[PATCH 00/12] Peers SSL/TSL support

2019-01-16 Thread flecaille
From: Frédéric Lécaille Hi ML, Willy, Here is a new series of patches for this feature with Willy's remarks taken into an account. Was easy to break something ;) but I think this series does not break the current usage of "peers" section. I prefered work from the previous series without

[PATCH 02/12] CLEANUP: cfgparse: Return asap from cfg_parse_peers().

2019-01-16 Thread flecaille
From: Frédéric Lécaille Avoid useless code indentation. May be backported to 1.5 and newer. --- src/cfgparse.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/cfgparse.c b/src/cfgparse.c index 6fde7c9f..6670a861 100644 --- a/src/cfgparse.c +++ b/src/cfgparse.c @@

[PATCH 10/12] MINOR: cfgparse: peers: Be less confusing.

2019-01-16 Thread flecaille
From: Frédéric Lécaille Make "bind" line also parse the local peer bind address. Add "default-bind" option to parse the binding options excepted the bind address. Prevent "bind" lines to be mixed with "peer" line to help in handling the migration. --- src/cfgparse.c | 153

[PATCH 09/12] MINOR: cfgparse: SSL/TLS binding in "peers" sections.

2019-01-16 Thread flecaille
From: Frédéric Lécaille This patch makes "bind" work in "peers" sections. All "bind" settings are supported, excepted ip:port parameters which are provided on "peer" (or server) line matching the local peer. After having parsed the configuration files ->prepare_bind_conf is run to initialize all

[PATCH 05/12] MINOR: cfgparse: Rework peers frontend init.

2019-01-16 Thread flecaille
From: Frédéric Lécaille Even if not already the case, we suppose that the frontend "peers" section may have been already initialized outside of "peer" line, we seperate their initializations from their binding initializations. May be backported to 1.5 and newer. --- src/cfgparse.c | 50

[PATCH 12/12] DOC: peers: SSL/TLS documentation for "peers"

2019-01-16 Thread flecaille
From: Frédéric Lécaille --- doc/configuration.txt | 40 +++- 1 file changed, 39 insertions(+), 1 deletion(-) diff --git a/doc/configuration.txt b/doc/configuration.txt index 888515fb..960f1948 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@

[PATCH 03/12] CLEANUP: cfgparse: Code reindentation.

2019-01-16 Thread flecaille
From: Frédéric Lécaille May help the series of patches to be reviewed. May be backported to 1.5 and newer. --- src/cfgparse.c | 72 +- 1 file changed, 36 insertions(+), 36 deletions(-) diff --git a/src/cfgparse.c b/src/cfgparse.c index

[PATCH 06/12] MINOR: cfgparse: Simplication.

2019-01-16 Thread flecaille
From: Frédéric Lécaille Make init_peers_frontend() be callable without having to check if there is something to do or not. May be backported to 1.5 and newer. --- src/cfgparse.c | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/cfgparse.c b/src/cfgparse.c index

[PATCH 04/12] MINOR: cfgparse: Useless frontend initialization in "peers" sections.

2019-01-16 Thread flecaille
From: Frédéric Lécaille Use ->local "peers" struct member to flag a "peers" section frontend has being initialized. This is to be able to initialize the frontend of "peers" sections on lines different from "peer" lines. May be backported to 1.5 and newer. --- src/cfgparse.c | 17

[PATCH 11/12] MINOR: peers: Less confusing peer binding parsing.

2019-01-16 Thread flecaille
From: Frédéric Lécaille With this patch the "server" lines do not parse anymore the bind address for local peers. We do not use anymore list_for_each_entry() to set the "peers" section listeners parameter because there is only one listener by "peers" section. --- include/proto/server.h | 2 +-

[PATCH 08/12] MINOR: peers: Make outgoing connection to SSL/TLS peers work.

2019-01-16 Thread flecaille
From: Frédéric Lécaille This patch adds pointer to a struct server to peer structure which is initialized after having parsed a remote "peer" line. After having parsed all peers section we run ->prepare_srv to initialize all SSL/TLS stuff of remote perr (or server). Remaining thing to do to

[PATCH 01/12] MINOR: cfgparse: Extract some code to be re-used.

2019-01-16 Thread flecaille
From: Frédéric Lécaille Create init_peers_frontend() function to allocate and initialize the frontend of "peers" sections (->peers_fe) so that to reuse it later. May be backported to 1.5 and newer. --- src/cfgparse.c | 34 ++ 1 file changed, 26 insertions(+), 8

[PATCH 07/12] MINOR: cfgparse: Make "peer" lines be parsed as "server" lines.

2019-01-16 Thread flecaille
From: Frédéric Lécaille With this patch "default-server" lines are supported in "peers" sections to setup the default settings of peers which are from now setup when parsing both "peer" and "server" lines. May be backported to 1.5 and newer. --- src/cfgparse.c | 88

[PATCH 1/1] REGTEST: Peers reg tests.

2019-01-18 Thread flecaille
This is a better patch to update only reg-tests/peers/s_tls_basic_sync.vtc: We add a 4th haproxy process seen as peer D, without any encryption enabled for all the four peers A,B,C and D. On the three first haproxy instances side A,B, C, we declare D with ssl/tls activated. Consequently D cannot

[PATCH] REGTEST: Peers reg tests.

2019-01-18 Thread flecaille
From: Frédéric Lécaille --- reg-tests/peers/common.pem | 1 + reg-tests/peers/s_basic_sync.vtc | 115 +++ reg-tests/peers/s_tls_basic_sync.vtc | 150 +++ 3 files changed, 266 insertions(+) create mode 12

[PATCH 0/1] Peers reg tests.

2019-01-17 Thread flecaille
From: Frédéric Lécaille Hi ML, Here are new reg tests for peers. They are supposed to test the SSL/TLS support for haproxy peer protocol. (see https://www.mail-archive.com/haproxy@formilux.org/msg32438.html). Furthermore, vtest fixes are required: https://github.com/vtest/VTest/pull/9 Let's

[PATCH 1/1] REGTEST: Peers reg tests.

2019-01-17 Thread flecaille
From: Frédéric Lécaille --- reg-tests/peers/common.pem | 1 + reg-tests/peers/s_basic_sync.vtc | 115 ++ reg-tests/peers/s_tls_basic_sync.vtc | 118 +++ 3 files changed, 234 insertions(+) create mode 12

[PATCH 5/5] REGTEST: Add miscellaneous reg tests for health-checks.

2018-12-13 Thread flecaille
From: Frédéric Lécaille Signed-off-by: Frédéric Lécaille --- reg-tests/checks/s3.vtc | 95 + 1 file changed, 95 insertions(+) create mode 100644 reg-tests/checks/s3.vtc diff --git a/reg-tests/checks/s3.vtc b/reg-tests/checks/s3.vtc

[PATCH 3/5] REGTEST: Reg test for "check" health-check option.

2018-12-13 Thread flecaille
From: Frédéric Lécaille Signed-off-by: Frédéric Lécaille --- reg-tests/checks/s1.vtc | 114 1 file changed, 114 insertions(+) create mode 100644 reg-tests/checks/s1.vtc diff --git a/reg-tests/checks/s1.vtc b/reg-tests/checks/s1.vtc

[PATCH 2/5] REGTEST: Add a first test for health-checks.

2018-12-13 Thread flecaille
From: Frédéric Lécaille Signed-off-by: Frédéric Lécaille --- reg-tests/checks/s0.vtc | 207 1 file changed, 207 insertions(+) create mode 100644 reg-tests/checks/s0.vtc diff --git a/reg-tests/checks/s0.vtc b/reg-tests/checks/s0.vtc

[PATCH 1/5] REGTEST: Reg testing improvements.

