Bring back caching for container metrics. fix ipv6 with haproxy. Remo…

…ve serverid cookie.
ComputeStacks · Dec 12, 2023 · 1f4bdd4 · 1f4bdd4
1 parent 1caf760
commit 1f4bdd4
Show file tree

Hide file tree

Showing 14 changed files with 71 additions and 22 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,13 @@
 # Change Log
 
+## v9.1.1
+
+* [CHANGE] Add `make_primary` to container domains api.
+* [CHANGE] Add caching to container stats.
+* [CHANGE] Fix haproxy ipv6 support.
+
+***
+
 ## v9.1.0
 
 * [FEATURE] Introduced a new writable metadata endpoint `/db/` to allow for custom images to pass data back to ComputeStack Engines.

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-9.1.0
+9.1.1
diff --git a/app/controllers/api/domains_controller.rb b/app/controllers/api/domains_controller.rb
@@ -37,7 +37,7 @@ def index
   #
   # **OAuth AuthorizationRequired**: `projects_read`
   #
-  # * `domains`: Array
+  # * `domain`: Object
   #     * `id`: Integer
   #     * `domain`: String
   #     * `system_domain`: Boolean
@@ -66,6 +66,7 @@ def show; end
   #     * `le_enabled`: Boolean
   #     * `heder_hsts`: Boolean
   #     * `container_service_id`: Integer
+  #     * `set_primary`: Boolean
   #
   def create
     @domain = current_user.container_domains.new(domain_params)
@@ -124,7 +125,7 @@ def destroy
   private
 
   def domain_params
-    params.require(:domain).permit(:domain, :le_enabled, :ingress_rule_id, :header_hsts)
+    params.require(:domain).permit(:domain, :le_enabled, :ingress_rule_id, :header_hsts, :make_primary)
   end
 
   def load_domain

diff --git a/app/models/concerns/containers/container_metrics.rb b/app/models/concerns/containers/container_metrics.rb
@@ -28,11 +28,14 @@ def metric_all_containers
     ##
     # General
 
-    def stats
-      {
-        cpu: metric_cpu[:cpu],
-        mem: metric_mem_perc
-      }
+    def stats(cached = true)
+      Rails.cache.delete("c_metrics_stats_#{name}") unless cached
+      Rails.cache.fetch("c_metrics_stats_#{name}", expires_in: 10.minutes, skip_nil: true) do
+        {
+          cpu: metric_cpu[:cpu],
+          mem: metric_mem_perc
+        }
+      end
     end
 
     def metric_last_seen

diff --git a/app/models/concerns/network_subnet_manager.rb b/app/models/concerns/network_subnet_manager.rb
@@ -57,7 +57,7 @@ def ensure_no_overlap
     return unless subnet_changed?
     return if region.nil?
     region.networks.each do |n|
-      next unless n.parent_network.nil? # only parent networks
+      next if n.parent_network.nil? # only parent networks
       next if n.id == id # don't look out ourselves
       if n.subnet.include?(subnet) || subnet.include?(n.subnet)
         errors.add :subnet, 'overlaps with an existing network in this availability zone'

diff --git a/app/models/deployment/container_domain.rb b/app/models/deployment/container_domain.rb
@@ -50,7 +50,7 @@ class Deployment::ContainerDomain < ApplicationRecord
   # @return [Array<EventLogDatum>]
   has_many :event_details, through: :event_logs
 
-  attr_accessor :is_sys, :sys_no_reload
+  attr_accessor :is_sys, :sys_no_reload, :make_primary
 
   validates :user, presence: true
   validates :domain, presence: true
@@ -63,6 +63,8 @@ class Deployment::ContainerDomain < ApplicationRecord
 
   after_update :update_le_on_user_change
 
+  after_update :set_primary_domain, if: :make_primary
+
   def csrn
     "csrn:caas:project:domain:#{resource_name}:#{id}"
   end
@@ -165,4 +167,9 @@ def ensure_ingress_present
     end
   end
 
+  def set_primary_domain
+    return unless make_primary
+    container_service.update master_domain_id: id
+  end
+
 end
diff --git a/app/models/load_balancer.rb b/app/models/load_balancer.rb
@@ -133,6 +133,10 @@ class LoadBalancer < ApplicationRecord
   serialize :ext_ip, JSON
   serialize :internal_ip, JSON
 
+  def ipv6_enabled?
+    !region.has_clustered_networking?
+  end
+
   # Determine if all the parameters have been met and we can deploy/activate this load balancer
   # @return [Boolean]
   def active?

