Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

T6226: add HAPROXY tcp-request related block to load-balancing reverse proxy config #3306

Closed
wants to merge 9 commits into from
Closed

T6226: add HAPROXY tcp-request related block to load-balancing reverse proxy config #3306

wants to merge 9 commits into from

Conversation

fsdrw08
Copy link
Contributor

@fsdrw08 fsdrw08 commented Apr 14, 2024
edited

Change Summary

Add tcp-request related directive in haproxy.cfg.j2 template and haproxy interface definitions, for service in tcp mode.
Add tcp mode related test case in test_load-balancing_reverse-proxy.py

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Code style update (formatting, renaming)
  • Refactoring (no functional changes)
  • Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
  • Other (please describe):

Related Task(s)

https://vyos.dev/T6226

Related PR(s)

Component(s) name

load-balancing reverse-proxy

Proposed changes

Add tcp-request related directive in haproxy.cfg.j2 template, for service in tcp mode.
Add tcp mode related test case in test_load-balancing_reverse-proxy.py

How to test

Build the new vyos-1x deb package from my fork repo, then install it the instance build from vyos-1.5-rolling-202404130016-amd64.iso

set load-balancing reverse-proxy service tcp443 listen-address '192.168.255.1'
set load-balancing reverse-proxy service tcp443 port '443'
set load-balancing reverse-proxy service tcp443 mode 'tcp'
set load-balancing reverse-proxy service tcp443 tcp-request inspect-delay '5000'
set load-balancing reverse-proxy service tcp443 rule 10 ssl 'req-ssl-sni'
set load-balancing reverse-proxy service tcp443 rule 10 domain-name 'vyos-api.mgmt.domain'
set load-balancing reverse-proxy service tcp443 rule 10 set backend 'vyos-api'
set load-balancing reverse-proxy backend vyos-api balance 'round-robin'
set load-balancing reverse-proxy backend vyos-api mode 'tcp'
set load-balancing reverse-proxy backend vyos-api server vyos address '192.168.255.1'
set load-balancing reverse-proxy backend vyos-api server vyos port '8443'
commit
save

validate the haproxy config in /run/haproxy/haproxy.cfg, in frontend tcp443 block, the content below should exist.

tcp-request inspect-delay 5000
tcp-request content accept if { req_ssl_hello_type 1 }

Smoketest result

vyos@vyos-test:~$ /usr/libexec/vyos/tests/smoke/cli/test_load-balancing_reverse-proxy.py
test_01_lb_reverse_proxy_domain (__main__.TestLoadBalancingReverseProxy.test_01_lb_reverse_proxy_domain) ... ok
test_02_lb_reverse_proxy_cert_not_exists (__main__.TestLoadBalancingReverseProxy.test_02_lb_reverse_proxy_cert_not_exists) ...
PKI does not contain any certificates!


Certificate "cert" not found in configuration!

ok
test_03_lb_reverse_proxy_ca_not_exists (__main__.TestLoadBalancingReverseProxy.test_03_lb_reverse_proxy_ca_not_exists) ... ok
test_04_lb_reverse_proxy_backend_ssl_no_verify (__main__.TestLoadBalancingReverseProxy.test_04_lb_reverse_proxy_backend_ssl_no_verify) ...
backend bk-01 cannot have both ssl options no-verify and ca-certificate
set!

ok
test_05_lb_reverse_proxy_backend_http_check (__main__.TestLoadBalancingReverseProxy.test_05_lb_reverse_proxy_backend_http_check) ... ok
test_06_lb_reverse_proxy_tcp_mode (__main__.TestLoadBalancingReverseProxy.test_06_lb_reverse_proxy_tcp_mode) ... ok

----------------------------------------------------------------------
Ran 6 tests in 33.206s

Checklist:

  • I have read the CONTRIBUTING document
  • I have linked this PR to one or more Phabricator Task(s)
  • I have run the components SMOKETESTS if applicable
  • My commit headlines contain a valid Task id
  • My change requires a change to the documentation
  • I have updated the documentation accordingly

@fsdrw08
T6226: add HAPROXY tcp-request related directive to load-balancing …
90d4614 
…reverse proxy config when TCP mode and ssl is configed
@vyosbot vyosbot requested review from a team, dmbaturin, sarthurdev, zdc, jestabro, sever-sever and c-po and removed request for a team April 14, 2024 04:03
c-po
c-po requested changes Apr 14, 2024
View reviewed changes
data/templates/load-balancing/haproxy.cfg.j2 Outdated Show resolved Hide resolved
data/templates/load-balancing/haproxy.cfg.j2 Outdated Show resolved Hide resolved
@fsdrw08 fsdrw08 closed this Apr 16, 2024
@fsdrw08 fsdrw08 reopened this Apr 21, 2024
@vyosbot vyosbot requested review from a team and c-po and removed request for a team April 21, 2024 03:51
@fsdrw08 fsdrw08 changed the title T6226: add HAPROXY tcp-request content accept related block to load-balancing reverse proxy config in TCP mode T6226: add HAPROXY tcp-request related block to load-balancing reverse proxy config Apr 21, 2024
@c-po
Copy link
Member

c-po commented Apr 21, 2024

Conflicting files
smoketest/scripts/cli/test_load-balancing_reverse-proxy.py

@c-po c-po added the conflicts label Apr 21, 2024
@fsdrw08
Copy link
Contributor Author

fsdrw08 commented Apr 21, 2024

Conflicting files smoketest/scripts/cli/test_load-balancing_reverse-proxy.py

conflict resolved.

@sever-sever
Copy link
Member

9 commits to this simple feature seems a lot
There are 3 commits only for merging to current

@fsdrw08
Copy link
Contributor Author

fsdrw08 commented Apr 21, 2024

9 commits to this simple feature seems a lot There are 3 commits only for merging to current

sorry that I am new to contribute this project, do I need to close this PR, re-fork and consolidate the commit then re-raise a PR for this one?

@sever-sever
Copy link
Member

do I need to close this PR, re-fork and consolidate the commit then re-raise a PR for this one?

I’m not master of git but probably you could use “squash”
Nice to play with it :)

@nvollmar
Copy link
Contributor

nvollmar commented Apr 21, 2024
edited

sorry that I am new to contribute this project, do I need to close this PR, re-fork and consolidate the commit then re-raise a PR for this one?

doing a soft-reset to current so you have the changes uncommitted, then create a new commit and force push to your repo would probably the easiest way to simplify it.

@fsdrw08 fsdrw08 closed this Apr 22, 2024
@fsdrw08 fsdrw08 mentioned this pull request Apr 22, 2024
Merged
12 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dmbaturin dmbaturin Awaiting requested review from dmbaturin dmbaturin is a code owner automatically assigned from vyos/reviewers

@sarthurdev sarthurdev Awaiting requested review from sarthurdev sarthurdev is a code owner automatically assigned from vyos/reviewers

@zdc zdc Awaiting requested review from zdc zdc is a code owner automatically assigned from vyos/reviewers

@jestabro jestabro Awaiting requested review from jestabro jestabro is a code owner automatically assigned from vyos/reviewers

@sever-sever sever-sever Awaiting requested review from sever-sever sever-sever is a code owner automatically assigned from vyos/reviewers

@c-po c-po Awaiting requested review from c-po c-po is a code owner automatically assigned from vyos/reviewers

Assignees

@fsdrw08 fsdrw08

Labels
conflicts current
Milestone
No milestone
4 participants
@fsdrw08 @c-po @sever-sever @nvollmar