Commit Graph

37 Commits

Author SHA1 Message Date
William Lallemand
f8418d3ade ADMIN: acme.sh: remove the old acme.sh code
Remove the acme.sh script since it was merged in
https://github.com/acmesh-official/acme.sh/pull/4581

So people don't try to download a script which is not up to date with
the current acme.sh master.
2024-05-31 13:37:47 +02:00
Willy Tarreau
ab8928b9db BUILD: address a few remaining calloc(size, n) cases
In issue #2427 Ilya reports that gcc-14 rightfully complains about
sizeof() being placed in the left term of calloc(). There's no impact
but it's a bad pattern that gets copy-pasted over time. Let's fix the
few remaining occurrences (debug.c, halog, udp-perturb).

This can be backported to all branches, and the irrelevant parts dropped.
2024-02-10 11:37:27 +01:00
William Lallemand
37b31b2f4d MINOR: acme.sh: don't use '*' in the filename for wildcard domain
By default acme.sh uses the '*' character in the filename for wildcard.
That can be confusing within HAProxy since the * character in front of a
filename in the stat socket is used to specified an uncommitted
transaction.

This patch replace the '*' by a '_' in the filename.  This is only done
when using the default filename, the name can still be forced with an
asterisk.
2023-12-04 11:53:50 +01:00
William Lallemand
a75d7081f8 MINOR: acme.sh: use the master CLI for hot update
DEPLOY_HAPROXY_MASTER_CLI allows to use the HAProxy master CLI
instead of a stats socket for DEPLOY_HAPROXY_HOT_UPDATE="yes"

The syntax of the master CLI is slightly different, a prefix with
the process number need to be added before any command.

This patch uses ${_cmdpfx} in front of every socat commands which is
filled when the master CLI is used.
2023-11-30 16:16:29 +01:00
William Lallemand
e8b101fe17 BUG/MINOR: acme.sh: update the deploy script
https://github.com/acmesh-official/acme.sh/pull/4581 was updated, this
patch update the haproxy repository with the update.
the following changes were done:

- sanitize the PEM to remove the '\n' (truncated certicate chain)
- shellcheck fixes
- socat format is directly used in the DEPLOY_HAPROXY_STATS_SOCKET variable
2023-11-30 14:21:15 +01:00
William Lallemand
e826bc3dfa MEDIUM: systemd: be more verbose about the reload
When the `haproxy -c` check during the reload fails, no error is output
in the logs, this can be quite bothersome to understand what's going on.

This patch removes the -q option on the check so we can see the error
with `journalctl -u haproxy` or `systemctl status haproxy`

This will change the behavior when the check works, and will display
"Configuration file is valid"

Note that in some case this test could be completely removed, because
the master process loads the configuration itself and is able to keep
the previous workers running when the reload failed. This is interesting
to disable the test when there are a lot of certificates of files to
load, to divide the reload time by 2.

No need to backport.
2023-10-31 18:59:29 +01:00
William Lallemand
8c4d7eeff2 MINOR: acme.sh: add the deploy script for acme.sh in admin directory
Add the acme.sh deploy script for haproxy in the admin directory so
users can have an official download source.
2023-04-26 17:32:15 +02:00
Willy Tarreau
8be893d8bf BUILD: halog: fix missing double-quote at end of help line
This will tell me to change the line format after testing :-(
This was introduced with commit 286199c24 ("DOC: halog: explain how to
use -ac and -ad in the help message"), no backport is needed unless it's
backported as well.
2022-11-25 11:11:41 +01:00
Willy Tarreau
286199c24f DOC: halog: explain how to use -ac and -ad in the help message
Tim reported in issue #1435 that halog options -ac/-ad were poorly
documented. They're indeed used to spot infrastructure outages between
the clients and haproxy by detecting abnormal periods of silence followed
by bursts, either affecting the network itself, or also a single machine
(e.g. swapping on an edge client or proxy can cause such patterns).
2022-11-25 09:40:06 +01:00
Ilya Shipitsin
4a689dad03 CLEANUP: assorted typo fixes in the code and comments
This is 32nd iteration of typo fixes
2022-10-30 17:17:56 +01:00
Willy Tarreau
e0b3a8b5a2 BUILD: halog: fix some incorrect signs in printf formats for integers
In issue #1184, cppcheck found several issues in the printf formats
used to display integers, some of which are unsigned but which used to
still rely on "%d".
2022-04-12 08:40:38 +02:00
Willy Tarreau
e9f4d67b15 OPTIM: halog: skip fields 64 bits at a time when supported
Some architectures like x86_64 and aarch64 support efficient unaligned
64-bit reads. On such architectures, we already know that each string
passed to field_start() has some margin at the end because it's parsed
using fgets2() which looks for the trailing LF using the same method.
Thus let's skip spaces by packs of 8. This increases the parsing speed
by 35%.
2021-11-08 12:08:26 +01:00
Willy Tarreau
fc76bbc0f5 OPTIM: halog: improve field parser speed for modern compilers
Modern compilers were producing producing less efficient code in the
field_start() loop, by not emitting two conditional jumps for a single
test. However by reordering the test we can merge the optimal case and
the default one and get back to good performance so let's simplify the
test. This improves the parsing speed by 5%.
2021-11-08 12:08:26 +01:00
Willy Tarreau
fce4e69144 CLEANUP: halog: remove unused strl2ui()
strl2ui() isn't used anymore in the code, likely because str2ic() is
often used instead. Let's drop it.
2021-11-08 12:08:26 +01:00
Willy Tarreau
87e7eafde4 CLEANUP: halog: make the default usage message fit in small screens
The usage message was starting to have long lines, it's preferable that
it still fits well into a default 80-col display so that options are
easy to find. Also cut that into the 3 parts (input filter, modifier,
output format) for improved legibility.
2021-11-08 08:39:28 +01:00
Tim Duesterhus
785b84bb8f CLEANUP: halog: Remove dead stores
Found using clang's scan-build.
2021-11-05 07:48:38 +01:00
Tim Duesterhus
66255f7bbf MINOR: halog: Add support for extracting captures using -hdr
This patch adds support for extracting captured header fields to halog. A field
can be extracted by passing the `-hdr <block>:<field>` output filter.

Both `<block>` and `<field>` are 1-indexed.

`<block>` refers to the index of the brace-delimited list of headers. If both
request and response headers are captured, then request headers are referenced
by `<block> = 1`, response headers are `2`. If only one direction is captured,
there will only be a single block `1`.

`<field>` refers to a single field within the selected block.

The output will contain one line, possibly empty, per log line processed.
Passing a non-existent `<block>` or `<field>` will result in an empty line.

Example:

    capture request  header a len 50
    capture request  header b len 50
    capture request  header c len 50
    capture response header d len 50
    capture response header e len 50
    capture response header f len 50

`-srv 1:1` will extract request  header `a`
`-srv 1:2` will extract request  header `b`
`-srv 1:3` will extract request  header `c`
`-srv 2:3` will extract response header `f`

This resolves GitHub issue #1146.
2021-10-28 19:44:18 +02:00
Tim Duesterhus
a02c7b882f BUG/MINOR: halog: Add missing newlines in die() messages
This newline is required to correctly print the usage.
2021-10-28 18:50:51 +02:00
Tim Duesterhus
e0992584b9 CLEANUP: halog: Use consistent indentation in help()
Consistently use 1 Tab per line.
2021-10-28 18:50:34 +02:00
Tim Duesterhus
385338b30b MINOR: halog: Rename -qry to -query
With the query flag moved into the correct help section, there is enough space
for two additional characters.
2021-10-28 18:50:07 +02:00
Tim Duesterhus
a0635f8d10 DOC: halog: Move the -qry parameter into the correct section in help text
This is not an output filter, but instead a modifier. Specifically "only one
may be used at a time" is not true.

see 24b8d693b2
2021-10-28 18:49:51 +02:00
Tim Duesterhus
24b8d693b2 MINOR: halog: Add -qry parameter allowing to preserve the query string in -uX
Our use-case for this is a dynamic application that performs routing based on
the query string. Without this option all URLs will just point to the central
entrypoint of this location, making the output completely useless.
2021-10-28 09:45:44 +02:00
Willy Tarreau
80d3daad50 BUILD: halog: fix a -Wundef warning on non-glibc systems
Dmitry reported this warning on FreeBSD since the introduction of -Wundef:

  admin/halog/fgets2.c:38:30: warning: '__GLIBC__' is not defined, evaluates to 0 [-Wundef]
  #if defined(__x86_64__) &&  (__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 15))
                               ^
A defined() was missing.
2021-09-13 09:32:01 +02:00
Tim Duesterhus
d5fc8fcb86 CLEANUP: Add haproxy/xxhash.h to avoid modifying import/xxhash.h
This solves setting XXH_INLINE_ALL in a cleaner way, because the imported
header is not modified, easing future updates.

see 6f7cc11e6d
2021-09-11 19:58:45 +02:00
William Lallemand
fff1e583aa MINOR: systemd: remove the ExecStartPre line in the unit file
The ExecStartPre line was introduced a long time ago in the systemd unit
file, at the time of systemd wrapper. With the haproxy master worker
mode, this line is now useless, since starting haproxy itself will check
the configuration.

However this does not concern the check in the ExecReload which is still
needed to return a reload status to HAProxy.

It probably shouldn't be backported.
2021-08-20 23:36:45 +02:00
William Lallemand
6f58c13797 BUG/MINOR: systemd: ExecStartPre must use -Ws
This line should disappear in a future version but we should still fix
ExecStartPre with -Ws like we've done in 9def142.

It's a complementary fix that must be backported with 9def142
("BUG/MINOR: systemd: must check the configuration using -Ws").
2021-08-20 23:29:53 +02:00
Willy Tarreau
6807c7f6e1 ADMIN: dyncookie: implement a simple dynamic cookie calculator
This utility can be useful to figure what cookie value a server will
have based on the secret, its IP and its port.
2021-08-11 14:07:45 +02:00
William Lallemand
9def1425ce BUG/MINOR: systemd: must check the configuration using -Ws
When doing a reload with a configuration which requires the
master-worker mode, the configuration check will fail because the check
is not done with -W/-Ws.

