When managing a high availability HAProxy cluster, one of the most common moments of confusion happens right after you SSH into a server: "Wait, am I on the primary or secondary node?"
If you've ever found yourself frantically checking process lists or network interfaces just to figure out which HAProxy server you're on, this smart detection script will solve that problem forever.
The Problem: Which Server Am I On?
In a typical HA setup, you have multiple HAProxy servers where roles can change during failover events. When troubleshooting issues or performing maintenance, you need to know immediately:
- Is this the active server handling traffic?
- Is this a standby server ready for failover?
- What's the server's current network configuration?
Making changes to the wrong node can cause service disruptions and manually checking server status wastes precious time during incidents.
The Solution: Intelligent Auto-Detection
Instead of manually checking server status every time you SSH in, let's create a script that automatically detects and displays the server's current role based on its actual network activity.
Creating the Detection Script
Create the script that will run every time someone logs in:
sudo nano /etc/profile.d/haproxy-status.sh
Here's the intelligent detection script:
#!/bin/bash
# Function to detect HAProxy role based on active network bindings
detect_haproxy_role() {
local hostname=$(hostname)
local ip_addr=$(hostname -I | awk '{print $1}')
# Check if HAProxy is actively binding to public interfaces
# This indicates the server is actively handling traffic
if netstat -tlnp 2>/dev/null | grep -q ":443.*haproxy" && \
netstat -tlnp 2>/dev/null | grep -q ":80.*haproxy"; then
# This server is actively handling traffic
echo "🟢 HAProxy PRIMARY - $hostname ($ip_addr)"
echo " Status: ACTIVE - Handling live traffic"
echo " Role: Load balancer primary node"
# Show current connection count
local connections=$(netstat -an | grep :443 | grep ESTABLISHED | wc -l)
echo " Active HTTPS connections: $connections"
else
# Server is not actively binding to public ports
echo "🟡 HAProxy SECONDARY - $hostname ($ip_addr)"
echo " Status: STANDBY - Ready for failover"
echo " Role: Load balancer backup node"
echo " Info: Not currently handling public traffic"
fi
# Always show useful management links
echo " Stats Dashboard: https://$ip_addr:8404/"
echo " Admin Socket: socat stdio /run/haproxy/admin.sock"
echo ""
}
# Only run for interactive SSH sessions
# This prevents the script from running during automated processes
if [[ $- == *i* ]] && [[ -n "$SSH_CLIENT" || -n "$SSH_TTY" ]]; then
detect_haproxy_role
fi
Make the Script Executable
sudo chmod +x /etc/profile.d/haproxy-status.sh
How the Detection Works
The script uses a simple but reliable method to determine server role:
Network Port Detection
netstat -tlnp | grep ":443.*haproxy"
netstat -tlnp | grep ":80.*haproxy"
Primary Server: Will show HAProxy actively listening on ports 80 and 443
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 1234/haproxy
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1234/haproxy
Secondary Server: Either won't have HAProxy running, or HAProxy will be running but not bound to public interfaces (depending on your HA setup)
Connection Counting
The script also shows current HTTPS connections, giving you immediate insight into server load:
netstat -an | grep :443 | grep ESTABLISHED | wc -l
What You'll See When Logging In
On the Primary Server:
🟢 HAProxy PRIMARY - haproxy01 (192.168.1.10)
Status: ACTIVE - Handling live traffic
Role: Load balancer primary node
Active HTTPS connections: 47
Stats Dashboard: https://192.168.1.10:8404/
Admin Socket: socat stdio /run/haproxy/admin.sock
On the Secondary Server:
🟡 HAProxy SECONDARY - haproxy02 (192.168.1.11)
Status: STANDBY - Ready for failover
Role: Load balancer backup node
Info: Not currently handling public traffic
Stats Dashboard: https://192.168.1.11:8404/
Admin Socket: socat stdio /run/haproxy/admin.sock
Benefits in Daily Operations
Immediate Context
- Zero confusion about which server you're on
