5

I've installed HAProxy 1.7.5-2 on a Debian Stretch (9) for a blue/green deployment infrastructure.

HAProxy is setup in TCP mode and reloads DNS every 5 seconds but it doesn't.

global
    log 127.0.0.1 local0 warning
    stats socket /run/haproxy/admin.sock mode 660 level admin
    stats timeout 10m
    user haproxy
    group haproxy
    daemon

# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private

# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
#  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
# An alternative list with additional directives can be obtained from
#  https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3

defaults
    log     global
    mode    tcp
    option  dontlognull
    timeout connect 360s
    timeout client  300s
    timeout server  300s
    retries         99999

resolvers aws-vpc-dns
    nameserver vpc     {DNSIP}:53
    resolve_retries    30
    timeout retry      1s
    hold valid         5s

frontend site-frontend
    bind *:80
    use_backend site-backend

backend site-backend
    balance roundrobin
    server company-www target.services.company.com resolvers aws-vpc-dns

listen blue-webapp-http
    bind :9000
    balance roundrobin
    server company-blue blue.services.company.com resolvers aws-vpc-dns

When I change the DNS record to something else, the host command on the HAProxy server returns the new addresses correctly.

Reloading/restarting HAProxy service is the only way I've found for now.

Any clue on what could be the issue?

Kaymaz
  • 223
  • 3
  • 11

1 Answers1

4

The hostname used for server is resolved during haproxy startup when configuration file is parsed or during health checks. You don't have any checks defined for your server so you can get updated hostname only during restart/reload. If you want server hostname to be updated at runtime you need to define health checks.

See HAProxy documentation Server IP address resolution using DNS for details.

AlexD
  • 8,179
  • 2
  • 28
  • 38
  • That did the trick, thank you! Do you know why if I set `target.services.company.com` to google.com for example, I receive 502 Bad Gateway (HAProxy is behind a load balancer) – Kaymaz Oct 09 '18 at 09:56
  • 1
    Per https://www.haproxy.com/blog/dns-service-discovery-haproxy/ switching to HAProxy 1.8 also allows DNS resolution to happen at runtime irrespective to health checks. – Patrick Mevzek Jun 11 '19 at 20:22