blob: e5863580cf6d91da0c74ee88e3b16def0ab51903 [file] [log] [blame]
Christopher Fauletaec7f762020-04-22 15:16:58 +02001varnishtest "Health-checks: tcp-check health-check with ssl options"
2#REQUIRE_OPTION=OPENSSL
3#REQUIRE_VERSION=2.2
4#REGTEST_TYPE=slow
5feature ignore_unknown_macro
6
7syslog S_ok -level notice {
8 recv
9 expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be[0-9]+ started."
10 recv
11 expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be[0-9]+ started."
12 recv
13 expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be[0-9]+ started."
14 recv
15 expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be[0-9]+ started."
16 recv
17 expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be[0-9]+ started."
18
19 recv
20 expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be[0-9]+/srv succeeded, reason: Layer6 check passed.+check duration: [[:digit:]]+ms, status: 1/1 UP."
21 recv
22 expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be[0-9]+/srv succeeded, reason: Layer6 check passed.+check duration: [[:digit:]]+ms, status: 1/1 UP."
23 recv
24 expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be[0-9]+/srv succeeded, reason: Layer6 check passed.+check duration: [[:digit:]]+ms, status: 1/1 UP."
25 recv
26 expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be[0-9]+/srv succeeded, reason: Layer6 check passed.+check duration: [[:digit:]]+ms, status: 1/1 UP."
27 recv
28 expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be[0-9]+/srv succeeded, reason: Layer6 check passed.+check duration: [[:digit:]]+ms, status: 1/1 UP."
29} -start
30
31syslog S3 -level notice {
32 recv
33 expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be3 started."
34 recv
35 expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be3/srv failed, reason: Layer6 invalid response.+info: \"SSL handshake failure\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN."
36} -start
37
38syslog S4 -level notice {
39 recv
40 expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy be4 started."
41 recv
42 expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be4/srv failed, reason: Layer6 invalid response.+info: \"SSL handshake failure at step 1 of tcp-check \\(connect\\)\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN."
43} -start
44
45
46haproxy htst -conf {
47 global
48 tune.ssl.default-dh-param 2048
49
50 defaults
51 mode tcp
52 timeout client 1s
53 timeout server 1s
54 timeout connect 100ms
55
56 listen li1
57 bind "fd@${li1}"
58 tcp-request inspect-delay 100ms
59 tcp-request content reject if { req.ssl_hello_type 0 }
60 tcp-request content accept if { req.ssl_sni check.haproxy.org }
61 tcp-request content accept if { req.ssl_sni connect.haproxy.org }
62 tcp-request content reject
63 server fe1 ${htst_fe1_addr}:${htst_fe1_port}
64
65 listen li2
66 bind "fd@${li2}"
67 tcp-request inspect-delay 100ms
68 tcp-request content reject if { req.ssl_hello_type 0 }
69 tcp-request content accept if { req.ssl_alpn h2 }
70 tcp-request content accept if { req.ssl_alpn http/1.1 }
71 tcp-request content reject
72 server fe1 ${htst_fe1_addr}:${htst_fe1_port}
73
74 frontend fe1
75 bind "fd@${fe1}" ssl crt ${testdir}/common.pem
76
77} -start
78
79haproxy h1 -conf {
80 defaults
81 mode tcp
82 timeout client 1s
83 timeout server 1s
84 timeout connect 100ms
85
86 backend be1
87 log ${S_ok_addr}:${S_ok_port} daemon
88 option log-health-checks
89 server srv ${htst_li1_addr}:${htst_li1_port} check check-ssl check-sni check.haproxy.org inter 1s rise 1 fall 1 verify none
90
91 backend be2
92 log ${S_ok_addr}:${S_ok_port} daemon
93 option log-health-checks
94 option tcp-check
95 tcp-check connect ssl sni connect.haproxy.org
96 server srv ${htst_li1_addr}:${htst_li1_port} check inter 1s rise 1 fall 1 verify none
97
98 backend be3
99 log ${S3_addr}:${S3_port} daemon
100 option log-health-checks
101 server srv ${htst_li1_addr}:${htst_li1_port} check check-ssl check-sni bad.haproxy.org inter 1s rise 1 fall 1 verify none
102
103 backend be4
104 log ${S4_addr}:${S4_port} daemon
105 option log-health-checks
106 option tcp-check
107 tcp-check connect ssl sni bad.haproxy.org
108 server srv ${htst_li1_addr}:${htst_li1_port} check inter 1s rise 1 fall 1 verify none
109
110 backend be5
111 log ${S_ok_addr}:${S_ok_port} daemon
112 option log-health-checks
113 option tcp-check
114 tcp-check connect default
115 server srv ${htst_li1_addr}:${htst_li1_port} check check-ssl check-sni check.haproxy.org inter 1s rise 1 fall 1 verify none
116
117 backend be6
118 log ${S_ok_addr}:${S_ok_port} daemon
119 option log-health-checks
120 server srv ${htst_li2_addr}:${htst_li2_port} check check-ssl check-alpn "h2,http/1.1" inter 1s rise 1 fall 1 verify none
121
122 backend be7
123 log ${S_ok_addr}:${S_ok_port} daemon
124 option log-health-checks
125 option tcp-check
126 tcp-check connect ssl alpn "h2,http/1.1"
127 server srv ${htst_li2_addr}:${htst_li2_port} check inter 1s rise 1 fall 1 verify none
128
129} -start
130
131syslog S_ok -wait
132syslog S3 -wait
133syslog S4 -wait