[DO NOT MERGE] test for reconnection to RabbitMQ

deploy/dockerephemeral/Dockerfile.haproxy

@@ -0,0 +1,16 @@
+FROM haproxy:2.8
+
+# Switch to root to install packages
+USER root
+
+# Install socat and netcat for monitoring scripts
+RUN apt-get update && \
+    apt-get install -y socat netcat-openbsd curl && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+# Switch back to haproxy user for security
+USER haproxy
+
+# Expose ports
+EXPOSE 5672 15672 8080

deploy/dockerephemeral/docker-compose.yaml

@@ -324,15 +324,53 @@ services:
       - RABBITMQ_USERNAME
       - RABBITMQ_PASSWORD
     ports:
-      - "127.0.0.1:5671:5671"
-      - "127.0.0.1:15671:15671"
-      - "127.0.0.1:15672:15672"
+      # Shift real RabbitMQ off standard ports; Toxiproxy will listen on them
+      - "127.0.0.1:5673:5671"
+      - "127.0.0.1:5674:5672"
+      - "127.0.0.1:15674:15671"
+      - "127.0.0.1:15673:15672"
     volumes:
       - ./rabbitmq-config/rabbitmq.conf:/etc/rabbitmq/conf.d/20-wire.conf
       - ./rabbitmq-config/certificates:/etc/rabbitmq/certificates
     networks:
       - demo_wire
 
+  haproxy:
+    build:
+      context: .
+      dockerfile: Dockerfile.haproxy
+    container_name: haproxy
+    depends_on:
+      - rabbitmq
+    ports:
+      - "5671:5671"
+      - "5672:5672"
+      - "15671:15671"
+      - "15672:15672"
+      - "8081:8080"
+    volumes:
+      - ./haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro
+      - ./haproxy-logs:/var/log/haproxy
+    networks:
+      - demo_wire
+
+  # toxiproxy:
+  #   container_name: toxiproxy
+  #   image: ghcr.io/shopify/toxiproxy:2.9.0
+  #   command: -host=0.0.0.0 -config /config/toxiproxy.json
+  #   depends_on:
+  #     - rabbitmq
+  #   ports:
+  #     - "127.0.0.1:8474:8474"   # Toxiproxy admin API
+  #     - "127.0.0.1:5671:5671"   # RabbitMQ AMQP (TLS) via proxy
+  #     - "127.0.0.1:5672:5672"   # RabbitMQ AMQP via proxy
+  #     - "127.0.0.1:15672:15672" # RabbitMQ management via proxy
+  #     - "127.0.0.1:15671:15671" # RabbitMQ management (TLS) via proxy
+  #   volumes:
+  #     - ./docker/toxiproxy.json:/config/toxiproxy.json:ro
+  #   networks:
+  #     - demo_wire
+
   init_vhosts:
     image: alpine/curl:3.14
     environment:

deploy/dockerephemeral/docker/toxiproxy.json

@@ -0,0 +1,26 @@
+[
+  {
+    "name": "rabbitmq-amqp-tcp",
+    "listen": "0.0.0.0:5672",
+    "upstream": "rabbitmq:5672",
+    "enabled": true
+  },
+  {
+    "name": "rabbitmq-amqp-tls",
+    "listen": "0.0.0.0:5671",
+    "upstream": "rabbitmq:5671",
+    "enabled": true
+  },
+  {
+    "name": "rabbitmq-management",
+    "listen": "0.0.0.0:15672",
+    "upstream": "rabbitmq:15672",
+    "enabled": true
+  },
+  {
+    "name": "rabbitmq-management-tls",
+    "listen": "0.0.0.0:15671",
+    "upstream": "rabbitmq:15671",
+    "enabled": true
+  }
+]

deploy/dockerephemeral/haproxy.cfg

@@ -0,0 +1,120 @@
+global
+    log stdout local0
+    stats socket /var/lib/haproxy/stats mode 666 level admin expose-fd listeners
+    stats timeout 30s
+    user haproxy
+    group haproxy
+    daemon
+    tune.idletimer 30s
+    tune.http.cookielen 4096
+
+# Use Docker's embedded DNS for service discovery inside the compose network
+resolvers docker
+    nameserver dns1 127.0.0.11:53
+    resolve_retries 3
+    timeout resolve 1s
+    hold valid 10s
+
+defaults
+    mode tcp
+    log global
+    option tcplog
+    option dontlognull
+    retries 3
+    timeout connect 5000ms
+    timeout client 3600000ms
+    timeout server 3600000ms
+    timeout check 5000ms
+
+    option tcp-check
+
+
+listen stats
+    bind *:8080
+    mode http
+    stats enable
+    stats uri /stats
+    stats refresh 30s
+    stats admin if TRUE
+    stats auth guest:alpaca-grapefruit
+
+frontend rabbitmq_amqp
+    bind *:5672
+    mode tcp
+    option tcplog
+    default_backend rabbitmq_amqp_cluster
+
+    timeout client 3600000ms
+
+frontend rabbitmq_amqps
+    bind *:5671
+    mode tcp
+    option tcplog
+    default_backend rabbitmq_amqps_cluster
+
+    timeout client 3600000ms
+
+frontend rabbitmq_management
+    bind *:15672
+    mode http
+    option httplog
+    default_backend rabbitmq_management_cluster
+
+    timeout client 3600000ms
+
+frontend rabbitmq_management_tls
+    bind *:15671
+    mode tcp
+    option tcplog
+    default_backend rabbitmq_management_tls_cluster
+
+    timeout client 3600000ms
+
+backend rabbitmq_amqp_cluster
+    mode tcp
+    balance roundrobin
+
+    timeout server 3600000ms
+    timeout check 3000ms
+
+    option tcp-check
+    tcp-check connect
+
+    server rabbitmq rabbitmq:5672 check inter 10000ms fall 3 rise 2 resolvers docker resolve-prefer ipv4 init-addr last,libc,none
+
+backend rabbitmq_amqps_cluster
+    mode tcp
+    balance roundrobin
+
+    timeout server 3600000ms
+    timeout check 3000ms
+
+    option tcp-check
+    tcp-check connect
+
+    server rabbitmq-tls rabbitmq:5671 check inter 10000ms fall 3 rise 2 resolvers docker resolve-prefer ipv4 init-addr last,libc,none
+
+backend rabbitmq_management_cluster
+    mode http
+    balance roundrobin
+    option httpchk GET /api/overview
+    http-check send-state
+    http-check connect default
+    http-check send meth GET uri /api/overview hdr Authorization "Basic YWRtaW46cGFzc3dvcmQ="
+    http-check expect status 200
+
+    timeout server 3600000ms
+
+    server rabbitmq-mgmt rabbitmq:15672 check inter 10000ms fall 3 rise 2 resolvers docker resolve-prefer ipv4 init-addr last,libc,none
+
+backend rabbitmq_management_tls_cluster
+    mode tcp
+    balance roundrobin
+
+    timeout server 3600000ms
+    timeout check 3000ms
+
+    option tcp-check
+    tcp-check connect
+
+    server rabbitmq-mgmt-tls rabbitmq:15671 check inter 10000ms fall 3 rise 2 resolvers docker resolve-prefer ipv4 init-addr last,libc,none