mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2025-01-15 10:11:03 +00:00
9f903af510
For about 20 years we've been emitting cryptic messages on warnings and alerts, that nobody knows how to parse: [NOTICE] 126/080118 (3115) : haproxy version is 2.4-dev18-0b7c78-49 [NOTICE] 126/080118 (3115) : path to executable is ./haproxy [WARNING] 126/080119 (3115) : Server default/srv1 is DOWN via static/srv1. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue. [ALERT] 126/080119 (3115) : backend 'default' has no server available! Hint: the first 3-digit number is the day of year, and the 6 digits after it represent the time of day in format HHMMSS, then the pid in parenthesis. These are not quite user-friendly and such cryptic into are not useful at all. This patch slightly adjusts the output by performing these minimal changes: - removing the date/time, as they were added very early when haproxy was meant to be used in foreground as a debugging tool, and they're provided in more details in logs nowadays ; - better aligning the fields by padding the severity tag to 10 chars. The diag output was renamed to "DIAG" only. Now the output provides this: [NOTICE] (4563) : haproxy version is 2.4-dev18-75a428-51 [NOTICE] (4563) : path to executable is ./haproxy [WARNING] (4563) : Server default/srv1 is DOWN via static/srv1. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue. [ALERT] (4563) : backend 'default' has no server available! The useless space before the colon was kept so as not to confuse any possible output parser. The few entries in the doc referring to this format were adjusted to reflect the new one. The change was tagged "MEDIUM" as it may have visible consequences on home-grown monitoring tools, though it is extremely unlikely due to the limited extent of these changes.
967 lines
39 KiB
Plaintext
967 lines
39 KiB
Plaintext
Lua: Architecture and first steps
|
||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||
version 2.3
|
||
|
||
author: Thierry FOURNIER
|
||
contact: tfournier at arpalert dot org
|
||
|
||
|
||
|
||
HAProxy is a powerful load balancer. It embeds many options and many
|
||
configuration styles in order to give a solution to many load balancing
|
||
problems. However, HAProxy is not universal and some special or specific
|
||
problems do not have solution with the native software.
|
||
|
||
This text is not a full explanation of the Lua syntax.
|
||
|
||
This text is not a replacement of the HAProxy Lua API documentation. The API
|
||
documentation can be found at the project root, in the documentation directory.
|
||
The goal of this text is to discover how Lua is implemented in HAProxy and using
|
||
it efficiently.
|
||
|
||
However, this can be read by Lua beginners. Some examples are detailed.
|
||
|
||
Why a scripting language in HAProxy
|
||
===================================
|
||
|
||
HAProxy 1.5 makes at possible to do many things using samples, but some people
|
||
want to more combining results of samples fetches, programming conditions and
|
||
loops which is not possible. Sometimes people implement these functionalities
|
||
in patches which have no meaning outside their network. These people must
|
||
maintain these patches, or worse we must integrate them in the HAProxy
|
||
mainstream.
|
||
|
||
Their need is to have an embedded programming language in order to no longer
|
||
modify the HAProxy source code, but to write their own control code. Lua is
|
||
encountered very often in the software industry, and in some open source
|
||
projects. It is easy to understand, efficient, light without external
|
||
dependencies, and leaves the resource control to the implementation. Its design
|
||
is close to the HAProxy philosophy which uses components for what they do
|
||
perfectly.
|
||
|
||
The HAProxy control block allows one to take a decision based on the comparison
|
||
between samples and patterns. The samples are extracted using fetch functions
|
||
easily extensible, and are used by actions which are also extensible. It seems
|
||
natural to allow Lua to give samples, modify them, and to be an action target.
|
||
So, Lua uses the same entities as the configuration language. This is the most
|
||
natural and reliable way for the Lua integration. So, the Lua engine allows one
|
||
to add new sample fetch functions, new converter functions and new actions.
|
||
These new entities can access the existing samples fetches and converters
|
||
allowing to extend them without rewriting them.
|
||
|
||
The writing of the first Lua functions shows that implementing complex concepts
|
||
like protocol analysers is easy and can be extended to full services. It appears
|
||
that these services are not easy to implement with the HAProxy configuration
|
||
model which is based on four steps: fetch, convert, compare and action. HAProxy
|
||
is extended with a notion of services which are a formalisation of the existing
|
||
services like stats, cli and peers. The service is an autonomous entity with a
|
||
behaviour pattern close to that of an external client or server. The Lua engine
|
||
inherits from this new service and offers new possibilities for writing
|
||
services.
|
||
|
||
This scripting language is useful for testing new features as proof of concept.
|
||
Later, if there is general interest, the proof of concept could be integrated
|
||
with C language in the HAProxy core.
|
||
|
||
The HAProxy Lua integration also provides a simple way for distributing Lua
|
||
packages. The final user needs only to install the Lua file, load it in HAProxy
|
||
and follow the attached documentation.
|
||
|
||
Design and technical things
|
||
===========================
|
||
|
||
Lua is integrated into the HAProxy event driven core. We want to preserve the
|
||
fast processing of HAProxy. To ensure this, we implement some technical concepts
|
||
between HAProxy and the Lua library.
|
||
|
||
The following paragraph also describes the interactions between Lua and HAProxy
|
||
from a technical point of view.
|
||
|
||
Prerequisite
|
||
-----------
|
||
|
||
Reading the following documentation links is required to understand the
|
||
current paragraph:
|
||
|
||
HAProxy doc: http://cbonte.github.io/haproxy-dconv/
|
||
Lua API: http://www.lua.org/manual/5.3/
|
||
HAProxy API: http://www.arpalert.org/src/haproxy-lua-api/1.9dev/index.html
|
||
Lua guide: http://www.lua.org/pil/
|
||
|
||
more about Lua choice
|
||
---------------------
|
||
|
||
Lua language is very simple to extend. It is easy to add new functions written
|
||
in C in the core language. It is not required to embed very intrusive libraries,
|
||
and we do not change compilation processes.
|
||
|
||
The amount of memory consumed can be controlled, and the issues due to lack of
|
||
memory are perfectly caught. The maximum amount of memory allowed for the Lua
|
||
processes is configurable. If some memory is missing, the current Lua action
|
||
fails, and the HAProxy processing flow continues.
|
||
|
||
Lua provides a way for implementing event driven design. When the Lua code
|
||
wants to do a blocking action, the action is started, it executes non blocking
|
||
operations, and returns control to the HAProxy scheduler when it needs to wait
|
||
for some external event.
|
||
|
||
The Lua process can be interrupted after a number of instructions executed. The
|
||
Lua execution will resume later. This is a useful way for controlling the
|
||
execution time. This system also keeps HAProxy responsive. When the Lua
|
||
execution is interrupted, HAProxy accepts some connections or transfers pending
|
||
data. The Lua execution does not block the main HAProxy processing, except in
|
||
some cases which we will see later.
|
||
|
||
Lua function integration
|
||
------------------------
|
||
|
||
The Lua actions, sample fetches, converters and services are integrated in
|
||
HAProxy with "register_*" functions. The register system is a choice for
|
||
providing HAProxy Lua packages easily. The register system adds new sample
|
||
fetches, converters, actions or services usable in the HAProxy configuration
|
||
file.
|
||
|
||
The register system is defined in the "core" functions collection. This
|
||
collection is provided by HAProxy and is always available. Below, the list of
|
||
these functions:
|
||
|
||
- core.register_action()
|
||
- core.register_converters()
|
||
- core.register_fetches()
|
||
- core.register_init()
|
||
- core.register_service()
|
||
- core.register_task()
|
||
|
||
These functions are the execution entry points.
|
||
|
||
HTTP action must be used for manipulating HTTP request headers. This action
|
||
can not manipulates HTTP content. It is dangerous to use the channel
|
||
manipulation object with an HTTP request in an HTTP action. The channel
|
||
manipulation can transform a valid request in an invalid request. In this case,
|
||
the action will never resume and the processing will be frozen. HAProxy
|
||
discards the request after the reception timeout.
|
||
|
||
Non blocking design
|
||
-------------------
|
||
|
||
HAProxy is an event driven software, so blocking system calls are absolutely
|
||
forbidden. However, the Lua allows to do blocking actions. When an action
|
||
blocks, HAProxy is waiting and do nothing, so the basic functionalities like
|
||
accepting connections or forwarding data are blocked while the end of the system
|
||
call. In this case HAProxy will be less responsive.
|
||
|
||
This is very insidious because when the developer tries to execute its Lua code
|
||
with only one stream, HAProxy seems to run fine. When the code is used with
|
||
production stream, HAProxy encounters some slow processing, and it cannot
|
||
hold the load.
|
||
|
||
However, during the initialisation state, you can obviously using blocking
|
||
functions. There are typically used for loading files.
|
||
|
||
The list of prohibited standard Lua functions during the runtime contains all
|
||
that do filesystem access:
|
||
|
||
- os.remove()
|
||
- os.rename()
|
||
- os.tmpname()
|
||
- package.*()
|
||
- io.*()
|
||
- file.*()
|
||
|
||
Some other functions are prohibited:
|
||
|
||
- os.execute(), waits for the end of the required execution blocking HAProxy.
|
||
|
||
- os.exit(), is not really dangerous for the process, but it's not the good way
|
||
for exiting the HAProxy process.
|
||
|
||
- print(), writes data on stdout. In some cases these writes are blocking, the
|
||
best practice is reserving this call for debugging. We must prefer
|
||
to use core.log() or TXN.log() for sending messages.
|
||
|
||
Some HAProxy functions have a blocking behaviour pattern in the Lua code, but
|
||
there are compatible with the non blocking design. These functions are:
|
||
|
||
- All the socket class
|
||
- core.sleep()
|
||
|
||
Responsive design
|
||
-----------------
|
||
|
||
HAProxy must process connections accept, forwarding data and processing timeouts
|
||
as soon as possible. The first thing is to believe that a Lua script with a long
|
||
execution time should impact the expected responsive behaviour.
|
||
|
||
It is not the case, the Lua script execution are regularly interrupted, and
|
||
HAProxy can process other things. These interruptions are exprimed in number of
|
||
Lua instructions. The number of interruptions between two interrupts is
|
||
configured with the following "tune" option:
|
||
|
||
tune.lua.forced-yield <nb>
|
||
|
||
The default value is 10 000. For determining it, I ran benchmark on my laptop.
|
||
I executed a Lua loop between 10 seconds with different values for the
|
||
"tune.lua.forced-yield" option, and I noted the results:
|
||
|
||
configured | Number of
|
||
instructions | loops executed
|
||
between two | in millions
|
||
forced yields |
|
||
---------------+---------------
|
||
10 | 160
|
||
500 | 670
|
||
1000 | 680
|
||
5000 | 700
|
||
7000 | 700
|
||
8000 | 700
|
||
9000 | 710 <- ceil
|
||
10000 | 710
|
||
100000 | 710
|
||
1000000 | 710
|
||
|
||
The result showed that from 9000 instructions between two interrupt, we reached
|
||
a ceil, so the default parameter is 10 000.
|
||
|
||
When HAProxy interrupts the Lua processing, we have two states possible:
|
||
|
||
- Lua is resumable, and it returns control to the HAProxy scheduler,
|
||
- Lua is not resumable, and we just check the execution timeout.
|
||
|
||
The second case occurs if it is required by the HAProxy core. This state is
|
||
forced if the Lua is processed in a non resumable HAProxy part, like sample
|
||
fetches or converters.
|
||
|
||
It occurs also if the Lua is non resumable. For example, if some code is
|
||
executed through the Lua pcall() function, the execution is not resumable. This
|
||
is explained later.
|
||
|
||
So, the Lua code must be fast and simple when is executed as sample fetches and
|
||
converters, it could be slow and complex when is executed as actions and
|
||
services.
|
||
|
||
Execution time
|
||
--------------
|
||
|
||
The Lua execution time is measured and limited. Each group of functions has its
|
||
own timeout configured. The time measured is the real Lua execution time, and
|
||
not the difference between the end time and the start time. The groups are:
|
||
|
||
- main code and init are not submitted to the timeout,
|
||
- fetches, converters and action have a default timeout of 4s,
|
||
- task, by default does not have timeout,
|
||
- service have a default timeout of 4s.
|
||
|
||
The corresponding tune options are:
|
||
|
||
- tune.lua.session-timeout (fetches, converters and action)
|
||
- tune.lua.task-timeout (task)
|
||
- tune.lua.service-timeout (services)
|
||
|
||
The task does not have a timeout because it runs in background along the
|
||
HAProxy process life.
|
||
|
||
For example, if an Lua script is executed during 1.1s and the script executes a
|
||
sleep of 1 second, the effective measured running time is 0.1s.
|
||
|
||
This timeout is useful for preventing infinite loops. During the runtime, it
|
||
should be never triggered.
|
||
|
||
The stack and the coprocess
|
||
---------------------------
|
||
|
||
The Lua execution is organized around a stack. Each Lua action, even out of the
|
||
effective execution, affects the stack. HAProxy integration uses one main stack,
|
||
which is common for all the process, and a secondary one used as coprocess.
|
||
After the initialization, the main stack is no longer used by HAProxy, except
|
||
for global storage. The second type of stack is used by all the Lua functions
|
||
called from different Lua actions declared in HAProxy. The main stack permits
|
||
to store coroutines pointers, and some global variables.
|
||
|
||
Do you want to see an example of how seems Lua C development around a stack ?
|
||
Some examples follows. This first one, is a simple addition:
|
||
|
||
lua_pushnumber(L, 1)
|
||
lua_pushnumber(L, 2)
|
||
lua_arith(L, LUA_OPADD)
|
||
|
||
It's easy, we push 1 on the stack, after, we push 2, and finally, we perform an
|
||
addition. The two top entries of the stack are added, popped, and the result is
|
||
pushed. It is a classic way with a stack.
|
||
|
||
Now an example for constructing array and objects. It's a little bit more
|
||
complicated. The difficult consist to keep in mind the state of the stack while
|
||
we write the code. The goal is to create the entity described below. Note that
|
||
the notation "*1" is a metatable reference. The metatable will be explained
|
||
later.
|
||
|
||
name*1 = {
|
||
[0] = <userdata>,
|
||
}
|
||
|
||
*1 = {
|
||
"__index" = {
|
||
"method1" = <function>,
|
||
"method2" = <function>
|
||
}
|
||
"__gc" = <function>
|
||
}
|
||
|
||
Let's go:
|
||
|
||
lua_newtable() // The "name" table
|
||
lua_newtable() // The metatable *1
|
||
lua_pushstring("__index")
|
||
lua_newtable() // The "__index" table
|
||
lua_pushstring("method1")
|
||
lua_pushfunction(function)
|
||
lua_settable(-3) // -3 is an index in the stack. insert method1
|
||
lua_pushstring("method2")
|
||
lua_pushfunction(function)
|
||
lua_settable(-3) // insert method2
|
||
lua_settable(-3) // insert "__index"
|
||
lua_pushstring("__gc")
|
||
lua_pushfunction(function)
|
||
lua_settable() // insert "__gc"
|
||
lua_setmetatable(-1) // attach metatable to "name"
|
||
lua_pushnumber(0)
|
||
lua_pushuserdata(userdata)
|
||
lua_settable(-3)
|
||
lua_setglobal("name")
|
||
|
||
So, coding for Lua in C, is not complex, but it needs some mental gymnastic.
|
||
|
||
The object concept and the HAProxy format
|
||
-----------------------------------------
|
||
|
||
The object seems to be not a native concept. An Lua object is a table. We can
|
||
note that the table notation accept three forms:
|
||
|
||
1. mytable["entry"](mytable, "param")
|
||
2. mytable.entry(mytable, "param")
|
||
3. mytable:entry("param")
|
||
|
||
These three notation have the same behaviour pattern: a function is executed
|
||
with the table itself as first parameter and string "param" as second parameter
|
||
The notation with [] is commonly used for storing data in a hash table, and the
|
||
dotted notation is used for objects. The notation with ":" indicates that the
|
||
first parameter is the element at the left of the symbol ":".
|
||
|
||
So, an object is a table and each entry of the table is a variable. A variable
|
||
can be a function. These are the first concepts of the object notation in the
|
||
Lua, but it is not the end.
|
||
|
||
With the objects, we usually expect classes and inheritance. This is the role of
|
||
the metable. A metable is a table with predefined entries. These entries modify
|
||
the default behaviour of the table. The simplest example is the "__index" entry.
|
||
If this entry exists, it is called when a value is requested in the table. The
|
||
behaviour is the following:
|
||
|
||
1 - looks in the table if the entry exists, and if it the case, return it
|
||
|
||
2 - looks if a metatable exists, and if the "__index" entry exists
|
||
|
||
3 - if "__index" is a function, execute it with the key as parameter, and
|
||
returns the result of the function.
|
||
|
||
4 - if "__index" is a table, looks if the requested entry exists, and if
|
||
exists, return it.
|
||
|
||
5 - if not exists, return to step 2
|
||
|
||
The behaviour of the point 5 represents the inheritance.
|
||
|
||
In HAProxy all the provided objects are tables, the entry "[0]" contains private
|
||
data, there are often userdata or lightuserdata. The metatable is registered in
|
||
the global part of the main Lua stack, and it is called with the case sensitive
|
||
class name. A great part of these class must not be used directly because it
|
||
requires an initialisation using the HAProxy internal structs.
|
||
|
||
The HAProxy objects use unified conventions. An Lua object is always a table.
|
||
In most cases, an HAProxy Lua object needs some private data. These are always
|
||
set in the index [0] of the array. The metatable entry "__tostring" returns the
|
||
object name.
|
||
|
||
The Lua developer can add entries to the HAProxy object. They just work carefully
|
||
and prevent to modify the index [0].
|
||
|
||
Common HAproxy objects are:
|
||
|
||
- TXN : manipulates the transaction between the client and the server
|
||
- Channel : manipulates proxified data between the client and the server
|
||
- HTTP : manipulates HTTP between the client and the server
|
||
- Map : manipulates HAProxy maps.
|
||
- Fetches : access to all HAProxy sample fetches
|
||
- Converters : access to all HAProxy sample converters
|
||
- AppletTCP : process client request like a TCP server
|
||
- AppletHTTP : process client request like an HTTP server
|
||
- Socket : establish tcp connection to a server (ipv4/ipv6/socket/ssl/...)
|
||
|
||
The garbage collector and the memory allocation
|
||
-----------------------------------------------
|
||
|
||
Lua doesn't really have a global memory limit, but HAProxy implements it. This
|
||
permits to control the amount of memory dedicated to the Lua processes. It is
|
||
specially useful with embedded environments.
|
||
|
||
When the memory limit is reached, HAProxy refuses to give more memory to the Lua
|
||
scripts. The current Lua execution is terminated with an error and HAProxy
|
||
continues its processing.
|
||
|
||
The max amount of memory is configured with the option:
|
||
|
||
tune.lua.maxmem
|
||
|
||
As many other script languages, Lua uses a garbage collector for reusing its
|
||
memory. The Lua developer can work without memory preoccupation. Usually, the
|
||
garbage collector is controlled by the Lua core, but sometimes it will be useful
|
||
to run when the user/developer requires. So the garbage collector can be called
|
||
from C part or Lua part.
|
||
|
||
Sometimes, objects using lightuserdata or userdata requires to free some memory
|
||
block or close filedescriptor not controlled by the Lua. A dedicated garbage
|
||
collection function is provided through the metatable. It is referenced with the
|
||
special entry "__gc".
|
||
|
||
Generally, in HAProxy, the garbage collector does this job without any
|
||
intervention. However some objects use a great amount of memory, and we want to
|
||
release as quickly as possible. The problem is that only the GC knows if the
|
||
object is in use or not. The reason is simple variable containing objects can be
|
||
shared between coroutines and the main thread, so an object can be used
|
||
everywhere in HAProxy.
|
||
|
||
The only one example is the HAProxy sockets. These are explained later, just for
|
||
understanding the GC issues, a quick overview of the socket follows. The HAProxy
|
||
socket uses an internal session and stream, the session uses resources like
|
||
memory and file descriptor and in some cases keeps a socket open while it is no
|
||
longer used by Lua.
|
||
|
||
If the HAProxy socket is used, we forcing a garbage collector cycle after the
|
||
end of each function using HAProxy socket. The reason is simple: if the socket
|
||
is no longer used, we want to close the connection quickly.
|
||
|
||
A special flag is used in HAProxy indicating that a HAProxy socket is created.
|
||
If this flag is set, a full GC cycle is started after each Lua action. This is
|
||
not free, we loose about 10% of performances, but it is the only way for closing
|
||
sockets quickly.
|
||
|
||
The yield concept / longjmp issues
|
||
----------------------------------
|
||
|
||
The "yield" is an action which does some Lua processing in pause and give back
|
||
the hand to the HAProxy core. This action is do when the Lua needs to wait about
|
||
data or other things. The most basically example is the sleep() function. In an
|
||
event driven software the code must not process blocking systems call, so the
|
||
sleep blocks the software between a lot of time. In HAProxy, an Lua sleep does a
|
||
yield, and ask to the scheduler to be woken up in a required sleep time.
|
||
Meanwhile, the HAProxy scheduler does other things, like accepting new
|
||
connection or forwarding data.
|
||
|
||
A yield is also executed regularly, after a lot of Lua instructions processed.
|
||
This yield permits to control the effective execution time, and also give back
|
||
the hand to the HAProxy core. When HAProxy finishes to process the pending jobs,
|
||
the Lua execution continues.
|
||
|
||
This special "yield" uses the Lua "debug" functions. Lua provides a debug method
|
||
called "lua_sethook()" which permits to interrupt the execution after some
|
||
configured condition and call a function. This condition used in HAProxy is
|
||
a number of instructions processed and when a function returns. The function
|
||
called controls the effective execution time, and if it is possible to send a
|
||
"yield".
|
||
|
||
The yield system is based on a couple setjmp/longjmp. In brief, the setjmp()
|
||
stores a stack state, and the longjmp restores the stack in its state which had
|
||
before the last Lua execution.
|
||
|
||
Lua can immediately stop its execution if an error occurs. This system uses also
|
||
the longjmp system. In HAProxy, we try to use this system only for unrecoverable
|
||
errors. Maybe some trivial errors target an exception, but we try to remove it.
|
||
|
||
It seems that Lua uses the longjmp system for having a behaviour like the java
|
||
try / catch. We can use the function pcall() to execute some code. The function
|
||
pcall() run a setjmp(). So, if any error occurs while the Lua code execution,
|
||
the flow immediately returns from the pcall() with an error.
|
||
|
||
The big issue of this behaviour is that we cannot do a yield. So if some Lua code
|
||
executes a library using pcall for catching errors, HAProxy must be wait for the
|
||
end of execution without processing any accept or any stream. The cause is the
|
||
yield must be jump to the root of execution. The intermediate setjmp() avoids
|
||
this behaviour.
|
||
|
||
|
||
HAproxy start Lua execution
|
||
+ Lua puts a setjmp()
|
||
+ Lua executes code
|
||
+ Some code is executed in a pcall()
|
||
+ pcall() puts a setjmp()
|
||
+ Lua executes code
|
||
+ A yield is require for a sleep function
|
||
it cannot be jumps to the Lua root execution.
|
||
|
||
|
||
Another issue with the processing of strong errors is the manipulation of the
|
||
Lua stack outside of an Lua processing. If one of the functions called occurs a
|
||
strong error, the default behaviour is an abort(). It is not acceptable when
|
||
HAProxy is in runtime mode. The Lua documentation propose to use another
|
||
setjmp/longjmp to avoid the abort(). The goal is to put a setjmp between
|
||
manipulating the Lua stack and using an alternative "panic" function which jumps
|
||
to the setjmp() in error case.
|
||
|
||
All of these behaviours are very dangerous for the stability, and the internal
|
||
HAProxy code must be modified with many precautions.
|
||
|
||
For preserving a good behaviour of HAProxy, the yield is mandatory.
|
||
Unfortunately, some HAProxy parts are not adapted for resuming an execution
|
||
after a yield. These parts are the sample fetches and the sample converters. So,
|
||
the Lua code written in these parts of HAProxy must be quickly executed, and can
|
||
not do actions which require yield like TCP connection or simple sleep.
|
||
|
||
HAproxy socket object
|
||
---------------------
|
||
|
||
The HAProxy design is optimized for the data transfers between a client and a
|
||
server, and processing the many errors which can occurs during these exchanges.
|
||
HAProxy is not designed for having a third connection established to a third
|
||
party server.
|
||
|
||
The solution consist to put the main stream in pause waiting for the end of the
|
||
exchanges with the third connection. This is completed by a signal between
|
||
internal tasks. The following graph shows the HAProxy Lua socket:
|
||
|
||
|
||
+--------------------+
|
||
| Lua processing |
|
||
------------------\ | creates socket | ------------------\
|
||
incoming request > | and puts the | Outgoing request >
|
||
------------------/ | current processing | ------------------/
|
||
| in pause waiting |
|
||
| for TCP applet |
|
||
+-----------------+--+
|
||
^ |
|
||
| |
|
||
| signal | read / write
|
||
| | data
|
||
| |
|
||
+-------------+---------+ v
|
||
| HAProxy internal +----------------+
|
||
| applet send signals | |
|
||
| when data is received | | -------------------\
|
||
| or some room is | Attached I/O | Client TCP stream >
|
||
| available | Buffers | -------------------/
|
||
+--------------------+--+ |
|
||
| |
|
||
+-------------------+
|
||
|
||
|
||
A more detailed graph is available in the "doc/internals" directory.
|
||
|
||
The HAProxy Lua socket uses a full HAProxy session / stream for establishing the
|
||
connection. This mechanism provides all the facilities and HAProxy features,
|
||
like the SSL stack, many socket type, and support for namespaces.
|
||
Technically it supports the proxy protocol, but there are no way to enable it.
|
||
|
||
How compiling HAProxy with Lua
|
||
==============================
|
||
|
||
HAProxy 1.6 requires Lua 5.3. Lua 5.3 offers some features which make easy the
|
||
integration. Lua 5.3 is young, and some distros do not distribute it. Luckily,
|
||
Lua is a great product because it does not require exotic dependencies, and its
|
||
build process is really easy.
|
||
|
||
The compilation process for linux is easy:
|
||
|
||
- download the source tarball
|
||
wget http://www.lua.org/ftp/lua-5.3.1.tar.gz
|
||
|
||
- untar it
|
||
tar xf lua-5.3.1.tar.gz
|
||
|
||
- enter the directory
|
||
cd lua-5.3.1
|
||
|
||
- build the library for linux
|
||
make linux
|
||
|
||
- install it:
|
||
sudo make INSTALL_TOP=/opt/lua-5.3.1 install
|
||
|
||
HAProxy builds with your favourite options, plus the following options for
|
||
embedding the Lua script language:
|
||
|
||
- download the source tarball
|
||
wget http://www.haproxy.org/download/1.6/src/haproxy-1.6.2.tar.gz
|
||
|
||
- untar it
|
||
tar xf haproxy-1.6.2.tar.gz
|
||
|
||
- enter the directory
|
||
cd haproxy-1.6.2
|
||
|
||
- build HAProxy:
|
||
make TARGET=linux-glibc \
|
||
USE_LUA=1 \
|
||
LUA_LIB=/opt/lua-5.3.1/lib \
|
||
LUA_INC=/opt/lua-5.3.1/include
|
||
|
||
- install it:
|
||
sudo make PREFIX=/opt/haproxy-1.6.2 install
|
||
|
||
First steps with Lua
|
||
====================
|
||
|
||
Now, it's time to use Lua in HAProxy.
|
||
|
||
Start point
|
||
-----------
|
||
|
||
The HAProxy global directive "lua-load <file>" allows to load an Lua file. This
|
||
is the entry point. This load become during the configuration parsing, and the
|
||
Lua file is immediately executed.
|
||
|
||
All the register_*() functions must be called at this time because they are used
|
||
just after the processing of the global section, in the frontend/backend/listen
|
||
sections.
|
||
|
||
The most simple "Hello world !" is the following line a loaded Lua file:
|
||
|
||
core.Alert("Hello World !");
|
||
|
||
It displays a log during the HAProxy startup:
|
||
|
||
[alert] 285/083533 (14465) : Hello World !
|
||
|
||
Default path and libraries
|
||
--------------------------
|
||
|
||
Lua can embed some libraries. These libraries can be included from different
|
||
paths. It seems that Lua doesn't like subdirectories. In the following example,
|
||
I try to load a compiled library, so the first line is Lua code, the second line
|
||
is an 'strace' extract proving that the library was opened. The next lines are
|
||
the associated error.
|
||
|
||
require("luac/concat")
|
||
|
||
open("./luac/concat.so", O_RDONLY|O_CLOEXEC) = 4
|
||
|
||
[ALERT] (22806) : parsing [commonstats.conf:15] : lua runtime
|
||
error: error loading module 'luac/concat' from file './luac/concat.so':
|
||
./luac/concat.so: undefined symbol: luaopen_luac/concat
|
||
|
||
Lua tries to load the C symbol 'luaopen_luac/concat'. When Lua tries to open a
|
||
library, it tries to execute the function associated to the symbol
|
||
"luaopen_<libname>".
|
||
|
||
The variable "<libname>" is defined using the content of the variable
|
||
"package.cpath" and/or "package.path". The default definition of the
|
||
"package.cpath" (on my computer is ) variable is:
|
||
|
||
/usr/local/lib/lua/5.3/?.so;/usr/local/lib/lua/5.3/loadall.so;./?.so
|
||
|
||
The "<libname>" is the content which replaces the symbol "<?>". In the previous
|
||
example, its "luac/concat", and obviously the Lua core try to load the function
|
||
associated with the symbol "luaopen_luac/concat".
|
||
|
||
My conclusion is that Lua doesn't support subdirectories. So, for loading
|
||
libraries in subdirectory, it must fill the variable with the name of this
|
||
subdirectory. The extension .so must disappear, otherwise Lua try to execute the
|
||
function associated with the symbol "luaopen_concat.so". The following syntax is
|
||
correct:
|
||
|
||
package.cpath = package.cpath .. ";./luac/?.so"
|
||
require("concat")
|
||
|
||
First useful example
|
||
--------------------
|
||
|
||
core.register_fetches("my-hash", function(txn, salt)
|
||
return txn.sc:sdbm(salt .. txn.sf:req_fhdr("host") .. txn.sf:path() .. txn.sf:src(), 1)
|
||
end)
|
||
|
||
You will see that these 3 lines can generate a lot of explanations :)
|
||
|
||
Core.register_fetches() is executed during the processing of the global section
|
||
by the HAProxy configuration parser. A new sample fetch is declared with name
|
||
"my-hash", this name is always prefixed by "lua.". So this new declared
|
||
sample fetch will be used calling "lua.my-hash" in the HAProxy configuration
|
||
file.
|
||
|
||
The second parameter is an inline declared anonymous function. Note the closed
|
||
parenthesis after the keyword "end" which ends the function. The first parameter
|
||
of this anonymous function is "txn". It is an object of class TXN. It provides
|
||
access functions. The second parameter is an arbitrary value provided by the
|
||
HAProxy configuration file. This parameter is optional, the developer must
|
||
check if it is present.
|
||
|
||
The anonymous function registration is executed when the HAProxy backend or
|
||
frontend configuration references the sample fetch "lua.my-hash".
|
||
|
||
This example can be written with another style, like below:
|
||
|
||
function my_hash(txn, salt)
|
||
return txn.sc:sdbm(salt .. txn.sf:req_fhdr("host") .. txn.sf:path() .. txn.sf:src(), 1)
|
||
end
|
||
|
||
core.register_fetches("my-hash", my_hash)
|
||
|
||
This second form is clearer, but the first one is compact.
|
||
|
||
The operator ".." is a string concatenation. If one of the two operands is not a
|
||
string, an error occurs and the execution is immediately stopped. This is
|
||
important to keep in mind for the following things.
|
||
|
||
Now I write the example on more than one line. Its an easiest way for commenting
|
||
the code:
|
||
|
||
1. function my_hash(txn, salt)
|
||
2. local str = ""
|
||
3. str = str .. salt
|
||
4. str = str .. txn.sf:req_fhdr("host")
|
||
5. str = str .. txn.sf:path()
|
||
6. str = str .. txn.sf:src()
|
||
7. local result = txn.sc:sdbm(str, 1)
|
||
8. return result
|
||
9. end
|
||
10.
|
||
11. core.register_fetches("my-hash", my_hash)
|
||
|
||
local
|
||
~~~~~
|
||
|
||
The first keyword is "local". This is a really important keyword. You must
|
||
understand that the function "my_hash" will be called for each HAProxy request
|
||
using the declared sample fetch. So, this function can be executed many times in
|
||
parallel.
|
||
|
||
By default, Lua uses global variables. So in this example, if the variable "str"
|
||
is declared without the keyword "local", it will be shared by all the parallel
|
||
executions of the function and obviously, the content of the requests will be
|
||
shared.
|
||
|
||
This warning is very important. I tried to write useful Lua code like a rewrite
|
||
of the statistics page, and it is very hard thing to declare each variable as
|
||
"local".
|
||
|
||
I guess that this behaviour will be the cause of many troubles on the mailing
|
||
list.
|
||
|
||
str = str ..
|
||
~~~~~~~~~~~~
|
||
|
||
Now a parenthesis about the form "str = str ..". This form allows to do string
|
||
concatenations. Remember that Lua uses a garbage collector, so what happens when
|
||
we do "str = str .. 'another string'" ?
|
||
|
||
str = str .. "another string"
|
||
^ ^ ^ ^
|
||
1 2 3 4
|
||
|
||
Lua executes first the concatenation operator (3), it allocates memory for the
|
||
resulting string and fill this memory with the concatenation of the operands 2
|
||
and 4. Next, it frees the variable 1, now the old content of 1 can be garbage
|
||
collected. And finally, the new content of 1 is the concatenation.
|
||
|
||
what the matter ? when we do this operation many times, we consume a lot of
|
||
memory, and the string data is duplicated and move many times. So, this practice
|
||
is expensive in execution time and memory consumption.
|
||
|
||
There are easy ways to prevent this behaviour. I guess that a C binding for
|
||
concatenation with chunks will be available ASAP (it is already written). I do
|
||
some benchmarks. I compare the execution time of 1 000 times, 1 000
|
||
concatenation of 10 bytes written in pure Lua and with a C library. The result is
|
||
10 times faster in C (1s in Lua, and 0.1s in C).
|
||
|
||
txn
|
||
~~~
|
||
|
||
txn is an HAProxy object of class TXN. The documentation is available in the
|
||
HAProxy Lua API reference. This class allow the access to the native HAProxy
|
||
sample fetches and converters. The object txn contains 2 members dedicated to
|
||
the sample fetches and 2 members dedicated to the converters.
|
||
|
||
The sample fetches members are "f" (as sample-Fetch) and "sf" (as String
|
||
sample-Fetch). These two members contain exactly the same functions. All the
|
||
HAProxy native sample fetches are available, obviously, the Lua registered sample
|
||
fetches are not available. Unfortunately, HAProxy sample fetches names are not
|
||
compatible with the Lua function names, and they are renamed. The rename
|
||
convention is simple, we replace all the '.', '+' and '-' by '_'. The '.' is the
|
||
object member separator, and the "-" and "+" is math operator.
|
||
|
||
Now, that I'm writing this article, I know the Lua better than I wrote the
|
||
sample-fetches wrapper. The original HAProxy sample-fetches name should be used
|
||
using alternative manner to call an object member, so the sample-fetch
|
||
"req.fhdr" (actually renamed req_fhdr") should be used like this:
|
||
|
||
txn.f["req.fhdr"](txn.f, ...)
|
||
|
||
However, I think that this form is not elegant.
|
||
|
||
The "s" collection return a data with a type near to the original returned type.
|
||
A string returns an Lua string, an integer returns an Lua integer and an IP
|
||
address returns an Lua string. Sometime the data is not or not yet available, in
|
||
this case it returns the Lua nil value.
|
||
|
||
The "sf" collection guarantees that a string will be always returned. If the data
|
||
is not available, an empty string is returned. The main usage of these collection
|
||
is to concatenate the returned sample-fetches without testing each function.
|
||
|
||
The parameters of the sample-fetches are according with the HAProxy
|
||
documentation.
|
||
|
||
The converters run exactly with the same manner as the sample fetches. The
|
||
only one difference is that the first parameter is the converter entry element.
|
||
The "c" collection returns a precise result, and the "sc" collection returns
|
||
always a string.
|
||
|
||
The sample-fetches used in the example function are "txn.sf:req_fhdr()",
|
||
"txn.sf:path()" and "txn.sf:src()". The converter is "txn.sc:sdbm()". The same
|
||
function with the "s" collection of sample-fetches and the "c" collection of
|
||
converter should be written like this:
|
||
|
||
1. function my_hash(txn, salt)
|
||
2. local str = ""
|
||
3. str = str .. salt
|
||
4. str = str .. tostring(txn.f:req_fhdr("host"))
|
||
5. str = str .. tostring(txn.f:path())
|
||
6. str = str .. tostring(txn.f:src())
|
||
7. local result = tostring(txn.c:sdbm(str, 1))
|
||
8. return result
|
||
9. end
|
||
10.
|
||
11. core.register_fetches("my-hash", my_hash)
|
||
|
||
tostring
|
||
~~~~~~~~
|
||
|
||
The function tostring ensures that its parameter is returned as a string. If the
|
||
parameter is a table or a thread or anything that will not have any sense as a
|
||
string, a form like the typename followed by a pointer is returned. For example:
|
||
|
||
t = {}
|
||
print(tostring(t))
|
||
|
||
returns:
|
||
|
||
table: 0x15facc0
|
||
|
||
For objects, if the special function __tostring() is registered in the attached
|
||
metatable, it will be called with the table itself as first argument. The
|
||
HAProxy object returns its own type.
|
||
|
||
About the converters entry point
|
||
--------------------------------
|
||
|
||
In HAProxy, a converter is a stateless function that takes a data as entry and
|
||
returns a transformation of this data as output. In Lua it is exactly the same
|
||
behaviour.
|
||
|
||
So, the registered Lua function doesn't have any special parameters, just a
|
||
variable as input which contains the value to convert, and it must return data.
|
||
|
||
The data required as input by the Lua converter is a string. So HAProxy will
|
||
always provide a string as input. If the native sample fetch is not a string it
|
||
will be converted in best effort.
|
||
|
||
The returned value will have anything type, it will be converted as sample of
|
||
the near HAProxy type. The conversion rules from Lua variables to HAProxy
|
||
samples are:
|
||
|
||
Lua | HAProxy sample types
|
||
-----------+---------------------
|
||
"number" | "sint"
|
||
"boolean" | "bool"
|
||
"string" | "str"
|
||
"userdata" | "bool" (false)
|
||
"nil" | "bool" (false)
|
||
"table" | "bool" (false)
|
||
"function" | "bool" (false)
|
||
"thread" | "bool" (false)
|
||
|
||
The function used for registering a converter is:
|
||
|
||
core.register_converters()
|
||
|
||
The task entry point
|
||
--------------------
|
||
|
||
The function "core.register_task(fcn)" executes once the function "fcn" when the
|
||
scheduler starts. This way is used for executing background task. For example,
|
||
you can use this functionality for periodically checking the health of another
|
||
service, and giving the result to each proxy needing it.
|
||
|
||
The task is started once, if you want periodic actions, you can use the
|
||
"core.sleep()" or "core.msleep()" for waiting the next runtime.
|
||
|
||
Storing Lua variable between function in the same session
|
||
---------------------------------------------------------
|
||
|
||
All the functions registered as action or sample fetch can share an Lua context.
|
||
This context is a memory zone in the stack. sample fetch and action use the
|
||
same stack, so both can access to the context.
|
||
|
||
The context is accessible via the function get_priv and set_priv provided by an
|
||
object of class TXN. The value given to set_priv replaces the current stored
|
||
value. This value can be a table, it is useful if a lot of data can be shared.
|
||
|
||
If the value stored is a table, you can add or remove entries from the table
|
||
without storing again the new table. Maybe an example will be clearer:
|
||
|
||
local t = {}
|
||
txn:set_priv(t)
|
||
|
||
t["entry1"] = "foo"
|
||
t["entry2"] = "bar"
|
||
|
||
-- this will display "foo"
|
||
print(txn:get_priv()["entry1"])
|
||
|
||
HTTP actions
|
||
============
|
||
|
||
... coming soon ...
|
||
|
||
Lua is fast, but my service require more execution speed
|
||
========================================================
|
||
|
||
We can write C modules for Lua. These modules must run with HAProxy while they
|
||
are compliant with the HAProxy Lua version. A simple example is the "concat"
|
||
module.
|
||
|
||
It is very easy to write and compile a C Lua library, however, I don't see
|
||
documentation about this process. So the current chapter is a quick howto.
|
||
|
||
The entry point
|
||
---------------
|
||
|
||
The entry point is called "luaopen_<name>", where <name> is the name of the ".so"
|
||
file. An hello world is like this:
|
||
|
||
#include <stdio.h>
|
||
#include <lua.h>
|
||
#include <lauxlib.h>
|
||
|
||
int luaopen_mymod(lua_State *L)
|
||
{
|
||
printf("Hello world\n");
|
||
return 0;
|
||
}
|
||
|
||
The build
|
||
---------
|
||
|
||
The compilation of the source file requires the Lua "include" directory. The
|
||
compilation and the link of the object file requires the -fPIC option. That's
|
||
all.
|
||
|
||
cc -I/opt/lua/include -fPIC -shared -o mymod.so mymod.c
|
||
|
||
Usage
|
||
-----
|
||
|
||
You can load this module with the following Lua syntax:
|
||
|
||
require("mymod")
|
||
|
||
When you start HAProxy, this module just print "Hello world" when it is loaded.
|
||
Please, remember that HAProxy doesn't allow blocking method, so if you write a
|
||
function doing filesystem access or synchronous network access, all the HAProxy
|
||
process will fail.
|