Workaround peer name starting with hyphen
The base64_sha_string method is used to set a base64-encoded peer name in HAProxy. There are cases where the peer name can start with an hypen which is troublesome when used in HAProxy CLI. Specifically, HAProxy fails to reload when local peer name starts with '-x' [1]. When this is the case, an amphora goes to provisioning status ERROR and later is scheduled for failover by the Octavia Health Manager service. A new amphora UUUID is assigned and base64 encoded, hopefully not starting with '-x' again. However, this is far from being ideal -- we incur in a dataplane disruption (single topology) or reduce HA capabilities (active-standby topology) for some time. Four possible options: a) add prefix to peer name b) change b64encode altchars c) quote peer name in haproxy CLI command d) substitute first character if hyphen Option a) and b) are not backward compatible with running amphorae. Peer names of existing amphorae that do not start with hypen but contain hyphen at any other position would get different peer names. Option c) would nonetheless still require an amphora image update to add quotes in the HAProxy init service file. Continuing to generate peer names with hyphens at begininng of the string is avoidable and recommended. Option d), while also requiring an amphora image update, it would get rid of hyphens in begining of the peer names. It is also backward compatible with all running amphorae, except for those starting with hyphen but are broken anyways. This patch takes option d). It substitutes hyphen with 'x' character. [1] https://github.com/haproxy/haproxy/issues/644 Task: 39850 Story: 2007714 Change-Id: Ib0fc26877710dea423a5ebcf1f71077665404377
This commit is contained in:
parent
8ef7d60c91
commit
acc38391de
@ -45,7 +45,9 @@ def base64_sha1_string(string_to_hash):
|
|||||||
# break backwards compatibility with existing loadbalancers.
|
# break backwards compatibility with existing loadbalancers.
|
||||||
hash_str = hashlib.sha1(string_to_hash.encode('utf-8')).digest() # nosec
|
hash_str = hashlib.sha1(string_to_hash.encode('utf-8')).digest() # nosec
|
||||||
b64_str = base64.b64encode(hash_str, str.encode('_-', 'ascii'))
|
b64_str = base64.b64encode(hash_str, str.encode('_-', 'ascii'))
|
||||||
return b64_str.decode('UTF-8')
|
b64_sha1 = b64_str.decode('UTF-8')
|
||||||
|
# https://github.com/haproxy/haproxy/issues/644
|
||||||
|
return re.sub(r"^-", "x", b64_sha1)
|
||||||
|
|
||||||
|
|
||||||
def get_network_driver():
|
def get_network_driver():
|
||||||
|
@ -89,3 +89,18 @@ class TestConfig(base.TestCase):
|
|||||||
exp_codes = '201-200, 205'
|
exp_codes = '201-200, 205'
|
||||||
self.assertEqual(utils.expand_expected_codes(exp_codes),
|
self.assertEqual(utils.expand_expected_codes(exp_codes),
|
||||||
{'205'})
|
{'205'})
|
||||||
|
|
||||||
|
def test_base64_sha1_string(self):
|
||||||
|
str_to_sha1 = [
|
||||||
|
# no special cases str (no altchars)
|
||||||
|
('77e7d60d-e137-4246-8a84-a25db33571cd',
|
||||||
|
'iVZVQ5AKmk2Ae0uGLP0Ue4OseRM='),
|
||||||
|
# backward compat amphorae with - in str[1:]
|
||||||
|
('9c6e5f27-a0da-4ceb-afe5-5a81230be42e',
|
||||||
|
'NjrNgt3Egl-H5ScbYM5ChtUH3M8='),
|
||||||
|
# sha1 would start with -, now replaced with x
|
||||||
|
('4db4a3cf-9fef-4057-b1fd-b2afbf7a8a0f',
|
||||||
|
'xxqntK8jJ_gE3QEmh-D1-XgCW_E=')
|
||||||
|
]
|
||||||
|
for str, sha1 in str_to_sha1:
|
||||||
|
self.assertEqual(sha1, utils.base64_sha1_string(str))
|
||||||
|
@ -0,0 +1,10 @@
|
|||||||
|
---
|
||||||
|
upgrade:
|
||||||
|
- |
|
||||||
|
An amphora image update is recommended to pick up a workaround to an
|
||||||
|
HAProxy issue where it would fail to reload on configuration change should
|
||||||
|
the local peer name start with "-x".
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
Workaround an HAProxy issue where it would fail to reload on configuration
|
||||||
|
change should the local peer name start with "-x".
|
Loading…
Reference in New Issue
Block a user