switch HA-proxy tests to h1load client

[Sashan]

This change simplifies current HA-proxy test set up. Testing no longer requires apache/nginx server as backend. Instead of using siege as a client the test uses
h1load [1].

The pull request also install httpterm [2] http/1.1 server. It's unused currently.

The HA-proxy configuration for testing matches the configuration used in 'State of SSL stacks' write up.

The h1load client currently runs with options as follows :
h1load
-l \ # long results, output expected by h1load shell script
-P \ # report also percentiles for gathared data
-d ${TEST_TIME} \ # test duration, TEST_TIME is 10secs
-c 500 \ # 500 concurrent connections
-t ${THREAD_COUNT} \ # gather data for 1, 2, 4, 8, 16, 32, 64 threads
-u \ # use runtime instead of system time
${BASE_URL}${PORT} # url where to connect to

The options above is just the initial version.

[1] https://github.com/wtarreau/h1load

[2] https://github.com/wtarreau/httpterm

[3] https://www.haproxy.com/blog/state-of-ssl-stacks

[nhorman]

This looks fine to me, but I'm a bit confused as to how h1load gets setup with this test. Is it meant to be run by hand independently?

[Sashan]

This looks fine to me, but I'm a bit confused as to how h1load gets setup with this test. Is it meant to be run by hand independently?

it's run by bench_run_haproxy.sh this comes from run_test() function:

    RESULT=${RESULT_DIR}/h1load-dh-rsa-noreuse-${THREAD_COUNT}-${SSL_LIB}.out
    PORT=$(( ${PORT_RSA} + ${PROXY_CHAIN}  ))
    LD_LIBRARY_PATH=${OPENSSL_DIR}/lib ${H1LOAD} \
        -l \
        -P \
        -d ${TEST_TIME} \
        -c 500 \
        -t ${THREAD_COUNT} \
        -u \
        ${BASE_URL}${PORT} > ${RESULT} || exit 1

it's the H1LOAD variable which holds the path to h1load client. the client is linked with desired SSL library. I'm still verifying set up and figuring out the command line options to use. I've added also ability to use the siege [1] client just to cross check the results with other kind of tests.

the part up to collecting results is mostly done. I'm still working on gnuplot scripts to post-process data. I will include them to separate PR.

[wtarreau]

Sasha, before you spend too much time on gnuplot scripts, I'll share you some hints to ease your job (e.g. using -ll instead of -l to have raw numbers instead of human-friendly ones). I'm also finalizing a few small changes that ease selecting relevant lines if you want to compute averages. I'll ping you soon about this.

[Sashan]

Walter, thanks a lot. I will be also happy for tips on how to set the h1load arguments. to run benchmark tests.
What I'm looking for is to have a test which will run for certain period of time (let's say 10secs) trying to do as many requests/handshakes as possible using 1, 2, 4, 8, 16, 32, 64 threads. The more requests handled within the period of time the better. This is just very gross benchmark to get some basic metric. Once again thank you.

[wtarreau]

Agreed, that's what I want to show you because it's not quite hard. With -d you can set the duration of the test, with -s you can configure a slow ramp-up period (absolutely necessary to avoid measurement errors), and I'll also show you how to pick the relevant values to provide a meaningful measure. On the haproxy side, using taskset is an easy and convenient way to select the number of threads you want. I'll try to dedicate you some time next week to work on this. Today I'm busy chasing a few bugs.

[jogme]

First iteration - only cosmetics

[jogme]

duplicity; already present on line 20

[jogme]

same as above; line 21

[jogme]

same as above; line 22 (and used on line 23)

[jogme]

the value is changed before usage on line 181, so this assignment seems redundant

[jogme]

indentation is off here and a few places also below

[Sashan]

yeah, tab vs. spaces, thanks for spotting that.

[jogme]

I think this could be put into a for to eliminate duplicity

[Sashan]

I'm going for what you suggest however I'm not entirely convinced it makes code easier to read/modify. whatever if you will like it can be kept or code can be reverted to what I have now in PR.

[jogme]

nit: there can be a check added if the openssl-master dir is already installed

[t-j-h]

You comment that you aren't using siege as a client - but I still see a pile of references there - is this expected? Is it still actually used? If so the PR comment should be updated.

[Sashan]

You comment that you aren't using siege as a client - but I still see a pile of references there - is this expected? Is it still actually used? If so the PR comment should be updated.

I will fix the comment. I think it is useful to keep both tools working just for a cross check.