konevsa/haproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

REGTEST: Add scripts to test based tcp-check health-checks

Browse Source 
These scripts have been added to validate the health-checks based on tcp-check
rules (http, redis, MySQL...).
This commit is contained in:
Christopher Faulet 2020-04-22 15:16:58 +02:00
parent 6d47121ddc
commit aec7f76af8
10 changed files with 927 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
reg-tests/checks/http-check-send.vtc
View File

@ -1,5 +1,5 @@
varnishtest "Health-checks: http-check send test"
#REGTEST_TYPE=slow
feature ignore_unknown_macro
# This script tests HTTP health-checks and more particularly the "http-check

129
reg-tests/checks/http-check.vtc Normal file
View File

@ -0,0 +1,129 @@
varnishtest "Health-checks: some http-check tests"
feature ignore_unknown_macro
#REQUIRE_VERSION=2.2
#REGTEST_TYPE=slow
# This script tests HTTP health-checks.
server s1 {
rxreq
expect req.method == OPTIONS
expect req.url == /
expect req.proto == HTTP/1.0
txresp
} -start
server s2 {
rxreq
expect req.method == GET
expect req.url == /status
expect req.proto == HTTP/1.1
txresp
} -start
server s3 {
rxreq
expect req.method == GET
expect req.url == /status
expect req.proto == HTTP/1.1
txresp
} -start
server s4 {
rxreq
expect req.method == GET
expect req.url == /req1
expect req.proto == HTTP/1.1
expect req.http.x-test == "server=srv"
expect req.http.x-haproxy-server-state ~ "UP.+name=be4/srv"
expect req.bodylen == 0
txresp
accept
rxreq
expect req.method == GET
expect req.url == /req2
expect req.proto == HTTP/1.1
expect req.http.x-test == "server="
expect req.http.x-haproxy-server-state ~ "UP.+name=be4/srv"
expect req.http.content-length == 17
expect req.bodylen == 17
expect req.body == "health-check body"
txresp
accept
rxreq
expect req.method == GET
expect req.url == /req3
expect req.proto == HTTP/1.0
expect req.http.x-test == <undef>
expect req.http.x-haproxy-server-state ~ "UP.+name=be4/srv"
expect req.bodylen == 0
txresp
} -start
syslog S1 -level notice {
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be[0-9]+ started."
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be[0-9]+ started."
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be[0-9]+ started."
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be[0-9]+ started."
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be[0-9]/srv succeeded.*code: 200"
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be[0-9]/srv succeeded.*code: 200"
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be[0-9]/srv succeeded.*code: 200"
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be[0-9]/srv succeeded.*code: 200"
} -start
haproxy h1 -conf {
defaults
mode http
timeout client 1s
timeout server 1s
timeout connect 100ms
option log-health-checks
backend be1
log ${S1_addr}:${S1_port} len 2048 local0
option httpchk
server srv ${s1_addr}:${s1_port} check inter 100ms rise 1 fall 1
backend be2
log ${S1_addr}:${S1_port} len 2048 local0
option httpchk GET /status HTTP/1.1
server srv ${s2_addr}:${s2_port} check inter 100ms rise 1 fall 1
backend be3
log ${S1_addr}:${S1_port} len 2048 local0
option httpchk
http-check send meth GET uri /status vsn HTTP/1.1
server srv ${s3_addr}:${s3_port} check inter 100ms rise 1 fall 1
backend be4
mode tcp
log ${S1_addr}:${S1_port} len 2048 local0
option httpchk
http-check send-state
http-check connect addr ${s4_addr}:${s4_port}
http-check set-var(check.server) "str(srv)"
http-check send meth GET uri /req1 vsn HTTP/1.1 hdr x-test "server=%[var(check.server)]"
http-check expect status 200
http-check connect addr ${s4_addr} port ${s4_port}
http-check unset-var(check.server)
http-check send meth GET uri /req2 vsn HTTP/1.1 hdr x-test "server=%[var(check.server)]" body "health-check body"
http-check expect rstatus "^2[0-9]{2}"
http-check connect addr ${s4_addr} port ${s4_port}
http-check send meth GET uri /req3
## implicit expect rule
server srv ${s1_addr}:${s1_port} check inter 100ms rise 1 fall 1
} -start
syslog S1 -wait

83
reg-tests/checks/ldap-check.vtc Normal file
View File

@ -0,0 +1,83 @@
varnishtest "Health-checks: LDAP health-check"
#REQUIRE_VERSION=2.2
#REGTEST_TYPE=slow
feature ignore_unknown_macro
# This scripts tests health-checks for LDAP application, enabled using
# "option ldap-check" line. A intermediate listener is used to validate
# the request because it is impossible with VTEST to read and match raw
# text.
server s1 {
recv 14
sendhex "300C020101 61 070A01 00 04000400"
} -start
server s2 {
recv 14
sendhex "300C020101 60 070A01 00 04000400"
} -start
server s3 {
recv 14
sendhex "300C020101 61 070A01 01 04000400"
} -start
syslog S1 -level notice {
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be1 started."
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be1/srv succeeded, reason: Layer7 check passed.+info: \"Success\".+check duration: [[:digit:]]+ms, status: 1/1 UP."
} -start
syslog S2 -level notice {
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be2 started."
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be2/srv failed, reason: Layer7 invalid response.+info: \"Not LDAPv3 protocol\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN."
} -start
syslog S3 -level notice {
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be3 started."
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be3/srv failed, reason: Layer7 wrong status.+code: 1.+info: \"See RFC: http://tools.ietf.org/html/rfc4511#section-4.1.9\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN."
} -start
haproxy h1 -conf {
defaults
mode tcp
timeout client 1s
timeout server 1s
timeout connect 100ms
backend be1
log ${S1_addr}:${S1_port} daemon
option log-health-checks
option ldap-check
server srv ${h1_ldap1_addr}:${h1_ldap1_port} check inter 1s rise 1 fall 1
backend be2
log ${S2_addr}:${S2_port} daemon
option log-health-checks
option ldap-check
server srv ${s2_addr}:${s2_port} check inter 1s rise 1 fall 1
backend be3
log ${S3_addr}:${S3_port} daemon
option log-health-checks
option ldap-check
server srv ${s3_addr}:${s3_port} check inter 1s rise 1 fall 1
listen ldap1
bind "fd@${ldap1}"
tcp-request inspect-delay 100ms
tcp-request content accept if { req.len eq 14 } { req.payload(0,14) -m bin "300C020101600702010304008000" }
tcp-request content reject
server srv ${s1_addr}:${s1_port}
} -start
syslog S1 -wait
syslog S2 -wait
syslog S3 -wait

133
reg-tests/checks/mysql-check.vtc Normal file
View File

@ -0,0 +1,133 @@
varnishtest "Health-checks: MySQL health-check"
#REQUIRE_VERSION=2.2
#REGTEST_TYPE=slow
feature ignore_unknown_macro
# This scripts tests health-checks for MySQL application, enabled using
# "option mysql-check" line. A intermediate listener is used to validate
# the request because it is impossible with VTEST to read and match raw
# text.
server s1 {
sendhex "4A0000000A382E302E3139000A0000006F3C025E6249410D00FFFFFF0200FFC715000000000000000000007C182159106E2761144322200063616368696E675F736861325F70617373776F726400"
expect_close
} -start
server s2 {
sendhex "4A0000000A382E302E3139000A0000006F3C025E6249410D00FFFFFF0200FFC715000000000000000000007C182159106E2761144322200063616368696E675F736861325F70617373776F726400"
recv 20
sendhex "03000002000000"
} -start
server s3 {
sendhex "4A0000000A382E302E3139000A0000006F3C025E6249410D00FFFFFF0200FFC715000000000000000000007C182159106E2761144322200063616368696E675F736861325F70617373776F726400"
recv 47
sendhex "0700000200000002000000"
} -start
server s4 {
sendhex "4A0000000A382E302E3139000A0000006F3C025E6249410D00FFFFFF0200FFC715000000000000000000007C182159106E2761144322200063616368696E675F736861325F70617373776F726400"
recv 21
sendhex "67000002FFE304436C69656E7420646F6573206E6F7420737570706F72742061757468656E7469636174696F6E2070726F746F636F6C20726571756573746564206279207365727665723B20636F6E736964657220757067726164696E67204D7953514C20636C69656E74"
} -start
server s5 {
sendhex "4A0000000A382E302E3139000A0000006F3C025E6249410D00FFFFFF0200FFC715000000000000000000007C182159106E2761144322200063616368696E675F736861325F70617373776F726400"
recv 48
sendhex "67000002FFE304436C69656E7420646F6573206E6F7420737570706F72742061757468656E7469636174696F6E2070726F746F636F6C20726571756573746564206279207365727665723B20636F6E736964657220757067726164696E67204D7953514C20636C69656E74"
} -start
syslog S1 -level notice {
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be1 started."
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be1/srv succeeded, reason: Layer7 check passed.+info: \"8.0.19\".+check duration: [[:digit:]]+ms, status: 1/1 UP."
} -start
syslog S2 -level notice {
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be2 started."
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be2/srv succeeded, reason: Layer7 check passed.+info: \"8.0.19\".+check duration: [[:digit:]]+ms, status: 1/1 UP."
} -start
syslog S3 -level notice {
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be3 started."
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be3/srv succeeded, reason: Layer7 check passed.+info: \"8.0.19\".+check duration: [[:digit:]]+ms, status: 1/1 UP."
} -start
syslog S4 -level notice {
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be4 started."
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be4/srv failed, reason: Layer7 wrong status.+code: 1251.+info: \"Client does not support authentication protocol requested by server; consider upgrading MySQL client\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN."
} -start
syslog S5 -level notice {
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be5 started."
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be5/srv failed, reason: Layer7 wrong status.+code: 1251.+info: \"Client does not support authentication protocol requested by server; consider upgrading MySQL client\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN."
} -start
haproxy h1 -conf {
defaults
mode tcp
timeout client 1s
timeout server 1s
timeout connect 100ms
backend be1
log ${S1_addr}:${S1_port} daemon
option log-health-checks
option mysql-check
server srv ${s1_addr}:${s1_port} check inter 1s rise 1 fall 1
backend be2
log ${S2_addr}:${S2_port} daemon
option log-health-checks
option mysql-check user user
server srv ${h1_mysql1_addr}:${h1_mysql1_port} check inter 1s rise 1 fall 1
backend be3
log ${S3_addr}:${S3_port} daemon
option log-health-checks
option mysql-check user user post-41
server srv ${h1_mysql2_addr}:${h1_mysql2_port} check inter 1s rise 1 fall 1
backend be4
log ${S4_addr}:${S4_port} daemon
option log-health-checks
option mysql-check user pouet
server srv ${s4_addr}:${s4_port} check inter 1s rise 1 fall 1
backend be5
log ${S5_addr}:${S5_port} daemon
option log-health-checks
option mysql-check user pouet post-41
server srv ${s5_addr}:${s5_port} check inter 1s rise 1 fall 1
listen mysql1
bind "fd@${mysql1}"
tcp-request inspect-delay 100ms
tcp-request content accept if { req.len eq 20 } { req.payload(0,20) -m bin "0B00000100800000017573657200000100000001" }
tcp-request content reject
server srv ${s2_addr}:${s2_port}
listen mysql2
bind "fd@${mysql2}"
tcp-request inspect-delay 100ms
tcp-request content accept if { req.len eq 47 } { req.payload(0,47) -m bin "2600000100820000008000012100000000000000000000000000000000000000000000007573657200000100000001" }
tcp-request content reject
server srv ${s3_addr}:${s3_port}
} -start
syslog S1 -wait
syslog S2 -wait
syslog S3 -wait
syslog S4 -wait
syslog S5 -wait

83
reg-tests/checks/pgsql-check.vtc Normal file
View File

@ -0,0 +1,83 @@
varnishtest "Health-checks: PostgreSQL health-check"
#REQUIRE_VERSION=2.2
#REGTEST_TYPE=slow
feature ignore_unknown_macro
# This scripts tests health-checks for PostgreSQL application, enabled using
# "option pgsql-check" line. A intermediate listener is used to validate
# the request because it is impossible with VTEST to read and match raw
# text.
server s1 {
recv 23
sendhex "520000000800000000"
} -start
server s2 {
recv 23
sendhex "450000000B53464154414C00"
} -start
server s3 {
recv 23
send "Not a PostgreSQL response"
} -start
syslog S1 -level notice {
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be1 started."
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be1/srv succeeded, reason: Layer7 check passed.+info: \"PostgreSQL server is ok\".+check duration: [[:digit:]]+ms, status: 1/1 UP."
} -start
syslog S2 -level notice {
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be2 started."
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be2/srv failed, reason: Layer7 invalid response.+info: \"FATAL\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN."
} -start
syslog S3 -level notice {
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be3 started."
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be3/srv failed, reason: Layer7 wrong status.+info: \"PostgreSQL unknown error\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN."
} -start
haproxy h1 -conf {
defaults
mode tcp
timeout client 1s
timeout server 1s
timeout connect 100ms
backend be1
log ${S1_addr}:${S1_port} daemon
option log-health-checks
option pgsql-check user postgres
server srv ${h1_pgsql_addr}:${h1_pgsql_port} check inter 1s rise 1 fall 1
backend be2
log ${S2_addr}:${S2_port} daemon
option log-health-checks
option pgsql-check user postgres
server srv ${s2_addr}:${s2_port} check inter 1s rise 1 fall 1
backend be3
log ${S3_addr}:${S3_port} daemon
option log-health-checks
option pgsql-check user postgres
server srv ${s3_addr}:${s3_port} check inter 1s rise 1 fall 1
listen pgsql1
bind "fd@${pgsql}"
tcp-request inspect-delay 100ms
tcp-request content accept if { req.len eq 23 } { req.payload(0,23) -m bin "00000017000300007573657200706f7374677265730000" }
tcp-request content reject
server srv ${s1_addr}:${s1_port}
} -start
syslog S1 -wait
syslog S2 -wait
syslog S3 -wait

65
reg-tests/checks/redis-check.vtc Normal file
View File

@ -0,0 +1,65 @@
varnishtest "Health-checks: Redis health-check"
#REQUIRE_VERSION=2.2
#REGTEST_TYPE=slow
feature ignore_unknown_macro
# This scripts tests health-checks for Redis application, enabled using
# "option redis-check" line. A intermediate listener is used to validate
# the request because it is impossible with VTEST to read and match raw
# text.
server s1 {
recv 14
send "+PONG\r\n"
} -start
server s2 {
recv 14
send "-Error message\r\n"
} -start
syslog S1 -level notice {
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be1 started."
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be1/srv succeeded, reason: Layer7 check passed.+info: \"Redis server is ok\".+check duration: [[:digit:]]+ms, status: 1/1 UP."
} -start
syslog S2 -level notice {
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be2 started."
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be2/srv failed, reason: Layer7 wrong status.+info: \"-Error message\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN."
} -start
haproxy h1 -conf {
defaults
mode tcp
timeout client 1s
timeout server 1s
timeout connect 100ms
backend be1
log ${S1_addr}:${S1_port} daemon
option log-health-checks
option redis-check
server srv ${h1_redis_addr}:${h1_redis_port} check inter 1s rise 1 fall 1
backend be2
log ${S2_addr}:${S2_port} daemon
option log-health-checks
option redis-check
server srv ${s2_addr}:${s2_port} check inter 1s rise 1 fall 1
listen redis1
bind "fd@${redis}"
tcp-request inspect-delay 100ms
tcp-request content accept if { req.len eq 14 } { req.payload(0,14) -m str "*1\r\n\$4\r\nPING\r\n" }
tcp-request content reject
server srv ${s1_addr}:${s1_port}
} -start
syslog S1 -wait
syslog S2 -wait

116
reg-tests/checks/smtp-check.vtc Normal file
View File

@ -0,0 +1,116 @@
varnishtest "Health-checks: SMTP health-check"
#REQUIRE_VERSION=2.2
#REGTEST_TYPE=slow
feature ignore_unknown_macro
# This scripts tests health-checks for SMTP servers, enabled using
# "option smtpchk" line.
server s1 {
send "220 smtp-check.vtc SMTP Server\r\n"
recv 16
send "250 smtp-check.vtc\r\n"
} -start
server s2 {
send "220 smtp-check.vtc SMTP Server\r\n"
recv 17
send "250-smtp-check.vtc\r\n"
send "250-KEYWORD\r\n"
send "250 LAST KEYWORD\r\n"
} -start
server s3 {
send "I'm not a SMTP server\r\n"
} -start
server s4 {
send "421 Try again later\r\n"
} -start
server s5 {
send "220 smtp-check.vtc SMTP Server\r\n"
recv 16
send "512 DNS error\r\n"
} -start
syslog S1 -level notice {
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be1 started."
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be1/srv succeeded, reason: Layer7 check passed.+code: 250.+info: \"smtp-check.vtc\".+check duration: [[:digit:]]+ms, status: 1/1 UP."
} -start
syslog S2 -level notice {
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be2 started."
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be2/srv succeeded, reason: Layer7 check passed.+code: 250.+info: \"smtp-check.vtc\".+check duration: [[:digit:]]+ms, status: 1/1 UP."
} -start
syslog S3 -level notice {
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be3 started."
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be3/srv failed, reason: Layer7 invalid response.+info: \"I'm not a SMTP server\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN."
} -start
syslog S4 -level notice {
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be4 started."
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be4/srv failed, reason: Layer7 wrong status.+code: 421.+info: \"Try again later\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN."
} -start
syslog S5 -level notice {
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be5 started."
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be5/srv failed, reason: Layer7 wrong status.+code: 512.+info: \"DNS error\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN."
} -start
haproxy h1 -conf {
defaults
mode tcp
timeout client 1s
timeout server 1s
timeout connect 100ms
backend be1
log ${S1_addr}:${S1_port} daemon
option log-health-checks
option smtpchk
server srv ${s1_addr}:${s1_port} check inter 1s rise 1 fall 1
backend be2
log ${S2_addr}:${S2_port} daemon
option log-health-checks
option smtpchk EHLO domain.tld
server srv ${s2_addr}:${s2_port} check inter 1s rise 1 fall 1
backend be3
log ${S3_addr}:${S3_port} daemon
option log-health-checks
option smtpchk
server srv ${s3_addr}:${s3_port} check inter 1s rise 1 fall 1
backend be4
log ${S4_addr}:${S4_port} daemon
option log-health-checks
option smtpchk
server srv ${s4_addr}:${s4_port} check inter 1s rise 1 fall 1
backend be5
log ${S5_addr}:${S5_port} daemon
option log-health-checks
option smtpchk EHLO domain.tld
server srv ${s5_addr}:${s5_port} check inter 1s rise 1 fall 1
} -start
syslog S1 -wait
syslog S2 -wait
syslog S3 -wait
syslog S4 -wait
syslog S5 -wait

102
reg-tests/checks/spop-check.vtc Normal file
View File

@ -0,0 +1,102 @@
varnishtest "Health-checks: SPOP health-check"
#REQUIRE_VERSION=2.2
#REGTEST_TYPE=slow
feature ignore_unknown_macro
# This scripts tests health-checks for SPOE agent, enabled using
# "option spop-check" line. A intermediate listener is used to validate
# the request because it is impossible with VTEST to read and match raw
# text.
server s1 {
recv 82
sendhex "00000036 65 00000001 0000 0776657273696F6E 0803322E30 0E6D61782D6672616D652D73697A65 03FCF0 060C6361706162696C6974696573 0800"
} -start
server s2 {
recv 82
sendhex "00000000"
} -start
server s3 {
recv 82
sendhex "00000007 65 00000000 0000"
} -start
server s4 {
recv 82
sendhex "00000014 65 00000001 0000 0776657273696F6E 0803312E30"
} -start
syslog S1 -level notice {
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be1 started."
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be1/srv succeeded, reason: Layer7 check passed.+info: \"SPOA server is ok\".+check duration: [[:digit:]]+ms, status: 1/1 UP."
} -start
syslog S2 -level notice {
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be2 started."
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be2/srv failed, reason: Layer7 invalid response.+info: \"invalid frame received\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN."
} -start
syslog S3 -level notice {
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be3 started."
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be3/srv failed, reason: Layer7 invalid response.+info: \"fragmentation not supported\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN."
} -start
syslog S4 -level notice {
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be4 started."
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be4/srv failed, reason: Layer7 invalid response.+info: \"unsupported version\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN."
} -start
haproxy h1 -conf {
defaults
mode tcp
timeout client 1s
timeout server 1s
timeout connect 100ms
backend be1
log ${S1_addr}:${S1_port} daemon
option log-health-checks
option spop-check
server srv ${h1_spop1_addr}:${h1_spop1_port} check inter 1s rise 1 fall 1
backend be2
log ${S2_addr}:${S2_port} daemon
option log-health-checks
option spop-check
server srv ${s2_addr}:${s2_port} check inter 1s rise 1 fall 1
backend be3
log ${S3_addr}:${S3_port} daemon
option log-health-checks
option spop-check
server srv ${s3_addr}:${s3_port} check inter 1s rise 1 fall 1
backend be4
log ${S4_addr}:${S4_port} daemon
option log-health-checks
option spop-check
server srv ${s4_addr}:${s4_port} check inter 1s rise 1 fall 1
listen spop1
bind "fd@${spop1}"
tcp-request inspect-delay 100ms
tcp-request content accept if { req.len eq 82 } { req.payload(0,4) -m bin "0000004E" } #{ req.payload(4,4) -m bin "00000001" } { req.payload(8,2) -m bin "0000" } { req.payload(12,17) -m str "supported-version" }
tcp-request content reject
server srv ${s1_addr}:${s1_port}
} -start
syslog S1 -wait
syslog S2 -wait
syslog S3 -wait
syslog S4 -wait

82
reg-tests/checks/ssl-hello-check.vtc Normal file
View File

@ -0,0 +1,82 @@
varnishtest "Health-checks: ssl-hello health-check"
#REQUIRE_OPTION=OPENSSL
#REQUIRE_VERSION=2.2
#REGTEST_TYPE=slow
feature ignore_unknown_macro
# This scripts tests health-checks for SSL application, enabled using
# "option ssl-hello-chk" line.
syslog S1 -level notice {
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be1 started."
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be1/srv succeeded, reason: Layer6 check passed.+check duration: [[:digit:]]+ms, status: 1/1 UP."
} -start
syslog S2 -level notice {
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be2 started."
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be2/srv failed, reason: Layer6 invalid response.+info: \"TCPCHK got an empty response at step 2\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN."
} -start
syslog S3 -level notice {
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be3 started."
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be3/srv failed, reason: Layer6 invalid response.+check duration: [[:digit:]]+ms, status: 0/1 DOWN."
} -start
haproxy htst -conf {
global
tune.ssl.default-dh-param 2048
defaults
mode tcp
timeout client 1s
timeout server 1s
timeout connect 100ms
frontend fe1
bind "fd@${fe1}" ssl crt ${testdir}/common.pem
frontend fe2
bind "fd@${fe2}"
frontend fe3
mode http
bind "fd@${fe3}"
} -start
haproxy h1 -conf {
defaults
mode tcp
timeout client 1s
timeout server 1s
timeout connect 100ms
backend be1
log ${S1_addr}:${S1_port} daemon
option log-health-checks
option ssl-hello-chk
server srv ${htst_fe1_addr}:${htst_fe1_port} check inter 1s rise 1 fall 1
backend be2
log ${S2_addr}:${S2_port} daemon
option log-health-checks
option ssl-hello-chk
server srv ${htst_fe2_addr}:${htst_fe2_port} check inter 1s rise 1 fall 1
backend be3
log ${S3_addr}:${S3_port} daemon
option log-health-checks
option ssl-hello-chk
server srv ${htst_fe3_addr}:${htst_fe3_port} check inter 1s rise 1 fall 1
} -start
syslog S1 -wait
syslog S2 -wait
syslog S3 -wait

133
reg-tests/checks/tcp-check-ssl.vtc Normal file
View File

@ -0,0 +1,133 @@
varnishtest "Health-checks: tcp-check health-check with ssl options"
#REQUIRE_OPTION=OPENSSL
#REQUIRE_VERSION=2.2
#REGTEST_TYPE=slow
feature ignore_unknown_macro
syslog S_ok -level notice {
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be[0-9]+ started."
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be[0-9]+ started."
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be[0-9]+ started."
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be[0-9]+ started."
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be[0-9]+ started."
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be[0-9]+/srv succeeded, reason: Layer6 check passed.+check duration: [[:digit:]]+ms, status: 1/1 UP."
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be[0-9]+/srv succeeded, reason: Layer6 check passed.+check duration: [[:digit:]]+ms, status: 1/1 UP."
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be[0-9]+/srv succeeded, reason: Layer6 check passed.+check duration: [[:digit:]]+ms, status: 1/1 UP."
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be[0-9]+/srv succeeded, reason: Layer6 check passed.+check duration: [[:digit:]]+ms, status: 1/1 UP."
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be[0-9]+/srv succeeded, reason: Layer6 check passed.+check duration: [[:digit:]]+ms, status: 1/1 UP."
} -start
syslog S3 -level notice {
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be3 started."
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be3/srv failed, reason: Layer6 invalid response.+info: \"SSL handshake failure\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN."
} -start
syslog S4 -level notice {
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be4 started."
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be4/srv failed, reason: Layer6 invalid response.+info: \"SSL handshake failure at step 1 of tcp-check \\(connect\\)\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN."
} -start
haproxy htst -conf {
global
tune.ssl.default-dh-param 2048
defaults
mode tcp
timeout client 1s
timeout server 1s
timeout connect 100ms
listen li1
bind "fd@${li1}"
tcp-request inspect-delay 100ms
tcp-request content reject if { req.ssl_hello_type 0 }
tcp-request content accept if { req.ssl_sni check.haproxy.org }
tcp-request content accept if { req.ssl_sni connect.haproxy.org }
tcp-request content reject
server fe1 ${htst_fe1_addr}:${htst_fe1_port}
listen li2
bind "fd@${li2}"
tcp-request inspect-delay 100ms
tcp-request content reject if { req.ssl_hello_type 0 }
tcp-request content accept if { req.ssl_alpn h2 }
tcp-request content accept if { req.ssl_alpn http/1.1 }
tcp-request content reject
server fe1 ${htst_fe1_addr}:${htst_fe1_port}
frontend fe1
bind "fd@${fe1}" ssl crt ${testdir}/common.pem
} -start
haproxy h1 -conf {
defaults
mode tcp
timeout client 1s
timeout server 1s
timeout connect 100ms
backend be1
log ${S_ok_addr}:${S_ok_port} daemon
option log-health-checks
server srv ${htst_li1_addr}:${htst_li1_port} check check-ssl check-sni check.haproxy.org inter 1s rise 1 fall 1 verify none
backend be2
log ${S_ok_addr}:${S_ok_port} daemon
option log-health-checks
option tcp-check
tcp-check connect ssl sni connect.haproxy.org
server srv ${htst_li1_addr}:${htst_li1_port} check inter 1s rise 1 fall 1 verify none
backend be3
log ${S3_addr}:${S3_port} daemon
option log-health-checks
server srv ${htst_li1_addr}:${htst_li1_port} check check-ssl check-sni bad.haproxy.org inter 1s rise 1 fall 1 verify none
backend be4
log ${S4_addr}:${S4_port} daemon
option log-health-checks
option tcp-check
tcp-check connect ssl sni bad.haproxy.org
server srv ${htst_li1_addr}:${htst_li1_port} check inter 1s rise 1 fall 1 verify none
backend be5
log ${S_ok_addr}:${S_ok_port} daemon
option log-health-checks
option tcp-check
tcp-check connect default
server srv ${htst_li1_addr}:${htst_li1_port} check check-ssl check-sni check.haproxy.org inter 1s rise 1 fall 1 verify none
backend be6
log ${S_ok_addr}:${S_ok_port} daemon
option log-health-checks
server srv ${htst_li2_addr}:${htst_li2_port} check check-ssl check-alpn "h2,http/1.1" inter 1s rise 1 fall 1 verify none
backend be7
log ${S_ok_addr}:${S_ok_port} daemon
option log-health-checks
option tcp-check
tcp-check connect ssl alpn "h2,http/1.1"
server srv ${htst_li2_addr}:${htst_li2_port} check inter 1s rise 1 fall 1 verify none
} -start
syslog S_ok -wait
syslog S3 -wait
syslog S4 -wait