Merge pull request #72 from docker/staging

v1.5

Author: Feng Honglin

Dockerfile

@@ -25,5 +25,5 @@ ENV RSYSLOG_DESTINATION=127.0.0.1 \
     HEALTH_CHECK="check inter 2000 rise 2 fall 3"
 
 EXPOSE 80 443 1936
-ENTRYPOINT ["tini", "--"]
+ENTRYPOINT ["/sbin/tini", "--"]
 CMD ["dockercloud-haproxy"]

README.md

@@ -170,7 +170,7 @@ Settings in this part is immutable, you have to redeploy HAProxy service to make
 
 |Environment Variable|Default|Description|
 |:-----:|:-----:|:----------|
-|ADDITIONAL_SERVICES| |list of additional services to balance (es: `prj1:web,prj2:sql`). Discovery will be based on `com.docker.compose.[project|service]` container labels. This environment variable only works on compose v2, and the referenced services must be on a network accessible to this containers.|
+|ADDITIONAL_SERVICES| |list of additional services to balance (es: `prj1:web,prj2:sql`). Discovery will be based on `com.docker.compose.[project|service]` container labels. This environment variable only works on compose v2, and the referenced services must be on a network resolvable and accessible to this containers.|
 |BALANCE|roundrobin|load balancing algorithm to use. Possible values include: `roundrobin`, `static-rr`, `source`, `leastconn`. See:[HAProxy:balance](https://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4-balance)|
 |CA_CERT_FILE| |the path of a ca-cert file. This allows you to mount your ca-cert file directly from a volume instead of from envvar. If set, `CA_CERT` envvar will be ignored. Possible value: `/cacerts/cert0.pem`|
 |CA_CERT| |CA cert for haproxy to verify the client. Use the same format as `DEFAULT_SSL_CERT`|
@@ -180,6 +180,7 @@ Settings in this part is immutable, you have to redeploy HAProxy service to make
 |EXTRA_DEFAULT_SETTINGS| |comma-separated string of extra settings, and each part will be appended to DEFAULT section in the configuration file. To escape comma, use `\,`|
 |EXTRA_FRONTEND_SETTINGS_\<PORT\>| |comma-separated string of extra settings, and each part will be appended frontend section with the port number specified in the name of the envvar. To escape comma, use `\,`. E.g. `EXTRA_FRONTEND_SETTINGS_80=balance source, maxconn 2000`|
 |EXTRA_GLOBAL_SETTINGS| |comma-separated string of extra settings, and each part will be appended to GLOBAL section in the configuration file. To escape comma, use `\,`. Possible value: `tune.ssl.cachesize 20000, tune.ssl.default-dh-param 2048`|
+|EXTRA_ROUTE_SETTINGS| |a string which is append to the each backend route after the health check, can be over written in the linked services. Possible value: "send-proxy"|
 |EXTRA_SSL_CERTS| |list of extra certificate names separated by comma, eg. `CERT1, CERT2, CERT3`. You also need to specify each certificate as separate env variables like so: `CERT1="<cert-body1>"`, `CERT2="<cert-body2>"`, `CERT3="<cert-body3>"`|
 |HEALTH_CHECK|check|set health check on each backend route, possible value: "check inter 2000 rise 2 fall 3". See:[HAProxy:check](https://cbonte.github.io/haproxy-dconv/configuration-1.5.html#5.2-check)|
 |HTTP_BASIC_AUTH| |a comma-separated list of credentials(`<user>:<pass>`) for HTTP basic auth, which applies to all the backend routes. To escape comma, use `\,`. *Attention:* DO NOT rely on this for authentication in production|
@@ -207,6 +208,7 @@ Settings here can overwrite the settings in HAProxy, which are only applied to t
 |COOKIE|sticky session option. Possible value `SRV insert indirect nocache`. See:[HAProxy:cookie](http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4-cookie)|
 |DEFAULT_SSL_CERT|similar to SSL_CERT, but stores the pem file at `/certs/cert0.pem` as the default ssl certs. If multiple `DEFAULT_SSL_CERT` are specified in linked services and HAProxy, the behavior is undefined|
 |EXCLUDE_PORTS|comma separated port numbers(e.g. 3306, 3307). By default, HAProxy will add all the ports exposed by the application services to the backend routes. You can exclude the ports that you don't want to be routed, like database port|
+|EXTRA_ROUTE_SETTINGS| |a string which is append to the each backend route after the health check,possible value: "send-proxy"|
 |EXTRA_SETTINGS|comma-separated string of extra settings, and each part will be appended to either related backend section or listen session in the configuration file. To escape comma, use `\,`. Possible value: `balance source`|
 |FORCE_SSL|if set(any value) together with ssl termination enabled. HAProxy will redirect HTTP request to HTTPS request.
 |GZIP_COMPRESSION_TYPE|enable gzip compression. The value of this envvar is a list of MIME types that will be compressed, possible value: `text/html text/plain text/css`|

haproxy/config.py

@@ -43,6 +43,7 @@ def parse_extra_frontend_settings(envvars):
 EXTRA_FRONTEND_SETTINGS = parse_extra_frontend_settings(os.environ)
 EXTRA_GLOBAL_SETTINGS = os.getenv("EXTRA_GLOBAL_SETTINGS")
 EXTRA_SSL_CERT = os.getenv("EXTRA_SSL_CERTS")
+EXTRA_ROUTE_SETTINGS=os.getenv("EXTRA_ROUTE_SETTINGS", "")
 HAPROXY_CONTAINER_URI = os.getenv("DOCKERCLOUD_CONTAINER_API_URI")
 HAPROXY_SERVICE_URI = os.getenv("DOCKERCLOUD_SERVICE_API_URI")
 HEALTH_CHECK = os.getenv("HEALTH_CHECK", "check inter 2000 rise 2 fall 3")

haproxy/eventhandler.py

@@ -1,6 +1,7 @@
 import json
 import logging
 import time
+import os
 
 import dockercloud
 from compose.cli.docker_client import docker_client
@@ -26,7 +27,7 @@ def on_cloud_event(message):
     # When service scale up/down or container start/stop/terminate/redeploy, reload the service
     if event.get("state", "") not in ["In progress", "Pending", "Terminating", "Starting", "Scaling", "Stopping"] and \
                     event.get("type", "").lower() in ["container", "service"] and \
-                    len(set(Haproxy.cls_linked_services).intersection(set(event.get("parents", [])))) > 0:
+                    len(Haproxy.cls_linked_services.intersection(set(event.get("parents", [])))) > 0:
         msg = "Docker Cloud Event: %s %s is %s" % (
             event["type"], get_uuid_from_resource_uri(event.get("resource_uri", "")), event["state"].lower())
         run_haproxy(msg)
@@ -74,7 +75,12 @@ def listen_dockercloud_events():
 
 def listen_docker_events():
     try:
-        docker = docker_client()
+
+        try:
+            docker = docker_client()
+        except:
+            docker = docker_client(os.environ)
+
         docker.ping()
         for event in docker.events(decode=True):
             logger.debug(event)

haproxy/haproxycfg.py

@@ -26,7 +26,7 @@ def run_haproxy(msg=None):
 
 
 class Haproxy(object):
-    cls_linked_services = []
+    cls_linked_services = set()
     cls_cfg = None
     cls_process = None
     cls_certs = []
@@ -43,6 +43,7 @@ def __init__(self, link_mode="", msg=""):
         self.routes_added = []
         self.require_default_route = False
         self.specs = None
+        self.tcp_ports = set()
 
         self.specs = self._initialize(self.link_mode)
 
