feat: Enable redispatch to different server on retry

Author: domdom82

acceptance-tests/acceptance_tests_suite_test.go

@@ -2,12 +2,15 @@ package acceptance_tests
 
 import (
 	"context"
+	"crypto/tls"
 	"encoding/json"
 	"errors"
 	"fmt"
 	"net"
 	"net/http"
+	"net/http/httptest"
 	"net/url"
+	"strconv"
 	"strings"
 	"testing"
 	"time"
@@ -61,46 +64,94 @@ var _ = SynchronizedAfterSuite(func() {
 	deleteDeployment(deploymentNameForTestNode())
 }, func() {})
 
-// Starts a simple test server that returns 200 OK or echoes websocket messages back
-func startDefaultTestServer() (func(), int) {
-	var upgrader = websocket.Upgrader{}
+type TestServerOption func(*httptest.Server)
 
-	By("Starting a local websocket server to act as a backend")
-	closeLocalServer, localPort, err := startLocalHTTPServer(nil, func(w http.ResponseWriter, r *http.Request) {
-		// if no upgrade requested, act like a normal HTTP server
-		if strings.ToLower(r.Header.Get("Upgrade")) != "websocket" {
-			fmt.Fprintln(w, "Hello cloud foundry")
-			return
-		}
+func withIP(ip string) TestServerOption {
+	return func(server *httptest.Server) {
+		l, err := net.Listen("tcp", fmt.Sprintf("%s:0", ip))
+		Expect(err).ToNot(HaveOccurred())
+		server.Listener = l
+	}
+}
+
+func withTLS(tlsConfig *tls.Config) TestServerOption {
+	return func(server *httptest.Server) {
+		server.TLS = tlsConfig
+	}
+}
+
+func withHandlerFunc(handlerFunc http.HandlerFunc) TestServerOption {
+	return func(server *httptest.Server) {
+		server.Config = &http.Server{Handler: handlerFunc}
+	}
+}
+
+func defaultHandler(w http.ResponseWriter, r *http.Request) {
+	// if no upgrade requested, act like a normal HTTP server
+	if strings.ToLower(r.Header.Get("Upgrade")) != "websocket" {
+		fmt.Fprintln(w, "Hello cloud foundry")
+		return
+	}
+	var upgrader = websocket.Upgrader{}
+	conn, err := upgrader.Upgrade(w, r, nil)
+	if err != nil {
+		w.WriteHeader(http.StatusInternalServerError)
+		return
+	}
+	defer conn.Close()
 
-		conn, err := upgrader.Upgrade(w, r, nil)
+	for {
+		messageType, message, err := conn.ReadMessage()
 		if err != nil {
-			w.WriteHeader(http.StatusInternalServerError)
-			return
+			break
 		}
-		defer conn.Close()
-
-		for {
-			messageType, message, err := conn.ReadMessage()
-			if err != nil {
-				break
-			}
-			err = conn.WriteMessage(messageType, message)
-			if err != nil {
-				break
-			}
+		err = conn.WriteMessage(messageType, message)
+		if err != nil {
+			break
 		}
-	})
+	}
+}
 
+func newTestServer(options ...TestServerOption) *httptest.Server {
+	l, err := net.Listen("tcp", "127.0.0.1:0")
 	Expect(err).NotTo(HaveOccurred())
-	return closeLocalServer, localPort
+
+	server := &httptest.Server{
+		Listener:    l,
+		EnableHTTP2: false,
+		TLS:         nil,
+		Config:      &http.Server{Handler: http.HandlerFunc(defaultHandler)},
+	}
+
+	for _, opt := range options {
+		opt(server)
+	}
+
+	return server
 }
 
-// Sets up SSH tunnel from HAProxy VM to test server
-func setupTunnelFromHaproxyToTestServer(haproxyInfo haproxyInfo, haproxyBackendPort, localPort int) func() {
-	By(fmt.Sprintf("Creating a reverse SSH tunnel from HAProxy backend (port %d) to local HTTP server (port %d)", haproxyBackendPort, localPort))
+// Starts a simple test server that returns 200 OK or echoes websocket messages back
+func startDefaultTestServer(options ...TestServerOption) (func(), int) {
+	By("Starting a local websocket server to act as a backend")
+	server := newTestServer(options...)
+	if server.TLS != nil {
+		server.StartTLS()
+	} else {
+		server.Start()
+	}
+
+	serverURL, err := url.Parse(server.URL)
+	Expect(err).NotTo(HaveOccurred())
+	port, err := strconv.ParseInt(serverURL.Port(), 10, 64)
+	Expect(err).NotTo(HaveOccurred())
+
+	return server.Close, int(port)
+}
+
+func setupTunnelFromHaproxyIPToTestServerIP(haproxyInfo haproxyInfo, haproxyBackendIP string, haproxyBackendPort int, localIP string, localPort int) func() {
+	By(fmt.Sprintf("Creating a reverse SSH tunnel from HAProxy backend (ip %s port %d) to local HTTP server (ip %s port %d)", haproxyBackendIP, haproxyBackendPort, localIP, localPort))
 	ctx, cancelFunc := context.WithCancel(context.Background())
-	err := startReverseSSHPortForwarder(haproxyInfo.SSHUser, haproxyInfo.PublicIP, haproxyInfo.SSHPrivateKey, haproxyBackendPort, localPort, ctx)
+	err := startReverseSSHPortAndIPForwarder(haproxyInfo.SSHUser, haproxyInfo.PublicIP, haproxyInfo.SSHPrivateKey, haproxyBackendIP, haproxyBackendPort, localIP, localPort, ctx)
 	Expect(err).NotTo(HaveOccurred())
 
 	By("Waiting a few seconds so that HAProxy can detect the backend server is listening")
@@ -112,6 +163,11 @@ func setupTunnelFromHaproxyToTestServer(haproxyInfo haproxyInfo, haproxyBackendP
 	return cancelFunc
 }
 
+// Sets up SSH tunnel from HAProxy VM to test server
+func setupTunnelFromHaproxyToTestServer(haproxyInfo haproxyInfo, haproxyBackendPort, localPort int) func() {
+	return setupTunnelFromHaproxyIPToTestServerIP(haproxyInfo, "127.0.0.1", haproxyBackendPort, "127.0.0.1", localPort)
+}
+
 // Sets up SSH tunnel from local machine to HAProxy
 func setupTunnelFromLocalMachineToHAProxy(haproxyInfo haproxyInfo, localPort, haproxyPort int) func() {
 	By(fmt.Sprintf("Creating a SSH tunnel from localmachine (port %d) to HAProxy (port %d)", localPort, haproxyPort))

acceptance-tests/bosh_helpers.go

@@ -46,7 +46,7 @@ var opsfileChangeVersion string = `---
     version: ((release-version))
 `
 
-var opsfileAddSSHUser string = `---
+var opsfileConfigureSSH string = `---
 # Install OS conf so that we can SSH into VM to inspect configuration
 - type: replace
   path: /releases/-
@@ -72,10 +72,25 @@ var opsfileAddSSHUser string = `---
   value:
     name: ssh_key
     type: ssh
+
+# Configure SSH to allow port forwarding
+- type: replace
+  path: /instance_groups/name=haproxy/jobs/-
+  value:
+    name: post-deploy-script
+    release: os-conf
+    properties:
+      script: |-
+        #!/bin/bash
+        sed "/^ *AllowTcpForwarding/d" -i /etc/ssh/sshd_config
+        echo 'AllowTcpForwarding yes' >> /etc/ssh/sshd_config
+        sed "/^ *GatewayPorts/d" -i /etc/ssh/sshd_config
+        echo 'GatewayPorts clientspecified' >> /etc/ssh/sshd_config
+        /etc/init.d/ssh restart
 `
 
 // opsfiles that need to be set for all tests
-var defaultOpsfiles = []string{opsfileChangeName, opsfileChangeVersion, opsfileAddSSHUser}
+var defaultOpsfiles = []string{opsfileChangeName, opsfileChangeVersion, opsfileConfigureSSH}
 var defaultSSHUser string = "ginkgo"
 
 func buildManifestVars(baseManifestVars baseManifestVars, customVars map[string]interface{}) map[string]interface{} {
@@ -126,7 +141,7 @@ func buildHAProxyInfo(baseManifestVars baseManifestVars, varsStoreReader varsSto
 // Returns 'info' struct containing public IP and ssh creds, and a callback to deserialize properties from the vars store
 // Use expectSuccess with false if the base configuration will not start successfully, e.g. because
 // files that are referenced in the configuration still need to be uploaded, or a custom backend needs more time to start up.
-// In those cases, `monit` will keep restarting the boshrelease and the test can expect the procesess to be healthy after
+// In those cases, `monit` will keep restarting the boshrelease and the test can expect the processes to be healthy after
 // the necessary referenced resources are available.
 func deployHAProxy(baseManifestVars baseManifestVars, customOpsfiles []string, customVars map[string]interface{}, expectSuccess bool) (haproxyInfo, varsStoreReader) {
 	manifestVars := buildManifestVars(baseManifestVars, customVars)

acceptance-tests/remote.go

@@ -48,16 +48,16 @@ func copyFileToRemote(user string, addr string, privateKey string, remotePath st
 	return scpClient.CopyFile(context.Background(), fileReader, remotePath, permissions)
 }
 
-// Forwards a TCP connection from a given port on the local machine to a given port on the remote machine
-// Starts in backgound, cancel via context
-func startSSHPortForwarder(user string, addr string, privateKey string, localPort, remotePort int, ctx context.Context) error {
+// Opens a local port forwarding SSH connection. Equivalent to
+// ssh -i <privateKey> -L <localIP>:<localPort>:<remoteIP>:<remotePort> <user>@<addr>
+func startSSHPortAndIPForwarder(user string, addr string, privateKey string, localIP string, localPort int, remoteIP string, remotePort int, ctx context.Context) error {
 	remoteConn, err := buildSSHClient(user, addr, privateKey)
 	if err != nil {
 		return err
 	}
 
-	writeLog(fmt.Sprintf("Listening on 127.0.0.1:%d on local machine\n", remotePort))
-	localListener, err := net.Listen("tcp", fmt.Sprintf("127.0.0.1:%d", localPort))
+	writeLog(fmt.Sprintf("Listening on %s:%d on local machine\n", localIP, localPort))
+	localListener, err := net.Listen("tcp", fmt.Sprintf("%s:%d", localIP, localPort))
 	if err != nil {
 		return err
 	}
@@ -75,9 +75,9 @@ func startSSHPortForwarder(user string, addr string, privateKey string, localPor
 				return
 			}
 
-			remoteConn, err := remoteConn.Dial("tcp", fmt.Sprintf("127.0.0.1:%d", remotePort))
+			remoteConn, err := remoteConn.Dial("tcp", fmt.Sprintf("%s:%d", remoteIP, remotePort))
 			if err != nil {
-				writeLog(fmt.Sprintf("Error dialing local port %d: %s\n", remotePort, err.Error()))
+				writeLog(fmt.Sprintf("Error dialing remote ip %s port %d: %s\n", remoteIP, remotePort, err.Error()))
 				return
 			}
 
@@ -95,16 +95,22 @@ func startSSHPortForwarder(user string, addr string, privateKey string, localPor
 	return nil
 }
 
-// Forwards a TCP connection from a given port on the remote machine to a given port on the local machine
-// Starts in backgound, cancel via context
-func startReverseSSHPortForwarder(user string, addr string, privateKey string, remotePort, localPort int, ctx context.Context) error {
+// Forwards a TCP connection from a given port on the local machine to a given port on the remote machine
+// Starts in background, cancel via context
+func startSSHPortForwarder(user string, addr string, privateKey string, localPort, remotePort int, ctx context.Context) error {
+	return startSSHPortAndIPForwarder(user, addr, privateKey, "127.0.0.1", localPort, "127.0.0.1", remotePort, ctx)
+}
+
+// Opens a remote port forwarding SSH connection. Equivalent to
+// ssh -i <privateKey> -R <remoteIP>:<remotePort>:<localIP>:<localPort> <user>@<addr>
+func startReverseSSHPortAndIPForwarder(user string, addr string, privateKey string, remoteIP string, remotePort int, localIP string, localPort int, ctx context.Context) error {
 	remoteConn, err := buildSSHClient(user, addr, privateKey)
 	if err != nil {
 		return err
 	}
 
-	writeLog(fmt.Sprintf("Listening on 127.0.0.1:%d on remote machine\n", remotePort))
-	remoteListener, err := remoteConn.Listen("tcp", fmt.Sprintf("127.0.0.1:%d", remotePort))
+	writeLog(fmt.Sprintf("Listening on %s:%d on remote machine %s\n", remoteIP, remotePort, addr))
+	remoteListener, err := remoteConn.Listen("tcp", fmt.Sprintf("%s:%d", remoteIP, remotePort))
 	if err != nil {
 		return err
 	}
@@ -122,9 +128,9 @@ func startReverseSSHPortForwarder(user string, addr string, privateKey string, r
 				return
 			}
 
-			localConn, err := net.Dial("tcp", fmt.Sprintf("127.0.0.1:%d", localPort))
+			localConn, err := net.Dial("tcp", fmt.Sprintf("%s:%d", localIP, localPort))
 			if err != nil {
-				writeLog(fmt.Sprintf("Error dialing local port %d: %s\n", localPort, err.Error()))
+				writeLog(fmt.Sprintf("Error dialing local ip %s port %d: %s\n", localIP, localPort, err.Error()))
 				return
 			}
 
@@ -142,6 +148,12 @@ func startReverseSSHPortForwarder(user string, addr string, privateKey string, r
 	return nil
 }
 
+// Forwards a TCP connection from a given port on the remote machine to a given port on the local machine
+// Starts in background, cancel via context
+func startReverseSSHPortForwarder(user string, addr string, privateKey string, remotePort, localPort int, ctx context.Context) error {
+	return startReverseSSHPortAndIPForwarder(user, addr, privateKey, "127.0.0.1", remotePort, "127.0.0.1", localPort, ctx)
+}
+
 func copyConnections(client net.Conn, remote net.Conn) {
 	chDone := make(chan bool)
 

acceptance-tests/retry_redispatch_test.go

@@ -0,0 +1,95 @@
+package acceptance_tests
+
+import (
+	"fmt"
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+	"net/http"
+)
+
+var _ = Describe("Retry and Redispatch Tests", func() {
+	var haproxyInfo haproxyInfo
+	var closeTunnel []func()
+	var closeLocalServer []func()
+
+	enableRedispatch := false
+	haproxyBackendPort := 12000
+	haproxyBackendHealthPort := 8080
+	opsfileRetry := `---
+# Configure Redispatch
+- type: replace
+  path: /instance_groups/name=haproxy/jobs/name=haproxy/properties/ha_proxy/enable_redispatch?
+  value: ((enable_redispatch))
+# Configure Retries
+- type: replace
+  path: /instance_groups/name=haproxy/jobs/name=haproxy/properties/ha_proxy/retries?
+  value: 2
+# Enable backend http health check
+- type: replace
+  path: /instance_groups/name=haproxy/jobs/name=haproxy/properties/ha_proxy/backend_use_http_health?
+  value: true
+`
+
+	JustBeforeEach(func() {
+		haproxyInfo, _ = deployHAProxy(baseManifestVars{
+			haproxyBackendPort:    haproxyBackendPort,
+			haproxyBackendServers: []string{"127.0.0.1", "127.0.0.2"},
+			deploymentName:        deploymentNameForTestNode(),
+		}, []string{opsfileRetry}, map[string]interface{}{
+			"enable_redispatch": enableRedispatch,
+		}, true)
+
+		setupTunnel := func(ip string, backendPort int) {
+			closeLocalServerFunc, localPort := startDefaultTestServer(withIP(ip))
+			closeTunnelFunc := setupTunnelFromHaproxyIPToTestServerIP(haproxyInfo, ip, backendPort, ip, localPort)
+
+			closeTunnel = append(closeTunnel, closeTunnelFunc)
+			closeLocalServer = append(closeLocalServer, closeLocalServerFunc)
+		}
+
+		setupTunnel("127.0.0.1", haproxyBackendPort)
+		setupTunnel("127.0.0.1", haproxyBackendHealthPort)
+
+		setupTunnel("127.0.0.2", haproxyBackendHealthPort) // this backend seems healthy but does not respond to traffic
+	})
+
+	AfterEach(func() {
+		for _, closeLocalServerFunc := range closeLocalServer {
+			closeLocalServerFunc()
+		}
+		for _, closeTunnelFunc := range closeTunnel {
+			closeTunnelFunc()
+		}
+	})
+
+	Context("When ha_proxy.enable_redispatch is false (default)", func() {
+		BeforeEach(func() {
+			enableRedispatch = false
+		})
+
+		It("Does not redispatch by default", func() {
+			By("Sending a request to broken backend results in a 503")
+
+			Eventually(func() int {
+				resp, err := http.Get(fmt.Sprintf("http://%s", haproxyInfo.PublicIP))
+				Expect(err).NotTo(HaveOccurred())
+				return resp.StatusCode
+			}).Should(Equal(http.StatusServiceUnavailable))
+		})
+	})
+	Context("When ha_proxy.enable_redispatch is true", func() {
+		BeforeEach(func() {
+			enableRedispatch = true
+		})
+
+		It("Does redispatch to other backends", func() {
+			By("Sending a request to broken backend results in a 200 due to redispatch to working backend")
+
+			Consistently(func() int {
+				resp, err := http.Get(fmt.Sprintf("http://%s", haproxyInfo.PublicIP))
+				Expect(err).NotTo(HaveOccurred())
+				return resp.StatusCode
+			}).Should(Equal(http.StatusOK))
+		})
+	})
+})

jobs/haproxy/spec

@@ -258,6 +258,12 @@ properties:
   ha_proxy.disable_backend_http2_websockets:
     default: false
     description: "Forward websockets to the backend servers using HTTP/1.1, never HTTP/2. Does not apply to custom routed_backend_servers. Works around https://github.com/cloudfoundry/routing-release/issues/230. Overrides backend_match_http_protocol for websockets."
+  ha_proxy.enable_redispatch:
+    default: false
+    description: "When enabled, HAProxy will try to connect to another server if a connect attempt fails. Best used in conjunction with retries."
+  ha_proxy.retries:
+    default: 0
+    description: "HAProxy will retry this many times on failed connections. When redispatch is enabled, the retries may occur on different servers. In combination with connect_timeout this defines the maximum response time of HAProxy to clients. e.g. 0.5s connect_timeout * 10 retries = 5s max response time"
 
   ha_proxy.connect_timeout:
     description: "Timeout (in floating point seconds) used on connections from haproxy to a backend, while waiting for the TCP handshake to complete + connection to establish"