Re: Official ubuntu 20 repository
On Mon, Jun 07, 2021 at 12:58:22PM +0500, ??? wrote: > ??, 7 ???. 2021 ?. ? 12:20, Valters Jansons : > > > On Mon, Jun 7, 2021 at 12:34 AM Ismail Azerty > > wrote: > > > For some security reasons, our security teams want us to use the > > official repository, or recompile the whole project on ubuntu 20. > > > > Official Ubuntu repositories are "slow" to update due to LTS policies, > > ensuring no potentially breaking changes. Focal (20.04) is on 2.0 > > series, and will not be getting an update to 2.2. > > > > term "official" maybe treated as "ubuntu official" or "haproxy official". > while "ubuntu official" are indeed slow, vbernat PPA is considered as > "haproxy official". I agree, that's what I was about to add as well. In addition, since he's also the distro's official maintainer, this should be sufficient to reassure internal managers who want to use "official packages": Vincent's builds are the only channel providing timely updates directly from the distro's maintainer. There are extremely few packages that have this luxury, so do not hesitate and make use of it, like almost everyone else! You'll have less risks of mistakes than by doing it yourself, you'll benefit from latest fixes, and even possibly from workarounds should any dirty issue be discovered at any time. Willy
Bid Writing, Fundraising and Volunteering Workshops
NFP WORKSHOPS Affordable Training Courses Bid Writing: The Basics Do you know the most common reasons for rejection? Are you gathering the right evidence? Are you making the right arguments? Are you using the right terminology? Are your numbers right? Are you learning from rejections? Are you assembling the right documents? Do you know how to create a clear and concise standard funding bid? Are you communicating with people or just excluding them? Do you know your own organisation well enough? Are you thinking through your projects carefully enough? Do you know enough about your competitors? Are you answering the questions funders will ask themselves about your application? Are you submitting applications correctly? ONLINE VIA ZOOM 10.00 TO 12.30 COST £95.00 CLICK ON DATE TO BOOK YOUR PLACE MON 07 JUN 2021 MON 21 JUN 2021 MON 05 JUL 2021 MON 19 JUL 2021 Bid Writing: Advanced Are you applying to the right trusts? Are you applying to enough trusts? Are you asking for the right amount of money? Are you applying in the right ways? Are your projects the most fundable projects? Are you carrying out trust fundraising in a professional way? Are you delegating enough work? Are you highly productive or just very busy? Are you looking for trusts in all the right places? How do you compare with your competitors for funding? Is the rest of your fundraising hampering your bids to trusts? Do you understand what trusts are ideally looking for? ONLINE VIA ZOOM 10.00 TO 12.30 COST £95.00 CLICK ON DATE TO BOOK YOUR PLACE TUE 08 JUN 2021 TUE 22 JUN 2021 TUE 06 JUL 2021 TUE 20 JUL 2021 Major Donor Fundraising Major Donor Characteristics, Motivations and Requirements. Researching and Screening Major Donors. Encouraging, Involving and Retaining Major Donors. Building Relationships with Major Donors. Major Donor Events and Activities. Setting Up Major Donor Clubs. Asking For Major Gifts. Looking After and Reporting Back to Major Donors. Delivering on Major Donor Expectations. Showing Your Appreciation to Major Donors. Fundraising Budgets and Committees. ONLINE VIA ZOOM 10.00 TO 12.30 COST £95 CLICK ON DATE TO BOOK YOUR PLACE WED 09 JUN 2021 Corporate Fundraising Who are these companies? Why do they get involved? What do they like? What can you get from them? What can you offer them? What are the differences between donations, sponsorship, advertising and cause related marketing? Are companies just like trusts? How do you find these companies? How do you research them? How do you contact them? How do you pitch to them? How do you negotiate with them? When should you say no? How do you draft contracts? How do you manage the relationships? What could go wrong? What are the tax issues? What are the legal considerations? ONLINE VIA ZOOM 10.00 TO 12.30 COST £95 CLICK ON DATE TO BOOK YOUR PLACE WED 23 JUN 2021 Fundraising Overview The workshop is for people who wish to move into fundraising, have just started in fundraising, have responsibilities for fundraisers or who are in fundraising and want to know whether they could be doing it better. We examine each of the different areas of fundraising – public donors, major donors, legacies, trusts and corporates. We explain how the different areas fit together and support each other to create a balanced fundraising effort. We look at how much investment each area of fundraising requires, what returns to expect and how long it is likely to take to achieve those returns. We