airship/promenade
Code Issues Proposed changes

(haproxy) Add rationality check to config

Browse Source 
- When the anchor provides a new haproxy config file
  to the running haproxy, add a reasonable check that
  the new config is valid:
    - Is it a valid config file per haproxy
    - Does it contain the expected number of frontends

- Update helm version for linting to 2.14.1

Change-Id: I7a49deb372831c44f05c7baa870735c515519cb2
This commit is contained in:
Hussey, Scott (sh8121) 2019-06-07 16:29:07 -05:00
parent 3714064734
commit 41e21e1a6e
3 changed files with 45 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
charts/haproxy/templates/bin/_anchor.tpl
View File

@ -29,6 +29,8 @@ compare_copy_files() {
{{- end }}
}
{{ $fe_count := 0 }}
install_config() {
SUCCESS=1
# Inject global and default config
@ -37,6 +39,8 @@ install_config() {
{{- range $namespace, $services := $envAll.Values.conf.anchor.services }}
{{- range $service, $svc_data := $services }}
{{- $fe_count = add $fe_count 1 }}
echo Constructing config for namespace=\"{{ $namespace }}\" service=\"{{ $service }}\"
# NOTE(mark-burnett): Don't accidentally log service account token.
@ -98,10 +102,14 @@ install_config() {
if [ $SUCCESS = 1 ]; then
mkdir -p $(dirname "$HAPROXY_CONF")
if ! cmp -s "$HAPROXY_CONF" "$NEXT_HAPROXY_CONF"; then
echo Replacing HAProxy config file "$HAPROXY_CONF" with:
cat "$NEXT_HAPROXY_CONF"
echo
mv "$NEXT_HAPROXY_CONF" "$HAPROXY_CONF"
if validate_config "$NEXT_HAPROXY_CONF"; then
echo Replacing HAProxy config file "$HAPROXY_CONF" with:
cat "$NEXT_HAPROXY_CONF"
echo
mv "$NEXT_HAPROXY_CONF" "$HAPROXY_CONF"
else
echo "New config failed validation, refusing to replace."
fi
else
echo HAProxy config file unchanged.
fi
@ -109,6 +117,20 @@ install_config() {
fi
}
validate_config() {
file="$1"
expected_fe="{{- $fe_count -}}"
count=$(grep -c -E "^frontend" "$file")
if [ $count -ne $expected_fe ]; then
echo "Found only $count frontends in config, expected $expected_fe."
return 1
else
return 0
fi
}
cleanup() {
cleanup_message_file=$(dirname "$HAPROXY_CONF")/cleanup
backup_dir=$(dirname "$HAPROXY_CONF")/backup

32
charts/haproxy/templates/etc/_haproxy.yaml.tpl
View File

@ -63,24 +63,28 @@ spec:
set +x
while true; do
if ! cmp -s "$HAPROXY_CONF" "$LIVE_HAPROXY_CONF"; then
echo vvv Replacing old config vvv
cat "$LIVE_HAPROXY_CONF"
echo
if ! haproxy -c -f "$HAPROXY_CONF"; then
echo New config file appears invalid, refusing to replace.
else
echo vvv Replacing old config vvv
cat "$LIVE_HAPROXY_CONF"
echo
echo vvv With new config vvv
cat "$HAPROXY_CONF"
echo
echo vvv With new config vvv
cat "$HAPROXY_CONF"
echo
cat "$HAPROXY_CONF" > "$LIVE_HAPROXY_CONF"
cat "$HAPROXY_CONF" > "$LIVE_HAPROXY_CONF"
# NOTE(mark-burnett): sleep for clearer log output
sleep 1
# NOTE(mark-burnett): sleep for clearer log output
sleep 1
set -x
haproxy -D -f "$LIVE_HAPROXY_CONF" -p /tmp/haproxy.pid \
-x /tmp/haproxy.sock \
-sf $(cat /tmp/haproxy.pid)
set +x
set -x
haproxy -D -f "$LIVE_HAPROXY_CONF" -p /tmp/haproxy.pid \
-x /tmp/haproxy.sock \
-sf $(cat /tmp/haproxy.pid)
set +x
fi
fi
sleep {{ .Values.conf.haproxy.period }}
done

2
tools/helm_install.sh
View File

@ -17,7 +17,7 @@
set -x
HELM=$1
HELM_ARTIFACT_URL=${HELM_ARTIFACT_URL:-"https://storage.googleapis.com/kubernetes-helm/helm-v2.14.0-linux-amd64.tar.gz"}
HELM_ARTIFACT_URL=${HELM_ARTIFACT_URL:-"https://storage.googleapis.com/kubernetes-helm/helm-v2.14.1-linux-amd64.tar.gz"}
function install_helm_binary {