Merge ~hloeung/content-cache-charm:haproxy-config into content-cache-charm:master
- Git
- lp:~hloeung/content-cache-charm
- haproxy-config
- Merge into master
Status: | Merged | ||||
---|---|---|---|---|---|
Approved by: | Haw Loeung | ||||
Approved revision: | 282d358ccc86dd84b34ef1e71d2c81f3b2c84e9c | ||||
Merged at revision: | 00ab9893d3074fccb217ab12b33e683c14d35b89 | ||||
Proposed branch: | ~hloeung/content-cache-charm:haproxy-config | ||||
Merge into: | content-cache-charm:master | ||||
Diff against target: |
665 lines (+295/-49) 10 files modified
config.yaml (+3/-3) lib/haproxy.py (+12/-10) reactive/content_cache.py (+1/-3) templates/haproxy_cfg.tmpl (+3/-1) tests/unit/files/content_cache_rendered_haproxy_test_output.txt (+2/-14) tests/unit/files/content_cache_rendered_haproxy_test_output_auto_maxconns.txt (+246/-0) tests/unit/files/haproxy_config_rendered_listen_stanzas_test_output.txt (+0/-3) tests/unit/files/haproxy_config_rendered_test_output.txt (+2/-4) tests/unit/test_content_cache.py (+24/-9) tests/unit/test_haproxy.py (+2/-2) |
||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Stuart Bishop (community) | Approve | ||
Content Cache Charmers | Pending | ||
Review via email: mp+380383@code.launchpad.net |
Commit message
Automatically calculate max. connections - LP:1866036
This is now split to per site in the 'default' stanza rather than each site's listen stanza. Also, the global max. connections is now a total of each per-site.
Description of the change
Willy explains it best in https:/
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote : | # |
Tom Haddon (mthaddon) wrote : | # |
Overall this looks very good. Could we have a test where maxconn is set to something other than 0 to confirm manually setting it does the right thing?
Stuart Bishop (stub) wrote : | # |
Code changes all look good. This changes the meaning of the charm config from global max-connections to per-site max-connections, which is a backwards incompatible change but one we should be able to live with (anyone besides Canonical running this charm?).
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote : | # |
Change successfully merged at revision 00ab9893d3074fc
Preview Diff
1 | diff --git a/config.yaml b/config.yaml |
2 | index d6bb918..4b5d99b 100644 |
3 | --- a/config.yaml |
4 | +++ b/config.yaml |
5 | @@ -38,10 +38,10 @@ options: |
6 | Number of log files to retain during rotation. |
7 | max_connections: |
8 | type: int |
9 | - default: 8192 |
10 | + default: 0 |
11 | description: > |
12 | - Configure maximum number of connections on frontend HAProxy. (8192 for now, |
13 | - the default will automatically be calculated in the future) |
14 | + Configure maximum number of connections per site on frontend |
15 | + HAProxy. Defaults to auto-calculate (0). |
16 | nagios_context: |
17 | type: string |
18 | default: "juju" |
19 | diff --git a/lib/haproxy.py b/lib/haproxy.py |
20 | index 6c70fc4..e3a4d38 100644 |
21 | --- a/lib/haproxy.py |
22 | +++ b/lib/haproxy.py |
23 | @@ -14,9 +14,9 @@ TLS_CIPHER_SUITES = 'ECDHE+AESGCM:ECDHE+AES256:ECDHE+AES128:!SSLv3:!TLSv1' |
24 | |
25 | |
26 | class HAProxyConf: |
27 | - def __init__(self, conf_path=HAPROXY_BASE_PATH, max_connections=2000): |
28 | + def __init__(self, conf_path=HAPROXY_BASE_PATH, max_connections=0): |
29 | self._conf_path = conf_path |
30 | - self.max_connections = max_connections |
31 | + self.max_connections = int(max_connections) |
32 | |
33 | @property |
34 | def conf_path(self): |
35 | @@ -99,7 +99,6 @@ class HAProxyConf: |
36 | listen_stanza = """ |
37 | listen {name} |
38 | {bind_config} |
39 | - maxconn {max_connections} |
40 | {backend_config}""" |
41 | backend_conf = '{indent}use_backend backend-{backend} if {{ hdr(Host) -i {site_name} }}\n' |
42 | redirect_conf = '{indent}redirect scheme https code 301 if {{ hdr(Host) -i {site_name} }} !{{ ssl_fc }}\n' |
43 | @@ -153,11 +152,7 @@ listen {name} |
44 | if address == '0.0.0.0': |
