Prioritize backends using an ACL during selection#138
Prioritize backends using an ACL during selection#138thomasklinger1234 wants to merge 4 commits intonigoroll:masterfrom
Conversation
Extends the VMOD interface for directors with a new optional ACL "prefer". This ACL can be used to prioritize certain IPs or ranges upon backend selection later. In this step, the VMOD interface is extended and dynamic_refs are marked with a "prefer" field based on the result of VRT_acl_match.
varnishadm backend.list in JSON mode now prints if a backend is preferred or not.
Introduce a new dom_find variant that runs in two passes: 1. Check for a healthy dynamic_ref 2. Check for an alternative healthy AND preferred dynamic_ref The new variant of dom_find introduces some internal changes: - use VTAILQ_FOREACH instead of the do/while loop for easy iteration - currently, dom->current is updated in dom_find instead of dom_resolve (might need to updated later to prevent misusage) - dom->current is used as the primary iterator instead of a separate start parameter A follow up patch needs to add a new VTC test and change the name back to dom_find OR keep dom_find in place and switch if "preferred" has been set
| /* find a healthy dynamic_ref */ | ||
|
|
||
| static struct dynamic_ref * | ||
| dom_find(VRT_CTX, struct dynamic_domain *dom, struct dynamic_ref *start, |
There was a problem hiding this comment.
Honestly, I tried to keep the function as is but did not find a good way to easily integrate backend selection flow for preferred with the existing implementation. If there is a better way, I am open to refactor!
| if (VTAILQ_EMPTY(&dom->refs)) | ||
| return (NULL); | ||
|
|
||
| r = dom->current == NULL ? VTAILQ_FIRST(&dom->refs) : VTAILQ_NEXT(dom->current, list); |
There was a problem hiding this comment.
dom->current is not heavily used for iteration. This is probably not the best way
| VCL_BOOL *healthy, VCL_TIME *changed, unsigned wait) | ||
| { | ||
| struct dynamic_ref *next, *alt; | ||
| dom_find_v2(VRT_CTX, struct dynamic_domain *dom, VCL_BOOL *healthy, VCL_TIME *changed, unsigned wait) { |
There was a problem hiding this comment.
Should be renamed to dom_find
| unsigned magic; | ||
| #define DYNAMIC_REF_MAGIC 0x79a19d81 | ||
| unsigned keep; | ||
| unsigned preferred; |
There was a problem hiding this comment.
Could this be extended to something like score or priority? In general, the task at hand is a special scoring problem. This would match the way that HAProxy implements their prefer-ipv6 feature.
|
Currently in draft for discussion, feedback and verification. My tests show good and correct results but I have not tested edge cases yet. The VCL i have used is |
|
@thomasklinger1234 I do very much appreciate your efforts, thank you. Incidentally I have now come back to this topic and would like to try an idea: Generalize this a bit and try to reuse the service code. |
2 participants
Summary
This PR aims to serve as a discussion point for #132.
The VCL interface for directory is extended with a new
ACL preferparameter that - if set - will prioritize backends matching this ACL during resolution. The idea is to implement use cases such as "prefer IPv6" or "prefer nearest datacenter".Contrary to
whitelist, thepreferparameter will only be active during theresolvemethod in the director and does not filter out backends. This is important in particular forvarnishadm backend.listwhich still shows all backends available. If there are not matches for the preferred ACL, the existing logic applies.Notable changes
preferparameter todynamic.director(...)varnishadm backend.list -j -pJSON output with thepreferredfielddynamic_refinstances have a markerpreferreddom_findhas been updatedOpen topics