HAProxy
- 13 Jun 2024
- 7 Minutes to read
- Print
- PDF
HAProxy
- Updated on 13 Jun 2024
- 7 Minutes to read
- Print
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
HAProxy is a reverse-proxy offering high availability, load balancing, and proxy services for TCP and HTTP-based applications that spreads requests across multiple servers. Traceable supports HAProxy deployments by using ext_cap in Traceable agent. Traceable takes advantage of HAProxy's Stream Processing Offload Engine (SPOE) Golang agent library. SPOE is a filter that talks to servers managed by Stream Processing Offload Agent (SPOA) to offload the stream processing. Following is a simple high-level deployment diagram to deploy Traceable agent with HAProxy. The topic details information about installing Traceable agent on a virtual machine (VM).
Configuring HAProxy consists of two steps:
.jpg)
Before you begin
- The deployment is supported for HAProxy 2.4.x and later.
- Make sure that you understand HAProxy configuration, for example HAProxy configuration (
*.cfg) file structure. - Make sure that port number 5444 is available.
- The setup uses
frontend-config-snippet.cfg,backend-config-snippet.cfg, andbackend.cfg. Thebackend.cfgdefines Traceable platform agent as a backend that the HAProxy can connect to as an SPOE agent. These files are available in the Appendix section of this topic. You can copy-paste these files to configure HAProxy.
Step 1 - Deploy HAProxy on a virtual machine
The first step to deploy HAProxy on a virtual machine is to deploy and configure Traceable agent. For more information on deploying Traceable agent on a virtual machine, see Virtual Machine. Make a note of the following points to customize Traceable agent for HAProxy:
- By default Traceable agent should be configured to start SPOE server and listen on port number 5444.
- The default service name is ext_cap, however, if you wish to change it something else. To configure a different service name, configure the value in
service_nameinside theext_capsection. - Check whether the values inside ha_proxy section are configured. The default values configured are:
enabled- Set totruerequest_capture_message_name- Set totraceable-reqcapresponse_capture_message_name- Set totraceable-rescap
Following is sample file:
global:
# ...
haproxy_spoe_server:
endpoint: "0.0.0.0:5444"
# ...
ext_cap:
# ...
service_name: ext_cap
# ...
ha_proxy:
enabled: true
# Request Capture message name
request_capture_message_name: traceableai-reqcap
# Response Capture message name
response_capture_message_name: traceableai-rescapStep 2 - Configure HAProxy
Traceable provides a traceable.conf file that you can download from Traceable's download site. Navigate to install > haproxy > latest to download the latest files. The download site also provides HAProxy configuration snippets for frontend and backend. Add these frontend and backend snippets to your haproxy.config file. The traceable.conf file defines the configuration for the SPOE agent and the snippets contain config to be added to the frontends and backends you wish to instrument. Complete the following steps:
- Download the
traceable.conffile as mentioned above. Make a note of files listed in the Appendix section. - Create the directory to put
traceable.confin/usr/local/etc/traceable. Make sure the HAProxy can access this folder. - Copy the
traceable.conffile in/usr/local/etc/traceablefolder.
Configure Traceable's SPOE filter
Configure Traceable's SPOE filter in your haproxy.cfg file. This involves adding the contents offrontend-config-snippet.cfg to each frontend that you wish to monitor and backend-config-snippet.cfg to each backend to correlate with. This is required to capture the request and response information that travels through your HAProxy. Make sure to configure the haproxy.cfg file for both frontends and backends. Also, add the contents of backend.cfg at the bottom of your haproxy.cfg file in order for your HAProxy to connect to Traceable Platform Agent.
Following is an example haproxy.cfg file. The section that you need to configure are marked by #**TRACEABLE CONFIG**
global
daemon
# The capture size is also limited by haproxy's bufsize
# so increase from the default of 16384 to support larger
# bodies
tune.bufsize 131072
ssl-server-verify none
defaults
log global
mode http
timeout connect 5000
timeout client 5000
timeout server 5000
frontend main
bind *:80
# Copied from frontend-config-snippet.cfg in appendix section
# ********** TRACEABLE CONFIG ***********
# Load traceable's config file. The customer will download it
# from https://downloads.traceable.ai/install/haproxy/latest
filter spoe engine traceable config /usr/local/etc/traceable/traceable.conf
# add these two lines so that we can capture the body of http requests and responses
# The line below means wait for the body for at most 10seconds or until you get 128K of the body.
http-request wait-for-body time 10s at-least 128k
http-response wait-for-body time 10s at-least 128k
# instruct haproxy to make an RPC call to the traceable agent on request
# and responses
http-request send-spoe-group traceable traceableai-reqcap-grp
http-response send-spoe-group traceable traceableai-rescap-grp
# deny requests that the traceable-agent tells us to block
http-request deny deny_status 403 if { var(sess.traceable.block_request) -m bool }
# *********** END OF TRACEABLE CONFIG *************
default_backend app
backend app
balance roundrobin
mode http
server srv1 web:5000
# Copied from backend-config-snippet.cfg in appendix section
# ********** TRACEABLE CONFIG ***********
# add the trace context headers generated by traceable agent to the request sent
# upstream.
#
# This example uses w3 trace-context; if b3 or a different propagation format is used,
# the line needs to be modified accordingly.
http-request set-header traceparent %[var(sess.traceable.trace_context.traceparent)]
# *********** END OF TRACEABLE CONFIG *************
# Configuring a special backend for the traceable SPOE agent
# Copied from backend.cfg in appendix section
# ********** TRACEABLE CONFIG ***********
backend traceable
mode tcp
balance roundrobin
timeout connect 5s # greater than hello timeout
timeout server 3m # greater than idle timeout
option spop-check
# set up connectivity to the traceable agent. using localhost since it's a VM deployment
server agent localhost:5444 check
# *********** END OF TRACEABLE CONFIG *************Restart HAProxy
Restart HAProxy for the changes to apply.
