haproxy

external Services with openshift v3 and haproxy

Posted on Updated on

Introduction

Openshift V3 offers a simple solution to call external services.

Integrating External Services

This solution lacks some possibilities like use DNS names or use more then one destination.

The here described solution offers you the flexibility of haproxy with logs for this service.

Here the picture for the solution.

OpenShift_External_Services_haproxy

Pre-Requirements

  • openshift v3
  • own git repository
  • haproxy 1.6
  • socklog / syslog
  • destination address(s)
  • patience 😉

openshift v3 and git repo

I expect that you have access to a openshift (oc …/ webconsole) and a read / write access to a git

Haproxy

You can use the official image on docker hub of haproxy I suggest to use the alpine one.
I have used this repo for a proxy to Google.

socklog / syslog

Due to the fact that there is no official docker hub entry for socklog you can use my repo

destination address(s) or dns name

Well to which service do you want to connect is your decision 😉

patience

Now you should take a look into the excellence documentation of haproxy.

Start of Implementation

Create a new Project

oc new-project externel-service001

or when you admin and want to be able to run this pods on dedicated nodes you can use

oadm new-project externel-service001 --node-selector='your-dmz=external-router'

Create socklog/syslog

oc new-app https://gitlab.com/aleks001/rhel7-socklog \
    -e TZ=Europe/Vienna --dry-run -o yaml > 01_build_socklog.yaml
oc create -f 01_build_socklog.yaml

Q: Why do I use a file for  the creation not directly?

A: For reproduction and debugging. It’s easier do make a

oc delete -f 01_build_socklog.yaml

then to search for all components ;-).

Now we have a rhel7-socklog service with  exposed port 8514/udp

oc get svc
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
rhel7-socklog 172.30.189.182 <none> 8514/UDP 3m

and a listening daemon which writes the requests out to stdout

oc logs -f <THE_SOCKLOG_POD>
listening on 0.0.0.0:8514, starting.

haproxy

Don’t use the user/uid and group/gid on openshift!

Dont’t use daemon option in openshift!

Create haproxy

Commit it to your repo and create the app

oc new-app https://gitlab.com/aleks001/haproxy \
    -e TZ=Europe/Vienna --dry-run -o yaml > metadata/01_build_haproxy.yaml
oc create -f metadata/01_build_haproxy.yaml

After some times you will see the pods up and running and in the log of socklog pod you will see the log-entries of haproxy.

[al@localhost openshift-external-services]$ oc logs -f <THE_SOCKLOG_POD>
listening on 0.0.0.0:8514, starting.
10.1.3.1: local0.notice: Apr 27 18:29:18 haproxy[1]: Proxy entry-point started.
10.1.3.1: local0.notice: Apr 27 18:29:18 haproxy[1]: Proxy google started.

You can use configmaps to change the config of haproxy. The mount path is

/usr/local/etc/haproxy

and a sample template can be found here

Add route

To be able to use this service now add a route.

oc expose svc haproxy

When everything works as expect you should see something like this.

10.1.5.1: local0.notice: Apr 27 19:56:25 haproxy[1]: Proxy entry-point started.
10.1.5.1: local0.notice: Apr 27 19:56:25 haproxy[1]: Proxy be_google started.
10.1.5.1: local0.info: Apr 27 19:56:55 haproxy[1]: 10.1.2.1:41173 [27/Apr/2016:19:56:55.189] entry-point be_google/srv_google/216.58.212.132 0/0/111/18/129 404 1686 - - ---- 1/1/0/1/0 0/0 "GET / HTTP/1.1"
10.1.5.1: local0.info: Apr 27 19:57:21 haproxy[1]: 10.1.2.1:41427 [27/Apr/2016:19:57:21.555] entry-point be_google/srv_google/216.58.212.132 0/0/42/18/60 404 1686 - - ---- 1/1/0/1/0 0/0 "GET / HTTP/1.1"

You can hire me to create that for you.

Advertisements

haproxy on Opensolaris 2008.05

Posted on Updated on

When you want to build haproxy on Opensolaris 2008.05 you need the gcc and the gmake due to fact that the Sun CC does not support fully the C99 standard and the Makefile use GNU Make features.

I have tried to build haproxy with -xc99 but it was unable due the following code in src/client.c

/* Note: must not be declared <const> as its list will be overwritten */
static struct acl_kw_list acl_kws = {{ },{
{ “src_port”, acl_parse_int, acl_fetch_sport, acl_match_int },
{ “src”, acl_parse_ip, acl_fetch_src, acl_match_ip },
{ “dst”, acl_parse_ip, acl_fetch_dst, acl_match_ip },
{ “dst_port”, acl_parse_int, acl_fetch_dport, acl_match_int },
#if 0
{ “src_limit”, acl_parse_int, acl_fetch_sconn, acl_match_int },
#endif
{ “dst_conn”, acl_parse_int, acl_fetch_dconn, acl_match_int },
{ NULL, NULL, NULL, NULL },
}};

and some other code. I think SUN should make his cc compliant so that we are able to build haproxy with there compiler 😉 . When you install the gcc and add the follwoing statement into the Makefile

-I$(PCREDIR)/include/pcre

in both *_PCRE sections then you are able to compile haproxy with the follwoing options

gmake -f Makefile TARGET=solaris USE_STATIC_PCRE=1 CPU=i686

for the final build you must rearrange the link line, this line works for me

gcc -g -o haproxy src/haproxy.o src/sessionhash.o src/base64.o src/protocols.o src/uri_auth.o src/standard.o src/buffers.o src/log.o src/task.o src/time.o src/fd.o src/regex.o src/cfgparse.o src/server.o src/checks.o src/queue.o src/client.o src/proxy.o src/proto_uxst.o src/proto_http.o src/stream_sock.o src/appsession.o src/backend.o src/senddata.o src/dumpstats.o src/proto_tcp.o src/session.o src/hdr_idx.o src/ev_select.o src/acl.o src/memory.o src/ebtree.o src/eb32tree.o src/ev_poll.o -L/usr/lib -Wl,-Bstatic -Wl,-Bdynamic -lnsl -lsocket -lpcreposix -lpcre

The point was, which looks to me, that the libs must be added as last options.