Re: [PATCH] MINOR: Add srv_queue converter
Hi Nenad, On Tue, Aug 27, 2019 at 01:58:13AM +0200, Nenad Merdanovic wrote: > The converter can be useful to look up a server queue from a dynamic value. Thanks, applied. This made me think that it could be useful to have a few other ones like srv_is_up and srv_conn. Also, your use case consisting in looking up a server name from a cookie made me think that we could refactor the cookie lookup code so that it's usable from a sample fetch. This way we could have something like srv_from_cookie([]) doing all the work and returning a backend/server name that can be looked up directly from a frontend so that it's still possible to decide to route the request to a different backend depending on what is found there. Just an idea. Cheers, Willy
[PATCH] MINOR: Add srv_queue converter
The converter can be useful to look up a server queue from a dynamic value. Signed-off-by: Nenad Merdanovic --- doc/configuration.txt | 7 +++ src/backend.c | 35 ++- 2 files changed, 41 insertions(+), 1 deletion(-) diff --git a/doc/configuration.txt b/doc/configuration.txt index 4e18f0f6..20c39c77 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -13622,6 +13622,13 @@ sha2([]) Please note that this converter is only available when haproxy has been compiled with USE_OPENSSL. +srv_queue + Takes an input value of type string, either a server name or / + format and returns the number of queued sessions on that server. Can be used + in places where we want to look up queued sessions from a dynamic name, like a + cookie value (e.g. req.cook(SRVID),srv_queue) and then make a decision to break + persistence or direct a request elsewhere. + strcmp() Compares the contents of with the input value of type string. Returns the result as a signed integer compatible with strcmp(3): 0 if both strings diff --git a/src/backend.c b/src/backend.c index 917b612b..1b01536c 100644 --- a/src/backend.c +++ b/src/backend.c @@ -2286,6 +2286,38 @@ static int sample_conv_nbsrv(const struct arg *args, struct sample *smp, void *p return 1; } +static int +sample_conv_srv_queue(const struct arg *args, struct sample *smp, void *private) +{ + struct proxy *px; + struct server *srv; + char *bksep; + + if (!smp_make_safe(smp)) + return 0; + + bksep = strchr(smp->data.u.str.area, '/'); + + if (bksep) { + *bksep = '\0'; + px = proxy_find_by_name(smp->data.u.str.area, PR_CAP_BE, 0); + if (!px) + return 0; + smp->data.u.str.area = bksep + 1; + } else { + if (!(smp->px->cap & PR_CAP_BE)) + return 0; + px = smp->px; + } + + srv = server_find_by_name(px, smp->data.u.str.area); + if (!srv) + return 0; + + smp->data.type = SMP_T_SINT; + smp->data.u.sint = srv->nbpend; + return 1; +} /* Note: must not be declared as its list will be overwritten. * Please take care of keeping this list alphabetically sorted. @@ -2313,7 +2345,8 @@ INITCALL1(STG_REGISTER, sample_register_fetches, _kws); /* Note: must not be declared as its list will be overwritten */ static struct sample_conv_kw_list sample_conv_kws = {ILH, { - { "nbsrv", sample_conv_nbsrv, 0, NULL, SMP_T_STR, SMP_T_SINT }, + { "nbsrv", sample_conv_nbsrv, 0, NULL, SMP_T_STR, SMP_T_SINT }, + { "srv_queue", sample_conv_srv_queue, 0, NULL, SMP_T_STR, SMP_T_SINT }, { /* END */ }, }}; -- 2.19.1
Re: [RFC] setting the backend SNI from the client's authority TLV, when the target address was forwarded
On 8/26/19 18:03, Emmanuel Hocdet wrote: > > Great to see TLS onloader continue. Working on it ... > About the TLS onloader configuration. If i understand the principle of > servers set to 0.0.0.0 and stick table: > The server configuration will look like: >server s0 0.0.0.0:0 ssl sni fc_pp_authority >[…] Yes, I'm currently testing a new patch, and the config looks very much like that. Real-world use cases may want to implement the fallback logic that we were talking about earlier in the thread, since fc_pp_authority may or may not have been present in the PROXY header. "Set SNI to fc_pp_authority if it was sent, otherwise set it to ssl_fc_sni". Best, Geoff -- ** * * UPLEX - Nils Goroll Systemoptimierung Scheffelstraße 32 22301 Hamburg Tel +49 40 2880 5731 Mob +49 176 636 90917 Fax +49 40 42949753 http://uplex.de signature.asc Description: OpenPGP digital signature
Re: [RFC] setting the backend SNI from the client's authority TLV, when the target address was forwarded
HI Geoff, Willy Great to see TLS onloader continue. > Le 22 août 2019 à 16:33, Geoff Simmons a écrit : > > On 8/22/19 14:40, Willy Tarreau wrote: >> >>> I would suggest naming it something like fc_authority or >>> fc_pp_authority, to be specific about where it came from. > > Since you used fc_pp_authority in an example further down, I'll take > that as the choice (unless somebody yells). Seems better to me, since > just "authority" could refer to a number of things. > fc_pp_authority seems ok. (fc_)authority could refer to ssl_fc_sni for ssl connection or host header for http connection. About the TLS onloader configuration. If i understand the principle of servers set to 0.0.0.0 and stick table: The server configuration will look like: server s0 0.0.0.0:0 ssl sni fc_pp_authority […] For stick part, to correctly reused TLS connection, destination IP + authority should be used. Regards Manu