HAPROXY - disable backend server via command line



  • Hi,

    maybe this is a stupid question, is it possible to disable (state: inactive) one of the servers listed in a backend via command line?
    I found the Haproxy commands but it seems to me they're not for the PF plugin, just for the standalone version.

    Thanks

    Carlo



  • Hi Carlo,
    Yes its possible, haproxy socket is already used-created in /tmp/haproxy.socket. Only issue is that all examples use 'socat' which is not installed on pfsense by default, and is quite bloated imho.. ( pkg install socat )

    Other option is to make it listen on a tcp port with this setting on the settings tab advanced field:

    stats socket 127.0.0.1:3000 level admin 
    

    Ten you could use telnet to query that socket.

    Anyway haproxy itself on pfsense supports it just like on any other haproxy installation.

    Regards,
    PiBa-NL



  • Hi, thanks for the tips, I've been able to disable a node using socat.
    To script all commands I created a new user in order to skip FPSense CLI initial screen.
    This user is member of admins, but when I try the following command I get a permission denied error from socat: E connect(5, LEN=21 AF=1 "/tmp/haproxy.socket", 21): Permission denied

    echo "disable server mypool/server2" | /usr/local/bin/socat unix-connect:/tmp/haproxy.socket stdio
    

    do I need to change the level in haproxy.cfg? (stats socket /tmp/haproxy.socket level admin)

    Thanks for helping me

    Carlo



  • Hi Carlo,

    I've never tried creating a different user and use the socket from there..

    Could try changing some of the settings made by haproxy on the socket using unix-bind option and put that into advanced options on the settings tab.
    http://cbonte.github.io/haproxy-dconv/snapshot/configuration-1.6.html#3.1-unix-bind

    Changing the actual haproxy.cfg is not wise as the file is recreated from scratch every time something is changed, or restarted..

    Regards
    PiBa-NL



  • Hi,

    I installed the sudo package, that solved my problemĀ  8)

    echo "disable server mypool/server2" | sudo /usr/local/bin/socat unix-connect:/tmp/haproxy.socket stdio
    


  • Hi Carlo,

    I've been playing with it a bit think this might help.
    By putting the config setting below in the advanced settings of haproxy would allow socket access to users in the admins group:

    stats socket /tmp/haproxy.adminsocket group admins mode 0020 level admin
    
    echo "show sess" | socat stdio /tmp/haproxy.adminsocket
    

    That way at least the sudo wouldn't be needed.

    Regards
    PiBa-NL


Log in to reply