45 | bind_config += '\n{indent}bind :::{port}{tls}'.format(port=port, tls=tls_config, indent=INDENT) |
46 | output = listen_stanza.format( |
47 | - name=name, |
48 | - max_connections=self.max_connections, |
49 | - backend_config=''.join(backend_config), |
50 | - bind_config=bind_config, |
51 | - indent=INDENT, |
52 | + name=name, backend_config=''.join(backend_config), bind_config=bind_config, indent=INDENT, |
53 | ) |
54 | rendered_output.append(output) |
55 | return rendered_output |
56 | @@ -250,18 +245,25 @@ backend backend-{name} |
57 | def render(self, config, num_threads=None, monitoring_password=None, tls_cipher_suites=None): |
58 | if not num_threads: |
59 | num_threads = multiprocessing.cpu_count() |
60 | + if self.max_connections: |
61 | + max_connections = self.max_connections |
62 | + else: |
63 | + max_connections = num_threads * 2000 |
64 | if not tls_cipher_suites: |
65 | tls_cipher_suites = TLS_CIPHER_SUITES |
66 | tls_cipher_suites = utils.tls_cipher_suites(tls_cipher_suites) |
67 | |
68 | + listen_stanzas = self.render_stanza_listen(config) |
69 | + |
70 | base = os.path.dirname(os.path.dirname(os.path.realpath(__file__))) |
71 | env = jinja2.Environment(loader=jinja2.FileSystemLoader(base)) |
72 | template = env.get_template('templates/haproxy_cfg.tmpl') |
73 | return template.render( |
74 | { |
75 | 'backend': self.render_stanza_backend(config), |
76 | - 'listen': self.render_stanza_listen(config), |
77 | - 'max_connections': self.max_connections, |
78 | + 'global_max_connections': max_connections * len(listen_stanzas), |
79 | + 'listen': listen_stanzas, |
80 | + 'max_connections': max_connections, |
81 | 'monitoring_password': monitoring_password or self.monitoring_password, |
82 | 'num_threads': num_threads, |
83 | 'tls_cipher_suites': tls_cipher_suites, |
84 | diff --git a/reactive/content_cache.py b/reactive/content_cache.py |
85 | index ea8cf20..450c63f 100644 |
86 | --- a/reactive/content_cache.py |
87 | +++ b/reactive/content_cache.py |
88 | @@ -204,9 +204,7 @@ def configure_haproxy(): # NOQA: C901 LP#1825084 |
89 | status.blocked('requires list of sites to configure') |
90 | return |
91 | |
92 | - # TODO: Calculate max connections if none specified. Likely use configured |
93 | - # nbthreads (2000 * nbthreads). Or maybe even per site. |
94 | - haproxy = HAProxy.HAProxyConf(max_connections=config['max_connections']) |
95 | + haproxy = HAProxy.HAProxyConf(max_connections=config.get('max_connections', 0)) |
96 | sites_secrets = secrets_from_config(config.get('sites_secrets')) |
97 | blacklist_ports = [int(x.strip()) for x in config.get('blacklist_ports', '').split(',') if x.strip()] |
98 | sites = sites_from_config(config.get('sites'), sites_secrets, blacklist_ports=blacklist_ports) |
99 | diff --git a/templates/haproxy_cfg.tmpl b/templates/haproxy_cfg.tmpl |
100 | index a4ec3be..aee0e16 100644 |
101 | --- a/templates/haproxy_cfg.tmpl |
102 | +++ b/templates/haproxy_cfg.tmpl |
103 | @@ -1,6 +1,6 @@ |
104 | global |
105 | nbthread {{num_threads}} |
106 | - maxconn {{max_connections}} |
107 | + maxconn {{global_max_connections}} |
108 | log /dev/log local0 |
109 | log /dev/log local1 notice |
110 | chroot /var/lib/haproxy |
111 | @@ -26,6 +26,7 @@ global |
112 | |
113 | defaults |
114 | log global |
115 | + maxconn {{max_connections}} |
116 | mode http |
117 | option httplog |
118 | option dontlognull |
119 | @@ -59,3 +60,4 @@ listen stats |
120 | {% for stanza in backend -%} |
121 | {{stanza}} |
122 | {%- endfor -%} |
123 | + |
124 | diff --git a/tests/unit/files/content_cache_rendered_haproxy_test_output.txt b/tests/unit/files/content_cache_rendered_haproxy_test_output.txt |
125 | index b715f9d..73063ab 100644 |
126 | --- a/tests/unit/files/content_cache_rendered_haproxy_test_output.txt |
127 | +++ b/tests/unit/files/content_cache_rendered_haproxy_test_output.txt |
128 | @@ -1,6 +1,6 @@ |
129 | global |
130 | nbthread 4 |
131 | - maxconn 8192 |
132 | + maxconn 106496 |
133 | log /dev/log local0 |
134 | log /dev/log local1 notice |
135 | chroot /var/lib/haproxy |
136 | @@ -26,6 +26,7 @@ global |
137 | |
138 | defaults |
139 | log global |
140 | + maxconn 8192 |
141 | mode http |
142 | option httplog |
143 | option dontlognull |
144 | @@ -56,7 +57,6 @@ listen stats |
145 | listen combined-80 |
146 | bind 0.0.0.0:80 |
147 | bind :::80 |
148 | - maxconn 8192 |
149 | use_backend backend-cached-site1-local if { hdr(Host) -i site1.local } |
150 | redirect scheme https code 301 if { hdr(Host) -i site2.local } !{ ssl_fc } |
151 | use_backend backend-cached-site3-local if { hdr(Host) -i site3.local } |
152 | @@ -67,65 +67,53 @@ listen combined-80 |
153 | |
154 | listen site1-local |
155 | bind 127.0.0.1:8080 |
156 | - maxconn 8192 |
157 | default_backend backend-site1-local |
158 | |
159 | listen cached-site2-local |
160 | bind 0.0.0.0:443 ssl crt /etc/haproxy/site2-bundle.crt |
161 | bind :::443 ssl crt /etc/haproxy/site2-bundle.crt |
162 | - maxconn 8192 |
163 | default_backend backend-cached-site2-local |
164 | |
165 | listen site2-local |
166 | bind 127.0.0.1:8081 |
167 | - maxconn 8192 |
168 | default_backend backend-site2-local |
169 | |
170 | listen site3-local |
171 | bind 127.0.0.1:8082 |
172 | - maxconn 8192 |
173 | default_backend backend-site3-local |
174 | |
175 | listen site5 |
176 | bind 127.0.0.1:8083 |
177 | - maxconn 8192 |
178 | default_backend backend-site5 |
179 | |
180 | listen site5-2 |
181 | bind 127.0.0.1:8084 |
182 | - maxconn 8192 |
183 | default_backend backend-site5 |
184 | |
185 | listen site6-local |
186 | bind 127.0.0.1:8085 |
187 | - maxconn 8192 |
188 | default_backend backend-site6-local |
189 | |
190 | listen combined-444 |
191 | bind 0.0.0.0:444 ssl crt /etc/haproxy/site7-bundle.crt crt /etc/haproxy/site8-bundle.crt |
192 | bind :::444 ssl crt /etc/haproxy/site7-bundle.crt crt /etc/haproxy/site8-bundle.crt |
193 | - maxconn 8192 |
194 | use_backend backend-cached-site7-local if { hdr(Host) -i site7.local } |
195 | use_backend backend-cached-site8-local if { hdr(Host) -i site8.local } |
196 | |
197 | listen site7-local |
198 | bind 127.0.0.1:8086 |
199 | - maxconn 8192 |
200 | default_backend backend-site7-local |
201 | |
202 | listen site8-local |
203 | bind 127.0.0.1:8087 |
204 | - maxconn 8192 |
205 | default_backend backend-site8-local |
206 | |
207 | listen site8-local-2 |
208 | bind 127.0.0.1:8088 |
209 | - maxconn 8192 |
210 | default_backend backend-site8-local |
211 | |
212 | listen site9-local |
213 | bind 127.0.0.1:8089 |
214 | - maxconn 8192 |
215 | default_backend backend-site9-local |
216 | |
217 | backend backend-cached-site1-local |
218 | diff --git a/tests/unit/files/content_cache_rendered_haproxy_test_output_auto_maxconns.txt b/tests/unit/files/content_cache_rendered_haproxy_test_output_auto_maxconns.txt |
219 | new file mode 100644 |
220 | index 0000000..cad0ce4 |
221 | --- /dev/null |
222 | +++ b/tests/unit/files/content_cache_rendered_haproxy_test_output_auto_maxconns.txt |
223 | @@ -0,0 +1,246 @@ |
224 | +global |
225 | + nbthread 4 |
226 | + maxconn 104000 |
227 | + log /dev/log local0 |
228 | + log /dev/log local1 notice |
229 | + chroot /var/lib/haproxy |
230 | + stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners |
231 | + stats timeout 30s |
232 | + user haproxy |
233 | + group haproxy |
234 | + daemon |
235 | + |
236 | + # Default SSL material locations |
237 | + ca-base /etc/ssl/certs |
238 | + crt-base /etc/ssl/private |
239 | + |
240 | + # Default ciphers to use on SSL-enabled listening sockets. |
241 | + # For more information, see ciphers(1SSL). This list is from: |
242 | + # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ |
243 | + # An alternative list with additional directives can be obtained from |
244 | + # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy |
245 | + ssl-default-bind-ciphers ECDHE+AESGCM:ECDHE+AES256:ECDHE+AES128:!SSLv3:!TLSv1 |
246 | + ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 |
