Rework haproxy config for stickiness and balance strategy #208
Conversation
We have haproxy 1.5.x now, so we can use persistence for SSL sessions. This matters as if we want to allow people to not use "source" as balance algorithm, then we need to make sure that sessions keep going to the same backend to avoid breakages. This reverts commit 32323b0.
This is done in the LWRP and in the template; let's just do it in the LWRP to simplify the template.
This is useful to achieve persistence for web apps which have a session, which is important in order to allow using a different algorithm than "source" for balancing without breaking sessions.
This allows achieving persistence for a normal session, but also for the login form where there's usually a CSRF token (and which is not associated to a real session in the web app).
This enables customization of the balance strategy for each service.
The default in the haproxy cookbook is roundrobin, and this should actually work fine. In cases where this may be troublesome (like web apps), we can now configure stickiness to avoid issues. With roundrobin, we spread the load accross the various backends, which results in much improved performance.
| @@ -25,6 +25,8 @@ | |||
| attribute :address, kind_of: String, default: "0.0.0.0" | |||
| attribute :port, kind_of: Integer, default: 0 | |||
| attribute :mode, kind_of: String, default: "http", equal_to: ["http", "tcp", "health"] | |||
| attribute :balance, kind_of: String, default: "", equal_to: ["", "roundrobin", "static-rr", "leastconn", "first", "source"] | |||
There was a problem hiding this comment.
Metrics/LineLength: Line is too long. [124/100] (https://github.com/SUSE/style-guides/blob/master/Ruby.md#metricslinelength)
| @@ -47,6 +47,13 @@ | |||
| else | |||
| section["mode"] = new_resource.mode | |||
| end | |||
| unless new_resource.balance.empty? | |||
There was a problem hiding this comment.
Style/IfUnlessModifier: Favor modifier unless usage when having a single-line body. Another good alternative is the usage of control flow &&/||. (https://github.com/bbatsov/ruby-style-guide#if-as-a-modifier)
Itxaka
changed the title
| balance <%= content[:balance] %> | ||
| <% end -%> | ||
|
|
||
| <% if content[:use_ssl] # http://blog.exceliance.fr/2011/07/04/maintain-affinity-based-on-ssl-session-id/ -%> |
There was a problem hiding this comment.
can we set this url to the proper one? that redirects to http://www.haproxy.com/blog/maintain-affinity-based-on-ssl-session-id/
| @@ -25,6 +25,9 @@ | |||
| attribute :address, kind_of: String, default: "0.0.0.0" | |||
| attribute :port, kind_of: Integer, default: 0 | |||
| attribute :mode, kind_of: String, default: "http", equal_to: ["http", "tcp", "health"] | |||
| attribute :balance, kind_of: String, default: "", | |||
| equal_to: ["", "roundrobin", "static-rr", "leastconn", "first", "source"] | |||
There was a problem hiding this comment.
Layout/AlignHash: Align the elements of a hash literal if they span more than one line. (https://github.com/SUSE/style-guides/blob/master/Ruby.md#stylealignhash)
There was a problem hiding this comment.
Tested and working. My only question is if the change to the default template haproxy.cfg will lead to connectivity lost.
According to the cookbooks, those will result in a :reload action, which actually can drop connections[0]. Unfortunately, Im not able to test that, as I have no idea how you can send a :reload action to a pacemaker service (only supports start/stop/restart?)
In any case, we can deal with that afterwards I guess.
EDIT: Of course I will just find how, just after commenting. As haproxy uses the systemd file it just triggers a systemctl reload haproxy. Tested this and it seems to work properly, I could not appreciate any dropped packages 👍
[0] https://engineeringblog.yelp.com/2015/04/true-zero-downtime-haproxy-reloads.html
This is the re-based version of #179 to see if tests fail