@@ -76,23 +77,24 @@ def _init_cloud_links():
     @staticmethod
     def _init_new_links():
         try:
-            docker = docker_client()
+            try:
+                docker = docker_client()
+            except:
+                docker = docker_client(os.environ)
+
             docker.ping()
             container_id = os.environ.get("HOSTNAME", "")
             haproxy_container = docker.inspect_container(container_id)
         except Exception as e:
-            logger.info("Docker API error, regressing to legacy links mode: ", e)
+            logger.info("Docker API error, regressing to legacy links mode: %s" % e)
             return None
         links, Haproxy.cls_linked_services = NewLinkHelper.get_new_links(docker, haproxy_container)
 
-        try:
-            if ADDITIONAL_SERVICES:
-                additional_services = ADDITIONAL_SERVICES.split(",")
-                NewLinkHelper.get_additional_links(docker, additional_services, haproxy_container,
-                                                   links, Haproxy.cls_linked_services)
-        except Exception as e:
-            logger.info("Error loading ADDITIONAL_SERVICES: %s" % str(e))
-            return None
+        if ADDITIONAL_SERVICES:
+            additional_links, additional_services= NewLinkHelper.get_additional_links(docker, ADDITIONAL_SERVICES)
+            if additional_links and additional_services:
+                links.update(additional_links)
+                Haproxy.cls_linked_services.update(additional_services)
 
         logger.info("Linked service: %s", ", ".join(NewLinkHelper.get_service_links_str(links)))
         logger.info("Linked container: %s", ", ".join(NewLinkHelper.get_container_links_str(links)))
@@ -258,11 +260,12 @@ def _config_tcp_sections(self):
         tcp_ports = TcpHelper.get_tcp_port_list(details, services_aliases)
 
         for tcp_port in set(tcp_ports):
-            tcp_section, port_num = self.get_tcp_section(details, services_aliases, tcp_port)
+            tcp_section, port_num = self._get_tcp_section(details, services_aliases, tcp_port)
+            self.tcp_ports.add(port_num)
             cfg["listen port_%s" % port_num] = tcp_section
         return cfg
 
-    def get_tcp_section(self, details, services_aliases, tcp_port):
+    def _get_tcp_section(self, details, services_aliases, tcp_port):
         tcp_section = []
         enable_ssl, port_num = TcpHelper.parse_port_string(tcp_port, self.ssl_bind_string)
         bind_string = get_bind_string(enable_ssl, port_num, self.ssl_bind_string, EXTRA_BIND_SETTINGS)
@@ -287,6 +290,11 @@ def _config_frontend_sections(self):
         monitor_uri_configured = False
         if vhosts:
             cfg, monitor_uri_configured = FrontendHelper.config_frontend_with_virtual_host(vhosts, ssl_bind_string)
+            for port in self.tcp_ports:
+                port_str = "frontend port_%s" % port
+                if port_str in cfg:
+                    del cfg[port_str]
+
         else:
             self.require_default_route = FrontendHelper.check_require_default_route(self.specs.get_routes(),
                                                                                     self.routes_added)

haproxy/helper/backend_helper.py

@@ -1,6 +1,6 @@
 import re
 
-from haproxy.config import HEALTH_CHECK, HTTP_BASIC_AUTH
+from haproxy.config import HEALTH_CHECK, HTTP_BASIC_AUTH, EXTRA_ROUTE_SETTINGS
 from haproxy.utils import get_service_attribute
 
 
@@ -14,28 +14,34 @@ def get_backend_section(details, routes, vhosts, service_alias, routes_added):
     backend.extend(backend_settings)
 
     route_health_check = get_route_health_check(details, service_alias, HEALTH_CHECK)
-    backend_routes = get_backend_routes(route_health_check, is_sticky, routes, routes_added, service_alias)
+    extra_route_settings = get_extra_route_settings(details, service_alias, EXTRA_ROUTE_SETTINGS)
+    route_setting = " ".join([route_health_check, extra_route_settings]).strip()
+    backend_routes = get_backend_routes(route_setting, is_sticky, routes, routes_added, service_alias)
     backend.extend(backend_routes)
     return backend
 
 
-def get_backend_routes(route_health_check, is_sticky, routes, routes_added, service_alias):
+def get_backend_routes(route_setting, is_sticky, routes, routes_added, service_alias):
     backend_routes = []
     for _service_alias, routes in routes.iteritems():
         if not service_alias or _service_alias == service_alias:
+            addresses_added = []
             for route in routes:
                 # avoid adding those tcp routes adding http backends
                 if route in routes_added:
                     continue
+                address = "%s:%s" % (route["addr"], route["port"])
+                if address not in addresses_added:
+                    addresses_added.append(address)
+                    backend_route = ["server %s %s" % (route["container_name"], address)]
+                    if is_sticky:
+                        backend_route.append("cookie %s" % route["container_name"])
 
-                backend_route = ["server %s %s:%s" % (route["container_name"], route["addr"], route["port"])]
-                if is_sticky:
-                    backend_route.append("cookie %s" % route["container_name"])
+                    if route_setting:
+                        backend_route.append(route_setting)
 
-                if route_health_check:
-                    backend_route.append(route_health_check)
+                    backend_routes.append(" ".join(backend_route))
 
-                backend_routes.append(" ".join(backend_route))
     return sorted(backend_routes)
 
 
@@ -45,6 +51,12 @@ def get_route_health_check(details, service_alias, default_health_check):
     return health_check
 
 
+def get_extra_route_settings(details, service_alias, default_extra_route_settings):
+    extra_route_settings = get_service_attribute(details, "extra_route_settings", service_alias)
+    extra_route_settings = extra_route_settings if extra_route_settings else default_extra_route_settings
+    return extra_route_settings
+
+
 def get_websocket_setting(vhosts, service_alias):
     websocket_setting = []
     for v in vhosts:
@@ -155,4 +167,4 @@ def get_basic_auth_setting(basic_auth):
     if basic_auth:
         setting.append("acl need_auth http_auth(haproxy_userlist)")
         setting.append("http-request auth realm haproxy_basic_auth if !need_auth")
-    return setting
+    return setting

haproxy/helper/frontend_helper.py

@@ -1,6 +1,7 @@
 from collections import OrderedDict
 
-from haproxy.config import EXTRA_BIND_SETTINGS, EXTRA_FRONTEND_SETTINGS, MONITOR_URI, MONITOR_PORT, MAXCONN, SKIP_FORWARDED_PROTO
+from haproxy.config import EXTRA_BIND_SETTINGS, EXTRA_FRONTEND_SETTINGS, MONITOR_URI, MONITOR_PORT, MAXCONN, \
+    SKIP_FORWARDED_PROTO
 
 
 def check_require_default_route(routes, routes_added):

haproxy/helper/new_link_helper.py

@@ -13,36 +13,24 @@ def get_new_links(docker, haproxy_container):
     linked_compose_services = _get_linked_compose_services(networks, project)
 
     links = _calc_links(docker, linked_compose_services, project)
-    return links, ["%s_%s" % (project, service) for service in linked_compose_services]
+    return links, set(["%s_%s" % (project, service) for service in linked_compose_services])
 
