HAproxy reload config file with uninterrupt session

HAProxy is a high performance load balancer. It is very light-weight, and free, making it a great option if you are in the market for a load balancer and need to keep your costs down.

Lately we’ve been making a lot of load balancer changes at work to accommodate new systems and services. Even though we have two load balancers running with keepalived taking care of any failover situations, I was thinking about how we go about reloading our configuration files. In the event of a change, the “common” way to get the changes to take effect is to run /etc/init.d/haproxy restart. This is bad for a couple major reasons:

You are temporarily shutting your load balancer down
You are severing any current connections going through the load balancer
You might say, “if you have two load balancers with keepalived, restarting the service should be fine since keepalived will handle the failover.” This, however, isn’t always true. Keepalived uses advertisements to determine when to fail over. The default advertisement interval is 1 second (configurable in keepalived.conf). The skew time helps to keep everyone from trying to transition at once. It is a number between 0 and 1, based on the formula (256 – priority) / 256. As defined in the RFC, the backup must receive an advertisement from the master every (3 * advert_int) + skew_time seconds. If it doesn’t hear anything from the master, it takes over.

Let’s assume you are using the default interval of 1 second. On my test machine, this is the duration of time it takes to restart haproxy:

time /etc/init.d/haproxy restart
Restarting haproxy haproxy
   ...done.real    0m0.022s
user    0m0.000s
sys     0m0.016s

In this situation, haproxy would restart much faster than your 1 second interval. You could get lucky and happen to restart it just before the check, but luck is not consistent enough to be useful. Also, in very high-traffic situations, you’ll be causing a lot of connection issues. So we cannot rely on keepalived to solve the first problem, and it definitely doesn’t solve the second problem.

After sifting through haproxy documentation (the text-based documentation, not the man page) (/usr/share/doc/haproxy/haproxy-en.txt.gz on Ubuntu), I came across this:

    314     global    315         daemon    316         quiet    317         nbproc  2
    318         pidfile /var/run/haproxy-private.pid    319
    320     # to stop only those processes among others :    321     # kill $(</var/run/haproxy-private.pid)    
    323     # to reload a new configuration with minimal service impact and without    
    324     # breaking existing sessions :    
    325     # haproxy -f haproxy.cfg -p $(</var/run/haproxy-private.pid) -st $(</var/run/haproxy-private.pid)

That last command is the one of interest. The -p asks the process to write down each of its children’s pids to the specified pid file, and the -st specifies a list of pids to send a SIGTERM to after startup. But it does this in an interesting way:

    609 The '-st' and '-sf' command line options are used to inform previously running
    610 processes that a configuration is being reloaded. They will receive the SIGTTOU    
    611 signal to ask them to temporarily stop listening to the ports so that the new
    612 process can grab them. If anything wrong happens, the new process will send
    613 them a SIGTTIN to tell them to re-listen to the ports and continue their normal
    614 work. Otherwise, it will either ask them to finish (-sf) their work then softly    
    615 exit, or immediately terminate (-st), breaking existing sessions. A typical use    
    616 of this allows a configuration reload without service interruption :    
    618  # haproxy -p /var/run/haproxy.pid -sf $(cat /var/run/haproxy.pid)

The end-result is a reload of the configuration file which is not visible by the customer. It also solves the second problem! Let’s look at an example of the command and look at the time compared to our above example:

# time haproxy -f /etc/haproxy.cfg -p /var/run/haproxy.pid -sf $(cat /var/run/haproxy.pid)

real    0m0.018s
user    0m0.000s
sys     0m0.004s

I’ve specified the config file I want to use and the pid file haproxy is currently using. The $(cat /var/run/haproxy.pid) takes the output of cat /var/run/haproxy.pid and passes it in to the -sf parameter as a list, which is what it is expecting. You will notice that the time is actually faster too (.012s sys, and .004s real). It may not seem like much, but if you are dealing with very high volumes of traffic, this can be pretty important. Luckily for us it doesn’t matter because we’ve been able to reload the haproxy configuration without dropping any connections and without causing any customer-facing issues.

UPDATE: There is a reload in some of the init.d scripts (I haven’t checked every OS, so this can vary), but it uses the -st option which will break existing sessions, as opposed to using -sf to do a graceful hand-off. You can modify the haproxy_reload() function to use the -sf if you want. I also find it a bit confusing that the documentation uses $(cat /path/to/pidfile) whereas this haproxy_reload() function uses $(<$PIDFILE). Either should work, but really, way to lead by example…



上一篇 2015-04-03 22:07
下一篇 2015-04-03 22:10


  • Linux实验-搭建路由环境

    Linux实验-搭建路由环境 背景: 在学习网络基础过程中,为了加强理解路由功能,准备用Linux模拟一个路由环境。同时也试试Linux的路由转发功能。 实验简介: 准备5个虚拟机,其中三个做路由,两个做客户机,相连的设备之间在同一个网段,三个路由设备在中间,两个客户机在两侧,最后实现两个虚拟机能相互通信。 实验规划: 这里配的IP都是随意配的,保证相连设备…

  • 计算机和操作系统的一些概念

    一、计算机组成     (一) 硬件         CPU:运算器、控制器、寄存器、缓存器         存储器:主内存,RAM(Random Access…

    Linux干货 2016-08-15
  • shell脚本编程基础之二(if、case、for、while、until、continue、break语句使用)

    在shell脚本编程中,我们可以根据命令的状态结果,判断要不要执行下一步,但是有时候要判断的问题不止一个,甚至对问题本身都要做判断;同时问题的结果有时也不止一个,这时要借助简单的逻辑与和逻辑或,就显得很无力;要完成复杂的任务,需要借助一定的流程控制:顺序执行、选择执行、循环执行、同时在脚本执行过程中,有用户交互输入的需; if语句 case语句 for语句 …

    Linux干货 2016-08-21
  • 关于nginx状态监控字段的个人见解(求真相)

    今天看到了马哥视频其中一节对nginx状态监控信息的介绍,对视频ppt上的监控字段解析产生了一些疑问,ppt内容如下: active connections – 活跃的连接数量server accepts handled requests — 总共处理了xxx个连接 , 成功创建xxx次握手, 总共处理了xxx个请求reading — 读取客户端的连接数.w…

    Linux干货 2016-07-12
  • How to Write a Money-making Scholarship Essay

    How to pay for for For Essay Cheap The advantages of shelling out for an essay are a number of. Earliest, it gives you the opportunity to employ the service of a gifted writer to c…

    Linux干货 2023-01-11
  • Lua简明教程


    Linux干货 2016-08-15