HAProxy in a High Availability scenario. How to enable statistics on both nodes?

Started by spyram, April 11, 2019, 12:38:17 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 11, 2019, 12:38:17 PM
Hi,

I'm currently running HAProxy on OPN19.1.5

My setup consists of two VMs configured with High Availability and config replication using XMLRPC.

To enable remote access to statistics, I'm using a management IP address of the box and it works fine for the primary node.

The problem comes with the replication. When OPNSense replicates HA Proxy config, it copies the same address/port for statistics to the secondary node.

So every time I change my config, I need to login to the secondary node and change the IP accordingly otherwise my HAProxy sometimes fails to start on the secondary node.

Could OPNSense HA plugin request an extra field to setup the statistics on the secondary server? Somehow like it already has on the peer configuration?

Or am I doing something wrong in my setup?

Thanks in advance.
April 11, 2019, 01:14:45 PM #1
Are both nodes active? Normally this is only for CARP setups.
If you only want replication you can enable it for one-time sync and disable again.
April 12, 2019, 06:47:51 PM #2
Hi,

Both nodes are indeed active (using CARP).

One is serving HA Proxy and the other is serving as default gateway for internal services. If one has a problem, the other should pick up the service.

But since I want to be able to monitor remotely HA Proxy from a nagios like platform, I need to check statistic pages from each node.
April 12, 2019, 08:28:52 PM #3
If it is a HA setup, usually it's active-passive, one node should have the traffic and the passive one none. So why monitor the inactive node? Statistics should be zero. Just monitor the VIP. So you always get the statistics of the active node.
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR
April 12, 2019, 08:44:27 PM #4
Hi,

Thanks for the reply,

What you're suggesting is that I point the monitoring address to a VIP right?

The VIP served by HA Proxy is a web front-end for our public site and I'm currently monitoring this box through a management address from the inside.

So, I'm guessing the best way to do this would be to set a VIP on the management network and bind the stats IP to that one right?

I'm not sure if I can force that VIP on the private management network  to be on the same host of the Public VIP but if not, I'll make this box a true active-passive.

Thanks for the input.
Print
Go Up Pages1
User actions