| ---------------------- |
| HAProxy how-to |
| ---------------------- |
| version 1.4 |
| willy tarreau |
| 2010/05/09 |
| |
| |
| 1) How to build it |
| ------------------ |
| |
| To build haproxy, you will need : |
| - GNU make. Neither Solaris nor OpenBSD's make work with the GNU Makefile. |
| However, specific Makefiles for BSD and OSX are provided. |
| - GCC between 2.91 and 4.5.0. Others may work, but not tested. |
| - GNU ld |
| |
| Also, you might want to build with libpcre support, which will provide a very |
| efficient regex implementation and will also fix some badness on Solaris' one. |
| |
| To build haproxy, you have to choose your target OS amongst the following ones |
| and assign it to the TARGET variable : |
| |
| - linux22 for Linux 2.2 |
| - linux24 for Linux 2.4 and above (default) |
| - linux24e for Linux 2.4 with support for a working epoll (> 0.21) |
| - linux26 for Linux 2.6 and above |
| - solaris for Solaris 8 or 10 (others untested) |
| - freebsd for FreeBSD 5 to 8.0 (others untested) |
| - openbsd for OpenBSD 3.1 to 4.6 (others untested) |
| - cygwin for Cygwin |
| - generic for any other OS. |
| - custom to manually adjust every setting |
| |
| You may also choose your CPU to benefit from some optimizations. This is |
| particularly important on UltraSparc machines. For this, you can assign |
| one of the following choices to the CPU variable : |
| |
| - i686 for intel PentiumPro, Pentium 2 and above, AMD Athlon |
| - i586 for intel Pentium, AMD K6, VIA C3. |
| - ultrasparc : Sun UltraSparc I/II/III/IV processor |
| - native : use the build machine's specific processor optimizations |
| - generic : any other processor or no specific optimization. (default) |
| |
| Alternatively, you may just set the CPU_CFLAGS value to the optimal GCC options |
| for your platform. |
| |
| You may want to build specific target binaries which do not match your native |
| compiler's target. This is particularly true on 64-bit systems when you want |
| to build a 32-bit binary. Use the ARCH variable for this purpose. Right now |
| it only knows about a few x86 variants (i386,i486,i586,i686,x86_64), two |
| generic ones (32,64) and sets -m32/-m64 as well as -march=<arch> accordingly. |
| |
| If your system supports PCRE (Perl Compatible Regular Expressions), then you |
| really should build with libpcre which is between 2 and 10 times faster than |
| other libc implementations. Regex are used for header processing (deletion, |
| rewriting, allow, deny). The only inconvenient of libpcre is that it is not |
| yet widely spread, so if you build for other systems, you might get into |
| trouble if they don't have the dynamic library. In this situation, you should |
| statically link libpcre into haproxy so that it will not be necessary to |
| install it on target systems. Available build options for PCRE are : |
| |
| - USE_PCRE=1 to use libpcre, in whatever form is available on your system |
| (shared or static) |
| |
| - USE_STATIC_PCRE=1 to use a static version of libpcre even if the dynamic |
| one is available. This will enhance portability. |
| |
| - with no option, use your OS libc's standard regex implemntation (default). |
| Warning! group references on Solaris seem broken. Use static-pcre whenever |
| possible. |
| |
| Recent systems can resolve IPv6 host names using getaddrinfo(). This primitive |
| is not present in all libcs and does not work in all of them either. Support in |
| glibc was broken before 2.3. Some embedded libs may not properly work either, |
| thus, support is disabled by default, meaning that some host names which only |
| resolve as IPv6 addresses will not resolve and configs might emit an error |
| during parsing. If you know that your OS libc has reliable support for |
| getaddrinfo(), you can add USE_GETADDRINFO=1 on the make command line to enable |
| it. This is the recommended option for most Linux distro packagers since it's |
| working fine on all recent mainstream distros. It is automatically enabled on |
| Solaris 8 and above, as it's known to work. |
| |
| By default, the DEBUG variable is set to '-g' to enable debug symbols. It is |
| not wise to disable it on uncommon systems, because it's often the only way to |
| get a complete core when you need one. Otherwise, you can set DEBUG to '-s' to |
| strip the binary. |
| |
| For example, I use this to build for Solaris 8 : |
| |
| $ make TARGET=solaris CPU=ultrasparc USE_STATIC_PCRE=1 |
| |
| And I build it this way on OpenBSD or FreeBSD : |
| |
| $ make -f Makefile.bsd REGEX=pcre DEBUG= COPTS.generic="-Os -fomit-frame-pointer -mgnu" |
| |
| In order to build a 32-bit binary on an x86_64 Linux system : |
| |
| $ make TARGET=linux26 ARCH=i386 |
| |
| If you need to pass other defines, includes, libraries, etc... then please |
| check the Makefile to see which ones will be available in your case, and |
| use the USE_* variables in the GNU Makefile, or ADDINC, ADDLIB, and DEFINE |
| variables in the BSD makefiles. |
| |
| AIX 5.3 is known to work with the generic target. However, for the binary to |
| also run on 5.2 or earlier, you need to build with DEFINE="-D_MSGQSUPPORT", |
| otherwise __fd_select() will be used while not being present in the libc. |
| |
| |
| 2) How to install it |
| -------------------- |
| |
| To install haproxy, you can either copy the single resulting binary to the |
| place you want, or run : |
| |
| $ sudo make install |
| |
| If you're packaging it for another system, you can specify its root directory |
| in the usual DESTDIR variable. |
| |
| |
| 3) How to set it up |
| ------------------- |
| |
| There is some documentation in the doc/ directory : |
| |
| - architecture.txt : this is the architecture manual. It is quite old and |
| does not tell about the nice new features, but it's still a good starting |
| point when you know what you want but don't know how to do it. |
| |
| - configuration.txt : this is the configuration manual. It recalls a few |
| essential HTTP basic concepts, and details all the configuration file |
| syntax (keywords, units). It also describes the log and stats format. It |
| is normally always up to date. If you see that something is missing from |
| it, please report it as this is a bug. |
| |
| - haproxy-en.txt / haproxy-fr.txt : these are the old outdated docs. You |
| should never need them. If you do, then please report what you didn't |
| find in the other ones. |
| |
| - gpl.txt / lgpl.txt : the copy of the licenses covering the software. See |
| the 'LICENSE' file at the top for more information. |
| |
| - the rest is mainly for developers. |
| |
| There are also a number of nice configuration examples in the "examples" |
| directory as well as on several sites and articles on the net which are linked |
| to from the haproxy web site. |
| |
| |
| 4) How to report a bug |
| ---------------------- |
| |
| It is possible that from time to time you'll find a bug. A bug is a case where |
| what you see is not what is documented. Otherwise it can be a misdesign. If you |
| find that something is stupidly design, please discuss it on the list (see the |
| "how to contribute" section below). If you feel like you're proceeding right |
| and haproxy doesn't obey, then first ask yourself if it is possible that nobody |
| before you has even encountered this issue. If it's unlikely, the you probably |
| have an issue in your setup. Just in case of doubt, please consult the mailing |
| list archives : |
| |
| http://www.formilux.org/archives/haproxy/ |
| http://marc.info/?l=haproxy |
| |
| Otherwise, please try to gather the maximum amount of information to help |
| reproduce the issue and send that to the mailing list : |
| |
| haproxy@formilux.org |
| |
| Please include your configuration and logs. You can mask your IP addresses and |
| passwords, we don't need them. But it's essential that you post your config if |
| you want people to guess what is happening. |
| |
| Also, keep in mind that haproxy is designed to NEVER CRASH. If you see it die |
| without any reason, then it definitely is a critical bug that must be reported |
| and urgently fixed. It has happened a couple of times in the past, essentially |
| on development versions running on new architectures. If you think your setup |
| is fairly common, then it is possible that the issue is totally unrelated. |
| Anyway, if that happens, feel free to contact me directly, as I will give you |
| instructions on how to collect a usable core file, and will probably ask for |
| other captures that you'll not want to share with the list. |
| |
| |
| 5) How to contribute |
| -------------------- |
| |
| It is possible that you'll want to add a specific feature to satisfy your needs |
| or one of your customers'. Contributions are welcome, however I'm often very |
| picky about changes. I will generally reject patches that change massive parts |
| of the code, or that touch the core parts without any good reason if those |
| changes have not been discussed first. |
| |
| The proper place to discuss your changes is the HAProxy Mailing List. There are |
| enough skilled readers to catch hazardous mistakes and to suggest improvements. |
| You can subscribe to it by sending an empty e-mail at the following address : |
| |
| haproxy+subscribe@formilux.org |
| |
| If your work is very confidential and you can't publicly discuss it, you can |
| also mail me directly about it, but your mail may be waiting several days in |
| the queue before you get a response. |
| |
| If you'd like a feature to be added but you think you don't have the skills to |
| implement it yourself, you should follow these steps : |
| |
| 1. discuss the feature on the mailing list. It is possible that someone |
| else has already implemented it, or that someone will tell you how to |
| proceed without it, or even why not to do it. It is also possible that |
| in fact it's quite easy to implement and people will guide you through |
| the process. That way you'll finally have YOUR patch merged, providing |
| the feature YOU need. |
| |
| 2. if you really can't code it yourself after discussing it, then you may |
| consider contacting someone to do the job for you. Some people on the |
| list might be OK with trying to do it. Otherwise, you can check the list |
| of contributors at the URL below, some of the regular contributors may |
| be able to do the work, probably not for free but their time is as much |
| valuable as yours after all, you can't eat the cake and have it too. |
| |
| The list of past and regular contributors is available below. It lists not only |
| significant code contributions (features, fixes), but also time or money |
| donations : |
| |
| http://haproxy.1wt.eu/contrib.html |
| |
| Note to contributors: it's very handy when patches comes with a properly |
| formated subject. Try to put one of the following words between brackets |
| to indicate the importance of the patch followed if possible by a single |
| word indicating what subsystem is affected, then by a short description : |
| |
| [BUG] fix for a minor or medium-level bug. When a few of these ones are |
| available, a new maintenance release is emitted. |
| |
| [CRITICAL] medium-term reliability or security is at risk, an upgrade is |
| absolutely required. A maintenance release may be emitted even if |
| only one of these bugs are fixed. |
| |
| [CLEANUP] code cleanup, silence of warnings, etc... theorically no impact. |
| These patches will rarely be seen in stable branches, though they |
| may appear when they remove some annoyance. |
| |
| [MINOR] minor change, very low risk of impact. It is often the case for |
| code additions that don't touch live code. |
| |
| [MEDIUM] medium risk, may cause unexpected regressions of low importance or |
| which may quickly be discovered. |
| |
| [MAJOR] major risk of hidden regression. This happens when I rearrange |
| large parts of code, when I play with timeouts, with variable |
| initializations, etc... We should only exceptionally find such |
| patches in stable branches. |
| |
| [OPTIM] some code was optimised. Sometimes if the regression risk is very |
| low and the gains significant, such patches may be merged in the |
| stable branch. |
| |
| [DOC] documentation updates or fixes only. No code is affected, no need |
| to upgrade. These patches can also be sent right after a new |
| feature, to document it. |
| |
| [TESTS] added regression testing configuration files or scripts |
| |
| [BUILD] fix build issues. If you could build, no upgrade required. |
| |
| [LICENSE] licensing updates (may impact distro packagers) |
| |
| [RELEASE] release a new version (development version or stable version) |
| |
| [PATCH] any other patch which could not be qualified with the tags above. |
| |
| |
| The tags are not rigid, and I reserve the right to change them when merging the |
| patch. It may happen that a same patch has a different tag in two distinct |
| branches. The reason is that a bug in one branch may just be a cleanup in the |
| other one because the code cannot be triggered. |
| |
| Examples of messages : |
| - [DOC] document options forwardfor to logasap |
| - [BUG] stats: connection reset counters must be plain ascii, not HTML |
| - [MEDIUM] checks: support multi-packet health check responses |
| - [RELEASE] Released version 1.4.2 |
| |
| For a more efficient interaction between the mainline code and your code, I can |
| only strongly encourage you to try the Git version control system : |
| |
| http://git-scm.com/ |
| |
| It's very fast, lightweight and lets you undo/redo your work as often as you |
| want, without making your mistakes visible to the rest of the world. It will |
| definitely help you contribute quality code and take other people's feedback |
| in consideration. In order to clone the HAProxy Git repository : |
| |
| $ git clone http://git.1wt.eu/git/haproxy-1.4.git (stable 1.4) |
| $ git clone http://git.1wt.eu/git/haproxy.git/ (development) |
| |
| If you decide to use Git for your developments, then your commit messages will |
| have the subject line in the format described above, then the whole description |
| of your work (mainly why you did it) will be in the body. You can directly send |
| your commits to the mailing list, the format is convenient to read and process. |
| |
| -- end |