Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

T6226: add HAPROXY tcp-request related block to load-balancing reverse proxy config #3342

Merged
merged 1 commit into from
Apr 23, 2024
Merged

T6226: add HAPROXY tcp-request related block to load-balancing reverse proxy config #3342

merged 1 commit into from
Apr 23, 2024

Conversation

fsdrw08
Copy link
Contributor

@fsdrw08 fsdrw08 commented Apr 22, 2024

Change Summary

Add tcp-request related directive in haproxy.cfg.j2 template and haproxy interface definitions, for service in tcp mode.
Add tcp mode related test case in test_load-balancing_reverse-proxy.py

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Code style update (formatting, renaming)
  • Refactoring (no functional changes)
  • Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
  • Other (please describe):

Related Task(s)

https://vyos.dev/T6226

Related PR(s)

Component(s) name

load-balancing reverse-proxy

Proposed changes

Add tcp-request related directive in haproxy.cfg.j2 template, for service in tcp mode.
Add tcp mode related test case in test_load-balancing_reverse-proxy.py

How to test

Build the new vyos-1x deb package from my fork repo, then install it the instance build from vyos-1.5-rolling-202404130016-amd64.iso

set load-balancing reverse-proxy service tcp443 listen-address '192.168.255.1'
set load-balancing reverse-proxy service tcp443 port '443'
set load-balancing reverse-proxy service tcp443 mode 'tcp'
set load-balancing reverse-proxy service tcp443 tcp-request inspect-delay '5000'
set load-balancing reverse-proxy service tcp443 rule 10 ssl 'req-ssl-sni'
set load-balancing reverse-proxy service tcp443 rule 10 domain-name 'vyos-api.mgmt.domain'
set load-balancing reverse-proxy service tcp443 rule 10 set backend 'vyos-api'
set load-balancing reverse-proxy backend vyos-api balance 'round-robin'
set load-balancing reverse-proxy backend vyos-api mode 'tcp'
set load-balancing reverse-proxy backend vyos-api server vyos address '192.168.255.1'
set load-balancing reverse-proxy backend vyos-api server vyos port '8443'
commit
save

validate the haproxy config in /run/haproxy/haproxy.cfg, in frontend tcp443 block, the content below should exist.

tcp-request inspect-delay 5000
tcp-request content accept if { req_ssl_hello_type 1 }

Smoketest result

vyos@vyos-test:~$ /usr/libexec/vyos/tests/smoke/cli/test_load-balancing_reverse-proxy.py
test_01_lb_reverse_proxy_domain (__main__.TestLoadBalancingReverseProxy.test_01_lb_reverse_proxy_domain) ... ok
test_02_lb_reverse_proxy_cert_not_exists (__main__.TestLoadBalancingReverseProxy.test_02_lb_reverse_proxy_cert_not_exists) ...
PKI does not contain any certificates!


Certificate "cert" not found in configuration!

ok
test_03_lb_reverse_proxy_ca_not_exists (__main__.TestLoadBalancingReverseProxy.test_03_lb_reverse_proxy_ca_not_exists) ... ok
test_04_lb_reverse_proxy_backend_ssl_no_verify (__main__.TestLoadBalancingReverseProxy.test_04_lb_reverse_proxy_backend_ssl_no_verify) ...
backend bk-01 cannot have both ssl options no-verify and ca-certificate
set!

ok
test_05_lb_reverse_proxy_backend_http_check (__main__.TestLoadBalancingReverseProxy.test_05_lb_reverse_proxy_backend_http_check) ... ok
test_06_lb_reverse_proxy_tcp_mode (__main__.TestLoadBalancingReverseProxy.test_06_lb_reverse_proxy_tcp_mode) ... ok

----------------------------------------------------------------------
Ran 6 tests in 33.206s

Checklist:

  • I have read the CONTRIBUTING document
  • I have linked this PR to one or more Phabricator Task(s)
  • I have run the components SMOKETESTS if applicable
  • My commit headlines contain a valid Task id
  • My change requires a change to the documentation
  • I have updated the documentation accordingly

@vyosbot vyosbot requested review from a team, dmbaturin, sarthurdev, zdc, jestabro, sever-sever and c-po and removed request for a team April 22, 2024 08:07
@fsdrw08
Copy link
Contributor Author

fsdrw08 commented Apr 22, 2024

this is the PR improved from #3306, just squash the commit number to 1

@sever-sever
Copy link
Member

@Mergifyio backport sagitta

@mergify Mergify
Copy link
Contributor

mergify bot commented Apr 23, 2024
edited
Loading

backport sagitta

✅ Backports have been created

@c-po c-po merged commit f3c36e2 into vyos:current Apr 23, 2024
6 of 7 checks passed
@mergify mergify bot mentioned this pull request Apr 23, 2024
Merged
12 tasks
c-po added a commit that referenced this pull request Apr 23, 2024
@c-po
Merge pull request #3352 from vyos/mergify/bp/sagitta/pr-3342
50dd922 
T6226: add HAPROXY tcp-request related block to load-balancing reverse proxy config (backport #3342)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sever-sever sever-sever sever-sever approved these changes

@c-po c-po c-po approved these changes

@dmbaturin dmbaturin Awaiting requested review from dmbaturin dmbaturin is a code owner automatically assigned from vyos/reviewers

@sarthurdev sarthurdev Awaiting requested review from sarthurdev sarthurdev is a code owner automatically assigned from vyos/reviewers

@zdc zdc Awaiting requested review from zdc zdc is a code owner automatically assigned from vyos/reviewers

@jestabro jestabro Awaiting requested review from jestabro jestabro is a code owner automatically assigned from vyos/reviewers

Assignees

@fsdrw08 fsdrw08

Labels
current
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@fsdrw08 @sever-sever @c-po