Content Cache Charm

Merge ~hloeung/content-cache-charm:multiple-locations into content-cache-charm:master

  1. Git
  2. lp:~hloeung/content-cache-charm
  3. multiple-locations
  4. Merge into master
Proposed by Haw Loeung
Status: Merged
Approved by: Haw Loeung
Approved revision: 12e806d1a94ccbd174d0677643b34c174a9c375b
Merged at revision: 2496dc3bd537d16344d17b58578565556d414e02
Proposed branch: ~hloeung/content-cache-charm:multiple-locations
Merge into: content-cache-charm:master
Prerequisite: ~hloeung/content-cache-charm:master
Diff against target: 274 lines (+146/-11)
9 files modified
reactive/content_cache.py (+5/-6)
tests/unit/files/config_test_config.txt (+19/-1)
tests/unit/files/content_cache_rendered_haproxy_test_output.txt (+40/-1)
tests/unit/files/haproxy_config_rendered_backends_stanzas_test_output.txt (+12/-0)
tests/unit/files/haproxy_config_rendered_listen_stanzas_test_output.txt (+6/-1)
tests/unit/files/haproxy_config_rendered_test_output.txt (+18/-1)
tests/unit/files/nginx_config_rendered_test_output-site6.local.txt (+22/-0)
tests/unit/files/nginx_config_rendered_test_output-site7.local.txt (+22/-0)
tests/unit/test_content_cache.py (+2/-1)
Reviewer Review Type Date Requested Status
Joel Sing (community) +1 Approve
Nick Moffitt (community) Approve
Review via email: mp+366234@code.launchpad.net

Commit message

Fixed to support plain HTTP to backends, but have TLS/SSL/HTTPS at the front

client -> TLS/SSL/HTTPS -> HAProxy FE -> HTTP -> Cache -> HAProxy -> HTTP -> backends

To post a comment you must log in.
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

This merge proposal is being monitored by mergebot. Change the status to Approved to merge.

Revision history for this message
Nick Moffitt (nick-moffitt) wrote :

Looks good, as overriding this to False was the thing I kept trying to do earlier today!

review: Approve
Revision history for this message
Joel Sing (jsing) wrote :

LGTM

review: Approve (+1)
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

Change successfully merged at revision 2496dc3bd537d16344d17b58578565556d414e02

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/reactive/content_cache.py b/reactive/content_cache.py
2index f4b1609..a95aab7 100644
3--- a/reactive/content_cache.py
4+++ b/reactive/content_cache.py
5@@ -202,14 +202,13 @@ def configure_haproxy():
6 new_cached_loc_conf['backend-check-path'] = backend_check_path
7 new_loc_conf['backend-check-path'] = backend_check_path
8 new_cached_loc_conf['signed-url-hmac-key'] = loc_conf.get('signed-url-hmac-key')
9- if tls_cert_bundle_path:
10+ # If 'backend-tls' is defined, pass it through.
11+ if 'backend-tls' in loc_conf:
12+ new_loc_conf['backend-tls'] = loc_conf.get('backend-tls')
13+ # No 'backend-tls' provided so let's try work out automatically.
14+ elif tls_cert_bundle_path:
15 new_cached_loc_conf['backend-tls'] = False
16 new_loc_conf['backend-tls'] = True
17- else:
18- # Support for HTTP front to HTTPS backends. This shouldn't
19- # normally be used but it's useful for testing without having
20- # to ship out TLS/SSL certificate bundles.
21- new_loc_conf['backend-tls'] = site_conf.get('backend-tls')
22
23 # When we have multiple locations, we only want/need one HAProxy
24 # stanza to redirect requests to the cache.
25diff --git a/tests/unit/files/config_test_config.txt b/tests/unit/files/config_test_config.txt
26index 12206cc..cc1a55c 100644
27--- a/tests/unit/files/config_test_config.txt
28+++ b/tests/unit/files/config_test_config.txt
29@@ -15,7 +15,7 @@ site1.local:
30
31 # Test 2: TLS/SSL as well as backends (HTTPS)
32 site2.local:
33- tls-cert-bundle-path: /etc/haproxy/some-bundle.crt
34+ tls-cert-bundle-path: /etc/haproxy/site2-bundle.crt
35 locations:
36 /:
37 backend-tls: True
38@@ -68,3 +68,21 @@ site5:
39 - 127.0.1.11:80
40 backend-path: /auth-check/
41 cache-validity: '200 401 1h'
42+
43+# Test 6: TLS/SSL/HTTPS to backends only
44+site6.local:
45+ locations:
46+ /:
47+ backend-tls: True
48+ backends:
49+ - 127.0.1.10:443
50+
51+# Test 7: TLS/SSL frontend but plain HTTP to backend
52+site7.local:
53+ port: 444
54+ tls-cert-bundle-path: /etc/haproxy/site7-bundle.crt
55+ locations:
56+ /:
57+ backend-tls: False
58+ backends:
59+ - 127.0.1.10:80
60diff --git a/tests/unit/files/content_cache_rendered_haproxy_test_output.txt b/tests/unit/files/content_cache_rendered_haproxy_test_output.txt
61index d01a271..64ae7f7 100644
62--- a/tests/unit/files/content_cache_rendered_haproxy_test_output.txt
63+++ b/tests/unit/files/content_cache_rendered_haproxy_test_output.txt
64@@ -44,13 +44,14 @@ listen combined-80
65 use_backend backend-cached-site3-local if { hdr(Host) -i site3.local }
66 use_backend backend-cached-site4-local if { hdr(Host) -i site4.local }
67 use_backend backend-cached-site5 if { hdr(Host) -i site5.local }
68+ use_backend backend-cached-site6-local if { hdr(Host) -i site6.local }
69
70 listen site1-local
71 bind 127.0.0.1:8080
72 default_backend backend-site1-local
73
74 listen cached-site2-local
75- bind 0.0.0.0:443 ssl crt /etc/haproxy/some-bundle.crt
76+ bind 0.0.0.0:443 ssl crt /etc/haproxy/site2-bundle.crt
77 default_backend backend-cached-site2-local
78
79 listen site2-local
80@@ -65,6 +66,18 @@ listen site5
81 bind 127.0.0.1:8083
82 default_backend backend-site5
83
84+listen site6-local
85+ bind 127.0.0.1:8085
86+ default_backend backend-site6-local
87+
88+listen cached-site7-local
89+ bind 0.0.0.0:444 ssl crt /etc/haproxy/site7-bundle.crt
90+ default_backend backend-cached-site7-local
91+
92+listen site7-local
93+ bind 127.0.0.1:8086
94+ default_backend backend-site7-local
95+
96 backend backend-cached-site1-local
97 option forwardfor
98 option httpchk HEAD /?token=1868572800_4eb30fc94f247635f7ed445083a4783862ad58de HTTP/1.0\r\nHost:\ site1.local\r\nUser-Agent:\ haproxy/httpchk
99@@ -135,3 +148,29 @@ backend backend-site5-2
100 http-request set-header Host site5.local
101 balance leastconn
102 server server_1 127.0.1.11:80 check inter 5000 rise 2 fall 5 maxconn 16
103+
104+backend backend-cached-site6-local
105+ option forwardfor
106+ option httpchk HEAD / HTTP/1.0\r\nHost:\ site6.local\r\nUser-Agent:\ haproxy/httpchk
107+ http-request set-header Host site6.local
108+ balance leastconn
109+ server server_1 127.0.0.1:6085 check inter 5000 rise 2 fall 5 maxconn 16
110+
111+backend backend-site6-local
112+ option httpchk HEAD / HTTP/1.0\r\nHost:\ site6.local\r\nUser-Agent:\ haproxy/httpchk
113+ http-request set-header Host site6.local
114+ balance leastconn
115+ server server_1 127.0.1.10:443 check inter 5000 rise 2 fall 5 maxconn 16 ssl sni str(site6.local) check-sni site6.local verify required ca-file ca-certificates.crt
116+
117+backend backend-cached-site7-local
118+ option forwardfor
119+ option httpchk HEAD / HTTP/1.0\r\nHost:\ site7.local\r\nUser-Agent:\ haproxy/httpchk
120+ http-request set-header Host site7.local
121+ balance leastconn
122+ server server_1 127.0.0.1:6086 check inter 5000 rise 2 fall 5 maxconn 16
123+
124+backend backend-site7-local
125+ option httpchk HEAD / HTTP/1.0\r\nHost:\ site7.local\r\nUser-Agent:\ haproxy/httpchk
126+ http-request set-header Host site7.local
127+ balance leastconn
128+ server server_1 127.0.1.10:80 check inter 5000 rise 2 fall 5 maxconn 16
129diff --git a/tests/unit/files/haproxy_config_rendered_backends_stanzas_test_output.txt b/tests/unit/files/haproxy_config_rendered_backends_stanzas_test_output.txt
130index 2594f16..24b259b 100644
131--- a/tests/unit/files/haproxy_config_rendered_backends_stanzas_test_output.txt
132+++ b/tests/unit/files/haproxy_config_rendered_backends_stanzas_test_output.txt
133@@ -36,3 +36,15 @@ backend backend-site5-2
134 http-request set-header Host site5.local
135 balance leastconn
136 server server_1 127.0.1.11:80 check inter 5000 rise 2 fall 5 maxconn 16
137+
138+backend backend-site6-local
139+ option httpchk HEAD / HTTP/1.0\r\nHost:\ site6.local\r\nUser-Agent:\ haproxy/httpchk
140+ http-request set-header Host site6.local
141+ balance leastconn
142+ server server_1 127.0.1.10:443 check inter 5000 rise 2 fall 5 maxconn 16 ssl sni str(site6.local) check-sni site6.local verify required ca-file ca-certificates.crt
143+
144+backend backend-site7-local
145+ option httpchk HEAD / HTTP/1.0\r\nHost:\ site7.local\r\nUser-Agent:\ haproxy/httpchk
146+ http-request set-header Host site7.local
147+ balance leastconn
148+ server server_1 127.0.1.10:80 check inter 5000 rise 2 fall 5 maxconn 16
149diff --git a/tests/unit/files/haproxy_config_rendered_listen_stanzas_test_output.txt b/tests/unit/files/haproxy_config_rendered_listen_stanzas_test_output.txt
150index 8fd3ac2..d4c6747 100644
151--- a/tests/unit/files/haproxy_config_rendered_listen_stanzas_test_output.txt
152+++ b/tests/unit/files/haproxy_config_rendered_listen_stanzas_test_output.txt
153@@ -5,7 +5,12 @@ listen combined-80
154 use_backend backend-site3-local if { hdr(Host) -i site3.local }
155 use_backend backend-site4-local if { hdr(Host) -i site4.local }
156 use_backend backend-site5 if { hdr(Host) -i site5.local }
157+ use_backend backend-site6-local if { hdr(Host) -i site6.local }
158
159 listen site2-local
160- bind 0.0.0.0:443 ssl crt /etc/haproxy/some-bundle.crt
161+ bind 0.0.0.0:443 ssl crt /etc/haproxy/site2-bundle.crt
162 default_backend backend-site2-local
163+
164+listen site7-local
165+ bind 0.0.0.0:444 ssl crt /etc/haproxy/site7-bundle.crt
166+ default_backend backend-site7-local
167diff --git a/tests/unit/files/haproxy_config_rendered_test_output.txt b/tests/unit/files/haproxy_config_rendered_test_output.txt
168index 006e385..2c6cd52 100644
169--- a/tests/unit/files/haproxy_config_rendered_test_output.txt
170+++ b/tests/unit/files/haproxy_config_rendered_test_output.txt
171@@ -44,11 +44,16 @@ listen combined-80
172 use_backend backend-site3-local if { hdr(Host) -i site3.local }
173 use_backend backend-site4-local if { hdr(Host) -i site4.local }
174 use_backend backend-site5 if { hdr(Host) -i site5.local }
175+ use_backend backend-site6-local if { hdr(Host) -i site6.local }
176
177 listen site2-local
178- bind 0.0.0.0:443 ssl crt /etc/haproxy/some-bundle.crt
179+ bind 0.0.0.0:443 ssl crt /etc/haproxy/site2-bundle.crt
180 default_backend backend-site2-local
181
182+listen site7-local
183+ bind 0.0.0.0:444 ssl crt /etc/haproxy/site7-bundle.crt
184+ default_backend backend-site7-local
185+
186 backend backend-site1-local
187 option httpchk HEAD /?token=1868572800_4eb30fc94f247635f7ed445083a4783862ad58de HTTP/1.0\r\nHost:\ site1.local\r\nUser-Agent:\ haproxy/httpchk
188 http-request set-header Host site1.local
189@@ -86,3 +91,15 @@ backend backend-site5-2
190 http-request set-header Host site5.local
191 balance leastconn
192 server server_1 127.0.1.11:80 check inter 5000 rise 2 fall 5 maxconn 16
193+
194+backend backend-site6-local
195+ option httpchk HEAD / HTTP/1.0\r\nHost:\ site6.local\r\nUser-Agent:\ haproxy/httpchk
196+ http-request set-header Host site6.local
197+ balance leastconn
198+ server server_1 127.0.1.10:443 check inter 5000 rise 2 fall 5 maxconn 16 ssl sni str(site6.local) check-sni site6.local verify required ca-file ca-certificates.crt
199+
200+backend backend-site7-local
201+ option httpchk HEAD / HTTP/1.0\r\nHost:\ site7.local\r\nUser-Agent:\ haproxy/httpchk
202+ http-request set-header Host site7.local
203+ balance leastconn
204+ server server_1 127.0.1.10:80 check inter 5000 rise 2 fall 5 maxconn 16
205diff --git a/tests/unit/files/nginx_config_rendered_test_output-site6.local.txt b/tests/unit/files/nginx_config_rendered_test_output-site6.local.txt
206new file mode 100644
207index 0000000..65b2f9c
208--- /dev/null
209+++ b/tests/unit/files/nginx_config_rendered_test_output-site6.local.txt
210@@ -0,0 +1,22 @@
211+proxy_cache_path /var/lib/nginx/proxy/site6.local use_temp_path=off levels=1:2 keys_zone=site6-cache:10m max_size=1g;
212+
213+server {
214+ server_name site6.local;
215+ listen 127.0.0.1:6085;
216+
217+ location / {
218+ proxy_pass http://localhost:8085;
219+ proxy_set_header Host "site6.local";
220+ proxy_cache site6-cache;
221+ proxy_cache_background_update on;
222+ proxy_cache_lock on;
223+ proxy_cache_min_uses 1;
224+ proxy_cache_revalidate on;
225+ proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
226+ proxy_cache_valid 200 1d;
227+ }
228+
229+
230+ access_log /var/log/nginx/site6.local-access.log content_cache;
231+ error_log /var/log/nginx/site6.local-error.log;
232+}
233diff --git a/tests/unit/files/nginx_config_rendered_test_output-site7.local.txt b/tests/unit/files/nginx_config_rendered_test_output-site7.local.txt
234new file mode 100644
235index 0000000..3445a5a
236--- /dev/null
237+++ b/tests/unit/files/nginx_config_rendered_test_output-site7.local.txt
238@@ -0,0 +1,22 @@
239+proxy_cache_path /var/lib/nginx/proxy/site7.local use_temp_path=off levels=1:2 keys_zone=site7-cache:10m max_size=1g;
240+
241+server {
242+ server_name site7.local;
243+ listen 127.0.0.1:6086;
244+
245+ location / {
246+ proxy_pass http://localhost:8086;
247+ proxy_set_header Host "site7.local";
248+ proxy_cache site7-cache;
249+ proxy_cache_background_update on;
250+ proxy_cache_lock on;
251+ proxy_cache_min_uses 1;
252+ proxy_cache_revalidate on;
253+ proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
254+ proxy_cache_valid 200 1d;
255+ }
256+
257+
258+ access_log /var/log/nginx/site7.local-access.log content_cache;
259+ error_log /var/log/nginx/site7.local-error.log;
260+}
261diff --git a/tests/unit/test_content_cache.py b/tests/unit/test_content_cache.py
262index 87bfb0d..5228d45 100644
263--- a/tests/unit/test_content_cache.py
264+++ b/tests/unit/test_content_cache.py
265@@ -151,7 +151,8 @@ class TestCharm(unittest.TestCase):
266 content_cache.configure_nginx(self.tmpdir)
267 self.assertFalse(service_start_or_restart.assert_not_called())
268
269- for site in ['site1.local', 'site2.local', 'site3.local', 'site4.local', 'site5']:
270+ for site in ['site1.local', 'site2.local', 'site3.local',
271+ 'site4.local', 'site5', 'site6.local', 'site7.local']:
272 with open('tests/unit/files/nginx_config_rendered_test_output-{}.txt'.format(site),
273 'r', encoding='utf-8') as f:
274 want = f.read()

Subscribers

People subscribed via source and target branches