Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Generate loadbalancer config in json format
Currently the agent generates loadbalancer configuration in
haproxy specific format. Going forward agent will generate
a generic json based loadbalancer config. This config will
be handled by driver specific configuration parser. Currently
only haproxy parsing is supported.

Closes-Bug: #1452928
Change-Id: I2d198aff0a569615ac5c331e4b6c582b93d9d3a3

Conflicts:
	src/vnsw/agent/oper/loadbalancer_haproxy.cc

LBAAS haproxy process manager

Manage haproxy daemon for lbaas. Two options avaialable:
- Manage through supervisor. This will run on non-daemon mode
  as the process cannot be managed by supervisord if it runs in
  background. Process monitoring provided by supervisor.
- Start/stop the daemon as we do today. Need additional changes
  to ensure monitoring/restarting of the process.

Additional commit needed to enable this code from vrouter_netns.

Change-Id: I05c13d7c96c86bee2fcddc73342ba28c6010c8e6
Partial-Bug: #1452928

Enable haproxy config translation

Enable haproxy config translation from json format
Also enable haproxy daemon handling by supervisord

Change-Id: If3489ea66430ec0ac50bb6198093a0689fa16219
Closes-Bug: #1452928

Conflicts:

	src/nodemgr/haproxy_stats.py

Generate mac from instance ip for service VMs

Generate the same mac-address for all interfaces sharing the same
IP. In addition a change to daemonize the haproxy process instead
of managing through supervisor.

Change-Id: I2394f29c4a11bffeee4b0184ce6cd6867b01e0e9
Closes-Bug: #1461882

Haproxy config generation fixes for HTTPS protocol

Change-Id: I140361ad4785be2a87d23a04181e73ca999e8e2b
Closes-bug: #1466318

Fix for poodle vulnerability; ChangeId: I9432d035eb59b1ff53cb5d33350cd5f8063e077c; Closes-Bug: #1475392

Change-Id: I390a77261bc0d3257108c06951c79f1d2c3dadaa

Fix for FREAK SSL vulnerability

This fix pushes selected set of secure ciphers into
haproxy config file

Change-Id: Idfc11ce0411024e7154d3b2c46a095fb4f80337d
Closes-Bug: #1477400

HAProxy Performance Tuning

HAProxy's default config is non-performant.
This fix updates following config in HAProxy:
1) Increase TCP client/server timeouts.
2) Increase ulimit globally per HAProxy process.
3) Increase maxconn globally per HAProxy process.

Change-Id: I28be29d5ab3dcb2a35fcbe9168300edf18b2c23c
Closes-Bug: #1477781

Allow custom configs with LBaaS

This fix takes care of haproxy parsing and
validation changes on vrouter agent. Removing
extra white spaces

Closes-Bug: #1475393
Change-Id: I822e27792f78168a178d555db5703fa1e73d0cc9

Allow custom configs with LBaaS

This fix enables a new field "custom-attr" in loadbalancer_pool
properties in the schema.

Change-Id: I17eecc2fedea4d1d3889b7e114e99732ac2eecc9
Closes-Bug: #1475393

Allow custom configs with LBaaS

This fix commits the vrouter agent code to read
the custom_attributes from ifmap node and copy it
to config.json file which the haproxy parser
would read. Added missing '}'. Incorporating the
comments

Closes-Bug: #1475393
Change-Id: I6f22f4f537c97c48b2283971b2959c9be5931361

Conflicts:
	src/vnsw/agent/oper/loadbalancer.cc
	src/vnsw/agent/oper/loadbalancer_config.cc
	src/vnsw/agent/oper/loadbalancer_config.h

Change-Id: Iea0aff5589a21e3c802e4e63633a1d74f22cdeaf

Conflicts:
	src/vnsw/agent/oper/loadbalancer.cc

WIP: Tenant SSL Cert Support

This fix adds tenant SSL support to existing custom attributes.
User can provide barbican container ref in custom attributes
and haproxy parser then downloads the container/secrets
and populates the certificate.
Also, the keystone auth credentials need to specified in a
separate auth file whose path should be provided in
contrail-vrouter-agent.conf file. Renaming to file as
keystone_auth_cfg_file

Change-Id: I2b85733820031033a05dfc27cbfa4fa3a3485611
Partial-Bug: #1499903

Conflicts:
	src/nodemgr/haproxy_stats.py
	src/vnsw/agent/oper/instance_manager.cc
	src/vnsw/agent/oper/netns_instance_adapter.cc
	src/vnsw/agent/oper/test/instance_manager_test.cc
	src/vnsw/opencontrail-vrouter-netns/opencontrail_vrouter_netns/vrouter_netns.py

Change-Id: I31535a590867263588d00e889db5e41eec711545
  • Loading branch information
rrugge authored and Varun Lodaya committed Oct 21, 2015
1 parent 1dd6a54 commit 888049f
Show file tree
Hide file tree
Showing 25 changed files with 1,045 additions and 437 deletions.
8 changes: 5 additions & 3 deletions src/ksync/ksync_object.cc
Expand Up @@ -29,7 +29,7 @@

KSyncObject::FwdRefTree KSyncObject::fwd_ref_tree_;
KSyncObject::BackRefTree KSyncObject::back_ref_tree_;
KSyncObjectManager *KSyncObjectManager::singleton_;
KSyncObjectManager *KSyncObjectManager::singleton_ = NULL;
std::auto_ptr<KSyncEntry> KSyncObjectManager::default_defer_entry_;
bool KSyncDebug::debug_;

Expand All @@ -46,7 +46,7 @@ KSyncObject::KSyncObject() : need_index_(false), index_table_(),
stale_entries_per_intvl_(0) {
}

KSyncObject::KSyncObject(int max_index) :
KSyncObject::KSyncObject(int max_index) :
need_index_(true), index_table_(max_index),
delete_scheduled_(false), stale_entry_tree_(),
stale_entry_cleanup_timer_(NULL),
Expand Down Expand Up @@ -1361,7 +1361,9 @@ KSyncObjectManager::~KSyncObjectManager() {
SandeshTraceBufferPtr KSyncTraceBuf(SandeshTraceBufferCreate("KSync", 1000));

KSyncObjectManager *KSyncObjectManager::Init() {
singleton_ = new KSyncObjectManager();
if (singleton_ == NULL) {
singleton_ = new KSyncObjectManager();
}
return singleton_;
}

Expand Down
2 changes: 1 addition & 1 deletion src/nodemgr/haproxy_stats.py
Expand Up @@ -33,7 +33,7 @@ def __init__(self):
pass

def get_stats(self, pool_id):
sock_path = LB_BASE_DIR + pool_id + ".haproxy.cfg.sock";
sock_path = LB_BASE_DIR + pool_id + ".haproxy.sock";
if not os.path.exists(sock_path):
sys.stderr.write('\nStats socket not found for pool ' + pool_id)
return {}
Expand Down
15 changes: 8 additions & 7 deletions src/vnsw/agent/init/agent_param.cc
Expand Up @@ -517,9 +517,10 @@ void AgentParam::ParseServiceInstance() {
"SERVICE-INSTANCE.netns_workers");
GetValueFromTree<int>(si_netns_timeout_,
"SERVICE-INSTANCE.netns_timeout");
GetValueFromTree<string>(si_haproxy_ssl_cert_path_,
"SERVICE-INSTANCE.haproxy_ssl_cert_path");

GetValueFromTree<string>(si_lb_ssl_cert_path_,
"SERVICE-INSTANCE.lb_ssl_cert_path");
GetValueFromTree<string>(si_lb_keystone_auth_conf_path_,
"SERVICE-INSTANCE.lb_keystone_auth_conf_path");
}

void AgentParam::ParseNexthopServer() {
Expand Down Expand Up @@ -688,8 +689,8 @@ void AgentParam::ParseServiceInstanceArguments
GetOptValue<string>(var_map, si_docker_command_, "SERVICE-INSTANCE.docker_command");
GetOptValue<int>(var_map, si_netns_workers_, "SERVICE-INSTANCE.netns_workers");
GetOptValue<int>(var_map, si_netns_timeout_, "SERVICE-INSTANCE.netns_timeout");
GetOptValue<string>(var_map, si_haproxy_ssl_cert_path_,
"SERVICE-INSTANCE.haproxy_ssl_cert_path");
GetOptValue<string>(var_map, si_lb_ssl_cert_path_,
"SERVICE-INSTANCE.lb_ssl_cert_path");

