From 00240df580c59b9a54dafafcbf5524d266f1616e Mon Sep 17 00:00:00 2001 From: PiBa-NL Date: Wed, 6 Mar 2013 00:08:28 +0100 Subject: haproxy-devel, -allow shared frontend with SSL offloading -error checking+reporting to user while applying configuration. --- config/haproxy-devel/haproxy.inc | 40 ++++++++++++++++------- config/haproxy-devel/haproxy_global.php | 10 ++++-- config/haproxy-devel/haproxy_listeners.php | 10 ++++-- config/haproxy-devel/haproxy_listeners_edit.php | 42 +++++++++++++++++-------- config/haproxy-devel/haproxy_pool_edit.php | 13 ++++---- config/haproxy-devel/haproxy_pools.php | 10 ++++-- 6 files changed, 89 insertions(+), 36 deletions(-) (limited to 'config/haproxy-devel') diff --git a/config/haproxy-devel/haproxy.inc b/config/haproxy-devel/haproxy.inc index 559788c7..fce05008 100644 --- a/config/haproxy-devel/haproxy.inc +++ b/config/haproxy-devel/haproxy.inc @@ -343,14 +343,17 @@ function write_backend($fd, $name, $pool, $frontend) { if($pool['balance']) fwrite ($fd, "\tbalance\t\t\t" . $pool['balance'] . "\n"); - if($pool['connection_timeout']) - fwrite ($fd, "\tcontimeout\t\t" . $pool['connection_timeout'] . "\n"); + if(!$pool['connection_timeout']) + $pool['connection_timeout'] = 30000; + fwrite ($fd, "\tcontimeout\t\t" . $pool['connection_timeout'] . "\n"); - if($pool['server_timeout']) - fwrite ($fd, "\tsrvtimeout\t\t" . $pool['server_timeout'] . "\n"); + if(!$pool['server_timeout']) + $pool['server_timeout'] = 30000; + fwrite ($fd, "\tsrvtimeout\t\t" . $pool['server_timeout'] . "\n"); - if($pool['retries']) - fwrite ($fd, "\tretries\t\t\t" . $pool['retries'] . "\n"); + if(!$pool['retries']) + $pool['retries'] = 3; + fwrite ($fd, "\tretries\t\t\t" . $pool['retries'] . "\n"); if($pool['stats_enabled']=='yes') { fwrite ($fd, "\tstats\t\t\tenable\n"); @@ -424,6 +427,14 @@ function haproxy_configure() { return haproxy_check_run(1); } +function haproxy_check_writtenconfig_error() { + $configcheckoutput = shell_exec("haproxy -c -V -f /var/etc/haproxy.cfg 2>&1"); + if (!strstr($configcheckoutput, "Configuration file is valid")) + return $configcheckoutput; + else + return false; +} + function haproxy_writeconf() { global $config, $g; @@ -471,13 +482,13 @@ function haproxy_writeconf() { //check ssl info if ($backend['ssloffload']){ //ssl crt ./server.pem ca-file ./ca.crt verify optional crt-ignore-err all crl-file ./ca_crl.pem - $ssl_info="ssl crt /var/etc/{$backend['name']}.{$backend['port']}.crt {$backend['dcertadv']}"; + $ssl_crt=" crt /var/etc/{$backend['name']}.{$backend['port']}.crt"; $cert = lookup_cert($backend['ssloffloadcert']); $certcontent = base64_decode($cert['crt']).base64_decode($cert['prv']); file_put_contents("/var/etc/{$backend['name']}.{$backend['port']}.crt", $certcontent); unset($certcontent); }else{ - $ssl_info=""; + $ssl_crt=""; unlink_if_exists("var/etc/{$backend['name']}.{$backend['port']}.crt"); } @@ -499,7 +510,12 @@ function haproxy_writeconf() { $b['max_connections'] = $backend['max_connections']; $b['client_timeout'] = $backend['client_timeout']; $b['advanced'] = $backend['advanced']; - $b['ssl_info'] = $ssl_info; + + if ($ssl_crt != "") { + if ($b['ssl_info'] == "") + $b['ssl_info'] = "ssl {$backend['dcertadv']}"; + $b['ssl_info'] .= $ssl_crt; + } // pointer to each backend $b['config'][] = $backend; @@ -566,8 +582,10 @@ function haproxy_writeconf() { if($bind['max_connections']) fwrite ($fd, "\tmaxconn\t\t\t" . $bind['max_connections'] . "\n"); - if($bind['client_timeout']) - fwrite ($fd, "\tclitimeout\t\t" . $bind['client_timeout'] . "\n"); + if(!