Make haproxy maxconn configurable

[pecameron]

The haproxy max_conn (maximum connnections) is by default 2000. This
change make that configurable through the
oadm router --max-connections= option when creating a router and through
changing the ROUTER_MAX_CONNECTIONS environment variable in an existing
router.

bug 1405440
https://bugzilla.redhat.com/show_bug.cgi?id=1405440

[pecameron]

@knobunc PTAL

[knobunc]

[test]

[knobunc]

LGTM

[pecameron]

[test]

[jeremyeder]

awesome, thank you very much for this. /cc @jmencak

[pecameron]

@ncdc @knobunc and I have looked at this test failure and can't find the cause. Would you be willing to take a look?

[ncdc]

@pecameron @knobunc do you mean why this failed?

Running test/end-to-end/core.sh:505: executing 'curl --max-time 2 --fail --silent 'http://172.18.13.218:1936/healthz'' expecting success; re-trying every 0.2s until completion or 300.000s...
FAILURE after 299.792s: test/end-to-end/core.sh:505: executing 'curl --max-time 2 --fail --silent 'http://172.18.13.218:1936/healthz'' expecting success; re-trying every 0.2s until completion or 300.000s: the command timed out
Standard output from the command:
Standard error from the command:
[ERROR] PID 17693: hack/lib/cmd.sh:532: `return "${return_code}"` exited with status 1.
[INFO] 		Stack Trace: 
[INFO] 		  1: hack/lib/cmd.sh:532: `return "${return_code}"`
[INFO] 		  2: test/end-to-end/core.sh:505: os::cmd::try_until_success
[INFO]   Exiting with code 1.
[ERROR] PID 16421: hack/test-end-to-end-docker.sh:91: `${OS_ROOT}/test/end-to-end/core.sh` exited with status 1.

[pecameron]

@ncdc Yes that is the issue. It has happened twice so far.

[ncdc]

The origin container log indicates the pod wasn't healthy. I'd recommend you dig in there to see if you can find out why.

[pecameron]

@ndnc @knobunc @ramr The pod is the haproxy router. I have made a change in the template and resulting config file (added maxconn 20000). The changes work on my lab machines but not here. Do you know if port 1936 is open in iptables (healthz uses it)? Also, do you know where the router is set up? Is there a dump of the environment variables in one of the log files? We have looked at the usual suspects and can't get to the bottom of this.

[ncdc]

Spin up a devenv in EC2 and test it there? You should be able to do whatever sort of debugging you want in that env.

…

On Tue, Jan 31, 2017 at 2:37 PM, Phil Cameron ***@***.***> wrote: @ndnc @knobunc <https://github.com/knobunc> @ramr <https://github.com/ramr> The pod is the haproxy router. I have made a change in the template and resulting config file (added maxconn 20000). The changes work on my lab machines but not here. Do you know if port 1936 is open in iptables (healthz uses it)? Also, do you know where the router is set up? Is there a dump of the environment variables in one of the log files? We have looked at the usual suspects and can't get to the bottom of this. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#12716 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAABYqSyaKfdY-Ku7ci__qJtwa_Ekgsfks5rX41ygaJpZM4LxxDr> .

[pecameron]

[test]

[pecameron]

@ramr @knobunc @rajatchopra I need some help with this. I added maxconn 20000 to the haproxy config file in the global and default sections (where the commented maxconn 4096 was coded) and the tests fail the same way in the same spot. When I remove the maxcon 20000 the tests pass. I can't find out what is causing the failure. Do any of you have any idea what is happening? I am trying to get this reproduced on a EC2 cluster but no luck yet. This works on my lab cluster so I think it has something to do with EC2.

Thanks!
phil

[rajatchopra]

@pecameron Likely a sysctl limit.
Check 'sysctl fs.nr_open' and 'sysctl fs.file-max'. They should be sufficient to allow a maxconn of 20000, so say 1m at least. Check with the dev machine where the tests seem to pass.

[pecameron]

@rajatchopra Thanks. @ncdc how can we find the limits for 'sysctl fs.nr_open' and 'sysctl fs.file-max' on the test system? Is it in one of the log files?

[ramr]

LGTM

[pecameron]

@openshift/cli-review - new ipfailover option --max-connections PTAL
Also, openshift-docs PR 3609

[pecameron]

[test]

[knobunc]

This will break existing routers... please make the default 2k as well.

[smarterclayton]

Why would it break existing routers?

[smarterclayton]

Also, while supporting this is ok for now, I don't think this is a value that should be hardcoded in the long run. The router ultimately needs to make a determination about how many connections to allow based on other factors. Arbitrary constants that don't work for every cluster are a recipe for a break at the worst time.

[knobunc]

At the time I made the comment, the theory about why the tests were breaking was that the AWS file handle limits were not allowing 200k. We had dropped everything to 2k in oadm, so this was defaulting the existing routers to a higher number.

We found that the AWS limit was huge and not causing the problem (rather it was a default coming from 'oc cluster up' that was not set, so setting maxconns to 0). So this comment is stale.

[jeremyeder]

@smarterclayton a maxconns=auto type thing would be an RFE against haproxy. The idea makes sense to me, I wonder if it's been discussed upstream before.

Edit:

From the docs: http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#maxconn

This is new in 1.7:

snip:

If this value is not set, it will default to the value
set in DEFAULT_MAXCONN at build time (reported in haproxy -vv) if no memory
limit is enforced, or will be computed based on the memory limit, the buffer
size, memory allocated to compression, SSL cache size, and use or not of SSL
and the associated maxsslconn (which can also be automatic).```

[knobunc]

Same

[knobunc]

@openshift/cli-review PTAL

[pecameron]

@knobunc fix worked. Anything else needed before merge?

[knobunc]

I thought about this more last night and I think this is the wrong approach. I think we make a maxconns of 0 mean 'use the default'. It makes no sense for 0 to be set ever. So let's not change this file, but handle it down below in router.go.

[knobunc]

And let's go back to 20,000 since the problem was not the 2000

[pecameron]

@knobunc OK changing default to 20000. --max-connections=0 changed to default (20000)

[knobunc]

20000 please

[knobunc]

same

[pecameron]

@knobunc fixed

[smarterclayton]

Don't set a default on the client - the router should set that, not here. The default value here should be ""

[smarterclayton]

Basically, client code that has server side components should never impose defaults - the server should do that. Same as with validation. Client side API logic is not appropriate.

[pecameron]

@smarterclayton changes are in PTAL
Is there anything else you would like changed?

[smarterclayton]

I don't think Default 20000 is appropriate - that's only the default for newer images that we provide.

[pecameron]

@smarterclayton @knobunc this has in successive commits been 2000, then 20000, then 2000, then 20000 (literally!)
The way this is set up, everyone that runs the 3.5 image will get 20000, unless otherwise specified. If they haven't bumped into the 2000 limit in 3.4 they will not notice the increased headroom.

[pecameron]

On 02/03/2017 05:23 PM, Clayton Coleman wrote: ***@***.**** commented on this pull request. ------------------------------------------------------------------------ In images/router/haproxy/conf/haproxy-config.template <#12716>: > @@ -6,7 +6,8 @@ {{ define "/var/lib/haproxy/conf/haproxy.config" }} {{ $workingDir := .WorkingDir }} global - # maxconn 4096 + maxconn {{env "ROUTER_MAX_CONNECTIONS" "20000"}} Why would it break existing routers? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#12716>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ANUgekIMG9rN7u-CBkmJjRmdGV88H3w_ks5rY6jigaJpZM4LxxDr>.

Not sure what you mean here. This just allows for more connections. It doesn't break anything. The default of 2000 is really too low for todays servers.

[pecameron]

On 02/03/2017 05:24 PM, Clayton Coleman wrote: ***@***.**** commented on this pull request. ------------------------------------------------------------------------ In images/router/haproxy/conf/haproxy-config.template <#12716>: > @@ -6,7 +6,8 @@ {{ define "/var/lib/haproxy/conf/haproxy.config" }} {{ $workingDir := .WorkingDir }} global - # maxconn 4096 + maxconn {{env "ROUTER_MAX_CONNECTIONS" "20000"}} Also, while supporting this is ok for now, I don't think this is a value that should be hardcoded in the long run. The router ultimately needs to make a determination about how many connections to allow based on other factors. Arbitrary constants that don't work for /every/ cluster are a recipe for a break at the worst time. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#12716>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ANUgevqln6rEk8Wyrfaocy2FRvnLWMyoks5rY6kZgaJpZM4LxxDr>.

The value of 2000 is hard coded in haproxy. It is really too low.

[openshift-bot]

Evaluated for origin test up to 119f9b1

[knobunc]

@smarterclayton would you like to take another pass? Now 'oadm router' only sets the maxconns environment variable if passed. The template default (when the env is not set) is 20,000.

[openshift-bot]

continuous-integration/openshift-jenkins/test SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/13616/) (Base Commit: 6f30f7e)

[knobunc]

[merge]

[openshift-bot]

Evaluated for origin merge up to 119f9b1

[smarterclayton]

changes LGTM

[openshift-bot]

continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/13641/) (Base Commit: c955745) (Image: devenv-rhel7_5865)

[louyihua]

My opinion, it is good to make haproxy's maxconn configurable.
But, I don't think just increasing the default value is a good way to solve the bug.
Instead, since haproxy cannot distinguish a normal request and a stats request, it may be better to use antoher way to probe pod's liveness (for example, a shell script) rather than using the HTTP get method.

[jeremyeder]

@louyihua agreed that this is only one approach to the actual fix. We did propose a different method of probing using scripts and connecting to the haproxy socket, but I think @smarterclayton thought this was fragile? We have it working, and it does solve the situation.

Anyway it looks like in newer versions of haproxy there is a way to make maxconn dynamic. That needs investigation (I just dug it up yesterday), and seems like the right way to go.

Plus, as of 3.4 we have an easy way for users to overwrite the haproxy config using a configmap. And then you also have this PR, which makes maxconn configurable at the time of deployment.

The change from 2000->20000 brings haproxy config in-line with how it's deployed in Red Hat's OpenStack product. It also is as I said, a safe default for us to improve OOTB experience of OCP for a large swath of customers (2000 is very, very easy to hit).

We posed our situation to the upstream list; discussed here: https://www.mail-archive.com/[email protected]/msg24553.html

I'll go on-record one last time about this. I think access to the healthz endpoint should not be counted against maxconn.