examine what the rest of your organisation could be doing to help make your fundraising more successful. ONLINE VIA ZOOM 10.00 TO 12.30 COST £95 CLICK ON DATE TO BOOK YOUR PLACE FRI 25 JUN 2021 Recruiting and Managing Volunteers Where do you find volunteers? How do you find the right volunteers? How do you attract volunteers? How do you run volunteer recruitment events? How do you interview volunteers? How do you train volunteers? How do you motivate volunteers? How do you involve volunteers? How do you recognise volunteers? How do you recognise problems with volunteers? How do you learn from volunteer problems? How do you retain volunteers? How do you manage volunteers? What about volunteers and your own staff? What about younger, older and employee volunteers? ONLINE VIA ZOOM 10.00 TO 12.30 COST £95 CLICK ON DATE TO BOOK YOUR PLACE WED 07 JUL 2021 Finding & Researching Trusts The workshop teaches where to find trusts and foundations to apply to. We look at all the various sources of information, compare the pros and cons and examine the costs involved in accessing each of them. We look at how to identify whether or not to apply to a particular trust. We examine how to prepare a target list of trusts to apply to. We look at how to realistically assess your likely chances of success. We explore how best to store and utilise the details you research about each trust. ONLINE VIA ZOOM 10.00 TO 12.30 COST £95 CLIC
Re: Upgrading from 1.8 to 2.4, getting warning I can't figure out
Hello, On 07/06/2021 01:23, Shawn Heisey wrote: On 6/5/2021 10:47 PM, Shawn Heisey wrote: On 6/5/2021 9:30 PM, Shawn Heisey wrote: [WARNING] (81457) : Loading: OCSP response status not successful. Content will be ignored. This error message happens when a call to OpenSSL's OCSP_response_status function on your response returns anything other than OCSP_RESPONSE_STATUS_SUCCESSFUL which means that we won't be able to process your response. Another self-followup: Apparently that warning also happens with 1.8.22 ... I was unaware of this, as I haven't checked the config file manually for a very long time. root@smeagol:/etc/haproxy# haproxy -c -f /etc/haproxy/haproxy.cfg [WARNING] 156/172157 (328956) : Loading '/etc/ssl/certs/local/mainwildcards.pem.ocsp': OCSP response status not successful. Content will be ignored. Configuration file is valid The .ocsp file DOES contain a valid OCSP response. So ... I think I'm probably good to proceed with the upgrade. I know that on an older version of 1.8, no idea which one, this warning did not happen. Can this thread serve as a possible bug report? OCSP stapling won't work on any version that shows this warning (for this specific response). But apart from that, everything else should work fine, that's why you only get a warning when parsing the configuration file. If you are positive that your OCSP response is valid we may indeed have a bug on our side so you could open an issue on GitHub (https://github.com/haproxy/haproxy/issues). If we were to track a bug through the ML there is a high chance of it being lost pretty quickly. Thanks, Shawn Rémi
Re: Official ubuntu 20 repository
On Tue, Jun 8, 2021 at 10:01 AM Willy Tarreau wrote: > On Mon, Jun 07, 2021 at 12:58:22PM +0500, ??? wrote: > > ??, 7 ???. 2021 ?. ? 12:20, Valters Jansons : > > > On Mon, Jun 7, 2021 at 12:34 AM Ismail Azerty > > > wrote: > > > > For some security reasons, our security teams want us to use the > > > > official repository, or recompile the whole project on ubuntu 20. > > > > > > Official Ubuntu repositories are "slow" to update due to LTS policies, > > > ensuring no potentially breaking changes. Focal (20.04) is on 2.0 > > > series, and will not be getting an update to 2.2. > > > > > > > term "official" maybe treated as "ubuntu official" or "haproxy official". > > while "ubuntu official" are indeed slow, vbernat PPA is considered as > > "haproxy official". > > I agree, that's what I was about to add as well. In addition, since he's > also the distro's official maintainer, this should be sufficient to > reassure internal managers who want to use "official packages": Vincent's > builds are the only channel providing timely updates directly from the > distro's maintainer. > > There are extremely few packages that have this luxury, so do not hesitate > and make use of it, like almost everyone else! You'll have less risks of > mistakes than by doing it yourself, you'll benefit from latest fixes, and > even possibly from workarounds should any dirty issue be discovered at > any time. It was not intended to be disrespectful. I do recognize the important work that is done by ~vbernat, as we also use the PPA by him. My comment for that reason explicitly stated "Official Ubuntu repositories" intending to refer to Ubuntu central ones. Sorry for the potential confusion.
Re: Official ubuntu 20 repository
On Tue, Jun 08, 2021 at 10:50:11AM +0300, Valters Jansons wrote: > > > term "official" maybe treated as "ubuntu official" or "haproxy official". > > > while "ubuntu official" are indeed slow, vbernat PPA is considered as > > > "haproxy official". > > > > I agree, that's what I was about to add as well. In addition, since he's > > also the distro's official maintainer, this should be sufficient to > > reassure internal managers who want to use "official packages": Vincent's > > builds are the only channel providing timely updates directly from the > > distro's maintainer. > > > > There are extremely few packages that have this luxury, so do not hesitate > > and make use of it, like almost everyone else! You'll have less risks of > > mistakes than by doing it yourself, you'll benefit from latest fixes, and > > even possibly from workarounds should any dirty issue be discovered at > > any time. > > It was not intended to be disrespectful. Rest assured that nothing you said was perceived as disrespectful! > I do recognize the important work that is done by ~vbernat, as we also > use the PPA by him. My comment for that reason explicitly stated > "Official Ubuntu repositories" intending to refer to Ubuntu central > ones. I wanted to mention that having a foot in both worlds, you can easily use that as an argument to internally "sell" his packages, as he will be the one providing both the "ubuntu official" ones and the ones with all known bugs fixed. You know, the classical "he knows better than us what he's doing" :-) > Sorry for the potential confusion. Do not worry there was no confusion. We were just trying to provide you with good arguments to convince your boss of the best solution for you. Willy
Re: [PATCH] DOC: use the req.ssl_sni in examples
Hi Alex, On Sat, Jun 05, 2021 at 01:31:07PM +0200, Aleksandar Lazic wrote: > Hi. > > This patch fixes the usage of req_ssl_sni in the doc. Ah good catch, applied, thank you! > Any plan to remove the old keyword or add some warning that this > keyword is deprecated? Good question, could be, indeed. Thanks, Willy
Re: [PATCH 2/3] CLEANUP: Make errptr const in `parse_line()`
Hi Max, On Sun, Jun 06, 2021 at 12:50:21AM +0200, Maximilian Mader wrote: > Hi, > I'm not sure whether this change causes any non-obvious issues but the > compiler was happy. There's no issue for this. Adding a const somewhere will either cause build failures or have no visible consequences, it's always safe. That's even one of the most satisfying change, you add one to the code, you notice it breaks the build, you try to propagate it down the chain and suddenly everything aligns perfectly and builds without warnings again so you're sure it's fixed! Thanks! Willy
Re: [PATCH 3/3] MINOR: haproxy: Add `-cc` argument
Tim, Max, On Sun, Jun 06, 2021 at 12:50:22AM +0200, Maximilian Mader wrote: > This is a cleaned-up version of Tim's PoC patch. > The documentation has been updated to reflect the changes. > A simple VTest test is included as well. Note the use of VTest's cmd > feature to skip the test if the HAProxy version is lower than specified. > It might be useful for future tests as well. I had to apply a minor change to this one because it was randomly failing on me: $ ./haproxy -cc 'version_atleast(2.4)' [NOTICE] (2890) : haproxy version is 2.5-dev0-e5a8e5-99 [NOTICE] (2890) : path to executable is ./haproxy [ALERT](2890) : config : Error in condition: Line too long. I couldn't figure how the VTC was OK but not testing it by hand. I finally found it, the outlen variable was not initialized, it should contain the size of the allocated area for the output, so if there was some dirt in the stack, it would use that and be happy, but when run by hand it had zero, hence the message above :-) The change I performed to fix it was just this, and now it always works: --- a/src/haproxy.c +++ b/src/haproxy.c @@ -1804,7 +1804,7 @@ static void init(int argc, char **argv) char *args[MAX_LINE_ARGS+1]; int arg = sizeof(args) / sizeof(*args); - size_t outlen; + size_t outlen = strlen(check_condition) + 1; err = parse_line(check_condition, check_condition, &outlen, args, &arg, PARSE_OPT_DQUOTE | PARSE_OPT_SQUOTE | PARSE_OPT_BKSLASH, The series is applied now, thanks! Willy
Re: [PATCH 3/3] MINOR: haproxy: Add `-cc` argument
Willy, On 6/8/21 11:26 AM, Willy Tarreau wrote: I couldn't figure how the VTC was OK but not testing it by hand. I finally found it, the outlen variable was not initialized, it should contain the size of the allocated area for the output, so if there was some dirt in the stack, it would use that and be happy, but when run by hand it had zero, hence the message above :-) Good catch, thanks! This mistake was part of my initial patch. I'll note that I should read the function documentation more carefully. Reproducing the issue locally it appears that the variable always contains a Unix timestamp for me. However I'm surprised that valgrind does not detect the issue. Usually it's able to detect the use of uninitialized memory within a conditional expression. Anyway: Thanks for fixing the issue and taking the series. I've marked the GitHub issue as fixed and closed it. Best regards Tim Düsterhus
Re: [PATCH 3/3] MINOR: haproxy: Add `-cc` argument
On Tue, Jun 08, 2021 at 11:41:29AM +0200, Tim Düsterhus wrote: > Willy, > > On 6/8/21 11:26 AM, Willy Tarreau wrote: > > I couldn't figure how the VTC was OK but not testing it by hand. I finally > > found it, the outlen variable was not initialized, it should contain the > > size of the allocated area for the output, so if there was some dirt in > > the stack, it would use that and be happy, but when run by hand it had > > zero, hence the message above :-) > > Good catch, thanks! This mistake was part of my initial patch. I'll note > that I should read the function documentation more carefully. I wouldn't have noticed it if it hadn't failed. > Reproducing the issue locally it appears that the variable always contains a > Unix timestamp for me. That's large enough :-) > However I'm surprised that valgrind does not detect the issue. Usually it's > able to detect the use of uninitialized memory within a conditional > expression. It's normal, it's in the stack and that location was already used before if you find anything else. > Anyway: Thanks for fixing the issue and taking the series. I've marked the > GitHub issue as fixed and closed it. Fine! I think we could improve run-regtests.sh to make use of it now for the version checks and possibly even for some features. But no rush, and if in the short term we end up improving logical expressions maybe we'll find it convenient to be able to simply place a global condition in each test. Time will tell. Willy
RE: [EXTERNAL] Re: built in ACL, REQ_CONTENT
OK, I see. An associated question, how do I gain access to that content to interrogate/parse the data in that content? pg -Original Message- From: Lukas Tribus Sent: Monday, June 7, 2021 4:08 PM To: Godfrin, Philippe E Cc: haproxy@formilux.org Subject: [EXTERNAL] Re: built in ACL, REQ_CONTENT Use caution when interacting with this [EXTERNAL] email! Hello, On Mon, 7 Jun 2021 at 14:51, Godfrin, Philippe E wrote: > > Greetings! > > I can’t seem to find instructions on how to use this builtin ACL. Can someone > point me in the right direction, please? There is nothing specific about it, you use just like every other ACL. http-request deny if REQ_CONTENT http-request deny unless REQ_CONTENT Lukas