}

Expand Down Expand Up @@ -1019,7 +1020,7 @@ void AgentParam::LogConfig() const {
LOG(DEBUG, "Service instance docker cmd : " << si_docker_command_);
LOG(DEBUG, "Service instance workers : " << si_netns_workers_);
LOG(DEBUG, "Service instance timeout : " << si_netns_timeout_);
LOG(DEBUG, "Service instance HAProxy ssl: " << si_haproxy_ssl_cert_path_);
LOG(DEBUG, "Service instance lb ssl : " << si_lb_ssl_cert_path_);
if (hypervisor_mode_ == MODE_KVM) {
LOG(DEBUG, "Hypervisor mode : kvm");
return;
Expand Down Expand Up @@ -1106,7 +1107,7 @@ AgentParam::AgentParam(Agent *agent, bool enable_flow_options,
xmpp_auth_enable_(false), xmpp_server_cert_(""),
simulate_evpn_tor_(false), si_netns_command_(),
si_docker_command_(), si_netns_workers_(0),
si_netns_timeout_(0), si_haproxy_ssl_cert_path_(),
si_netns_timeout_(0), si_lb_ssl_cert_path_(),
vmware_mode_(ESXI_NEUTRON), nexthop_server_endpoint_(),
nexthop_server_add_pid_(0),
vrouter_on_nic_mode_(false),
Expand Down
10 changes: 7 additions & 3 deletions src/vnsw/agent/init/agent_param.h
Expand Up @@ -117,8 +117,11 @@ class AgentParam {
std::string si_docker_command() const {return si_docker_command_;}
const int si_netns_workers() const {return si_netns_workers_;}
const int si_netns_timeout() const {return si_netns_timeout_;}
std::string si_haproxy_ssl_cert_path() const {
return si_haproxy_ssl_cert_path_;
std::string si_lb_ssl_cert_path() const {
return si_lb_ssl_cert_path_;
}
std::string si_lb_keystone_auth_conf_path() const {
return si_lb_keystone_auth_conf_path_;
}

std::string nexthop_server_endpoint() const {
Expand Down Expand Up @@ -388,7 +391,8 @@ class AgentParam {
std::string si_docker_command_;
int si_netns_workers_;
int si_netns_timeout_;
std::string si_haproxy_ssl_cert_path_;
std::string si_lb_ssl_cert_path_;
std::string si_lb_keystone_auth_conf_path_;
VmwareMode vmware_mode_;
// List of IP addresses on the compute node.
AddressList compute_node_address_list_;
Expand Down
2 changes: 1 addition & 1 deletion src/vnsw/agent/oper/SConscript
Expand Up @@ -42,7 +42,7 @@ vnswoperdb = env.Library('vnswoperdb',
'inet_unicast_route.cc',
'interface.cc',
'loadbalancer.cc',
'loadbalancer_haproxy.cc',
'loadbalancer_config.cc',
'loadbalancer_properties.cc',
'logical_interface.cc',
'mirror_table.cc',
Expand Down
78 changes: 49 additions & 29 deletions src/vnsw/agent/oper/instance_manager.cc
Expand Up @@ -15,7 +15,7 @@
#include "io/event_manager.h"
#include "oper/instance_task.h"
#include "oper/loadbalancer.h"
#include "oper/loadbalancer_haproxy.h"
#include "oper/loadbalancer_config.h"
#include "oper/loadbalancer_properties.h"
#include "oper/operdb_init.h"
#include "oper/service_instance.h"
Expand Down Expand Up @@ -99,20 +99,37 @@ class InstanceManager::NamespaceStaleCleaner {

//If Loadbalncer, delete the config files as well
if (prop.service_type == ServiceInstance::LoadBalancer) {
std::stringstream pathgen;
std::stringstream conf_path, json_path, sock_path;

std::stringstream cfg_path;
cfg_path <<
manager_->loadbalancer_config_path_ << prop.pool_id
<< ".haproxy.cfg";
pathgen << manager_->loadbalancer_config_path_ << prop.pool_id;
conf_path << pathgen.str() << ".haproxy.conf";
json_path << pathgen.str() << ".conf.json";
sock_path << pathgen.str() << ".haproxy.sock";

boost::system::error_code error;
if (fs::exists(cfg_path.str())) {
fs::remove_all(cfg_path.str(), error);
if (fs::exists(conf_path.str())) {
fs::remove_all(conf_path.str(), error);
if (error) {
LOG(ERROR, "Stale loadbalancer conf fle delete error"
<< error.message());
}
}

cfg_path << ".sock";
if (fs::exists(cfg_path.str())) {
fs::remove_all(cfg_path.str(), error);
if (fs::exists(sock_path.str())) {
fs::remove_all(sock_path.str(), error);
if (error) {
LOG(ERROR, "Stale loadbalancer sock fle delete error"
<< error.message());
}
}

