Add haproxy rate_limit sticks
Extends haproxy rate_limit settings using acls/request/backend sticks and stick table
haproxy:
proxy:
listen:
nova_metadata_api:
options:
- httplog
rate_limit:
enabled: true
type: string
len: 36
size: 12m
duration: 10s
acls:
101:
enabled: true
value: acl too_many_requests_3 sc0_gpc0_rate() gt 3
102:
enabled: true
value: acl mark_seen sc0_inc_gpc0 gt 0
110:
enabled: true
value: acl x_instance_id hdr(x-instance-id) -i 4777e8e0-16e8-46ce-a3fe-0a1ad9b3ebdc
111:
enabled: true
value: acl x_instance_id hdr(x-instance-id) -i ca2395dd-f73f-4d43-8fe7-f7078a0920af
201:
enabled: true
value: acl too_many_requests_6 sc0_gpc0_rate() gt 6
202:
enabled: true
value: acl mark_seen sc0_inc_gpc0 gt 0
210:
enabled: true
value: acl x_tenant_id hdr(x-tenant-id) -i 2b76cc56a437404bb8cb6cb20dbb0ea4
tcp_request:
001:
enabled: true
value: tcp-request inspect-delay 5s
101:
enabled: true
value: tcp-request content track-sc0 hdr(x-instance-id) if ! too_many_requests_3
201:
enabled: true
value: tcp-request content track-sc0 hdr(x-tenant-id) if ! too_many_requests_6
use_backend:
101:
enabled: true
value: use_backend nova_metadata_api-rate_limit if mark_seen too_many_requests_3 x_instance_id
201:
enabled: true
value: use_backend nova_metadata_api-rate_limit if mark_seen too_many_requests_6 x_tenant_id
Change-Id: I72a1b4feb1930a5f39174c0ab6759f39df8c702d
Related-Prod: PROD-26891
(cherry picked from commit ff29026efdb429b007823aa2dd149356f87a827d)
diff --git a/tests/pillar/single_rate_limiting.sls b/tests/pillar/single_rate_limiting.sls
index 921bc0d..0b6ae8b 100644
--- a/tests/pillar/single_rate_limiting.sls
+++ b/tests/pillar/single_rate_limiting.sls
@@ -61,6 +61,73 @@
params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
port: 8776
type: http
+ nova_metadata_api2:
+ binds:
+ - address: 127.0.0.1
+ port: 8777
+ format: listen
+ options:
+ - httplog
+ rate_limit:
+ enabled: true
+ type: string
+ len: 36
+ size: 12m
+ duration: 10
+ acls:
+ 101:
+ enabled: true
+ value: acl too_many_requests_3 sc0_gpc0_rate() gt 3
+ 102:
+ enabled: true
+ value: acl mark_seen sc0_inc_gpc0 gt 0
+ 110:
+ enabled: true
+ value: acl x_instance_id hdr(x-instance-id) -i 4777e8e0-16e8-46ce-a3fe-0a1ad9b3ebdc
+ 111:
+ enabled: true
+ value: acl x_instance_id hdr(x-instance-id) -i ca2395dd-f73f-4d43-8fe7-f7078a0920af
+ 201:
+ enabled: true
+ value: acl too_many_requests_6 sc0_gpc0_rate() gt 6
+ 202:
+ enabled: true
+ value: acl mark_seen sc0_inc_gpc0 gt 0
+ 210:
+ enabled: true
+ value: acl x_tenant_id hdr(x-tenant-id) -i 2b76cc56a437404bb8cb6cb20dbb0ea4
+ tcp_request:
+ 001:
+ enabled: true
+ value: tcp-request inspect-delay 5s
+ 101:
+ enabled: true
+ value: tcp-request content track-sc0 hdr(x-instance-id) if ! too_many_requests_3
+ 201:
+ enabled: true
+ value: tcp-request content track-sc0 hdr(x-tenant-id) if ! too_many_requests_6
+ use_backend:
+ 101:
+ enabled: true
+ value: use_backend nova_metadata_api2-rate_limit if mark_seen too_many_requests_3 x_instance_id
+ 201:
+ enabled: true
+ value: use_backend nova_metadata_api2-rate_limit if mark_seen too_many_requests_6 x_tenant_id
+ servers:
+ - host: 127.0.0.1
+ name: ctl01
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ port: 8777
+ - host: 127.0.0.1
+ name: ctl02
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ port: 8777
+ - host: 127.0.0.1
+ name: ctl03
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ port: 8777
+ type: http
+
# For haproxy/meta/sensu.yml
linux:
network: