Merge "Distribute slow REQs to 2nd USM service backend"
This commit is contained in:
commit
33ae0f5c72
|
@ -155,7 +155,7 @@ class platform::docker::haproxy
|
|||
public_port => $registry_port,
|
||||
private_port => $registry_port,
|
||||
x_forwarded_proto => false,
|
||||
tcp_mode => true,
|
||||
mode_option => 'tcp',
|
||||
}
|
||||
|
||||
platform::haproxy::proxy { 'docker-token':
|
||||
|
@ -163,7 +163,7 @@ class platform::docker::haproxy
|
|||
public_port => $token_port,
|
||||
private_port => $token_port,
|
||||
x_forwarded_proto => false,
|
||||
tcp_mode => true,
|
||||
mode_option => 'tcp',
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -25,7 +25,8 @@ define platform::haproxy::proxy (
|
|||
$enable_https = undef,
|
||||
$https_ep_type = undef,
|
||||
$public_api = true,
|
||||
$tcp_mode = false,
|
||||
$mode_option = undef,
|
||||
$acl_option = {},
|
||||
) {
|
||||
include ::platform::haproxy::params
|
||||
|
||||
|
@ -63,12 +64,6 @@ define platform::haproxy::proxy (
|
|||
$hsts_option = undef
|
||||
}
|
||||
|
||||
if $tcp_mode {
|
||||
$mode_option = 'tcp'
|
||||
} else {
|
||||
$mode_option = undef
|
||||
}
|
||||
|
||||
if $public_ip_address {
|
||||
$public_ip = $public_ip_address
|
||||
} else {
|
||||
|
@ -102,19 +97,22 @@ define platform::haproxy::proxy (
|
|||
$hsts_option_header = undef
|
||||
}
|
||||
|
||||
$options = {
|
||||
'default_backend' => "${name}-internal",
|
||||
'timeout' => $real_client_timeout,
|
||||
'mode' => $mode_option,
|
||||
'http-request' => $proto_header,
|
||||
'http-response' => $hsts_option_header,
|
||||
}
|
||||
|
||||
$all_options = $options + $acl_option
|
||||
haproxy::frontend { $name:
|
||||
collect_exported => false,
|
||||
name => $name,
|
||||
bind => {
|
||||
"${public_ip}:${public_port}" => $ssl_option,
|
||||
},
|
||||
options => {
|
||||
'default_backend' => "${name}-internal",
|
||||
'timeout' => $real_client_timeout,
|
||||
'mode' => $mode_option,
|
||||
'http-request' => $proto_header,
|
||||
'http-response' => $hsts_option_header,
|
||||
}
|
||||
options => $all_options
|
||||
}
|
||||
} else {
|
||||
haproxy::frontend { $name:
|
||||
|
@ -151,6 +149,39 @@ define platform::haproxy::proxy (
|
|||
}
|
||||
}
|
||||
|
||||
define platform::haproxy::alt_backend (
|
||||
$backend_name,
|
||||
$server_name,
|
||||
$alt_private_port = undef,
|
||||
$private_ip_address = undef,
|
||||
$server_timeout = undef,
|
||||
$retry_on = undef,
|
||||
$mode_option = undef,
|
||||
) {
|
||||
|
||||
if $private_ip_address {
|
||||
$private_ip = $private_ip_address
|
||||
} else {
|
||||
$private_ip = $::platform::haproxy::params::private_ip_address
|
||||
}
|
||||
|
||||
if $server_timeout {
|
||||
$timeout_option = "server ${server_timeout}"
|
||||
} else {
|
||||
$timeout_option = undef
|
||||
}
|
||||
|
||||
haproxy::backend { $backend_name:
|
||||
collect_exported => false,
|
||||
name => $backend_name,
|
||||
options => {
|
||||
'server' => "${server_name} ${private_ip}:${alt_private_port}",
|
||||
'timeout' => $timeout_option,
|
||||
'mode' => $mode_option,
|
||||
'retry-on' => $retry_on
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
class platform::haproxy::server {
|
||||
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
class platform::usm::params (
|
||||
$private_port = 5497,
|
||||
$private_slow_port = 5499,
|
||||
$public_port = undef,
|
||||
$server_timeout = '600s',
|
||||
$region_name = undef,
|
||||
|
@ -40,16 +41,52 @@ class platform::usm::haproxy
|
|||
include ::platform::params
|
||||
include ::platform::haproxy::params
|
||||
|
||||
# set up alternate backend for handling slow requests.
|
||||
# slow requests are PUT, POST or DELETE + precheck requests
|
||||
# which are anticipated to take multiple seconds to process.
|
||||
# USM API handles the slow requests in a separated thread, so that
|
||||
# typical queries are not blocked.
|
||||
$alt_backend_name = 'alt-usm-restapi-internal'
|
||||
platform::haproxy::alt_backend { 'usm-restapi':
|
||||
backend_name => $alt_backend_name,
|
||||
server_name => 's-usm',
|
||||
alt_private_port => $private_slow_port,
|
||||
server_timeout => $server_timeout,
|
||||
mode_option => 'http',
|
||||
}
|
||||
|
||||
$acl_option = {
|
||||
acl => ['is_get method GET', 'precheck path_beg /v1/software/deploy_precheck'],
|
||||
use_backend => "${alt_backend_name} if !is_get || precheck",
|
||||
}
|
||||
|
||||
platform::haproxy::proxy { 'usm-restapi':
|
||||
server_name => 's-usm',
|
||||
public_port => $public_port,
|
||||
private_port => $private_port,
|
||||
server_timeout => $server_timeout,
|
||||
mode_option => 'http',
|
||||
acl_option => $acl_option,
|
||||
}
|
||||
|
||||
# Configure rules for DC https enabled admin endpoint.
|
||||
if ($::platform::params::distributed_cloud_role == 'systemcontroller' or
|
||||
$::platform::params::distributed_cloud_role == 'subcloud') {
|
||||
|
||||
$alt_admin_backend_name = 'alt-usm-restapi-admin-internal'
|
||||
platform::haproxy::alt_backend { 'usm-restapi-admin':
|
||||
backend_name => $alt_admin_backend_name,
|
||||
server_name => 's-usm',
|
||||
alt_private_port => $private_slow_port,
|
||||
server_timeout => $server_timeout,
|
||||
mode_option => 'http',
|
||||
}
|
||||
|
||||
$acl_option_admin = {
|
||||
acl => ['is_get method GET', 'precheck path_beg /v1/software/deploy_precheck'],
|
||||
use_backend => "${alt_admin_backend_name} if !is_get || precheck",
|
||||
}
|
||||
|
||||
platform::haproxy::proxy { 'usm-restapi-admin':
|
||||
https_ep_type => 'admin',
|
||||
server_name => 's-usm',
|
||||
|
@ -57,6 +94,8 @@ class platform::usm::haproxy
|
|||
public_port => $private_port + 1,
|
||||
private_port => $private_port,
|
||||
server_timeout => $server_timeout,
|
||||
mode_option => 'http',
|
||||
acl_option => $acl_option_admin,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue