[RFC] V2.1.1: support HAProxy PROXY protocol V1 on MySQL frontends #2971
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Automated message: PR pending admin approval for build testing |
noahwilliamsson
force-pushed
the
haproxy-proxy-protocol
branch
2 times, most recently
from
88c4619
to
612fb1b
Compare
This adds basic support for the HAProxy PROXY protocol V1 on MySQL frontend client connections. This allows the true client IP to be seen in the output of `SHOW FULL PROCESSLIST` in ProxySQL's admin frontend when the ProxySQL servers sit behind a load balancer such as HAProxy or AWS classic ELBs with the PROXY protocol feature enabled. I believe this should resolve sysown#2497 (Support for proxy_protocol for proxysql behind aws load balancer). The patch adds a Proxy_Protocol class which handles: - parsing of PROXY protocol headers (only the V1 header supported for now) - matching client IPs against a list of configured network CIDRs A new option, `proxy_protocol_frontend_nets` (list of network CIDRs), is introduced to allow the PROXY protocol feature to be selectively turned on for specific subnets where e.g. load balancers are running. This is similar to how the PROXY protocol is implemented in MariaDB. This variable can be set either in the config file or via the ProxySQL Admin interface. Configuration file example: mysql_variables= { ... proxy_protocol_frontend_nets="10.42.0.0/28 127.10.0.0/16" ... } ProxySQL Admin interface example: UPDATE global_variables SET variable_value="192.168.42.0/24" WHERE variable_name="mysql-proxy_protocol_frontend_nets"; LOAD MYSQL VARIABLES TO RUNTIME; The network CIDRs are stored as a thread-local variable in the MySQL_Thread class. It's only updated by MySQL_Thread::refresh_variables(). A new MySQL Data Stream state (DSS), `STATE_PROXY_PROTOCOL`, is introduced to handle the initial parsing of the PROXY protocol header. Once this has completed, the state is reset back to `STATE_SERVER_HANDSHAKE`. The patch hooks into the MySQL_Thread's main loop where `accept()` is called to handle incoming connections. Next, the actual parsing of the PROXY protocol header is invoked from the `MySQL_Data_Stream::read_pkts()` method, which is also called from MySQL_Thread's main loop (where incoming data is handled). I've only tested this with a HAProxy configuration block like: listen proxysql-with-proxy bind *:6030 option tcp-check mode tcp timeout server 6h timeout client 6h balance roundrobin server proxysql-backend-1 127.0.0.1:6033 check send-proxy listen proxysql-without-proxy bind *:6031 option tcp-check mode tcp timeout server 6h timeout client 6h balance roundrobin server proxysql-backend-2 192.168.1.123:6033 check
noahwilliamsson
force-pushed
the
haproxy-proxy-protocol
branch
from
612fb1b
to
c3e187c
Compare
noahwilliamsson
changed the title
|
I assume v2.1 is where new development happens so I rebased the changes on top of v2.1.1. |
|
Can one of the admins verify this patch? |
|
Closing since this appears to have been implemented in #4600 and released with ProxySQL v2.7.0: https://github.com/sysown/proxysql/releases/tag/v2.7.0. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds basic support for the HAProxy PROXY protocol V1 on MySQL frontend
client connections. This allows the true client IP to be seen in the output
of
SHOW FULL PROCESSLISTin ProxySQL's admin frontend when the ProxySQLservers sit behind a load balancer such as HAProxy or AWS classic ELBs with
the PROXY protocol feature enabled.
I believe this should resolve #2497 (Support for proxy_protocol for proxysql behind aws load balancer).
The patch adds a Proxy_Protocol class which handles:
A new option,
proxy_protocol_frontend_nets(list of network CIDRs), isintroduced to allow the PROXY protocol feature to be selectively turned on for
specific subnets where e.g. load balancers are running. This is similar to how
the PROXY protocol is implemented in MariaDB.
This variable can be set either in the config file or via the ProxySQL Admin
interface. Configuration file example:
ProxySQL Admin interface example:
The network CIDRs are stored as a thread-local variable in the MySQL_Thread
class. It's only updated by MySQL_Thread::refresh_variables().
A new MySQL Data Stream state (DSS),
STATE_PROXY_PROTOCOL, is introduced tohandle the initial parsing of the PROXY protocol header. Once this has
completed, the state is reset back to
STATE_SERVER_HANDSHAKE.The patch hooks into the MySQL_Thread's main loop where
accept()is calledto handle incoming connections. Next, the actual parsing of the PROXY protocol
header is invoked from the
MySQL_Data_Stream::read_pkts()method, which isalso called from MySQL_Thread's main loop (where incoming data is handled).
I've only tested this with a HAProxy configuration block like:
NOTE: I took the liberty to reindent a block of code in MySQL_Thread.cpp
so please review with whitespace changes hidden.