247 | + # We'll eventually disable DHE (LP#1825321), but for now, bump DH params |
248 | + tune.ssl.default-dh-param 2048 |
249 | + |
250 | +defaults |
251 | + log global |
252 | + maxconn 8000 |
253 | + mode http |
254 | + option httplog |
255 | + option dontlognull |
256 | + timeout connect 5000 |
257 | + timeout client 50000 |
258 | + timeout server 50000 |
259 | + errorfile 400 /etc/haproxy/errors/400.http |
260 | + errorfile 403 /etc/haproxy/errors/403.http |
261 | + errorfile 408 /etc/haproxy/errors/408.http |
262 | + errorfile 500 /etc/haproxy/errors/500.http |
263 | + errorfile 502 /etc/haproxy/errors/502.http |
264 | + errorfile 503 /etc/haproxy/errors/503.http |
265 | + errorfile 504 /etc/haproxy/errors/504.http |
266 | + |
267 | +listen stats |
268 | + bind 127.0.0.1:10000 |
269 | + acl allowed_cidr src 127.0.0.0/8 |
270 | + http-request deny unless allowed_cidr |
271 | + |
272 | + mode http |
273 | + stats enable |
274 | + stats uri / |
275 | + stats realm Haproxy\ Statistics |
276 | + stats auth haproxy:biometricsarenotsecret |
277 | + stats refresh 3 |
278 | + |
279 | + |
280 | +listen combined-80 |
281 | + bind 0.0.0.0:80 |
282 | + bind :::80 |
283 | + use_backend backend-cached-site1-local if { hdr(Host) -i site1.local } |
284 | + redirect scheme https code 301 if { hdr(Host) -i site2.local } !{ ssl_fc } |
285 | + use_backend backend-cached-site3-local if { hdr(Host) -i site3.local } |
286 | + use_backend backend-cached-site4-local if { hdr(Host) -i site4.local } |
287 | + use_backend backend-cached-site5 if { hdr(Host) -i site5.local } |
288 | + use_backend backend-cached-site6-local if { hdr(Host) -i site6.local } |
289 | + use_backend backend-cached-site9-local if { hdr(Host) -i site9.local } |
290 | + |
291 | +listen site1-local |
292 | + bind 127.0.0.1:8080 |
293 | + default_backend backend-site1-local |
294 | + |
295 | +listen cached-site2-local |
296 | + bind 0.0.0.0:443 ssl crt /etc/haproxy/site2-bundle.crt |
297 | + bind :::443 ssl crt /etc/haproxy/site2-bundle.crt |
298 | + default_backend backend-cached-site2-local |
299 | + |
300 | +listen site2-local |
301 | + bind 127.0.0.1:8081 |
302 | + default_backend backend-site2-local |
303 | + |
304 | +listen site3-local |
305 | + bind 127.0.0.1:8082 |
306 | + default_backend backend-site3-local |
307 | + |
308 | +listen site5 |
309 | + bind 127.0.0.1:8083 |
310 | + default_backend backend-site5 |
311 | + |
312 | +listen site5-2 |
313 | + bind 127.0.0.1:8084 |
314 | + default_backend backend-site5 |
315 | + |
316 | +listen site6-local |
317 | + bind 127.0.0.1:8085 |
318 | + default_backend backend-site6-local |
319 | + |
320 | +listen combined-444 |
321 | + bind 0.0.0.0:444 ssl crt /etc/haproxy/site7-bundle.crt crt /etc/haproxy/site8-bundle.crt |
322 | + bind :::444 ssl crt /etc/haproxy/site7-bundle.crt crt /etc/haproxy/site8-bundle.crt |
323 | + use_backend backend-cached-site7-local if { hdr(Host) -i site7.local } |
324 | + use_backend backend-cached-site8-local if { hdr(Host) -i site8.local } |
325 | + |
326 | +listen site7-local |
327 | + bind 127.0.0.1:8086 |
328 | + default_backend backend-site7-local |
329 | + |
330 | +listen site8-local |
331 | + bind 127.0.0.1:8087 |
332 | + default_backend backend-site8-local |
333 | + |
334 | +listen site8-local-2 |
335 | + bind 127.0.0.1:8088 |
336 | + default_backend backend-site8-local |
337 | + |
338 | +listen site9-local |
339 | + bind 127.0.0.1:8089 |
340 | + default_backend backend-site9-local |
341 | + |
342 | +backend backend-cached-site1-local |
343 | + option forwardfor |
344 | + option httpchk HEAD /?token=1861920000_f3e404e205ed44749e942d481f7a7bec57c5e78a HTTP/1.0\r\nHost:\ site1.local\r\nUser-Agent:\ haproxy/httpchk\r\nCache-Control:\ no-cache |
345 | + http-request set-header Host site1.local |
346 | + balance leastconn |
347 | + server server_1 127.0.0.1:6080 check inter 5000 rise 2 fall 5 maxconn 2048 |
348 | + |
349 | +backend backend-site1-local |
350 | + option httpchk HEAD / HTTP/1.0\r\nHost:\ site1.local\r\nUser-Agent:\ haproxy/httpchk\r\nCache-Control:\ no-cache |
351 | + http-request set-header Host site1.local |
352 | + balance leastconn |
353 | + server server_1 127.0.1.10:80 check inter 5000 rise 2 fall 5 maxconn 2048 |
354 | + server server_2 127.0.1.11:80 check inter 5000 rise 2 fall 5 maxconn 2048 |
355 | + server server_3 127.0.1.12:80 check inter 5000 rise 2 fall 5 maxconn 2048 |
356 | + |
357 | +backend backend-cached-site2-local |
358 | + option forwardfor |
359 | + option httpchk GET /check/ HTTP/1.0\r\nHost:\ site2.local\r\nUser-Agent:\ haproxy/httpchk\r\nCache-Control:\ no-cache |
360 | + http-request set-header Host site2.local |
361 | + balance leastconn |
362 | + server server_1 127.0.0.1:6081 check inter 5000 rise 2 fall 5 maxconn 2048 |
363 | + |
364 | +backend backend-site2-local |
365 | + option httpchk GET /check/ HTTP/1.0\r\nHost:\ site2.local\r\nUser-Agent:\ haproxy/httpchk\r\nCache-Control:\ no-cache |
366 | + http-request set-header Host site2.local |
367 | + balance leastconn |
368 | + server server_1 127.0.1.10:443 check inter 5000 rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt |
369 | + server server_2 127.0.1.11:443 check inter 5000 rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt |
370 | + server server_3 127.0.1.12:443 check inter 5000 rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt |
371 | + |
372 | +backend backend-cached-site3-local |
373 | + option forwardfor |
374 | + option httpchk HEAD / HTTP/1.0\r\nHost:\ site3.local\r\nUser-Agent:\ haproxy/httpchk\r\nCache-Control:\ no-cache |
375 | + http-request set-header Host site3.local |
376 | + balance leastconn |
377 | + server server_1 127.0.0.1:6082 check inter 5000 rise 2 fall 5 maxconn 4096 |
378 | + |
379 | +backend backend-site3-local |
380 | + option httpchk HEAD / HTTP/1.0\r\nHost:\ site3.local\r\nUser-Agent:\ haproxy/httpchk\r\nCache-Control:\ no-cache |
381 | + http-request set-header Host site3.local |
382 | + balance leastconn |
383 | + server server_1 127.0.1.10:80 check inter 5000 rise 2 fall 5 maxconn 2048 |
384 | + server server_2 127.0.1.11:80 check inter 5000 rise 2 fall 5 maxconn 2048 |
385 | + server server_3 127.0.1.12:80 check inter 5000 rise 2 fall 5 maxconn 2048 |
386 | + |
387 | +backend backend-cached-site4-local |
388 | + option forwardfor |
389 | + option httpchk HEAD / HTTP/1.0\r\nHost:\ site4.local\r\nUser-Agent:\ haproxy/httpchk\r\nCache-Control:\ no-cache |
390 | + http-request set-header Host site4.local |
391 | + balance leastconn |
392 | + server server_1 127.0.0.1:6083 check inter 5000 rise 2 fall 5 maxconn 2048 |
393 | + |
394 | +backend backend-cached-site5 |
395 | + option forwardfor |
396 | + option httpchk HEAD / HTTP/1.0\r\nHost:\ site5.local\r\nUser-Agent:\ haproxy/httpchk\r\nCache-Control:\ no-cache |
397 | + http-request set-header Host site5.local |
398 | + balance leastconn |
399 | + server server_1 127.0.0.1:6084 check inter 5000 rise 2 fall 5 maxconn 2048 |
400 | + |
401 | +backend backend-site5 |
402 | + option httpchk HEAD / HTTP/1.0\r\nHost:\ site5.local\r\nUser-Agent:\ haproxy/httpchk\r\nCache-Control:\ no-cache |
403 | + http-request set-header Host site5.local |
404 | + balance leastconn |
405 | + server server_1 127.0.1.10:80 check inter 5000 rise 2 fall 5 maxconn 2048 |
406 | + |
407 | +backend backend-site5-2 |
408 | + option httpchk HEAD / HTTP/1.0\r\nHost:\ site5.local\r\nUser-Agent:\ haproxy/httpchk\r\nCache-Control:\ no-cache |
409 | + http-request set-header Host site5.local |
410 | + balance leastconn |
411 | + server server_1 127.0.1.11:80 check inter 5000 rise 2 fall 5 maxconn 2048 |
412 | + |
413 | +backend backend-cached-site6-local |
414 | + option forwardfor |
415 | + option httpchk HEAD / HTTP/1.0\r\nHost:\ site6.local\r\nUser-Agent:\ haproxy/httpchk\r\nCache-Control:\ no-cache |
416 | + http-request set-header Host site6.local |
417 | + balance leastconn |
418 | + server server_1 127.0.0.1:6085 check inter 5000 rise 2 fall 5 maxconn 2048 |
419 | + |
420 | +backend backend-site6-local |
421 | + option httpchk HEAD / HTTP/1.0\r\nHost:\ site6.local\r\nUser-Agent:\ haproxy/httpchk\r\nCache-Control:\ no-cache |
422 | + http-request set-header Host site6.local |
423 | + balance leastconn |
424 | + server server_1 127.0.1.10:443 check inter 5000 rise 2 fall 5 maxconn 2048 ssl sni str(site6.local) check-sni site6.local verify required ca-file ca-certificates.crt |
425 | + |
426 | +backend backend-cached-site7-local |
427 | + option forwardfor |
428 | + option httpchk HEAD / HTTP/1.0\r\nHost:\ site7.local\r\nUser-Agent:\ haproxy/httpchk\r\nCache-Control:\ no-cache |
429 | + http-request set-header Host site7.local |
430 | + balance leastconn |
431 | + server server_1 127.0.0.1:6086 check inter 5000 rise 2 fall 5 maxconn 2048 |
432 | + |
433 | +backend backend-site7-local |
434 | + option httpchk HEAD / HTTP/1.0\r\nHost:\ site7.local\r\nUser-Agent:\ haproxy/httpchk\r\nCache-Control:\ no-cache |
435 | + http-request set-header Host site7.local |
436 | + balance leastconn |
437 | + server server_1 127.0.1.10:80 check inter 5000 rise 2 fall 5 maxconn 2048 |
438 | + |
439 | +backend backend-cached-site8-local |
440 | + option forwardfor |
441 | + option httpchk HEAD / HTTP/1.0\r\nHost:\ site8.local\r\nUser-Agent:\ haproxy/httpchk\r\nCache-Control:\ no-cache |
442 | + http-request set-header Host site8.local |
443 | + balance leastconn |
444 | + server server_1 127.0.0.1:6087 check inter 5000 rise 2 fall 5 maxconn 2048 |
445 | + |
446 | +backend backend-site8-local |
447 | + option httpchk HEAD / HTTP/1.0\r\nHost:\ site8.local\r\nUser-Agent:\ haproxy/httpchk\r\nCache-Control:\ no-cache |
448 | + http-request set-header Host site8.local |
449 | + balance leastconn |
450 | + server server_1 127.0.1.10:80 check inter 5000 rise 2 fall 5 maxconn 2048 |
451 | + |
452 | +backend backend-site8-local-2 |
453 | + option httpchk HEAD / HTTP/1.0\r\nHost:\ auth.site8.local\r\nUser-Agent:\ haproxy/httpchk\r\nCache-Control:\ no-cache |
454 | + http-request set-header Host auth.site8.local |
455 | + balance leastconn |
456 | + server server_1 127.0.1.10:443 check inter 5000 rise 2 fall 5 maxconn 2048 ssl sni str(auth.site8.local) check-sni auth.site8.local verify required ca-file ca-certificates.crt |
457 | + |
458 | +backend backend-cached-site9-local |
459 | + option forwardfor |
460 | + option httpchk HEAD / HTTP/1.0\r\nHost:\ site9.local\r\nUser-Agent:\ haproxy/httpchk\r\nCache-Control:\ no-cache |
461 | + http-request set-header Host site9.local |
462 | + balance leastconn |
463 | + server server_1 127.0.0.1:6088 check inter 1m rise 2 fall 5 maxconn 2048 |
464 | + |
465 | +backend backend-site9-local |
466 | + option httpchk HEAD / HTTP/1.0\r\nHost:\ site9.local\r\nUser-Agent:\ haproxy/httpchk\r\nCache-Control:\ no-cache |
467 | + http-request set-header Host site9.local |
468 | + balance leastconn |
469 | + server server_1 127.0.1.15:80 check inter 1m rise 2 fall 5 maxconn 2048 |
470 | diff --git a/tests/unit/files/haproxy_config_rendered_listen_stanzas_test_output.txt b/tests/unit/files/haproxy_config_rendered_listen_stanzas_test_output.txt |
471 | index 57884f0..e98c5fe 100644 |
472 | --- a/tests/unit/files/haproxy_config_rendered_listen_stanzas_test_output.txt |
473 | +++ b/tests/unit/files/haproxy_config_rendered_listen_stanzas_test_output.txt |
474 | @@ -2,7 +2,6 @@ |
475 | listen combined-80 |
476 | bind 0.0.0.0:80 |
477 | bind :::80 |
478 | - maxconn 8192 |
479 | use_backend backend-site1-local if { hdr(Host) -i site1.local } |
480 | redirect scheme https code 301 if { hdr(Host) -i site2.local } !{ ssl_fc } |
481 | use_backend backend-site3-local if { hdr(Host) -i site3.local } |
482 | @@ -14,12 +13,10 @@ listen combined-80 |
483 | listen site2-local |
484 | bind 0.0.0.0:443 ssl crt /etc/haproxy/site2-bundle.crt |
485 | bind :::443 ssl crt /etc/haproxy/site2-bundle.crt |
486 | - maxconn 8192 |
487 | default_backend backend-site2-local |
