3.4.1. Advanced features : Management

  1. HAProxy is designed to remain extremely stable and safe to manage in a regular
  2. production environment. It is provided as a single executable file which doesn't
  3. require any installation process. Multiple versions can easily coexist, meaning
  4. that it's possible (and recommended) to upgrade instances progressively by
  5. order of importance instead of migrating all of them at once. Configuration
  6. files are easily versioned. Configuration checking is done off-line so it
  7. doesn't require to restart a service that will possibly fail. During
  8. configuration checks, a number of advanced mistakes may be detected (e.g. a rule
  9. hiding another one, or stickiness that will not work) and detailed warnings and
  10. configuration hints are proposed to fix them. Backwards configuration file
  11. compatibility goes very far away in time, with version 1.5 still fully
  12. supporting configurations for versions 1.1 written 13 years before, and 1.6
  13. only dropping support for almost unused, obsolete keywords that can be done
  14. differently. The configuration and software upgrade mechanism is smooth and non
  15. disruptive in that it allows old and new processes to coexist on the system,
  16. each handling its own connections. System status, build options, and library
  17. compatibility are reported on startup.
  18.  
  19. Some advanced features allow an application administrator to smoothly stop a
  20. server, detect when there's no activity on it anymore, then take it off-line,
  21. stop it, upgrade it and ensure it doesn't take any traffic while being upgraded,
  22. then test it again through the normal path without opening it to the public, and
  23. all of this without touching HAProxy at all. This ensures that even complicated
  24. production operations may be done during opening hours with all technical
  25. resources available.
  26.  
  27. The process tries to save resources as much as possible, uses memory pools to
  28. save on allocation time and limit memory fragmentation, releases payload buffers
  29. as soon as their contents are sent, and supports enforcing strong memory limits
  30. above which connections have to wait for a buffer to become available instead of
  31. allocating more memory. This system helps guarantee memory usage in certain
  32. strict environments.
  33.  
  34. A command line interface (CLI) is available as a UNIX or TCP socket, to perform
  35. a number of operations and to retrieve troubleshooting information. Everything
  36. done on this socket doesn't require a configuration change, so it is mostly used
  37. for temporary changes. Using this interface it is possible to change a server's
  38. address, weight and status, to consult statistics and clear counters, dump and
  39. clear stickiness tables, possibly selectively by key criteria, dump and kill
  40. client-side and server-side connections, dump captured errors with a detailed
  41. analysis of the exact cause and location of the error, dump, add and remove
  42. entries from ACLs and maps, update TLS shared secrets, apply connection limits
  43. and rate limits on the fly to arbitrary frontends (useful in shared hosting
  44. environments), and disable a specific frontend to release a listening port
  45. (useful when daytime operations are forbidden and a fix is needed nonetheless).
  46.  
  47. For environments where SNMP is mandatory, at least two agents exist, one is
  48. provided with the HAProxy sources and relies on the Net-SNMP Perl module.
  49. Another one is provided with the commercial packages and doesn't require Perl.
  50. Both are roughly equivalent in terms of coverage.
  51.  
  52. It is often recommended to install 4 utilities on the machine where HAProxy is
  53. deployed :
  54.  
  55.   - socat (in order to connect to the CLI, though certain forks of netcat can
  56.     also do it to some extents);
  57.  
  58.   - halog from the latest HAProxy version : this is the log analysis tool, it
  59.     parses native TCP and HTTP logs extremely fast (1 to 2 GB per second) and
  60.     extracts useful information and statistics such as requests per URL, per
  61.     source address, URLs sorted by response time or error rate, termination
  62.     codes etc. It was designed to be deployed on the production servers to
  63.     help troubleshoot live issues so it has to be there ready to be used;
  64.  
  65.   - tcpdump : this is highly recommended to take the network traces needed to
  66.     troubleshoot an issue that was made visible in the logs. There is a moment
  67.     where application and haproxy's analysis will diverge and the network traces
  68.     are the only way to say who's right and who's wrong. It's also fairly common
  69.     to detect bugs in network stacks and hypervisors thanks to tcpdump;
  70.  
  71.   - strace : it is tcpdump's companion. It will report what HAProxy really sees
  72.     and will help sort out the issues the operating system is responsible for
  73.     from the ones HAProxy is responsible for. Strace is often requested when a
  74.     bug in HAProxy is suspected;