Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Manage haproxy daemon for lbaas. Two options avaialable: - Manage through supervisor. This will run on non-daemon mode as the process cannot be managed by supervisord if it runs in background. Process monitoring provided by supervisor. - Start/stop the daemon as we do today. Need additional changes to ensure monitoring/restarting of the process. Additional commit needed to enable this code from vrouter_netns. Change-Id: I05c13d7c96c86bee2fcddc73342ba28c6010c8e6 Partial-Bug: #1452928 Enable haproxy config translation Enable haproxy config translation from json format Also enable haproxy daemon handling by supervisord Change-Id: If3489ea66430ec0ac50bb6198093a0689fa16219 Closes-Bug: #1452928 Conflicts: src/nodemgr/haproxy_stats.py Generate mac from instance ip for service VMs Generate the same mac-address for all interfaces sharing the same IP. In addition a change to daemonize the haproxy process instead of managing through supervisor. Change-Id: I2394f29c4a11bffeee4b0184ce6cd6867b01e0e9 Closes-Bug: #1461882 Haproxy config generation fixes for HTTPS protocol Change-Id: I140361ad4785be2a87d23a04181e73ca999e8e2b Closes-bug: #1466318 Fix for poodle vulnerability; ChangeId: I9432d035eb59b1ff53cb5d33350cd5f8063e077c; Closes-Bug: #1475392 Change-Id: I390a77261bc0d3257108c06951c79f1d2c3dadaa Fix for FREAK SSL vulnerability This fix pushes selected set of secure ciphers into haproxy config file Change-Id: Idfc11ce0411024e7154d3b2c46a095fb4f80337d Closes-Bug: #1477400 HAProxy Performance Tuning HAProxy's default config is non-performant. This fix updates following config in HAProxy: 1) Increase TCP client/server timeouts. 2) Increase ulimit globally per HAProxy process. 3) Increase maxconn globally per HAProxy process. Change-Id: I28be29d5ab3dcb2a35fcbe9168300edf18b2c23c Closes-Bug: #1477781 Allow custom configs with LBaaS This fix takes care of haproxy parsing and validation changes on vrouter agent. Removing extra white spaces Closes-Bug: #1475393 Change-Id: I822e27792f78168a178d555db5703fa1e73d0cc9
- Loading branch information
Showing
6 changed files
with
308 additions
and
55 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
117 changes: 117 additions & 0 deletions
117
src/vnsw/opencontrail-vrouter-netns/opencontrail_vrouter_netns/haproxy_process.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,117 @@ | ||
import itertools | ||
import os | ||
import shlex | ||
import subprocess | ||
import haproxy_config | ||
|
||
SUPERVISOR_BASE_DIR = '/etc/contrail/supervisord_vrouter_files/lbaas-haproxy-' | ||
|
||
def stop_haproxy(conf_file, daemon_mode=False): | ||
pool_id = os.path.split(os.path.dirname(conf_file))[1] | ||
try: | ||
if daemon_mode: | ||
_stop_haproxy_daemon(pool_id) | ||
else: | ||
_stop_supervisor_haproxy(pool_id) | ||
except Exception as e: | ||
pass | ||
|
||
def start_update_haproxy(conf_file, netns, daemon_mode=False): | ||
pool_id = os.path.split(os.path.dirname(conf_file))[1] | ||
haproxy_cfg_file = haproxy_config.build_config(conf_file) | ||
try: | ||
if daemon_mode: | ||
_start_haproxy_daemon(pool_id, netns, haproxy_cfg_file) | ||
else: | ||
_start_supervisor_haproxy(pool_id, netns, haproxy_cfg_file) | ||
except Exception as e: | ||
pass | ||
|
||
def _get_lbaas_pid(pool_id): | ||
cmd_list = shlex.split('ps aux') | ||
p1 = subprocess.Popen(cmd_list, stdout=subprocess.PIPE) | ||
cmd_list = shlex.split('grep haproxy') | ||
p2 = subprocess.Popen(cmd_list, stdin=p1.stdout, stdout=subprocess.PIPE) | ||
cmd_list = shlex.split('grep ' + pool_id) | ||
p = subprocess.Popen(cmd_list, stdin=p2.stdout, stdout=subprocess.PIPE) | ||
out, err = p.communicate() | ||
try: | ||
pid = out.split()[1] | ||
except Exception: | ||
pid = None | ||
return pid | ||
|
||
def _stop_haproxy_daemon(pool_id): | ||
last_pid = _get_lbaas_pid(pool_id) | ||
if last_pid: | ||
cmd_list = shlex.split('kill -9 ' + last_pid) | ||
subprocess.Popen(cmd_list) | ||
|
||
def _start_haproxy_daemon(pool_id, netns, conf_file): | ||
last_pid = _get_lbaas_pid(pool_id) | ||
if last_pid: | ||
sf_opt = '-sf ' + last_pid | ||
else: | ||
sf_opt = '' | ||
conf_dir = os.path.dirname(conf_file) | ||
pid_file = conf_dir + '/haproxy.pid' | ||
|
||
cmd = 'ip netns exec %s haproxy -f %s -p %s %s' % \ | ||
(netns, conf_file, pid_file, sf_opt) | ||
cmd_list = shlex.split(cmd) | ||
subprocess.Popen(cmd_list) | ||
|
||
def _stop_supervisor_haproxy(pool_id): | ||
pool_suffix = _get_pool_suffix(pool_id) | ||
file_name = SUPERVISOR_BASE_DIR + pool_suffix + '.ini' | ||
cmd = "rm " + file_name | ||
cmd_list = shlex.split(cmd) | ||
subprocess.Popen(cmd_list) | ||
_update_supervisor() | ||
|
||
def _start_supervisor_haproxy(pool_id, netns, conf_file): | ||
data = [] | ||
data.extend(_set_config(pool_id, netns, conf_file)) | ||
pool_suffix = _get_pool_suffix(pool_id) | ||
with open(SUPERVISOR_BASE_DIR + pool_suffix + '.ini', "w") as f: | ||
f.write('\n'.join(data) + '\n') | ||
_update_supervisor() | ||
|
||
def _get_pool_suffix(pool_id): | ||
return pool_id.split('-')[0] | ||
|
||
def _update_supervisor(): | ||
cmd = "supervisorctl -s unix:///tmp/supervisord_vrouter.sock update" | ||
cmd_list = shlex.split(cmd) | ||
subprocess.Popen(cmd_list) | ||
|
||
def _set_config(pool_id, netns, conf_file): | ||
pool_suffix = _get_pool_suffix(pool_id) | ||
program_name = 'lbaas-haproxy-%s' % pool_suffix | ||
cmd = "supervisorctl -s unix:///tmp/supervisord_vrouter.sock pid " | ||
cmd += program_name | ||
cmd_list = shlex.split(cmd) | ||
p = subprocess.Popen(cmd_list, stdout=subprocess.PIPE) | ||
last_pid, err = p.communicate() | ||
try: | ||
int(last_pid) | ||
sf_opt = '-sf ' + last_pid | ||
except ValueError: | ||
sf_opt = '' | ||
|
||
opts = [ | ||
'[program:%s]' % program_name, | ||
'command=ip netns exec %s haproxy -f %s -db %s' % \ | ||
(netns, conf_file, sf_opt), | ||
'priority=420', | ||
'autostart=true', | ||
'killasgroup=true', | ||
'stdout_capture_maxbytes=1MB', | ||
'redirect_stderr=true', | ||
'stdout_logfile=/var/log/contrail/lbaas-haproxy-stdout.log', | ||
'stderr_logfile=/dev/null', | ||
'startsecs=5', | ||
'exitcodes=0' | ||
] | ||
|
||
return itertools.chain(o for o in opts) |
Oops, something went wrong.