488 | |
489 | listen combined-444 |
490 | bind 0.0.0.0:444 ssl crt /etc/haproxy/site7-bundle.crt crt /etc/haproxy/site8-bundle.crt |
491 | bind :::444 ssl crt /etc/haproxy/site7-bundle.crt crt /etc/haproxy/site8-bundle.crt |
492 | - maxconn 8192 |
493 | use_backend backend-site7-local if { hdr(Host) -i site7.local } |
494 | use_backend backend-site8-local if { hdr(Host) -i site8.local } |
495 | diff --git a/tests/unit/files/haproxy_config_rendered_test_output.txt b/tests/unit/files/haproxy_config_rendered_test_output.txt |
496 | index e3132ec..e1b10d9 100644 |
497 | --- a/tests/unit/files/haproxy_config_rendered_test_output.txt |
498 | +++ b/tests/unit/files/haproxy_config_rendered_test_output.txt |
499 | @@ -1,6 +1,6 @@ |
500 | global |
501 | nbthread 4 |
502 | - maxconn 8192 |
503 | + maxconn 15000 |
504 | log /dev/log local0 |
505 | log /dev/log local1 notice |
506 | chroot /var/lib/haproxy |
507 | @@ -26,6 +26,7 @@ global |
508 | |
509 | defaults |
510 | log global |
511 | + maxconn 5000 |
512 | mode http |
513 | option httplog |
514 | option dontlognull |
515 | @@ -56,7 +57,6 @@ listen stats |
516 | listen combined-80 |
517 | bind 0.0.0.0:80 |
518 | bind :::80 |
519 | - maxconn 8192 |
520 | use_backend backend-site1-local if { hdr(Host) -i site1.local } |
521 | redirect scheme https code 301 if { hdr(Host) -i site2.local } !{ ssl_fc } |
522 | use_backend backend-site3-local if { hdr(Host) -i site3.local } |
523 | @@ -68,13 +68,11 @@ listen combined-80 |
524 | listen site2-local |
525 | bind 0.0.0.0:443 ssl crt /etc/haproxy/site2-bundle.crt |
526 | bind :::443 ssl crt /etc/haproxy/site2-bundle.crt |
527 | - maxconn 8192 |
528 | default_backend backend-site2-local |
529 | |
530 | listen combined-444 |
531 | bind 0.0.0.0:444 ssl crt /etc/haproxy/site7-bundle.crt crt /etc/haproxy/site8-bundle.crt |
532 | bind :::444 ssl crt /etc/haproxy/site7-bundle.crt crt /etc/haproxy/site8-bundle.crt |
533 | - maxconn 8192 |
534 | use_backend backend-site7-local if { hdr(Host) -i site7.local } |
535 | use_backend backend-site8-local if { hdr(Host) -i site8.local } |
536 | |
537 | diff --git a/tests/unit/test_content_cache.py b/tests/unit/test_content_cache.py |
538 | index 9e1de72..4cbbf05 100644 |
539 | --- a/tests/unit/test_content_cache.py |
540 | +++ b/tests/unit/test_content_cache.py |
541 | @@ -176,7 +176,6 @@ class TestCharm(unittest.TestCase): |
542 | 'cache_max_size': '1g', |
543 | 'cache_path': '/var/lib/nginx/proxy', |
544 | 'enable_prometheus_metrics': False, |
545 | - 'max_connections': 8192, |
546 | 'sites': ngx_config, |
547 | 'worker_connections': 768, |
548 | 'worker_processes': 0, |
549 | @@ -255,7 +254,6 @@ site1.local: |
550 | 'cache_inactive_time': '', |
551 | 'cache_max_size': '1g', |
552 | 'cache_path': '/var/lib/nginx/proxy', |
553 | - 'max_connections': 8192, |
554 | 'sites': config, |
555 | 'sites_secrets': secrets, |
556 | 'worker_connections': 768, |
557 | @@ -308,7 +306,6 @@ site1.local: |
558 | 'cache_inactive_time': '2h', |
559 | 'cache_max_size': '1g', |
560 | 'cache_path': '/var/lib/nginx/proxy', |
561 | - 'max_connections': 8192, |
562 | 'sites': config, |
563 | 'worker_connections': 768, |
564 | 'worker_processes': 0, |
565 | @@ -326,7 +323,6 @@ site1.local: |
566 | 'cache_inactive_time': '2h', |
567 | 'cache_max_size': '20g', |
568 | 'cache_path': '/srv/cache', |
569 | - 'max_connections': 8192, |
570 | 'sites': config, |
571 | 'worker_connections': 768, |
572 | 'worker_processes': 0, |
573 | @@ -345,7 +341,6 @@ site1.local: |
574 | 'cache_inactive_time': '2h', |
575 | 'cache_max_size': '', |
576 | 'cache_path': '/srv/cache', |
577 | - 'max_connections': 8192, |
578 | 'sites': config, |
579 | 'worker_connections': 768, |
580 | 'worker_processes': 0, |
581 | @@ -368,7 +363,7 @@ site1.local: |
582 | |
583 | status.reset_mock() |
584 | clear_flag.reset_mock() |
585 | - self.mock_config.return_value = {'max_connections': 8192, 'sites': 'site1:'} |
