openstack
/
octavia
Code Issues Proposed changes

Fixes unlimited listener connection limit 

When using the Octavia/amphora driver, unspecified or unlimited (-1)
settings would lead to a 2000 connection limit in HAproxy.
This patch updates that to be 1,000,000 connections.
1,000,000 was selected to amphora memory usage at a reasonable level.

Conflicts:
        octavia/tests/unit/amphorae/backends/agent/api_server/test_haproxy_compatibility.py
        octavia/tests/unit/common/jinja/haproxy/test_jinja_cfg.py
        octavia/tests/unit/common/sample_configs/sample_configs.py

Story: 1635416
Task: 5159

Change-Id: Iddeb62412bb71b69cf1e9198be6131c59a3051b0
(cherry picked from commit 294e0fc128)
This commit is contained in:
Michael Johnson 2018-07-06 10:29:52 -07:00 committed by Nir Magnezi
parent 427203a0bc
commit e2c5d4ed86
8 changed files with 177 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
elements/haproxy-octavia/post-install.d/20-haproxy-tune-kernel
View File

@ -12,11 +12,12 @@ sysctl-write-value net.ipv4.tcp_tw_reuse 1
sysctl-write-value net.core.somaxconn 65534
sysctl-write-value net.ipv4.tcp_synack_retries 3
sysctl-write-value net.core.netdev_max_backlog 100000
sysctl-write-value fs.file-max 1048576
# This should allow HAProxy maxconn to be 1,000,000
sysctl-write-value fs.file-max 2097152
sysctl-write-value fs.nr_open 2097152
# It's ok for these to fail if conntrack module isn't loaded
sysctl-write-value net.netfilter.nf_conntrack_max 131072 || true
sysctl-write-value net.ipv4.netfilter.ip_conntrack_max 1524288 || true
sysctl-write-value net.netfilter.nf_conntrack_buckets 125000 || true
sysctl-write-value net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait 5 || true
sysctl-write-value net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait 5 || true

1
octavia/amphorae/backends/agent/api_server/templates/systemd.conf.j2
View File

@ -17,6 +17,7 @@ ExecReload=/usr/sbin/haproxy -c -f {{ haproxy_cfg }} -f {{ haproxy_user_group_cf
ExecReload=/bin/kill -USR2 $MAINPID
KillMode=mixed
Restart=always
LimitNOFILE=2097152
[Install]
WantedBy=multi-user.target

5
octavia/common/constants.py
View File

@ -372,6 +372,11 @@ NO_CHECK = 'no check'
# NO_CHECK = no health monitor is enabled
HAPROXY_MEMBER_STATUSES = (UP, DOWN, DRAIN, MAINT, NO_CHECK)
# Current maximum number of conccurent connections in HAProxy.
# This is limited by the systemd "LimitNOFILE" and
# the sysctl fs.file-max fs.nr_open settings in the image
HAPROXY_MAX_MAXCONN = 1000000
# Quota Constants
QUOTA_UNLIMITED = -1
MIN_QUOTA = QUOTA_UNLIMITED

5
octavia/common/jinja/haproxy/jinja_cfg.py
View File

@ -166,6 +166,9 @@ class JinjaTemplater(object):
# the global value trivial.
if listener.connection_limit and listener.connection_limit > -1:
ret_value['global_connection_limit'] = listener.connection_limit
else:
ret_value['global_connection_limit'] = (
constants.HAPROXY_MAX_MAXCONN)
return ret_value
def _transform_amphora(self, amphora):
@ -204,6 +207,8 @@ class JinjaTemplater(object):
}
if listener.connection_limit and listener.connection_limit > -1:
ret_value['connection_limit'] = listener.connection_limit
else:
ret_value['connection_limit'] = constants.HAPROXY_MAX_MAXCONN
if listener.tls_certificate_id:
ret_value['default_tls_path'] = '%s.pem' % (
os.path.join(self.base_crt_dir,

18
octavia/tests/unit/amphorae/backends/agent/api_server/test_haproxy_compatibility.py
View File

@ -15,6 +15,7 @@
import mock
from octavia.amphorae.backends.agent.api_server import haproxy_compatibility
from octavia.common import constants
import octavia.tests.unit.base as base
from octavia.tests.unit.common.sample_configs import sample_configs
@ -32,7 +33,7 @@ class HAProxyCompatTestCase(base.TestCase):
" log /dev/log local1 notice\n"
" stats socket /var/lib/octavia/sample_listener_id_1.sock"
" mode 0666 level user\n"
" maxconn 98\n\n"
" maxconn {maxconn}\n\n"
"defaults\n"
" log global\n"
" retries 3\n"
@ -42,10 +43,11 @@ class HAProxyCompatTestCase(base.TestCase):
" timeout server 50000\n\n\n\n"
"frontend sample_listener_id_1\n"
" option httplog\n"
" maxconn 98\n"
" maxconn {maxconn}\n"
" bind 10.0.0.2:80\n"
" mode http\n"
" default_backend sample_pool_id_1\n\n")
" default_backend sample_pool_id_1\n\n").format(
maxconn=constants.HAPROXY_MAX_MAXCONN)
self.backend_without_external = (
"backend sample_pool_id_1\n"
" mode http\n"
@ -54,11 +56,12 @@ class HAProxyCompatTestCase(base.TestCase):
" timeout check 31\n"
" option httpchk GET /index.html\n"
" http-check expect rstatus 418\n"
" fullconn 98\n"
" fullconn {maxconn}\n"
" server sample_member_id_1 10.0.0.99:82 weight 13 "
"check inter 30s fall 3 rise 2 cookie sample_member_id_1\n"
" server sample_member_id_2 10.0.0.98:82 weight 13 "
"check inter 30s fall 3 rise 2 cookie sample_member_id_2\n")
"check inter 30s fall 3 rise 2 cookie sample_member_id_2"
"\n").format(maxconn=constants.HAPROXY_MAX_MAXCONN)
self.backend_with_external = (
"backend sample_pool_id_1\n"
" mode http\n"
@ -67,13 +70,14 @@ class HAProxyCompatTestCase(base.TestCase):
" timeout check 31\n"
" option httpchk GET /index.html\n"
" http-check expect rstatus 418\n"
" fullconn 98\n"
" fullconn {maxconn}\n"
" option external-check\n"
" external-check command /var/lib/octavia/ping-wrapper.sh\n"
" server sample_member_id_1 10.0.0.99:82 weight 13 "
"check inter 30s fall 3 rise 2 cookie sample_member_id_1\n"
" server sample_member_id_2 10.0.0.98:82 weight 13 "
"check inter 30s fall 3 rise 2 cookie sample_member_id_2\n")
"check inter 30s fall 3 rise 2 cookie sample_member_id_2"
"\n").format(maxconn=constants.HAPROXY_MAX_MAXCONN)
@mock.patch('subprocess.check_output')
def test_get_haproxy_versions(self, mock_process):

