Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
HaProxy zero downtime reload.
#!/bin/bash
exec 2>&1
export PIDFILE="/tmp/haproxy.pid"
addFirewallRules() {
IFS=',' read -ra ADDR <<< "$PORTS"
for i in "${ADDR[@]}"; do
iptables -w -I INPUT -p tcp --dport $i --syn -j DROP
done
}
removeFirewallRules() {
IFS=',' read -ra ADDR <<< "$PORTS"
for i in "${ADDR[@]}"; do
while iptables -w -D INPUT -p tcp --dport $i --syn -j DROP 2>/dev/null; do :; done
done
}
reload() {
echo "Reloading haproxy"
(
flock 200
# Begin to drop SYN packets with firewall rules
addFirewallRules
# Wait to settle
sleep 0.1
# Save the current HAProxy state
socat /var/run/haproxy/socket - <<< "show servers state" > /var/state/haproxy/global
# Trigger reload
LATEST_HAPROXY_PID=$(cat $PIDFILE)
haproxy -p $PIDFILE -f /haproxy.cfg -D -sf $LATEST_HAPROXY_PID 200>&-
if [ -n "${HAPROXY_RELOAD_SIGTERM_DELAY-}" ]; then
sleep $HAPROXY_RELOAD_SIGTERM_DELAY && kill $LATEST_HAPROXY_PID 200>&- 2>/dev/null &
fi
# Remove the firewall rules
removeFirewallRules
# Need to wait 1s to prevent TCP SYN exponential backoff
sleep 1
) 200>/var/run/haproxy/lock
}
mkdir -p /var/state/haproxy
mkdir -p /var/run/haproxy
reload
trap reload SIGHUP
while true; do sleep 0.5; done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment