Use_backend if file exists


#1

We put our site into maintenance mode (no access) to do major upgrades, but have to take it out of maintenance mode to do sanity testing. The problem is users can hit the site and post issues while we are sanity testing. Recently, we had to roll back a change which lost a few posts my users. This is considered a big deal by management and we’d like to avoid this in the future. With that in mind, I’m trying to come up with a change to our haproxy settings that would do the job. That is reject anyone not on a special ip address whitelist, sending them to our “we’re in maintenance” web page. The script that kicks off maintenance is executed from a special system that sends out commands to various systems via mcollective. I can easily have it touch and remove a file using that tool, but I can’t figure out a way to take advantage of this in haproxy. I was hoping to do something like this:

acl tester_ip src -f tester_ips.map
acl test_mode file-exists /etc/haproxy/TESTING
# if in test mode and not a tester's ip address, send to "we're in maintenance" page
use_backend sorry if test_mode !tester_ip

But how to I do the “file-exists” part (second line)? Is this possible. If not, is the an alternate way of achieving my goal?


#2

That is certainly not possible with vanilla haproxy, but maybe you can write something with LUA, I’m not sure.

But you can put your server in maintenance mode or disable them, and serve a specific error message from backup servers or with the errorfile directive (when no backend server is available).

Double check that persistence doesn’t break this.

Use force-persist for your admins to bypass the maintenance or down status:
https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4.2-force-persist