Project

General

Profile

Todo #9386

Deprecate built-in relayd Load Balancer

Added by Jim Pingle 9 months ago. Updated 8 months ago.

Status:
Feedback
Priority:
Normal
Assignee:
Category:
Load Balancer
Target version:
Start date:
03/06/2019
Due date:
% Done:

100%

Estimated time:

Description

As of now, relayd does not function on FreeBSD 12 due to OpenSSL 1.1.x. The port is currently marked BROKEN for FreeBSD 12 and later. It has been this way since October, and there isn't any apparent sign of work to make it compatible with OpenSSL 1.1.x (no open PRs, no discussions on the ports list I could see).

Since HAProxy can do nearly everything the majority of users want from relayd (and does it better), in these circumstances the best move is to deprecate the relayd-based load balancer in favor of the HAProxy package.

Subtasks include:

  • Remove Load Balancer code
    • Config pages (usr/local/www/load_balancer_monitor_edit.php usr/local/www/load_balancer_monitor.php usr/local/www/load_balancer_pool_edit.php usr/local/www/load_balancer_pool.php usr/local/www/load_balancer_setting.php usr/local/www/load_balancer_virtual_server_edit.php usr/local/www/load_balancer_virtual_server.php)
    • Status pages (usr/local/www/status_lb_pool.php usr/local/www/status_lb_vs.php)
    • Widget (usr/local/www/widgets/widgets/load_balancer_status.widget.php usr/local/www/widgets/include/load_balancer.inc)
    • Menu entry (usr/local/www/head.inc)
    • Sticky parts for relayd only (system_advanced_misc.php)
    • vslb.inc -- only contains functions used by the load balancer, nothing else needs anything from it
    • Service definition and related references (etc/inc/service-utils.inc)
    • XMLRPC references (usr/local/www/xmlrpc.php etc/rc.filter_synchronize)
    • Boot time startup (rc.bootup)
    • NAT/firewall rules/anchors (etc/inc/filter.inc etc/phpshellsessions/pfanchordrill)
    • Upgrade code references that are no longer needed (etc/inc/upgrade_config.inc)
    • Privileges (etc/inc/priv/user.priv.inc)
    • Log references (etc/inc/filter_log.inc etc/pfSense-rc etc/inc/system.inc usr/local/www/status_logs.php usr/local/www/status_logs_settings.php usr/local/www/status_logs_common.inc)
    • Alias name check code (usr/local/www/firewall_aliases_import.php usr/local/www/firewall_aliases.php usr/local/www/firewall_aliases_edit.php)
    • Help entries (usr/local/www/help.php)
    • Shortcuts (usr/local/www/shortcuts.inc)
    • Status output (usr/local/www/status.php)
    • Default config.xml entries for load_balancer (conf.default/config.xml)
    • Any other stray references to relayd, load_balancer, etc
  • Add removed files from the above tasks to /etc/pfSense.obsoletedfiles
  • Possibly create upgrade or migration code to move LB entries to HAProxy, or create a script or mechanism to do the same manually
  • Upgrade code should remove the load_balancer section, but depending on the above it could be preserved in a file under /conf/ for migration purposes.
  • Remove references to the load balancer from current documentation

Associated revisions

Revision 586c623a (diff)
Added by Jim Pingle 8 months ago

Deprecate the built-in relayd Load Balancer. Closes #9386

It is not available on FreeBSD 12 with OpenSSL 1.1.x.

Users can migrate to the HAProxy package.

History

#1 Updated by Jim Pingle 9 months ago

  • Description updated (diff)

#2 Updated by Jim Pingle 8 months ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

Also available in: Atom PDF