Commit Graph

11837 Commits

Author SHA1 Message Date
Christopher Faulet
9c2cb2deee BUG/MINOR: checks: Set the output buffer length before calling parse_binary()
A bug was introduced in the commit 2edcd4cbd ("BUG/MINOR: checks: Avoid
incompatible cast when a binary string is parsed"). The length of the
destination buffer must be set before call the parse_binary() function.

No backport needed.
2020-04-28 16:43:39 +02:00
Damien Claisse
57c8eb939d MINOR: log: Add "Tu" timer
It can be sometimes useful to measure total time of a request as seen
from an end user, including TCP/TLS negotiation, server response time
and transfer time. "Tt" currently provides something close to that, but
it also takes client idle time into account, which is problematic for
keep-alive requests as idle time can be very long. "Ta" is also not
sufficient as it hides TCP/TLS negotiationtime. To improve that, introduce
a "Tu" timer, without idle time and everything else. It roughly estimates
time spent time spent from user point of view (without DNS resolution
time), assuming network latency is the same in both directions.
2020-04-28 16:30:13 +02:00
Christopher Faulet
528f4811d6 BUG/MINOR: checks: Don't lose warning on proxy capability
When a tcp-check line is parsed, a warning may be reported if the keyword is
used for a frontend. The return value must be used to report it. But this info
is lost before the end of the function.

Partly fixes issue #600. No backport needed.
2020-04-28 10:47:30 +02:00
Christopher Faulet
cd8eb85dfc BUG/MINOR: checks: Remove bad call to free() when an expect rule is parsed
When an error is found during the parsing of an expect rule (tcp or http),
everything is released at the same place, at the end of the function.

Partly fixes issue #600. No backport needed.
2020-04-28 10:42:45 +02:00
Christopher Faulet
2edcd4cbde BUG/MINOR: checks: Avoid incompatible cast when a binary string is parsed
parse_binary() function must be called with a pointer on an integer. So don't
pass a pointer on a size_t element, casting it to a pointer on a integer.

Partly fixes issue #600. No backport needed.
2020-04-28 10:39:52 +02:00
Christopher Faulet
931ae5b103 MINOR: checks: Make the use of the check's server more explicit on connect
The variable s, pointing on the check server, may be null when a connection is
openned. It happens for email alerts. To avoid ambiguities, its use is now more
explicit. Comments have been added at some places and tests on the variable have
been added elsewhere (useless but explicit).

Partly fixes issue #600.
2020-04-28 10:31:54 +02:00
Christopher Faulet
ef3e69d4c4 CLEANUP: checks: Remove unused code when ldap server message is parsed
In tcpcheck_ldap_expect_bindrsp(), wait_more_data label cannot be reached.

Partly fixes issue #600.
2020-04-28 10:29:14 +02:00
Christopher Faulet
733dd73443 BUG/MINOR: checks: Properly handle truncated mysql server messages
If a message is not fully received from a mysql server, depending on last_read
value, an error must be reported or we must wait for more data. The first if
statement must not check last_read.

Partly fixes issue #600. No backport needed.
2020-04-28 10:24:27 +02:00
Christopher Faulet
587c414071 BUG/MINOR: checks: Remove wrong variable redeclaration
When mysql-check option is parsed, the user variable is redeclared without any
reason. thus the redeclared variable is removed.

No backport needed.
2020-04-28 09:46:23 +02:00
Christopher Faulet
907701bcda MINOR: checks: Use ver keyword to specify the HTTP version for http checks
'ver' keyword is already used by sample fetches while 'vsn' is not used anywhere
else. So better to use 'ver' too for http-check send rules.
2020-04-28 09:37:01 +02:00
Christopher Faulet
8bf8fda49b MINOR: checks: Support HTTP/2 version (without '.0') for http-check send rules
The version is partially parsed to set the flag HTX_SL_F_VER_11 on the HTX
message. But exactly 8 chars is expected. So if "HTTP/2" is specified, the flag
is not set. Thus, the version parsing has been updated to handle "HTTP/2" and
"HTTP/2.0" the same way.
2020-04-28 09:24:49 +02:00
Ilya Shipitsin
e50b7dc2e0 CI: cirrus-ci: remove reg-tests/checks/tcp-check-ssl.vtc on CentOS 6
reg-tests/checks/tcp-check-ssl.vtc requires ALPN which is not
available on CentOS 6
2020-04-28 09:08:10 +02:00
Christopher Faulet
b841c74aad BUG/MINOR: checks: Fix PostgreSQL regex on the authentication packet
For PostgreSQL health check, there is a regex on the backend authentication
packet. It must match to succeed. But it exists 6 types of authentication
packets and the regex only matches the first one (AuthenticationOK). This patch
fixes the regex to match all authentication packets.

No backport needed.
2020-04-27 18:29:51 +02:00
Christopher Faulet
b693a0de37 BUG/MEDIUM: checks: Destroy the conn-stream before the session
At the end of a tcp-check based health check, if there is still a connection
attached to the check, it must be closed. But it must be done before releasing
the session, because the session may still be referenced by the mux. For
instance, an h2 stream may still have a reference on the session.

No need to backport.
2020-04-27 15:59:26 +02:00
Christopher Faulet
bfb0f72d52 BUG/MEDIUM: sessions: Always pass the mux context as argument to destroy a mux
This bug was introduced by the commit 2444aa5b ("MEDIUM: sessions: Don't be
responsible for connections anymore."). In session_check_idle_conn(), when the
mux is destroyed, its context must be passed as argument instead of the
connection.

It is de 2.2-dev bug. No need to backport.
2020-04-27 15:53:43 +02:00
Christopher Faulet
4a8c026117 BUG/MINOR: checks/server: use_ssl member must be signed 2020-04-27 12:13:06 +02:00
Christopher Faulet
f73f5cc11f BUG/MINOR: checks: Only use ssl_sock_is_ssl() if compiled with SSL support
ssl_sock_is_ssl() only exists if HAProxy is complied with SSL support.

No backport needed.
2020-04-27 12:06:56 +02:00
Christopher Faulet
06150e4c73 BUG/MEDIUM: checks: unsubscribe for events on the old conn-stream on connect
When a new connection is established, if an old connection is still attached to
the current check, it must be detroyed. When it happens, the old conn-stream
must be used to unsubscribe for events, not the new one.

No backport is needed.
2020-04-27 11:22:57 +02:00
Christopher Faulet
b3b53524ad BUG/MINOR: server: Fix server_finalize_init() to avoid unused variable
The variable 'ret' must only be declared When HAProxy is compiled with the SSL
support (more precisely SSL_CTRL_SET_TLSEXT_HOSTNAME must be defined).

No backport needed.
2020-04-27 11:17:12 +02:00
Christopher Faulet
f97f846413 REGTEST: Add a script to validate agent checks 2020-04-27 10:46:28 +02:00
Christopher Faulet
0b9376ae8d BUG/MEDIUM: checks: Unsubscribe to mux events when a conn-stream is destroyed
Since the tcp-check based heath checks uses the best multuplexer for a
connection, the mux-pt is no longer the only possible choice. So events
subscriptions and unsubscriptions must be done with the mux.

No backport needed.
2020-04-27 10:46:28 +02:00
Christopher Faulet
8021a5f4a5 MINOR: checks: Support list of status codes on http-check expect rules
It is now possible to match on a comma-separated list of status codes or range
of codes. In addtion, instead of a string comparison to match the response's
status code, a integer comparison is performed. Here is an example:

  http-check expect status 200,201,300-310
2020-04-27 10:46:28 +02:00
Christopher Faulet
bb86a0f7be BUG/MINOR: mux-fcgi: Be sure to have a connection as session's origin to use it
When default parameters are set in a request message, we get the client
connection using the session's origin. But it is not necessarily a
conncection. For instance, for health checks, thanks to recent changes, it may
be a check object. At this step, the client connection may be NULL. Thus, we
must be sure to have a client connection before using it.

This patch must be backported to 2.1.
2020-04-27 10:46:28 +02:00
Christopher Faulet
edc6ed9778 MINOR: checks: Support mux protocol definition for tcp and http health checks
It is now possible to force the mux protocol for a tcp-check based health check
using the server keyword "check-proto". If set, this parameter overwrites the
server one.

In the same way, a "proto" parameter has been added for tcp-check and http-check
connect rules. If set, this mux protocol overwrites all others for the current
connection.
2020-04-27 10:46:28 +02:00
Christopher Faulet
12882cfaf8 BUG/MEDIUM: checks: Use the mux protocol specified on the server line
First, when a server health check is initialized, it inherits the mux protocol
from the server if it is not already specified. Because there is no option to
specify the mux protocol for the checks, it is always inherited from the server
for now.

Then, if the connect rule is configured to use the server options, the mux
protocol of the check is used, if defined. Of course, if a mux protocol is
already defined for the connect rule, it is used in priority. But for now, it is
not possible.

Thus, if a server is configured to use, for instance, the h2 protocol, it is
possible to do the same for the health-checks.

No backport needed.
2020-04-27 10:46:28 +02:00
Christopher Faulet
c52ea4d9cd DOC: Fix the tcp-check and http-check directives layout 2020-04-27 10:46:28 +02:00
Christopher Faulet
4f5c2e2e0f DOC: Add documentation about comments for tcp-check and http-check directives
The documentation about the comment argument for some tcp-check and http-check
directives was missing. As well as the description of "tcp-check comment" and
"http-check comment" directives.
2020-04-27 10:46:28 +02:00
Christopher Faulet
88d939c831 Revert "MEDIUM: checks: capture groups in expect regexes"
This reverts commit 1979943c30ef285ed04f07ecf829514de971d9b2.

Captures in comment was only used when a tcp-check expect based on a negative
regex matching failed to eventually report what was captured while it was not
expected. It is a bit far-fetched to be useable IMHO. on-error and on-success
log-format strings are far more usable. For now there is few check sample
fetches (in fact only one...). But it could be really powerful to report info in
logs.
2020-04-27 10:46:28 +02:00
Christopher Faulet
aec7f76af8 REGTEST: Add scripts to test based tcp-check health-checks
These scripts have been added to validate the health-checks based on tcp-check
rules (http, redis, MySQL...).
2020-04-27 10:46:28 +02:00
Christopher Faulet
6d47121ddc BUG/MINOR: checks: Send the right amount of outgoing data for HTTP checks
HTTP health-checks now use HTX multiplexers. So it is important to really send
the amount of outgoing data for such checks because the HTX buffers appears
always full.

No backport needed.
2020-04-27 10:46:28 +02:00
Christopher Faulet
d7cee71e77 MINOR: checks: Use a tree instead of a list to store tcp-check rulesets
Since all tcp-check rulesets are globally stored, it is a problem to use
list. For configuration with many backends, the lookups in list may be costly
and slow downs HAProxy startup. To solve this problem, tcp-check rulesets are
now stored in a tree.
2020-04-27 10:46:28 +02:00
Christopher Faulet
815516d6fd BUG/MEDIUM: checks: Be sure to subscribe for sends if outgoing data remains
When some data are scheduled to be sent, we must be sure to subscribe for sends
if nothing was sent. Because of a bug, when nothing was sent, connection errors
are checks. If no error is found, we exit, waiting for more data, without any
subcription on send events.

No need to backport.
2020-04-27 10:46:28 +02:00
Christopher Faulet
b61caf4061 MINOR: checks: Use ist API as far as possible
Instead of accessing directly to the ist fields, the ist API is used instead. To
get its length or its pointer, to release it or to duplicate it. It is more
readable this way.
2020-04-27 10:46:28 +02:00
Christopher Faulet
0417975bdc MINOR: ist: Add a function to retrieve the ist pointer
There is already the istlen() function to get the ist length. Now, it is
possible to call istptr() to get the ist pointer.
2020-04-27 10:46:28 +02:00
Christopher Faulet
a67ed43b71 REGTEST: Fix reg-tests about health-checks to adapt them to recent changes 2020-04-27 10:46:28 +02:00
Christopher Faulet
61cc852230 CLEANUP: checks: Reorg checks.c file to be more readable
The patch is not obvious at the first glance. But it is just a reorg. Functions
have been grouped and ordered in a more logical way. Some structures and flags
are now private to the checks module (so moved from the .h to the .c file).
2020-04-27 10:46:28 +02:00
Christopher Faulet
a32a2504b1 MINOR: checks: Remove unused code about pure TCP checks
Thanks to previous change, it is now possible to removed all code handling pure
tcp checks. Now every connection based health-checks are handled by the
tcpcheck_main() function. __event_srv_chk_w() and __event_srv_chk_r() have been
removed. And all connection establishment is handled at one place.
2020-04-27 10:46:28 +02:00
Christopher Faulet
d7e639661a MEDIUM: checks: Implement default TCP check using tcp-check rules
Defaut health-checks, without any option, doing only a connection check, are now
based on tcp-checks. An implicit default tcp-check connect rule is used. A
shared tcp-check ruleset, name "*tcp-check" is created to support these checks.
2020-04-27 10:46:28 +02:00
Christopher Faulet
14cd316a1f MAJOR: checks: Use the best mux depending on the protocol for health checks
When a tcp-check connect rule is evaluated, the mux protocol corresponding to
the health-check is chosen. So for TCP based health-checks, the mux-pt is
used. For HTTP based health-checks, the mux-h1 is used. The connection is marked
as private to be sure to not ruse regular HTTP connection for
health-checks. Connections reuse will be evaluated later.

The functions evaluating HTTP send rules and expect rules have been updated to
be HTX compliant. The main change for users is that HTTP health-checks are now
stricter on the HTTP message format. While before, the HTTP formatting and
parsing were minimalist, now messages should be well formatted.
2020-04-27 10:41:07 +02:00
Christopher Faulet
a9e1c4c7c2 MINOR: connection: Add a function to install a mux for a health-check
This function is unused for now. But it will have be used to install a mux for
an outgoing connection openned in a health-check context. In this case, the
session's origin is the check itself, and it is used to know the mode, HTTP or
TCP, depending on the tcp-check type and not the proxy mode. The check is also
used to get the mux protocol if configured.
2020-04-27 09:39:38 +02:00
Christopher Faulet
b356714769 MINOR: checks: Add a mux proto to health-check and tcp-check connect rule
It is not set and not used for now, but it will be possible to force the mux
protocol thanks to this patch. A mux proto field is added to the checks and to
tcp-check connect rules.
2020-04-27 09:39:38 +02:00
Christopher Faulet
0fca7edeb5 MINOR: checks: Use the check as origin when a session is created
Before, the server was used as origin during session creation. It was only used
to get the check associated to the server when a variable is get or set in the
check scope or when a check sample fetch was called. So it seems easier to use
the check as origin of a session. It is also more logical becaues the session is
created by the health-check itself and not its server.
2020-04-27 09:39:38 +02:00
Christopher Faulet
a142c1deb4 BUG/MINOR: obj_type: Handle stream object in obj_base_ptr() function
The stream object (OBJ_TYPE_STREAM) was missing in the switch statement of the
obj_base_ptr() function.

This patch must be backported as far as 2.0.
2020-04-27 09:39:38 +02:00
Christopher Faulet
3829046893 MINOR: checks/obj_type: Add a new object type for checks
An object type is now affected to the check structure.
2020-04-27 09:39:38 +02:00
Christopher Faulet
f9585d8dc7 MEDIUM: checks: Refactor how data are received in tcpcheck_main()
A dedicated function is now used to received data. fundamentally, it should do
the same operations than before. But the way data are received has been reworked
to be closer to the si_cs_recv() function.
2020-04-27 09:39:38 +02:00
Christopher Faulet
e60abd1a06 MINOR: connection: Add macros to know if a conn or a cs uses an HTX mux
IS_HTX_CONN() and IS_HTX_CS may now be used to know if a connection or a
conn-stream use an HTX based multiplexer.
2020-04-27 09:39:38 +02:00
Christopher Faulet
370e0f1de5 MINOR: checks: Make resume conditions more explicit in tcpcheck_main()
First tests before executing the loop on tcp-check rules in tcpcheck_main()
function have been slightly modified to be more explicit and easier to
understand.
2020-04-27 09:39:38 +02:00
Christopher Faulet
e5870d872b MAJOR: checks: Implement HTTP check using tcp-check rules
HTTP health-checks are now internally based on tcp-checks. Of course all the
configuration parsing of the "http-check" keyword and the httpchk option has
been rewritten. But the main changes is that now, as for tcp-check ruleset, it
is possible to perform several send/expect sequences into the same
health-checks. Thus the connect rule is now also available from HTTP checks, jst
like set-var, unset-var and comment rules.

Because the request defined by the "option httpchk" line is used for the first
request only, it is now possible to set the method, the uri and the version on a
"http-check send" line.
2020-04-27 09:39:38 +02:00
Christopher Faulet
95226db8e4 MINOR: checks: Add a reverse non-comment rule iterator to get last rule
the get_last_tcpcheck_rule() function iters on a rule list in the reverse order
and returns the first non comment and non action-kw rule. If no such rule is
found, NULL is returned.
2020-04-27 09:39:38 +02:00
Christopher Faulet
5eb96cbcbc MINOR: standard: Add my_memspn and my_memcspn
Do the same than strsnp() and strcspn() but on a raw bytes buffer.
2020-04-27 09:39:38 +02:00