[PATCH] CI: Make matrix.py executable and add shebang
It's a script, allow executing this as a script without needing to invoke `python3` manually. --- .github/matrix.py | 2 ++ 1 file changed, 2 insertions(+) mode change 100644 => 100755 .github/matrix.py diff --git a/.github/matrix.py b/.github/matrix.py old mode 100644 new mode 100755 index 473524848..cfef53c9e --- a/.github/matrix.py +++ b/.github/matrix.py @@ -1,3 +1,5 @@ +#!/usr/bin/python3 + # Copyright 2019 Ilya Shipitsin # Copyright 2020 Tim Duesterhus # -- 2.31.1
Re: [PATCH] CI: Make matrix.py executable and add shebang
ack from me. вт, 8 июн. 2021 г. в 18:17, Tim Duesterhus : > It's a script, allow executing this as a script without needing to invoke > `python3` manually. > --- > .github/matrix.py | 2 ++ > 1 file changed, 2 insertions(+) > mode change 100644 => 100755 .github/matrix.py > > diff --git a/.github/matrix.py b/.github/matrix.py > old mode 100644 > new mode 100755 > index 473524848..cfef53c9e > --- a/.github/matrix.py > +++ b/.github/matrix.py > @@ -1,3 +1,5 @@ > +#!/usr/bin/python3 > + > # Copyright 2019 Ilya Shipitsin > # Copyright 2020 Tim Duesterhus > # > -- > 2.31.1 > > >
Re: [EXTERNAL] Re: built in ACL, REQ_CONTENT
Hello, On Tue, 2021-06-08 at 12:25 +, Godfrin, Philippe E wrote: > OK, I see. An associated question, how do I gain access to that content to > interrogate/parse the data in that content? req.body (https://cbonte.github.io/haproxy-dconv/2.4/configuration.html#7.3.6-req.body) Can you explain a little bit what you're trying to do ? -Jarno > pg > > -Original Message- > From: Lukas Tribus > Sent: Monday, June 7, 2021 4:08 PM > To: Godfrin, Philippe E > Cc: haproxy@formilux.org > Subject: [EXTERNAL] Re: built in ACL, REQ_CONTENT > > Use caution when interacting with this [EXTERNAL] email! > > Hello, > > On Mon, 7 Jun 2021 at 14:51, Godfrin, Philippe E > wrote: > > > > Greetings! > > > > I can’t seem to find instructions on how to use this builtin ACL. Can > > someone point me in the right direction, please? > > There is nothing specific about it, you use just like every other ACL. > > http-request deny if REQ_CONTENT > > http-request deny unless REQ_CONTENT > > > Lukas > > > > -- Jarno Huuskonen
Re: enaling cache in github actions
Tim, maybe you have an idea how to make it work. I gave up (the idea was to cache "opt" and "download-cache" folders) enabling cache https://github.com/chipitsine/haproxy/commit/fcb5f130c44f1efb50c2aaf1842a86c7f37f0cca initially cache https://github.com/chipitsine/haproxy/runs/2773929840 dumb commit to test cache (all SSL variants should be taken from cache) https://github.com/chipitsine/haproxy/runs/2774363928 but ... + cat /home/runner/opt/.libressl-version cat: /home/runner/opt/.libressl-version: No such file or directory + [ != 2.9.2 ] вс, 16 мая 2021 г. в 16:59, Tim Düsterhus : > Ilya, > > On 5/15/21 5:30 PM, Илья Шипицин wrote: > > I've found that we do not cache "download-cache" and "opt" folders, > > thus we build BoringSSL on every build (no cache). > > > > I tried to enable cache > > > > > https://github.com/chipitsine/haproxy/blob/master/.github/workflows/vtest.yml#L46-L53 > > > > github does not like such caching keys: > > > > Error: Key Validation Error: Linux-Ubuntu, gcc, no features cannot > contain > > commas. > > > > > > Tim, do you have an idea how to fix this ? > > > > I suggest the following: > > - Cache based off the matrix.ssl value, because that determines what > type of SSL lib we download and build. > - If we want to cache something else in the future, then we use a > separate cache head for that specifically. > - And then use `steps.XXX.outputs.cache-hit != 'true'` to check whether > you need to build anything or not. > > See also: https://github.com/actions/cache#example-workflow > > Best regards > Tim Düsterhus >