586 | + self.mock_config.return_value = {'sites': 'site1:'} |
587 | content_cache.configure_haproxy() |
588 | status.blocked.assert_called() |
589 | clear_flag.assert_called_once_with('content_cache.active') |
590 | @@ -403,6 +398,29 @@ site1.local: |
591 | got = f.read() |
592 | self.assertEqual(got, want) |
593 | |
594 | + @freezegun.freeze_time("2019-03-22", tz_offset=0) |
595 | + @mock.patch('charms.reactive.set_flag') |
596 | + @mock.patch('reactive.content_cache.update_logrotate') |
597 | + def test_configure_haproxy_sites_auto_maxconns(self, logrotation, set_flag): |
598 | + with open('tests/unit/files/config_test_config.txt', 'r', encoding='utf-8') as f: |
599 | + ngx_config = f.read() |
600 | + self.mock_config.return_value = {'max_connections': 0, 'sites': ngx_config} |
601 | + |
602 | + with mock.patch('lib.haproxy.HAProxyConf.conf_file', new_callable=mock.PropertyMock) as mock_conf_file: |
603 | + mock_conf_file.return_value = os.path.join(self.tmpdir, 'haproxy.cfg') |
604 | + with mock.patch('charmhelpers.core.host.pwgen', return_value="biometricsarenotsecret"), mock.patch( |
605 | + 'charmhelpers.core.hookenv.opened_ports', return_value=["443/tcp"] |
606 | + ), mock.patch('charmhelpers.core.hookenv.open_port'), mock.patch('charmhelpers.core.hookenv.close_port'): |
607 | + content_cache.configure_haproxy() |
608 | + |
609 | + with open( |
610 | + 'tests/unit/files/content_cache_rendered_haproxy_test_output_auto_maxconns.txt', 'r', encoding='utf-8' |
611 | + ) as f: |
612 | + want = f.read() |
613 | + with open(os.path.join(self.tmpdir, 'haproxy.cfg'), 'r', encoding='utf-8') as f: |
614 | + got = f.read() |
615 | + self.assertEqual(got, want) |
616 | + |
617 | @mock.patch('charms.reactive.set_flag') |
618 | def test_fire_stats_hook(self, set_flag): |
619 | content_cache.fire_stats_hook() |
620 | @@ -984,7 +1002,6 @@ site1.local: |
621 | 'cache_max_size': '1g', |
622 | 'cache_path': '/var/lib/nginx/proxy', |
623 | 'enable_prometheus_metrics': True, |
624 | - 'max_connections': 8192, |
625 | 'sites': ngx_config, |
626 | 'worker_connections': 768, |
627 | 'worker_processes': 0, |
628 | @@ -1061,7 +1078,6 @@ site1.local: |
629 | # Test that haproxy calls close_port with the nginx.METRIC_PORT when enable_prometheus_metrics is False |
630 | self.mock_config.return_value = { |
631 | 'enable_prometheus_metrics': False, |
632 | - 'max_connections': 8192, |
633 | 'sites': ngx_config, |
634 | } |
635 | opened_ports.return_value = {"80/tcp", "{0}/tcp".format(nginx.METRICS_PORT)} |
636 | @@ -1073,7 +1089,6 @@ site1.local: |
637 | open_port.reset_mock() |
638 | self.mock_config.return_value = { |
639 | 'enable_prometheus_metrics': True, |
640 | - 'max_connections': 8192, |
641 | 'sites': ngx_config, |
642 | } |
643 | content_cache.configure_haproxy() |
644 | diff --git a/tests/unit/test_haproxy.py b/tests/unit/test_haproxy.py |
645 | index f8a8a07..1b2bb96 100644 |
646 | --- a/tests/unit/test_haproxy.py |
647 | +++ b/tests/unit/test_haproxy.py |
648 | @@ -70,7 +70,7 @@ class TestLibHAProxy(unittest.TestCase): |
649 | ) |
650 | |
651 | def test_haproxy_config_rendered_listen_stanzas(self): |
652 | - haproxy = HAProxy.HAProxyConf(self.tmpdir, max_connections=8192) |
653 | + haproxy = HAProxy.HAProxyConf(self.tmpdir) |
654 | config = self.site_config |
655 | output = 'tests/unit/files/haproxy_config_rendered_listen_stanzas_test_output.txt' |
656 | with open(output, 'r', encoding='utf-8') as f: |
657 | @@ -102,7 +102,7 @@ class TestLibHAProxy(unittest.TestCase): |
658 | |
659 | @freezegun.freeze_time("2019-03-22", tz_offset=0) |
660 | def test_haproxy_config_rendered_full_config(self): |
661 | - haproxy = HAProxy.HAProxyConf(self.tmpdir, max_connections=8192) |
662 | + haproxy = HAProxy.HAProxyConf(self.tmpdir, max_connections=5000) |
663 | config = self.site_config |
664 | num_threads = 4 |
665 | tls_cipher_suites = 'ECDH+AESGCM:!aNULL:!MD5:!DSS' |
This merge proposal is being monitored by mergebot. Change the status to Approved to merge.