For testing issues the haproxy-service can be executed via:
/usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/conf/test.cfg
Test configuration:
/usr/local/haproxy/sbin/haproxy -f master.cfg -c
Example HAProxy-Configuration:
global log 127.0.0.1 local0 maxconn 4000 #Sets the maximum size of the Diffie-Hellman parameters used for generating #the ephemeral/temporary Diffie-Hellman key in case of DHE key exchange. The #final size will try to match the size of the server's RSA (or DSA) key (e.g, #a 2048 bits temporary DH key for a 2048 bits RSA key), but will not exceed #this maximum value. Default value if 1024. Only 1024 or higher values are #allowed. Higher values will increase the CPU load, and values greater than #1024 bits are not supported by Java 7 and earlier clients. This value is not #used if static Diffie-Hellman parameters are supplied via the certificate file. tune.ssl.default-dh-param 2048 daemon user haproxy group haproxy #change name to service-name! stats socket /var/run/haproxy_service_login level admin #change name to service-name! pidfile /var/run/haproxy_service_login.pid defaults log global mode http option httplog option dontlognull timeout server 5s timeout connect 5s timeout client 5s listen stats 10.6.3.120:3389 #listen stats 10.6.3.100:3389 mode http stats enable #stats refresh 5s stats admin if TRUE stats hide-version stats realm Haproxy\ Statistics stats auth admin:secret-pw stats uri /haproxy?stats frontend http_frontend #bind 10.6.3.100:80 bind 10.6.3.120:80 mode http option httpclose option forwardfor reqadd X-Forwarded-Proto:\ http #reqadd X-Forwarded-Proto:\ https default_backend web_server frontend https_frontend #bind 10.6.3.100:443 bind 10.6.3.120:443 mode tcp option tcplog log global default_backend sweb_server backend web_server mode http balance roundrobin #cookie JSESSIONID prefix cookie SERVERID insert indirect nocache server server1.local 10.6.11.32:80 check cookie s1 server server2.local 10.6.11.33:80 check cookie s2 server server3.local 10.6.11.37:80 check cookie s3 backend sweb_server mode tcp balance roundrobin #maximum SSL session ID length is 32 bytes stick-table type binary len 32 size 30k expire 30m acl clienthello req_ssl_hello_type 1 acl serverhello rep_ssl_hello_type 2 #use tcp content accepts to detects ssl client and server hello tcp-request inspect-delay 5s tcp-request content accept if clienthello #no timeout on response inspect delay by default tcp-response content accept if serverhello # SSL session ID (SSLID) may be present on a client or server hello. # Its length is coded on 1 byte at offset 43 and its value starts # at offset 44. stick on payload_lv(43,1) if clienthello stick store-response payload_lv(43,1) if serverhello #server s1 192.168.250.47:443 #server s2 192.168.250.49:443 server server1.local 10.6.11.32:443 check server server1.local 10.6.11.33:443 check server server1.local 10.6.11.37:443 check
Example OCF-script:
#!/bin/sh
#
# Resource script for haproxy daemon
#
# Description: Manages haproxy daemon as an OCF resource in
# an High Availability setup.
#
# HAProxy OCF script's Author: Russki
# Rsync OCF script's Author: Dhairesh Oza <odhairesh@novell.com>
# License: GNU General Public License (GPL)
#
#
# usage: $0 {start|stop|status|monitor|validate-all|meta-data}
#
# The "start" arg starts haproxy.
#
# The "stop" arg stops it.
#
# OCF parameters:
# OCF_RESKEY_binpath
# OCF_RESKEY_conffile
# OCF_RESKEY_extraconf
#
# Note:This RA requires that the haproxy config files has a "pidfile"
# entry so that it is able to act on the correct process
##########################################################################
# Initialization:
OCF_ROOT=/usr/lib/ocf
: ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/resource.d/heartbeat}
. ${OCF_FUNCTIONS_DIR}/.ocf-shellfuncs
COMMAND=/usr/local/haproxy/sbin/haproxy
#Edit confile-name!!
OCF_RESKEY_conffile=/usr/local/haproxy/conf/haproxy_customer.cfg
USAGE="Usage: $0 {start|stop|status|monitor|validate-all|meta-data}";
##########################################################################
usage()
{
echo $USAGE >&2
}
meta_data()
{
cat <<END
<?xml version="1.0"?>
<!DOCTYPE resource-agent SYSTEM "ra-api-1.dtd">
<resource-agent name="haproxy">
<version>1.0</version>
<longdesc lang="en">
This script manages haproxy daemon
</longdesc>
<shortdesc lang="en">Manages an haproxy daemon</shortdesc>
<parameters>
<parameter name="binpath">
<longdesc lang="en">
The haproxy binary path.
For example, "/usr/sbin/haproxy"
</longdesc>
<shortdesc lang="en">Full path to the haproxy binary</shortdesc>
<content type="string" default="/usr/sbin/haproxy"/>
</parameter>
<parameter name="conffile">
<longdesc lang="en">
The haproxy daemon configuration file name with full path.
For example, "/etc/haproxy/haproxy.cfg"
</longdesc>
<shortdesc lang="en">Configuration file name with full path</shortdesc>
<content type="string" default="/etc/haproxy/haproxy.cfg" />
</parameter>
<parameter name="extraconf">
<longdesc lang="en">
Extra command line arguments to pass to haproxy.
