Installation
Install the HAProxy Data Plane API on HAProxy Enterprise
This section describes how to install the HAProxy Data Plane API on HAProxy Enterprise.
Data Plane API and HAProxy Fusion
If your load balancer is managed by HAProxy Fusion, use the HAProxy Fusion API instead of the Data Plane API. HAProxy Fusion installs and uses the Data Plane API on load balancer nodes that it manages. Do not reinstall the Data Plane API on nodes managed by HAProxy Fusion.
Version 3.0 contains breaking changes
If you’re installing HAProxy Data Plane API 3.x, know that it changes several conventions that were present in version 2.x, and that upgrading to 3.x will require you to call the API endpoints differently. See the release notes for more details.
Available packages Jump to heading
The following packages are available:
Version | Package name |
---|---|
3.0 | hapee-extras-dataplaneapi30 |
2.9 | hapee-extras-dataplaneapi29 |
2.8 | hapee-extras-dataplaneapi28 |
2.7 | hapee-extras-dataplaneapi27 |
2.6 | hapee-extras-dataplaneapi26 |
2.5 | hapee-extras-dataplaneapi25 |
2.4 | hapee-extras-dataplaneapi24 |
2.3 | hapee-extras-dataplaneapi |
Install the API as a service Jump to heading
To enable the Data Plane API as a Systemd service:
-
Install the Data Plane API x86-64 package.
nixsudo apt-get install hapee-extras-dataplaneapi30nixsudo apt-get install hapee-extras-dataplaneapi30nixsudo yum install hapee-extras-dataplaneapi30nixsudo yum install hapee-extras-dataplaneapi30nixsudo zypper install hapee-extras-dataplaneapi30nixsudo zypper install hapee-extras-dataplaneapi30nixsudo pkg install hapee-extras-dataplaneapi30nixsudo pkg install hapee-extras-dataplaneapi30 -
Ensure that your HAProxy Enterprise configuration has a
stats socket
line in theglobal
section.This enables the HAProxy Runtime API. The Data Plane API integrates with the Runtime API to make some configuration changes without needing to reload the load balancer.
hapee-lb.cfghaproxyglobalstats socket /var/run/hapee-3.0/hapee-lb.sock user hapee-lb group hapee mode 660 level admin expose-fd listenershapee-lb.cfghaproxyglobalstats socket /var/run/hapee-3.0/hapee-lb.sock user hapee-lb group hapee mode 660 level admin expose-fd listeners -
Configure the Basic authentication credentials you’ll use to access the API. You can either:
Option 1: Set the username and password in the Data Plane API configuration file
Add a
user
block to the Data Plane API configuration file and set the password via itsinsecure
andpassword
fields.HAProxy Enterprise version 2.7r1 and earlier use the configuration file
/etc/hapee-extras/dataplaneapi.hcl
.dataplaneapi.hclhcldataplaneapi {user "admin" {insecure = truepassword = "adminpwd"}}dataplaneapi.hclhcldataplaneapi {user "admin" {insecure = truepassword = "adminpwd"}}HAProxy Enterprise versions beyond 2.7r1 will use the configuration file
/etc/hapee-extras/dataplaneapi.yml
.dataplaneapi.ymlyamldataplaneapi:user:- name: admininsecure: truepassword: adminpwddataplaneapi.ymlyamldataplaneapi:user:- name: admininsecure: truepassword: adminpwdOption 2: Set the username and password in the HAProxy Enterprise configuration file
Add a
userlist
section named hapee-dataplaneapi to your configuration file,/etc/hapee-<VERSION>/hapee-lb.cfg
, and set a username and password via theuser
directive.In the example below, we add a user named admin with the password adminpwd:
hapee-lb.cfghaproxyuserlist hapee-dataplaneapiuser admin insecure-password adminpwdhapee-lb.cfghaproxyuserlist hapee-dataplaneapiuser admin insecure-password adminpwdOptional: If you prefer to encrypt the password first, use the
mkpasswd
command to do so. Ifmkpasswd
is not present on your OS, it can be installed by downloading thewhois
package on most Linux distributions; on RedHat you may have to explicitly install it viasudo yum install mkpasswd
.nixmkpasswd -m sha-256 adminpwdnixmkpasswd -m sha-256 adminpwdThen copy and paste the encrypted password into your configuration file:
hapee-lb.cfghaproxyuserlist hapee-dataplaneapiuser admin password $5$aVnIFECJ$2QYP64eTTXZ1grSjwwdoQxK/AP8kcOflEO1Q5fc.5aAhapee-lb.cfghaproxyuserlist hapee-dataplaneapiuser admin password $5$aVnIFECJ$2QYP64eTTXZ1grSjwwdoQxK/AP8kcOflEO1Q5fc.5aAIf you find that your credentials are not working, check the other configuration file. There may be a competing username and password there!
-
Enable and restart the service:
nixsudo systemctl enable hapee-extras-dataplaneapisudo systemctl restart hapee-extras-dataplaneapinixsudo systemctl enable hapee-extras-dataplaneapisudo systemctl restart hapee-extras-dataplaneapi
Change the listening IP address and port Jump to heading
By default, the Data Plane API listens on all IP addresses at TCP port 5555. You can change the listening IP address and port by editing the Data Plane API configuration file.
- Data Plane API version 2.7 and earlier use the configuration file
/etc/hapee-extras/dataplaneapi.hcl
. - Data Plane API version 2.8 and beyond will use the configuration file
/etc/hapee-extras/dataplaneapi.yml
.
-
Change the
host
and/orport
fields in thedataplaneapi
block.This example changes the
host
to192.168.50.20
and theport
from its default of5555
to5557
.dataplaneapi.hclhcldataplaneapi {host = "192.168.50.20"port = 5557dataplaneapi.hclhcldataplaneapi {host = "192.168.50.20"port = 5557dataplaneapi.ymlyamldataplaneapi:host: 192.168.50.20port: 5557dataplaneapi.ymlyamldataplaneapi:host: 192.168.50.20port: 5557Alternatively, set the
HOST
andPORT
environment variables. Because the API runs as a Systemd service, you would add those variables to the configuration file, which the service reads on startup:- On Debian/Ubuntu,
/etc/default/hapee-extras-dataplaneapi
- On Alma/Oracle/Redhat/Rocky,
/etc/sysconfig/hapee-extras-dataplaneapi
hapee-extras-dataplaneapiiniHOST=192.168.50.20PORT=5557hapee-extras-dataplaneapiiniHOST=192.168.50.20PORT=5557 - On Debian/Ubuntu,
-
Restart the service:
nixsudo systemctl restart hapee-extras-dataplaneapinixsudo systemctl restart hapee-extras-dataplaneapi
Verify that the API works Jump to heading
To verify that the API is running properly:
-
Try calling the
info
API endpoint:nixcurl -X GET --user admin:adminpwd http://localhost:5555/v3/infonixcurl -X GET --user admin:adminpwd http://localhost:5555/v3/infooutputjson{"api":{"build_date":"2024-11-14T14:23:12.000Z","version":"v3.0.3-ee1 3b84e390"},"system":{}}outputjson{"api":{"build_date":"2024-11-14T14:23:12.000Z","version":"v3.0.3-ee1 3b84e390"},"system":{}}Tip
If you get a permission denied error:
outputjson{"code":500,"message":"dial unix /var/run/hapee-3.0/hapee-lb.sock: connect: permission denied"}outputjson{"code":500,"message":"dial unix /var/run/hapee-3.0/hapee-lb.sock: connect: permission denied"}This often means that the user who runs the API does not have access to the Runtime API socket. Check that you added them to the system group hapee, log out and back in again, then try it again.
Tip
If you receive an error such as 400 Bad Request or Client sent an HTTP request to an HTTPS server, HTTPS may be enabled. Try the
curl
command again with the-k
option and specify HTTPS in your URL:nixcurl -k -X GET --user admin:adminpwd https://localhost:5555/v3/infonixcurl -k -X GET --user admin:adminpwd https://localhost:5555/v3/info
Do you have any suggestions on how we can improve the content of this page?