Move more production defaults to cookbook

* Update default_check_opts based on production roles.
* Update use_weights based on production roles.
* Update close_client_connections based on production roles.
* Configure frontend asset_proxy automatically.

gitlab-com/gl-infra/infrastructure#10284Signed-off-by: Ben Kochie's avatarBen Kochie <[email protected]>
parent 6a3e83a9
Pipeline #151856972 passed with stage
in 9 minutes and 21 seconds
......@@ -111,7 +111,7 @@ default['gitlab-haproxy']['frontend']['websockets']['httpchk_host'] = 'gitlab.co
default['gitlab-haproxy']['frontend']['websockets']['httpchk_path'] = '/-/health'
default['gitlab-haproxy']['frontend']['api_rate_limit']['custom_config'] = []
default['gitlab-haproxy']['frontend']['api_rate_limit']['enforced'] = true
default['gitlab-haproxy']['frontend']['default_check_opts'] = 'inter 2s fastinter 1s downinter 5s fall 3'
default['gitlab-haproxy']['frontend']['default_check_opts'] = 'inter 3s fastinter 1s downinter 5s fall 3'
default['gitlab-haproxy']['frontend']['asset_proxy']['enable'] = false
default['gitlab-haproxy']['frontend']['asset_proxy']['httpchk_path'] = '/info'
default['gitlab-haproxy']['frontend']['asset_proxy']['host'] = 'example.com'
......@@ -224,7 +224,7 @@ default['gitlab-haproxy']['registry']['backend_port'] = '5000'
default['gitlab-haproxy']['registry']['httpchk_host'] = 'registry.gitlab.com'
default['gitlab-haproxy']['registry']['httpchk_path'] = '/debug/health'
default['gitlab-haproxy']['registry']['default_check_opts'] = 'inter 2s fastinter 1s downinter 5s fall 3 port 5001'
default['gitlab-haproxy']['registry']['use_weights'] = false
default['gitlab-haproxy']['registry']['use_weights'] = true
default['gitlab-haproxy']['registry']['default_weight'] = '100'
default['gitlab-haproxy']['registry']['enforce_cloudflare_origin_pull'] = false
......@@ -247,7 +247,7 @@ default['gitlab-haproxy']['ci']['backend']['servers']['default']['api'] = {}
default['gitlab-haproxy']['ci']['backend']['servers']['default']['https_git'] = {}
default['gitlab-haproxy']['ci']['backend']['servers']['default']['canary_api'] = {}
default['gitlab-haproxy']['ci']['backend']['servers']['default']['canary_https_git'] = {}
default['gitlab-haproxy']['ci']['default_check_opts'] = 'inter 2s fastinter 1s downinter 5s fall 3 port 5001'
default['gitlab-haproxy']['ci']['default_check_opts'] = 'inter 3s fastinter 1s downinter 5s fall 3'
default['gitlab-haproxy']['ci']['api']['check_opts'] = 'check-ssl'
default['gitlab-haproxy']['ci']['https_git']['check_opts'] = 'check-ssl'
......
......@@ -6,7 +6,7 @@
#
# License: MIT
#
include_recipe 'apt'
include_recipe 'apt::unattended-upgrades'
# Don't allow automatic upgrades.
node.default['apt']['unattended_upgrades']['package_blacklist'] << 'haproxy'
......
......@@ -7,6 +7,16 @@
# License: MIT
#
node.default['gitlab-haproxy']['close_client_connections'] = true
env = node.chef_environment
node.default['gitlab-haproxy']['frontend']['asset_proxy'] = {
enable: true,
host: "gitlab-#{env}-assets.storage.googleapis.com",
} if !node['cloud'].nil? && node['cloud']['provider'] == 'gce'
node.default['gitlab-haproxy']['frontend']['use_weights'] = true
include_recipe 'gitlab-haproxy::default'
haproxy_secrets = gitlab_haproxy_secrets['gitlab-haproxy']
......
