Merge pull request #20475 from pravisankar/egress-dns-router-backend-ha

openshift-merge-robot · web-flow · commit 23b769751e57 · 2018-08-24T13:50:43.000-07:00
Egress DNS proxy router: Allow load distribution when domain resolves to multiple IP addrs
diff --git a/images/egress/dns-proxy/egress-dns-proxy.sh b/images/egress/dns-proxy/egress-dns-proxy.sh
@@ -15,6 +15,9 @@ IPADDR_REGEX="[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+"
 PORT_REGEX="[[:digit:]]+"
 DOMAINNAME_REGEX="[[:alnum:]][[:alnum:]-]+?\.[[:alnum:].-]+"
 
+# Fetch nameservers from /etc/resolv.conf
+declare -a NAMESERVERS=($(awk '/^nameserver/ {print $2}' /etc/resolv.conf))
+
 function die() {
     echo "$*" 1>&2
     exit 1
@@ -64,11 +67,8 @@ defaults
 function generate_dns_resolvers() {
     echo "resolvers dns-resolver"
 
-    # Fetch nameservers from /etc/resolv.conf
-    nameservers=()
-    nameservers=$(awk '/^nameserver/ {print $2}' /etc/resolv.conf)
     n=0
-    for ns in ${nameservers[@]}; do
+    for ns in "${NAMESERVERS[@]}"; do
         n=$(($n + 1))
         echo "    nameserver ns$n ${ns}:${NS_PORT}"
     done
@@ -80,12 +80,31 @@ function generate_dns_resolvers() {
     echo ""
 }
 
+function get_num_servers() {
+    local domain=$1
+
+    if [[ "${EGRESS_DNS_PROXY_MODE:-}" == "unit-test" ]]; then
+        echo "${DNS_SERVERS[${domain}]:-1}"
+        return
+    fi
+
+    declare -A servers=()
+    for ns in "${NAMESERVERS[@]}"; do
+        local output=$( dig +noall +answer a "${domain}" @"${ns}" | awk '{ print $5 }' )
+        for ip in $output; do
+            servers[${ip}]=1
+        done
+    done
+    echo "${#servers[@]}"
+}
+
 function generate_haproxy_frontends_backends() {
     local n=0
     declare -A used_ports=()
 
     while read dest; do
         local port target targetport resolvers
+        local num_servers=1
 
         if [[ "${dest}" =~ ^${BLANK_LINE_OR_COMMENT_REGEX}$ ]]; then
             continue
@@ -102,9 +121,11 @@ function generate_haproxy_frontends_backends() {
             read port target <<< "${dest}"
             targetport="${port}"
             resolvers="resolvers dns-resolver resolve-prefer ipv4"
+            num_servers=$( get_num_servers "${target}" )
         elif [[ "${dest}" =~ ^${PORT_REGEX}\ +${DOMAINNAME_REGEX}\ +${PORT_REGEX}$ ]]; then
             read port target targetport <<< "${dest}"
             resolvers="resolvers dns-resolver resolve-prefer ipv4"
+            num_servers=$( get_num_servers "${target}" )
         else
             die "Bad destination '${dest}'"
         fi
@@ -118,13 +139,20 @@ function generate_haproxy_frontends_backends() {
             die "Proxy port $port already used, must be unique for each destination"
         fi
 
+        local server_str=""
+        if [[ "${num_servers}" -gt "1" ]]; then
+            server_str="server-template dest ${num_servers}"
+        else
+            server_str="server dest1"
+        fi
+
         echo "
 frontend fe$n
     bind :${port}
     default_backend be$n
 
 backend be$n
-    server dest$n ${target}:${targetport} check $resolvers
+    ${server_str} ${target}:${targetport} check $resolvers
 "
     done <<< "${EGRESS_DNS_PROXY_DESTINATION}"
 }
@@ -170,6 +198,19 @@ function run() {
  }
 
 if [[ "${EGRESS_DNS_PROXY_MODE:-}" == "unit-test" ]]; then
+
+    declare -A DNS_SERVERS=()
+    if [[ "${EGRESS_DNS_SERVERS:-}" != "" ]]; then
+        servers=(${EGRESS_DNS_SERVERS//;/ })
+        for server in "${servers[@]}"; do
+            si=(${server//:/ })
+            if [[ "${#si[@]}" -ne "2" ]]; then
+                die "Invalid server entry in EGRESS_DNS_SERVERS: ${server}"
+            fi
+            DNS_SERVERS[${si[0]}]=${si[1]}
+        done
+    fi
+
     check_prereqs
     setup_haproxy_config
     exit 0
diff --git a/images/egress/dns-proxy/egress_dns_proxy_test.go b/images/egress/dns-proxy/egress_dns_proxy_test.go
@@ -13,6 +13,7 @@ func TestHAProxyFrontendBackendConf(t *testing.T) {
 		dest      string
 		frontends []string
 		backends  []string
+		dnsMap    map[string]int
 	}{
 		// Single destination IP
 		{
@@ -39,7 +40,7 @@ frontend fe2
 backend be1
     server dest1 11.12.13.14:80 check`, `
 backend be2
-    server dest2 21.22.23.24:100 check`},
+    server dest1 21.22.23.24:100 check`},
 		},
 		// Single destination domain name
 		{
@@ -51,6 +52,9 @@ frontend fe1
 			backends: []string{`
 backend be1
     server dest1 example.com:80 check resolvers dns-resolver`},
+			dnsMap: map[string]int{
+				"example.com": 1,
+			},
 		},
 		// Multiple destination domain names
 		{
@@ -66,7 +70,11 @@ frontend fe2
 backend be1
     server dest1 example.com:80 check resolvers dns-resolver`, `
 backend be2
-    server dest2 foo.com:100 check resolvers dns-resolver`},
+    server dest1 foo.com:100 check resolvers dns-resolver`},
+			dnsMap: map[string]int{
+				"example.com": 1,
+				"foo.com":     1,
+			},
 		},
 		// Destination IP and destination domain name
 		{
@@ -82,7 +90,10 @@ frontend fe2
 backend be1
     server dest1 11.12.13.14:80 check`, `
 backend be2
-    server dest2 example.com:100 check resolvers dns-resolver`},
+    server dest1 example.com:100 check resolvers dns-resolver`},
+			dnsMap: map[string]int{
+				"example.com": 1,
+			},
 		},
 		// Destination with comments and blank lines
 		{
@@ -111,18 +122,80 @@ frontend fe2
 backend be1
     server dest1 11.12.13.14:80 check`, `
 backend be2
-    server dest2 example.com:100 check resolvers dns-resolver`},
+    server dest1 example.com:100 check resolvers dns-resolver`},
+			dnsMap: map[string]int{
+				"example.com": 1,
+			},
+		},
+		// Destination domain name with multiple backends
+		{
+			dest: `
+# Port 8080 forwards to port 100 on example.com
+8080 example.com 100
+`,
+			frontends: []string{`
+frontend fe1
+    bind :8080
+    default_backend be1`},
+			backends: []string{`
+backend be1
+    server-template dest 3 example.com:100 check resolvers dns-resolver`},
+			dnsMap: map[string]int{
+				"example.com": 3,
+			},
+		},
+		// Destination IP and Destination domain name with single and multiple backends
+		{
+			dest: `
+80 11.12.13.14
+9000 foo.com 200
+8080 example.com 100
+8081 bar.com 100
+`,
+			frontends: []string{`
+frontend fe1
+    bind :80
+    default_backend be1`, `
+frontend fe2
+    bind :9000
+    default_backend be2`, `
+frontend fe3
+    bind :8080
+    default_backend be3`, `
+frontend fe4
+    bind :8081
+    default_backend be4`},
+			backends: []string{`
+backend be1
+    server dest1 11.12.13.14:80 check`, `
+backend be2
+    server-template dest 2 foo.com:200 check resolvers dns-resolver`, `
+backend be3
+    server dest1 example.com:100 check resolvers dns-resolver`, `
+backend be4
+    server dest1 bar.com:100 check resolvers dns-resolver`},
+			dnsMap: map[string]int{
+				"foo.com":     2,
+				"example.com": 1,
+				"bar.com":     1,
+			},
 		},
 	}
 
 	frontendRegex := regexp.MustCompile("\nfrontend ")
 	backendRegex := regexp.MustCompile("\nbackend ")
 
 	for n, test := range tests {
+		servers := ""
+		for domain, numServers := range test.dnsMap {
+			servers += fmt.Sprintf("%s:%d;", domain, numServers)
+		}
+
 		cmd := exec.Command("./egress-dns-proxy.sh")
 		cmd.Env = []string{
 			fmt.Sprintf("EGRESS_DNS_PROXY_DESTINATION=%s", test.dest),
 			fmt.Sprintf("EGRESS_DNS_PROXY_MODE=unit-test"),
+			fmt.Sprintf("EGRESS_DNS_SERVERS=%s", servers),
 		}
 		outBytes, err := cmd.CombinedOutput()
 		if err != nil {
