Last active
September 4, 2019 15:20
-
-
Save haproxytechblog/d766dc0be50e2d4e4407b9b3c7783152 to your computer and use it in GitHub Desktop.
HAProxy Traffic Mirroring for Real-world Testing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ sudo apt update | |
$ sudo apt install -y autoconf automake build-essential git libcurl4-openssl-dev libev-dev libpthread-stubs0-dev pkg-config | |
$ git clone https://github.com/haproxytech/spoa-mirror | |
$ cd spoa-mirror | |
$ ./scripts/bootstrap | |
$ ./configure | |
$ make all | |
$ sudo cp ./src/spoa-mirror /usr/local/bin/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
./configure --enable-debug |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ spoa-mirror --runtime 0 --mirror-url http://test.local --logfile /var/log/haproxy-mirror.log |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
program mirror | |
command spoa-mirror --runtime 0 --mirror-url http://test.local |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ sudo systemctl status haproxy | |
haproxy.service - HAProxy Load Balancer | |
Main PID: 1177 (haproxy) | |
Tasks: 14 (limit: 1152) | |
CGroup: /system.slice/haproxy.service | |
├─1177 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -S /run/haproxy-master.sock -sf 1209 | |
├─2081 spoa-mirror --runtime 0 --mirror-url http://localhost:81 --address 127.0.0.1 | |
└─2082 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -S /run/haproxy-master.sock -sf 1209 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Production frontend | |
frontend fe_main | |
mode http | |
bind :80 | |
option http-buffer-request | |
filter spoe engine mirror config /etc/haproxy/mirror.conf | |
default_backend servers |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Production servers | |
backend be_servers | |
mode http | |
server s1 prodserver:80 | |
# Mirror agents | |
backend mirroragents | |
mode tcp | |
balance roundrobin | |
timeout connect 5s | |
timeout server 5s | |
server agent1 localhost:12345 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[mirror] | |
spoe-agent mirror | |
log global | |
messages mirror | |
use-backend mirroragents | |
timeout hello 500ms | |
timeout idle 5s | |
timeout processing 5s | |
spoe-message mirror | |
args arg_method=method arg_path=url arg_ver=req.ver arg_hdrs=req.hdrs_bin arg_body=req.body | |
event on-frontend-http-request |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SPOE: [mirror] <EVENT:on-frontend-http-request> sid=0 st=0 0/1/0/0/1 1/1 0/0 0/1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
spoe-message mirror-msg | |
args arg_method=method arg_path=url arg_ver=req.ver arg_hdrs=req.hdrs_bin arg_body=req.body | |
event on-frontend-http-request if { path_beg /search } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
spoe-message mirror-msg | |
args arg_method=method arg_path=url arg_ver=req.ver arg_hdrs=req.hdrs_bin arg_body=req.body | |
acl is_search path_beg /search | |
event on-frontend-http-request if is_search |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
spoe-message mirror-msg | |
args arg_method=method arg_path=url arg_ver=req.ver arg_hdrs=req.hdrs_bin arg_body=req.body | |
acl is_search path_beg /search | |
event on-frontend-http-request if { rand(100) le 10 } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
spoe-message mirror-msg | |
args arg_method=method arg_path=url arg_ver=req.ver arg_hdrs=req.hdrs_bin arg_body=req.body | |
acl mirroring_on str(mirroring),map(/etc/haproxy/mirroring.map) -m str on | |
event on-frontend-http-request if mirroring_on |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Change mirroring to off | |
$ echo "set map /etc/haproxy/mirroring.map mirroring off" | nc 127.0.0.1 9999 | |
# Show current value | |
$ echo "show map /etc/haproxy/mirroring.map mirroring" | nc 127.0.0.1 9999 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Show existing filters | |
curl -X GET --user admin:mypassword "http://localhost:5555/v1/services/haproxy/configuration/filters?parent_name=fe_main&parent_type=frontend" | |
# Add a filter line | |
curl -X POST --user admin:mypassword "http://localhost:5555/v1/services/haproxy/configuration/filters?parent_name=fe_main&parent_type=frontend&version=1" -H "Content-Type: application/json" -d '{"id": 0, "spoe_config":"/etc/haproxy/spoa.conf", "spoe_engine":"mirror", "type": "spoe"}' | |
{"id":0,"spoe_config":"/etc/haproxy/spoa.conf","spoe_engine":"mirror","type":"spoe"} | |
# Remove a filter line | |
curl -X DELETE --user admin:mypassword "http://localhost:5555/v1/services/haproxy/configuration/filters/0?parent_name=fe_main&parent_type=frontend&version=2" -H "Content-Type: application/json" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment