On Tue, 31 Mar 2020, at 07:53, Aleksandar Lazic wrote:
> Hi Dave.
>
> On 31.03.20 09:24, Dave Cottlehuber wrote:
> > hi all,
> >
> > Our main haproxy.conf has practically become sentient... it's reached the
> > point where the number of url redirects and similar incantations is very
> > hard to reason about, and certainly not test or validate, until it's
> > shipped. In fact I deploy to a "B" cluster node, and verify most changes
> > on a spare production node. This is not always possible to ensure that
> > existing acls and url redirects aren't broken by the changes.
> >
> > For example:
> >
> > https://%[hdr(host)]%[url,regsub(/$,)] ...
> >
> > didn't do what the person who deployed it thinks it does - easy enough to
> > fix. How could we have tested this locally before committing it?
> >
> > Is there any easy-ish way to try out these rules, almost like you
> > could in a REPL?
> >
> > Once we've written them, and committed them to our ansible repos, is there
> > any way to unit test the whole config, to avoid regressions?
> >
> > 90% of these commits relate to remapping and redirecting urls from patterns.
>
> Please can you tell us which version of HAProxy and some more details
> from the config.
> Maybe you can split the redirects, for example can you use a map for
> the host part.
thanks Aleks,
In this case it's haproxy 2.1, and the config is complex.
This is a generic problem, not one for a single rule -- I need to find a way
to enable other people "unit test" their changes, before committing, and,
once committed, to avoid breaking production, be able to validate that the
most recent change doesn't break existing functions (more unit tests but
over the whole config). I can spin up a full staging environment if
necessary but I'm hoping somebody has a clever hack to avoid this.
Our newer stuff looks a bit like this with a map file:
http-request redirect code 301 location
%[capture.req.uri,map(/usr/local/etc/haproxy/redirects.map)] if {
capture.req.uri,map(/usr/local/etc/haproxy/redirects.map) -m found }
but there are hundreds of acls that can overlap, or even override the
straightforward logic of the map. That's what I need to find a way to deal with.
A+
Dave
