HAProxy - Configuring Layer 7 Health Checks, No Effective Server Visible in Monitoring

Note:
This topic has been translated from a Chinese forum by GPT and might contain errors.

Original topic: Haproxy-配置7层探活,监控上看不到有效的server

| username: 超7成网友

As mentioned, after configuring the 7-layer health check, both servers are shown as down on the monitoring page. Adding the configuration: option mysql-check user haproxy post-41 causes the servers to be unrecognized, but removing this configuration allows the servers to be recognized. The configuration is as follows:

global
    log         127.0.0.1 local0
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    nbproc      20   # Start multiple threads to forward requests
    daemon

    stats socket /var/lib/haproxy/stats

defaults
    log                     global
    retries                 2
    timeout connect         2s
    timeout client          30000s
    timeout server          30000s

listen admin_stats                         # Combination of frontend and backend, name of the monitoring group, customize the name as needed
   bind 0.0.0.0:8080                       # Configure the listening port
   mode http                               # Configure the mode in which the monitoring runs, here it is `http` mode
   option httplog                          # Enable logging of HTTP requests
   maxconn 10                              # Maximum concurrent connections
   stats refresh 30s                       # Configure to automatically refresh the monitoring page every 30 seconds
   stats uri /haproxy                      # Configure the URL of the monitoring page
   stats realm HAProxy                     # Configure the prompt information on the monitoring page
   stats auth abc:abc                      # Configure the user and password for the monitoring page, multiple usernames can be set
   stats hide-version                      # Configure to hide the HAProxy version information on the statistics page
   stats admin if TRUE                     # Configure manual enable/disable of backend servers (HAProxy-1.4.9 and later versions)

listen tidb-cluster
   bind 0.0.0.0:3306
   mode tcp                   
   balance leastconn                       
   option mysql-check user haproxy post-41
   server db157 10.10.10.11:4000 check inter 2000 rise 2 fall 3       # Check port 4000, check frequency is 2000 milliseconds. If 2 checks are normal, the machine is considered to be back to normal use. If 3 checks fail, the server is considered unavailable.
   server db159 10.10.10.12:4000 check inter 2000 rise 2 fall 3
| username: TiDBer_QYr0vohO | Original post link

Did you set a password for the haproxy user in MySQL? Try removing the password for this user and see if it works.

| username: tidb菜鸟一只 | Original post link

No, have you created the corresponding user haproxy? Also, post-41 is a specific health check strategy for MySQL. I haven’t really studied whether TiDB supports this.

| username: 超7成网友 | Original post link

I saw this recommended configuration on the official website; also, is the haproxy user a Linux user or a database user?

| username: TiDBer_QYr0vohO | Original post link

Database user

| username: 超7成网友 | Original post link

Got it, can’t this be password protected?

| username: TiDBer_QYr0vohO | Original post link

Create a database user ‘haproxy’ without setting a password; the password should be empty.

| username: TiDBer_QYr0vohO | Original post link

There are other ways, but writing it like this won’t work. You can use an external script to customize the check content and report the check results to HAProxy.

| username: tidb狂热爱好者 | Original post link

Is TiProxy any good?

| username: tidb菜鸟一只 | Original post link

Database user, actually TiDB has now released TiProxy, which can help you avoid the issue you mentioned above. This is because you might be looking at the HAProxy configuration for MySQL, which might be different from TiDB’s configuration.

| username: zhang_2023 | Original post link

Cannot set the password?

| username: 数据库真NB | Original post link

Do I need to set up a separate dedicated user?

| username: 超7成网友 | Original post link

Learned; we are using version 6.5.8, tiup cannot install proxy yet, I see that it is only introduced in the official documentation starting from version 8.0.