mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2024-12-22 12:30:07 +00:00
f673923629
With the CI occasionally slowing down, we're starting to see again some spurious failures despite the long 1-second timeouts. This reports false positives that are disturbing and doesn't provide as much value as this could. However at this delay it already becomes a pain for developers to wait for the tests to complete. This commit adds support for the new environment variable HAPROXY_TEST_TIMEOUT that will allow anyone to modify the connect, client and server timeouts. It was set to 5 seconds by default, which should be plenty for quite some time in the CI. All relevant values that were 200ms or above were replaced by this one. A few larger values were left as they are special. One test for the set-timeout action that used to rely on a fixed 1-sec value was extended to a fixed 5-sec, as the timeout is normally not reached, but it needs to be known to compare the old and new values.
119 lines
4.6 KiB
Plaintext
119 lines
4.6 KiB
Plaintext
varnishtest "Health-checks: tcp-check health-check with ssl options"
|
|
#REQUIRE_OPTION=OPENSSL
|
|
#REQUIRE_VERSION=2.2
|
|
#REGTEST_TYPE=slow
|
|
feature ignore_unknown_macro
|
|
|
|
syslog S_ok -level notice {
|
|
recv
|
|
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be[0-9]+/srv succeeded, reason: Layer6 check passed.+check duration: [[:digit:]]+ms, status: 1/1 UP."
|
|
recv
|
|
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be[0-9]+/srv succeeded, reason: Layer6 check passed.+check duration: [[:digit:]]+ms, status: 1/1 UP."
|
|
recv
|
|
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be[0-9]+/srv succeeded, reason: Layer6 check passed.+check duration: [[:digit:]]+ms, status: 1/1 UP."
|
|
recv
|
|
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be[0-9]+/srv succeeded, reason: Layer6 check passed.+check duration: [[:digit:]]+ms, status: 1/1 UP."
|
|
recv
|
|
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be[0-9]+/srv succeeded, reason: Layer6 check passed.+check duration: [[:digit:]]+ms, status: 1/1 UP."
|
|
} -start
|
|
|
|
syslog S3 -level notice {
|
|
recv
|
|
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be3/srv failed, reason: Layer6 invalid response.+info: \"(Connection closed during SSL handshake|SSL handshake failure)\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN."
|
|
} -start
|
|
|
|
syslog S4 -level notice {
|
|
recv
|
|
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be4/srv failed, reason: Layer6 invalid response.+info: \"(Connection closed during SSL handshake|SSL handshake failure) at step 1 of tcp-check \\(connect\\)\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN."
|
|
} -start
|
|
|
|
|
|
haproxy htst -conf {
|
|
global
|
|
tune.ssl.default-dh-param 2048
|
|
|
|
defaults
|
|
mode tcp
|
|
timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
|
|
listen li1
|
|
bind "fd@${li1}"
|
|
tcp-request inspect-delay 100ms
|
|
tcp-request content reject if { req.ssl_hello_type 0 }
|
|
tcp-request content accept if { req.ssl_sni check.haproxy.org }
|
|
tcp-request content accept if { req.ssl_sni connect.haproxy.org }
|
|
tcp-request content reject
|
|
server fe1 ${htst_fe1_addr}:${htst_fe1_port}
|
|
|
|
listen li2
|
|
bind "fd@${li2}"
|
|
tcp-request inspect-delay 100ms
|
|
tcp-request content reject if { req.ssl_hello_type 0 }
|
|
tcp-request content accept if { req.ssl_alpn h2 }
|
|
tcp-request content accept if { req.ssl_alpn http/1.1 }
|
|
tcp-request content reject
|
|
server fe1 ${htst_fe1_addr}:${htst_fe1_port}
|
|
|
|
frontend fe1
|
|
bind "fd@${fe1}" ssl crt ${testdir}/common.pem
|
|
|
|
} -start
|
|
|
|
haproxy h1 -conf {
|
|
defaults
|
|
mode tcp
|
|
timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
|
|
backend be1
|
|
log ${S_ok_addr}:${S_ok_port} daemon
|
|
option log-health-checks
|
|
server srv ${htst_li1_addr}:${htst_li1_port} check check-ssl check-sni check.haproxy.org inter 1s rise 1 fall 1 verify none
|
|
|
|
backend be2
|
|
log ${S_ok_addr}:${S_ok_port} daemon
|
|
option log-health-checks
|
|
option tcp-check
|
|
tcp-check connect ssl sni connect.haproxy.org
|
|
server srv ${htst_li1_addr}:${htst_li1_port} check inter 1s rise 1 fall 1 verify none
|
|
|
|
backend be3
|
|
log ${S3_addr}:${S3_port} daemon
|
|
option log-health-checks
|
|
server srv ${htst_li1_addr}:${htst_li1_port} check check-ssl check-sni bad.haproxy.org inter 1s rise 1 fall 1 verify none
|
|
|
|
backend be4
|
|
log ${S4_addr}:${S4_port} daemon
|
|
option log-health-checks
|
|
option tcp-check
|
|
tcp-check connect ssl sni bad.haproxy.org
|
|
server srv ${htst_li1_addr}:${htst_li1_port} check inter 1s rise 1 fall 1 verify none
|
|
|
|
backend be5
|
|
log ${S_ok_addr}:${S_ok_port} daemon
|
|
option log-health-checks
|
|
option tcp-check
|
|
tcp-check connect default
|
|
server srv ${htst_li1_addr}:${htst_li1_port} check check-ssl check-sni check.haproxy.org inter 1s rise 1 fall 1 verify none
|
|
|
|
backend be6
|
|
log ${S_ok_addr}:${S_ok_port} daemon
|
|
option log-health-checks
|
|
server srv ${htst_li2_addr}:${htst_li2_port} check check-ssl check-alpn "h2,http/1.1" inter 1s rise 1 fall 1 verify none
|
|
|
|
backend be7
|
|
log ${S_ok_addr}:${S_ok_port} daemon
|
|
option log-health-checks
|
|
option tcp-check
|
|
tcp-check connect ssl alpn "h2,http/1.1"
|
|
server srv ${htst_li2_addr}:${htst_li2_port} check inter 1s rise 1 fall 1 verify none
|
|
|
|
} -start
|
|
|
|
syslog S_ok -wait
|
|
syslog S3 -wait
|
|
syslog S4 -wait
|