For example, "-f /etc/haproxy/shared.cfg"
</longdesc>
<shortdesc lang="en">Extra command line arguments for haproxy</shortdesc>
<content type="string" default="" />
</parameter>
</parameters>
<actions>
<action name="start" timeout="20s"/>
<action name="stop" timeout="20s"/>
<action name="monitor" depth="0" timeout="20s" interval="60s" />
<action name="validate-all" timeout="20s"/>
<action name="meta-data" timeout="5s"/>
</actions>
</resource-agent>
END
exit $OCF_SUCCESS
}
get_pid_and_conf_file()
{
if [ -n "$OCF_RESKEY_conffile" ]; then
CONF_FILE=$OCF_RESKEY_conffile
else
CONF_FILE="/etc/haproxy/haproxy.cfg"
fi
PIDFILE="`grep -v \"#\" ${CONF_FILE} | grep \"pidfile\" | sed 's/^[ \t]*pidfile[ \t]*//'`"
if [ "${PIDFILE}" = '' ]; then
PIDFILE="/var/run/${OCF_RESOURCE_INSTANCE}.pid"
fi
}
haproxy_status()
{
if [ -n "$PIDFILE" -a -f "$PIDFILE" ]; then
# haproxy is probably running
PID=`cat $PIDFILE`
echo "PID=$PID"
if [ -n "$PID" ]; then
if ps -p $PID | grep haproxy >/dev/null ; then
ocf_log info "haproxy daemon running"
return $OCF_SUCCESS
else
ocf_log info "haproxy daemon is not running but pid file exists"
return $OCF_NOT_RUNNING
fi
else
ocf_log err "PID file empty!"
return $OCF_ERR_GENERIC
fi
fi
# haproxy is not running
ocf_log info "haproxy daemon is not running"
return $OCF_NOT_RUNNING
}
haproxy_start()
{
# if haproxy is running return success
echo "status"
haproxy_status
retVal=$?
if [ $retVal -eq $OCF_SUCCESS ]; then
exit $OCF_SUCCESS
elif [ $retVal -ne $OCF_NOT_RUNNING ]; then
ocf_log err "Error. Unknown status."
exit $OCF_ERR_GENERIC
fi
echo "test start"
COMMAND="$COMMAND -f $OCF_RESKEY_conffile"
if grep -v "#" "$OCF_RESKEY_conffile" | grep "pid" > /dev/null ; then
$COMMAND;
if [ $? -ne 0 ]; then
ocf_log err "Error. haproxy daemon returned error $?."
rm -f $PIDFILE 2>/dev/null
exit $OCF_ERR_GENERIC
fi
else
ocf_log err "Error. \"pid\" entry required in the haproxy config file."
return $OCF_ERR_GENERIC
fi
ocf_log info "Started haproxy."
exit $OCF_SUCCESS
#if [ -n "$OCF_RESKEY_binpath" ]; then
#COMMAND="$OCF_RESKEY_binpath"
#$COMMAND -c $OCF_RESKEY_conffile
#else
# COMMAND="/usr/sbin/haproxy"
#fi
#$COMMAND $OCF_RESKEY_extraconf -f $CONF_FILE -p $PIDFILE;
#if [ $? -ne 0 ]; then
# ocf_log err "Error. haproxy daemon returned error $?."
# exit $OCF_ERR_GENERIC
#fi
#ocf_log info "Started haproxy daemon."
#exit $OCF_SUCCESS
}
haproxy_stop()
{
if haproxy_status ; then
PID=`cat $PIDFILE`
if [ -n "$PID" ] ; then
kill $PID
if [ $? -ne 0 ]; then
kill -SIGKILL $PID
if [ $? -ne 0 ]; then
ocf_log err "Error. Could not stop haproxy daemon."
return $OCF_ERR_GENERIC
fi
fi
rm $PIDFILE 2>/dev/null
fi
fi
ocf_log info "Stopped haproxy daemon."
exit $OCF_SUCCESS
}
haproxy_monitor()
{
haproxy_status
}
haproxy_validate_all()
{
if [ -n "$OCF_RESKEY_binpath" -a ! -x "$OCF_RESKEY_binpath" ]; then
ocf_log err "Binary path $OCF_RESKEY_binpath does not exist."
exit $OCF_ERR_ARGS
fi
if [ -n "$OCF_RESKEY_conffile" -a ! -f "$OCF_RESKEY_conffile" ]; then
ocf_log err "Config file $OCF_RESKEY_conffile does not exist."
exit $OCF_ERR_ARGS
fi
if grep -v "^#" "$CONF_FILE" | grep "pidfile" > /dev/null ; then
:
else
ocf_log err "Error. \"pidfile\" entry required in the haproxy config file by haproxy OCF RA."
return $OCF_ERR_GENERIC
fi
return $OCF_SUCCESS
}
#
# Main
#
if [ $# -ne 1 ]; then
usage
exit $OCF_ERR_ARGS
fi
case $1 in
start) get_pid_and_conf_file
haproxy_start
;;
stop) get_pid_and_conf_file
haproxy_stop
;;
status) get_pid_and_conf_file
haproxy_status
;;
monitor)get_pid_and_conf_file
haproxy_monitor
;;
validate-all) get_pid_and_conf_file
haproxy_validate_all
;;
meta-data) meta_data
;;
usage) usage
exit $OCF_SUCCESS
;;
*) usage
exit $OCF_ERR_UNIMPLEMENTED
;;
esac