 
-def get_additional_links(docker, additional_services, haproxy_container, links, linked_services):
-    networks_data = docker.networks()
-    haproxy_networks_ids = _find_container_networks_ids(haproxy_container, networks_data)
-    for _container in docker.containers():
-        container_id = _container.get("Id", "")
-        container = docker.inspect_container(container_id)
-        compose_project = container.get("Config", {}).get("Labels", {}).get("com.docker.compose.project", "")
-        compose_service = container.get("Config", {}).get("Labels", {}).get("com.docker.compose.service", "")
-        for _service in additional_services:
-            terms = _service.strip().split(":")
+def get_additional_links(docker, additional_services):
+    links = {}
+    services = set()
+    for additional_service in additional_services.split(","):
+            terms = additional_service.strip().split(":")
             if len(terms) == 2:
-                if terms[0].strip() == compose_project and terms[1].strip() == compose_service:
-                    container_networks_ids = _find_container_networks_ids(container, networks_data)
-                    if set(container_networks_ids).intersection(haproxy_networks_ids):
-                        if _service not in linked_services:
-                            linked_services.append(_service)
-                        container_name = container.get("Name").lstrip("/")
-                        container_evvvars = _get_container_envvars(container)
-                        endpoints = _get_container_endpoints(container, container_name)
-                        links[container_id] = {"service_name": _service,
-                                               "container_envvars": container_evvvars,
-                                               "container_name": container_name,
-                                               "endpoints": endpoints,
-                                               "compose_service": compose_service,
-                                               "compose_project": compose_project}
-                    else:
-                        logger.info("Ignoring container '%s': no shared network with haproxy")
+                project = terms[0]
+                service = terms[1]
+                link = _calc_links(docker, [service], project)
+                if link:
+                    links.update(link)
+                    services.add("%s_%s" % (project, service))
+                else:
+                    logger.info("Cannot find the additional service: %s" % additional_service.strip())
+    return links, services
 
 
 def _find_container_networks_ids(container, networks_data):

haproxy/helper/tcp_helper.py

@@ -1,6 +1,6 @@
 import re
 
-from haproxy.config import HEALTH_CHECK
+from haproxy.config import HEALTH_CHECK, EXTRA_ROUTE_SETTINGS
 from haproxy.utils import get_service_attribute
 
 
@@ -27,6 +27,7 @@ def parse_port_string(port, ssl_bind_string):
 def get_tcp_routes(details, routes, port, port_num):
     tcp_routes = []
     routes_added = []
+    addresses_added = []
     if port != port_num and port != port_num + "/ssl":
         return tcp_routes, routes_added
 
@@ -35,11 +36,17 @@ def get_tcp_routes(details, routes, port, port_num):
         if tcp_ports and port in tcp_ports:
             for route in routes:
                 if route["port"] == port_num:
-                    tcp_route = ["server %s %s:%s" % (route["container_name"], route["addr"], route["port"])]
-                    health_check = get_healthcheck_string(details, _service_alias)
-                    tcp_route.append(health_check)
-                    tcp_routes.append(" ".join(tcp_route))
+                    address = "%s:%s" % (route["addr"], route["port"])
+                    if address not in addresses_added:
+                        addresses_added.append(address)
+                        tcp_route = ["server %s %s" % (route["container_name"], address)]
+                        health_check = get_healthcheck_string(details, _service_alias)
+                        extra_route_settings = get_extra_route_settings_string(details, _service_alias)
+                        route_setting = " ".join([health_check, extra_route_settings]).strip()
+                        tcp_route.append(route_setting)
+                        tcp_routes.append(" ".join(tcp_route))
                     routes_added.append(route)
+
     return tcp_routes, routes_added
 
 
@@ -49,6 +56,12 @@ def get_healthcheck_string(details, service_alias):
     return health_check
 
 
+def get_extra_route_settings_string(details, service_alias):
+    extra_route_settings = get_service_attribute(details, "extra_route_settings", service_alias)
+    extra_route_settings = extra_route_settings if extra_route_settings else EXTRA_ROUTE_SETTINGS
+    return extra_route_settings
+
+
 def get_service_aliases_given_tcp_port(details, service_aliases, tcp_port):
     services = []
     for service_alias in service_aliases:

haproxy/main.py

@@ -68,7 +68,10 @@ def check_link_mode(container_uri, service_uri, api_auth):
         link_mode = "new"
         reason = ""
         try:
-            docker = docker_client()
+            try:
+                docker = docker_client()
+            except:
+                docker = docker_client(os.environ)
             docker.ping()
         except Exception as e:
             reason = "unable to connect to docker daemon %s" % e