178
octavia/tests/unit/common/jinja/haproxy/test_jinja_cfg.py
View File

@ -13,6 +13,7 @@
# License for the specific language governing permissions and limitations
# under the License.
from octavia.common import constants
from octavia.common.jinja.haproxy import jinja_cfg
from octavia.tests.unit import base
from octavia.tests.unit.common.sample_configs import sample_configs
@ -32,14 +33,15 @@ class TestHaproxyCfg(base.TestCase):
def test_render_template_tls(self):
fe = ("frontend sample_listener_id_1\n"
" option httplog\n"
" maxconn 98\n"
" redirect scheme https if !{ ssl_fc }\n"
" maxconn {maxconn}\n"
" redirect scheme https if !{{ ssl_fc }}\n"
" bind 10.0.0.2:443 "
"ssl crt /var/lib/octavia/certs/"
"sample_listener_id_1/tls_container_id.pem "
"crt /var/lib/octavia/certs/sample_listener_id_1\n"
" mode http\n"
" default_backend sample_pool_id_1\n\n")
" default_backend sample_pool_id_1\n\n").format(
maxconn=constants.HAPROXY_MAX_MAXCONN)
be = ("backend sample_pool_id_1\n"
" mode http\n"
" balance roundrobin\n"
@ -47,13 +49,14 @@ class TestHaproxyCfg(base.TestCase):
" timeout check 31s\n"
" option httpchk GET /index.html\n"
" http-check expect rstatus 418\n"
" fullconn 98\n"
" fullconn {maxconn}\n"
" server sample_member_id_1 10.0.0.99:82 "
"weight 13 check inter 30s fall 3 rise 2 "
"cookie sample_member_id_1\n"
" server sample_member_id_2 10.0.0.98:82 "
"weight 13 check inter 30s fall 3 rise 2 cookie "
"sample_member_id_2\n\n")
"sample_member_id_2\n\n").format(
maxconn=constants.HAPROXY_MAX_MAXCONN)
tls_tupe = sample_configs.sample_tls_container_tuple(
id='tls_container_id',
certificate='imaCert1', private_key='imaPrivateKey1',
@ -71,13 +74,14 @@ class TestHaproxyCfg(base.TestCase):
def test_render_template_tls_no_sni(self):
fe = ("frontend sample_listener_id_1\n"
" option httplog\n"
" maxconn 98\n"
" redirect scheme https if !{ ssl_fc }\n"
" maxconn {maxconn}\n"
" redirect scheme https if !{{ ssl_fc }}\n"
" bind 10.0.0.2:443 "
"ssl crt /var/lib/octavia/certs/"
"sample_listener_id_1/tls_container_id.pem\n"
" mode http\n"
" default_backend sample_pool_id_1\n\n")
" default_backend sample_pool_id_1\n\n").format(
maxconn=constants.HAPROXY_MAX_MAXCONN)
be = ("backend sample_pool_id_1\n"
" mode http\n"
" balance roundrobin\n"
@ -85,13 +89,14 @@ class TestHaproxyCfg(base.TestCase):
" timeout check 31s\n"
" option httpchk GET /index.html\n"
" http-check expect rstatus 418\n"
" fullconn 98\n"
" fullconn {maxconn}\n"
" server sample_member_id_1 10.0.0.99:82 "
"weight 13 check inter 30s fall 3 rise 2 "
"cookie sample_member_id_1\n"
" server sample_member_id_2 10.0.0.98:82 "
"weight 13 check inter 30s fall 3 rise 2 "
"cookie sample_member_id_2\n\n")
"cookie sample_member_id_2\n\n").format(
maxconn=constants.HAPROXY_MAX_MAXCONN)
rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
sample_configs.sample_amphora_tuple(),
sample_configs.sample_listener_tuple(
@ -114,13 +119,14 @@ class TestHaproxyCfg(base.TestCase):
" timeout check 31s\n"
" option httpchk GET /index.html\n"
" http-check expect rstatus 418\n"
" fullconn 98\n"
" fullconn {maxconn}\n"
" server sample_member_id_1 10.0.0.99:82 "
"weight 13 check inter 30s fall 3 rise 2 "
"cookie sample_member_id_1\n"
" server sample_member_id_2 10.0.0.98:82 "
"weight 13 check inter 30s fall 3 rise 2 "
"cookie sample_member_id_2\n\n")
