From 7e31bee197d0b159edbadb65f1e60792df649193 Mon Sep 17 00:00:00 2001 From: Troy Date: Mon, 13 Jul 2015 16:17:06 -0700 Subject: [PATCH 01/19] Allowed for default balance balance with default of roundrobin, and allowed for lack of balance in the backends --- haproxy/templates/haproxy.jinja | 3 +++ 1 file changed, 3 insertions(+) diff --git a/haproxy/templates/haproxy.jinja b/haproxy/templates/haproxy.jinja index 2fb5195..df944e5 100644 --- a/haproxy/templates/haproxy.jinja +++ b/haproxy/templates/haproxy.jinja @@ -33,6 +33,7 @@ defaults log {{ salt['pillar.get']('haproxy:defaults:log') }} mode {{ salt['pillar.get']('haproxy:defaults:mode') }} retries {{ salt['pillar.get']('haproxy:defaults:retries') }} + balance {{ salt['pillar.get']('haproxy:defaults:balance', 'roundrobin') }} {%- if 'options' in salt['pillar.get']('haproxy:defaults', {}) %} {%- for option in salt['pillar.get']('haproxy:defaults:options') %} option {{ option }} @@ -94,7 +95,9 @@ backend {{ backend[1].name }} {%- for redirect in backend[1].redirects %} # Redirect loop start redirect {{ redirect }}{% endfor %} {%- endif %} + {%- if 'balance' in backend[1] %} balance {{ backend[1].balance }} + {%- endif %} {%- if 'options' in backend[1] %} {%- for option in backend[1].options %} option {{ option }} From 32e148d232a259e398db349145bdf044787bcd94 Mon Sep 17 00:00:00 2001 From: Troy Date: Mon, 13 Jul 2015 17:06:24 -0700 Subject: [PATCH 02/19] added default for name attribute name attribute will default to the identifier given in the pillar, but can be overridden by the name attribute --- haproxy/templates/haproxy.jinja | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/haproxy/templates/haproxy.jinja b/haproxy/templates/haproxy.jinja index df944e5..8df8163 100644 --- a/haproxy/templates/haproxy.jinja +++ b/haproxy/templates/haproxy.jinja @@ -58,7 +58,7 @@ defaults #--------------------------------------------------------------------- {%- if 'frontends' in salt['pillar.get']('haproxy', {}) %} {%- for frontend in salt['pillar.get']('haproxy:frontends', {}).iteritems() %} -frontend {{ frontend[1].name }} +frontend {{ frontend[1].get(name, frontend[0]) }} bind {{ frontend[1].bind }} {%- if 'redirects' in frontend[1] %} {%- for front_redirect in frontend[1].redirects %} @@ -90,7 +90,7 @@ redirect {{ front_redirect }} #--------------------------------------------------------------------- {%- if 'backends' in salt['pillar.get']('haproxy', {}) %} {%- for backend in salt['pillar.get']('haproxy:backends', {}).iteritems() %} # Backend loop start -backend {{ backend[1].name }} +backend {{ backend[1].get(name, backend[0]) }} {%- if 'redirects' in backend[1] %} {%- for redirect in backend[1].redirects %} # Redirect loop start redirect {{ redirect }}{% endfor %} @@ -117,7 +117,7 @@ redirect {{ redirect }}{% endfor %} {%- endif %} {%- if 'servers' in backend[1] %} {%- for server in backend[1].servers.iteritems() %} - server {{ server[1].name }} {{ server[1].host }}:{{ server[1].port }} {{ server[1].check }}{% endfor %} + server {{ server[1].get(name,server[0]) }} {{ server[1].host }}:{{ server[1].port }} {{ server[1].check }}{% endfor %} {% endif %} {% endfor %} # Backend loop end {% endif %} From 9ca7d936e88e9ed5b8f95719456bd85d1cf35d8b Mon Sep 17 00:00:00 2001 From: Troy Date: Mon, 13 Jul 2015 17:21:58 -0700 Subject: [PATCH 03/19] Update pillar.example Showing some options for naming and multiple binds and leaving out the balance and using the configuration default --- pillar.example | 30 +++++++++++++++++++++++------- 1 file changed, 23 insertions(+), 7 deletions(-) diff --git a/pillar.example b/pillar.example index ac894b7..a2389f3 100644 --- a/pillar.example +++ b/pillar.example @@ -53,8 +53,7 @@ haproxy: - "X-Forwarded-Proto:\\ http" default_backend: www-backend - frontend2: - name: www-https + www-https: bind: "*:443 ssl crt /etc/ssl/private/certificate-chain-and-key-combined.pem" reqadd: - "X-Forwarded-Proto:\\ https" @@ -63,7 +62,12 @@ haproxy: - url_static path_beg -i /static /images /javascript /stylesheets - url_static path_end -i .jpg .gif .png .css .js use_backends: - - static if url_static + - static-backend if url_static + some-services: + bind: + - "*:8080" + - "*:8088" + default_backend: api-backend backends: backend1: @@ -76,8 +80,7 @@ haproxy: host: 192.168.1.213 port: 80 check: check - backend2: - name: static + static-backend: balance: roundrobin redirect: scheme https if !{ ssl_fc } options: @@ -92,8 +95,21 @@ haproxy: realm: LoadBalancer auth: "user:password" servers: - server1: - name: some-server + some-server: host: 123.156.189.111 port: 8080 check: check + api-backend: + options: + - http-server-close + - forwardfor + servers: + apiserver1: + host: apiserver1.example.com + port: 80 + check: check + server2: + name: apiserver2 + host: apiserver2.example.com + port: 80 + check: check From 027548519401902bea51a88d048812f453c99dcb Mon Sep 17 00:00:00 2001 From: Troy Germain Date: Fri, 17 Jul 2015 19:00:32 -0700 Subject: [PATCH 04/19] Adding Listeners, Multiple (optional) Binds per Listener/frontend --- haproxy/templates/haproxy.jinja | 68 ++++++++++++++++++++++++++++++++- pillar.example | 25 ++++++++++++ 2 files changed, 91 insertions(+), 2 deletions(-) diff --git a/haproxy/templates/haproxy.jinja b/haproxy/templates/haproxy.jinja index 8df8163..5e1b0bf 100644 --- a/haproxy/templates/haproxy.jinja +++ b/haproxy/templates/haproxy.jinja @@ -51,7 +51,67 @@ defaults {% endif %} - +#--------------------------------------------------------------------- +# listen instances +#--------------------------------------------------------------------- +{%- if 'listens' in salt['pillar.get']('haproxy', {}) %} + {%- for listener in salt['pillar.get']('haproxy:listens', {}).iteritems() %} +listen {{ listener[1].get(name, listener[0]) }} + {%- if 'bind' in listener[1] %} + {%- for socket in listener[1].bind %} + bind {{ socket }} + {%- endfor %} + {%- endif %} + {%- if 'redirects' in listener[1] %} + {%- for front_redirect in listener[1].redirects %} + redirect {{ front_redirect }} + {% endfor %} + {%- endif %} + {%- if 'acls' in listener[1] %} + {%- for acl in listener[1].acls %} + acl {{ acl }} + {%- endfor %} + {%- endif %} + {%- if 'reqadd' in listener[1] %} + {%- for reqadd in listener[1].reqadd %} + reqadd {{ reqadd }} + {%- endfor %} + {%- endif %} + {%-if 'default_backend' in listener[1] -%} + default_backend {{ listener[1].default_backend }} + {%- endif %} + {%-if 'use_backends' in listener[1] -%} + {%- for use_backend in listener[1].use_backends %} + use_backend {{ use_backend }} + {% endfor %} + {%- endif %} + {%- if 'balance' in listener[1] %} + balance {{ listener[1].balance }} + {%- endif %} + {%- if 'options' in listener[1] %} + {%- for option in listener[1].options %} + option {{ option }} + {%- endfor %} + {%- endif %} + {%- if 'cookie' in listener[1] %} + cookie {{ listener[1].cookie }} + {%- endif %} + {%- if 'stats' in listener[1] %} + {%- for option, value in listener[1].stats.iteritems() %} + {%- if option == 'enable' and value %} + stats enable + {%- else %} + stats {{ option }} {{ value }} + {%- endif %} + {%- endfor %} + {%- endif %} + {%- if 'servers' in listener[1] %} + {%- for server in listener[1].servers.iteritems() %} + server {{ server[1].get(name,server[0]) }} {{ server[1].host }}:{{ server[1].port }} {{ server[1].check }} + {% endfor %} + {% endif %} + {% endfor %} +{% endif %} #--------------------------------------------------------------------- # frontend instances @@ -59,7 +119,11 @@ defaults {%- if 'frontends' in salt['pillar.get']('haproxy', {}) %} {%- for frontend in salt['pillar.get']('haproxy:frontends', {}).iteritems() %} frontend {{ frontend[1].get(name, frontend[0]) }} - bind {{ frontend[1].bind }} + {%- if 'bind' in frontend[1] %} + {%- for socket in frontend[1].bind %} + bind {{ socket }} + {%- endfor %} + {%- endif %} {%- if 'redirects' in frontend[1] %} {%- for front_redirect in frontend[1].redirects %} redirect {{ front_redirect }} diff --git a/pillar.example b/pillar.example index a2389f3..4de503e 100644 --- a/pillar.example +++ b/pillar.example @@ -44,6 +44,31 @@ haproxy: 503: /etc/haproxy/errors/503.http 504: /etc/haproxy/errors/504.http + listens: + stats: + bind: + - "0.0.0.0:8998" + mode: http + stats: + enable: True + uri: "/admin?stats" + refresh: "20s" + myservice: + bind: + - "*:8888" + options: + - forwardfor + - http-server-close + servers: + web1: + host: web1.example.com + port: 80 + check: check + web2: + host: web2.example.com + port: 18888 + check: check + frontends: frontend1: name: www-http From ef5ff9c9ea9f854cacd741ce6eea7ed15a9739cf Mon Sep 17 00:00:00 2001 From: Troy Germain Date: Fri, 17 Jul 2015 20:36:15 -0700 Subject: [PATCH 05/19] added default-server configuration --- haproxy/templates/haproxy.jinja | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/haproxy/templates/haproxy.jinja b/haproxy/templates/haproxy.jinja index 5e1b0bf..8d799f0 100644 --- a/haproxy/templates/haproxy.jinja +++ b/haproxy/templates/haproxy.jinja @@ -104,7 +104,9 @@ listen {{ listener[1].get(name, listener[0]) }} stats {{ option }} {{ value }} {%- endif %} {%- endfor %} - {%- endif %} + {f 'defaultserver' in listener[1] %} + default-server {% for option, value in listener[1].defaultserver.iteritems() -%} {{ ' '.join((option,value|string)) }} {%- endfor %} + {% endif %}%- endif %} {%- if 'servers' in listener[1] %} {%- for server in listener[1].servers.iteritems() %} server {{ server[1].get(name,server[0]) }} {{ server[1].host }}:{{ server[1].port }} {{ server[1].check }} @@ -179,6 +181,9 @@ redirect {{ redirect }}{% endfor %} {%- endif %} {%- endfor %} {%- endif %} + {f 'defaultserver' in listener[1] %} + default-server {% for option, value in listener[1].defaultserver.iteritems() -%} {{ ' '.join((option,value|string)) }} {%- endfor %} + {% endif %}%- endif %} {%- if 'servers' in backend[1] %} {%- for server in backend[1].servers.iteritems() %} server {{ server[1].get(name,server[0]) }} {{ server[1].host }}:{{ server[1].port }} {{ server[1].check }}{% endfor %} From 2641edecc134bda98957e866c7c9bd681d20f1aa Mon Sep 17 00:00:00 2001 From: Troy Germain Date: Fri, 17 Jul 2015 20:37:56 -0700 Subject: [PATCH 06/19] updated pillar example for defaultserver setting --- pillar.example | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pillar.example b/pillar.example index 4de503e..53a3911 100644 --- a/pillar.example +++ b/pillar.example @@ -59,6 +59,11 @@ haproxy: options: - forwardfor - http-server-close + defaultserver: + slowstart: 60s + maxconn: 256 + maxqueue: 128 + weight: 100 servers: web1: host: web1.example.com From c00502a5961bddbb44e677b8622d516f52bb327d Mon Sep 17 00:00:00 2001 From: Troy Germain Date: Tue, 21 Jul 2015 08:42:56 -0700 Subject: [PATCH 07/19] fixed bug for single line bind statements --- haproxy/templates/haproxy.jinja | 191 ++++++++++++++++++-------------- 1 file changed, 106 insertions(+), 85 deletions(-) diff --git a/haproxy/templates/haproxy.jinja b/haproxy/templates/haproxy.jinja index 8d799f0..0d777f5 100644 --- a/haproxy/templates/haproxy.jinja +++ b/haproxy/templates/haproxy.jinja @@ -6,9 +6,9 @@ # Any changes will be overwritten. -#--------------------------------------------------------------------- +#------------------ # Global settings -#--------------------------------------------------------------------- +#------------------ global log /dev/log local0 log /dev/log local1 notice @@ -16,8 +16,8 @@ global group {{ salt['pillar.get']('haproxy:global:group', 'haproxy') }} {%- if salt['pillar.get']('haproxy:global:chroot:enable', 'no') == True %} chroot {{ salt['pillar.get']('haproxy:global:chroot:path', '/tmp') }} -{%- endif -%} -{% if salt['pillar.get']('haproxy:global:daemon', 'no') == True %} +{% endif %} +{%- if salt['pillar.get']('haproxy:global:daemon', 'no') == True %} daemon {% endif %} {%- if salt['pillar.get']('haproxy:global:stats:enable', 'no') == True %} @@ -25,10 +25,10 @@ global stats socket {{ salt['pillar.get']('haproxy:global:stats:socketpath', '/tmp/ha_stats.sock') }} {% endif %} -#--------------------------------------------------------------------- +#------------------ # common defaults that all the 'listen' and 'backend' sections will -# use if not designated in their block -#--------------------------------------------------------------------- +# use- if not designated in their block +#------------------ defaults log {{ salt['pillar.get']('haproxy:defaults:log') }} mode {{ salt['pillar.get']('haproxy:defaults:mode') }} @@ -51,21 +51,27 @@ defaults {% endif %} -#--------------------------------------------------------------------- +#------------------ # listen instances -#--------------------------------------------------------------------- +#------------------ {%- if 'listens' in salt['pillar.get']('haproxy', {}) %} {%- for listener in salt['pillar.get']('haproxy:listens', {}).iteritems() %} -listen {{ listener[1].get(name, listener[0]) }} +listen {{ listener[1].get('name', listener[0]) }} {%- if 'bind' in listener[1] %} - {%- for socket in listener[1].bind %} + {%- if listener[1].bind[1] is defined and listener[1].bind[1]|length > 1 %} + {%- for socket in listener[1].bind %} bind {{ socket }} - {%- endfor %} + {%- endfor %} + {%- elif listener[1].bind[0]|length > 1 %} + bind {{ listener[1].bind[0] }} + {%- else %} + bind {{ listener[1].bind }} + {%- endif %} {%- endif %} {%- if 'redirects' in listener[1] %} {%- for front_redirect in listener[1].redirects %} redirect {{ front_redirect }} - {% endfor %} + {%- endfor %} {%- endif %} {%- if 'acls' in listener[1] %} {%- for acl in listener[1].acls %} @@ -77,116 +83,131 @@ listen {{ listener[1].get(name, listener[0]) }} reqadd {{ reqadd }} {%- endfor %} {%- endif %} - {%-if 'default_backend' in listener[1] -%} + {%- if 'default_backend' in listener[1] %} default_backend {{ listener[1].default_backend }} - {%- endif %} - {%-if 'use_backends' in listener[1] -%} - {%- for use_backend in listener[1].use_backends %} + {% endif %} + {%- if 'use_backends' in listener[1] %} + {%- for use_backend in listener[1].use_backendsi %} use_backend {{ use_backend }} - {% endfor %} - {%- endif %} + {%- endfor %} + {% endif %} {%- if 'balance' in listener[1] %} balance {{ listener[1].balance }} - {%- endif %} + {% endif %} {%- if 'options' in listener[1] %} {%- for option in listener[1].options %} option {{ option }} {%- endfor %} - {%- endif %} + {% endif %} {%- if 'cookie' in listener[1] %} cookie {{ listener[1].cookie }} - {%- endif %} + {% endif %} {%- if 'stats' in listener[1] %} {%- for option, value in listener[1].stats.iteritems() %} {%- if option == 'enable' and value %} stats enable - {%- else %} + {% else %} stats {{ option }} {{ value }} - {%- endif %} + {% endif %} {%- endfor %} - {f 'defaultserver' in listener[1] %} - default-server {% for option, value in listener[1].defaultserver.iteritems() -%} {{ ' '.join((option,value|string)) }} {%- endfor %} - {% endif %}%- endif %} + {% endif %} + {%- if 'appsession' in listener[1] %} + appsession {%- for option in listener[1].appsession %} {{ option }} {%- endfor %} + {% endif %} + {%- if 'defaultserver' in listener[1] %} + default-server {%- for option, value in listener[1].defaultserver.iteritems() %} {{ ' '.join((option, value|string, '')) }} {%- endfor %} + {% endif %} {%- if 'servers' in listener[1] %} {%- for server in listener[1].servers.iteritems() %} - server {{ server[1].get(name,server[0]) }} {{ server[1].host }}:{{ server[1].port }} {{ server[1].check }} - {% endfor %} + server {{ server[1].get('name',server[0]) }} {{ server[1].host }}:{{ server[1].port }} {{ server[1].check }} + {%- endfor %} {% endif %} - {% endfor %} + {%- endfor %} {% endif %} -#--------------------------------------------------------------------- + +#------------------ # frontend instances -#--------------------------------------------------------------------- +#------------------ {%- if 'frontends' in salt['pillar.get']('haproxy', {}) %} {%- for frontend in salt['pillar.get']('haproxy:frontends', {}).iteritems() %} -frontend {{ frontend[1].get(name, frontend[0]) }} +frontend {{ frontend[1].get('name', frontend[0]) }} {%- if 'bind' in frontend[1] %} - {%- for socket in frontend[1].bind %} + {%- if frontend[1].bind[1] is defined and frontend[1].bind[1]|length > 1 %} + {%- for socket in frontend[1].bind %} bind {{ socket }} - {%- endfor %} + {%- endfor %} + {%- elif frontend[1].bind[0]|length > 1 %} + bind {{ frontend[1].bind[0] }} + {%- else %} + bind {{ frontend[1].bind }} + {%- endif %} {%- endif %} {%- if 'redirects' in frontend[1] %} {%- for front_redirect in frontend[1].redirects %} -redirect {{ front_redirect }} - {% endfor %} - {%- endif %} + redirect {{ front_redirect }} + {%- endfor %} + {% endif %} {%- if 'acls' in frontend[1] %} {%- for acl in frontend[1].acls %} acl {{ acl }} {%- endfor %} - {%- endif %} + {% endif %} {%- if 'reqadd' in frontend[1] %} {%- for reqadd in frontend[1].reqadd %} reqadd {{ reqadd }} {%- endfor %} - {%- endif %} + {% endif %} + {%- if 'default_backend' in frontend[1] %} default_backend {{ frontend[1].default_backend }} - {%-if 'use_backends' in frontend[1] -%} + {% endif %} + {%- if 'use_backends' in frontend[1] %} {%- for use_backend in frontend[1].use_backends %} use_backend {{ use_backend }} - {% endfor %} - {%- endif %} - {% endfor %} -{%- endif %} - - -#--------------------------------------------------------------------- -# backend instances -#--------------------------------------------------------------------- -{%- if 'backends' in salt['pillar.get']('haproxy', {}) %} - {%- for backend in salt['pillar.get']('haproxy:backends', {}).iteritems() %} # Backend loop start -backend {{ backend[1].get(name, backend[0]) }} - {%- if 'redirects' in backend[1] %} - {%- for redirect in backend[1].redirects %} # Redirect loop start -redirect {{ redirect }}{% endfor %} - {%- endif %} - {%- if 'balance' in backend[1] %} - balance {{ backend[1].balance }} - {%- endif %} - {%- if 'options' in backend[1] %} - {%- for option in backend[1].options %} - option {{ option }} - {%- endfor %} - {%- endif %} - {%- if 'cookie' in backend[1] %} - cookie {{ backend[1].cookie }} - {%- endif %} - {%- if 'stats' in backend[1] %} - {%- for option, value in backend[1].stats.iteritems() %} - {%- if option == 'enable' and value %} - stats enable - {%- else %} - stats {{ option }} {{ value }} - {%- endif %} - {%- endfor %} - {%- endif %} - {f 'defaultserver' in listener[1] %} - default-server {% for option, value in listener[1].defaultserver.iteritems() -%} {{ ' '.join((option,value|string)) }} {%- endfor %} - {% endif %}%- endif %} - {%- if 'servers' in backend[1] %} - {%- for server in backend[1].servers.iteritems() %} - server {{ server[1].get(name,server[0]) }} {{ server[1].host }}:{{ server[1].port }} {{ server[1].check }}{% endfor %} - {% endif %} - {% endfor %} # Backend loop end + {%- endfor %} + {% endif %} + {%- endfor %} +{% endif %} + + +#------------------ +# backend instances +#------------------ +{%- if 'backends' in salt['pillar.get']('haproxy', {}) %} + {%- for backend in salt['pillar.get']('haproxy:backends', {}).iteritems() %} +backend {{ backend[1].get('name',backend[0]) }} + {%- if 'redirects' in backend[1] %} + {%- for redirect in backend[1].redirects %} + redirect {{ redirect }} + {%- endfor %} + {% endif %} + {%- if 'balance' in backend[1] %} + balance {{ backend[1].balance }} + {% endif %} + {%- if 'options' in backend[1] %} + {%- for option in backend[1].options %} + option {{ option }} + {%- endfor %} + {% endif %} + {%- if 'cookie' in backend[1] %} + cookie {{ backend[1].cookie }} + {% endif %} + {%- if 'stats' in backend[1] %} + {%- for option, value in backend[1].stats.iteritems() %} + {%- if option == 'enable' and value %} + stats enable + {% else %} + stats {{ option }} {{ value }} + {% endif %} + {%- endfor %} + {% endif %} + {%- if 'defaultserver' in backend[1] %} + default-server {%- for option, value in backend[1].defaultserver.iteritems() %} {{ ' '.join((option, value|string, '')) }} {%- endfor %} + {% endif %} + {%- if 'servers' in backend[1] %} + {%- for server in backend[1].servers.iteritems() %} + server {{ server[1].get('name',server[0]) }} {{ server[1].host }}:{{ server[1].port }} {{ server[1].check }} + {%- endfor %} + {% endif %} + {%- endfor %} {% endif %} From b4ee8e891dedf1288af78e6ad026393353c8a42a Mon Sep 17 00:00:00 2001 From: Adam Bolte Date: Mon, 13 Jul 2015 19:11:43 +1000 Subject: [PATCH 08/19] Cleanup haproxy.jinja comments and whitespace. --- haproxy/templates/haproxy.jinja | 3 --- 1 file changed, 3 deletions(-) diff --git a/haproxy/templates/haproxy.jinja b/haproxy/templates/haproxy.jinja index 0d777f5..b0dc46c 100644 --- a/haproxy/templates/haproxy.jinja +++ b/haproxy/templates/haproxy.jinja @@ -5,7 +5,6 @@ # This file is managed by Salt. # Any changes will be overwritten. - #------------------ # Global settings #------------------ @@ -50,7 +49,6 @@ defaults {%- endfor %} {% endif %} - #------------------ # listen instances #------------------ @@ -169,7 +167,6 @@ frontend {{ frontend[1].get('name', frontend[0]) }} {%- endfor %} {% endif %} - #------------------ # backend instances #------------------ From eb6b073ad227641dc9ab865e0ce9dd64a759ceae Mon Sep 17 00:00:00 2001 From: Adam Bolte Date: Mon, 13 Jul 2015 19:14:51 +1000 Subject: [PATCH 09/19] Adjust ENABLED value based on pillar value. --- haproxy/service.sls | 16 +++++++++------- pillar.example | 1 + 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/haproxy/service.sls b/haproxy/service.sls index 74ff3ff..4b36610 100644 --- a/haproxy/service.sls +++ b/haproxy/service.sls @@ -7,11 +7,13 @@ haproxy.service: - pkg: haproxy - watch: - file: haproxy.config - file.managed: + file.replace: - name: /etc/default/haproxy -#TODO: Add switch to turn the service on and off based on pillar configuration. - - source: salt://haproxy/files/haproxy-init-enable - - create: True - - user: "root" - - group: "root" - - mode: "0644" +{% if salt['pillar.get']('haproxy:enabled', True) %} + - pattern: ENABLED=0$ + - repl: ENABLED=1 +{% else %} + - pattern: ENABLED=1$ + - repl: ENABLED=0 +{% endif %} + - show_changes: True diff --git a/pillar.example b/pillar.example index 53a3911..f90debc 100644 --- a/pillar.example +++ b/pillar.example @@ -3,6 +3,7 @@ # haproxy: + enabled: True config_file_path: /etc/haproxy/haproxy.cfg global: stats: From 672fe36551de625cd0339bab71371946b586b800 Mon Sep 17 00:00:00 2001 From: Adam Bolte Date: Mon, 13 Jul 2015 19:17:26 +1000 Subject: [PATCH 10/19] If not enabled in pillar, kill the service. --- haproxy/service.sls | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/haproxy/service.sls b/haproxy/service.sls index 4b36610..62d4193 100644 --- a/haproxy/service.sls +++ b/haproxy/service.sls @@ -1,12 +1,19 @@ haproxy.service: +{% if salt['pillar.get']('haproxy:enable', True) %} service.running: - name: haproxy - enable: True - reload: True - require: - pkg: haproxy + file: haproxy.service - watch: - file: haproxy.config +{% else %} + service.dead: + - name: haproxy + - enable: False +{% endif %} file.replace: - name: /etc/default/haproxy {% if salt['pillar.get']('haproxy:enabled', True) %} From 1bbf7fd182f654bd00c9d4d7bb1489bafb01e568 Mon Sep 17 00:00:00 2001 From: Adam Bolte Date: Fri, 17 Jul 2015 12:43:19 +1000 Subject: [PATCH 11/19] haproxy to optionally depend on a custom state. --- haproxy/init.sls | 7 ++++++- haproxy/install.sls | 6 ++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/haproxy/init.sls b/haproxy/init.sls index afdc9f8..f614841 100644 --- a/haproxy/init.sls +++ b/haproxy/init.sls @@ -3,6 +3,11 @@ # Meta-state to fully setup haproxy on debian. (or any other distro that has haproxy in their repo) include: +{% if salt['pillar.get']('haproxy:include') %} +{% for item in salt['pillar.get']('haproxy:include') %} + - {{ item }} +{% endfor %} +{% endif %} - haproxy.install - haproxy.service - - haproxy.config \ No newline at end of file + - haproxy.config diff --git a/haproxy/install.sls b/haproxy/install.sls index 5981aca..bb56d80 100644 --- a/haproxy/install.sls +++ b/haproxy/install.sls @@ -12,3 +12,9 @@ haproxy_ppa_repo: haproxy.install: pkg.installed: - name: haproxy +{% if salt['pillar.get']('haproxy:require') %} + - require: +{% for item in salt['pillar.get']('haproxy:require') %} + - {{ item }} +{% endfor %} +{% endif %} \ No newline at end of file From 1ffa423bfc32bde48478206f67cfadb0d1640fe3 Mon Sep 17 00:00:00 2001 From: Adam Bolte Date: Thu, 23 Jul 2015 18:46:44 +1000 Subject: [PATCH 12/19] Additional cleanup for haproxy.jinja whitespace. --- haproxy/templates/haproxy.jinja | 38 ++++++++++++++++++--------------- 1 file changed, 21 insertions(+), 17 deletions(-) diff --git a/haproxy/templates/haproxy.jinja b/haproxy/templates/haproxy.jinja index b0dc46c..3f6c548 100644 --- a/haproxy/templates/haproxy.jinja +++ b/haproxy/templates/haproxy.jinja @@ -5,6 +5,7 @@ # This file is managed by Salt. # Any changes will be overwritten. + #------------------ # Global settings #------------------ @@ -15,14 +16,15 @@ global group {{ salt['pillar.get']('haproxy:global:group', 'haproxy') }} {%- if salt['pillar.get']('haproxy:global:chroot:enable', 'no') == True %} chroot {{ salt['pillar.get']('haproxy:global:chroot:path', '/tmp') }} -{% endif %} +{%- endif %} {%- if salt['pillar.get']('haproxy:global:daemon', 'no') == True %} daemon -{% endif %} -{%- if salt['pillar.get']('haproxy:global:stats:enable', 'no') == True %} +{%- endif %} +{% if salt['pillar.get']('haproxy:global:stats:enable', 'no') == True %} # Stats support is currently limited to socket mode stats socket {{ salt['pillar.get']('haproxy:global:stats:socketpath', '/tmp/ha_stats.sock') }} -{% endif %} +{%- endif %} + #------------------ # common defaults that all the 'listen' and 'backend' sections will @@ -47,13 +49,14 @@ defaults {%- for errorfile in salt['pillar.get']('haproxy:defaults:errorfiles').iteritems() %} errorfile {{ errorfile[0] }} {{ errorfile[1] }} {%- endfor %} -{% endif %} +{%- endif %} +{%- if 'listens' in salt['pillar.get']('haproxy', {}) %} + #------------------ # listen instances #------------------ -{%- if 'listens' in salt['pillar.get']('haproxy', {}) %} - {%- for listener in salt['pillar.get']('haproxy:listens', {}).iteritems() %} +{%- for listener in salt['pillar.get']('haproxy:listens', {}).iteritems() %} listen {{ listener[1].get('name', listener[0]) }} {%- if 'bind' in listener[1] %} {%- if listener[1].bind[1] is defined and listener[1].bind[1]|length > 1 %} @@ -121,14 +124,14 @@ listen {{ listener[1].get('name', listener[0]) }} {%- endfor %} {% endif %} {%- endfor %} -{% endif %} +{%- endif %} +{%- if 'frontends' in salt['pillar.get']('haproxy', {}) %} #------------------ # frontend instances #------------------ -{%- if 'frontends' in salt['pillar.get']('haproxy', {}) %} - {%- for frontend in salt['pillar.get']('haproxy:frontends', {}).iteritems() %} +{%- for frontend in salt['pillar.get']('haproxy:frontends', {}).iteritems() %} frontend {{ frontend[1].get('name', frontend[0]) }} {%- if 'bind' in frontend[1] %} {%- if frontend[1].bind[1] is defined and frontend[1].bind[1]|length > 1 %} @@ -163,15 +166,16 @@ frontend {{ frontend[1].get('name', frontend[0]) }} {%- for use_backend in frontend[1].use_backends %} use_backend {{ use_backend }} {%- endfor %} - {% endif %} + {%- endif %} {%- endfor %} -{% endif %} +{%- endif %} +{%- if 'backends' in salt['pillar.get']('haproxy', {}) %} + #------------------ # backend instances #------------------ -{%- if 'backends' in salt['pillar.get']('haproxy', {}) %} - {%- for backend in salt['pillar.get']('haproxy:backends', {}).iteritems() %} +{%- for backend in salt['pillar.get']('haproxy:backends', {}).iteritems() %} backend {{ backend[1].get('name',backend[0]) }} {%- if 'redirects' in backend[1] %} {%- for redirect in backend[1].redirects %} @@ -180,7 +184,7 @@ backend {{ backend[1].get('name',backend[0]) }} {% endif %} {%- if 'balance' in backend[1] %} balance {{ backend[1].balance }} - {% endif %} + {%- endif %} {%- if 'options' in backend[1] %} {%- for option in backend[1].options %} option {{ option }} @@ -200,11 +204,11 @@ backend {{ backend[1].get('name',backend[0]) }} {% endif %} {%- if 'defaultserver' in backend[1] %} default-server {%- for option, value in backend[1].defaultserver.iteritems() %} {{ ' '.join((option, value|string, '')) }} {%- endfor %} - {% endif %} + {%- endif %} {%- if 'servers' in backend[1] %} {%- for server in backend[1].servers.iteritems() %} server {{ server[1].get('name',server[0]) }} {{ server[1].host }}:{{ server[1].port }} {{ server[1].check }} {%- endfor %} {% endif %} {%- endfor %} -{% endif %} +{%- endif %} From 62981b47ad4747e8cf752e16510964a85a2b0448 Mon Sep 17 00:00:00 2001 From: Marvin Frick Date: Wed, 29 Jul 2015 12:16:37 +0200 Subject: [PATCH 13/19] adds ssl-default-bind options to template --- haproxy/templates/haproxy.jinja | 7 ++++++- pillar.example | 2 ++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/haproxy/templates/haproxy.jinja b/haproxy/templates/haproxy.jinja index 3f6c548..61e020d 100644 --- a/haproxy/templates/haproxy.jinja +++ b/haproxy/templates/haproxy.jinja @@ -24,7 +24,12 @@ global # Stats support is currently limited to socket mode stats socket {{ salt['pillar.get']('haproxy:global:stats:socketpath', '/tmp/ha_stats.sock') }} {%- endif %} - +{%- if salt['pillar.get']('haproxy:global:ssl-default-bind-ciphers', False) %} + ssl-default-bind-ciphers {{ salt['pillar.get']('haproxy:global:ssl-default-bind-ciphers') }} +{%- endif %} +{%- if salt['pillar.get']('haproxy:global:ssl-default-bind-options', False) %} + ssl-default-bind-options {{ salt['pillar.get']('haproxy:global:ssl-default-bind-options') }} +{%- endif %} #------------------ # common defaults that all the 'listen' and 'backend' sections will diff --git a/pillar.example b/pillar.example index f90debc..3aee2e1 100644 --- a/pillar.example +++ b/pillar.example @@ -9,6 +9,8 @@ haproxy: stats: enable: True socketpath: /var/lib/haproxy/stats + ssl-default-bind-ciphers: "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384" + ssl-default-bind-options: "no-sslv3 no-tlsv10 no-tlsv11" user: haproxy group: haproxy From 267e27680a6bfab228bf1e62c9a9f84d189eacd2 Mon Sep 17 00:00:00 2001 From: Marvin Frick Date: Wed, 29 Jul 2015 12:25:43 +0200 Subject: [PATCH 14/19] adds some default values for essential params With this PR the haproxy.config state will actually render a valid haproxy.cfg from default values, even when the values are not explicitely passed via the pillar. Right now, an invalid cfg is generated which breaks haproxy on startup. --- haproxy/templates/haproxy.jinja | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/haproxy/templates/haproxy.jinja b/haproxy/templates/haproxy.jinja index 3f6c548..60469a7 100644 --- a/haproxy/templates/haproxy.jinja +++ b/haproxy/templates/haproxy.jinja @@ -31,9 +31,9 @@ global # use- if not designated in their block #------------------ defaults - log {{ salt['pillar.get']('haproxy:defaults:log') }} - mode {{ salt['pillar.get']('haproxy:defaults:mode') }} - retries {{ salt['pillar.get']('haproxy:defaults:retries') }} + log {{ salt['pillar.get']('haproxy:defaults:log', 'global')}} + mode {{ salt['pillar.get']('haproxy:defaults:mode', 'http') }} + retries {{ salt['pillar.get']('haproxy:defaults:retries', '3') }} balance {{ salt['pillar.get']('haproxy:defaults:balance', 'roundrobin') }} {%- if 'options' in salt['pillar.get']('haproxy:defaults', {}) %} {%- for option in salt['pillar.get']('haproxy:defaults:options') %} @@ -44,7 +44,11 @@ defaults {%- for timeout in salt['pillar.get']('haproxy:defaults:timeouts') %} timeout {{ timeout }} {%- endfor %} -{% endif %} +{%- else %} + timeout client 1m + timeout connect 10s + timeout server 1m +{%- endif %} {%- if 'errorfiles' in salt['pillar.get']('haproxy:defaults', {}) %} {%- for errorfile in salt['pillar.get']('haproxy:defaults:errorfiles').iteritems() %} errorfile {{ errorfile[0] }} {{ errorfile[1] }} From 310c49f1ed21dfaac5350961ce6d6d08e88e29d8 Mon Sep 17 00:00:00 2001 From: Adam Bolte Date: Wed, 5 Aug 2015 20:02:51 +1000 Subject: [PATCH 15/19] Add support for a resolvers section (new to 1.6). --- haproxy/templates/haproxy.jinja | 22 +++++++++++++++++++++- pillar.example | 10 ++++++++++ 2 files changed, 31 insertions(+), 1 deletion(-) diff --git a/haproxy/templates/haproxy.jinja b/haproxy/templates/haproxy.jinja index 3f6c548..4af2ec9 100644 --- a/haproxy/templates/haproxy.jinja +++ b/haproxy/templates/haproxy.jinja @@ -50,6 +50,21 @@ defaults errorfile {{ errorfile[0] }} {{ errorfile[1] }} {%- endfor %} {%- endif %} +{%- if salt['pillar.get']('haproxy:resolvers') %} + + +#------------------ +# DNS resolvers +#------------------ +{%- for resolver in salt['pillar.get']('haproxy:resolvers', {}).iteritems() %} +resolvers {{ resolver[0] }} + {%- if 'options' in resolver[1] %} + {%- for option in resolver[1].options %} + {{ option }} + {%- endfor %} + {%- endif %} +{%- endfor %} +{%- endif %} {%- if 'listens' in salt['pillar.get']('haproxy', {}) %} @@ -144,6 +159,11 @@ frontend {{ frontend[1].get('name', frontend[0]) }} bind {{ frontend[1].bind }} {%- endif %} {%- endif %} + {%- if 'options' in frontend[1] %} + {%- for option in frontend[1].options %} + {{ option }} + {%- endfor %} + {%- endif -%} {%- if 'redirects' in frontend[1] %} {%- for front_redirect in frontend[1].redirects %} redirect {{ front_redirect }} @@ -207,7 +227,7 @@ backend {{ backend[1].get('name',backend[0]) }} {%- endif %} {%- if 'servers' in backend[1] %} {%- for server in backend[1].servers.iteritems() %} - server {{ server[1].get('name',server[0]) }} {{ server[1].host }}:{{ server[1].port }} {{ server[1].check }} + server {{ server[1].get('name',server[0]) }} {{ server[1].host }}:{{ server[1].port }} {{ server[1].check }} {{ server[1].get('extra', '') }} {%- endfor %} {% endif %} {%- endfor %} diff --git a/pillar.example b/pillar.example index f90debc..a4ab9a9 100644 --- a/pillar.example +++ b/pillar.example @@ -45,6 +45,15 @@ haproxy: 503: /etc/haproxy/errors/503.http 504: /etc/haproxy/errors/504.http + {# Suported by HAProxy 1.6 #} + resolvers: + local_dns: + options: + - nameserver resolvconf 127.0.0.1:53 + - resolve_retries 3 + - timeout retry 1s + - hold valid 10s + listens: stats: bind: @@ -144,3 +153,4 @@ haproxy: host: apiserver2.example.com port: 80 check: check + extra: resolvers local_dns resolve-prefer ipv4 From 05b82326e9c13823d3162b3524177a5c06b75a2c Mon Sep 17 00:00:00 2001 From: Troy Germain Date: Mon, 10 Aug 2015 00:35:40 -0700 Subject: [PATCH 16/19] allow for loops to accept single line entries not only dicts and added functions --- haproxy/templates/haproxy.jinja | 401 ++++++++++++++++++++++++-------- pillar.example | 16 ++ 2 files changed, 321 insertions(+), 96 deletions(-) diff --git a/haproxy/templates/haproxy.jinja b/haproxy/templates/haproxy.jinja index ae35092..d37d047 100644 --- a/haproxy/templates/haproxy.jinja +++ b/haproxy/templates/haproxy.jinja @@ -20,15 +20,40 @@ global {%- if salt['pillar.get']('haproxy:global:daemon', 'no') == True %} daemon {%- endif %} -{% if salt['pillar.get']('haproxy:global:stats:enable', 'no') == True %} - # Stats support is currently limited to socket mode +{%- if salt['pillar.get']('haproxy:global:stats:enable', 'no') == True %} stats socket {{ salt['pillar.get']('haproxy:global:stats:socketpath', '/tmp/ha_stats.sock') }} {%- endif %} -{%- if salt['pillar.get']('haproxy:global:ssl-default-bind-ciphers', False) %} +{%- if 'ssl-default-bind-ciphers' in salt['pillar.get']('haproxy:global', {}) %} ssl-default-bind-ciphers {{ salt['pillar.get']('haproxy:global:ssl-default-bind-ciphers') }} {%- endif %} -{%- if salt['pillar.get']('haproxy:global:ssl-default-bind-options', False) %} - ssl-default-bind-options {{ salt['pillar.get']('haproxy:global:ssl-default-bind-options') }} +{%- if 'ssl-default-bind-options' in salt['pillar.get']('haproxy:global', {}) %} + {%- if salt['pillar.get']('ssl-default-bind-options') is string or salt['pillar.get']('haproxy:global:ssl-default-bind-options') is number %} + ssl-default-bind-options {{ salt['pillar.get']('haproxy:global:ssldefaultbindoptions') }} + {%- else %} + {%- for ssl-default-bind-option in salt['pillar.get']('haproxy:global:ssl-default-bind-opitions').iteritems() %} + ssl-default-bind-options {{ ssl-default-dind-option }} + {%- endfor %} + {%- endif %} +{% endif %} +{%- if 'maxconn' in salt['pillar.get']('haproxy:global', {}) %} + maxconn {{ salt['pillar.get']('haproxy:global:maxconn') }} +{%- endif %} +{%- if 'maxpipes' in salt['pillar.get']('haproxy:global', {}) %} + maxpipes {{ salt['pillar.get']('haproxy:global:maxpipes') }} +{%- endif %} +{%- if 'spreadchecks' in salt['pillar.get']('haproxy:global', {}) %} + spread-checks {{ salt['pillar.get']('haproxy:global:spreadchecks') }} +{%- endif %} +{%- if 'tune' in salt['pillar.get']('haproxy:global', {}) %} + {%- for setting, item in salt['pillar.get']('haproxy:global:tune').iteritems() %} + {%- if item is number or item is string %} + tune.{{setting}} {{item}} + {%- else %} + {%- for subsetting, value in item.iteritems() %} + tune.{{setting}}.{{subsetting}} {{value}} + {%- endfor %} + {%- endif %} + {%- endfor %} {%- endif %} #------------------ @@ -36,201 +61,385 @@ global # use- if not designated in their block #------------------ defaults - log {{ salt['pillar.get']('haproxy:defaults:log', 'global')}} + log {{ salt['pillar.get']('haproxy:defaults:log', 'global') }} mode {{ salt['pillar.get']('haproxy:defaults:mode', 'http') }} retries {{ salt['pillar.get']('haproxy:defaults:retries', '3') }} balance {{ salt['pillar.get']('haproxy:defaults:balance', 'roundrobin') }} {%- if 'options' in salt['pillar.get']('haproxy:defaults', {}) %} - {%- for option in salt['pillar.get']('haproxy:defaults:options') %} + {%- if salt['pillar.get']('haproxy:defaults:options') is string %} + option {{ salt['pillar.get']('haproxy:defaults:options') }} + {%- else %} + {%- for option in salt['pillar.get']('haproxy:defaults:options') %} option {{ option }} - {%- endfor %} -{% endif %} + {%- endfor %} + {%- endif %} +{%- endif %} +{%- if 'maxconn' in salt['pillar.get']('haproxy:defaults', {}) %} + maxconn {{ salt['pillar.get']('haproxy:defaults:maxconn') }} +{%- endif %} {%- if 'timeouts' in salt['pillar.get']('haproxy:defaults', {}) %} {%- for timeout in salt['pillar.get']('haproxy:defaults:timeouts') %} timeout {{ timeout }} {%- endfor %} {%- else %} - timeout client 1m + timeout client 1m timeout connect 10s - timeout server 1m + timeout server 1m {%- endif %} {%- if 'errorfiles' in salt['pillar.get']('haproxy:defaults', {}) %} {%- for errorfile in salt['pillar.get']('haproxy:defaults:errorfiles').iteritems() %} errorfile {{ errorfile[0] }} {{ errorfile[1] }} {%- endfor %} -{%- endif %} +{% endif %} {%- if salt['pillar.get']('haproxy:resolvers') %} #------------------ # DNS resolvers #------------------ -{%- for resolver in salt['pillar.get']('haproxy:resolvers', {}).iteritems() %} + {%- for resolver in salt['pillar.get']('haproxy:resolvers', {}).iteritems() %} resolvers {{ resolver[0] }} - {%- if 'options' in resolver[1] %} + {%- if 'options' in resolver[1] %} {%- for option in resolver[1].options %} {{ option }} {%- endfor %} - {%- endif %} -{%- endfor %} + {%- endif %} + {%- endfor %} {%- endif %} {%- if 'listens' in salt['pillar.get']('haproxy', {}) %} - #------------------ # listen instances #------------------ -{%- for listener in salt['pillar.get']('haproxy:listens', {}).iteritems() %} + {%- for listener in salt['pillar.get']('haproxy:listens', {}).iteritems() %} listen {{ listener[1].get('name', listener[0]) }} {%- if 'bind' in listener[1] %} - {%- if listener[1].bind[1] is defined and listener[1].bind[1]|length > 1 %} + {%- if listener[1].bind is string %} + bind {{ listener[1].bind }} + {%- else %} {%- for socket in listener[1].bind %} bind {{ socket }} {%- endfor %} - {%- elif listener[1].bind[0]|length > 1 %} - bind {{ listener[1].bind[0] }} + {%- endif %} + {%- endif %} + {%- if 'mode' in listener[1] %} + mode {{ listener[1].mode }} + {%- endif %} + {%- if 'sticktable' in listener[1] %} + stick-table {{ listener[1].sticktable }} + {%- endif %} + {%- if 'acls' in listener[1] %} + {%- if listener[1].acls is string %} + acl {{ listener[1].acls }} {%- else %} - bind {{ listener[1].bind }} + {%- for acl in listener[1].acls %} + acl {{ acl }} + {%- endfor %} {%- endif %} {%- endif %} {%- if 'redirects' in listener[1] %} - {%- for front_redirect in listener[1].redirects %} - redirect {{ front_redirect }} - {%- endfor %} + {%- if listener[1].redirects is string %} + redirect {{ listener[1].redirects }} + {%- else %} + {%- for redirect in listener[1].redirects %} + redirect {{ redirect }} + {%- endfor %} + {%- endif %} {%- endif %} - {%- if 'acls' in listener[1] %} - {%- for acl in listener[1].acls %} - acl {{ acl }} - {%- endfor %} + {%- if 'stickons' in listener[1] %} + {%- if listener[1].stickons is string %} + stick on {{ listener[1].stickons }} + {%- else %} + {%- for stickon in listener[1].stickons %} + stick on {{ stickon }} + {%- endfor %} + {%- endif %} {%- endif %} - {%- if 'reqadd' in listener[1] %} - {%- for reqadd in listener[1].reqadd %} + {%- if 'tcprequests' in listener[1] %} + {%- if listener[1].tcprequests is string %} + tcp-request {{ listner[1].tcprequests }} + {%- else %} + {%- for tcprequest in listener[1].tcprequests %} + tcp-request {{ tcprequest }} + {%- endfor %} + {%- endif %} + {%- endif %} + {%- if 'tcpresponses' in listener[1] %} + {%- if listener[1].tcpresponses is string %} + tcp-response {{ listener[1].tcpresponses }} + {%- else %} + {%- for tcpresponse in listener[1].tcpresponses %} + tcp-response {{ tcpresponse }} + {%- endfor %} + {%- endif %} + {%- endif %} + {%- if 'httprequests' in listener[1] %} + {%- if listener[1].httprequests is string %} + http-request {{ listener[1].httprequests }} + {%- else %} + {%- for httprequest in listener[1].httprequests %} + http-request {{ httprequest }} + {%- endfor %} + {%- endif %} + {%- endif %} + {%- if 'uniqueidformat' in listener[1] %} + unique-id-format {{ listener[1].uniqueidformat }} + {%- endif %} + {%- if 'uniqueidheader' in listener[1] %} + unique-id-header {{ listener[1].uniqueidheader }} + {%- endif %} + {%- if 'reqadds' in listener[1] %} + {%- if listener[1].reqadds is string %} + reqadd {{ listener[1].reqadds }} + {%- else %} + {%- for reqadd in listener[1].reqadds %} reqadd {{ reqadd }} - {%- endfor %} + {%- endfor %} + {%- endif %} {%- endif %} {%- if 'default_backend' in listener[1] %} default_backend {{ listener[1].default_backend }} - {% endif %} + {%- endif %} {%- if 'use_backends' in listener[1] %} - {%- for use_backend in listener[1].use_backendsi %} + {%- if listener[1].use_backends is string %} + use_backend {{ listener[1].use_backends }} + {%- else %} + {%- for use_backend in listener[1].use_backendsi %} use_backend {{ use_backend }} - {%- endfor %} - {% endif %} + {%- endfor %} + {%- endif %} + {%- endif %} {%- if 'balance' in listener[1] %} balance {{ listener[1].balance }} - {% endif %} + {%- endif %} {%- if 'options' in listener[1] %} - {%- for option in listener[1].options %} + {%- if listener[1].options is string %} + option {{ listener[1].options }} + {%- else %} + {%- for option in listener[1].options %} option {{ option }} - {%- endfor %} - {% endif %} + {%- endfor %} + {%- endif %} + {%- endif %} {%- if 'cookie' in listener[1] %} cookie {{ listener[1].cookie }} - {% endif %} + {%- endif %} {%- if 'stats' in listener[1] %} {%- for option, value in listener[1].stats.iteritems() %} {%- if option == 'enable' and value %} stats enable - {% else %} + {%- else %} stats {{ option }} {{ value }} - {% endif %} + {%- endif %} {%- endfor %} - {% endif %} + {%- endif %} {%- if 'appsession' in listener[1] %} + {%- if listener[1].appsession is string %} + appsession {{ listener[1].appsession }} + {%- else %} appsession {%- for option in listener[1].appsession %} {{ option }} {%- endfor %} - {% endif %} + {%- endif %} + {%- endif %} {%- if 'defaultserver' in listener[1] %} default-server {%- for option, value in listener[1].defaultserver.iteritems() %} {{ ' '.join((option, value|string, '')) }} {%- endfor %} - {% endif %} + {%- endif %} {%- if 'servers' in listener[1] %} {%- for server in listener[1].servers.iteritems() %} - server {{ server[1].get('name',server[0]) }} {{ server[1].host }}:{{ server[1].port }} {{ server[1].check }} + server {{ server[1].get('name',server[0]) }} {{ server[1].host }}:{{ server[1].port }} {{ server[1].check }} {{ server[1].get('extra', '') }} {%- endfor %} - {% endif %} - {%- endfor %} -{%- endif %} + {%- endif %} + {% endfor %} +{% endif %} {%- if 'frontends' in salt['pillar.get']('haproxy', {}) %} - #------------------ # frontend instances #------------------ -{%- for frontend in salt['pillar.get']('haproxy:frontends', {}).iteritems() %} + {%- for frontend in salt['pillar.get']('haproxy:frontends', {}).iteritems() %} frontend {{ frontend[1].get('name', frontend[0]) }} {%- if 'bind' in frontend[1] %} - {%- if frontend[1].bind[1] is defined and frontend[1].bind[1]|length > 1 %} + {%- if frontend[1].bind is string %} + bind {{ frontend[1].bind }} + {%- else %} {%- for socket in frontend[1].bind %} bind {{ socket }} {%- endfor %} - {%- elif frontend[1].bind[0]|length > 1 %} - bind {{ frontend[1].bind[0] }} - {%- else %} - bind {{ frontend[1].bind }} {%- endif %} {%- endif %} + {%- if 'mode' in frontend[1] %} + mode {{ frontend[1].mode }} + {%- endif %} {%- if 'options' in frontend[1] %} - {%- for option in frontend[1].options %} - {{ option }} - {%- endfor %} - {%- endif -%} - {%- if 'redirects' in frontend[1] %} - {%- for front_redirect in frontend[1].redirects %} - redirect {{ front_redirect }} - {%- endfor %} - {% endif %} + {%- if frontend[1].options is string %} + option {{ frontend[1].options }} + {%- else %} + {%- for option in frontend[1].options %} + option {{ option }} + {%- endfor %} + {%- endif %} + {%- endif %} + {%- if 'sticktable' in frontend[1] %} + stick-table {{ frontend[1].sticktable }} + {%- endif %} {%- if 'acls' in frontend[1] %} - {%- for acl in frontend[1].acls %} + {%- if frontend[1].acls is string %} + acl {{ frontend[1].acls }} + {%- else %} + {%- for acl in frontend[1].acls %} acl {{ acl }} - {%- endfor %} - {% endif %} - {%- if 'reqadd' in frontend[1] %} - {%- for reqadd in frontend[1].reqadd %} + {%- endfor %} + {%- endif %} + {%- endif %} + {%- if 'redirects' in frontend[1] %} + {%- if frontend[1].redirects is string %} + redirect {{ frontend[1].redirects }} + {%- else %} + {%- for redirect in frontend[1].redirects %} + redirect {{ redirect }} + {%- endfor %} + {%- endif %} + {%- endif %} + {%- if 'tcprequests' in frontend[1] %} + {%- if frontend[1].tcprequests is string %} + tcp-request {{ frontend[1].tcprequests }} + {%- else %} + {%- for tcprequest in frontend[1].tcprequests %} + tcp-request {{ tcprequest }} + {%- endfor %} + {%- endif %} + {%- endif %} + {%- if 'tcpresponses' in frontend[1] %} + {%- if frontend[1].tcpresponses is string %} + tcp-response {{ frontend[1].tcpresponses }} + {%- else %} + {%- for tcpresponse in frontend[1].tcpresponses %} + tcp-response {{ tcpresponse }} + {%- endfor %} + {%- endif %} + {%- endif %} + {%- if 'stickons' in frontend[1] %} + {%- if frontend[1].stickons is string %} + stick on {{ frontend[1].stickons }} + {%- else %} + {%- for stickon in frontend[1].stickons %} + stick on {{ stickon }} + {%- endfor %} + {%- endif %} + {%- endif %} + {%- if 'reqadds' in frontend[1] %} + {%- if frontend[1].reqadds is string %} + reqadd {{ frontend[1].reqadds }} + {%- else %} + {%- for reqadd in frontend[1].reqadds %} reqadd {{ reqadd }} - {%- endfor %} - {% endif %} + {%- endfor %} + {%- endif %} + {%- endif %} {%- if 'default_backend' in frontend[1] %} default_backend {{ frontend[1].default_backend }} - {% endif %} - {%- if 'use_backends' in frontend[1] %} - {%- for use_backend in frontend[1].use_backends %} - use_backend {{ use_backend }} - {%- endfor %} {%- endif %} - {%- endfor %} -{%- endif %} + {%- if 'use_backends' in frontend[1] %} + {%- if frontend[1].use_backends is string %} + use_backend {{ frontend[1].use_backends }} + {%- else %} + {%- for use_backend in frontend[1].use_backends %} + use_backend {{ use_backend }} + {%- endfor %} + {%- endif %} + {%- endif %} + {% endfor %} +{% endif %} {%- if 'backends' in salt['pillar.get']('haproxy', {}) %} - #------------------ # backend instances #------------------ -{%- for backend in salt['pillar.get']('haproxy:backends', {}).iteritems() %} + {%- for backend in salt['pillar.get']('haproxy:backends', {}).iteritems() %} backend {{ backend[1].get('name',backend[0]) }} - {%- if 'redirects' in backend[1] %} - {%- for redirect in backend[1].redirects %} - redirect {{ redirect }} - {%- endfor %} - {% endif %} + {%- if 'mode' in backend[1] %} + mode {{ backend[1].mode }} + {%- endif %} {%- if 'balance' in backend[1] %} balance {{ backend[1].balance }} {%- endif %} {%- if 'options' in backend[1] %} - {%- for option in backend[1].options %} + {%- if backend[1].options is string %} + option {{ backend[1].options }} + {%- else %} + {%- for option in backend[1].options %} option {{ option }} - {%- endfor %} - {% endif %} + {%- endfor %} + {%- endif %} + {%- endif %} + {%- if 'sticktable' in backend[1] %} + stick-table {{ backend[1].sticktable }} + {%- endif %} + {%- if 'acls' in backend[1] %} + {%- if backend[1].acls is string %} + acl {{ backend[1].acls }} + {%- else %} + {%- for acl in backend[1].acls %} + acl {{ acl }} + {%- endfor %} + {%- endif %} + {%- endif %} + {%- if 'redirects' in backend[1] %} + {%- if backend[1].redirects is string %} + redirect {{ backend[1].redirects }} + {%- else %} + {%- for redirect in backend[1].redirects %} + redirect {{ redirect }} + {%- endfor %} + {%- endif %} + {%- endif %} + {%- if 'tcprequests' in backend[1] %} + {%- if backend[1].tcprequests is string %} + tcp-request {{ backend[1].tcprequests }} + {%- else %} + {%- for tcprequest in backend[1].tcprequests %} + tcp-request {{ tcprequest }} + {%- endfor %} + {%- endif %} + {%- endif %} + {%- if 'tcpresponses' in backend[1] %} + {%- if backend[1].tcpresponses is string %} + tcp-response {{ backend[1].tcpresponses }} + {%- else %} + {%- for tcpresponse in backend[1].tcpresponses %} + tcp-response {{ tcpresponse }} + {%- endfor %} + {%- endif %} + {%- endif %} + {%- if 'httprequests' in backend[1] %} + {%- if backend[1].httprequests is string %} + http-request {{ backend[1].httprequests }} + {%- else %} + {%- for httprequest in backend[1].httprequests %} + http-request {{ httprequest }} + {%- endfor %} + {%- endif %} + {%- endif %} + {%- if 'stickons' in backend[1] %} + {%- if backend[1].stickons is string %} + stick on {{ backend[1].stickons }} + {%- else %} + {%- for stickon in backend[1].stickons %} + stick on {{ stickon }} + {%- endfor %} + {%- endif %} + {%- endif %} {%- if 'cookie' in backend[1] %} cookie {{ backend[1].cookie }} - {% endif %} + {%- endif %} {%- if 'stats' in backend[1] %} {%- for option, value in backend[1].stats.iteritems() %} {%- if option == 'enable' and value %} stats enable - {% else %} + {%- else %} stats {{ option }} {{ value }} - {% endif %} + {%- endif %} {%- endfor %} - {% endif %} + {%- endif %} {%- if 'defaultserver' in backend[1] %} default-server {%- for option, value in backend[1].defaultserver.iteritems() %} {{ ' '.join((option, value|string, '')) }} {%- endfor %} {%- endif %} @@ -238,6 +447,6 @@ backend {{ backend[1].get('name',backend[0]) }} {%- for server in backend[1].servers.iteritems() %} server {{ server[1].get('name',server[0]) }} {{ server[1].host }}:{{ server[1].port }} {{ server[1].check }} {{ server[1].get('extra', '') }} {%- endfor %} - {% endif %} - {%- endfor %} + {%- endif %} + {% endfor %} {%- endif %} diff --git a/pillar.example b/pillar.example index 1706398..44d0a50 100644 --- a/pillar.example +++ b/pillar.example @@ -56,6 +56,7 @@ haproxy: - timeout retry 1s - hold valid 10s + listens: stats: bind: @@ -156,3 +157,18 @@ haproxy: port: 80 check: check extra: resolvers local_dns resolve-prefer ipv4 + another_www: + mode: tcp + balance: source + sticktable: "type binary len 32 size 30k expire 30m" + acls: + - clienthello req_ssl_hello_type 1 + - serverhello rep_ssl_hello_type 2 + tcprequests: + - "inspect-delay 5s" + - "content accept if clienthello" + tcpresponses: + - "content accept if serverhello" + stickons: + - "payload_lv(43,1) if clienthello" + options: "ssl-hello-chk" From ac42cac2073634cb34a2c64d407a19b0daffbfd0 Mon Sep 17 00:00:00 2001 From: Troy Germain Date: Mon, 10 Aug 2015 11:09:50 -0700 Subject: [PATCH 17/19] fixing order for warnings and adding additional options --- haproxy/templates/haproxy.jinja | 170 +++++++++++++++++++++----------- 1 file changed, 111 insertions(+), 59 deletions(-) diff --git a/haproxy/templates/haproxy.jinja b/haproxy/templates/haproxy.jinja index d37d047..e28ede1 100644 --- a/haproxy/templates/haproxy.jinja +++ b/haproxy/templates/haproxy.jinja @@ -23,18 +23,6 @@ global {%- if salt['pillar.get']('haproxy:global:stats:enable', 'no') == True %} stats socket {{ salt['pillar.get']('haproxy:global:stats:socketpath', '/tmp/ha_stats.sock') }} {%- endif %} -{%- if 'ssl-default-bind-ciphers' in salt['pillar.get']('haproxy:global', {}) %} - ssl-default-bind-ciphers {{ salt['pillar.get']('haproxy:global:ssl-default-bind-ciphers') }} -{%- endif %} -{%- if 'ssl-default-bind-options' in salt['pillar.get']('haproxy:global', {}) %} - {%- if salt['pillar.get']('ssl-default-bind-options') is string or salt['pillar.get']('haproxy:global:ssl-default-bind-options') is number %} - ssl-default-bind-options {{ salt['pillar.get']('haproxy:global:ssldefaultbindoptions') }} - {%- else %} - {%- for ssl-default-bind-option in salt['pillar.get']('haproxy:global:ssl-default-bind-opitions').iteritems() %} - ssl-default-bind-options {{ ssl-default-dind-option }} - {%- endfor %} - {%- endif %} -{% endif %} {%- if 'maxconn' in salt['pillar.get']('haproxy:global', {}) %} maxconn {{ salt['pillar.get']('haproxy:global:maxconn') }} {%- endif %} @@ -55,6 +43,18 @@ global {%- endif %} {%- endfor %} {%- endif %} +{%- if 'ssl-default-bind-ciphers' in salt['pillar.get']('haproxy:global', {}) %} + ssl-default-bind-ciphers {{ salt['pillar.get']('haproxy:global:ssl-default-bind-ciphers') }} +{%- endif %} +{%- if 'ssl-default-bind-options' in salt['pillar.get']('haproxy:global', {}) %} + {%- if salt['pillar.get']('ssl-default-bind-options') is string or salt['pillar.get']('haproxy:global:ssl-default-bind-options') is number %} + ssl-default-bind-options {{ salt['pillar.get']('haproxy:global:ssldefaultbindoptions') }} + {%- else %} + {%- for ssl-default-bind-option in salt['pillar.get']('haproxy:global:ssl-default-bind-opitions').iteritems() %} + ssl-default-bind-options {{ ssl-default-dind-option }} + {%- endfor %} + {%- endif %} +{% endif %} #------------------ # common defaults that all the 'listen' and 'backend' sections will @@ -122,12 +122,30 @@ listen {{ listener[1].get('name', listener[0]) }} {%- endfor %} {%- endif %} {%- endif %} + {%- if 'log' in listener[1] %} + log {{ listener[1].log }} + {%- endif %} {%- if 'mode' in listener[1] %} mode {{ listener[1].mode }} {%- endif %} + {%- if 'uniqueidformat' in listener[1] %} + unique-id-format {{ listener[1].uniqueidformat }} + {%- endif %} + {%- if 'uniqueidheader' in listener[1] %} + unique-id-header {{ listener[1].uniqueidheader }} + {%- endif %} {%- if 'sticktable' in listener[1] %} stick-table {{ listener[1].sticktable }} {%- endif %} + {%- if 'captures' in listener[1] %} + {%- if listener[1].captures is string %} + capture {{ listener[1].captures }} + {%- else %} + {%- for capture in listener[1].captures %} + capture {{ capture }} + {%- endfor %} + {%- endif %} + {%- endif %} {%- if 'acls' in listener[1] %} {%- if listener[1].acls is string %} acl {{ listener[1].acls }} @@ -137,24 +155,6 @@ listen {{ listener[1].get('name', listener[0]) }} {%- endfor %} {%- endif %} {%- endif %} - {%- if 'redirects' in listener[1] %} - {%- if listener[1].redirects is string %} - redirect {{ listener[1].redirects }} - {%- else %} - {%- for redirect in listener[1].redirects %} - redirect {{ redirect }} - {%- endfor %} - {%- endif %} - {%- endif %} - {%- if 'stickons' in listener[1] %} - {%- if listener[1].stickons is string %} - stick on {{ listener[1].stickons }} - {%- else %} - {%- for stickon in listener[1].stickons %} - stick on {{ stickon }} - {%- endfor %} - {%- endif %} - {%- endif %} {%- if 'tcprequests' in listener[1] %} {%- if listener[1].tcprequests is string %} tcp-request {{ listner[1].tcprequests }} @@ -182,12 +182,6 @@ listen {{ listener[1].get('name', listener[0]) }} {%- endfor %} {%- endif %} {%- endif %} - {%- if 'uniqueidformat' in listener[1] %} - unique-id-format {{ listener[1].uniqueidformat }} - {%- endif %} - {%- if 'uniqueidheader' in listener[1] %} - unique-id-header {{ listener[1].uniqueidheader }} - {%- endif %} {%- if 'reqadds' in listener[1] %} {%- if listener[1].reqadds is string %} reqadd {{ listener[1].reqadds }} @@ -197,6 +191,24 @@ listen {{ listener[1].get('name', listener[0]) }} {%- endfor %} {%- endif %} {%- endif %} + {%- if 'redirects' in listener[1] %} + {%- if listener[1].redirects is string %} + redirect {{ listener[1].redirects }} + {%- else %} + {%- for redirect in listener[1].redirects %} + redirect {{ redirect }} + {%- endfor %} + {%- endif %} + {%- endif %} + {%- if 'stickons' in listener[1] %} + {%- if listener[1].stickons is string %} + stick on {{ listener[1].stickons }} + {%- else %} + {%- for stickon in listener[1].stickons %} + stick on {{ stickon }} + {%- endfor %} + {%- endif %} + {%- endif %} {%- if 'default_backend' in listener[1] %} default_backend {{ listener[1].default_backend }} {%- endif %} @@ -212,6 +224,9 @@ listen {{ listener[1].get('name', listener[0]) }} {%- if 'balance' in listener[1] %} balance {{ listener[1].balance }} {%- endif %} + {%- if 'maxconn' in listener[1] %} + maxconn {{ listener[1].maxconn }} + {%- endif %} {%- if 'options' in listener[1] %} {%- if listener[1].options is string %} option {{ listener[1].options }} @@ -266,9 +281,15 @@ frontend {{ frontend[1].get('name', frontend[0]) }} {%- endfor %} {%- endif %} {%- endif %} + {%- if 'log' in frontend[1] %} + log {{ frontend[1].log }} + {%- endif %} {%- if 'mode' in frontend[1] %} mode {{ frontend[1].mode }} {%- endif %} + {%- if 'maxconn' in frontend[1] %} + maxconn {{ frontend[1].maxconn }} + {%- endif %} {%- if 'options' in frontend[1] %} {%- if frontend[1].options is string %} option {{ frontend[1].options }} @@ -278,9 +299,24 @@ frontend {{ frontend[1].get('name', frontend[0]) }} {%- endfor %} {%- endif %} {%- endif %} + {%- if 'uniqueidformat' in frontend[1] %} + unique-id-format {{ frontend[1].uniqueidformat }} + {%- endif %} + {%- if 'uniqueidheader' in frontend[1] %} + unique-id-header {{ frontend[1].uniqueidheader }} + {%- endif %} {%- if 'sticktable' in frontend[1] %} stick-table {{ frontend[1].sticktable }} {%- endif %} + {%- if 'captures' in frontend[1] %} + {%- if frontend[1].captures is string %} + capture {{ frontend[1].captures }} + {%- else %} + {%- for capture in frontend[1].captures %} + capture {{ capture }} + {%- endfor %} + {%- endif %} + {%- endif %} {%- if 'acls' in frontend[1] %} {%- if frontend[1].acls is string %} acl {{ frontend[1].acls }} @@ -290,15 +326,6 @@ frontend {{ frontend[1].get('name', frontend[0]) }} {%- endfor %} {%- endif %} {%- endif %} - {%- if 'redirects' in frontend[1] %} - {%- if frontend[1].redirects is string %} - redirect {{ frontend[1].redirects }} - {%- else %} - {%- for redirect in frontend[1].redirects %} - redirect {{ redirect }} - {%- endfor %} - {%- endif %} - {%- endif %} {%- if 'tcprequests' in frontend[1] %} {%- if frontend[1].tcprequests is string %} tcp-request {{ frontend[1].tcprequests }} @@ -317,12 +344,12 @@ frontend {{ frontend[1].get('name', frontend[0]) }} {%- endfor %} {%- endif %} {%- endif %} - {%- if 'stickons' in frontend[1] %} - {%- if frontend[1].stickons is string %} - stick on {{ frontend[1].stickons }} + {%- if 'httprequests' in frontend[1] %} + {%- if frontend[1].httprequests is string %} + http-request {{ frontend[1].httprequests }} {%- else %} - {%- for stickon in frontend[1].stickons %} - stick on {{ stickon }} + {%- for httprequest in frontend[1].httprequests %} + http-request {{ httprequest }} {%- endfor %} {%- endif %} {%- endif %} @@ -335,6 +362,24 @@ frontend {{ frontend[1].get('name', frontend[0]) }} {%- endfor %} {%- endif %} {%- endif %} + {%- if 'redirects' in frontend[1] %} + {%- if frontend[1].redirects is string %} + redirect {{ frontend[1].redirects }} + {%- else %} + {%- for redirect in frontend[1].redirects %} + redirect {{ redirect }} + {%- endfor %} + {%- endif %} + {%- endif %} + {%- if 'stickons' in frontend[1] %} + {%- if frontend[1].stickons is string %} + stick on {{ frontend[1].stickons }} + {%- else %} + {%- for stickon in frontend[1].stickons %} + stick on {{ stickon }} + {%- endfor %} + {%- endif %} + {%- endif %} {%- if 'default_backend' in frontend[1] %} default_backend {{ frontend[1].default_backend }} {%- endif %} @@ -383,15 +428,6 @@ backend {{ backend[1].get('name',backend[0]) }} {%- endfor %} {%- endif %} {%- endif %} - {%- if 'redirects' in backend[1] %} - {%- if backend[1].redirects is string %} - redirect {{ backend[1].redirects }} - {%- else %} - {%- for redirect in backend[1].redirects %} - redirect {{ redirect }} - {%- endfor %} - {%- endif %} - {%- endif %} {%- if 'tcprequests' in backend[1] %} {%- if backend[1].tcprequests is string %} tcp-request {{ backend[1].tcprequests }} @@ -419,6 +455,15 @@ backend {{ backend[1].get('name',backend[0]) }} {%- endfor %} {%- endif %} {%- endif %} + {%- if 'redirects' in backend[1] %} + {%- if backend[1].redirects is string %} + redirect {{ backend[1].redirects }} + {%- else %} + {%- for redirect in backend[1].redirects %} + redirect {{ redirect }} + {%- endfor %} + {%- endif %} + {%- endif %} {%- if 'stickons' in backend[1] %} {%- if backend[1].stickons is string %} stick on {{ backend[1].stickons }} @@ -440,6 +485,13 @@ backend {{ backend[1].get('name',backend[0]) }} {%- endif %} {%- endfor %} {%- endif %} + {%- if 'appsession' in backend[1] %} + {%- if backend[1].appsession is string %} + appsession {{ backend[1].appsession }} + {%- else %} + appsession {%- for option in backend[1].appsession %} {{ option }} {%- endfor %} + {%- endif %} + {%- endif %} {%- if 'defaultserver' in backend[1] %} default-server {%- for option, value in backend[1].defaultserver.iteritems() %} {{ ' '.join((option, value|string, '')) }} {%- endfor %} {%- endif %} From 62ee2588146769cc144ef04fcc4bf7530ba42c6d Mon Sep 17 00:00:00 2001 From: Barrie Campbell Date: Wed, 12 Aug 2015 16:32:10 -0400 Subject: [PATCH 18/19] Fix typos --- haproxy/templates/haproxy.jinja | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/haproxy/templates/haproxy.jinja b/haproxy/templates/haproxy.jinja index e28ede1..b392cbd 100644 --- a/haproxy/templates/haproxy.jinja +++ b/haproxy/templates/haproxy.jinja @@ -47,11 +47,11 @@ global ssl-default-bind-ciphers {{ salt['pillar.get']('haproxy:global:ssl-default-bind-ciphers') }} {%- endif %} {%- if 'ssl-default-bind-options' in salt['pillar.get']('haproxy:global', {}) %} - {%- if salt['pillar.get']('ssl-default-bind-options') is string or salt['pillar.get']('haproxy:global:ssl-default-bind-options') is number %} - ssl-default-bind-options {{ salt['pillar.get']('haproxy:global:ssldefaultbindoptions') }} + {%- if salt['pillar.get']('haproxy:global:ssl-default-bind-options') is string or salt['pillar.get']('haproxy:global:ssl-default-bind-options') is number %} + ssl-default-bind-options {{ salt['pillar.get']('haproxy:global:ssl-default-bind-options') }} {%- else %} - {%- for ssl-default-bind-option in salt['pillar.get']('haproxy:global:ssl-default-bind-opitions').iteritems() %} - ssl-default-bind-options {{ ssl-default-dind-option }} + {%- for option in salt['pillar.get']('haproxy:global:ssl-default-bind-options').items() %} + ssl-default-bind-options {{ option }} {%- endfor %} {%- endif %} {% endif %} From 81ab45bed34101ca2681ea2437a1d5432d04b174 Mon Sep 17 00:00:00 2001 From: Barrie Campbell Date: Mon, 17 Aug 2015 16:40:55 -0400 Subject: [PATCH 19/19] Add stats. Add reqrep to backend. Add macro for template simplification. Add example pillars --- haproxy/templates/haproxy.jinja | 149 ++++++++------------------------ pillar.example | 7 ++ 2 files changed, 45 insertions(+), 111 deletions(-) diff --git a/haproxy/templates/haproxy.jinja b/haproxy/templates/haproxy.jinja index b392cbd..7c97ddb 100644 --- a/haproxy/templates/haproxy.jinja +++ b/haproxy/templates/haproxy.jinja @@ -5,6 +5,19 @@ # This file is managed by Salt. # Any changes will be overwritten. +{%- macro render_list_of_dictionaries(name, list, indent = ' ', infix = ' ', postfix = '\t') %} +{%- if list is not iterable or list is string %} +{{ indent ~ name ~ postfix ~ list }} +{%- else %}{% for item in list %} +{%- if item is not iterable or item is string %} +{{ indent ~ name ~ postfix ~ item }} +{%- else %}{% for key, value in item.items() %} +{{- render_list_of_dictionaries(indent ~ name ~ infix ~ key, value, '', infix, postfix) }} + {%- endfor %} + {%- endif %} + {%- endfor %} + {%- endif %} +{%- endmacro %} #------------------ # Global settings @@ -33,28 +46,14 @@ global spread-checks {{ salt['pillar.get']('haproxy:global:spreadchecks') }} {%- endif %} {%- if 'tune' in salt['pillar.get']('haproxy:global', {}) %} - {%- for setting, item in salt['pillar.get']('haproxy:global:tune').iteritems() %} - {%- if item is number or item is string %} - tune.{{setting}} {{item}} - {%- else %} - {%- for subsetting, value in item.iteritems() %} - tune.{{setting}}.{{subsetting}} {{value}} - {%- endfor %} - {%- endif %} - {%- endfor %} + {{- render_list_of_dictionaries('tune', salt['pillar.get']('haproxy:global:tune'), ' ','.') }} {%- endif %} {%- if 'ssl-default-bind-ciphers' in salt['pillar.get']('haproxy:global', {}) %} - ssl-default-bind-ciphers {{ salt['pillar.get']('haproxy:global:ssl-default-bind-ciphers') }} + {{- render_list_of_dictionaries('ssl-default-bind-ciphers', salt['pillar.get']('haproxy:global:ssl-default-bind-ciphers')) }} {%- endif %} {%- if 'ssl-default-bind-options' in salt['pillar.get']('haproxy:global', {}) %} - {%- if salt['pillar.get']('haproxy:global:ssl-default-bind-options') is string or salt['pillar.get']('haproxy:global:ssl-default-bind-options') is number %} - ssl-default-bind-options {{ salt['pillar.get']('haproxy:global:ssl-default-bind-options') }} - {%- else %} - {%- for option in salt['pillar.get']('haproxy:global:ssl-default-bind-options').items() %} - ssl-default-bind-options {{ option }} - {%- endfor %} - {%- endif %} -{% endif %} + {{- render_list_of_dictionaries('ssl-default-bind-options', salt['pillar.get']('haproxy:global:ssl-default-bind-options')) }} +{%- endif %} #------------------ # common defaults that all the 'listen' and 'backend' sections will @@ -65,14 +64,8 @@ defaults mode {{ salt['pillar.get']('haproxy:defaults:mode', 'http') }} retries {{ salt['pillar.get']('haproxy:defaults:retries', '3') }} balance {{ salt['pillar.get']('haproxy:defaults:balance', 'roundrobin') }} -{%- if 'options' in salt['pillar.get']('haproxy:defaults', {}) %} - {%- if salt['pillar.get']('haproxy:defaults:options') is string %} - option {{ salt['pillar.get']('haproxy:defaults:options') }} - {%- else %} - {%- for option in salt['pillar.get']('haproxy:defaults:options') %} - option {{ option }} - {%- endfor %} - {%- endif %} +{%- if 'options' in salt['pillar.get']('haproxy:defaults', {}) -%} + {{- render_list_of_dictionaries('option', salt['pillar.get']('haproxy:defaults:options')) }} {%- endif %} {%- if 'maxconn' in salt['pillar.get']('haproxy:defaults', {}) %} maxconn {{ salt['pillar.get']('haproxy:defaults:maxconn') }} @@ -86,6 +79,9 @@ defaults timeout connect 10s timeout server 1m {%- endif %} +{%- if 'stats' in salt['pillar.get']('haproxy:defaults', {}) -%} + {{ render_list_of_dictionaries('stats', salt['pillar.get']('haproxy:defaults:stats')) }} +{%- endif %} {%- if 'errorfiles' in salt['pillar.get']('haproxy:defaults', {}) %} {%- for errorfile in salt['pillar.get']('haproxy:defaults:errorfiles').iteritems() %} errorfile {{ errorfile[0] }} {{ errorfile[1] }} @@ -216,7 +212,7 @@ listen {{ listener[1].get('name', listener[0]) }} {%- if listener[1].use_backends is string %} use_backend {{ listener[1].use_backends }} {%- else %} - {%- for use_backend in listener[1].use_backendsi %} + {%- for use_backend in listener[1].use_backends %} use_backend {{ use_backend }} {%- endfor %} {%- endif %} @@ -273,13 +269,7 @@ listen {{ listener[1].get('name', listener[0]) }} {%- for frontend in salt['pillar.get']('haproxy:frontends', {}).iteritems() %} frontend {{ frontend[1].get('name', frontend[0]) }} {%- if 'bind' in frontend[1] %} - {%- if frontend[1].bind is string %} - bind {{ frontend[1].bind }} - {%- else %} - {%- for socket in frontend[1].bind %} - bind {{ socket }} - {%- endfor %} - {%- endif %} + {{- render_list_of_dictionaries('bind', frontend[1].bind) }} {%- endif %} {%- if 'log' in frontend[1] %} log {{ frontend[1].log }} @@ -291,13 +281,7 @@ frontend {{ frontend[1].get('name', frontend[0]) }} maxconn {{ frontend[1].maxconn }} {%- endif %} {%- if 'options' in frontend[1] %} - {%- if frontend[1].options is string %} - option {{ frontend[1].options }} - {%- else %} - {%- for option in frontend[1].options %} - option {{ option }} - {%- endfor %} - {%- endif %} + {{- render_list_of_dictionaries('options', frontend[1].options) }} {%- endif %} {%- if 'uniqueidformat' in frontend[1] %} unique-id-format {{ frontend[1].uniqueidformat }} @@ -309,88 +293,34 @@ frontend {{ frontend[1].get('name', frontend[0]) }} stick-table {{ frontend[1].sticktable }} {%- endif %} {%- if 'captures' in frontend[1] %} - {%- if frontend[1].captures is string %} - capture {{ frontend[1].captures }} - {%- else %} - {%- for capture in frontend[1].captures %} - capture {{ capture }} - {%- endfor %} - {%- endif %} + {{- render_list_of_dictionaries('capture', frontend[1].captures) }} {%- endif %} {%- if 'acls' in frontend[1] %} - {%- if frontend[1].acls is string %} - acl {{ frontend[1].acls }} - {%- else %} - {%- for acl in frontend[1].acls %} - acl {{ acl }} - {%- endfor %} - {%- endif %} + {{- render_list_of_dictionaries('acl', frontend[1].acls) }} {%- endif %} {%- if 'tcprequests' in frontend[1] %} - {%- if frontend[1].tcprequests is string %} - tcp-request {{ frontend[1].tcprequests }} - {%- else %} - {%- for tcprequest in frontend[1].tcprequests %} - tcp-request {{ tcprequest }} - {%- endfor %} - {%- endif %} + {{- render_list_of_dictionaries('tcp-request', frontend[1].tcprequests) }} {%- endif %} {%- if 'tcpresponses' in frontend[1] %} - {%- if frontend[1].tcpresponses is string %} - tcp-response {{ frontend[1].tcpresponses }} - {%- else %} - {%- for tcpresponse in frontend[1].tcpresponses %} - tcp-response {{ tcpresponse }} - {%- endfor %} - {%- endif %} + {{- render_list_of_dictionaries('tcp-response', frontend[1].tcpresponses) }} {%- endif %} {%- if 'httprequests' in frontend[1] %} - {%- if frontend[1].httprequests is string %} - http-request {{ frontend[1].httprequests }} - {%- else %} - {%- for httprequest in frontend[1].httprequests %} - http-request {{ httprequest }} - {%- endfor %} - {%- endif %} + {{- render_list_of_dictionaries('http-request', frontend[1].httprequests) }} {%- endif %} {%- if 'reqadds' in frontend[1] %} - {%- if frontend[1].reqadds is string %} - reqadd {{ frontend[1].reqadds }} - {%- else %} - {%- for reqadd in frontend[1].reqadds %} - reqadd {{ reqadd }} - {%- endfor %} - {%- endif %} + {{- render_list_of_dictionaries('reqadd', frontend[1].reqadds) }} {%- endif %} {%- if 'redirects' in frontend[1] %} - {%- if frontend[1].redirects is string %} - redirect {{ frontend[1].redirects }} - {%- else %} - {%- for redirect in frontend[1].redirects %} - redirect {{ redirect }} - {%- endfor %} - {%- endif %} + {{- render_list_of_dictionaries('redirect', frontend[1].redirects) }} {%- endif %} {%- if 'stickons' in frontend[1] %} - {%- if frontend[1].stickons is string %} - stick on {{ frontend[1].stickons }} - {%- else %} - {%- for stickon in frontend[1].stickons %} - stick on {{ stickon }} - {%- endfor %} - {%- endif %} + {{- render_list_of_dictionaries('stickon', frontend[1].stickons) }} {%- endif %} {%- if 'default_backend' in frontend[1] %} default_backend {{ frontend[1].default_backend }} {%- endif %} {%- if 'use_backends' in frontend[1] %} - {%- if frontend[1].use_backends is string %} - use_backend {{ frontend[1].use_backends }} - {%- else %} - {%- for use_backend in frontend[1].use_backends %} - use_backend {{ use_backend }} - {%- endfor %} - {%- endif %} + {{- render_list_of_dictionaries('use_backend', frontend[1].use_backends) }} {%- endif %} {% endfor %} {% endif %} @@ -420,13 +350,7 @@ backend {{ backend[1].get('name',backend[0]) }} stick-table {{ backend[1].sticktable }} {%- endif %} {%- if 'acls' in backend[1] %} - {%- if backend[1].acls is string %} - acl {{ backend[1].acls }} - {%- else %} - {%- for acl in backend[1].acls %} - acl {{ acl }} - {%- endfor %} - {%- endif %} + {{- render_list_of_dictionaries('acl', backend[1].acls) }} {%- endif %} {%- if 'tcprequests' in backend[1] %} {%- if backend[1].tcprequests is string %} @@ -492,6 +416,9 @@ backend {{ backend[1].get('name',backend[0]) }} appsession {%- for option in backend[1].appsession %} {{ option }} {%- endfor %} {%- endif %} {%- endif %} + {%- if 'reqreps' in backend[1] %} + {{- render_list_of_dictionaries('reqrep', backend[1].reqreps) }} + {%- endif %} {%- if 'defaultserver' in backend[1] %} default-server {%- for option, value in backend[1].defaultserver.iteritems() %} {{ ' '.join((option, value|string, '')) }} {%- endfor %} {%- endif %} diff --git a/pillar.example b/pillar.example index 44d0a50..56f222f 100644 --- a/pillar.example +++ b/pillar.example @@ -37,6 +37,11 @@ haproxy: - server 1m - http-keep-alive 10s - check 10s + stats: + - enable + - uri: '/admin?stats' + - realm: 'Haproxy\ Statistics' + - auth: 'admin1:AdMiN123' errorfiles: 400: /etc/haproxy/errors/400.http @@ -171,4 +176,6 @@ haproxy: - "content accept if serverhello" stickons: - "payload_lv(43,1) if clienthello" + reqrep: + - "^([^\ :]*)\ /static/(.*) \1\ \2" options: "ssl-hello-chk"