git.ipfire.org Git - thirdparty/haproxy.git/commit

author	Willy Tarreau <w@1wt.eu>
	Thu, 15 Jan 2015 20:45:22 +0000 (21:45 +0100)
committer	Willy Tarreau <w@1wt.eu>
	Thu, 15 Jan 2015 20:45:22 +0000 (21:45 +0100)
commit	d025648f7cd149dd2f3009eaead1098bed5b1273
tree	1f1ce0053058a40cd3adf4388d6a32a9393397de	tree
parent	d92aa5c44a88e94d9b71e7726e2e5693df719519	commit \| diff

MAJOR: init: automatically set maxconn and/or maxsslconn when possible

If a memory size limit is enforced using "-n" on the command line and
one or both of maxconn / maxsslconn are not set, instead of using the
build-time values, haproxy now computes the number of sessions that can
be allocated depending on a number of parameters among which :

  - global.maxconn (if set)
  - global.maxsslconn (if set)
  - maxzlibmem
  - tune.ssl.cachesize
  - presence of SSL in at least one frontend (bind lines)
  - presence of SSL in at least one backend (server lines)
  - tune.bufsize
  - tune.cookie_len

The purpose is to ensure that not haproxy will not run out of memory
when maxing out all parameters. If neither maxconn nor maxsslconn are
used, it will consider that 100% of the sessions involve SSL on sides
where it's supported. That means that it will typically optimize maxconn
for SSL offloading or SSL bridging on all connections. This generally
means that the simple act of enabling SSL in a frontend or in a backend
will significantly reduce the global maxconn but in exchange of that, it
will guarantee that it will not fail.

All metrics may be enforced using #defines to accomodate variations in
SSL libraries or various allocation sizes.

doc/configuration.txt		diff \| blob \| blame \| history
include/common/defaults.h		diff \| blob \| blame \| history
src/haproxy.c		diff \| blob \| blame \| history