do something like this:
acl tester_ip src -f tester_ips.map acl test_mode file-exists /etc/haproxy/TESTING # if in test mode and not a tester's ip address, send to "we're in maintenance" page use_backend sorry if test_mode !tester_ip
But how to I do the “file-exists” part (second line)? Is this possible. If not, is the an alternate way of achieving my goal?