Verify Deployment
Complete the following steps to verify a successful deployment:
- Make sure that HAProxy restarts successfully without any errors.
- Send some traffic to the frontends that you have configured with Traceable config in the
haproxy.cfg. - Navigate to Traces on Traceable platform and verify that the traces of service that you configured is visible in the Traceable UI.
You can also check the agent version by navigating to Settings (
) > Data Collection > Tracing agent.
Upgrade
Complete the following steps to upgrade:
- Upgrade Traceable agent for virtual machines.
- Navigate to install > haproxy > latest on Traceable's download site and download traceable.conf file.
- Make a note of the following files from the Appendixsection:
frontend-config-snippet.cfgbackend-config-snippet.cfgbackend.cfg
- Copy the new
traceable.conffile to where you copied it during installation, that is in/usr/local/etc/traceablefolder. - Follow the same installation instructions in the Install section to update your
haproxy.cfgwith the snippets for your monitored frontends and backends and thebackend.cfg - Restart HAProxy for the new changes to be picked up
Uninstall
Complete the following steps to uninstall Traceable's HAProxy agent:
- Undo the changes made to your
haproxy.cfgduring the installation process. This involves:- Deleting the frontend and backend config snippets from
haproxy.cfgfile. - Delete the backend traceable section.
- Deleting the frontend and backend config snippets from
- Delete
traceable.conffile from the folder where you copied it during the installation, for example,/usr/local/etc/traceable. - Restart HAProxy for the new changes to apply.
- Uninstall Traceable Agent.
Troubleshooting
Following are a few troubleshooting steps:
- haproxy.cfg file - Make sure that
haproxy.cfgfile is well formed. HAProxy will not start if there are errors in thehaproxy.cfgfile. - traceable.conf file location - If during the installation process, you are not able to create
/usr/local/etc/traceable, then:- Copy the
traceable.conffile to another folder that HAProxy has access to. For example, you can copy thetraceable.conffile to the same location ashaproxy.cfgfile, that is,/usr/local/etc/haproxy. - If you change the location of
traceable.conffile, change the path oftraceable.conffile in frontend-config-snippet.cfg before copying it tohaproxy.cfg. Configure the path oftraceable.confas a value for filter spoe engine traceable.
- Copy the
- Traces - If you are not seeing traces for a frontend you wish to monitor, check your
haproxy.cfgto make sure that it contains the frontend-config-snippet and that it has the correct path fortraceable.conf. Also, make sure that check thathaproxy.cfgfile has traceable backend, that is, backend traceable section. - Traceable agent and HAProxy host - It is expected that since this a VM installation, the TA and HAProxy are running on the same host. For the same reason, backend traceable, the configuration for Traceable agent host and port is
server agent localhost:5444 check. If Traceable agent is running on a different host, changelocalhostin that line to the host name of where Traceable agent is installed. It is not recommended to run Traceable agent on a different host.
Appendix
The following three files are used as part of the configuration.
frontend-config-snippet.cfg
# ********** TRACEABLE CONFIG ***********
# Load traceable's config file. The customer will download it
# from https://downloads.traceable.ai/install/haproxy/latest
filter spoe engine traceable config /usr/local/etc/traceable/traceable.conf
# add these two lines so that we can capture the body of http requests and responses
# The line below means wait for the body for at most 10seconds or until you get 128K of the body.
http-request wait-for-body time 10s at-least 128k
http-response wait-for-body time 10s at-least 128k
# instruct haproxy to make an RPC call to the traceable agent on request
# and responses
http-request send-spoe-group traceable traceableai-reqcap-grp
http-response send-spoe-group traceable traceableai-rescap-grp
# deny requests that the traceable-agent tells us to block
http-request deny deny_status 403 if { var(sess.traceable.block_request) -m bool }
# *********** END OF TRACEABLE CONFIG *************backend-config-snippet.cfg
# ********** TRACEABLE CONFIG ***********
# add the trace context headers generated by traceable agent to the request sent
# upstream.
#
# This example uses w3 trace-context; if b3 or a different propagation format is used,
# the line needs to be modified accordingly.
http-request set-header traceparent %[var(sess.traceable.trace_context.traceparent)]
# *********** END OF TRACEABLE CONFIG *************backend.cfg
# ********** TRACEABLE CONFIG ***********
backend traceable
mode tcp
balance roundrobin
timeout connect 5s # greater than hello timeout
timeout server 3m # greater than idle timeout
option spop-check
# set up connectivity to the traceable agent. using localhost since it's a VM deployment
server agent localhost:5444 check
# *********** END OF TRACEABLE CONFIG *************Was this article helpful?