......@@ -7,12 +7,6 @@
# License: MIT
#
node.default['gitlab-haproxy']['canary_request_path']['path_list'] = [
'/v2/charts',
'/v2/gitlab-com',
'/v2/gitlab-org/gitlab-ee',
]
include_recipe 'gitlab-haproxy::default'
haproxy_secrets = gitlab_haproxy_secrets['gitlab-haproxy']
......
......@@ -193,7 +193,7 @@ backend ci_api
option splice-auto
timeout server-fin 5s
option httpchk GET /-/health HTTP/1.1\r\nHost:\ gitlab.com
server api02.stg.gitlab.com 127.0.0.1:443 weight 100 check check-ssl inter 2s fastinter 1s downinter 5s fall 3 port 5001 ssl verify none
server api02.stg.gitlab.com 127.0.0.1:443 weight 100 check check-ssl inter 3s fastinter 1s downinter 5s fall 3 ssl verify none
backend ci_https_git
mode http
......@@ -202,7 +202,7 @@ backend ci_https_git
option splice-auto
timeout server-fin 5s
option httpchk GET /-/health HTTP/1.1\r\nHost:\ gitlab.com
server git02.stg.gitlab.com 127.0.0.1:443 weight 100 check check-ssl inter 2s fastinter 1s downinter 5s fall 3 port 5001 ssl verify none
server git02.stg.gitlab.com 127.0.0.1:443 weight 100 check check-ssl inter 3s fastinter 1s downinter 5s fall 3 ssl verify none
backend canary_ci_https_git
......
......@@ -47,6 +47,10 @@ defaults
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
load-server-state-from-file global
# This configuration makes sure, the backend thinks it's a keep-alive connection, to avoid erratic behaviour
# But closes the connection to the clients. This is used as a workaround for Cloudflare connection ratelimits.
option http-pretend-keepalive
option forceclose
listen stats
bind 0.0.0.0:7331
......@@ -289,8 +293,10 @@ backend api
option splice-auto
timeout server-fin 5s
option httpchk GET /-/health HTTP/1.1\r\nHost:\ gitlab.com
server api01.stg.gitlab.com 127.0.0.1:443 check check-ssl inter 2s fastinter 1s downinter 5s fall 3 ssl verify none
server api02.stg.gitlab.com 127.0.0.1:443 check check-ssl inter 2s fastinter 1s downinter 5s fall 3 ssl verify none backup
server api01.stg.gitlab.com 127.0.0.1:443 weight 100 check check-ssl inter 3s fastinter 1s downinter 5s fall 3 ssl verify none
server api02.stg.gitlab.com 127.0.0.1:443 weight 100 check check-ssl inter 3s fastinter 1s downinter 5s fall 3 ssl verify none backup
server api-cny-01.stg.gitlab.com 127.0.0.1:443 weight 0 check check-ssl inter 3s fastinter 1s downinter 5s fall 3 ssl verify none
server api-cny-02.stg.gitlab.com 127.0.0.1:443 weight 0 check check-ssl inter 3s fastinter 1s downinter 5s fall 3 ssl verify none backup
backend api_rate_limit
option splice-auto
......@@ -304,8 +310,10 @@ backend https_git
option splice-auto
timeout server-fin 5s
option httpchk GET /-/health HTTP/1.1\r\nHost:\ gitlab.com
server git01.stg.gitlab.com 127.0.0.1:443 check check-ssl inter 2s fastinter 1s downinter 5s fall 3 ssl verify none
server git02.stg.gitlab.com 127.0.0.1:443 check check-ssl inter 2s fastinter 1s downinter 5s fall 3 ssl verify none backup
server git01.stg.gitlab.com 127.0.0.1:443 weight 100 check check-ssl inter 3s fastinter 1s downinter 5s fall 3 ssl verify none
server git02.stg.gitlab.com 127.0.0.1:443 weight 100 check check-ssl inter 3s fastinter 1s downinter 5s fall 3 ssl verify none backup
server git-cny-01.stg.gitlab.com 127.0.0.1:443 weight 0 check check-ssl inter 3s fastinter 1s downinter 5s fall 3 ssl verify none
