How to use haproxy 1.7 in openshift router (update)

Posted by

The current openshift router images uses the redhat rpm package of haproxy. This package is maintained by RedHat and uses haproxy 1.5 with some RedHat patches.

You can see what’s in the package on centos git repo

It’s not bad but haproxy have now released the version 1.7.3 and therefore there are several enhancements and bugfixes in 1.6 and 1.7.

Changelog 1.6 Changelog 1.7

To be able to use the haproxy 1.7 you will need to build your own router as in the old days when you want to change something in the haproxy config template file.

OSE 3.0 | Rebuilding Your Router

UPDATE: There is now a image on docker hub as described in How to use haproxy 1.7 in openshift router (part 2)

Now we have the possibility to change the haproxy config template via a configmap, thanks to the developer which have added this feature by default into the openshift router.

OSE 3.2 | Using a ConfigMap to Replace the Router Configuration Template

Due to the fact that the docs.openshift.org have no versioning I refer to the enterprise page.

First of all the processs for the Openshift Origin and Openshift Container Platform (OSCP)  are the same. The difference is the repository and the subscriptions.

Now let’s start.

Create a new project where this new routers are build and run.

oc new-project new-routers

Now create the images

Origin

oc new-app https://gitlab.com/aleks001/openshift-origin-router-hap17.git

OSCP

oc new-app https://gitlab.com/aleks001/openshift-oscp-router-hap17.git

and wait until the build and push to the registry is done.

You can follow the build logs via the following command.

oc logs -f bc/openshift-origin-router-hap17
# or
oc logs -f bc/openshift-oscp-router-hap17

You have now a router image with a new haproxy.

Here is the output of haproxy -vv

HA-Proxy version 1.7.3 2017/02/28
Copyright 2000-2017 Willy Tarreau <willy@haproxy.org>

Build options :
  TARGET  = linux2628
  CPU     = generic
  CC      = gcc
  CFLAGS  = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement
  OPTIONS = USE_LINUX_SPLICE=1 USE_ZLIB=1 USE_OPENSSL=1 USE_LUA=1 \
            USE_PCRE=1 USE_PCRE_JIT=1 USE_TFO=1

Default settings :
  maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.7
Running on zlib version : 1.2.7
Compression algorithms supported : identity("identity"), deflate("deflate"), \
                                   raw-deflate("deflate"), gzip("gzip")
Built with OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013
Running on OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 8.32 2012-11-30
Running on PCRE version : 8.32 2012-11-30
PCRE library supports JIT : yes
Built with Lua version : Lua 5.3.4
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT \
                                            IP_FREEBIND

Available polling systems :
      epoll : pref=300,  test result OK
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.

Available filters :
        [COMP] compression
        [TRACE] trace
        [SPOE] spoe

For the openshift origin please follow now this instructions to Rebuilding Your Router and for OSCP this one Rebuilding Your Router

Why should I use a newer haproxy?

Well first of all it’s a coolness factor 😉

The new version offers some features like TCP Fast Open, elliptic curve certificates, and many more.

You can also hire me for this or any other topics.

One comment

Kommentar verfassen

Trage deine Daten unten ein oder klicke ein Icon um dich einzuloggen:

WordPress.com-Logo

Du kommentierst mit Deinem WordPress.com-Konto. Abmelden / Ändern )

Twitter-Bild

Du kommentierst mit Deinem Twitter-Konto. Abmelden / Ändern )

Facebook-Foto

Du kommentierst mit Deinem Facebook-Konto. Abmelden / Ändern )

Google+ Foto

Du kommentierst mit Deinem Google+-Konto. Abmelden / Ändern )

Verbinde mit %s