if (fs::exists(json_path.str())) {
fs::remove_all(json_path.str(), error);
if (error) {
LOG(ERROR, "Stale loadbalancer json file delete error"
<< error.message());
}
}
}
}
Expand All @@ -137,7 +154,7 @@ InstanceManager::InstanceManager(Agent *agent)
loadbalancer_config_path_(loadbalancer_config_path_default),
namespace_store_path_(namespace_store_path_default),
stale_timer_interval_(5 * 60 * 1000),
haproxy_(new LoadbalancerHaproxy(agent)),
lb_config_(new LoadbalancerConfig(agent)),
stale_timer_(TimerManager::CreateTimer(*(agent->event_manager()->io_service()),
"NameSpaceStaleTimer", TaskScheduler::GetInstance()->
GetTaskId("db::DBTable"), 0)), agent_(agent) {
Expand Down Expand Up @@ -621,7 +638,7 @@ void InstanceManager::StopStaleNetNS(ServiceInstance::Properties &props) {
cmd_str << " " << UuidToString(boost::uuids::nil_uuid());
if (props.service_type == ServiceInstance::LoadBalancer) {
cmd_str << " --cfg-file " << loadbalancer_config_path_default <<
props.pool_id << ".haproxy.cfg";
props.pool_id << ".conf.json";
cmd_str << " --pool-id " << props.pool_id;
}

Expand Down Expand Up @@ -714,7 +731,6 @@ void InstanceManager::LoadbalancerObserver(
std::stringstream pathgen;

pathgen << loadbalancer_config_path_ << loadbalancer->uuid();
pathgen << ".haproxy.cfg";

boost::system::error_code error;
if (!loadbalancer->IsDeleted() && loadbalancer->properties() != NULL) {
Expand All @@ -726,24 +742,28 @@ void InstanceManager::LoadbalancerObserver(
return;
}
}

haproxy_->GenerateConfig(pathgen.str(), loadbalancer->uuid(),
*loadbalancer->properties());
pathgen << ".conf.json";
lb_config_->GenerateConfig(pathgen.str(), loadbalancer->uuid(),
*loadbalancer->properties());
} else {
boost::filesystem::path file(pathgen.str());
if (boost::filesystem::exists(file, error)) {
boost::filesystem::remove_all(pathgen.str(), error);
if (error) {
LOG(ERROR, error.message());
return;
}
std::stringstream conf_path, json_path, sock_path;
conf_path << pathgen.str() << ".haproxy.conf";
json_path << pathgen.str() << ".conf.json";
sock_path << pathgen.str() << ".haproxy.sock";

boost::filesystem::path conf_file(conf_path.str());
if (boost::filesystem::exists(conf_file, error)) {
boost::filesystem::remove_all(conf_path.str(), error);
}

pathgen << ".sock";
boost::filesystem::remove_all(pathgen.str(), error);
if (error) {
LOG(ERROR, error.message());
return;
}
boost::filesystem::path sock_file(sock_path.str());
if (boost::filesystem::exists(sock_file, error)) {
boost::filesystem::remove_all(sock_path.str(), error);
}

boost::filesystem::path json_file(json_path.str());
if (boost::filesystem::exists(json_file, error)) {
boost::filesystem::remove_all(json_path.str(), error);
}
}
}
Expand Down
6 changes: 3 additions & 3 deletions src/vnsw/agent/oper/instance_manager.h
Expand Up @@ -13,7 +13,7 @@

class Agent;
class DB;
class LoadbalancerHaproxy;
class LoadbalancerConfig;
class InstanceState;
class InstanceTask;
class InstanceTaskQueue;
Expand Down Expand Up @@ -73,7 +73,7 @@ class InstanceManager {

InstanceState *GetState(ServiceInstance *) const;
bool StaleTimeout();
const LoadbalancerHaproxy &haproxy() const { return *(haproxy_.get()); }
const LoadbalancerConfig &lb_config() const { return *(lb_config_.get()); }
void SetStaleTimerInterval(int minutes);
int StaleTimerInterval() { return stale_timer_interval_;}
void SetNamespaceStorePath(std::string path);
Expand Down Expand Up @@ -151,7 +151,7 @@ class InstanceManager {
std::string loadbalancer_config_path_;
std::string namespace_store_path_;
int stale_timer_interval_;
std::auto_ptr<LoadbalancerHaproxy> haproxy_;
std::auto_ptr<LoadbalancerConfig> lb_config_;
Timer *stale_timer_;
std::auto_ptr<NamespaceStaleCleaner> stale_cleaner_;
Agent *agent_;
Expand Down
1 change: 1 addition & 0 deletions src/vnsw/agent/oper/loadbalancer.cc
Expand Up @@ -95,6 +95,7 @@ void Loadbalancer::CalculateProperties(DBGraph *graph, Properties *properties) {
autogen::LoadbalancerPool *pool =
static_cast<autogen::LoadbalancerPool *>(node_->GetObject());
properties->set_pool_properties(pool->properties());
properties->set_custom_attributes(pool->custom_attributes());

for (DBGraphVertex::adjacency_iterator iter = node_->begin(graph);
iter != node_->end(graph); ++iter) {
Expand Down

0 comments on commit 888049f

Please sign in to comment.