来自滚动更新脚本的一个片段,我们用它来部署新版本的webapp
echo "Haproxy:Disabling www1" hactl disable server servers/www1 # Restart www1 restartServer www1 echo "Haproxy:Enabling www1" hactl enable server servers/www1 echo "Waiting 3 secs" sleep 3 # Repeat the above steps for all 3 servers 在负载很重的情况下(每个后端服务器大约有2000个连接)Haproxy会在短时间内(1-30秒)返回HTTP 503服务不可用,
是否有可能将所有会话从禁用的后端服务器移动到现场,而不会得到HTTP 503?
香港空运货站
#!/bin/bash echo "$@" | socat unix-connect:/run/haproxy/admin.sock stdio
haproxy.cfg
global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 777 level admin stats timeout 30s user haproxy group haproxy daemon # Per process limit: The default is 2000, too small for us maxconn 18000 # Increase the cache from 20000 (default), higher values reduce CPU usage tune.ssl.cachesize 60000 # Default SSL material locations ca-base /etc/ssl/certs crt-base /etc/ssl/private # Default ciphers to use on SSL-enabled listening sockets. # For more information, see ciphers(1SSL). ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL ssl-default-bind-options no-sslv3 no-tls-tickets defaults log global mode http option httplog option http-server-close option forwardfor option dontlognull # Set the listen limit: The default is 2000, too small for us maxconn 9000 # we should fix this # option accept-invalid-http-response # option accept-invalid-http-request no option checkcache timeout connect 80000 timeout client 900000 timeout server 500000 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http frontend http-in bind *:80 default_backend servers frontend https-in # add no-tlsv10 for disabling tls 1.0 bind *:443 ssl crt /etc/ssl/private/site.pem # Activate compression compression algo gzip compression type text/html text/html;charset=UTF-8 text/xml text/plain text/javascript application/javascript application/x-javascript application/xml application/json text/css default_backend servers backend servers # Rewrite the response location (for redirect cases) rspirep ^Location:\ http://(.*) Location:\ https://\1 if { ssl_fc } # Every connection is closed and opened to the server option http-server-close # Recommended to enable option http-pretend-keepalive # The url to check the backend servers health option httpchk GET /srvstat # Balancing balance roundrobin stick-table type string len 32 size 1M expire 3h stick on cookie(JSESSIONID) if { hdr_sub(Cookie) JSESSIONID } stick on url_param(JSESSIONID,;) if { url_sub JSESSIONID } # We have 3 backend servers, one is for backup cookie SERVERID indirect nocache server www1 127.0.0.1:8080 check cookie www1 server www2 127.0.0.1:8081 check cookie www2 server www3 127.0.0.1:8082 check cookie www3 backup