0 0 Share PDF

How do I increase map_hash_bucket_size for ucp-interlock-proxy?

Article ID: KB000805

Issue

When using Interlock for Layer 7 Routing with the default Nginx backend, using long hostnames in routing labels may result in the ucp-interlock-proxy service crashing, reporting the following error:

[emerg] could not build map_hash, you should increase map_hash_bucket_size: 64

Prerequisites

Before performing these steps, you must meet the following requirements:

  • Running UCP 3.0.2 or later, which supports the HTTPOptions and TCPOptions parameters in Interlock
  • Have Layer 7 Routing (Interlock) enabled under UCP Admin Settings

Root Cause

From Nginix's documentation:

Syntax:   map_hash_bucket_size <size>;
Default:  map_hash_bucket_size 32|64|128;
Context:  http

Sets the bucket size for the map variables hash tables.

The maphash is used to store mappings of hostname routing rules to upstream servers, and long hostnames may exceed the default size of the maphash table.

Resolution

  1. Obtain a config.toml file from Interlock by following step 1 of this guide to configuring Interlock.

  2. Next, refer to the layout of the Interlock config file, and add the HTTPOptions parameter to the [Extensions.default.Config] section of the config file, whitespace-aligned.

  3. If you are deploying a simple HTTP route, such as:

    services:
      demo:
        image: ehazlett/docker-demo
        deploy:
          replicas: 1
          labels:
            com.docker.lb.hosts: app.longdomainname.org
            com.docker.lb.network: demo-network
            com.docker.lb.port: 8080
        networks:
          - demo-network
    

    set the HTTPOptions = ["map_hash_bucket_size 64;"] parameter in Interlock's config file. It should look something like this:

    ListenAddr = ":8080"
    DockerURL = "unix:///var/run/docker.sock"
    PollInterval = "3s"
    
    [Extensions]
      [Extensions.default]
        ...
        [Extensions.default.Config]
          User = "nginx"
          PidPath = "/var/run/proxy.pid"
          WorkerProcesses = 1
          RlimitNoFile = 65535
          MaxConnections = 2048
          GlobalOptions = []
          HTTPOptions = ["map_hash_bucket_size 64;"]
    
  4. Or, if you are deploying an HTTPS route, such as:

    services:
      demo:
        image: ehazlett/docker-demo
        command: --tls-cert=/run/secrets/cert.pem --tls-key=/run/secrets/key.pem
        deploy:
          replicas: 1
          labels:
            com.docker.lb.hosts: app.longdomainname.org
            com.docker.lb.network: demo-network
            com.docker.lb.port: 8443
            com.docker.lb.ssl_passthrough: "true"
        environment:
          METADATA: end-to-end-TLS
        networks:
          - demo-network
        secrets:
          - source: app.example.org.cert
            target: /run/secrets/cert.pem
          - source: app.example.org.key
            target: /run/secrets/key.pem
    

    then you must also set the TCPOptions = ["map_hash_bucket_size 64;"] parameter in Interlock's config file. On the next line after HTTPOptions = ["map_hash_bucket_size 64;"], add the TCPOptions param on a separate line, and save the file. It should look something like this:

        ...
        [Extensions.default.Config]
          User = "nginx"
          PidPath = "/var/run/proxy.pid"
          WorkerProcesses = 1
          RlimitNoFile = 65535
          MaxConnections = 2048
          GlobalOptions = []
          HTTPOptions = ["map_hash_bucket_size 64;"]
          TCPOptions = ["map_hash_bucket_size 64;"]
    
  5. Finally, continue with steps 3 and 4 of configuring the Layer 7 Routing service.

  6. After you have done this. please do :

docker service ucp-interlock-proxy scale=0 
docker service ucp-interlock-proxy scale=2

This will allow the service to start the configuration.