Re: enaling cache in github actions
Ilya, On 6/8/21 3:49 PM, Илья Шипицин wrote: Tim, maybe you have an idea how to make it work. I gave up Ack. I'll add it to my ToDo and I'll try to look into in in the next days. Best regards Tim Düsterhus
RE: [EXTERNAL] Re: built in ACL, REQ_CONTENT
Certainly, Postrgres sends this message across the wire: Jun 2 21:14:40 ip-172-31-77-193 haproxy[9031]: #0110x00: 00 00 00 4c 00 03 00 00 75 73 65 72 00 74 73 64 |...Luser.tsd| Jun 2 21:14:40 ip-172-31-77-193 haproxy[9031]: #0110x10: 62 00 64 61 74 61 62 61 73 65 00 74 73 64 62 00 |b.database.tsdb.| Jun 2 21:14:40 ip-172-31-77-193 haproxy[9031]: #0110x20: 61 70 70 6c 69 63 61 74 69 6f 6e 5f 6e 61 6d 65 |application_name| Jun 2 21:14:40 ip-172-31-77-193 haproxy[9031]: #0110x30: 00 70 73 71 6c 00 63 6c 69 65 6e 74 5f 65 6e 63 |.psql.client_enc| Jun 2 21:14:40 ip-172-31-77-193 haproxy[9031]: #0110x40: 6f 64 69 6e 67 00 55 54 46 38 00 00 |oding.UTF8..| Bytes, 8 – are user\0 Byte 13 starts the userid. I would like to be able to test that userid and make a routing decision on that. This is what the HAProxy docs suggest: acl check-rw req.payload(8,32),hex -m sub 757365720074736462727700 use_backend pg_readwrite if check-rw But the ACL never results in true… pg From: Jarno Huuskonen Sent: Tuesday, June 8, 2021 8:35 AM To: Godfrin, Philippe E Cc: haproxy@formilux.org Subject: Re: [EXTERNAL] Re: built in ACL, REQ_CONTENT Use caution when interacting with this [EXTERNAL] email! Hello, On Tue, 2021-06-08 at 12:25 +, Godfrin, Philippe E wrote: > OK, I see. An associated question, how do I gain access to that content to > interrogate/parse the data in that content? req.body (https://cbonte.github.io/haproxy-dconv/2.4/configuration.html#7.3.6-req.body) Can you explain a little bit what you're trying to do ? -Jarno > pg > > -Original Message- > From: Lukas Tribus > Sent: Monday, June 7, 2021 4:08 PM > To: Godfrin, Philippe E > Cc: haproxy@formilux.org > Subject: [EXTERNAL] Re: built in ACL, REQ_CONTENT > > Use caution when interacting with this [EXTERNAL] email! > > Hello, > > On Mon, 7 Jun 2021 at 14:51, Godfrin, Philippe E > wrote: > > > > Greetings! > > > > I can’t seem to find instructions on how to use this builtin ACL. Can > > someone point me in the right direction, please? > > There is nothing specific about it, you use just like every other ACL. > > http-request deny if REQ_CONTENT > > http-request deny unless REQ_CONTENT > > > Lukas > > > > -- Jarno Huuskonen
Re: [EXTERNAL] Re: built in ACL, REQ_CONTENT
Hello, On Tue, 8 Jun 2021 at 17:36, Godfrin, Philippe E wrote: > > Certainly, > > Postrgres sends this message across the wire: > > Jun 2 21:14:40 ip-172-31-77-193 haproxy[9031]: #0110x00: 00 00 00 4c 00 > 03 00 00 75 73 65 72 00 74 73 64 |...Luser.tsd| > Jun 2 21:14:40 ip-172-31-77-193 haproxy[9031]: #0110x10: 62 00 64 61 74 > 61 62 61 73 65 00 74 73 64 62 00 |b.database.tsdb.| > Jun 2 21:14:40 ip-172-31-77-193 haproxy[9031]: #0110x20: 61 70 70 6c 69 > 63 61 74 69 6f 6e 5f 6e 61 6d 65 |application_name| > Jun 2 21:14:40 ip-172-31-77-193 haproxy[9031]: #0110x30: 00 70 73 71 6c > 00 63 6c 69 65 6e 74 5f 65 6e 63 |.psql.client_enc| > Jun 2 21:14:40 ip-172-31-77-193 haproxy[9031]: #0110x40: 6f 64 69 6e 67 > 00 55 54 46 38 00 00 |oding.UTF8..| > > > > Bytes, 8 – are user\0 Byte 13 starts the userid. I would like to be able to > test that userid and make a routing decision on that. This is what the > HAProxy docs suggest: > > > > acl check-rw req.payload(8,32),hex -m sub 757365720074736462727700 And don't see how this is supposed to match? 62727700 is not what it's in your trace. Is the username tsdb, like in your trace, or is it tsdbrw, like in your ACL? Also, put a "tcp-request inspect-delay 5s" in front of the ACL (you can optimize performance later) and share the entire configuration. Please try to ask the actual question directly next time, so we can help you right away (https://xyproblem.info/). Thanks, Lukas
