mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2025-08-07 15:47:01 +02:00
REGTESTS: server: test SSL/PROXY with checks for dynamic servers
Complete the dynamic servers regtest to ensure there is no implicit interaction for checks and SSL/PROXY server settings.
This commit is contained in:
Amaury Denoyelle
parent
7d098bea2b
commit
3881e1775d
@ -48,6 +48,18 @@ syslog S1 -level notice {
|
|||||||
|
|
||||||
barrier b1 sync
|
barrier b1 sync
|
||||||
barrier b2 sync
|
barrier b2 sync
|
||||||
|
|
||||||
|
recv
|
||||||
|
expect ~ ".*Server be1/s4 is UP/READY \\(leaving forced maintenance\\)."
|
||||||
|
recv
|
||||||
|
expect ~ "Health check for server be1/s4 failed"
|
||||||
|
|
||||||
|
barrier b1 sync
|
||||||
|
|
||||||
|
recv
|
||||||
|
expect ~ ".*Server be1/s5 is UP/READY \\(leaving forced maintenance\\)."
|
||||||
|
recv
|
||||||
|
expect ~ "Health check for server be1/s5 succeeded."
|
||||||
} -start
|
} -start
|
||||||
|
|
||||||
haproxy h1 -conf {
|
haproxy h1 -conf {
|
||||||
@ -58,6 +70,11 @@ haproxy h1 -conf {
|
|||||||
option log-health-checks
|
option log-health-checks
|
||||||
option httpchk GET /
|
option httpchk GET /
|
||||||
log ${S1_addr}:${S1_port} daemon
|
log ${S1_addr}:${S1_port} daemon
|
||||||
|
|
||||||
|
frontend fe-proxy
|
||||||
|
mode http
|
||||||
|
bind "fd@${hapsrv}" accept-proxy
|
||||||
|
http-request return status 200
|
||||||
} -start
|
} -start
|
||||||
|
|
||||||
# check on a functional server
|
# check on a functional server
|
||||||
@ -117,4 +134,28 @@ haproxy h1 -cli {
|
|||||||
expect ~ "Server deleted."
|
expect ~ "Server deleted."
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# check PROXY protocol interaction with checks
|
||||||
|
haproxy h1 -cli {
|
||||||
|
# no explicit check-send-proxy
|
||||||
|
# The health check should failed.
|
||||||
|
send "add server be1/s4 ${h1_hapsrv_addr}:${h1_hapsrv_port} send-proxy check rise 1 fall 1"
|
||||||
|
expect ~ "New server registered."
|
||||||
|
|
||||||
|
send "enable server be1/s4"
|
||||||
|
expect ~ ".*"
|
||||||
|
send "enable health be1/s4"
|
||||||
|
expect ~ ".*"
|
||||||
|
|
||||||
|
barrier b1 sync
|
||||||
|
|
||||||
|
# explicit check-send-proxy : health check should succeeded
|
||||||
|
send "add server be1/s5 ${h1_hapsrv_addr}:${h1_hapsrv_port} send-proxy check rise 1 fall 1 check-send-proxy"
|
||||||
|
expect ~ "New server registered."
|
||||||
|
|
||||||
|
send "enable server be1/s5"
|
||||||
|
expect ~ ".*"
|
||||||
|
send "enable health be1/s5"
|
||||||
|
expect ~ ".*"
|
||||||
|
}
|
||||||
|
|
||||||
syslog S1 -wait
|
syslog S1 -wait
|
||||||
|
|||||||
@ -5,6 +5,24 @@ feature cmd "$HAPROXY_PROGRAM -cc 'feature(OPENSSL)'"
|
|||||||
feature cmd "command -v socat"
|
feature cmd "command -v socat"
|
||||||
feature ignore_unknown_macro
|
feature ignore_unknown_macro
|
||||||
|
|
||||||
|
barrier b1 cond 2 -cyclic
|
||||||
|
|
||||||
|
syslog S1 -level notice {
|
||||||
|
recv
|
||||||
|
expect ~ ".*Server li-ssl/s1 is UP/READY \\(leaving forced maintenance\\)."
|
||||||
|
recv
|
||||||
|
expect ~ ".*Server li-ssl/s2 is UP/READY \\(leaving forced maintenance\\)."
|
||||||
|
recv
|
||||||
|
expect ~ "Health check for server li-ssl/s2 failed"
|
||||||
|
|
||||||
|
barrier b1 sync
|
||||||
|
|
||||||
|
recv
|
||||||
|
expect ~ ".*Server li-ssl/s3 is UP/READY \\(leaving forced maintenance\\)."
|
||||||
|
recv
|
||||||
|
expect ~ "Health check for server li-ssl/s3 succeeded."
|
||||||
|
} -start
|
||||||
|
|
||||||
haproxy h1 -conf {
|
haproxy h1 -conf {
|
||||||
global
|
global
|
||||||
stats socket "${tmpdir}/h1/stats" level admin
|
stats socket "${tmpdir}/h1/stats" level admin
|
||||||
@ -14,11 +32,14 @@ haproxy h1 -conf {
|
|||||||
timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
|
timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
|
||||||
timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
|
timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
|
||||||
timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
|
timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
|
||||||
|
option log-health-checks
|
||||||
|
option httpchk GET /
|
||||||
|
|
||||||
# proxy to attach a ssl server
|
# proxy to attach a ssl server
|
||||||
listen li-ssl
|
listen li-ssl
|
||||||
bind "fd@${feSsl}"
|
bind "fd@${feSsl}"
|
||||||
balance random
|
balance random
|
||||||
|
log ${S1_addr}:${S1_port} daemon
|
||||||
|
|
||||||
# frontend used to respond to ssl connection
|
# frontend used to respond to ssl connection
|
||||||
frontend fe-ssl-term
|
frontend fe-ssl-term
|
||||||
@ -61,3 +82,29 @@ client c2 -connect ${h1_feSsl_sock} {
|
|||||||
rxresp
|
rxresp
|
||||||
expect resp.status == 200
|
expect resp.status == 200
|
||||||
} -run
|
} -run
|
||||||
|
|
||||||
|
# test interaction between SSL and checks for dynamic servers
|
||||||
|
haproxy h1 -cli {
|
||||||
|
# no explicit check-ssl
|
||||||
|
# The health check should failed.
|
||||||
|
send "add server li-ssl/s2 ${h1_feSslTerm_addr}:${h1_feSslTerm_port} ssl verify none check"
|
||||||
|
expect ~ "New server registered."
|
||||||
|
|
||||||
|
send "enable server li-ssl/s2"
|
||||||
|
expect ~ ".*"
|
||||||
|
send "enable health li-ssl/s2"
|
||||||
|
expect ~ ".*"
|
||||||
|
|
||||||
|
barrier b1 sync
|
||||||
|
|
||||||
|
# explicit check-ssl : health check should succeeded
|
||||||
|
send "add server li-ssl/s3 ${h1_feSslTerm_addr}:${h1_feSslTerm_port} ssl verify none check check-ssl"
|
||||||
|
expect ~ "New server registered."
|
||||||
|
|
||||||
|
send "enable server li-ssl/s3"
|
||||||
|
expect ~ ".*"
|
||||||
|
send "enable health li-ssl/s3"
|
||||||
|
expect ~ ".*"
|
||||||
|
}
|
||||||
|
|
||||||
|
syslog S1 -wait
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user