Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
HaProxy zero downtime reload.
exec 2>&1
export PIDFILE="/tmp/"
addFirewallRules() {
IFS=',' read -ra ADDR <<< "$PORTS"
for i in "${ADDR[@]}"; do
iptables -w -I INPUT -p tcp --dport $i --syn -j DROP
removeFirewallRules() {
IFS=',' read -ra ADDR <<< "$PORTS"
for i in "${ADDR[@]}"; do
while iptables -w -D INPUT -p tcp --dport $i --syn -j DROP 2>/dev/null; do :; done
reload() {
echo "Reloading haproxy"
flock 200
# Begin to drop SYN packets with firewall rules
# Wait to settle
sleep 0.1
# Save the current HAProxy state
socat /var/run/haproxy/socket - <<< "show servers state" > /var/state/haproxy/global
# Trigger reload
haproxy -p $PIDFILE -f /haproxy.cfg -D -sf $LATEST_HAPROXY_PID 200>&-
if [ -n "${HAPROXY_RELOAD_SIGTERM_DELAY-}" ]; then
sleep $HAPROXY_RELOAD_SIGTERM_DELAY && kill $LATEST_HAPROXY_PID 200>&- 2>/dev/null &
# Remove the firewall rules
# Need to wait 1s to prevent TCP SYN exponential backoff
sleep 1
) 200>/var/run/haproxy/lock
mkdir -p /var/state/haproxy
mkdir -p /var/run/haproxy
trap reload SIGHUP
while true; do sleep 0.5; done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment