Content Cache Charm

Merge ~hloeung/content-cache-charm:haproxy-config into content-cache-charm:master

  1. Git
  2. lp:~hloeung/content-cache-charm
  3. haproxy-config
  4. Merge into master
Proposed by Haw Loeung
Status: Merged
Approved by: Haw Loeung
Approved revision: 282d358ccc86dd84b34ef1e71d2c81f3b2c84e9c
Merged at revision: 00ab9893d3074fccb217ab12b33e683c14d35b89
Proposed branch: ~hloeung/content-cache-charm:haproxy-config
Merge into: content-cache-charm:master
Diff against target: 665 lines (+295/-49)
10 files modified
config.yaml (+3/-3)
lib/haproxy.py (+12/-10)
reactive/content_cache.py (+1/-3)
templates/haproxy_cfg.tmpl (+3/-1)
tests/unit/files/content_cache_rendered_haproxy_test_output.txt (+2/-14)
tests/unit/files/content_cache_rendered_haproxy_test_output_auto_maxconns.txt (+246/-0)
tests/unit/files/haproxy_config_rendered_listen_stanzas_test_output.txt (+0/-3)
tests/unit/files/haproxy_config_rendered_test_output.txt (+2/-4)
tests/unit/test_content_cache.py (+24/-9)
tests/unit/test_haproxy.py (+2/-2)
Reviewer Review Type Date Requested Status
Stuart Bishop (community) Approve
Content Cache Charmers Pending
Review via email: mp+380383@code.launchpad.net

Commit message

Automatically calculate max. connections - LP:1866036

This is now split to per site in the 'default' stanza rather than each site's listen stanza. Also, the global max. connections is now a total of each per-site.

To post a comment you must log in.
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

This merge proposal is being monitored by mergebot. Change the status to Approved to merge.

Revision history for this message
Tom Haddon (mthaddon) wrote :

Overall this looks very good. Could we have a test where maxconn is set to something other than 0 to confirm manually setting it does the right thing?

Revision history for this message
Stuart Bishop (stub) wrote :

Code changes all look good. This changes the meaning of the charm config from global max-connections to per-site max-connections, which is a backwards incompatible change but one we should be able to live with (anyone besides Canonical running this charm?).

review: Approve
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

Change successfully merged at revision 00ab9893d3074fccb217ab12b33e683c14d35b89

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/config.yaml b/config.yaml
2index d6bb918..4b5d99b 100644
3--- a/config.yaml
4+++ b/config.yaml
5@@ -38,10 +38,10 @@ options:
6 Number of log files to retain during rotation.
7 max_connections:
8 type: int
9- default: 8192
10+ default: 0
11 description: >
12- Configure maximum number of connections on frontend HAProxy. (8192 for now,
13- the default will automatically be calculated in the future)
14+ Configure maximum number of connections per site on frontend
15+ HAProxy. Defaults to auto-calculate (0).
16 nagios_context:
17 type: string
18 default: "juju"
19diff --git a/lib/haproxy.py b/lib/haproxy.py
20index 6c70fc4..e3a4d38 100644
21--- a/lib/haproxy.py
22+++ b/lib/haproxy.py
23@@ -14,9 +14,9 @@ TLS_CIPHER_SUITES = 'ECDHE+AESGCM:ECDHE+AES256:ECDHE+AES128:!SSLv3:!TLSv1'
24
25
26 class HAProxyConf:
27- def __init__(self, conf_path=HAPROXY_BASE_PATH, max_connections=2000):
28+ def __init__(self, conf_path=HAPROXY_BASE_PATH, max_connections=0):
29 self._conf_path = conf_path
30- self.max_connections = max_connections
31+ self.max_connections = int(max_connections)
32
33 @property
34 def conf_path(self):
35@@ -99,7 +99,6 @@ class HAProxyConf:
36 listen_stanza = """
37 listen {name}
38 {bind_config}
39- maxconn {max_connections}
40 {backend_config}"""
41 backend_conf = '{indent}use_backend backend-{backend} if {{ hdr(Host) -i {site_name} }}\n'
42 redirect_conf = '{indent}redirect scheme https code 301 if {{ hdr(Host) -i {site_name} }} !{{ ssl_fc }}\n'
43@@ -153,11 +152,7 @@ listen {name}
44 if address == '0.0.0.0':
45 bind_config += '\n{indent}bind :::{port}{tls}'.format(port=port, tls=tls_config, indent=INDENT)
46 output = listen_stanza.format(
47- name=name,
48- max_connections=self.max_connections,
49- backend_config=''.join(backend_config),
50- bind_config=bind_config,
51- indent=INDENT,
52+ name=name, backend_config=''.join(backend_config), bind_config=bind_config, indent=INDENT,
53 )
54 rendered_output.append(output)
55 return rendered_output
56@@ -250,18 +245,25 @@ backend backend-{name}
57 def render(self, config, num_threads=None, monitoring_password=None, tls_cipher_suites=None):
58 if not num_threads:
59 num_threads = multiprocessing.cpu_count()
60+ if self.max_connections:
61+ max_connections = self.max_connections
62+ else:
63+ max_connections = num_threads * 2000
64 if not tls_cipher_suites:
65 tls_cipher_suites = TLS_CIPHER_SUITES
66 tls_cipher_suites = utils.tls_cipher_suites(tls_cipher_suites)
67
68+ listen_stanzas = self.render_stanza_listen(config)
69+
70 base = os.path.dirname(os.path.dirname(os.path.realpath(__file__)))
71 env = jinja2.Environment(loader=jinja2.FileSystemLoader(base))
72 template = env.get_template('templates/haproxy_cfg.tmpl')
73 return template.render(
74 {
75 'backend': self.render_stanza_backend(config),
76- 'listen': self.render_stanza_listen(config),
77- 'max_connections': self.max_connections,
78+ 'global_max_connections': max_connections * len(listen_stanzas),
79+ 'listen': listen_stanzas,
80+ 'max_connections': max_connections,
81 'monitoring_password': monitoring_password or self.monitoring_password,
82 'num_threads': num_threads,
83 'tls_cipher_suites': tls_cipher_suites,
84diff --git a/reactive/content_cache.py b/reactive/content_cache.py
85index ea8cf20..450c63f 100644
86--- a/reactive/content_cache.py
87+++ b/reactive/content_cache.py
88@@ -204,9 +204,7 @@ def configure_haproxy(): # NOQA: C901 LP#1825084
89 status.blocked('requires list of sites to configure')
90 return
91
92- # TODO: Calculate max connections if none specified. Likely use configured
93- # nbthreads (2000 * nbthreads). Or maybe even per site.
94- haproxy = HAProxy.HAProxyConf(max_connections=config['max_connections'])
95+ haproxy = HAProxy.HAProxyConf(max_connections=config.get('max_connections', 0))
96 sites_secrets = secrets_from_config(config.get('sites_secrets'))
97 blacklist_ports = [int(x.strip()) for x in config.get('blacklist_ports', '').split(',') if x.strip()]
98 sites = sites_from_config(config.get('sites'), sites_secrets, blacklist_ports=blacklist_ports)
99diff --git a/templates/haproxy_cfg.tmpl b/templates/haproxy_cfg.tmpl
100index a4ec3be..aee0e16 100644
101--- a/templates/haproxy_cfg.tmpl
102+++ b/templates/haproxy_cfg.tmpl
103@@ -1,6 +1,6 @@
104 global
105 nbthread {{num_threads}}
106- maxconn {{max_connections}}
107+ maxconn {{global_max_connections}}
108 log /dev/log local0
109 log /dev/log local1 notice
110 chroot /var/lib/haproxy
111@@ -26,6 +26,7 @@ global
112
113 defaults
114 log global
115+ maxconn {{max_connections}}
116 mode http
117 option httplog
118 option dontlognull
119@@ -59,3 +60,4 @@ listen stats
120 {% for stanza in backend -%}
121 {{stanza}}
122 {%- endfor -%}
123+
124diff --git a/tests/unit/files/content_cache_rendered_haproxy_test_output.txt b/tests/unit/files/content_cache_rendered_haproxy_test_output.txt
125index b715f9d..73063ab 100644
126--- a/tests/unit/files/content_cache_rendered_haproxy_test_output.txt
127+++ b/tests/unit/files/content_cache_rendered_haproxy_test_output.txt
128@@ -1,6 +1,6 @@
129 global
130 nbthread 4
131- maxconn 8192
132+ maxconn 106496
133 log /dev/log local0
134 log /dev/log local1 notice
135 chroot /var/lib/haproxy
136@@ -26,6 +26,7 @@ global
137
138 defaults
139 log global
140+ maxconn 8192
141 mode http
142 option httplog
143 option dontlognull
144@@ -56,7 +57,6 @@ listen stats
145 listen combined-80
146 bind 0.0.0.0:80
147 bind :::80
148- maxconn 8192
149 use_backend backend-cached-site1-local if { hdr(Host) -i site1.local }
150 redirect scheme https code 301 if { hdr(Host) -i site2.local } !{ ssl_fc }
151 use_backend backend-cached-site3-local if { hdr(Host) -i site3.local }
152@@ -67,65 +67,53 @@ listen combined-80
153
154 listen site1-local
155 bind 127.0.0.1:8080
156- maxconn 8192
157 default_backend backend-site1-local
158
159 listen cached-site2-local
160 bind 0.0.0.0:443 ssl crt /etc/haproxy/site2-bundle.crt
161 bind :::443 ssl crt /etc/haproxy/site2-bundle.crt
162- maxconn 8192
163 default_backend backend-cached-site2-local
164
165 listen site2-local
166 bind 127.0.0.1:8081
167- maxconn 8192
168 default_backend backend-site2-local
169
170 listen site3-local
171 bind 127.0.0.1:8082
172- maxconn 8192
173 default_backend backend-site3-local
174
175 listen site5
176 bind 127.0.0.1:8083
177- maxconn 8192
178 default_backend backend-site5
179
180 listen site5-2
181 bind 127.0.0.1:8084
182- maxconn 8192
183 default_backend backend-site5
184
185 listen site6-local
186 bind 127.0.0.1:8085
187- maxconn 8192
188 default_backend backend-site6-local
189
190 listen combined-444
191 bind 0.0.0.0:444 ssl crt /etc/haproxy/site7-bundle.crt crt /etc/haproxy/site8-bundle.crt
192 bind :::444 ssl crt /etc/haproxy/site7-bundle.crt crt /etc/haproxy/site8-bundle.crt
193- maxconn 8192
194 use_backend backend-cached-site7-local if { hdr(Host) -i site7.local }
195 use_backend backend-cached-site8-local if { hdr(Host) -i site8.local }
196
197 listen site7-local
198 bind 127.0.0.1:8086
199- maxconn 8192
200 default_backend backend-site7-local
201
202 listen site8-local
203 bind 127.0.0.1:8087
204- maxconn 8192
205 default_backend backend-site8-local
206
207 listen site8-local-2
208 bind 127.0.0.1:8088
209- maxconn 8192
210 default_backend backend-site8-local
211
212 listen site9-local
213 bind 127.0.0.1:8089
214- maxconn 8192
215 default_backend backend-site9-local
216
217 backend backend-cached-site1-local
218diff --git a/tests/unit/files/content_cache_rendered_haproxy_test_output_auto_maxconns.txt b/tests/unit/files/content_cache_rendered_haproxy_test_output_auto_maxconns.txt
219new file mode 100644
220index 0000000..cad0ce4
221--- /dev/null
222+++ b/tests/unit/files/content_cache_rendered_haproxy_test_output_auto_maxconns.txt
223@@ -0,0 +1,246 @@
224+global
225+ nbthread 4
226+ maxconn 104000
227+ log /dev/log local0
228+ log /dev/log local1 notice
229+ chroot /var/lib/haproxy
230+ stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
231+ stats timeout 30s
232+ user haproxy
233+ group haproxy
234+ daemon
235+
236+ # Default SSL material locations
237+ ca-base /etc/ssl/certs
238+ crt-base /etc/ssl/private
239+
240+ # Default ciphers to use on SSL-enabled listening sockets.
241+ # For more information, see ciphers(1SSL). This list is from:
242+ # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
243+ # An alternative list with additional directives can be obtained from
244+ # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
245+ ssl-default-bind-ciphers ECDHE+AESGCM:ECDHE+AES256:ECDHE+AES128:!SSLv3:!TLSv1
246+ ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11
247+ # We'll eventually disable DHE (LP#1825321), but for now, bump DH params
248+ tune.ssl.default-dh-param 2048
249+
250+defaults
251+ log global
252+ maxconn 8000
253+ mode http
254+ option httplog
255+ option dontlognull
256+ timeout connect 5000
257+ timeout client 50000
258+ timeout server 50000
259+ errorfile 400 /etc/haproxy/errors/400.http
260+ errorfile 403 /etc/haproxy/errors/403.http
261+ errorfile 408 /etc/haproxy/errors/408.http
262+ errorfile 500 /etc/haproxy/errors/500.http
263+ errorfile 502 /etc/haproxy/errors/502.http
264+ errorfile 503 /etc/haproxy/errors/503.http
265+ errorfile 504 /etc/haproxy/errors/504.http
266+
267+listen stats
268+ bind 127.0.0.1:10000
269+ acl allowed_cidr src 127.0.0.0/8
270+ http-request deny unless allowed_cidr
271+
272+ mode http
273+ stats enable
274+ stats uri /
275+ stats realm Haproxy\ Statistics
276+ stats auth haproxy:biometricsarenotsecret
277+ stats refresh 3
278+
279+
280+listen combined-80
281+ bind 0.0.0.0:80
282+ bind :::80
283+ use_backend backend-cached-site1-local if { hdr(Host) -i site1.local }
284+ redirect scheme https code 301 if { hdr(Host) -i site2.local } !{ ssl_fc }
285+ use_backend backend-cached-site3-local if { hdr(Host) -i site3.local }
286+ use_backend backend-cached-site4-local if { hdr(Host) -i site4.local }
287+ use_backend backend-cached-site5 if { hdr(Host) -i site5.local }
288+ use_backend backend-cached-site6-local if { hdr(Host) -i site6.local }
289+ use_backend backend-cached-site9-local if { hdr(Host) -i site9.local }
290+
291+listen site1-local
292+ bind 127.0.0.1:8080
293+ default_backend backend-site1-local
294+
295+listen cached-site2-local
296+ bind 0.0.0.0:443 ssl crt /etc/haproxy/site2-bundle.crt
297+ bind :::443 ssl crt /etc/haproxy/site2-bundle.crt
298+ default_backend backend-cached-site2-local
299+
300+listen site2-local
301+ bind 127.0.0.1:8081
302+ default_backend backend-site2-local
303+
304+listen site3-local
305+ bind 127.0.0.1:8082
306+ default_backend backend-site3-local
307+
308+listen site5
309+ bind 127.0.0.1:8083
310+ default_backend backend-site5
311+
312+listen site5-2
313+ bind 127.0.0.1:8084
314+ default_backend backend-site5
315+
316+listen site6-local
317+ bind 127.0.0.1:8085
318+ default_backend backend-site6-local
319+
320+listen combined-444
321+ bind 0.0.0.0:444 ssl crt /etc/haproxy/site7-bundle.crt crt /etc/haproxy/site8-bundle.crt
322+ bind :::444 ssl crt /etc/haproxy/site7-bundle.crt crt /etc/haproxy/site8-bundle.crt
323+ use_backend backend-cached-site7-local if { hdr(Host) -i site7.local }
324+ use_backend backend-cached-site8-local if { hdr(Host) -i site8.local }
325+
326+listen site7-local
327+ bind 127.0.0.1:8086
328+ default_backend backend-site7-local
329+
330+listen site8-local
331+ bind 127.0.0.1:8087
332+ default_backend backend-site8-local
333+
334+listen site8-local-2
335+ bind 127.0.0.1:8088
336+ default_backend backend-site8-local
337+
338+listen site9-local
339+ bind 127.0.0.1:8089
340+ default_backend backend-site9-local
341+
342+backend backend-cached-site1-local
343+ option forwardfor
344+ option httpchk HEAD /?token=1861920000_f3e404e205ed44749e942d481f7a7bec57c5e78a HTTP/1.0\r\nHost:\ site1.local\r\nUser-Agent:\ haproxy/httpchk\r\nCache-Control:\ no-cache
345+ http-request set-header Host site1.local
346+ balance leastconn
347+ server server_1 127.0.0.1:6080 check inter 5000 rise 2 fall 5 maxconn 2048
348+
349+backend backend-site1-local
350+ option httpchk HEAD / HTTP/1.0\r\nHost:\ site1.local\r\nUser-Agent:\ haproxy/httpchk\r\nCache-Control:\ no-cache
351+ http-request set-header Host site1.local
352+ balance leastconn
353+ server server_1 127.0.1.10:80 check inter 5000 rise 2 fall 5 maxconn 2048
354+ server server_2 127.0.1.11:80 check inter 5000 rise 2 fall 5 maxconn 2048
355+ server server_3 127.0.1.12:80 check inter 5000 rise 2 fall 5 maxconn 2048
356+
357+backend backend-cached-site2-local
358+ option forwardfor
359+ option httpchk GET /check/ HTTP/1.0\r\nHost:\ site2.local\r\nUser-Agent:\ haproxy/httpchk\r\nCache-Control:\ no-cache
360+ http-request set-header Host site2.local
361+ balance leastconn
362+ server server_1 127.0.0.1:6081 check inter 5000 rise 2 fall 5 maxconn 2048
363+
364+backend backend-site2-local
365+ option httpchk GET /check/ HTTP/1.0\r\nHost:\ site2.local\r\nUser-Agent:\ haproxy/httpchk\r\nCache-Control:\ no-cache
366+ http-request set-header Host site2.local
367+ balance leastconn
368+ server server_1 127.0.1.10:443 check inter 5000 rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt
369+ server server_2 127.0.1.11:443 check inter 5000 rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt
370+ server server_3 127.0.1.12:443 check inter 5000 rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt
371+
372+backend backend-cached-site3-local
373+ option forwardfor
374+ option httpchk HEAD / HTTP/1.0\r\nHost:\ site3.local\r\nUser-Agent:\ haproxy/httpchk\r\nCache-Control:\ no-cache
375+ http-request set-header Host site3.local
376+ balance leastconn
377+ server server_1 127.0.0.1:6082 check inter 5000 rise 2 fall 5 maxconn 4096
378+
379+backend backend-site3-local
380+ option httpchk HEAD / HTTP/1.0\r\nHost:\ site3.local\r\nUser-Agent:\ haproxy/httpchk\r\nCache-Control:\ no-cache
381+ http-request set-header Host site3.local
382+ balance leastconn
383+ server server_1 127.0.1.10:80 check inter 5000 rise 2 fall 5 maxconn 2048
384+ server server_2 127.0.1.11:80 check inter 5000 rise 2 fall 5 maxconn 2048
385+ server server_3 127.0.1.12:80 check inter 5000 rise 2 fall 5 maxconn 2048
386+
387+backend backend-cached-site4-local
388+ option forwardfor
389+ option httpchk HEAD / HTTP/1.0\r\nHost:\ site4.local\r\nUser-Agent:\ haproxy/httpchk\r\nCache-Control:\ no-cache
390+ http-request set-header Host site4.local
391+ balance leastconn
392+ server server_1 127.0.0.1:6083 check inter 5000 rise 2 fall 5 maxconn 2048
393+
394+backend backend-cached-site5
395+ option forwardfor
396+ option httpchk HEAD / HTTP/1.0\r\nHost:\ site5.local\r\nUser-Agent:\ haproxy/httpchk\r\nCache-Control:\ no-cache
397+ http-request set-header Host site5.local
398+ balance leastconn
399+ server server_1 127.0.0.1:6084 check inter 5000 rise 2 fall 5 maxconn 2048
400+
401+backend backend-site5
402+ option httpchk HEAD / HTTP/1.0\r\nHost:\ site5.local\r\nUser-Agent:\ haproxy/httpchk\r\nCache-Control:\ no-cache
403+ http-request set-header Host site5.local
404+ balance leastconn
405+ server server_1 127.0.1.10:80 check inter 5000 rise 2 fall 5 maxconn 2048
406+
407+backend backend-site5-2
408+ option httpchk HEAD / HTTP/1.0\r\nHost:\ site5.local\r\nUser-Agent:\ haproxy/httpchk\r\nCache-Control:\ no-cache
409+ http-request set-header Host site5.local
410+ balance leastconn
411+ server server_1 127.0.1.11:80 check inter 5000 rise 2 fall 5 maxconn 2048
412+
413+backend backend-cached-site6-local
414+ option forwardfor
415+ option httpchk HEAD / HTTP/1.0\r\nHost:\ site6.local\r\nUser-Agent:\ haproxy/httpchk\r\nCache-Control:\ no-cache
416+ http-request set-header Host site6.local
417+ balance leastconn
418+ server server_1 127.0.0.1:6085 check inter 5000 rise 2 fall 5 maxconn 2048
419+
420+backend backend-site6-local
421+ option httpchk HEAD / HTTP/1.0\r\nHost:\ site6.local\r\nUser-Agent:\ haproxy/httpchk\r\nCache-Control:\ no-cache
422+ http-request set-header Host site6.local
423+ balance leastconn
424+ server server_1 127.0.1.10:443 check inter 5000 rise 2 fall 5 maxconn 2048 ssl sni str(site6.local) check-sni site6.local verify required ca-file ca-certificates.crt
425+
426+backend backend-cached-site7-local
427+ option forwardfor
428+ option httpchk HEAD / HTTP/1.0\r\nHost:\ site7.local\r\nUser-Agent:\ haproxy/httpchk\r\nCache-Control:\ no-cache
429+ http-request set-header Host site7.local
430+ balance leastconn
431+ server server_1 127.0.0.1:6086 check inter 5000 rise 2 fall 5 maxconn 2048
432+
433+backend backend-site7-local
434+ option httpchk HEAD / HTTP/1.0\r\nHost:\ site7.local\r\nUser-Agent:\ haproxy/httpchk\r\nCache-Control:\ no-cache
435+ http-request set-header Host site7.local
436+ balance leastconn
437+ server server_1 127.0.1.10:80 check inter 5000 rise 2 fall 5 maxconn 2048
438+
439+backend backend-cached-site8-local
440+ option forwardfor
441+ option httpchk HEAD / HTTP/1.0\r\nHost:\ site8.local\r\nUser-Agent:\ haproxy/httpchk\r\nCache-Control:\ no-cache
442+ http-request set-header Host site8.local
443+ balance leastconn
444+ server server_1 127.0.0.1:6087 check inter 5000 rise 2 fall 5 maxconn 2048
445+
446+backend backend-site8-local
447+ option httpchk HEAD / HTTP/1.0\r\nHost:\ site8.local\r\nUser-Agent:\ haproxy/httpchk\r\nCache-Control:\ no-cache
448+ http-request set-header Host site8.local
449+ balance leastconn
450+ server server_1 127.0.1.10:80 check inter 5000 rise 2 fall 5 maxconn 2048
451+
452+backend backend-site8-local-2
453+ option httpchk HEAD / HTTP/1.0\r\nHost:\ auth.site8.local\r\nUser-Agent:\ haproxy/httpchk\r\nCache-Control:\ no-cache
454+ http-request set-header Host auth.site8.local
455+ balance leastconn
456+ server server_1 127.0.1.10:443 check inter 5000 rise 2 fall 5 maxconn 2048 ssl sni str(auth.site8.local) check-sni auth.site8.local verify required ca-file ca-certificates.crt
457+
458+backend backend-cached-site9-local
459+ option forwardfor
460+ option httpchk HEAD / HTTP/1.0\r\nHost:\ site9.local\r\nUser-Agent:\ haproxy/httpchk\r\nCache-Control:\ no-cache
461+ http-request set-header Host site9.local
462+ balance leastconn
463+ server server_1 127.0.0.1:6088 check inter 1m rise 2 fall 5 maxconn 2048
464+
465+backend backend-site9-local
466+ option httpchk HEAD / HTTP/1.0\r\nHost:\ site9.local\r\nUser-Agent:\ haproxy/httpchk\r\nCache-Control:\ no-cache
467+ http-request set-header Host site9.local
468+ balance leastconn
469+ server server_1 127.0.1.15:80 check inter 1m rise 2 fall 5 maxconn 2048
470diff --git a/tests/unit/files/haproxy_config_rendered_listen_stanzas_test_output.txt b/tests/unit/files/haproxy_config_rendered_listen_stanzas_test_output.txt
471index 57884f0..e98c5fe 100644
472--- a/tests/unit/files/haproxy_config_rendered_listen_stanzas_test_output.txt
473+++ b/tests/unit/files/haproxy_config_rendered_listen_stanzas_test_output.txt
474@@ -2,7 +2,6 @@
475 listen combined-80
476 bind 0.0.0.0:80
477 bind :::80
478- maxconn 8192
479 use_backend backend-site1-local if { hdr(Host) -i site1.local }
480 redirect scheme https code 301 if { hdr(Host) -i site2.local } !{ ssl_fc }
481 use_backend backend-site3-local if { hdr(Host) -i site3.local }
482@@ -14,12 +13,10 @@ listen combined-80
483 listen site2-local
484 bind 0.0.0.0:443 ssl crt /etc/haproxy/site2-bundle.crt
485 bind :::443 ssl crt /etc/haproxy/site2-bundle.crt
486- maxconn 8192
487 default_backend backend-site2-local
488
489 listen combined-444
490 bind 0.0.0.0:444 ssl crt /etc/haproxy/site7-bundle.crt crt /etc/haproxy/site8-bundle.crt
491 bind :::444 ssl crt /etc/haproxy/site7-bundle.crt crt /etc/haproxy/site8-bundle.crt
492- maxconn 8192
493 use_backend backend-site7-local if { hdr(Host) -i site7.local }
494 use_backend backend-site8-local if { hdr(Host) -i site8.local }
495diff --git a/tests/unit/files/haproxy_config_rendered_test_output.txt b/tests/unit/files/haproxy_config_rendered_test_output.txt
496index e3132ec..e1b10d9 100644
497--- a/tests/unit/files/haproxy_config_rendered_test_output.txt
498+++ b/tests/unit/files/haproxy_config_rendered_test_output.txt
499@@ -1,6 +1,6 @@
500 global
501 nbthread 4
502- maxconn 8192
503+ maxconn 15000
504 log /dev/log local0
505 log /dev/log local1 notice
506 chroot /var/lib/haproxy
507@@ -26,6 +26,7 @@ global
508
509 defaults
510 log global
511+ maxconn 5000
512 mode http
513 option httplog
514 option dontlognull
515@@ -56,7 +57,6 @@ listen stats
516 listen combined-80
517 bind 0.0.0.0:80
518 bind :::80
519- maxconn 8192
520 use_backend backend-site1-local if { hdr(Host) -i site1.local }
521 redirect scheme https code 301 if { hdr(Host) -i site2.local } !{ ssl_fc }
522 use_backend backend-site3-local if { hdr(Host) -i site3.local }
523@@ -68,13 +68,11 @@ listen combined-80
524 listen site2-local
525 bind 0.0.0.0:443 ssl crt /etc/haproxy/site2-bundle.crt
526 bind :::443 ssl crt /etc/haproxy/site2-bundle.crt
527- maxconn 8192
528 default_backend backend-site2-local
529
530 listen combined-444
531 bind 0.0.0.0:444 ssl crt /etc/haproxy/site7-bundle.crt crt /etc/haproxy/site8-bundle.crt
532 bind :::444 ssl crt /etc/haproxy/site7-bundle.crt crt /etc/haproxy/site8-bundle.crt
533- maxconn 8192
534 use_backend backend-site7-local if { hdr(Host) -i site7.local }
535 use_backend backend-site8-local if { hdr(Host) -i site8.local }
536
537diff --git a/tests/unit/test_content_cache.py b/tests/unit/test_content_cache.py
538index 9e1de72..4cbbf05 100644
539--- a/tests/unit/test_content_cache.py
540+++ b/tests/unit/test_content_cache.py
541@@ -176,7 +176,6 @@ class TestCharm(unittest.TestCase):
542 'cache_max_size': '1g',
543 'cache_path': '/var/lib/nginx/proxy',
544 'enable_prometheus_metrics': False,
545- 'max_connections': 8192,
546 'sites': ngx_config,
547 'worker_connections': 768,
548 'worker_processes': 0,
549@@ -255,7 +254,6 @@ site1.local:
550 'cache_inactive_time': '',
551 'cache_max_size': '1g',
552 'cache_path': '/var/lib/nginx/proxy',
553- 'max_connections': 8192,
554 'sites': config,
555 'sites_secrets': secrets,
556 'worker_connections': 768,
557@@ -308,7 +306,6 @@ site1.local:
558 'cache_inactive_time': '2h',
559 'cache_max_size': '1g',
560 'cache_path': '/var/lib/nginx/proxy',
561- 'max_connections': 8192,
562 'sites': config,
563 'worker_connections': 768,
564 'worker_processes': 0,
565@@ -326,7 +323,6 @@ site1.local:
566 'cache_inactive_time': '2h',
567 'cache_max_size': '20g',
568 'cache_path': '/srv/cache',
569- 'max_connections': 8192,
570 'sites': config,
571 'worker_connections': 768,
572 'worker_processes': 0,
573@@ -345,7 +341,6 @@ site1.local:
574 'cache_inactive_time': '2h',
575 'cache_max_size': '',
576 'cache_path': '/srv/cache',
577- 'max_connections': 8192,
578 'sites': config,
579 'worker_connections': 768,
580 'worker_processes': 0,
581@@ -368,7 +363,7 @@ site1.local:
582
583 status.reset_mock()
584 clear_flag.reset_mock()
585- self.mock_config.return_value = {'max_connections': 8192, 'sites': 'site1:'}
586+ self.mock_config.return_value = {'sites': 'site1:'}
587 content_cache.configure_haproxy()
588 status.blocked.assert_called()
589 clear_flag.assert_called_once_with('content_cache.active')
590@@ -403,6 +398,29 @@ site1.local:
591 got = f.read()
592 self.assertEqual(got, want)
593
594+ @freezegun.freeze_time("2019-03-22", tz_offset=0)
595+ @mock.patch('charms.reactive.set_flag')
596+ @mock.patch('reactive.content_cache.update_logrotate')
597+ def test_configure_haproxy_sites_auto_maxconns(self, logrotation, set_flag):
598+ with open('tests/unit/files/config_test_config.txt', 'r', encoding='utf-8') as f:
599+ ngx_config = f.read()
600+ self.mock_config.return_value = {'max_connections': 0, 'sites': ngx_config}
601+
602+ with mock.patch('lib.haproxy.HAProxyConf.conf_file', new_callable=mock.PropertyMock) as mock_conf_file:
603+ mock_conf_file.return_value = os.path.join(self.tmpdir, 'haproxy.cfg')
604+ with mock.patch('charmhelpers.core.host.pwgen', return_value="biometricsarenotsecret"), mock.patch(
605+ 'charmhelpers.core.hookenv.opened_ports', return_value=["443/tcp"]
606+ ), mock.patch('charmhelpers.core.hookenv.open_port'), mock.patch('charmhelpers.core.hookenv.close_port'):
607+ content_cache.configure_haproxy()
608+
609+ with open(
610+ 'tests/unit/files/content_cache_rendered_haproxy_test_output_auto_maxconns.txt', 'r', encoding='utf-8'
611+ ) as f:
612+ want = f.read()
613+ with open(os.path.join(self.tmpdir, 'haproxy.cfg'), 'r', encoding='utf-8') as f:
614+ got = f.read()
615+ self.assertEqual(got, want)
616+
617 @mock.patch('charms.reactive.set_flag')
618 def test_fire_stats_hook(self, set_flag):
619 content_cache.fire_stats_hook()
620@@ -984,7 +1002,6 @@ site1.local:
621 'cache_max_size': '1g',
622 'cache_path': '/var/lib/nginx/proxy',
623 'enable_prometheus_metrics': True,
624- 'max_connections': 8192,
625 'sites': ngx_config,
626 'worker_connections': 768,
627 'worker_processes': 0,
628@@ -1061,7 +1078,6 @@ site1.local:
629 # Test that haproxy calls close_port with the nginx.METRIC_PORT when enable_prometheus_metrics is False
630 self.mock_config.return_value = {
631 'enable_prometheus_metrics': False,
632- 'max_connections': 8192,
633 'sites': ngx_config,
634 }
635 opened_ports.return_value = {"80/tcp", "{0}/tcp".format(nginx.METRICS_PORT)}
636@@ -1073,7 +1089,6 @@ site1.local:
637 open_port.reset_mock()
638 self.mock_config.return_value = {
639 'enable_prometheus_metrics': True,
640- 'max_connections': 8192,
641 'sites': ngx_config,
642 }
643 content_cache.configure_haproxy()
644diff --git a/tests/unit/test_haproxy.py b/tests/unit/test_haproxy.py
645index f8a8a07..1b2bb96 100644
646--- a/tests/unit/test_haproxy.py
647+++ b/tests/unit/test_haproxy.py
648@@ -70,7 +70,7 @@ class TestLibHAProxy(unittest.TestCase):
649 )
650
651 def test_haproxy_config_rendered_listen_stanzas(self):
652- haproxy = HAProxy.HAProxyConf(self.tmpdir, max_connections=8192)
653+ haproxy = HAProxy.HAProxyConf(self.tmpdir)
654 config = self.site_config
655 output = 'tests/unit/files/haproxy_config_rendered_listen_stanzas_test_output.txt'
656 with open(output, 'r', encoding='utf-8') as f:
657@@ -102,7 +102,7 @@ class TestLibHAProxy(unittest.TestCase):
658
659 @freezegun.freeze_time("2019-03-22", tz_offset=0)
660 def test_haproxy_config_rendered_full_config(self):
661- haproxy = HAProxy.HAProxyConf(self.tmpdir, max_connections=8192)
662+ haproxy = HAProxy.HAProxyConf(self.tmpdir, max_connections=5000)
663 config = self.site_config
664 num_threads = 4
665 tls_cipher_suites = 'ECDH+AESGCM:!aNULL:!MD5:!DSS'

Subscribers

People subscribed via source and target branches