2018-12-13 Thread flecaille
From: Frédéric Lécaille Add a new target to the Makefile named "reg-tests-help" to have an idea about how to run the reg tests from haproxy Makefile. Handle list of levels and lists of level range passed to make with LEVEL variable. New supported syntax: LEVEL=1,4 make reg-tests

[PATCH 4/5] REGTEST: level 1 health-check test 2.

2018-12-13 Thread flecaille
From: Frédéric Lécaille With this test we check that the health-checks do not consume any connection on the backend side. Signed-off-by: Frédéric Lécaille --- reg-tests/checks/s2.vtc | 677 1 file changed, 677 insertions(+) create mode 100644

[PATCH 1/1] REGTEST: Add a reg test for health-checks over SSL/TLS.

2018-12-18 Thread flecaille
From: Frédéric Lécaille This script runs two tests. One with "httpchk" over SSL/TLS and another one with "check-ssl" option. As varnishtest does not support SSL/TLS we use two haproxy processes to run these tests. h2 haproxy process be2 and be4 backends declare one server each wich are the

[PATCH 0/1] A reg test for "http-buffer-request" option

2018-12-21 Thread flecaille
From: Frédéric Lécaille Fred. Frédéric Lécaille (1): REGTEST: A basic test for "http-buffer-request" reg-tests/http-messaging/h3.vtc | 78 + 1 file changed, 78 insertions(+) create mode 100644 reg-tests/http-messaging/h3.vtc -- 2.11.0

[PATCH 1/1] REGTEST: A basic test for "http-buffer-request"

2018-12-21 Thread flecaille
From: Frédéric Lécaille --- reg-tests/http-messaging/h3.vtc | 78 + 1 file changed, 78 insertions(+) create mode 100644 reg-tests/http-messaging/h3.vtc diff --git a/reg-tests/http-messaging/h3.vtc b/reg-tests/http-messaging/h3.vtc new file

[PATCH 2/4] REGTEST: Be less Linux specific with a syslog regex.

2018-12-20 Thread flecaille
From: Frédéric Lécaille This patch makes at least this test pass on FreeBSD systems. The regex to be matched with syslog message was too much Linux specific. --- reg-tests/checks/s3.vtc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/reg-tests/checks/s3.vtc

[PATCH 4/4] REGTEST: Exclude freebsd target for some reg tests.

2018-12-20 Thread flecaille
From: Frédéric Lécaille This patch excludes freebsd target for health-checks reg tests which rely on TCP_DEFER_ACCEPT usage. This is specific to Linux. --- reg-tests/checks/s0.vtc | 1 + reg-tests/checks/s1.vtc | 2 ++ reg-tests/checks/s2.vtc | 1 + 3 files changed, 4 insertions(+)

[PATCH 3/4] REGTEST: Missing enclosing quotes for ${tmpdir} macro.

2018-12-20 Thread flecaille
From: Frédéric Lécaille --- reg-tests/connection/b0.vtc | 4 ++-- reg-tests/seamless-reload/b0.vtc | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/reg-tests/connection/b0.vtc b/reg-tests/connection/b0.vtc index 50bb7494..9b36c45a 100644 ---

[PATCH 0/4] A few fixes for reg tests.

2018-12-20 Thread flecaille
From: Frédéric Lécaille Hi ML, Here is a series of patches to fix a few reg testing issues. Fred. Frédéric Lécaille (4): REGTEST: Fix a typo about barrier type. REGTEST: Be less Linux specific with a syslog regex. REGTEST: Missing enclosing quotes for ${tmpdir} macro. REGTEST: Exclude

[PATCH 1/4] REGTEST: Fix a typo about barrier type.

2018-12-20 Thread flecaille
From: Frédéric Lécaille Fix a typo, furthermore there is no reason to use a barrier with "sock" as type which are more varnish cache specific: used to synchronize the VCL. --- reg-tests/checks/s0.vtc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git

[PATCH 1/1] REGTEST: Add a reg test for HTTP cookies.

