Fix missing time units for haproxy timeout
- if unit is missing, assume 'ms' and append it
- otherwise use param as is
- also fix sample pillars in README
- add timeout params to test pillars
Fixes: PROD-33213
Change-Id: Ie5074b6df0d05ff690d9b60046b58c0585ade437
(cherry picked from commit 3c7dd06058aadf209cfdbb98139a8f0146e5be8d)
diff --git a/README.rst b/README.rst
index 659d66e..503c2ca 100644
--- a/README.rst
+++ b/README.rst
@@ -48,9 +48,9 @@
enabled: True
maxconn: 1024
timeout:
- connect: 5000
- client: 50000
- server: 50000
+ connect: 5000ms
+ client: 50000ms
+ server: 50000ms
listen:
https-in:
binds:
@@ -65,6 +65,10 @@
port: 8443
params: 'maxconn 256'
+.. note::
+
+ Timeout values are assumed to be defined in 'ms' if no other unit is specifically defined.
+
Sample pillar with custom logging
@@ -75,9 +79,9 @@
enabled: True
maxconn: 1024
timeout:
- connect: 5000
- client: 50000
- server: 50000
+ connect: 5000ms
+ client: 50000ms
+ server: 50000ms
listen:
https-in:
binds:
@@ -92,6 +96,11 @@
port: 8443
params: 'maxconn 256'
+
+.. note::
+
+ Timeout values are assumed to be defined in 'ms' if no other unit is specifically defined.
+
.. code-block:: yaml
haproxy:
@@ -499,9 +508,9 @@
stats_bind_process: "1 2"
maxconn: 1024
timeout:
- connect: 5000
- client: 50000
- server: 50000
+ connect: 5000ms
+ client: 50000ms
+ server: 50000ms
listen:
https-in:
bind_process: "1 2 3 4"
@@ -517,6 +526,10 @@
port: 8443
params: 'maxconn 256'
+.. note::
+
+ Timeout values are assumed to be defined in 'ms' if no other unit is specifically defined.
+
Implement rate limiting, to prevent excessive requests
This feature only works if using 'format: end'
@@ -556,8 +569,8 @@
mode: tcp
balance: roundrobin
timeout:
- check: 10
- client: 20
+ check: 10s
+ client: 20s
http_request:
- action: "add-header X-Forwarded-Proto https"
condition: "if { ssl_fc }"
@@ -603,6 +616,10 @@
- auth admin1:AdMiN123
rate_limit_sessions: 1000
+.. note::
+
+ Timeout values are assumed to be defined in 'ms' if no other unit is specifically defined.
+
Implement rate limiting, to prevent excessive requests
using 'format: listen'
diff --git a/haproxy/files/haproxy.cfg b/haproxy/files/haproxy.cfg
index de8d89c..0dfba08 100644
--- a/haproxy/files/haproxy.cfg
+++ b/haproxy/files/haproxy.cfg
@@ -1,5 +1,9 @@
{%- from "haproxy/map.jinja" import proxy, invalid_section_options with context -%}
+{% macro checktimeout(value) -%}
+ {% if value is number -%}{{ value }}ms{% else -%}{{ value }}{% endif %}
+{%- endmacro -%}
+
global
{%- for param_name, param in proxy.global.items()|sort %} {# Iterate through all global parameters #}
{%- if param is iterable and param is not string and param|length > 0 %} {# Param is a list of values #}
@@ -36,12 +40,12 @@
retries {{ proxy.retries|default(3) }}
stats enable
- timeout http-request {{ proxy.get('timeout', {}).get('http-request','10s') }}
- timeout queue {{ proxy.get('timeout', {}).get('queue', '1m') }}
- timeout connect {{ proxy.get('timeout', {}).get('connect', '10s') }}
- timeout client {{ proxy.get('timeout', {}).get('client', '1m') }}
- timeout server {{ proxy.get('timeout', {}).get('server', '1m') }}
- timeout check {{ proxy.get('timeout', {}).get('check', '10s') }}
+ timeout http-request {{ checktimeout(proxy.get('timeout', {}).get('http-request','10s')) }}
+ timeout queue {{ checktimeout(proxy.get('timeout', {}).get('queue', '1m')) }}
+ timeout connect {{ checktimeout(proxy.get('timeout', {}).get('connect', '10s')) }}
+ timeout client {{ checktimeout(proxy.get('timeout', {}).get('client', '1m')) }}
+ timeout server {{ checktimeout(proxy.get('timeout', {}).get('server', '1m')) }}
+ timeout check {{ checktimeout(proxy.get('timeout', {}).get('check', '10s')) }}
{%- if proxy.get('listen') is mapping and proxy.listen.admin_page is defined and proxy.listen.admin_page.user is defined %}
@@ -169,7 +173,7 @@
mode {{ listen.mode|default('tcp') }}
balance {{ listen.balance|default('roundrobin') }}
{%- for ttype, timeout in listen.get('timeout', {}).iteritems() %}
- timeout {{ ttype }} {{ timeout }}
+ timeout {{ ttype }} {{ checktimeout(timeout) }}
{%- endfor %}
{%- for aclname, acl in listen.get('acl', {}).iteritems() %}
acl {{ aclname }} {{ acl }}
@@ -263,7 +267,7 @@
{%- if stick_table_found.val %}
stick-table type {{ listen.rate_limit.get('type', 'string') }} {%- if listen.rate_limit.len is defined and listen.rate_limit.type in ['string', 'binary'] %} len {{ listen.rate_limit.len }}{%- endif %} size {{ listen.rate_limit.get('size', '100k') }} store gpc0_rate({{ listen.rate_limit.get('duration', '60s') }})
{%- endif %}
- timeout tarpit {{ listen.rate_limit.get('tarpit_timeout', '2s') }}
+ timeout tarpit {{ checktimeout(listen.rate_limit.get('tarpit_timeout', '2s')) }}
errorfile 500 /etc/haproxy/errors/429.http11
http-request tarpit
{%- endif %}
@@ -344,7 +348,7 @@
{%- if listen.rate_limit is defined and listen.rate_limit.get('enabled', False) %}
backend {{ listen_name }}-rate_limit
- timeout tarpit {{ listen.rate_limit.get('tarpit_timeout', '2s') }}
+ timeout tarpit {{ checktimeout(listen.rate_limit.get('tarpit_timeout', '2s')) }}
errorfile 500 /etc/haproxy/errors/429.http11
http-request tarpit
{%- endif %}
diff --git a/tests/pillar/single_general_service.sls b/tests/pillar/single_general_service.sls
index 244655c..578f07c 100644
--- a/tests/pillar/single_general_service.sls
+++ b/tests/pillar/single_general_service.sls
@@ -10,6 +10,10 @@
3: 2
4: 3
stats_bind_process: "1 2"
+ timeout:
+ connect: 5000ms
+ client: 50000ms
+ server: 50000ms
listen:
glance_registry:
binds: