User Rating: 5 / 5

Star Active Star Active Star Active Star Active Star Active

HAProxy is as its name says, a proxy that aims high availability. It can be used not only to proxy the HTTP (Layer 7) but to proxy TCP (Layer 4). Among the many things HAProxy has, it is possible to access its management page to do active monitoring. I will talk about how to set up a simple Nagios monitoring.

I will assume you are familiar with Nagios and HAProxy configuration. The first step is to add the proper configuration to the HAProxy, put something like this:

       log local2
       chroot /var/lib/haproxy
       pidfile /var/run/
       maxconn 4000
       user haproxy
       group haproxy
       stats socket /var/lib/haproxy/stats mode 666

userlist STATSUSERS 
       group admin users admin 
       user admin insecure-password SUPER_SECURE_PASSWORD 
       user stats insecure-password SUPER_SECURE_PASSWORD

listen admin_page 
       bind *:9600 
       mode http 
       stats enable 
       stats refresh 60s 
       stats uri / 
       acl AuthOkay_ReadOnly http_auth(STATSUSERS) 
       acl AuthOkay_Admin http_auth_group(STATSUSERS) admin 
       stats http-request auth realm admin_page unless AuthOkay_ReadOnly

This configuration will do two important things:

  • it will open a Linux socket in /var/lib/haproxy/stats where everyone will be able to read or write (you will need to play with security if you do not trust who logs into your system)
  • it will open the port 9600 which it handles the HTTP page for HAProxy management

Next step is installing the HAProxy Nagios Plugins. It is published in the OKay RPM Repository, you can install it by typing yum install nagios-plugins-contrib-haproxy.

Some examples how to run the monitoring plugins are:

/usr/lib64/nagios/plugins/check_haproxy_stats -s /var/lib/haproxy/stats -w 90 -c 95

It will check through the unix socket and send a warning if 90% of the maximum allowed connections are reached and a critical if 95% is reached.

/usr/lib64/nagios/plugins/check_haproxy -u ';csv;norefresh' -U admin -P SUPER_SECURE_PASSWORD -w 2 -c 3

It will use the management page and send a warning if request times are 2 seconds or more, or a critical signal if request times are beyond 3 seconds or more.

Good luck!

blog comments powered by Disqus