public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/haproxy: support hot-reload without dropping packets

Browse Source
This commit is contained in:
Peter Hoeg 2019-11-08 13:47:13 +08:00 committed by Jon
parent 4a589e5ea7
commit 954e234b98
3 changed files with 24 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
nixos/modules/misc/ids.nix
View File

@ -128,7 +128,7 @@
tcpcryptd = 93; # tcpcryptd uses a hard-coded uid. We patch it in Nixpkgs to match this choice. tcpcryptd = 93; # tcpcryptd uses a hard-coded uid. We patch it in Nixpkgs to match this choice.
firebird = 95; firebird = 95;
#keys = 96; # unused #keys = 96; # unused
haproxy = 97; #haproxy = 97; # DynamicUser as of 2019-11-08
mongodb = 98; mongodb = 98;
openldap = 99; openldap = 99;
#users = 100; # unused #users = 100; # unused
@ -443,7 +443,7 @@
#tcpcryptd = 93; # unused #tcpcryptd = 93; # unused
firebird = 95; firebird = 95;
keys = 96; keys = 96;
haproxy = 97; #haproxy = 97; # DynamicUser as of 2019-11-08
#mongodb = 98; # unused #mongodb = 98; # unused
openldap = 99; openldap = 99;
munin = 102; munin = 102;

36
nixos/modules/services/networking/haproxy.nix
View File

@ -1,7 +1,16 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
cfg = config.services.haproxy; cfg = config.services.haproxy;
haproxyCfg = pkgs.writeText "haproxy.conf" cfg.config;
haproxyCfg = pkgs.writeText "haproxy.conf" ''
global
# needed for hot-reload to work without dropping packets in multi-worker mode
stats socket /run/haproxy/haproxy.sock mode 600 expose-fd listeners level user
${cfg.config}
'';
in in
with lib; with lib;
{ {
@ -25,9 +34,7 @@ with lib;
<filename>haproxy.conf</filename>. <filename>haproxy.conf</filename>.
''; '';
}; };
}; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -42,21 +49,16 @@ with lib;
after = [ "network.target" ]; after = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = {
Type = "forking"; DynamicUser = true;
PIDFile = "/run/haproxy.pid"; Type = "notify";
ExecStartPre = "${pkgs.haproxy}/sbin/haproxy -c -q -f ${haproxyCfg}"; # when running the config test, don't be quiet so we can see what goes wrong
ExecStart = "${pkgs.haproxy}/sbin/haproxy -D -f ${haproxyCfg} -p /run/haproxy.pid"; ExecStartPre = "${pkgs.haproxy}/sbin/haproxy -c -f ${haproxyCfg}";
ExecReload = "-${pkgs.bash}/bin/bash -c \"exec ${pkgs.haproxy}/sbin/haproxy -D -f ${haproxyCfg} -p /run/haproxy.pid -sf $MAINPID\""; ExecStart = "${pkgs.haproxy}/sbin/haproxy -Ws -f ${haproxyCfg}";
Restart = "on-failure";
RuntimeDirectory = "haproxy";
# needed in case we bind to port < 1024
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
}; };
}; };
environment.systemPackages = [ pkgs.haproxy ];
users.users.haproxy = {
group = "haproxy";
uid = config.ids.uids.haproxy;
};
users.groups.haproxy.gid = config.ids.uids.haproxy;
}; };
} }

4
nixos/tests/haproxy.nix
View File

@ -16,6 +16,8 @@ import ./make-test.nix ({ pkgs, ...}: {
frontend http frontend http
bind *:80 bind *:80
mode http mode http
option http-use-htx
http-request use-service prometheus-exporter if { path /metrics }
use_backend http_server use_backend http_server
''; '';
}; };
@ -36,6 +38,6 @@ import ./make-test.nix ({ pkgs, ...}: {
$machine->waitForUnit('haproxy.service'); $machine->waitForUnit('haproxy.service');
$machine->waitForUnit('httpd.service'); $machine->waitForUnit('httpd.service');
$machine->succeed('curl -k http://localhost:80/index.txt | grep "We are all good!"'); $machine->succeed('curl -k http://localhost:80/index.txt | grep "We are all good!"');
$machine->succeed('curl -k http://localhost:80/metrics | grep haproxy_process_pool_allocated_bytes');
''; '';
}) })