Merge with upstream

This commit is contained in:
John Keates 2015-08-30 03:50:10 +02:00
commit 29c60df042
4 changed files with 117 additions and 15 deletions

View file

@ -3,6 +3,11 @@
# Meta-state to fully setup haproxy on debian. (or any other distro that has haproxy in their repo)
include:
{% if salt['pillar.get']('haproxy:include') %}
{% for item in salt['pillar.get']('haproxy:include') %}
- {{ item }}
{% endfor %}
{% endif %}
- haproxy.install
- haproxy.service
- haproxy.config
- haproxy.config

View file

@ -12,3 +12,9 @@ haproxy_ppa_repo:
haproxy.install:
pkg.installed:
- name: haproxy
{% if salt['pillar.get']('haproxy:require') %}
- require:
{% for item in salt['pillar.get']('haproxy:require') %}
- {{ item }}
{% endfor %}
{% endif %}

View file

@ -1,17 +1,26 @@
haproxy.service:
{% if salt['pillar.get']('haproxy:enable', True) %}
service.running:
- name: haproxy
- enable: True
- reload: True
- require:
- pkg: haproxy
file: haproxy.service
- watch:
- file: haproxy.config
file.managed:
{% else %}
service.dead:
- name: haproxy
- enable: False
{% endif %}
file.replace:
- name: /etc/default/haproxy
#TODO: Add switch to turn the service on and off based on pillar configuration.
- source: salt://haproxy/files/haproxy-init-enable
- create: True
- user: "root"
- group: "root"
- mode: "0644"
{% if salt['pillar.get']('haproxy:enabled', True) %}
- pattern: ENABLED=0$
- repl: ENABLED=1
{% else %}
- pattern: ENABLED=1$
- repl: ENABLED=0
{% endif %}
- show_changes: True

View file

@ -3,11 +3,14 @@
#
haproxy:
enabled: True
config_file_path: /etc/haproxy/haproxy.cfg
global:
stats:
enable: True
socketpath: /var/lib/haproxy/stats
ssl-default-bind-ciphers: "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384"
ssl-default-bind-options: "no-sslv3 no-tlsv10 no-tlsv11"
user: haproxy
group: haproxy
@ -34,6 +37,11 @@ haproxy:
- server 1m
- http-keep-alive 10s
- check 10s
stats:
- enable
- uri: '/admin?stats'
- realm: 'Haproxy\ Statistics'
- auth: 'admin1:AdMiN123'
errorfiles:
400: /etc/haproxy/errors/400.http
@ -44,6 +52,46 @@ haproxy:
503: /etc/haproxy/errors/503.http
504: /etc/haproxy/errors/504.http
{# Suported by HAProxy 1.6 #}
resolvers:
local_dns:
options:
- nameserver resolvconf 127.0.0.1:53
- resolve_retries 3
- timeout retry 1s
- hold valid 10s
listens:
stats:
bind:
- "0.0.0.0:8998"
mode: http
stats:
enable: True
uri: "/admin?stats"
refresh: "20s"
myservice:
bind:
- "*:8888"
options:
- forwardfor
- http-server-close
defaultserver:
slowstart: 60s
maxconn: 256
maxqueue: 128
weight: 100
servers:
web1:
host: web1.example.com
port: 80
check: check
web2:
host: web2.example.com
port: 18888
check: check
frontends:
frontend1:
name: www-http
@ -53,8 +101,7 @@ haproxy:
- "X-Forwarded-Proto:\\ http"
default_backend: www-backend
frontend2:
name: www-https
www-https:
bind: "*:443 ssl crt /etc/ssl/private/certificate-chain-and-key-combined.pem"
reqadd:
- "X-Forwarded-Proto:\\ https"
@ -63,7 +110,12 @@ haproxy:
- url_static path_beg -i /static /images /javascript /stylesheets
- url_static path_end -i .jpg .gif .png .css .js
use_backends:
- static if url_static
- static-backend if url_static
some-services:
bind:
- "*:8080"
- "*:8088"
default_backend: api-backend
backends:
backend1:
@ -76,8 +128,7 @@ haproxy:
host: 192.168.1.213
port: 80
check: check
backend2:
name: static
static-backend:
balance: roundrobin
redirect: scheme https if !{ ssl_fc }
options:
@ -92,8 +143,39 @@ haproxy:
realm: LoadBalancer
auth: "user:password"
servers:
server1:
name: some-server
some-server:
host: 123.156.189.111
port: 8080
check: check
api-backend:
options:
- http-server-close
- forwardfor
servers:
apiserver1:
host: apiserver1.example.com
port: 80
check: check
server2:
name: apiserver2
host: apiserver2.example.com
port: 80
check: check
extra: resolvers local_dns resolve-prefer ipv4
another_www:
mode: tcp
balance: source
sticktable: "type binary len 32 size 30k expire 30m"
acls:
- clienthello req_ssl_hello_type 1
- serverhello rep_ssl_hello_type 2
tcprequests:
- "inspect-delay 5s"
- "content accept if clienthello"
tcpresponses:
- "content accept if serverhello"
stickons:
- "payload_lv(43,1) if clienthello"
reqrep:
- "^([^\ :]*)\ /static/(.*) \1\ \2"
options: "ssl-hello-chk"