-
Notifications
You must be signed in to change notification settings - Fork 38
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rework haproxy config for stickiness and balance strategy #208
Conversation
We have haproxy 1.5.x now, so we can use persistence for SSL sessions. This matters as if we want to allow people to not use "source" as balance algorithm, then we need to make sure that sessions keep going to the same backend to avoid breakages. This reverts commit 32323b0.
This is done in the LWRP and in the template; let's just do it in the LWRP to simplify the template.
This is useful to achieve persistence for web apps which have a session, which is important in order to allow using a different algorithm than "source" for balancing without breaking sessions.
This allows achieving persistence for a normal session, but also for the login form where there's usually a CSRF token (and which is not associated to a real session in the web app).
This enables customization of the balance strategy for each service.
The default in the haproxy cookbook is roundrobin, and this should actually work fine. In cases where this may be troublesome (like web apps), we can now configure stickiness to avoid issues. With roundrobin, we spread the load accross the various backends, which results in much improved performance.
@@ -25,6 +25,8 @@ | |||
attribute :address, kind_of: String, default: "0.0.0.0" | |||
attribute :port, kind_of: Integer, default: 0 | |||
attribute :mode, kind_of: String, default: "http", equal_to: ["http", "tcp", "health"] | |||
attribute :balance, kind_of: String, default: "", equal_to: ["", "roundrobin", "static-rr", "leastconn", "first", "source"] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Metrics/LineLength: Line is too long. [124/100] (https://github.com/SUSE/style-guides/blob/master/Ruby.md#metricslinelength)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And this one :D
@@ -47,6 +47,13 @@ | |||
else | |||
section["mode"] = new_resource.mode | |||
end | |||
unless new_resource.balance.empty? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Style/IfUnlessModifier: Favor modifier unless usage when having a single-line body. Another good alternative is the usage of control flow &&/||. (https://github.com/bbatsov/ruby-style-guide#if-as-a-modifier)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
could you fix this?
balance <%= content[:balance] %> | ||
<% end -%> | ||
|
||
<% if content[:use_ssl] # http://blog.exceliance.fr/2011/07/04/maintain-affinity-based-on-ssl-session-id/ -%> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can we set this url to the proper one? that redirects to http://www.haproxy.com/blog/maintain-affinity-based-on-ssl-session-id/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, Im currently testing this and will follow up shortly
@@ -25,6 +25,9 @@ | |||
attribute :address, kind_of: String, default: "0.0.0.0" | |||
attribute :port, kind_of: Integer, default: 0 | |||
attribute :mode, kind_of: String, default: "http", equal_to: ["http", "tcp", "health"] | |||
attribute :balance, kind_of: String, default: "", | |||
equal_to: ["", "roundrobin", "static-rr", "leastconn", "first", "source"] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Layout/AlignHash: Align the elements of a hash literal if they span more than one line. (https://github.com/SUSE/style-guides/blob/master/Ruby.md#stylealignhash)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested and working. My only question is if the change to the default template haproxy.cfg will lead to connectivity lost.
According to the cookbooks, those will result in a :reload
action, which actually can drop connections[0]. Unfortunately, Im not able to test that, as I have no idea how you can send a :reload
action to a pacemaker service (only supports start/stop/restart?)
In any case, we can deal with that afterwards I guess.
EDIT: Of course I will just find how, just after commenting. As haproxy uses the systemd file it just triggers a systemctl reload haproxy. Tested this and it seems to work properly, I could not appreciate any dropped packages 👍
[0] https://engineeringblog.yelp.com/2015/04/true-zero-downtime-haproxy-reloads.html
This is the re-based version of #179 to see if tests fail