2018-12-14 Thread flecaille
From: Frédéric Lécaille This script tests the "cookie insert indirect" directive with header checks on server and client side. syslog messages are also checked, especially --II (invalid, insert) flags logging. Signed-off-by: Frédéric Lécaille --- reg-tests/http-cookies/h0.vtc | 58

[PATCH 0/1] Be more verbous when reg tests fail.

2019-01-08 Thread flecaille
From: Frédéric Lécaille With this patch when the test fails it may be useful to collect additional information coming from varnishtes especially when this latter aborts. For instance without this patch reg-tests/mailers/k_healthcheckmail.vtc does not produce relevant information. $

[PATCH 0/2] Switch to vtest.

2019-01-11 Thread flecaille
From: Frédéric Lécaille Hi ML, With these patches, haproxy switches to the new varnish cache reg testing tool named vtest, formerly known as varnishtest. From the user point of view, there is no very much differences compared to the usage of varnishtest. Before we started the reg testing

[PATCH 2/2] REGTEST: Adapt reg test doc files to vtest.

2019-01-11 Thread flecaille
From: Frédéric Lécaille This is a first patch to switch from varnishtest to new standalone varnish cache reg testing program: vtest. More information may be found here: https://github.com/vtest/VTest https://varnish-cache.org/docs/trunk/reference/varnishtest.html

[PATCH 1/2] REGTEST: Switch to vtest.

2019-01-11 Thread flecaille
From: Frédéric Lécaille This patch replace the usage of the formerly varnish cache reg testing program, name varnishtest by the new standalone one: vtest. --- Makefile| 10 +- scripts/run-regtests.sh | 28 ++-- 2 files changed, 19 insertions(+),

[PATCH 09/10] MINOR: cfgparse: SSL/TLS binding in "peers" sections.

2019-01-11 Thread flecaille
From: Frédéric Lécaille This patch makes "bind" work in "peers" sections. All "bind" settings are supported, excepted ip:port parameters which are provided on "peer" (or server) line matching the local peer. After having parsed the configuration files ->prepare_bind_conf is run to initialize all

[PATCH 08/10] MINOR: peers: Make outgoing connection to SSL/TLS peers work.

2019-01-11 Thread flecaille
From: Frédéric Lécaille This patch adds pointer to a struct server to peer structure which is initialized after having parsed a remote "peer" line. After having parsed all peers section we run ->prepare_srv to initialize all SSL/TLS stuff of remote perr (or server). Remaining thing to do to

[PATCH 06/10] MINOR: cfgparse: Simplication.

2019-01-11 Thread flecaille
From: Frédéric Lécaille Make init_peers_frontend() be callable without having to check if there is something to do or not. May be backported to 1.5 and newer. --- src/cfgparse.c | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/cfgparse.c b/src/cfgparse.c index

[PATCH 05/10] MINOR: cfgparse: Rework peers frontend init.

2019-01-11 Thread flecaille
From: Frédéric Lécaille Even if not already the case, we suppose that the frontend "peers" section may have been already initialized outside of "peer" line, we seperate their initializations from their binding initializations. May be backported to 1.5 and newer. --- src/cfgparse.c | 50

[PATCH 10/10] DOC: peers: SSL/TLS documentation for "peers"

2019-01-11 Thread flecaille
From: Frédéric Lécaille --- doc/configuration.txt | 23 ++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/doc/configuration.txt b/doc/configuration.txt index 888515fb..d55e4bd3 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -1928,6 +1928,12

[PATCH 04/10] MINOR: cfgparse: Useless frontend initialization in "peers" sections.

2019-01-11 Thread flecaille
From: Frédéric Lécaille Use ->local "peers" struct member to flag a "peers" section frontend has being initialized. This is to be able to initialize the frontend of "peers" sections on lines different from "peer" lines. May be backported to 1.5 and newer. --- src/cfgparse.c | 17

[PATCH 07/10] MINOR: cfgparse: Make "peer" lines be parsed as "server" lines.

2019-01-11 Thread flecaille
From: Frédéric Lécaille With this patch "default-server" lines are supported in "peers" sections to setup the default settings of peers which are from now setup when parsing both "peer" and "server" lines. May be backported to 1.5 and newer. --- src/cfgparse.c | 88

[PATCH 01/10] MINOR: cfgparse: Extract some code to be re-used.

2019-01-11 Thread flecaille
From: Frédéric Lécaille Create init_peers_frontend() function to allocate and initialize the frontend of "peers" sections (->peers_fe) so that to reuse it later. May be backported to 1.5 and newer. --- src/cfgparse.c | 34 ++ 1 file changed, 26 insertions(+), 8

[PATCH 03/10] CLEANUP: cfgparse: Code reindentation.

2019-01-11 Thread flecaille
From: Frédéric Lécaille May help the series of patches to be reviewed. May be backported to 1.5 and newer. --- src/cfgparse.c | 72 +- 1 file changed, 36 insertions(+), 36 deletions(-) diff --git a/src/cfgparse.c b/src/cfgparse.c index

[PATCH 02/10] CLEANUP: cfgparse: Return asap from cfg_parse_peers().

2019-01-11 Thread flecaille
From: Frédéric Lécaille Avoid useless code indentation. May be backported to 1.5 and newer. --- src/cfgparse.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/cfgparse.c b/src/cfgparse.c index 6fde7c9f..6670a861 100644 --- a/src/cfgparse.c +++ b/src/cfgparse.c @@

[PATCH 00/10] Peers SSL/TLS support

2019-01-11 Thread flecaille
From: Frédéric Lécaille Hi ML, With this series of patches we add the SSL/TLS support to haproxy peers. Regards, Fred. Frédéric Lécaille (10): MINOR: cfgparse: Extract some code to be re-used. CLEANUP: cfgparse: Return asap from cfg_parse_peers(). CLEANUP: cfgparse: Code reindentation.

[PATCH 0/1] A basic reg test for HTTP header captures

2019-01-08 Thread flecaille
From: Frédéric Lécaille Hi ML, Here is a basic test to check that this is the last occurence of request/response headers which are sent to the logs. Fred. Frédéric Lécaille (1): REGTEST: "capture (request|response)" regtest. reg-tests/http-capture/h0.vtc | 92

[PATCH 1/1] REGTEST: "capture (request|response)" regtest.

2019-01-08 Thread flecaille
From: Frédéric Lécaille --- reg-tests/http-capture/h0.vtc | 92 +++ 1 file changed, 92 insertions(+) create mode 100644 reg-tests/http-capture/h0.vtc diff --git a/reg-tests/http-capture/h0.vtc b/reg-tests/http-capture/h0.vtc new file mode

[PATCH 1/1] REGTEST: Add some informatoin to test results.

2019-01-08 Thread flecaille
From: Frédéric Lécaille When the reg tests fail, it may be useful to display additional information coming from varnishtest, especially when this latter aborts. In such case, the test output may be made of lines prefixed by "* diag" string. --- scripts/run-regtests.sh | 2 +- 1 file

[PATCH 1/1] REGTEST: Make reg-tests target support argument.

2018-12-19 Thread flecaille
From: Frédéric Lécaille With this patch we can provide a list of argument to reg-tests target. Useful to run reg tests for a list of VTC files like that: $ VARNISHTEST_PROGRAM=<...> make reg-tests reg-tests/checks/*.vtc --- Makefile | 8 +++- 1 file changed, 7 insertions(+), 1

[PATCH 0/1] REGTEST: Reg testing improvement.

2018-12-19 Thread flecaille
From: Frédéric Lécaille Here is a little patch to make reg-tests target able of taking arguments. May be useful during debugging steps. Thanks to https://stackoverflow.com/questions/2214575/passing-arguments-to-make-run for this recipe. Frédéric Lécaille (1): REGTEST: Make reg-tests target