RE: [EXTERNAL] Re: built in ACL, REQ_CONTENT
My apologies, that trace is wrong, it is supposed to be tsdbrw:
Jun 4 20:19:26 ip-172-31-77-193 haproxy[2113]: 1622837966.765959
[<<>>/pg_ingress] [strm 0x558944c88340(0) 0x0006 0x3000]
trace_tcp_payload : channel=REQUEST - mode=TCP (backend) - offset=0
- len=78 - forward=78
Jun 4 20:19:26 ip-172-31-77-193 haproxy[2113]: #0110x00: 00 00 00 4e 00 03
00 00 75 73 65 72 00 74 73 64 |...Nuser.tsd|
Jun 4 20:19:26 ip-172-31-77-193 haproxy[2113]: #0110x10: 62 72 77 00 64 61
74 61 62 61 73 65 00 74 73 64 |brw.database.tsd|
Jun 4 20:19:26 ip-172-31-77-193 haproxy[2113]: #0110x20: 62 00 61 70 70 6c
69 63 61 74 69 6f 6e 5f 6e 61 |b.application_na|
Jun 4 20:19:26 ip-172-31-77-193 haproxy[2113]: #0110x30: 6d 65 00 70 73 71
6c 00 63 6c 69 65 6e 74 5f 65 |me.psql.client_e|
Jun 4 20:19:26 ip-172-31-77-193 haproxy[2113]: #0110x40: 6e 63 6f 64 69 6e
67 00 55 54 46 38 00 00 |ncoding.UTF8..|
Config:
root@ip-172-31-77-193:/etc/haproxy# cat haproxy.cfg
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd
listeners
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# See:
https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
ssl-default-bind-ciphers
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-bind-ciphersuites
TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
defaults
log global
mode http
mode tcp
option httplog
option dontlognull
timeout connect 5000
timeout client 5
timeout server 5
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
#-
# statistics
#-
# Host HA-Proxy's web stats on Port 7000.
listen HAProxy-Statistics
bind *:7000
mode http
option httplog
stats enable
stats uri /haproxy?stats
stats refresh 20s
stats realm PSQL Haproxy\ Statistics # Title text for popup window
stats show-node
stats show-legends
stats show-desc PSQL load balancer stats (master)
stats auth pgadmin:pgsecret
frontend pg_ingress
bind *:5000
mode tcp
option tcplog # enable advanced logging
log global
tcp-request inspect-delay 5s
acl pg_msg_term req.payload(8,0),hex -m end
tcp-request content accept if pg_msg_term
#tcp-request content capture req.payload(8,32) len 32
#log-format "%ci:%cp -> %fi:%fp [%t] %ft %b/%s %Tw/%Tc/%Tt %B %ts
%ac/%fc/%bc/%sc/%rc %sq/%bq captured_user:%{+Q}[capture.req.hdr(0)]
req.len:%[capture.req.hdr(1)]"
#log-format "captured_data:%{+Q}[capture.req.hdr(1)]"
# hex convert tsdbrw
# 757365720074736462727700
acl check-rw req.payload(8,32),hex -m sub 757365720074736462727700
use_backend pg_readwrite if check-rw
#use_backend pg_readwrite unless check-rw
default_backend pg_readonly
#filter trace name pg-trace hexdump
backend pg_readwrite
mode tcp
option httpchk
http-check expect status 200
default-server inter 3s fall 3 rise 3 on-marked-down shutdown-sessions
server tstshd01 172.31.68.147:6432 check port 8008
server tstshd02 172.31.69.227:6432 check port 8008
backend pg_readonly
mode tcp
balance leastconn
default-server inter 3s fall 3 rise 3 on-marked-down shutdown-sessions
server tstshd01 172.31.68.147:6432
server tstshd02 172.31.69.227:6432
# end
Log:
Jun 8 16:53:11 ip-172-31-77-193 haproxy[15694]: [WARNING] 158/165311 (15694) :
Exiting Master process...
Jun 8 16:53:11 ip-172-31-77-193 haproxy[15694]: [NOTICE] 158/165311 (15694) :
haproxy version is 2.2.14-1ppa1~bionic
Jun 8 16:53:11 ip-172-31-77-193 haproxy[15694]: [NOTICE] 158/165311 (15694) :
path to executable i
Re: [PATCH] CI: Make matrix.py executable and add shebang
On Tue, Jun 08, 2021 at 06:25:40PM +0500, ??? wrote: > ack from me. Now merged, thanks! Willy
