diff --git a/CHANGELOG.md b/CHANGELOG.md index 673598b..27c6580 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,10 @@ `porter` is [semantically versioned](http://semver.org/spec/v2.0.0.html) +### v4.9.0 + +- HAProxy `maxconn` is configurable +- fixed issue where `maxconn` wasn't set on the frontend + ### v4.8.3 - enabling fix for volume mounts on SELinux by setting the environment variable `VOLUME_FLAG` diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index 11f1c0f..28637ef 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -2,6 +2,12 @@ See the [CHANGELOG](CHANGELOG.md) for a complete list of changes. `porter` is [semantically versioned](http://semver.org/spec/v2.0.0.html) +v4.9 +==== + +HAProxy's [`maxconn`](docs/detailed_design/config-reference.md#maxconn) +is now configurable. + v4.8 ==== diff --git a/commands/host/haproxy.go b/commands/host/haproxy.go index 5db2a56..587d818 100644 --- a/commands/host/haproxy.go +++ b/commands/host/haproxy.go @@ -52,6 +52,7 @@ type ( ResHeaderCaptures []conf.HeaderCapture HTTPS_Redirect bool HaveELB bool + MaxConn uint64 TimeoutClient uint64 TimeoutServer uint64 @@ -225,6 +226,7 @@ func hotswap(log log15.Logger, environmentStr, regionStr string, hapStdin HAPStd ResHeaderCaptures: environment.HAProxy.ResHeaderCaptures, HTTPS_Redirect: environment.HAProxy.SSL.HTTPS_Redirect, HaveELB: region.HasELB(), + MaxConn: environment.HAProxy.MaxConn, TimeoutClient: uint64(environment.HAProxy.Timeout.Client_.Seconds() * 1000), TimeoutServer: uint64(environment.HAProxy.Timeout.Server_.Seconds() * 1000), TimeoutTunnel: uint64(environment.HAProxy.Timeout.Tunnel_.Seconds() * 1000), diff --git a/conf/conf.go b/conf/conf.go index 493bf32..c7041fd 100644 --- a/conf/conf.go +++ b/conf/conf.go @@ -124,6 +124,7 @@ type ( CompressTypes []string `yaml:"compress_types"` SSL SSL `yaml:"ssl"` Timeout Timeout `yaml:"timeout"` + MaxConn uint64 `yaml:"maxconn"` } Timeout struct { @@ -267,6 +268,10 @@ func (recv *Config) SetDefaults() { env.HAProxy.SSL.CertDirectory = "/etc/ssl/certs/" } + if env.HAProxy.MaxConn == 0 { + env.HAProxy.MaxConn = 200000 + } + if env.HAProxy.Timeout.Client == nil || *env.HAProxy.Timeout.Client == "" { env.HAProxy.Timeout.Client = new(string) *env.HAProxy.Timeout.Client = "7s" diff --git a/docs/detailed_design/config-reference.md b/docs/detailed_design/config-reference.md index 49cde89..5865310 100644 --- a/docs/detailed_design/config-reference.md +++ b/docs/detailed_design/config-reference.md @@ -28,6 +28,7 @@ For each field the following notation is used - [compression](#compression) (==1?) - [compress_types](#compress_types) (==1?) - [timeout](#timeout) + - [maxconn](#maxconn) (==1?) - [ssl](#ssl) (==1?) - [cert_directory](#cert_directory) (==1?) - [pem](#pem) (==?!) @@ -356,6 +357,13 @@ Disable any timeout by setting the value to `0` Refer to the [HAProxy docs](https://cbonte.github.io/haproxy-dconv/1.5/configuration.html#4.2-timeout%20client) for what these timeouts mean +### maxconn + +[`maxconn`](https://cbonte.github.io/haproxy-dconv/1.5/configuration.html#4-maxconn) +docs. This sets `maxconn` in the global and defaults sections. + +Default: `200000` + ### ssl SSL support via HAProxy diff --git a/files/haproxy.cfg b/files/haproxy.cfg index fe918f5..c71af3f 100644 --- a/files/haproxy.cfg +++ b/files/haproxy.cfg @@ -6,8 +6,7 @@ global daemon # NOTE: this only sets ulimit, not 'sysctl fs.file-max' which may need tuned - # TODO calculate this - maxconn 200000 + maxconn {{ .MaxConn }} defaults log global @@ -20,6 +19,7 @@ defaults {{- end }} retries 3 option redispatch + maxconn {{ .MaxConn }} # Time to connect to backends # N * 3 + 1 where N=4 was chosen based on load testing