From: Christopher Faulet Date: Wed, 22 Apr 2020 13:16:58 +0000 (+0200) Subject: REGTEST: Add scripts to test based tcp-check health-checks X-Git-Tag: v2.2-dev7~85 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=aec7f76af835b15bb048a9e9994a0b2154a26b99;p=thirdparty%2Fhaproxy.git REGTEST: Add scripts to test based tcp-check health-checks These scripts have been added to validate the health-checks based on tcp-check rules (http, redis, MySQL...). --- diff --git a/reg-tests/checks/http-check-send.vtc b/reg-tests/checks/http-check-send.vtc index 0b675bdd82..4e6d61f2e8 100644 --- a/reg-tests/checks/http-check-send.vtc +++ b/reg-tests/checks/http-check-send.vtc @@ -1,5 +1,5 @@ varnishtest "Health-checks: http-check send test" - +#REGTEST_TYPE=slow feature ignore_unknown_macro # This script tests HTTP health-checks and more particularly the "http-check diff --git a/reg-tests/checks/http-check.vtc b/reg-tests/checks/http-check.vtc new file mode 100644 index 0000000000..7d8d514428 --- /dev/null +++ b/reg-tests/checks/http-check.vtc @@ -0,0 +1,129 @@ +varnishtest "Health-checks: some http-check tests" +feature ignore_unknown_macro +#REQUIRE_VERSION=2.2 +#REGTEST_TYPE=slow +# This script tests HTTP health-checks. + +server s1 { + rxreq + expect req.method == OPTIONS + expect req.url == / + expect req.proto == HTTP/1.0 + txresp +} -start + +server s2 { + rxreq + expect req.method == GET + expect req.url == /status + expect req.proto == HTTP/1.1 + txresp +} -start + +server s3 { + rxreq + expect req.method == GET + expect req.url == /status + expect req.proto == HTTP/1.1 + txresp +} -start + +server s4 { + rxreq + expect req.method == GET + expect req.url == /req1 + expect req.proto == HTTP/1.1 + expect req.http.x-test == "server=srv" + expect req.http.x-haproxy-server-state ~ "UP.+name=be4/srv" + expect req.bodylen == 0 + txresp + + accept + rxreq + expect req.method == GET + expect req.url == /req2 + expect req.proto == HTTP/1.1 + expect req.http.x-test == "server=" + expect req.http.x-haproxy-server-state ~ "UP.+name=be4/srv" + expect req.http.content-length == 17 + expect req.bodylen == 17 + expect req.body == "health-check body" + txresp + + accept + rxreq + expect req.method == GET + expect req.url == /req3 + expect req.proto == HTTP/1.0 + expect req.http.x-test == + expect req.http.x-haproxy-server-state ~ "UP.+name=be4/srv" + expect req.bodylen == 0 + txresp + +} -start + +syslog S1 -level notice { + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be[0-9]+ started." + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be[0-9]+ started." + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be[0-9]+ started." + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be[0-9]+ started." + + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be[0-9]/srv succeeded.*code: 200" + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be[0-9]/srv succeeded.*code: 200" + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be[0-9]/srv succeeded.*code: 200" + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be[0-9]/srv succeeded.*code: 200" +} -start + +haproxy h1 -conf { + defaults + mode http + timeout client 1s + timeout server 1s + timeout connect 100ms + option log-health-checks + + backend be1 + log ${S1_addr}:${S1_port} len 2048 local0 + option httpchk + server srv ${s1_addr}:${s1_port} check inter 100ms rise 1 fall 1 + + backend be2 + log ${S1_addr}:${S1_port} len 2048 local0 + option httpchk GET /status HTTP/1.1 + server srv ${s2_addr}:${s2_port} check inter 100ms rise 1 fall 1 + + backend be3 + log ${S1_addr}:${S1_port} len 2048 local0 + option httpchk + http-check send meth GET uri /status vsn HTTP/1.1 + server srv ${s3_addr}:${s3_port} check inter 100ms rise 1 fall 1 + + backend be4 + mode tcp + log ${S1_addr}:${S1_port} len 2048 local0 + option httpchk + http-check send-state + http-check connect addr ${s4_addr}:${s4_port} + http-check set-var(check.server) "str(srv)" + http-check send meth GET uri /req1 vsn HTTP/1.1 hdr x-test "server=%[var(check.server)]" + http-check expect status 200 + http-check connect addr ${s4_addr} port ${s4_port} + http-check unset-var(check.server) + http-check send meth GET uri /req2 vsn HTTP/1.1 hdr x-test "server=%[var(check.server)]" body "health-check body" + http-check expect rstatus "^2[0-9]{2}" + http-check connect addr ${s4_addr} port ${s4_port} + http-check send meth GET uri /req3 + ## implicit expect rule + server srv ${s1_addr}:${s1_port} check inter 100ms rise 1 fall 1 + +} -start + +syslog S1 -wait diff --git a/reg-tests/checks/ldap-check.vtc b/reg-tests/checks/ldap-check.vtc new file mode 100644 index 0000000000..51fa7207e4 --- /dev/null +++ b/reg-tests/checks/ldap-check.vtc @@ -0,0 +1,83 @@ +varnishtest "Health-checks: LDAP health-check" +#REQUIRE_VERSION=2.2 +#REGTEST_TYPE=slow +feature ignore_unknown_macro + +# This scripts tests health-checks for LDAP application, enabled using +# "option ldap-check" line. A intermediate listener is used to validate +# the request because it is impossible with VTEST to read and match raw +# text. + +server s1 { + recv 14 + sendhex "300C020101 61 070A01 00 04000400" +} -start + +server s2 { + recv 14 + sendhex "300C020101 60 070A01 00 04000400" +} -start + +server s3 { + recv 14 + sendhex "300C020101 61 070A01 01 04000400" +} -start + +syslog S1 -level notice { + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be1 started." + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be1/srv succeeded, reason: Layer7 check passed.+info: \"Success\".+check duration: [[:digit:]]+ms, status: 1/1 UP." +} -start + +syslog S2 -level notice { + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be2 started." + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be2/srv failed, reason: Layer7 invalid response.+info: \"Not LDAPv3 protocol\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN." +} -start + +syslog S3 -level notice { + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be3 started." + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be3/srv failed, reason: Layer7 wrong status.+code: 1.+info: \"See RFC: http://tools.ietf.org/html/rfc4511#section-4.1.9\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN." +} -start + +haproxy h1 -conf { + defaults + mode tcp + timeout client 1s + timeout server 1s + timeout connect 100ms + + backend be1 + log ${S1_addr}:${S1_port} daemon + option log-health-checks + option ldap-check + server srv ${h1_ldap1_addr}:${h1_ldap1_port} check inter 1s rise 1 fall 1 + + backend be2 + log ${S2_addr}:${S2_port} daemon + option log-health-checks + option ldap-check + server srv ${s2_addr}:${s2_port} check inter 1s rise 1 fall 1 + + backend be3 + log ${S3_addr}:${S3_port} daemon + option log-health-checks + option ldap-check + server srv ${s3_addr}:${s3_port} check inter 1s rise 1 fall 1 + + listen ldap1 + bind "fd@${ldap1}" + tcp-request inspect-delay 100ms + tcp-request content accept if { req.len eq 14 } { req.payload(0,14) -m bin "300C020101600702010304008000" } + tcp-request content reject + server srv ${s1_addr}:${s1_port} + +} -start + +syslog S1 -wait +syslog S2 -wait +syslog S3 -wait diff --git a/reg-tests/checks/mysql-check.vtc b/reg-tests/checks/mysql-check.vtc new file mode 100644 index 0000000000..061f2c1bba --- /dev/null +++ b/reg-tests/checks/mysql-check.vtc @@ -0,0 +1,133 @@ +varnishtest "Health-checks: MySQL health-check" +#REQUIRE_VERSION=2.2 +#REGTEST_TYPE=slow +feature ignore_unknown_macro + +# This scripts tests health-checks for MySQL application, enabled using +# "option mysql-check" line. A intermediate listener is used to validate +# the request because it is impossible with VTEST to read and match raw +# text. + +server s1 { + sendhex "4A0000000A382E302E3139000A0000006F3C025E6249410D00FFFFFF0200FFC715000000000000000000007C182159106E2761144322200063616368696E675F736861325F70617373776F726400" + expect_close +} -start + +server s2 { + sendhex "4A0000000A382E302E3139000A0000006F3C025E6249410D00FFFFFF0200FFC715000000000000000000007C182159106E2761144322200063616368696E675F736861325F70617373776F726400" + recv 20 + sendhex "03000002000000" +} -start + +server s3 { + sendhex "4A0000000A382E302E3139000A0000006F3C025E6249410D00FFFFFF0200FFC715000000000000000000007C182159106E2761144322200063616368696E675F736861325F70617373776F726400" + recv 47 + sendhex "0700000200000002000000" +} -start + +server s4 { + sendhex "4A0000000A382E302E3139000A0000006F3C025E6249410D00FFFFFF0200FFC715000000000000000000007C182159106E2761144322200063616368696E675F736861325F70617373776F726400" + recv 21 + sendhex "67000002FFE304436C69656E7420646F6573206E6F7420737570706F72742061757468656E7469636174696F6E2070726F746F636F6C20726571756573746564206279207365727665723B20636F6E736964657220757067726164696E67204D7953514C20636C69656E74" +} -start + +server s5 { + sendhex "4A0000000A382E302E3139000A0000006F3C025E6249410D00FFFFFF0200FFC715000000000000000000007C182159106E2761144322200063616368696E675F736861325F70617373776F726400" + recv 48 + sendhex "67000002FFE304436C69656E7420646F6573206E6F7420737570706F72742061757468656E7469636174696F6E2070726F746F636F6C20726571756573746564206279207365727665723B20636F6E736964657220757067726164696E67204D7953514C20636C69656E74" +} -start + +syslog S1 -level notice { + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be1 started." + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be1/srv succeeded, reason: Layer7 check passed.+info: \"8.0.19\".+check duration: [[:digit:]]+ms, status: 1/1 UP." +} -start + +syslog S2 -level notice { + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be2 started." + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be2/srv succeeded, reason: Layer7 check passed.+info: \"8.0.19\".+check duration: [[:digit:]]+ms, status: 1/1 UP." +} -start + +syslog S3 -level notice { + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be3 started." + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be3/srv succeeded, reason: Layer7 check passed.+info: \"8.0.19\".+check duration: [[:digit:]]+ms, status: 1/1 UP." +} -start + +syslog S4 -level notice { + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be4 started." + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be4/srv failed, reason: Layer7 wrong status.+code: 1251.+info: \"Client does not support authentication protocol requested by server; consider upgrading MySQL client\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN." +} -start + +syslog S5 -level notice { + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be5 started." + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be5/srv failed, reason: Layer7 wrong status.+code: 1251.+info: \"Client does not support authentication protocol requested by server; consider upgrading MySQL client\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN." +} -start + + +haproxy h1 -conf { + defaults + mode tcp + timeout client 1s + timeout server 1s + timeout connect 100ms + + backend be1 + log ${S1_addr}:${S1_port} daemon + option log-health-checks + option mysql-check + server srv ${s1_addr}:${s1_port} check inter 1s rise 1 fall 1 + + backend be2 + log ${S2_addr}:${S2_port} daemon + option log-health-checks + option mysql-check user user + server srv ${h1_mysql1_addr}:${h1_mysql1_port} check inter 1s rise 1 fall 1 + + backend be3 + log ${S3_addr}:${S3_port} daemon + option log-health-checks + option mysql-check user user post-41 + server srv ${h1_mysql2_addr}:${h1_mysql2_port} check inter 1s rise 1 fall 1 + + backend be4 + log ${S4_addr}:${S4_port} daemon + option log-health-checks + option mysql-check user pouet + server srv ${s4_addr}:${s4_port} check inter 1s rise 1 fall 1 + + backend be5 + log ${S5_addr}:${S5_port} daemon + option log-health-checks + option mysql-check user pouet post-41 + server srv ${s5_addr}:${s5_port} check inter 1s rise 1 fall 1 + + listen mysql1 + bind "fd@${mysql1}" + tcp-request inspect-delay 100ms + tcp-request content accept if { req.len eq 20 } { req.payload(0,20) -m bin "0B00000100800000017573657200000100000001" } + tcp-request content reject + server srv ${s2_addr}:${s2_port} + + listen mysql2 + bind "fd@${mysql2}" + tcp-request inspect-delay 100ms + tcp-request content accept if { req.len eq 47 } { req.payload(0,47) -m bin "2600000100820000008000012100000000000000000000000000000000000000000000007573657200000100000001" } + tcp-request content reject + server srv ${s3_addr}:${s3_port} + +} -start + +syslog S1 -wait +syslog S2 -wait +syslog S3 -wait +syslog S4 -wait +syslog S5 -wait diff --git a/reg-tests/checks/pgsql-check.vtc b/reg-tests/checks/pgsql-check.vtc new file mode 100644 index 0000000000..4620d6fd74 --- /dev/null +++ b/reg-tests/checks/pgsql-check.vtc @@ -0,0 +1,83 @@ +varnishtest "Health-checks: PostgreSQL health-check" +#REQUIRE_VERSION=2.2 +#REGTEST_TYPE=slow +feature ignore_unknown_macro + +# This scripts tests health-checks for PostgreSQL application, enabled using +# "option pgsql-check" line. A intermediate listener is used to validate +# the request because it is impossible with VTEST to read and match raw +# text. + +server s1 { + recv 23 + sendhex "520000000800000000" +} -start + +server s2 { + recv 23 + sendhex "450000000B53464154414C00" +} -start + +server s3 { + recv 23 + send "Not a PostgreSQL response" +} -start + +syslog S1 -level notice { + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be1 started." + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be1/srv succeeded, reason: Layer7 check passed.+info: \"PostgreSQL server is ok\".+check duration: [[:digit:]]+ms, status: 1/1 UP." +} -start + +syslog S2 -level notice { + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be2 started." + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be2/srv failed, reason: Layer7 invalid response.+info: \"FATAL\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN." +} -start + +syslog S3 -level notice { + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be3 started." + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be3/srv failed, reason: Layer7 wrong status.+info: \"PostgreSQL unknown error\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN." +} -start + + +haproxy h1 -conf { + defaults + mode tcp + timeout client 1s + timeout server 1s + timeout connect 100ms + + backend be1 + log ${S1_addr}:${S1_port} daemon + option log-health-checks + option pgsql-check user postgres + server srv ${h1_pgsql_addr}:${h1_pgsql_port} check inter 1s rise 1 fall 1 + + backend be2 + log ${S2_addr}:${S2_port} daemon + option log-health-checks + option pgsql-check user postgres + server srv ${s2_addr}:${s2_port} check inter 1s rise 1 fall 1 + + backend be3 + log ${S3_addr}:${S3_port} daemon + option log-health-checks + option pgsql-check user postgres + server srv ${s3_addr}:${s3_port} check inter 1s rise 1 fall 1 + + listen pgsql1 + bind "fd@${pgsql}" + tcp-request inspect-delay 100ms + tcp-request content accept if { req.len eq 23 } { req.payload(0,23) -m bin "00000017000300007573657200706f7374677265730000" } + tcp-request content reject + server srv ${s1_addr}:${s1_port} +} -start + +syslog S1 -wait +syslog S2 -wait +syslog S3 -wait diff --git a/reg-tests/checks/redis-check.vtc b/reg-tests/checks/redis-check.vtc new file mode 100644 index 0000000000..a9c85cb184 --- /dev/null +++ b/reg-tests/checks/redis-check.vtc @@ -0,0 +1,65 @@ +varnishtest "Health-checks: Redis health-check" +#REQUIRE_VERSION=2.2 +#REGTEST_TYPE=slow +feature ignore_unknown_macro + +# This scripts tests health-checks for Redis application, enabled using +# "option redis-check" line. A intermediate listener is used to validate +# the request because it is impossible with VTEST to read and match raw +# text. + +server s1 { + recv 14 + send "+PONG\r\n" +} -start + +server s2 { + recv 14 + send "-Error message\r\n" +} -start + +syslog S1 -level notice { + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be1 started." + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be1/srv succeeded, reason: Layer7 check passed.+info: \"Redis server is ok\".+check duration: [[:digit:]]+ms, status: 1/1 UP." +} -start + +syslog S2 -level notice { + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be2 started." + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be2/srv failed, reason: Layer7 wrong status.+info: \"-Error message\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN." +} -start + + +haproxy h1 -conf { + defaults + mode tcp + timeout client 1s + timeout server 1s + timeout connect 100ms + + backend be1 + log ${S1_addr}:${S1_port} daemon + option log-health-checks + option redis-check + server srv ${h1_redis_addr}:${h1_redis_port} check inter 1s rise 1 fall 1 + + backend be2 + log ${S2_addr}:${S2_port} daemon + option log-health-checks + option redis-check + server srv ${s2_addr}:${s2_port} check inter 1s rise 1 fall 1 + + listen redis1 + bind "fd@${redis}" + tcp-request inspect-delay 100ms + tcp-request content accept if { req.len eq 14 } { req.payload(0,14) -m str "*1\r\n\$4\r\nPING\r\n" } + tcp-request content reject + server srv ${s1_addr}:${s1_port} + +} -start + +syslog S1 -wait +syslog S2 -wait diff --git a/reg-tests/checks/smtp-check.vtc b/reg-tests/checks/smtp-check.vtc new file mode 100644 index 0000000000..ab24b0c865 --- /dev/null +++ b/reg-tests/checks/smtp-check.vtc @@ -0,0 +1,116 @@ +varnishtest "Health-checks: SMTP health-check" +#REQUIRE_VERSION=2.2 +#REGTEST_TYPE=slow +feature ignore_unknown_macro + +# This scripts tests health-checks for SMTP servers, enabled using +# "option smtpchk" line. + +server s1 { + send "220 smtp-check.vtc SMTP Server\r\n" + recv 16 + send "250 smtp-check.vtc\r\n" +} -start + +server s2 { + send "220 smtp-check.vtc SMTP Server\r\n" + recv 17 + send "250-smtp-check.vtc\r\n" + send "250-KEYWORD\r\n" + send "250 LAST KEYWORD\r\n" +} -start + +server s3 { + send "I'm not a SMTP server\r\n" +} -start + +server s4 { + send "421 Try again later\r\n" +} -start + +server s5 { + send "220 smtp-check.vtc SMTP Server\r\n" + recv 16 + send "512 DNS error\r\n" +} -start + +syslog S1 -level notice { + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be1 started." + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be1/srv succeeded, reason: Layer7 check passed.+code: 250.+info: \"smtp-check.vtc\".+check duration: [[:digit:]]+ms, status: 1/1 UP." +} -start + +syslog S2 -level notice { + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be2 started." + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be2/srv succeeded, reason: Layer7 check passed.+code: 250.+info: \"smtp-check.vtc\".+check duration: [[:digit:]]+ms, status: 1/1 UP." +} -start + +syslog S3 -level notice { + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be3 started." + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be3/srv failed, reason: Layer7 invalid response.+info: \"I'm not a SMTP server\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN." +} -start + +syslog S4 -level notice { + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be4 started." + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be4/srv failed, reason: Layer7 wrong status.+code: 421.+info: \"Try again later\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN." +} -start + +syslog S5 -level notice { + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be5 started." + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be5/srv failed, reason: Layer7 wrong status.+code: 512.+info: \"DNS error\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN." +} -start + + +haproxy h1 -conf { + defaults + mode tcp + timeout client 1s + timeout server 1s + timeout connect 100ms + + backend be1 + log ${S1_addr}:${S1_port} daemon + option log-health-checks + option smtpchk + server srv ${s1_addr}:${s1_port} check inter 1s rise 1 fall 1 + + backend be2 + log ${S2_addr}:${S2_port} daemon + option log-health-checks + option smtpchk EHLO domain.tld + server srv ${s2_addr}:${s2_port} check inter 1s rise 1 fall 1 + + backend be3 + log ${S3_addr}:${S3_port} daemon + option log-health-checks + option smtpchk + server srv ${s3_addr}:${s3_port} check inter 1s rise 1 fall 1 + + backend be4 + log ${S4_addr}:${S4_port} daemon + option log-health-checks + option smtpchk + server srv ${s4_addr}:${s4_port} check inter 1s rise 1 fall 1 + + backend be5 + log ${S5_addr}:${S5_port} daemon + option log-health-checks + option smtpchk EHLO domain.tld + server srv ${s5_addr}:${s5_port} check inter 1s rise 1 fall 1 + +} -start + +syslog S1 -wait +syslog S2 -wait +syslog S3 -wait +syslog S4 -wait +syslog S5 -wait diff --git a/reg-tests/checks/spop-check.vtc b/reg-tests/checks/spop-check.vtc new file mode 100644 index 0000000000..8446c77b56 --- /dev/null +++ b/reg-tests/checks/spop-check.vtc @@ -0,0 +1,102 @@ +varnishtest "Health-checks: SPOP health-check" +#REQUIRE_VERSION=2.2 +#REGTEST_TYPE=slow +feature ignore_unknown_macro + +# This scripts tests health-checks for SPOE agent, enabled using +# "option spop-check" line. A intermediate listener is used to validate +# the request because it is impossible with VTEST to read and match raw +# text. + +server s1 { + recv 82 + sendhex "00000036 65 00000001 0000 0776657273696F6E 0803322E30 0E6D61782D6672616D652D73697A65 03FCF0 060C6361706162696C6974696573 0800" +} -start + +server s2 { + recv 82 + sendhex "00000000" +} -start + +server s3 { + recv 82 + sendhex "00000007 65 00000000 0000" +} -start + +server s4 { + recv 82 + sendhex "00000014 65 00000001 0000 0776657273696F6E 0803312E30" +} -start + +syslog S1 -level notice { + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be1 started." + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be1/srv succeeded, reason: Layer7 check passed.+info: \"SPOA server is ok\".+check duration: [[:digit:]]+ms, status: 1/1 UP." +} -start + +syslog S2 -level notice { + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be2 started." + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be2/srv failed, reason: Layer7 invalid response.+info: \"invalid frame received\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN." +} -start + +syslog S3 -level notice { + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be3 started." + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be3/srv failed, reason: Layer7 invalid response.+info: \"fragmentation not supported\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN." +} -start + +syslog S4 -level notice { + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be4 started." + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be4/srv failed, reason: Layer7 invalid response.+info: \"unsupported version\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN." +} -start + +haproxy h1 -conf { + defaults + mode tcp + timeout client 1s + timeout server 1s + timeout connect 100ms + + backend be1 + log ${S1_addr}:${S1_port} daemon + option log-health-checks + option spop-check + server srv ${h1_spop1_addr}:${h1_spop1_port} check inter 1s rise 1 fall 1 + + backend be2 + log ${S2_addr}:${S2_port} daemon + option log-health-checks + option spop-check + server srv ${s2_addr}:${s2_port} check inter 1s rise 1 fall 1 + + backend be3 + log ${S3_addr}:${S3_port} daemon + option log-health-checks + option spop-check + server srv ${s3_addr}:${s3_port} check inter 1s rise 1 fall 1 + + backend be4 + log ${S4_addr}:${S4_port} daemon + option log-health-checks + option spop-check + server srv ${s4_addr}:${s4_port} check inter 1s rise 1 fall 1 + + listen spop1 + bind "fd@${spop1}" + tcp-request inspect-delay 100ms + tcp-request content accept if { req.len eq 82 } { req.payload(0,4) -m bin "0000004E" } #{ req.payload(4,4) -m bin "00000001" } { req.payload(8,2) -m bin "0000" } { req.payload(12,17) -m str "supported-version" } + tcp-request content reject + server srv ${s1_addr}:${s1_port} + +} -start + +syslog S1 -wait +syslog S2 -wait +syslog S3 -wait +syslog S4 -wait diff --git a/reg-tests/checks/ssl-hello-check.vtc b/reg-tests/checks/ssl-hello-check.vtc new file mode 100644 index 0000000000..c4b0b534e3 --- /dev/null +++ b/reg-tests/checks/ssl-hello-check.vtc @@ -0,0 +1,82 @@ +varnishtest "Health-checks: ssl-hello health-check" +#REQUIRE_OPTION=OPENSSL +#REQUIRE_VERSION=2.2 +#REGTEST_TYPE=slow +feature ignore_unknown_macro + +# This scripts tests health-checks for SSL application, enabled using +# "option ssl-hello-chk" line. + +syslog S1 -level notice { + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be1 started." + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be1/srv succeeded, reason: Layer6 check passed.+check duration: [[:digit:]]+ms, status: 1/1 UP." +} -start + + +syslog S2 -level notice { + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be2 started." + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be2/srv failed, reason: Layer6 invalid response.+info: \"TCPCHK got an empty response at step 2\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN." +} -start + +syslog S3 -level notice { + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be3 started." + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be3/srv failed, reason: Layer6 invalid response.+check duration: [[:digit:]]+ms, status: 0/1 DOWN." +} -start + +haproxy htst -conf { + global + tune.ssl.default-dh-param 2048 + + defaults + mode tcp + timeout client 1s + timeout server 1s + timeout connect 100ms + + frontend fe1 + bind "fd@${fe1}" ssl crt ${testdir}/common.pem + + frontend fe2 + bind "fd@${fe2}" + + frontend fe3 + mode http + bind "fd@${fe3}" + +} -start + +haproxy h1 -conf { + defaults + mode tcp + timeout client 1s + timeout server 1s + timeout connect 100ms + + backend be1 + log ${S1_addr}:${S1_port} daemon + option log-health-checks + option ssl-hello-chk + server srv ${htst_fe1_addr}:${htst_fe1_port} check inter 1s rise 1 fall 1 + + backend be2 + log ${S2_addr}:${S2_port} daemon + option log-health-checks + option ssl-hello-chk + server srv ${htst_fe2_addr}:${htst_fe2_port} check inter 1s rise 1 fall 1 + + backend be3 + log ${S3_addr}:${S3_port} daemon + option log-health-checks + option ssl-hello-chk + server srv ${htst_fe3_addr}:${htst_fe3_port} check inter 1s rise 1 fall 1 +} -start + +syslog S1 -wait +syslog S2 -wait +syslog S3 -wait diff --git a/reg-tests/checks/tcp-check-ssl.vtc b/reg-tests/checks/tcp-check-ssl.vtc new file mode 100644 index 0000000000..e5863580cf --- /dev/null +++ b/reg-tests/checks/tcp-check-ssl.vtc @@ -0,0 +1,133 @@ +varnishtest "Health-checks: tcp-check health-check with ssl options" +#REQUIRE_OPTION=OPENSSL +#REQUIRE_VERSION=2.2 +#REGTEST_TYPE=slow +feature ignore_unknown_macro + +syslog S_ok -level notice { + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be[0-9]+ started." + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be[0-9]+ started." + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be[0-9]+ started." + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be[0-9]+ started." + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be[0-9]+ started." + + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be[0-9]+/srv succeeded, reason: Layer6 check passed.+check duration: [[:digit:]]+ms, status: 1/1 UP." + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be[0-9]+/srv succeeded, reason: Layer6 check passed.+check duration: [[:digit:]]+ms, status: 1/1 UP." + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be[0-9]+/srv succeeded, reason: Layer6 check passed.+check duration: [[:digit:]]+ms, status: 1/1 UP." + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be[0-9]+/srv succeeded, reason: Layer6 check passed.+check duration: [[:digit:]]+ms, status: 1/1 UP." + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be[0-9]+/srv succeeded, reason: Layer6 check passed.+check duration: [[:digit:]]+ms, status: 1/1 UP." +} -start + +syslog S3 -level notice { + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be3 started." + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be3/srv failed, reason: Layer6 invalid response.+info: \"SSL handshake failure\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN." +} -start + +syslog S4 -level notice { + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be4 started." + recv + expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be4/srv failed, reason: Layer6 invalid response.+info: \"SSL handshake failure at step 1 of tcp-check \\(connect\\)\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN." +} -start + + +haproxy htst -conf { + global + tune.ssl.default-dh-param 2048 + + defaults + mode tcp + timeout client 1s + timeout server 1s + timeout connect 100ms + + listen li1 + bind "fd@${li1}" + tcp-request inspect-delay 100ms + tcp-request content reject if { req.ssl_hello_type 0 } + tcp-request content accept if { req.ssl_sni check.haproxy.org } + tcp-request content accept if { req.ssl_sni connect.haproxy.org } + tcp-request content reject + server fe1 ${htst_fe1_addr}:${htst_fe1_port} + + listen li2 + bind "fd@${li2}" + tcp-request inspect-delay 100ms + tcp-request content reject if { req.ssl_hello_type 0 } + tcp-request content accept if { req.ssl_alpn h2 } + tcp-request content accept if { req.ssl_alpn http/1.1 } + tcp-request content reject + server fe1 ${htst_fe1_addr}:${htst_fe1_port} + + frontend fe1 + bind "fd@${fe1}" ssl crt ${testdir}/common.pem + +} -start + +haproxy h1 -conf { + defaults + mode tcp + timeout client 1s + timeout server 1s + timeout connect 100ms + + backend be1 + log ${S_ok_addr}:${S_ok_port} daemon + option log-health-checks + server srv ${htst_li1_addr}:${htst_li1_port} check check-ssl check-sni check.haproxy.org inter 1s rise 1 fall 1 verify none + + backend be2 + log ${S_ok_addr}:${S_ok_port} daemon + option log-health-checks + option tcp-check + tcp-check connect ssl sni connect.haproxy.org + server srv ${htst_li1_addr}:${htst_li1_port} check inter 1s rise 1 fall 1 verify none + + backend be3 + log ${S3_addr}:${S3_port} daemon + option log-health-checks + server srv ${htst_li1_addr}:${htst_li1_port} check check-ssl check-sni bad.haproxy.org inter 1s rise 1 fall 1 verify none + + backend be4 + log ${S4_addr}:${S4_port} daemon + option log-health-checks + option tcp-check + tcp-check connect ssl sni bad.haproxy.org + server srv ${htst_li1_addr}:${htst_li1_port} check inter 1s rise 1 fall 1 verify none + + backend be5 + log ${S_ok_addr}:${S_ok_port} daemon + option log-health-checks + option tcp-check + tcp-check connect default + server srv ${htst_li1_addr}:${htst_li1_port} check check-ssl check-sni check.haproxy.org inter 1s rise 1 fall 1 verify none + + backend be6 + log ${S_ok_addr}:${S_ok_port} daemon + option log-health-checks + server srv ${htst_li2_addr}:${htst_li2_port} check check-ssl check-alpn "h2,http/1.1" inter 1s rise 1 fall 1 verify none + + backend be7 + log ${S_ok_addr}:${S_ok_port} daemon + option log-health-checks + option tcp-check + tcp-check connect ssl alpn "h2,http/1.1" + server srv ${htst_li2_addr}:${htst_li2_port} check inter 1s rise 1 fall 1 verify none + +} -start + +syslog S_ok -wait +syslog S3 -wait +syslog S4 -wait