server git-cny-02.stg.gitlab.com 127.0.0.1:443 weight 0 check check-ssl inter 3s fastinter 1s downinter 5s fall 3 ssl verify none backup
backend web
mode http
......@@ -315,8 +323,10 @@ backend web
timeout server-fin 5s
rspadd Content-Security-Policy:\ default-src\ \'self\';
option httpchk GET /-/health HTTP/1.1\r\nHost:\ gitlab.com
server web01.stg.gitlab.com 127.0.0.1:443 check check-ssl inter 2s fastinter 1s downinter 5s fall 3 ssl verify none
server web02.stg.gitlab.com 127.0.0.1:443 check check-ssl inter 2s fastinter 1s downinter 5s fall 3 ssl verify none backup
server web01.stg.gitlab.com 127.0.0.1:443 weight 100 check check-ssl inter 3s fastinter 1s downinter 5s fall 3 ssl verify none
server web02.stg.gitlab.com 127.0.0.1:443 weight 100 check check-ssl inter 3s fastinter 1s downinter 5s fall 3 ssl verify none backup
server web-cny-01.stg.gitlab.com 127.0.0.1:443 weight 0 check check-ssl inter 3s fastinter 1s downinter 5s fall 3 ssl verify none
server web-cny-02.stg.gitlab.com 127.0.0.1:443 weight 0 check check-ssl inter 3s fastinter 1s downinter 5s fall 3 ssl verify none backup
backend canary_web
mode http
......@@ -328,8 +338,8 @@ backend canary_web
http-response set-header X-Robots-Tag noindex if { var(txn.host) -m beg canary }
rspadd Content-Security-Policy:\ default-src\ \'self\';
option httpchk GET /-/health HTTP/1.1\r\nHost:\ gitlab.com
server web-cny-01.stg.gitlab.com 127.0.0.1:443 check check-ssl inter 2s fastinter 1s downinter 5s fall 3 ssl verify none
server web-cny-02.stg.gitlab.com 127.0.0.1:443 check check-ssl inter 2s fastinter 1s downinter 5s fall 3 ssl verify none backup
server web-cny-01.stg.gitlab.com 127.0.0.1:443 check check-ssl inter 3s fastinter 1s downinter 5s fall 3 ssl verify none
server web-cny-02.stg.gitlab.com 127.0.0.1:443 check check-ssl inter 3s fastinter 1s downinter 5s fall 3 ssl verify none backup
backend canary_https_git
mode http
......@@ -338,8 +348,8 @@ backend canary_https_git
option splice-auto
timeout server-fin 5s
option httpchk GET /-/health HTTP/1.1\r\nHost:\ gitlab.com
server git-cny-01.stg.gitlab.com 127.0.0.1:443 check check-ssl inter 2s fastinter 1s downinter 5s fall 3 ssl verify none
server git-cny-02.stg.gitlab.com 127.0.0.1:443 check check-ssl inter 2s fastinter 1s downinter 5s fall 3 ssl verify none backup
server git-cny-01.stg.gitlab.com 127.0.0.1:443 check check-ssl inter 3s fastinter 1s downinter 5s fall 3 ssl verify none
server git-cny-02.stg.gitlab.com 127.0.0.1:443 check check-ssl inter 3s fastinter 1s downinter 5s fall 3 ssl verify none backup
backend canary_api
mode http
......@@ -348,8 +358,8 @@ backend canary_api
option splice-auto
timeout server-fin 5s
option httpchk GET /-/health HTTP/1.1\r\nHost:\ gitlab.com
server api-cny-01.stg.gitlab.com 127.0.0.1:443 check check-ssl inter 2s fastinter 1s downinter 5s fall 3 ssl verify none
server api-cny-02.stg.gitlab.com 127.0.0.1:443 check check-ssl inter 2s fastinter 1s downinter 5s fall 3 ssl verify none backup
server api-cny-01.stg.gitlab.com 127.0.0.1:443 check check-ssl inter 3s fastinter 1s downinter 5s fall 3 ssl verify none
server api-cny-02.stg.gitlab.com 127.0.0.1:443 check check-ssl inter 3s fastinter 1s downinter 5s fall 3 ssl verify none backup
backend ssh
mode tcp
......@@ -362,8 +372,10 @@ backend ssh
# if rails isn't running and they're both running on the same host.
# We need to change this when we split rails to a separate cluster.
option httpchk GET /-/health HTTP/1.1\r\nHost:\ gitlab.com
server git01.stg.gitlab.com 127.0.0.1:22 check check-ssl port 443 verify none inter 2s fastinter 1s downinter 5s fall 3
server git02.stg.gitlab.com 127.0.0.1:22 check check-ssl port 443 verify none inter 2s fastinter 1s downinter 5s fall 3 backup
server git01.stg.gitlab.com 127.0.0.1:22 weight 100 check check-ssl port 443 verify none inter 3s fastinter 1s downinter 5s fall 3
server git02.stg.gitlab.com 127.0.0.1:22 weight 100 check check-ssl port 443 verify none inter 3s fastinter 1s downinter 5s fall 3 backup
server git-cny-01.stg.gitlab.com 127.0.0.1:22 weight 0 check check-ssl port 443 verify none inter 3s fastinter 1s downinter 5s fall 3 check-ssl verify none
server git-cny-02.stg.gitlab.com 127.0.0.1:22 weight 0 check check-ssl port 443 verify none inter 3s fastinter 1s downinter 5s fall 3 check-ssl verify none backup
backend websockets
mode http
......@@ -373,8 +385,10 @@ backend websockets
timeout tunnel 8s
cookie _gitlab_session prefix nocache
option httpchk GET /-/health HTTP/1.1\r\nHost:\ gitlab.com
server web01.stg.gitlab.com 127.0.0.1:443 check check-ssl inter 2s fastinter 1s downinter 5s fall 3 ssl verify none cookie web01.stg.gitlab.com
server web02.stg.gitlab.com 127.0.0.1:443 check check-ssl inter 2s fastinter 1s downinter 5s fall 3 ssl verify none cookie web02.stg.gitlab.com backup
server web01.stg.gitlab.com 127.0.0.1:443 weight 100 check check-ssl inter 3s fastinter 1s downinter 5s fall 3 ssl verify none cookie web01.stg.gitlab.com
server web02.stg.gitlab.com 127.0.0.1:443 weight 100 check check-ssl inter 3s fastinter 1s downinter 5s fall 3 ssl verify none cookie web02.stg.gitlab.com backup
server web-cny-01.stg.gitlab.com 127.0.0.1:443 weight 0 check check-ssl inter 3s fastinter 1s downinter 5s fall 3 ssl verify none cookie web-cny-01.stg.gitlab.com
server web-cny-02.stg.gitlab.com 127.0.0.1:443 weight 0 check check-ssl inter 3s fastinter 1s downinter 5s fall 3 ssl verify none cookie web-cny-02.stg.gitlab.com backup
backend 429_slow_down
mode http
......
......@@ -47,6 +47,10 @@ defaults
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
load-server-state-from-file global
# This configuration makes sure, the backend thinks it's a keep-alive connection, to avoid erratic behaviour
# But closes the connection to the clients. This is used as a workaround for Cloudflare connection ratelimits.
option http-pretend-keepalive
option forceclose
listen stats
bind 0.0.0.0:7331
......@@ -289,7 +293,8 @@ backend api
option splice-auto
timeout server-fin 5s
option httpchk GET /-/health HTTP/1.1\r\nHost:\ gitlab.com
server api01.stg.gitlab.com 127.0.0.1:443 check check-ssl inter 2s fastinter 1s downinter 5s fall 3 ssl verify none
server api01.stg.gitlab.com 127.0.0.1:443 weight 100 check check-ssl inter 3s fastinter 1s downinter 5s fall 3 ssl verify none
server api-cny-01.stg.gitlab.com 127.0.0.1:443 weight 0 check check-ssl inter 3s fastinter 1s downinter 5s fall 3 ssl verify none
backend api_rate_limit
option splice-auto
......@@ -303,7 +308,8 @@ backend https_git
option splice-auto
timeout server-fin 5s
option httpchk GET /-/health HTTP/1.1\r\nHost:\ gitlab.com
server git01.stg.gitlab.com 127.0.0.1:443 check check-ssl inter 2s fastinter 1s downinter 5s fall 3 ssl verify none
server git01.stg.gitlab.com 127.0.0.1:443 weight 100 check check-ssl inter 3s fastinter 1s downinter 5s fall 3 ssl verify none
server git-cny-01.stg.gitlab.com 127.0.0.1:443 weight 0 check check-ssl inter 3s fastinter 1s downinter 5s fall 3 ssl verify none
backend web
mode http
......@@ -313,7 +319,8 @@ backend web
timeout server-fin 5s
rspadd Content-Security-Policy:\ default-src\ \'self\';
option httpchk GET /-/health HTTP/1.1\r\nHost:\ gitlab.com
server web01.stg.gitlab.com 127.0.0.1:443 check check-ssl inter 2s fastinter 1s downinter 5s fall 3 ssl verify none
server web01.stg.gitlab.com 127.0.0.1:443 weight 100 check check-ssl inter 3s fastinter 1s downinter 5s fall 3 ssl verify none
server web-cny-01.stg.gitlab.com 127.0.0.1:443 weight 0 check check-ssl inter 3s fastinter 1s downinter 5s fall 3 ssl verify none
backend canary_web
mode http
......@@ -325,7 +332,7 @@ backend canary_web
http-response set-header X-Robots-Tag noindex if { var(txn.host) -m beg canary }
rspadd Content-Security-Policy:\ default-src\ \'self\';
option httpchk GET /-/health HTTP/1.1\r\nHost:\ gitlab.com
server web-cny-01.stg.gitlab.com 127.0.0.1:443 check check-ssl inter 2s fastinter 1s downinter 5s fall 3 ssl verify none
server web-cny-01.stg.gitlab.com 127.0.0.1:443 check check-ssl inter 3s fastinter 1s downinter 5s fall 3 ssl verify none
backend canary_https_git
mode http
......@@ -334,7 +341,7 @@ backend canary_https_git
option splice-auto
timeout server-fin 5s
option httpchk GET /-/health HTTP/1.1\r\nHost:\ gitlab.com
server git-cny-01.stg.gitlab.com 127.0.0.1:443 check check-ssl inter 2s fastinter 1s downinter 5s fall 3 ssl verify none
server git-cny-01.stg.gitlab.com 127.0.0.1:443 check check-ssl inter 3s fastinter 1s downinter 5s fall 3 ssl verify none
backend canary_api
mode http
......@@ -343,7 +350,7 @@ backend canary_api
option splice-auto
timeout server-fin 5s
option httpchk GET /-/health HTTP/1.1\r\nHost:\ gitlab.com
server api-cny-01.stg.gitlab.com 127.0.0.1:443 check check-ssl inter 2s fastinter 1s downinter 5s fall 3 ssl verify none
server api-cny-01.stg.gitlab.com 127.0.0.1:443 check check-ssl inter 3s fastinter 1s downinter 5s fall 3 ssl verify none
