From 3881e1775d47e60e391cb238b28c58209f183003 Mon Sep 17 00:00:00 2001 From: Amaury Denoyelle Date: Wed, 9 Mar 2022 16:43:34 +0100 Subject: [PATCH] REGTESTS: server: test SSL/PROXY with checks for dynamic servers Complete the dynamic servers regtest to ensure there is no implicit interaction for checks and SSL/PROXY server settings. --- reg-tests/server/cli_add_check_server.vtc | 41 ++++++++++++++++++++ reg-tests/server/cli_add_ssl_server.vtc | 47 +++++++++++++++++++++++ 2 files changed, 88 insertions(+) diff --git a/reg-tests/server/cli_add_check_server.vtc b/reg-tests/server/cli_add_check_server.vtc index 31d4d61cec..9f48c0d65f 100644 --- a/reg-tests/server/cli_add_check_server.vtc +++ b/reg-tests/server/cli_add_check_server.vtc @@ -48,6 +48,18 @@ syslog S1 -level notice { barrier b1 sync barrier b2 sync + + recv + expect ~ ".*Server be1/s4 is UP/READY \\(leaving forced maintenance\\)." + recv + expect ~ "Health check for server be1/s4 failed" + + barrier b1 sync + + recv + expect ~ ".*Server be1/s5 is UP/READY \\(leaving forced maintenance\\)." + recv + expect ~ "Health check for server be1/s5 succeeded." } -start haproxy h1 -conf { @@ -58,6 +70,11 @@ haproxy h1 -conf { option log-health-checks option httpchk GET / log ${S1_addr}:${S1_port} daemon + + frontend fe-proxy + mode http + bind "fd@${hapsrv}" accept-proxy + http-request return status 200 } -start # check on a functional server @@ -117,4 +134,28 @@ haproxy h1 -cli { expect ~ "Server deleted." } +# check PROXY protocol interaction with checks +haproxy h1 -cli { + # no explicit check-send-proxy + # The health check should failed. + send "add server be1/s4 ${h1_hapsrv_addr}:${h1_hapsrv_port} send-proxy check rise 1 fall 1" + expect ~ "New server registered." + + send "enable server be1/s4" + expect ~ ".*" + send "enable health be1/s4" + expect ~ ".*" + + barrier b1 sync + + # explicit check-send-proxy : health check should succeeded + send "add server be1/s5 ${h1_hapsrv_addr}:${h1_hapsrv_port} send-proxy check rise 1 fall 1 check-send-proxy" + expect ~ "New server registered." + + send "enable server be1/s5" + expect ~ ".*" + send "enable health be1/s5" + expect ~ ".*" +} + syslog S1 -wait diff --git a/reg-tests/server/cli_add_ssl_server.vtc b/reg-tests/server/cli_add_ssl_server.vtc index 242d059534..843958df31 100644 --- a/reg-tests/server/cli_add_ssl_server.vtc +++ b/reg-tests/server/cli_add_ssl_server.vtc @@ -5,6 +5,24 @@ feature cmd "$HAPROXY_PROGRAM -cc 'feature(OPENSSL)'" feature cmd "command -v socat" feature ignore_unknown_macro +barrier b1 cond 2 -cyclic + +syslog S1 -level notice { + recv + expect ~ ".*Server li-ssl/s1 is UP/READY \\(leaving forced maintenance\\)." + recv + expect ~ ".*Server li-ssl/s2 is UP/READY \\(leaving forced maintenance\\)." + recv + expect ~ "Health check for server li-ssl/s2 failed" + + barrier b1 sync + + recv + expect ~ ".*Server li-ssl/s3 is UP/READY \\(leaving forced maintenance\\)." + recv + expect ~ "Health check for server li-ssl/s3 succeeded." +} -start + haproxy h1 -conf { global stats socket "${tmpdir}/h1/stats" level admin @@ -14,11 +32,14 @@ haproxy h1 -conf { timeout connect "${HAPROXY_TEST_TIMEOUT-5s}" timeout client "${HAPROXY_TEST_TIMEOUT-5s}" timeout server "${HAPROXY_TEST_TIMEOUT-5s}" + option log-health-checks + option httpchk GET / # proxy to attach a ssl server listen li-ssl bind "fd@${feSsl}" balance random + log ${S1_addr}:${S1_port} daemon # frontend used to respond to ssl connection frontend fe-ssl-term @@ -61,3 +82,29 @@ client c2 -connect ${h1_feSsl_sock} { rxresp expect resp.status == 200 } -run + +# test interaction between SSL and checks for dynamic servers +haproxy h1 -cli { + # no explicit check-ssl + # The health check should failed. + send "add server li-ssl/s2 ${h1_feSslTerm_addr}:${h1_feSslTerm_port} ssl verify none check" + expect ~ "New server registered." + + send "enable server li-ssl/s2" + expect ~ ".*" + send "enable health li-ssl/s2" + expect ~ ".*" + + barrier b1 sync + + # explicit check-ssl : health check should succeeded + send "add server li-ssl/s3 ${h1_feSslTerm_addr}:${h1_feSslTerm_port} ssl verify none check check-ssl" + expect ~ "New server registered." + + send "enable server li-ssl/s3" + expect ~ ".*" + send "enable health li-ssl/s3" + expect ~ ".*" +} + +syslog S1 -wait