"cookie sample_member_id_2\n\n").format(
maxconn=constants.HAPROXY_MAX_MAXCONN)
rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
sample_configs.sample_amphora_tuple(),
sample_configs.sample_listener_tuple())
@ -136,7 +142,7 @@ class TestHaproxyCfg(base.TestCase):
" timeout check 31s\n"
" option httpchk GET /index.html\n"
" http-check expect rstatus 418\n"
" fullconn 98\n"
" fullconn {maxconn}\n"
" server sample_member_id_1 10.0.0.99:82 "
"weight 13 check inter 30s fall 3 rise 2 "
"addr 192.168.1.1 port 9000 "
@ -144,7 +150,8 @@ class TestHaproxyCfg(base.TestCase):
" server sample_member_id_2 10.0.0.98:82 "
"weight 13 check inter 30s fall 3 rise 2 "
"addr 192.168.1.1 port 9000 "
"cookie sample_member_id_2\n\n")
"cookie sample_member_id_2\n\n").format(
maxconn=constants.HAPROXY_MAX_MAXCONN)
rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
sample_configs.sample_amphora_tuple(),
sample_configs.sample_listener_tuple(monitor_ip_port=True))
@ -155,10 +162,11 @@ class TestHaproxyCfg(base.TestCase):
def test_render_template_https_real_monitor(self):
fe = ("frontend sample_listener_id_1\n"
" option tcplog\n"
" maxconn 98\n"
" maxconn {maxconn}\n"
" bind 10.0.0.2:443\n"
" mode tcp\n"
" default_backend sample_pool_id_1\n\n")
" default_backend sample_pool_id_1\n\n").format(
maxconn=constants.HAPROXY_MAX_MAXCONN)
be = ("backend sample_pool_id_1\n"
" mode tcp\n"
" balance roundrobin\n"
@ -166,13 +174,14 @@ class TestHaproxyCfg(base.TestCase):
" timeout check 31s\n"
" option httpchk GET /index.html\n"
" http-check expect rstatus 418\n"
" fullconn 98\n"
" fullconn {maxconn}\n"
" server sample_member_id_1 10.0.0.99:82 "
"weight 13 check check-ssl verify none inter 30s fall 3 rise 2 "
"cookie sample_member_id_1\n"
" server sample_member_id_2 10.0.0.98:82 "
"weight 13 check check-ssl verify none inter 30s fall 3 rise 2 "
"cookie sample_member_id_2\n\n")
"cookie sample_member_id_2\n\n").format(
maxconn=constants.HAPROXY_MAX_MAXCONN)
rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
sample_configs.sample_amphora_tuple(),
sample_configs.sample_listener_tuple(proto='HTTPS'))
@ -182,23 +191,25 @@ class TestHaproxyCfg(base.TestCase):
def test_render_template_https_hello_monitor(self):
fe = ("frontend sample_listener_id_1\n"
" option tcplog\n"
" maxconn 98\n"
" maxconn {maxconn}\n"
" bind 10.0.0.2:443\n"
" mode tcp\n"
" default_backend sample_pool_id_1\n\n")
" default_backend sample_pool_id_1\n\n").format(
maxconn=constants.HAPROXY_MAX_MAXCONN)
be = ("backend sample_pool_id_1\n"
" mode tcp\n"
" balance roundrobin\n"
" cookie SRV insert indirect nocache\n"
" timeout check 31s\n"
" option ssl-hello-chk\n"
" fullconn 98\n"
" fullconn {maxconn}\n"
" server sample_member_id_1 10.0.0.99:82 "
"weight 13 check inter 30s fall 3 rise 2 "
"cookie sample_member_id_1\n"
" server sample_member_id_2 10.0.0.98:82 "
"weight 13 check inter 30s fall 3 rise 2 "
"cookie sample_member_id_2\n\n")
"cookie sample_member_id_2\n\n").format(
maxconn=constants.HAPROXY_MAX_MAXCONN)
rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
sample_configs.sample_amphora_tuple(),
sample_configs.sample_listener_tuple(
@ -211,11 +222,12 @@ class TestHaproxyCfg(base.TestCase):
" mode http\n"
" balance roundrobin\n"
" cookie SRV insert indirect nocache\n"
" fullconn 98\n"
" fullconn {maxconn}\n"
" server sample_member_id_1 10.0.0.99:82 weight 13 "
"cookie sample_member_id_1\n"
" server sample_member_id_2 10.0.0.98:82 weight 13 "
"cookie sample_member_id_2\n\n")
"cookie sample_member_id_2\n\n").format(
maxconn=constants.HAPROXY_MAX_MAXCONN)
rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
sample_configs.sample_amphora_tuple(),
sample_configs.sample_listener_tuple(proto='HTTP', monitor=False))
@ -230,14 +242,16 @@ class TestHaproxyCfg(base.TestCase):
" timeout check 31s\n"
" option external-check\n"
" external-check command /var/lib/octavia/ping-wrapper.sh\n"
" fullconn 98\n"
" fullconn {maxconn}\n"
" server sample_member_id_1 10.0.0.99:82 "
"weight 13 check inter 30s fall 3 rise 2 "
"cookie sample_member_id_1\n"
" server sample_member_id_2 10.0.0.98:82 "
"weight 13 check inter 30s fall 3 rise 2 "
"cookie sample_member_id_2\n\n")
go = " maxconn 98\n external-check\n\n"
"cookie sample_member_id_2\n\n").format(
maxconn=constants.HAPROXY_MAX_MAXCONN)
go = " maxconn {maxconn}\n external-check\n\n".format(
maxconn=constants.HAPROXY_MAX_MAXCONN)
rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
sample_configs.sample_amphora_tuple(),
sample_configs.sample_listener_tuple(proto='HTTP',
@ -248,19 +262,21 @@ class TestHaproxyCfg(base.TestCase):
def test_render_template_no_monitor_https(self):
fe = ("frontend sample_listener_id_1\n"
" option tcplog\n"
" maxconn 98\n"
" maxconn {maxconn}\n"
" bind 10.0.0.2:443\n"
" mode tcp\n"
" default_backend sample_pool_id_1\n\n")
" default_backend sample_pool_id_1\n\n").format(
maxconn=constants.HAPROXY_MAX_MAXCONN)
be = ("backend sample_pool_id_1\n"
" mode tcp\n"
" balance roundrobin\n"
" cookie SRV insert indirect nocache\n"
" fullconn 98\n"
" fullconn {maxconn}\n"
" server sample_member_id_1 10.0.0.99:82 weight 13 "
"cookie sample_member_id_1\n"
" server sample_member_id_2 10.0.0.98:82 weight 13 "
"cookie sample_member_id_2\n\n")
"cookie sample_member_id_2\n\n").format(
maxconn=constants.HAPROXY_MAX_MAXCONN)
rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
sample_configs.sample_amphora_tuple(),
sample_configs.sample_listener_tuple(proto='HTTPS', monitor=False))
@ -270,16 +286,18 @@ class TestHaproxyCfg(base.TestCase):
def test_render_template_no_persistence_https(self):
fe = ("frontend sample_listener_id_1\n"
" option tcplog\n"
" maxconn 98\n"
" maxconn {maxconn}\n"
" bind 10.0.0.2:443\n"
" mode tcp\n"
" default_backend sample_pool_id_1\n\n")
" default_backend sample_pool_id_1\n\n").format(
maxconn=constants.HAPROXY_MAX_MAXCONN)
be = ("backend sample_pool_id_1\n"
" mode tcp\n"
" balance roundrobin\n"
" fullconn 98\n"
" fullconn {maxconn}\n"
" server sample_member_id_1 10.0.0.99:82 weight 13\n"
" server sample_member_id_2 10.0.0.98:82 weight 13\n\n")
" server sample_member_id_2 10.0.0.98:82 "
"weight 13\n\n").format(maxconn=constants.HAPROXY_MAX_MAXCONN)
rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
sample_configs.sample_amphora_tuple(),
sample_configs.sample_listener_tuple(proto='HTTPS', monitor=False,
@ -291,9 +309,10 @@ class TestHaproxyCfg(base.TestCase):
be = ("backend sample_pool_id_1\n"
" mode http\n"
" balance roundrobin\n"
" fullconn 98\n"
" fullconn {maxconn}\n"
" server sample_member_id_1 10.0.0.99:82 weight 13\n"
" server sample_member_id_2 10.0.0.98:82 weight 13\n\n")
" server sample_member_id_2 10.0.0.98:82 "
"weight 13\n\n").format(maxconn=constants.HAPROXY_MAX_MAXCONN)
rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
sample_configs.sample_amphora_tuple(),
sample_configs.sample_listener_tuple(proto='HTTP', monitor=False,
@ -310,11 +329,12 @@ class TestHaproxyCfg(base.TestCase):
" timeout check 31s\n"
" option httpchk GET /index.html\n"
" http-check expect rstatus 418\n"
" fullconn 98\n"
" fullconn {maxconn}\n"
" server sample_member_id_1 10.0.0.99:82 "
"weight 13 check inter 30s fall 3 rise 2\n"
" server sample_member_id_2 10.0.0.98:82 "
"weight 13 check inter 30s fall 3 rise 2\n\n")
"weight 13 check inter 30s fall 3 rise 2\n\n").format(
maxconn=constants.HAPROXY_MAX_MAXCONN)
rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
sample_configs.sample_amphora_tuple(),
sample_configs.sample_listener_tuple(
@ -333,11 +353,12 @@ class TestHaproxyCfg(base.TestCase):
" timeout check 31s\n"
" option httpchk GET /index.html\n"
" http-check expect rstatus 418\n"
" fullconn 98\n"
" fullconn {maxconn}\n"
" server sample_member_id_1 10.0.0.99:82 "
"weight 13 check inter 30s fall 3 rise 2\n"
" server sample_member_id_2 10.0.0.98:82 "
"weight 13 check inter 30s fall 3 rise 2\n\n")
"weight 13 check inter 30s fall 3 rise 2\n\n").format(
maxconn=constants.HAPROXY_MAX_MAXCONN)
rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
sample_configs.sample_amphora_tuple(),
sample_configs.sample_listener_tuple(
@ -347,10 +368,58 @@ class TestHaproxyCfg(base.TestCase):
sample_configs.sample_base_expected_config(backend=be),
rendered_obj)
def test_render_template_unlimited_connections(self):
fe = ("frontend sample_listener_id_1\n"
" option tcplog\n"
" maxconn {maxconn}\n"
" bind 10.0.0.2:443\n"
" mode tcp\n"
" default_backend sample_pool_id_1\n\n").format(
maxconn=constants.HAPROXY_MAX_MAXCONN)
be = ("backend sample_pool_id_1\n"
" mode tcp\n"
" balance roundrobin\n"
" cookie SRV insert indirect nocache\n"
" fullconn {maxconn}\n"
" server sample_member_id_1 10.0.0.99:82 weight 13 "
"cookie sample_member_id_1\n"
" server sample_member_id_2 10.0.0.98:82 weight 13 "
"cookie sample_member_id_2\n\n").format(
maxconn=constants.HAPROXY_MAX_MAXCONN)
rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
sample_configs.sample_amphora_tuple(),
sample_configs.sample_listener_tuple(proto='HTTPS', monitor=False))
self.assertEqual(sample_configs.sample_base_expected_config(
frontend=fe, backend=be), rendered_obj)
def test_render_template_limited_connections(self):
fe = ("frontend sample_listener_id_1\n"
" option tcplog\n"
" maxconn 2014\n"
" bind 10.0.0.2:443\n"
" mode tcp\n"
" default_backend sample_pool_id_1\n\n")
be = ("backend sample_pool_id_1\n"
" mode tcp\n"
" balance roundrobin\n"
" cookie SRV insert indirect nocache\n"
" fullconn 2014\n"
" server sample_member_id_1 10.0.0.99:82 weight 13 "
"cookie sample_member_id_1\n"
" server sample_member_id_2 10.0.0.98:82 weight 13 "
"cookie sample_member_id_2\n\n")
g_opts = " maxconn 2014\n\n"
rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
sample_configs.sample_amphora_tuple(),
sample_configs.sample_listener_tuple(proto='HTTPS', monitor=False,
connection_limit=2014))
self.assertEqual(sample_configs.sample_base_expected_config(
frontend=fe, backend=be, global_opts=g_opts), rendered_obj)
def test_render_template_l7policies(self):
fe = ("frontend sample_listener_id_1\n"
" option httplog\n"
" maxconn 98\n"
" maxconn {maxconn}\n"
" bind 10.0.0.2:80\n"
" mode http\n"
" acl sample_l7rule_id_1 path -m beg /api\n"
@ -366,7 +435,8 @@ class TestHaproxyCfg(base.TestCase):
".example.com\n"
" http-request deny if sample_l7rule_id_4 "
"sample_l7rule_id_5\n"
" default_backend sample_pool_id_1\n\n")
" default_backend sample_pool_id_1\n\n").format(
maxconn=constants.HAPROXY_MAX_MAXCONN)
be = ("backend sample_pool_id_1\n"
" mode http\n"
" balance roundrobin\n"
@ -374,7 +444,7 @@ class TestHaproxyCfg(base.TestCase):
" timeout check 31s\n"
" option httpchk GET /index.html\n"
" http-check expect rstatus 418\n"
" fullconn 98\n"
" fullconn {maxconn}\n"
" server sample_member_id_1 10.0.0.99:82 weight 13 check "
"inter 30s fall 3 rise 2 cookie sample_member_id_1\n"
" server sample_member_id_2 10.0.0.98:82 weight 13 check "
@ -387,9 +457,10 @@ class TestHaproxyCfg(base.TestCase):
" timeout check 31s\n"
" option httpchk GET /healthmon.html\n"
" http-check expect rstatus 418\n"
" fullconn 98\n"
" fullconn {maxconn}\n"
" server sample_member_id_3 10.0.0.97:82 weight 13 check "
"inter 30s fall 3 rise 2 cookie sample_member_id_3\n\n")
"inter 30s fall 3 rise 2 cookie sample_member_id_3\n\n").format(
maxconn=constants.HAPROXY_MAX_MAXCONN)
rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
sample_configs.sample_amphora_tuple(),
sample_configs.sample_listener_tuple(l7=True))
@ -405,13 +476,14 @@ class TestHaproxyCfg(base.TestCase):
" option httpchk GET /index.html\n"
" http-check expect rstatus 418\n"
" option forwardfor\n"
" fullconn 98\n"
" fullconn {maxconn}\n"
" server sample_member_id_1 10.0.0.99:82 "
"weight 13 check inter 30s fall 3 rise 2 "
"cookie sample_member_id_1\n"
" server sample_member_id_2 10.0.0.98:82 "
"weight 13 check inter 30s fall 3 rise 2 "
"cookie sample_member_id_2\n\n")
"cookie sample_member_id_2\n\n").format(
maxconn=constants.HAPROXY_MAX_MAXCONN)
rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
sample_configs.sample_amphora_tuple(),
sample_configs.sample_listener_tuple(
@ -430,13 +502,14 @@ class TestHaproxyCfg(base.TestCase):
" http-check expect rstatus 418\n"
" option forwardfor\n"
" http-request set-header X-Forwarded-Port %[dst_port]\n"
" fullconn 98\n"
" fullconn {maxconn}\n"
" server sample_member_id_1 10.0.0.99:82 "
"weight 13 check inter 30s fall 3 rise 2 "
"cookie sample_member_id_1\n"
" server sample_member_id_2 10.0.0.98:82 "
"weight 13 check inter 30s fall 3 rise 2 "
"cookie sample_member_id_2\n\n")
"cookie sample_member_id_2\n\n").format(
maxconn=constants.HAPROXY_MAX_MAXCONN)
rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
sample_configs.sample_amphora_tuple(),
sample_configs.sample_listener_tuple(
@ -452,13 +525,14 @@ class TestHaproxyCfg(base.TestCase):
" balance roundrobin\n"
" cookie SRV insert indirect nocache\n"
" timeout check 31s\n"
" fullconn 98\n"
" fullconn {maxconn}\n"
" server sample_member_id_1 10.0.0.99:82 "
"weight 13 check inter 30s fall 3 rise 2 "
"cookie sample_member_id_1 send-proxy\n"
" server sample_member_id_2 10.0.0.98:82 "
"weight 13 check inter 30s fall 3 rise 2 "
"cookie sample_member_id_2 send-proxy\n\n")
"cookie sample_member_id_2 send-proxy\n\n").format(
maxconn=constants.HAPROXY_MAX_MAXCONN)
rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
sample_configs.sample_amphora_tuple(),
sample_configs.sample_listener_tuple(

33
octavia/tests/unit/common/sample_configs/sample_configs.py
View File

@ -235,7 +235,7 @@ RET_LISTENER = {
'protocol': 'HTTP',
'protocol_mode': 'http',
'default_pool': RET_POOL_1,
'connection_limit': 98,
'connection_limit': constants.HAPROXY_MAX_MAXCONN,
'amphorae': [sample_amphora_tuple()],
'peer_port': 1024,
'topology': 'SINGLE',
@ -250,7 +250,7 @@ RET_LISTENER_L7 = {
'protocol': 'HTTP',
'protocol_mode': 'http',
'default_pool': RET_POOL_1,
'connection_limit': 98,
'connection_limit': constants.HAPROXY_MAX_MAXCONN,
'amphorae': [sample_amphora_tuple()],
'peer_port': 1024,
'topology': 'SINGLE',
@ -266,7 +266,7 @@ RET_LISTENER_TLS = {
'protocol': 'TERMINATED_HTTPS',
'protocol_mode': 'http',
'default_pool': RET_POOL_1,
'connection_limit': 98,
'connection_limit': constants.HAPROXY_MAX_MAXCONN,
'tls_certificate_id': 'cont_id_1',
'default_tls_path': '/etc/ssl/sample_loadbalancer_id_1/fakeCN.pem',
'default_tls_container': RET_DEF_TLS_CONT,
@ -281,7 +281,7 @@ RET_LISTENER_TLS_SNI = {
'protocol': 'http',
'protocol': 'TERMINATED_HTTPS',
'default_pool': RET_POOL_1,
'connection_limit': 98,
'connection_limit': constants.HAPROXY_MAX_MAXCONN,
'tls_certificate_id': 'cont_id_1',
'default_tls_path': '/etc/ssl/sample_loadbalancer_id_1/fakeCN.pem',
'default_tls_container': RET_DEF_TLS_CONT,
@ -312,21 +312,21 @@ RET_LB = {
'listener': RET_LISTENER,
'topology': 'SINGLE',
'enabled': True,
'global_connection_limit': 98}
'global_connection_limit': constants.HAPROXY_MAX_MAXCONN}
RET_LB_TLS = {
'name': 'test-lb',
'vip_address': '10.0.0.2',
'listener': RET_LISTENER_TLS,
'enabled': True,
'global_connection_limit': 98}
'global_connection_limit': constants.HAPROXY_MAX_MAXCONN}
RET_LB_TLS_SNI = {
'name': 'test-lb',
'vip_address': '10.0.0.2',
'listener': RET_LISTENER_TLS_SNI,
'enabled': True,
'global_connection_limit': 98}
'global_connection_limit': constants.HAPROXY_MAX_MAXCONN}
RET_LB_L7 = {
'host_amphora': RET_AMPHORA,
@ -335,7 +335,7 @@ RET_LB_L7 = {
'listener': RET_LISTENER_L7,
'topology': 'SINGLE',
'enabled': True,
'global_connection_limit': 98}
'global_connection_limit': constants.HAPROXY_MAX_MAXCONN}
def sample_loadbalancer_tuple(proto=None, monitor=True, persistence=True,
@ -406,7 +406,7 @@ def sample_listener_tuple(proto=None, monitor=True, persistence=True,
tls=False, sni=False, peer_port=None, topology=None,
l7=False, enabled=True, insert_headers=None,
be_proto=None, monitor_ip_port=False,
monitor_proto=None):
monitor_proto=None, connection_limit=-1):
proto = 'HTTP' if proto is None else proto
if be_proto is None:
be_proto = 'HTTP' if proto is 'TERMINATED_HTTPS' else proto
@ -460,7 +460,7 @@ def sample_listener_tuple(proto=None, monitor=True, persistence=True,
persistence_type=persistence_type,
persistence_cookie=persistence_cookie,
monitor_ip_port=monitor_ip_port, monitor_proto=monitor_proto),
connection_limit=98,
connection_limit=connection_limit,
tls_certificate_id='cont_id_1' if tls else '',
sni_container_ids=['cont_id_2', 'cont_id_3'] if sni else [],
default_tls_container=sample_tls_container_tuple(
@ -700,10 +700,11 @@ def sample_base_expected_config(frontend=None, backend=None,
if frontend is None:
frontend = ("frontend sample_listener_id_1\n"
" option httplog\n"
" maxconn 98\n"
" maxconn {maxconn}\n"
" bind 10.0.0.2:80\n"
" mode http\n"
" default_backend sample_pool_id_1\n\n")
" default_backend sample_pool_id_1\n\n").format(
maxconn=constants.HAPROXY_MAX_MAXCONN)
if backend is None:
backend = ("backend sample_pool_id_1\n"
" mode http\n"
@ -712,15 +713,17 @@ def sample_base_expected_config(frontend=None, backend=None,
" timeout check 31\n"
" option httpchk GET /index.html\n"
" http-check expect rstatus 418\n"
" fullconn 98\n"
" fullconn {maxconn}\n"
" server sample_member_id_1 10.0.0.99:82 weight 13 "
"check inter 30s fall 3 rise 2 cookie sample_member_id_1\n"
" server sample_member_id_2 10.0.0.98:82 weight 13 "
"check inter 30s fall 3 rise 2 cookie sample_member_id_2\n")
"check inter 30s fall 3 rise 2 cookie sample_member_id_2\n"
"\n").format(maxconn=constants.HAPROXY_MAX_MAXCONN)
if peers is None:
peers = "\n\n"
if global_opts is None:
global_opts = " maxconn 98\n\n"
global_opts = " maxconn {maxconn}\n\n".format(
maxconn=constants.HAPROXY_MAX_MAXCONN)
return ("# Configuration for test-lb\n"
"global\n"
" daemon\n"

7
releasenotes/notes/fix-unlimited-connection-limit-48079688de033c1a.yaml Normal file
View File

@ -0,0 +1,7 @@
---
fixes:
- |
Fixes a bug where unspecified or unlimited listener connection limit
settings would lead to a 2000 connection limit when using the
amphora/octavia driver. This was the compiled in connection limit
in some HAproxy packages.