$bind['client_timeout']) + $bind['client_timeout'] = 30000; + + fwrite ($fd, "\tclitimeout\t\t" . $bind['client_timeout'] . "\n"); // Combine the rest of the listener configs diff --git a/config/haproxy-devel/haproxy_global.php b/config/haproxy-devel/haproxy_global.php index 340c578b..61c654cf 100755 --- a/config/haproxy-devel/haproxy_global.php +++ b/config/haproxy-devel/haproxy_global.php @@ -48,8 +48,14 @@ if ($_POST) { config_lock(); $retval = haproxy_configure(); config_unlock(); - $savemsg = get_std_save_message($retval); - unlink_if_exists($d_haproxyconfdirty_path); + + $result = haproxy_check_writtenconfig_error(); + if ($result) + $savemsg = gettext($result); + else { + $savemsg = get_std_save_message($retval); + unlink_if_exists($d_haproxyconfdirty_path); + } } else { if ($_POST['enable']) { $reqdfields = explode(" ", "maxconn"); diff --git a/config/haproxy-devel/haproxy_listeners.php b/config/haproxy-devel/haproxy_listeners.php index c5c41714..88cdb62f 100644 --- a/config/haproxy-devel/haproxy_listeners.php +++ b/config/haproxy-devel/haproxy_listeners.php @@ -48,8 +48,14 @@ if ($_POST) { config_lock(); $retval = haproxy_configure(); config_unlock(); - $savemsg = get_std_save_message($retval); - unlink_if_exists($d_haproxyconfdirty_path); + + $result = haproxy_check_writtenconfig_error(); + if ($result) + $savemsg = gettext($result); + else { + $savemsg = get_std_save_message($retval); + unlink_if_exists($d_haproxyconfdirty_path); + } } } diff --git a/config/haproxy-devel/haproxy_listeners_edit.php b/config/haproxy-devel/haproxy_listeners_edit.php index 75004afe..32cf0020 100644 --- a/config/haproxy-devel/haproxy_listeners_edit.php +++ b/config/haproxy-devel/haproxy_listeners_edit.php @@ -139,6 +139,7 @@ if (isset($id) && $a_backend[$id]) { $pconfig['name'] = $a_backend[$id]['name']; $pconfig['desc'] = $a_backend[$id]['desc']; $pconfig['status'] = $a_backend[$id]['status']; + $pconfig['secondary'] = $a_backend[$id]['secondary']; $pconfig['type'] = $a_backend[$id]['type']; @@ -185,7 +186,7 @@ if ($_POST) { if ($port && !is_numeric($port)) $input_errors[] = "The field 'Port' value is not a number."; - if (!is_numeric($_POST['client_timeout'])) + if ($_POST['client_timeout'] !== "" && !is_numeric($_POST['client_timeout'])) $input_errors[] = "The field 'Client timeout' value is not a number."; /* Ensure that our pool names are unique */ @@ -240,6 +241,7 @@ if ($_POST) { update_if_changed("name", $backend['name'], $_POST['name']); update_if_changed("description", $backend['desc'], $_POST['desc']); update_if_changed("status", $backend['status'], $_POST['status']); + update_if_changed("secondary", $backend['secondary'], $_POST['secondary']); update_if_changed("type", $backend['type'], $_POST['type']); update_if_changed("cookie_name", $backend['cookie_name'], $_POST['cookie_name']); update_if_changed("forwardfor", $backend['forwardfor'], $_POST['forwardfor']); @@ -281,10 +283,11 @@ include("head.inc"); ?> - + @@ -451,6 +454,7 @@ include("head.inc"); { setCSSdisplay(".haproxy_ssloffloading_enabled", ssloffload.checked); setCSSdisplay(".haproxy_mode_http", type.value == "http"); + setCSSdisplay(".haproxy_primary", !secondary.checked); } function type_change() { @@ -504,6 +508,14 @@ include("head.inc"); size="64"> + + Shared Frontend + + onclick="updatevisibility();">secondary backend
+ Use this setting to configure multiple backends/accesslists for a single frontend.
+ All settings of which only 1 can exist will be hidden. And + + Status @@ -546,6 +558,12 @@ include("head.inc");
The port to listen to. To specify multiple ports, separate with a comma (,). EXAMPLE: 80,443
+ + Max connections + + size="10" maxlength="10"> + + Backend server pool @@ -573,7 +591,7 @@ include("head.inc"); - + Access Control lists @@ -632,21 +650,15 @@ include("head.inc");
 
- +
- - - - - + @@ -677,8 +689,10 @@ include("head.inc"); NOTE: paste text into this box that you would like to pass thru. + + +
Advanced settings
Max connections - size="10" maxlength="10"> -
Client timeoutClient timeout size="10" maxlength="10"> -
the time (in milliseconds) we accept to wait for data from the client, or for the client to accept data (30000).
+
the time (in milliseconds) we accept to wait for data from the client, or for the client to accept data (default 30000).
 
-
 
; loaded = ; + + updatevisibility(); diff --git a/config/haproxy-devel/haproxy_pool_edit.php b/config/haproxy-devel/haproxy_pool_edit.php index fa46efb2..09474f02 100644 --- a/config/haproxy-devel/haproxy_pool_edit.php +++ b/config/haproxy-devel/haproxy_pool_edit.php @@ -88,13 +88,13 @@ if ($_POST) { if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['name'])) $input_errors[] = "The field 'Name' contains invalid characters."; - if (!is_numeric($_POST['connection_timeout'])) + if ($_POST['connection_timeout'] !== "" && !is_numeric($_POST['connection_timeout'])) $input_errors[] = "The field 'Connection timeout' value is not a number."; - if (!is_numeric($_POST['server_timeout'])) + if ($_POST['server_timeout'] !== "" && !is_numeric($_POST['server_timeout'])) $input_errors[] = "The field 'Server timeout' value is not a number."; - if (!$_POST['retries'] && is_numeric($_POST['retries'])) + if ($_POST['retries'] !== "" && !is_numeric($_POST['retries'])) $input_errors[] = "The field 'Retries' value is not a number."; if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['stats_username'])) @@ -215,7 +215,7 @@ row_helper(); - + @@ -476,14 +476,14 @@ row_helper(); Connection timeout size="64"> -
the time (in milliseconds) we give up if the connection does not complete within (30000).
+
the time (in milliseconds) we give up if the connection does not complete within (default 30000).
Server timeout size="64"> -
the time (in milliseconds) we accept to wait for data from the server, or for the server to accept data (30000).
+
the time (in milliseconds) we accept to wait for data from the server, or for the server to accept data (default 30000).
@@ -586,6 +586,7 @@ set by the 'retries' parameter. rows = 1; totalrows = ; loaded = ; + updatevisibility(); diff --git a/config/haproxy-devel/haproxy_pools.php b/config/haproxy-devel/haproxy_pools.php index bad4bf09..07e7d106 100644 --- a/config/haproxy-devel/haproxy_pools.php +++ b/config/haproxy-devel/haproxy_pools.php @@ -52,8 +52,14 @@ if ($_POST) { config_lock(); $retval = haproxy_configure(); config_unlock(); - $savemsg = get_std_save_message($retval); - unlink_if_exists($d_haproxyconfdirty_path); + + $result = haproxy_check_writtenconfig_error(); + if ($result) + $savemsg = gettext($result); + else { + $savemsg = get_std_save_message($retval); + unlink_if_exists($d_haproxyconfdirty_path); + } } } -- cgit v1.2.3