| Frédéric Lécaille | 0656d9c | 2018-12-18 10:31:04 +0100 | [diff] [blame^] | 1 | varnishtest "Health-check test over TLS/SSL" |
| 2 | feature ignore_unknown_macro |
| 3 | |
| 4 | |
| 5 | # This script tests health-checks for a TLS/SSL backend with "option httpchk" |
| 6 | # and "check-ssl" option enabled attached to h2 haproxy process. This haproxy |
| 7 | # h2 process is chained to h1 other one. |
| 8 | # |
| 9 | server s1 { |
| 10 | rxreq |
| 11 | expect req.method == OPTIONS |
| 12 | expect req.url == * |
| 13 | expect req.proto == HTTP/1.1 |
| 14 | txresp |
| 15 | } -start |
| 16 | |
| 17 | server s2 { |
| 18 | } -start |
| 19 | |
| 20 | syslog S1 -level notice { |
| 21 | recv |
| 22 | expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy fe1 started." |
| 23 | recv info |
| 24 | expect ~ "[^:\\[ ]\\[${h1_pid}\\]: .* fe1~ be1/srv1 .* 200 [[:digit:]]+ - - ---- .* \"OPTIONS \\* HTTP/1.1\"" |
| 25 | recv info |
| 26 | expect ~ "[^:\\[ ]\\[${h1_pid}\\]: .* fe1~ be1/srv1 .* 504 [[:digit:]]+ - - sH-- .* \"OPTIONS \\* HTTP/1.1\"" |
| 27 | } -start |
| 28 | |
| 29 | haproxy h1 -conf { |
| 30 | global |
| 31 | tune.ssl.default-dh-param 2048 |
| 32 | |
| 33 | defaults |
| 34 | mode http |
| 35 | timeout client 1s |
| 36 | timeout server 1s |
| 37 | timeout connect 1s |
| 38 | |
| 39 | backend be1 |
| 40 | server srv1 ${s1_addr}:${s1_port} |
| 41 | |
| 42 | backend be2 |
| 43 | server srv2 ${s2_addr}:${s2_port} |
| 44 | |
| 45 | frontend fe1 |
| 46 | option httplog |
| 47 | log ${S1_addr}:${S1_port} len 2048 local0 debug err |
| 48 | bind "fd@${fe1}" ssl crt ${testdir}/common.pem |
| 49 | use_backend be1 |
| 50 | |
| 51 | frontend fe2 |
| 52 | option tcplog |
| 53 | bind "fd@${fe2}" ssl crt ${testdir}/common.pem |
| 54 | use_backend be2 |
| 55 | } -start |
| 56 | |
| 57 | syslog S2 -level notice { |
| 58 | recv |
| 59 | expect ~ "[^:\\[ ]\\[${h2_pid}\\]: Proxy be2 started." |
| 60 | recv |
| 61 | expect ~ "[^:\\[ ]\\[${h2_pid}\\]: Health check for server be2/srv1 succeeded, reason: Layer7 check passed, code: 200, info: \"OK\", check duration: [[:digit:]]+ms, status: 1/1 UP." |
| 62 | recv |
| 63 | expect ~ "[^:\\[ ]\\[${h2_pid}\\]: Health check for server be2/srv1 failed, reason: Layer7 wrong status, code: 504, info: \"Gateway Time-out\", check duration: [[:digit:]]+ms, status: 0/1 DOWN." |
| 64 | } -start |
| 65 | |
| 66 | syslog S4 -level notice { |
| 67 | recv |
| 68 | expect ~ "[^:\\[ ]\\[${h2_pid}\\]: Proxy be4 started." |
| 69 | recv |
| 70 | expect ~ "[^:\\[ ]\\[${h2_pid}\\]: Health check for server be4/srv2 succeeded, reason: Layer6 check passed, check duration: [[:digit:]]+ms, status: 1/1 UP." |
| 71 | } -start |
| 72 | |
| 73 | haproxy h2 -conf { |
| 74 | global |
| 75 | tune.ssl.default-dh-param 2048 |
| 76 | |
| 77 | defaults |
| 78 | timeout client 1s |
| 79 | timeout server 1s |
| 80 | timeout connect 1s |
| 81 | default-server downinter 1s rise 1 fall 1 |
| 82 | |
| 83 | backend be2 |
| 84 | option log-health-checks |
| 85 | option httpchk OPTIONS * HTTP/1.1\r\nHost:\ www |
| 86 | log ${S2_addr}:${S2_port} daemon |
| 87 | server srv1 ${h1_fe1_addr}:${h1_fe1_port} ssl crt ${testdir}/common.pem verify none check |
| 88 | |
| 89 | backend be4 |
| 90 | option log-health-checks |
| 91 | log ${S4_addr}:${S4_port} daemon |
| 92 | server srv2 ${h1_fe2_addr}:${h1_fe2_port} ssl crt ${testdir}/common.pem verify none check-ssl check |
| 93 | } -start |
| 94 | |
| 95 | syslog S1 -wait |
| 96 | |
| 97 | syslog S2 -wait |
| 98 | syslog S4 -wait |
| 99 | |