backend ssh
mode tcp
......@@ -356,7 +363,8 @@ backend ssh
# if rails isn't running and they're both running on the same host.
# We need to change this when we split rails to a separate cluster.
option httpchk GET /-/health HTTP/1.1\r\nHost:\ gitlab.com
server git01.stg.gitlab.com 127.0.0.1:22 check check-ssl port 443 verify none inter 2s fastinter 1s downinter 5s fall 3
server git01.stg.gitlab.com 127.0.0.1:22 weight 100 check check-ssl port 443 verify none inter 3s fastinter 1s downinter 5s fall 3
server git-cny-01.stg.gitlab.com 127.0.0.1:22 weight 0 check check-ssl port 443 verify none inter 3s fastinter 1s downinter 5s fall 3 check-ssl verify none
backend websockets
mode http
......@@ -366,7 +374,8 @@ backend websockets
timeout tunnel 8s
cookie _gitlab_session prefix nocache
option httpchk GET /-/health HTTP/1.1\r\nHost:\ gitlab.com
server web01.stg.gitlab.com 127.0.0.1:443 check check-ssl inter 2s fastinter 1s downinter 5s fall 3 ssl verify none cookie web01.stg.gitlab.com
server web01.stg.gitlab.com 127.0.0.1:443 weight 100 check check-ssl inter 3s fastinter 1s downinter 5s fall 3 ssl verify none cookie web01.stg.gitlab.com
server web-cny-01.stg.gitlab.com 127.0.0.1:443 weight 0 check check-ssl inter 3s fastinter 1s downinter 5s fall 3 ssl verify none cookie web-cny-01.stg.gitlab.com
backend 429_slow_down
mode http
......
......@@ -111,7 +111,7 @@ backend pages_http
option forwardfor
option splice-auto
option httpchk GET /-/readiness HTTP/1.1\r\nHost:\ gitlab.com
server web01.stg.gitlab.com 127.0.0.1:1080 check inter 2s fastinter 1s downinter 5s fall 3
server web01.stg.gitlab.com 127.0.0.1:1080 check inter 3s fastinter 1s downinter 5s fall 3
backend pages_https
mode tcp
......@@ -119,4 +119,4 @@ backend pages_https
balance source
hash-type consistent
option httpchk GET /-/readiness HTTP/1.1\r\nHost:\ gitlab.com
server web01.stg.gitlab.com 127.0.0.1:1443 check inter 2s fastinter 1s downinter 5s fall 3 port 1080
server web01.stg.gitlab.com 127.0.0.1:1443 check inter 3s fastinter 1s downinter 5s fall 3 port 1080
......@@ -107,7 +107,7 @@ backend pages_http
option forwardfor
option splice-auto
option httpchk GET /-/readiness HTTP/1.1\r\nHost:\ gitlab.com
server web01.stg.gitlab.com 127.0.0.1:1080 check inter 2s fastinter 1s downinter 5s fall 3
server web01.stg.gitlab.com 127.0.0.1:1080 check inter 3s fastinter 1s downinter 5s fall 3
backend pages_https
mode tcp
......@@ -115,4 +115,4 @@ backend pages_https
balance source
hash-type consistent
option httpchk GET /-/readiness HTTP/1.1\r\nHost:\ gitlab.com
server web01.stg.gitlab.com 127.0.0.1:1443 check inter 2s fastinter 1s downinter 5s fall 3 port 1080
server web01.stg.gitlab.com 127.0.0.1:1443 check inter 3s fastinter 1s downinter 5s fall 3 port 1080
......@@ -146,7 +146,7 @@ backend registry
option splice-auto
timeout server-fin 5s
option httpchk GET /debug/health HTTP/1.1\r\nHost:\ registry.gitlab.com
server registry-01-sv-gstg registry-01-sv-gstg.c.gitlab-staging-1.internal:5000 check inter 2s fastinter 1s downinter 5s fall 3 port 5001
server registry-01-sv-gstg registry-01-sv-gstg.c.gitlab-staging-1.internal:5000 weight 100 check inter 2s fastinter 1s downinter 5s fall 3 port 5001
backend canary_registry
mode http
......
......@@ -386,7 +386,7 @@ describe 'gitlab-haproxy::frontend' do
}
)
expect(chef_run).to render_file('/etc/haproxy/haproxy.cfg').with_content { |content|
expect(content).to include('server web-cny-01.stg.gitlab.com 127.0.0.1:443 check check-ssl inter 2s fastinter 1s downinter 5s fall 3 ssl verify none backup')
expect(content).to include('server web-cny-01.stg.gitlab.com 127.0.0.1:443 check check-ssl inter 3s fastinter 1s downinter 5s fall 3 ssl verify none backup')
}
expect(chef_run.template('/etc/haproxy/haproxy.cfg')).to notify('execute[test-haproxy-config]').to(:run).delayed
end
......@@ -480,7 +480,7 @@ describe 'gitlab-haproxy::frontend' do
it 'enables tcp check for web' do
expect(chef_run).to render_file('/etc/haproxy/haproxy.cfg').with_content { |content|
expect(content).to include('server git01.stg.gitlab.com 127.0.0.1:22 check check-ssl port 443 verify none inter 2s fastinter 1s downinter 5s fall 3 check-ssl verify none')
expect(content).to include('server git01.stg.gitlab.com 127.0.0.1:22 weight 100 check check-ssl port 443 verify none inter 3s fastinter 1s downinter 5s fall 3 check-ssl verify none')
expect(content.scan(tcp_check).size).to eq(8)
}
end
......
......@@ -54,10 +54,10 @@ defaults
load-server-state-from-file global
<% end %>
<% if node['gitlab-haproxy']['close_client_connections'] %>
# This configuration makes sure, the backend thinks it's a keep-alive connection, to avoid erratic behaviour
# But closes the connection to the clients. This is used as a workaround for Cloudflare connection ratelimits.
option http-pretend-keepalive
option forceclose
# This configuration makes sure, the backend thinks it's a keep-alive connection, to avoid erratic behaviour
# But closes the connection to the clients. This is used as a workaround for Cloudflare connection ratelimits.
option http-pretend-keepalive
option forceclose
<% end %>
listen stats
......
......@@ -41,12 +41,10 @@ control 'haproxy-config-checks' do
its('content') { should match /use_backend ci_api if is_ci_api_get is_api_get_method/ }
its('content') { should match /use_backend ci_https_git if is_https_git is_git_method/ }
its('content') { should match /default_backend return_403/ }
its('content') { should match /server canary.api01.gitlab.com 127.0.0.1:443 check check-ssl inter 2s fastinter 1s downinter 5s fall 3 port 5001 ssl verify none/ }
its('content') { should match /server canary.api01.gitlab.com 127.0.0.1:443 weight 0 check check-ssl inter 2s fastinter 1s downinter 5s fall 3 port 5001 ssl verify none/ }
its('content') { should match /server api01.gitlab.com 127.0.0.1:443 weight 100 check check-ssl inter 2s fastinter 1s downinter 5s fall 3 port 5001 ssl verify none/ }
its('content') { should match /server canary.api01.gitlab.com 127.0.0.1:443 check check-ssl inter 2s fastinter 1s downinter 5s fall 3 port 5001 ssl verify none/ }
its('content') { should match /server canary.api01.gitlab.com 127.0.0.1:443 weight 0 check check-ssl inter 2s fastinter 1s downinter 5s fall 3 port 5001 ssl verify none/ }
its('content') { should match /server git01.gitlab.com 127.0.0.1:443 weight 100 check check-ssl inter 2s fastinter 1s downinter 5s fall 3 port 5001 ssl verify none/ }
its('content') { should match /server canary.api01.gitlab.com 127.0.0.1:443 weight 0 check check-ssl inter 3s fastinter 1s downinter 5s fall 3 ssl verify none/ }
its('content') { should match /server api01.gitlab.com 127.0.0.1:443 weight 100 check check-ssl inter 3s fastinter 1s downinter 5s fall 3 ssl verify none/ }
its('content') { should match /server canary.api01.gitlab.com 127.0.0.1:443 weight 0 check check-ssl inter 3s fastinter 1s downinter 5s fall 3 ssl verify none/ }
its('content') { should match /server git01.gitlab.com 127.0.0.1:443 weight 100 check check-ssl inter 3s fastinter 1s downinter 5s fall 3 ssl verify none/ }
end
describe file('/etc/haproxy/blacklist-uris.lst') do
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment