Hi Jeffrey, On Thu, Apr 02, 2009 at 02:23:44PM +0800, Jeffrey 'jf' Lim wrote: (...) > Ok perhaps "combinatorial" was not the word that i should have used, > but... I hope you can see the point/s with the explanation that i > gave. The "head" acl only gets checked once - thereafter which it goes > into the body (you could treat it like the standard "if" statement in > any programming language) to do the evaluation. > > Without this, the "head" acl has to be evaluated every time for every > combination of "head" acl + "sub" acl for you can go into each > 'use_backend'. So eg: > > use_backend b1 if host_www.domain.com path1 > use_backend b2 if host_www.domain.com path2 > use_backend b3 if host_www.domain.com path3 > use_backend b4 if host_www.domain path4 or host_www.domain path5 > ... > > use_backend b10 if host_www.d2.com path1 > use_backend b11 if host_www.d2.com path2 > ... > > > So does it make sense to cut out all of this? Of course it does. > Faster acl processing (you dont repeat having to process > 'host_www.domain.com' every time!), much neater (and maintainable) > config file. > > == > > The following is a refined patch (did i mention i was serious about > this? just to allay the "April Fool's" thing) > > One caveat to take note: at this point in time I'm not going to cater > for nested 'for_acl's (I think if u really need this, you probably > have bigger problems). One level of 'for_acl' should be all you > need... (why is this deja vu) (Willy, I'll work out the documentation > later once/if u give the go ahead for this, thanks)
I understand the usefulness of your proposal, but I really dislike the implementation for at least two reasons : - right now the config works on a line basis. There are sections, but no block. This is the first statement which introduces the notion of a block, with a beginning and a mandatory end. I don't like that for the same reason I don't like config languages with braces. It's harder to debug and maintain. - only the "use_backend" rules are covered. So the "for_acl" keyword is not suited since in fact you're just processing a "use_backend" list. Also, that leaves me with two new questions : what could be done for other rules ? Do we need to duplicate all the code, or can we factor the same block out and use it everywhere ? Second question : maybe you need this for use_backend only, which marks it as a special case which might be handled even more easily ? With all that in mind, I'm wondering if what you want is not just sort of a massive remapping feature. I see that you have arbitrarily factored on the Host part and you are selecting the backend based on the path part. Is this always what you do ? Are there any other cases ? You still have to declare ACLs for each path. Maybe it would be better to simply support something like this : use_backend back1 if acl1 map_path_to_backend if Host1 use BK1 on ^/img use BK2 on ^/js use BK3 on ^/static/.*\.{jpg|gif|png} ... use_backend backN if aclN See ? No more ACLs on the path and direct mapping between path and backends for a given host. If you think you still need ACLs but just for use_backend rules, maybe we should just use a slightly different keyword : simply not repeat "use_backend" and use "select" instead, which does not appear in the normal config section : use_backend bk1 if acl1 use_backend_block if Host1 select bk1 if path1 or path2 select bk2 if path3 select bk3 if path4 src1 ... use_backend bkN if aclN That one would present the advantage of being more intuitive and would integrate better with other rules. Also, it would make it more intuitive how to write such blocks for other rule sets, and is very close to what you've already done. And that does not require any end tag since the keyword used in the block ("select" above) is not present in the containing block. Maybe with a little bit more thinking we could come up with something more generic like this : ... call use_backend if acl1 with bk1 if path1 or path2 with bk2 if ... ... call redirect if acl1 with prefix http://here.local if path2 with location / if path3 ... See ? That would basically add an iterator around any type of ACL rule, providing us with the ability to only specify the verb on the first line, and all the args in the list, and this would make a lot of sense. I don't like the "call" nor "with" keywords, it's just an illustration. I'd like to get opinions for other massive ACL users, because any minor change might have significant impact to many of us, and we must keep in mind that what we develop has to be maintained over the years, sometimes conflicting with further features. Best regards, Willy