- Instant awareness of the server's role in your cluster
- Quick access to monitoring and admin tools
Mistake Prevention
- Visual warnings when you're on the active production server
- Clear identification prevents configuration errors
- Role awareness helps you make appropriate changes
Faster Troubleshooting
- No time wasted checking server status manually
- Immediate connection count shows current load
- Direct links to stats and admin interfaces
Advanced Enhancements
Add Cluster Health Information
Extend the script to show overall cluster status:
# Add this to the detect_haproxy_role function
echo " Cluster Status:"
# Check if HAProxy service is running
if systemctl is-active --quiet haproxy; then
echo " HAProxy Service: ✅ Running"
else
echo " HAProxy Service: ❌ Stopped"
fi
# Show backend health summary
if command -v socat >/dev/null 2>&1; then
local backend_count=$(echo 'show stat' | socat stdio /run/haproxy/admin.sock 2>/dev/null | grep -c ',UP,' || echo "0")
local total_backends=$(echo 'show stat' | socat stdio /run/haproxy/admin.sock 2>/dev/null | grep -c 'BACKEND' || echo "0")
echo " Healthy Backends: $backend_count/$total_backends"
fi
Integration with Monitoring
You can also integrate this with your monitoring systems:
# Send role information to your monitoring system
curl -X POST https://your-monitoring-system/api/metrics \
-d "haproxy_role{server=\"$hostname\",role=\"$role\"} 1"
Customization for Your Environment
Adjust Detection Logic
Modify the network checks for your specific setup:
# For custom ports
if netstat -tlnp | grep -q ":8080.*haproxy"; then
# For specific interfaces
if netstat -tlnp | grep -q "192.168.1.10:443.*haproxy"; then
# For multiple services
if pgrep haproxy >/dev/null && systemctl is-active --quiet keepalived; then
Customize the Display
Tailor the output for your team's needs:
# Add timestamp
echo " Last checked: $(date '+%Y-%m-%d %H:%M:%S')"
# Add uptime information
echo " Server uptime: $(uptime -p)"
# Add load information
echo " System load: $(uptime | awk -F'load average:' '{print $2}' | trim)"
Testing Your Implementation
Verify the Script Works
# Test the script manually
source /etc/profile.d/haproxy-status.sh
# Check it runs on login
ssh username@your-haproxy-server
Test Failover Scenarios
- Stop HAProxy on primary: SSH in and verify it shows as SECONDARY
- Start HAProxy on secondary: Verify it correctly detects PRIMARY role
- Simulate network issues: Ensure detection remains accurate
Validate Performance
The script should execute quickly (under 100ms) to avoid slowing down logins.
Troubleshooting
Script Not Running
- Check file permissions:
ls -la /etc/profile.d/haproxy-status.sh - Verify bash syntax:
bash -n /etc/profile.d/haproxy-status.sh - Test interactivity detection:
echo $-(should contain 'i' for interactive)
Incorrect Role Detection
- Manual network check:
netstat -tlnp | grep haproxy - Verify HAProxy process:
pgrep haproxy - Check HAProxy configuration:
haproxy -c -f /etc/haproxy/haproxy.cfg
Performance Issues
- Add timing:
time source /etc/profile.d/haproxy-status.sh - Optimize network commands if needed
- Consider caching detection results for very frequent logins
Security Considerations
- Minimal information exposure: The script only shows what's needed
- No sensitive data: Avoids displaying passwords or private configuration
- Interactive sessions only: Doesn't run for automated processes
- Local detection: Uses only local system information
This simple role detection script eliminates one of the most common sources of confusion in HAProxy cluster management. By automatically detecting and displaying server role on login, you'll:
- Save time during troubleshooting
- Prevent configuration mistakes
- Improve team coordination
- Gain immediate situational awareness
The script is lightweight, fast and adapts to role changes automatically. Whether you're managing a simple active/standby pair or a complex multi-node cluster, this enhancement will make your daily operations smoother and safer.
Set it up once and never wonder "which server am I on?" again.
