haproxy data description
In OpenShift 4.7 we use as router HA-Proxy version 2.0.19-aceb6cb 2020/11/06 - https://haproxy.org/
Default settings
maxconn 20000
option httplog
log globalLog description
Ref:
- http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3
- Timing info: http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.4
| Field | Format | Example |
|---|---|---|
| 2 | client_ip ':' client_port | 10.0.1.2:33317 |
| 3 | '[' request_date ']' | [06/Feb/2009:12:14:14.655] |
| 5 | backend_name '/' server_name | static/srv1 |
| 6 | TR '/' Tw '/' Tc '/' Tr '/' Ta* | 10/0/30/69/109 |
| 7 | status_code | 200 |
| 8 | bytes_read* | 2750 |
| 12 | actconn '/' feconn '/' beconn '/' srv_conn '/' retries* | 1/1/1/1/0 |
| 13 | srv_queue '/' backend_queue | 0/0 |
| 16 | '"' http_request '"' | "GET /index.html HTTP/1.1" |
- "client_ip" is the IP address of the client which initiated the TCP connection to haproxy. If the connection was accepted on a UNIX socket instead, the IP address would be replaced with the word "unix". Note that when the connection is accepted on a socket configured with "accept-proxy" and the PROXY protocol is correctly used, or with a "accept-netscaler-cip" and the NetScaler Client IP insertion protocol is correctly used, then the logs will reflect the forwarded connection's information.
- "Tr" is the total time in milliseconds spent waiting for the server to send a full HTTP response, not counting data. It can be "-1" if the request was aborted before a complete response could be received. It generally matches the server's processing time for the request, though it may be altered by the amount of data sent by the client to the server. Large times here on "GET" requests generally indicate an overloaded server. See section 8.4 "Timing Events" for more details.
- "Ta" is the time the request remained active in haproxy, which is the total time in milliseconds elapsed between the first byte of the request was received and the last byte of response was sent. It covers all possible processing except the handshake (see Th) and idle time (see Ti). There is one exception, if "option logasap" was specified, then the time counting stops at the moment the log is emitted. In this case, a '+' sign is prepended before the value, indicating that the final one will be larger. See section 8.4 "Timing Events" for more details.
- "beconn" is the total number of concurrent connections handled by the backend when the session was logged. It includes the total number of concurrent connections active on servers as well as the number of connections pending in queues. It is useful to estimate the amount of additional servers needed to support high loads for a given application. Most often when this value increases by huge jumps, it is because there is congestion on the backend servers, but sometimes it can be caused by a denial of service attack.
- "http_request" is the complete HTTP request line, including the method, request and HTTP version string. Non-printable characters are encoded (see below the section "Non-printable characters"). This is always the last field, and it is always delimited by quotes and is the only one which can contain quotes. If new fields are added to the log format, they will be added before this field. This field might be truncated if the request is huge and does not fit in the standard syslog buffer (1024 characters). This is the reason why this field must always remain the last one.
Metrics description
Ref: http://cbonte.github.io/haproxy-dconv/2.0/management.html#9.1
HAProxy natively exposes CSV metrics, including:
-
- rate [.FBS]: number of sessions per second over last elapsed second
-
- hrsp_1xx [.FBS]: http responses with 1xx code
-
- hrsp_2xx [.FBS]: http responses with 2xx code
-
- hrsp_3xx [.FBS]: http responses with 3xx code
-
- hrsp_4xx [.FBS]: http responses with 4xx code
-
- hrsp_5xx [.FBS]: http responses with 5xx code
-
- req_tot [.FB.]: total number of HTTP requests received
-
- lastsess [..BS]: number of seconds since last session assigned to server/backend
-
- rtime [..BS]: the average response time in ms over the 1024 last requests
- 87: cache_hits [.FB.]: cumulative number of cache hits
-
- rtime_max [..BS]: the maximum observed response time in ms
Some of these metrics are exported by a Prometheus exporter...
prometheus exporter
Ref:
- native prometheus exporter: https://www.haproxy.com/blog/haproxy-exposes-a-prometheus-metrics-endpoint/
- external exporter: https://github.com/prometheus/haproxy_exporter
- openshift-router commit 30e2fb5: https://github.com/openshift/router/blob/30e2fb5b65753e6b6593f61b16768a5229b5bd97/pkg/router/metrics/haproxy/haproxy.go
In our case, the native prometheus exporter is NOT compiled in: (this info would mention it otherwise)
$ haproxy -vv
HA-Proxy version 2.0.19-aceb6cb 2020/11/06 - https://haproxy.org/
Build options :
TARGET = linux-glibc
CPU = generic
CC = gcc
CFLAGS = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-old-style-declaration -Wno-ignored-qualifiers -Wno-clobbered -Wno-missing-field-initializers -Wno-implicit-fallthrough -Wno-stringop-overflow -Wno-cast-function-type -Wtype-limits -Wshift-negative-value -Wshift-overflow=2 -Wduplicated-cond -Wnull-dereference
OPTIONS = USE_PCRE=1 USE_REGPARM=1 USE_LINUX_TPROXY=1 USE_CRYPT_H=1 USE_GETADDRINFO=1 USE_OPENSSL=1 USE_ZLIB=1
Feature list : +EPOLL -KQUEUE -MY_EPOLL -MY_SPLICE +NETFILTER +PCRE -PCRE_JIT -PCRE2 -PCRE2_JIT +POLL -PRIVATE_CACHE +THREAD -PTHREAD_PSHARED +REGPARM -STATIC_PCRE -STATIC_PCRE2 +TPROXY +LINUX_TPROXY +LINUX_SPLICE +LIBCRYPT +CRYPT_H -VSYSCALL +GETADDRINFO +OPENSSL -LUA +FUTEX +ACCEPT4 -CLOSEFROM -MY_ACCEPT4 +ZLIB -SLZ +CPU_AFFINITY +TFO +NS +DL +RT -DEVICEATLAS -51DEGREES -WURFL -SYSTEMD -OBSOLETE_LINKER +PRCTL +THREAD_DUMP -EVPORTS
Default settings :
bufsize = 16384, maxrewrite = 1024, maxpollevents = 200
Built with multi-threading support (MAX_THREADS=64, default=4).
Built with OpenSSL version : OpenSSL 1.1.1g FIPS 21 Apr 2020
Running on OpenSSL version : OpenSSL 1.1.1g FIPS 21 Apr 2020
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3
Built with network namespace support.
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Built with zlib version : 1.2.11
Running on zlib version : 1.2.11
Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with PCRE version : 8.42 2018-03-20
Running on PCRE version : 8.42 2018-03-20
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Encrypted password support via crypt(3): yesIt looks like metrics are defined by the openshift-router, which is a custom prometheus exporter.
And in L267 we see that http_average_response_latency_milliseconds indeed exposes the HAProxy native metric 60: rtime.
Edited by Konstantinos Samaras-Tsakiris