Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ccl/sqlproxyccl: add PROXY protocol support via CLI flag to sqlproxy #99429

Merged
merged 1 commit into from
Mar 30, 2023
Merged

ccl/sqlproxyccl: add PROXY protocol support via CLI flag to sqlproxy #99429

merged 1 commit into from
Mar 30, 2023

Conversation

jaylim-crl
Copy link
Collaborator

@jaylim-crl jaylim-crl commented Mar 23, 2023
edited
Loading

This commits adds a new require-proxy-protocol flag to mt start-proxy, and
that changes the sqlproxy's behavior to support the PROXY protocol. When the
flag is set, the protocol will be enforced on the SQL listener, and supported
on a best-effort basis on the HTTP listener. If the PROXY protocol isn't used,
but is enforced, the connection will be rejected. The rationale behind doing
best-effort basis on the HTTP listener is that some healthcheck systems don't
support the protocol.

This work is needed for the AWS PrivateLink work in CockroachCloud, which
requires the use of the PROXY protocol.

Release note: None

Epic: none

Release justification: SQL Proxy change only. Changes are needed for the AWS
PrivateLink work in CockroachCloud.

@jaylim-crl jaylim-crl requested review from a team as code owners March 23, 2023 20:24
@cockroach-teamcity
Copy link
Member

This change is Reviewable

@jaylim-crl jaylim-crl added the backport-23.1.x Flags PRs that need to be backported to 23.1 label Mar 23, 2023
@jaylim-crl jaylim-crl requested review from jeffswenson and pjtatlow and removed request for a team March 23, 2023 20:25
@jaylim-crl jaylim-crl force-pushed the jay/230323-sqlproxy-proxy-protocol branch from 502e09d to 892f092 Compare March 23, 2023 20:26
@jaylim-crl jaylim-crl force-pushed the jay/230323-sqlproxy-proxy-protocol branch 2 times, most recently from d43d841 to e3aa3f3 Compare March 24, 2023 17:31
@jaylim-crl
Copy link
Collaborator Author

I'll figure out how to fix TestProxyProtocol/allow=false later today. Couldn't seem to reproduce it:

    proxy_handler_test.go:139:
          Error Trace:  github.com/cockroachdb/cockroach/pkg/ccl/sqlproxyccl/proxy_handler_test.go:139
                              github.com/cockroachdb/cockroach/pkg/ccl/sqlproxyccl/proxy_handler_test.go:201
          Error:        Received unexpected error:
                        Get "http://127.0.0.1:45243/_status/healthz/": readLoopPeekFailLocked: <nil>
          Test:         TestProxyProtocol/allow=false

@jaylim-crl jaylim-crl force-pushed the jay/230323-sqlproxy-proxy-protocol branch from e3aa3f3 to fb66f43 Compare March 27, 2023 08:03
@jaylim-crl
Copy link
Collaborator Author

This PR is ready for a review as the flakes have been fixed.

pjtatlow
pjtatlow approved these changes Mar 27, 2023
View reviewed changes
Copy link
Contributor

@pjtatlow pjtatlow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@jaylim-crl
ccl/sqlproxyccl: add PROXY protocol support via CLI flag to sqlproxy
374ed5e 
This commits adds a new `require-proxy-protocol` flag to `mt start-proxy`, and
that changes the sqlproxy's behavior to support the PROXY protocol. When the
flag is set, the protocol will be enforced on the SQL listener, and supported
on a best-effort basis on the HTTP listener. If the PROXY protocol isn't used,
but is enforced, the connection will be rejected. The rationale behind doing
best-effort basis on the HTTP listener is that some healthcheck systems don't
support the protocol.

This work is needed for the AWS PrivateLink work in CockroachCloud, which
requires the use of the PROXY protocol.

Release note: None

Epic: none

Release justification: SQL Proxy change only. Changes are needed for the AWS
PrivateLink work in CockroachCloud.
@jaylim-crl jaylim-crl force-pushed the jay/230323-sqlproxy-proxy-protocol branch from fb66f43 to 374ed5e Compare March 30, 2023 19:15
@jaylim-crl
Copy link
Collaborator Author

TFTR!

bors r=pjtatlow

@craig
Copy link
Contributor

craig bot commented Mar 30, 2023

This PR was included in a batch that was canceled, it will be automatically retried

@craig
Copy link
Contributor

craig bot commented Mar 30, 2023

Build failed (retrying...):

@craig
Copy link
Contributor

craig bot commented Mar 30, 2023

Build succeeded:

@craig craig bot merged commit 2af36b8 into cockroachdb:master Mar 30, 2023
@blathers-crl blathers-crl bot mentioned this pull request Mar 30, 2023
Merged
@blathers-crl
Copy link

blathers-crl bot commented Mar 30, 2023

Encountered an error creating backports. Some common things that can go wrong:

  1. The backport branch might have already existed.
  2. There was a merge conflict.
  3. The backport branch contained merge commits.

You might need to create your backport manually using the backport tool.

error creating merge commit from 374ed5e to blathers/backport-release-22.2-99429: POST https://api.github.com/repos/cockroachdb/cockroach/merges: 409 Merge conflict []

you may need to manually resolve merge conflicts with the backport tool.

Backport to branch 22.2.x failed. See errors above.

🦉 Hoot! I am a Blathers, a bot for CockroachDB. My owner is dev-inf.

@jaylim-crl jaylim-crl mentioned this pull request Apr 3, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pjtatlow pjtatlow pjtatlow approved these changes

@jeffswenson jeffswenson Awaiting requested review from jeffswenson

Assignees
No one assigned
Labels
backport-23.1.x Flags PRs that need to be backported to 23.1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jaylim-crl @cockroach-teamcity @pjtatlow