Merge with upstream

This commit is contained in:
John Keates 2015-08-30 03:50:10 +02:00
commit 29c60df042
4 changed files with 117 additions and 15 deletions

View file

@ -3,6 +3,11 @@
# Meta-state to fully setup haproxy on debian. (or any other distro that has haproxy in their repo) # Meta-state to fully setup haproxy on debian. (or any other distro that has haproxy in their repo)
include: include:
{% if salt['pillar.get']('haproxy:include') %}
{% for item in salt['pillar.get']('haproxy:include') %}
- {{ item }}
{% endfor %}
{% endif %}
- haproxy.install - haproxy.install
- haproxy.service - haproxy.service
- haproxy.config - haproxy.config

View file

@ -12,3 +12,9 @@ haproxy_ppa_repo:
haproxy.install: haproxy.install:
pkg.installed: pkg.installed:
- name: haproxy - name: haproxy
{% if salt['pillar.get']('haproxy:require') %}
- require:
{% for item in salt['pillar.get']('haproxy:require') %}
- {{ item }}
{% endfor %}
{% endif %}

View file

@ -1,17 +1,26 @@
haproxy.service: haproxy.service:
{% if salt['pillar.get']('haproxy:enable', True) %}
service.running: service.running:
- name: haproxy - name: haproxy
- enable: True - enable: True
- reload: True - reload: True
- require: - require:
- pkg: haproxy - pkg: haproxy
file: haproxy.service
- watch: - watch:
- file: haproxy.config - file: haproxy.config
file.managed: {% else %}
service.dead:
- name: haproxy
- enable: False
{% endif %}
file.replace:
- name: /etc/default/haproxy - name: /etc/default/haproxy
#TODO: Add switch to turn the service on and off based on pillar configuration. {% if salt['pillar.get']('haproxy:enabled', True) %}
- source: salt://haproxy/files/haproxy-init-enable - pattern: ENABLED=0$
- create: True - repl: ENABLED=1
- user: "root" {% else %}
- group: "root" - pattern: ENABLED=1$
- mode: "0644" - repl: ENABLED=0
{% endif %}
- show_changes: True

View file

@ -3,11 +3,14 @@
# #
haproxy: haproxy:
enabled: True
config_file_path: /etc/haproxy/haproxy.cfg config_file_path: /etc/haproxy/haproxy.cfg
global: global:
stats: stats:
enable: True enable: True
socketpath: /var/lib/haproxy/stats socketpath: /var/lib/haproxy/stats
ssl-default-bind-ciphers: "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384"
ssl-default-bind-options: "no-sslv3 no-tlsv10 no-tlsv11"
user: haproxy user: haproxy
group: haproxy group: haproxy
@ -34,6 +37,11 @@ haproxy:
- server 1m - server 1m
- http-keep-alive 10s - http-keep-alive 10s
- check 10s - check 10s
stats:
- enable
- uri: '/admin?stats'
- realm: 'Haproxy\ Statistics'
- auth: 'admin1:AdMiN123'
errorfiles: errorfiles:
400: /etc/haproxy/errors/400.http 400: /etc/haproxy/errors/400.http
@ -44,6 +52,46 @@ haproxy:
503: /etc/haproxy/errors/503.http 503: /etc/haproxy/errors/503.http
504: /etc/haproxy/errors/504.http 504: /etc/haproxy/errors/504.http
{# Suported by HAProxy 1.6 #}
resolvers:
local_dns:
options:
- nameserver resolvconf 127.0.0.1:53
- resolve_retries 3
- timeout retry 1s
- hold valid 10s
listens:
stats:
bind:
- "0.0.0.0:8998"
mode: http
stats:
enable: True
uri: "/admin?stats"
refresh: "20s"
myservice:
bind:
- "*:8888"
options:
- forwardfor
- http-server-close
defaultserver:
slowstart: 60s
maxconn: 256
maxqueue: 128
weight: 100
servers:
web1:
host: web1.example.com
port: 80
check: check
web2:
host: web2.example.com
port: 18888
check: check
frontends: frontends:
frontend1: frontend1:
name: www-http name: www-http
@ -53,8 +101,7 @@ haproxy:
- "X-Forwarded-Proto:\\ http" - "X-Forwarded-Proto:\\ http"
default_backend: www-backend default_backend: www-backend
frontend2: www-https:
name: www-https
bind: "*:443 ssl crt /etc/ssl/private/certificate-chain-and-key-combined.pem" bind: "*:443 ssl crt /etc/ssl/private/certificate-chain-and-key-combined.pem"
reqadd: reqadd:
- "X-Forwarded-Proto:\\ https" - "X-Forwarded-Proto:\\ https"
@ -63,7 +110,12 @@ haproxy:
- url_static path_beg -i /static /images /javascript /stylesheets - url_static path_beg -i /static /images /javascript /stylesheets
- url_static path_end -i .jpg .gif .png .css .js - url_static path_end -i .jpg .gif .png .css .js
use_backends: use_backends:
- static if url_static - static-backend if url_static
some-services:
bind:
- "*:8080"
- "*:8088"
default_backend: api-backend
backends: backends:
backend1: backend1:
@ -76,8 +128,7 @@ haproxy:
host: 192.168.1.213 host: 192.168.1.213
port: 80 port: 80
check: check check: check
backend2: static-backend:
name: static
balance: roundrobin balance: roundrobin
redirect: scheme https if !{ ssl_fc } redirect: scheme https if !{ ssl_fc }
options: options:
@ -92,8 +143,39 @@ haproxy:
realm: LoadBalancer realm: LoadBalancer
auth: "user:password" auth: "user:password"
servers: servers:
server1: some-server:
name: some-server
host: 123.156.189.111 host: 123.156.189.111
port: 8080 port: 8080
check: check check: check
api-backend:
options:
- http-server-close
- forwardfor
servers:
apiserver1:
host: apiserver1.example.com
port: 80
check: check
server2:
name: apiserver2
host: apiserver2.example.com
port: 80
check: check
extra: resolvers local_dns resolve-prefer ipv4
another_www:
mode: tcp
balance: source
sticktable: "type binary len 32 size 30k expire 30m"
acls:
- clienthello req_ssl_hello_type 1
- serverhello rep_ssl_hello_type 2
tcprequests:
- "inspect-delay 5s"
- "content accept if clienthello"
tcpresponses:
- "content accept if serverhello"
stickons:
- "payload_lv(43,1) if clienthello"
reqrep:
- "^([^\ :]*)\ /static/(.*) \1\ \2"
options: "ssl-hello-chk"