Example:
	wla@kikyo:~/haproxy$ ./haproxy -Ws -c -f haproxy.cfg
	Configuration file is valid
	wla@kikyo:~/haproxy$ ./haproxy -c -f haproxy.cfg
	[NOTICE]   (13153) : haproxy version is 2.5-dev2-4567b3-16
	[NOTICE]   (13153) : path to executable is ./haproxy
	[ALERT]    (13153) : config : Can't use a 'program' section without master worker mode.
	[ALERT]    (13153) : config : Fatal errors found in configuration.

This patch fixes the issue by adding -Ws on the check command line.

Must be backported in all stable branches. (The file was previously in
contrib/systemd/haproxy.service.in).
2021-07-26 11:03:54 +02:00
Willy Tarreau
b63dbb7b2e MAJOR: config: remove parsing of the global "nbproc" directive
This one was deprecated in 2.3 and marked for removal in 2.5. It suffers
too many limitations compared to threads, and prevents some improvements
from being engaged. Instead of a bypassable startup error, there is now
a hard error.

The parsing code was removed, and very few obvious cases were as well.
The code is deeply rooted at certain places (e.g. "for" loops iterating
from 0 to nbproc) so it will not be that trivial to remove everywhere.
The "bind" and "bind-process" parsers will have to be adjusted, though
maybe not completely changed if we later want to support thread groups
for large NUMA machines. Some stats socket restrictions were removed,
and the doc was updated according to what was done. A few places in the
doc still refer to nbproc and will have to be revisited. The master-worker
code also refers to the process number to distinguish between master and
workers and will have to be carefully adjusted. The MAX_PROCS macro was
reset to 1, this will at least reduce the size of some remaining arrays.

Two regtests were dependieng on this directive, one with an explicit
"nbproc 1" and another one testing the master's CLI using nbproc 4.
Both were adapted.
2021-06-11 17:02:13 +02:00
Willy Tarreau
eb778248d9 MEDIUM: proxy: remove the deprecated "grace" keyword
Commit ab0a5192a ("MEDIUM: config: mark "grace" as deprecated") marked
the "grace" keyword as deprecated in 2.3, tentative removal for 2.4
with a hard deadline in 2.5, so let's remove it and return an error now.
This old and outdated feature was incompatible with soft-stop, reload
and socket transfers, and keeping it forced ugly hacks in the lower
layers of the protocol stack.
2021-06-11 16:57:34 +02:00
Willy Tarreau
714f34580e DOC: fix a few remainig cases of "Haproxy" and "HAproxy" in doc and comments
Some of the Lua doc and a few places still used "Haproxy" or "HAproxy".
There was even one "HA proxy". A few of them were in an example of VTest
output, indicating that VTest ought to be fixed as well. No big deal but
better address all the remaining ones so that these inconsistencies stop
spreading around.
2021-05-09 06:50:46 +02:00
Willy Tarreau
6613a3df8c ADMIN: netsnmp: report "HAProxy" and not "Haproxy" in output descriptions
In the SNMP fields descriptions, "Haproxy" was mentioned, let's make it
consistent with the rest.
2021-05-09 06:41:37 +02:00
Willy Tarreau
fa1258f02c MINOR: freq_ctr: unify freq_ctr and freq_ctr_period into freq_ctr
Both structures are identical except the name of the field starting
the period and its description. Let's call them all freq_ctr and the
period's start "curr_tick" which is generic.

This is only a temporary change and fields are expected to remain
the same with no code change (verified).
2021-04-11 11:11:27 +02:00
Willy Tarreau
a9f16c6495 BUILD: makefile: build halog with the correct flags
halog currently emits lots of warnings because it does not benefit from
the default flags. Let's update the main makefile to build it by itself
and remove the other one. The sub-project's makefile was replaced with
A readme indicating how to build it.
2021-04-02 17:48:42 +02:00
Willy Tarreau
c4710e14fe ADMIN: halog: automatically enable USE_MEMCHR on the right glibc version
There has been a USE_MEMCHR option for ages that was mostly never enabled
because it was unclear when glibc became faster. A quick look at the code
indicates that this arrived with the SSE implementation of memchr() which
arrived at commit 093ecf92998de2 between 2.14 and 2.15, so let's automatically
turn this on on x86_64 with glibc >= 2.15.

This results in ~6GB of logs read per second (20 million lines) and ~2.5GB/s
(8 million lines) parsed for errors or status codes classification, or 1 GB/s
(3 million lines) for time percentiles.
2021-04-02 17:48:42 +02:00
Willy Tarreau
d798889a5d CONTRIB: move halog to admin/
halog is an admin tool, so let's move it to admin/ as well. The makefile
was updated to build from the new directory.
2021-04-02 17:48:42 +02:00
Willy Tarreau
233e868895 CONTRIB: move some admin-related sub-projects to admin/
The following components were moved to admin/ because they're generally
used in field by admins:

  iprange/  netsnmp-perl/  selinux/  systemd/  wireshark-dissectors/
  syntax-highlight/ release-estimator/
2021-04-02 17:48:42 +02:00