diff --git a/app/views/api/stacks/load_balancers/haproxy/_backend-http.erb b/app/views/api/stacks/load_balancers/haproxy/_backend-http.erb
@@ -5,13 +5,15 @@ backend <%= Digest::MD5.hexdigest("#{service.name}#{ingress.id}") %>
   mode http
   option redispatch
   option httpchk HEAD /
+<% if service.containers.count > 1 %>
   cookie SERVERID insert indirect nocache httponly
+<% end %>
     <% service.containers.each do |container| %>
       <% next if container.ip_address.nil? %>
       <% if !load_balancer.direct_connect && (node != container.node) %>
-  server <%= container.name %> <%= container.node.primary_ip %>:443 ssl verify none maxconn <%= load_balancer.maxconn_c %> maxqueue <%= load_balancer.max_queue %> cookie s<%= container.name.split('-').last %>
+  server <%= container.name %> <%= container.node.primary_ip %>:443 ssl verify none maxconn <%= load_balancer.maxconn_c %> maxqueue <%= load_balancer.max_queue %><% if service.containers.count > 1 %> cookie s<%= container.name.split('-').last %><% end %>
       <% else %>
-  server <%= container.name %> <%= container.ip_address.ipaddr %>:<%= ingress.port %> maxconn <%= load_balancer.maxconn_c %> maxqueue <%= load_balancer.max_queue %> cookie s<%= container.name.split('-').last %><% if ingress.backend_ssl %> ssl verify none<% end %>
+  server <%= container.name %> <%= container.ip_address.ipaddr %>:<%= ingress.port %> maxconn <%= load_balancer.maxconn_c %> maxqueue <%= load_balancer.max_queue %><% if service.containers.count > 1 %> cookie s<%= container.name.split('-').last %><% end %><% if ingress.backend_ssl %> ssl verify none<% end %>
       <% end %>
     <% end %>
   <% end %>
@@ -24,13 +26,15 @@ backend S_<%= Digest::MD5.hexdigest("#{service.name}#{ingress.id}") %>
   mode http
   option redispatch
   option httpchk HEAD /
+<% if service.containers.count > 1 %>
   cookie SERVERID insert indirect nocache httponly secure
+<% end %>
     <% service.containers.each do |container| %>
       <% next if container.ip_address.nil? %>
       <% if !load_balancer.direct_connect && (node != container.node) %>
-  server <%= container.name %> <%= container.node.primary_ip %>:443 ssl verify none maxconn <%= load_balancer.maxconn_c %> maxqueue <%= load_balancer.max_queue %> cookie s<%= container.name.split('-').last %>
+  server <%= container.name %> <%= container.node.primary_ip %>:443 ssl verify none maxconn <%= load_balancer.maxconn_c %> maxqueue <%= load_balancer.max_queue %><% if service.containers.count > 1 %> cookie s<%= container.name.split('-').last %><% end %>
       <% else %>
-  server <%= container.name %> <%= container.ip_address.ipaddr %>:<%= ingress.port %> maxconn <%= load_balancer.maxconn_c %> maxqueue <%= load_balancer.max_queue %> cookie s<%= container.name.split('-').last %><% if ingress.backend_ssl %> ssl verify none<% end %>
+  server <%= container.name %> <%= container.ip_address.ipaddr %>:<%= ingress.port %> maxconn <%= load_balancer.maxconn_c %> maxqueue <%= load_balancer.max_queue %><% if service.containers.count > 1 %> cookie s<%= container.name.split('-').last %><% end %><% if ingress.backend_ssl %> ssl verify none<% end %>
       <% end %>
     <% end %>
   <% end %>

diff --git a/app/views/api/stacks/load_balancers/haproxy/_frontend-http.erb b/app/views/api/stacks/load_balancers/haproxy/_frontend-http.erb
@@ -1,7 +1,7 @@
 <% index = 1 %>
 <% if load_balancer.has_ssl_certs? %>
 frontend https
-  bind :443 ssl <% if load_balancer.has_shared_cert? %>crt /etc/haproxy/shared_cert.pem<% end %> crt /etc/haproxy/certs/ <%= load_balancer.haproxy_http_proto %>
+  bind <% if load_balancer.ipv6_enabled? %>[::]<% end %>:443 ssl <% if load_balancer.has_shared_cert? %>crt /etc/haproxy/shared_cert.pem<% end %> crt /etc/haproxy/certs/ <%= load_balancer.haproxy_http_proto %>
   mode http
   maxconn <%= load_balancer.maxconn %>
   option httplog
@@ -46,7 +46,7 @@ frontend https
   <% end %>
 
 frontend http
-  bind :80
+  bind <% if load_balancer.ipv6_enabled? %>[::]<% end %>:80
   mode http
   maxconn <%= load_balancer.maxconn %>
   <% if load_balancer.proxy_ipaddrs.empty? %>

diff --git a/app/views/api/stacks/load_balancers/haproxy/_frontend-tcp.erb b/app/views/api/stacks/load_balancers/haproxy/_frontend-tcp.erb
@@ -2,7 +2,7 @@
   <% next if service.containers.empty? %>
   <% service.ingress_rules.tcp.tcp_lb_rules.nat.lb.each do |ingress| %>
 frontend TCP_<%= ingress.port_nat %>
-  bind :<%= ingress.port_nat %>
+  bind <% if load_balancer.ipv6_enabled? %>[::]<% end %>:<%= ingress.port_nat %>
   mode tcp
   log global
   option tcplog
@@ -21,7 +21,7 @@ frontend TCP_<%= ingress.port_nat %>
   <% service.ingress_rules.tls.nat.lb.each do |ingress| %>
 <% if load_balancer.has_shared_cert? %>
 frontend TLS_<%= ingress.port_nat %>
-  bind :<%= ingress.port_nat %> ssl crt /etc/haproxy/shared_cert.pem
+  bind <% if load_balancer.ipv6_enabled? %>[::]<% end %>:<%= ingress.port_nat %> ssl crt /etc/haproxy/shared_cert.pem
   mode tcp
   timeout connect 5s
   timeout client 5m

diff --git a/app/views/deployments/orders/_location_selector.html.erb b/app/views/deployments/orders/_location_selector.html.erb
@@ -9,11 +9,10 @@
       <div class="col-md-12">
         <div class="row">
           <% locations.each_with_index do |i,k| %>
-            <%= check_box_tag 'location_id', i.id, id: "location=#{i.id}", style: "display:none", checked: 'checked' if order_session.location == i %>
-            <%= check_box_tag 'location_id', i.id, id: "location=#{i.id}", style: "display:none" unless order_session.location == i %>
+            <%= check_box_tag 'location_id', i.id, order_session.location == i, id: "location-#{i.id}", style: "display:none" %>
             <div class="col-lg-3 col-md-4 col-xs-6">
               <div id="location_<%= i.id %>" data-id="<%= i.id %>" class="panel panel-default container-order-card container-location-selector <% if order_session.location == i %>active<% end %>">
-                <div class="panel-body"><%= iname %></div>
+                <div class="panel-body"><%= i.name %></div>
               </div>
               <% content_tag :div, nil, class: 'clearfix visible-md-block'  if k == locations.count && ((k + 1) % 3).zero? %>
               <% content_tag :div, nil, class: 'clearfix visible-sm-block'  if k == locations.count && ((k + 1) % 2).zero? %>

diff --git a/app/workers/container_workers/refresh_stats_worker.rb b/app/workers/container_workers/refresh_stats_worker.rb
@@ -0,0 +1,19 @@
+module ContainerWorkers
+  class RefreshStatsWorker
+    include Sidekiq::Worker
+
+    sidekiq_options retry: false,
+                    lock: :until_and_while_executing
+
+    def perform
+
+      Deployment::Container.all.each do |i|
+        i.stats false
+      end
+
+    rescue => e
+      ExceptionAlertService.new(e, '953ea854a6a7423b').perform
+    end
+
+  end
+end
diff --git a/app/workers/project_workers/refresh_metadata_ssh_worker.rb b/app/workers/project_workers/refresh_metadata_ssh_worker.rb
@@ -10,7 +10,7 @@ class RefreshMetadataSshWorker
     def perform(project_id, audit_id)
       project = Deployment.find_by id: project_id
       audit = Audit.find_by id: audit_id
-      return if project.nil?
+      return if project.nil? || audit.nil?
       ProjectServices::MetadataSshKeys.new(project).perform
       project.sftp_containers.each do |i|
         SftpServices::ReloadSshKeysService.new(i, audit).perform

diff --git a/lib/clock.rb b/lib/clock.rb
@@ -11,6 +11,10 @@ module Clockwork
     NodeWorkers::HeartbeatWorker.perform_async
   end
 
+  every(2.minutes, 'container.stats_refresh') do
+    ContainerWorkers::RefreshStatsWorker.perform_async
+  end
+
   every(5.minutes, 'nodes.health_check') do
     NodeWorkers::HealthCheckWorker.perform_async
   end