MAJOR: check: find out which port to use for health check at run time

HAProxy used to deduce port used for health checks when parsing configuration
at startup time.
Because of this way of working, it makes it complicated to change the port at
run time.

The current patch changes this behavior and makes HAProxy to choose the
port used for health checking when preparing the check task itself.

A new type of error is introduced and reported when no port can be found.

There won't be any impact on performance, since the process to find out the
port value is made of a few 'if' statements.

This patch also introduces a new check state CHK_ST_PORT_MISS: this flag is
used to report an error in the case when HAProxy needs to establish a TCP
connection to a server, to perform a health check but no TCP ports can be
found for it.

And last, it also introduces a new stream termination condition:
SF_ERR_CHK_PORT. Purpose of this flag is to report an error in the event when
HAProxy has to run a health check but no port can be found to perform it.

diff --git a/include/proto/checks.h b/include/proto/checks.h
index 9ab3e509b43f1c5cd094a2016408237b4207a774..ecd4a5ce4517b6e33a4bf2b0235760f5e07cccd6 100644 (file)
--- a/include/proto/checks.h
+++ b/include/proto/checks.h
@@ -50,6 +50,7 @@ void free_check(struct check *check);
 
 void send_email_alert(struct server *s, int priority, const char *format, ...)
        __attribute__ ((format(printf, 3, 4)));
+int srv_check_healthcheck_port(struct check *chk);
 #endif /* _PROTO_CHECKS_H */
 
 /*

diff --git a/include/types/checks.h b/include/types/checks.h
index dd2018400a178bd4d6a89d93eebe2552acd0691d..283ff3dbed3b7b23a1a3c2ef4a10ed68c74ccf02 100644 (file)
--- a/include/types/checks.h
+++ b/include/types/checks.h
@@ -41,6 +41,7 @@ enum chk_result {
 #define CHK_ST_ENABLED          0x0004  /* this check is currently administratively enabled */
 #define CHK_ST_PAUSED           0x0008  /* checks are paused because of maintenance (health only) */
 #define CHK_ST_AGENT            0x0010  /* check is an agent check (otherwise it's a health check) */
+#define CHK_ST_PORT_MISS        0x0020  /* check can't be send because no port is configured to run it */
 
 /* check status */
 enum {

diff --git a/include/types/stream.h b/include/types/stream.h
index 17e74b8ea1d5ea7ae4ba49b54397efd317aaf1ab..0d8c5002ad7b20666f08e0db0c7a0fc00e0fc061 100644 (file)
--- a/include/types/stream.h
+++ b/include/types/stream.h
@@ -73,6 +73,7 @@
 #define SF_ERR_DOWN     0x00009000     /* the proxy killed a stream because the backend became unavailable */
 #define SF_ERR_KILLED   0x0000a000     /* the proxy killed a stream because it was asked to do so */
 #define SF_ERR_UP       0x0000b000     /* the proxy killed a stream because a preferred backend became available */
+#define SF_ERR_CHK_PORT 0x0000c000     /* no port could be found for a health check. TODO: check SF_ERR_SHIFT */
 #define SF_ERR_MASK     0x0000f000     /* mask to get only stream error flags */
 #define SF_ERR_SHIFT    12             /* bit shift */
 

diff --git a/src/checks.c b/src/checks.c
index 5d026420b533446791dcc2abfe3adb46ef594d52..65d003743b0d3f7babec8ffbb71d7371d879ccf8 100644 (file)
--- a/src/checks.c
+++ b/src/checks.c
@@ -679,6 +679,12 @@ static void chk_report_conn_err(struct connection *conn, int errno_bck, int expi
                }
        }
 
+       if (check->state & CHK_ST_PORT_MISS) {
+               /* NOTE: this is reported after <fall> tries */
+               chunk_printf(chk, "No port available for the TCP connection");
+               set_server_check_status(check, HCHK_STATUS_SOCKERR, err_msg);
+       }
+
        if ((conn->flags & (CO_FL_CONNECTED|CO_FL_WAIT_L4_CONN)) == CO_FL_WAIT_L4_CONN) {
                /* L4 not established (yet) */
                if (conn->flags & CO_FL_ERROR)
@@ -1430,6 +1436,7 @@ static struct task *server_warmup(struct task *t)
  *  - SF_ERR_PRXCOND if the connection has been limited by the proxy (maxconn)
  *  - SF_ERR_RESOURCE if a system resource is lacking (eg: fd limits, ports, ...)
  *  - SF_ERR_INTERNAL for any other purely internal errors
+ *  - SF_ERR_CHK_PORT if no port could be found to run a health check on an AF_INET* socket
  * Additionnally, in the case of SF_ERR_RESOURCE, an emergency log will be emitted.
  * Note that we try to prevent the network stack from sending the ACK during the
  * connect() when a pure TCP check is used (without PROXY protocol).
@@ -1491,8 +1498,16 @@ static int connect_conn_chk(struct task *t)
                conn->addr.to = s->addr;
        }
 
-       if (check->port) {
-               set_host_port(&conn->addr.to, check->port);
+       if ((conn->addr.to.ss_family == AF_INET) || (conn->addr.to.ss_family == AF_INET6)) {
+               int i = 0;
+
+               i = srv_check_healthcheck_port(check);
+               if (i == 0) {
+                       conn->owner = check;
+                       return SF_ERR_CHK_PORT;
+               }
+
+               set_host_port(&conn->addr.to, i);
        }
 
        proto = protocol_by_family(conn->addr.to.ss_family);
@@ -2072,6 +2087,9 @@ static struct task *process_chk_conn(struct task *t)
                        conn->flags |= CO_FL_ERROR;
                        chk_report_conn_err(conn, errno, 0);
                        break;
+               /* should share same code than cases below */
+               case SF_ERR_CHK_PORT:
+                       check->state |= CHK_ST_PORT_MISS;
                case SF_ERR_PRXCOND:
                case SF_ERR_RESOURCE:
                case SF_ERR_INTERNAL:
@@ -3368,6 +3386,53 @@ void send_email_alert(struct server *s, int level, const char *format, ...)
        enqueue_email_alert(p, buf);
 }
 
+/*
+ * Return value:
+ *   the port to be used for the health check
+ *   0 in case no port could be found for the check
+ */
+int srv_check_healthcheck_port(struct check *chk)
+{
+       int i = 0;
+       struct server *srv = NULL;
+
+       srv = chk->server;
+
+       /* If neither a port nor an addr was specified and no check transport
+        * layer is forced, then the transport layer used by the checks is the
+        * same as for the production traffic. Otherwise we use raw_sock by
+        * default, unless one is specified.
+        */
+       if (!chk->port && !is_addr(&chk->addr)) {
+#ifdef USE_OPENSSL
+               chk->use_ssl |= (srv->use_ssl || (srv->proxy->options & PR_O_TCPCHK_SSL));
+#endif
+               chk->send_proxy |= (srv->pp_opts);
+       }
+
+       /* by default, we use the health check port ocnfigured */
+       if (chk->port > 0)
+               return chk->port;
+
+       /* try to get the port from check_core.addr if check.port not set */
+       i = get_host_port(&chk->addr);
+       if (i > 0)
+               return i;
+
+       /* try to get the port from server address */
+       /* prevent MAPPORTS from working at this point, since checks could
+        * not be performed in such case (MAPPORTS impose a relative ports
+        * based on live traffic)
+        */
+       if (srv->flags & SRV_F_MAPPORTS)
+               return 0;
+       i = get_host_port(&srv->addr); /* by default */
+       if (i > 0)
+               return i;
+
+       return 0;
+}
+
 
 /*
  * Local variables:

diff --git a/src/server.c b/src/server.c
index 62c08b056966d9487311105a672416bc748b2dd0..e41afc744e10f63f8d1b6306e9c5f41ebe76a4e9 100644 (file)
--- a/src/server.c
+++ b/src/server.c
@@ -869,7 +869,6 @@ int parse_server(const char *file, int linenum, char **args, struct proxy *curpr
 
        if (!strcmp(args[0], "server") || !strcmp(args[0], "default-server")) {  /* server address */
                int cur_arg;
-               short realport = 0;
                int do_agent = 0, do_check = 0, defsrv = (*args[0] == 'd');
 
                if (!defsrv && curproxy == defproxy) {
@@ -961,10 +960,6 @@ int parse_server(const char *file, int linenum, char **args, struct proxy *curpr
                                err_code |= ERR_ALERT | ERR_FATAL;
                                goto out;
                        }
-                       else {
-                               /* used by checks */
-                               realport = port1;
-                       }
 
                        /* save hostname and create associated name resolution */
                        newsrv->hostname = fqdn;
@@ -1749,29 +1744,11 @@ int parse_server(const char *file, int linenum, char **args, struct proxy *curpr
                                goto out;
                        }
 
-                       /* If neither a port nor an addr was specified and no check transport
-                        * layer is forced, then the transport layer used by the checks is the
-                        * same as for the production traffic. Otherwise we use raw_sock by
-                        * default, unless one is specified.
-                        */
-                       if (!newsrv->check.port && !is_addr(&newsrv->check.addr)) {
-#ifdef USE_OPENSSL
-                               newsrv->check.use_ssl |= (newsrv->use_ssl || (newsrv->proxy->options & PR_O_TCPCHK_SSL));
-#endif
-                               newsrv->check.send_proxy |= (newsrv->pp_opts);
-                       }
-                       /* try to get the port from check_core.addr if check.port not set */
-                       if (!newsrv->check.port)
-                               newsrv->check.port = get_host_port(&newsrv->check.addr);
-
-                       if (!newsrv->check.port)
-                               newsrv->check.port = realport; /* by default */
-
                        /*
                         * We need at least a service port, a check port or the first tcp-check rule must
                         * be a 'connect' one when checking an IPv4/IPv6 server.
                         */
-                       if (!newsrv->check.port &&
+                       if ((srv_check_healthcheck_port(&newsrv->check) == 0) &&
                            (is_inet_addr(&newsrv->check.addr) ||
                             (!is_addr(&newsrv->check.addr) && is_inet_addr(&newsrv->addr)))) {
                                struct tcpcheck_rule *r = NULL;