Linux-Help
/
formula-haproxy
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Added jinja templated configuration support, a bit of documentation and a rough set of examples

This commit is contained in:
John Keates 2015-02-24 22:19:02 +01:00
parent d8cc3f5908
commit 3bc15512ae
10 changed files with 296 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
README.rst
View File

@ -4,4 +4,54 @@ haproxy
haproxy
-------
Install and run haproxy
Install, configure and run haproxy based on:
haproxy.install
haproxy.config
haproxy.service
Use the supplied haproxy.cfg for a flat file approach,
or the jinja template and the pillar for a salt approach.
haproxy.config
--------------
Currently, only a handful of options can be set using the pillar:
- Global
- stats: enable stats, curently only via a unix socket which can be set to a path
- user: sets the user haproxy shall run as
- group: sets the group haproxy shall run as
- chroot: allows you to turn on chroot and set a directory
- daemon: allows you to turn daemon mode on and off
- Default
- log: set the default log
- mode: sets the mode (i.e. http)
- retries: sets the number of retries
- options: an array of options that is simply looped with no special treatment
- timeouts: an array of timeouts that is simply looped with no special treatment
- errorfiles: an array of k:v errorfiles to point to the correct file matching an HTTP error code
- Frontend
Frontend(s) is a list of the frontends you desire to have in your haproxy setup
Per frontend you can set:
- name: the name haproxy will use for the frontend
- bind: the bind string: this allows you to set the IP, Port and other paramters for the bind
- reqadd: an array of reqadd statements. Looped over and put in the configuration, no parsing
- default_backend: sets the default backend
- acls: a list of acls, not parsed, simply looped and put in to the configuration
- use_backends: a list of use_backend statements, looped over, not parsed
- Backend
Backend(s) is a list of the backends you desire to have in your haproxy setup
Per backend you can set:
- name: set the backend name, used in the frontend references by haproxy
- balance: set the balance type, string
- redirect: if set, can be used to redirect; simply a string, not parsed
- servers: a list of servers this backend will contact, is looped over
- per server you can set:
- name: name of the server for haproxy
- host: the host to be contacted
- port: the port to contact the server on
- check: set to check to enable checking

8
haproxy/config.sls Normal file
View File

@ -0,0 +1,8 @@
haproxy.config:
file.managed:
- name: /etc/haproxy/haproxy.cfg
- source: salt://haproxy/templates/haproxy.jinja
- template: jinja
- user: root
- group: root
- mode: 644

23
haproxy/files/haproxy-debian-package-default.cfg Normal file
View File

@ -0,0 +1,23 @@
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
defaults
log global
mode http
option httplog
option dontlognull
contimeout 5000
clitimeout 50000
srvtimeout 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http

6
haproxy/files/haproxy-init-disable Normal file
View File

@ -0,0 +1,6 @@
# **** DO NOT EDIT THIS FILE ****
#
# This file is managed by Salt.
# Any changes will be overwritten.
ENABLED=0

6
haproxy/files/haproxy-init-enable Normal file
View File

@ -0,0 +1,6 @@
# **** DO NOT EDIT THIS FILE ****
#
# This file is managed by Salt.
# Any changes will be overwritten.
ENABLED=1

23
haproxy/init.sls
View File

@ -1,15 +1,8 @@
haproxy:
pkg.installed: []
file.managed:
- name: /etc/haproxy/haproxy.cfg
- source: salt://haproxy/files/haproxy.cfg
- user: root
- group: root
- mode: 644
- template: jinja
service.running:
- enable: True
- require:
- pkg: haproxy
- watch:
- file: haproxy
# haproxy
#
# Meta-state to fully setup haproxy on debian. (or any other distro that has haproxy in their repo)
include:
- haproxy.install
- haproxy.service
- haproxy.config

3
haproxy/install.sls Normal file
View File

@ -0,0 +1,3 @@
haproxy.install:
pkg.installed:
- name: haproxy

16
haproxy/service.sls Normal file
View File

@ -0,0 +1,16 @@
haproxy.service:
service.running:
- name: haproxy
- enable: True
- require:
- pkg: haproxy
- watch:
- file: haproxy.config
file.managed:
- name: /etc/default/haproxy
#TODO: Add switch to turn the service on and off based on pillar configuration.
- source: salt://haproxy/files/haproxy-init-enable
- create: True
- user: "root"
- group: "root"
- mode: "0644"

90
haproxy/templates/haproxy.jinja Normal file
View File

@ -0,0 +1,90 @@
# HAProxy configuration
#
# **** DO NOT EDIT THIS FILE ****
#
# This file is managed by Salt.
# Any changes will be overwritten.
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
log /dev/log local0
log /dev/log local1 notice
user {{ salt['pillar.get']('haproxy:global:user', 'haproxy') }}
group {{ salt['pillar.get']('haproxy:global:group', 'haproxy') }}
{%- if salt['pillar.get']('haproxy:global:chroot:enable', 'no') == True %}
chroot {{ salt['pillar.get']('haproxy:global:chroot:path', '/tmp') }}
{%- endif -%}
{% if salt['pillar.get']('haproxy:global:daemon', 'no') == True %}
daemon
{% endif %}
{%- if salt['pillar.get']('haproxy:global:stats:enable', 'no') == True %}
#Stats support is currently limited to socket mode
stats socket {{ salt['pillar.get']('haproxy:global:stats:socketpath', '/tmp/ha_stats.sock') }}
{% endif %}
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
log {{ salt['pillar.get']('haproxy:defaults:log') }}
mode {{ salt['pillar.get']('haproxy:defaults:mode') }}
retries {{ salt['pillar.get']('haproxy:defaults:retries') }}
{%- if 'options' in salt['pillar.get']('haproxy:defaults', {}) %}
{%- for option in salt['pillar.get']('haproxy:defaults:options') %}
option {{ option }}{% endfor %}
{% endif %}
{%- if 'timeouts' in salt['pillar.get']('haproxy:defaults', {}) %}
{%- for timeout in salt['pillar.get']('haproxy:defaults:timeouts') %}
timeout {{ timeout }}{% endfor %}
{% endif %}
{%- if 'errorfiles' in salt['pillar.get']('haproxy:defaults', {}) %}
{%- for errorfile in salt['pillar.get']('haproxy:defaults:errorfiles').iteritems() %}
errorfile {{ errorfile[0] }} {{ errorfile[1] }}{% endfor %}
{% endif %}
#---------------------------------------------------------------------
# frontend instances
#---------------------------------------------------------------------
{%- if 'frontends' in salt['pillar.get']('haproxy', {}) %}
{%- for frontend in salt['pillar.get']('haproxy:frontends', {}).iteritems() %}
frontend {{ frontend[1].name }} {{ frontend[1].bind }}
{%- if 'acls' in frontend[1] %}
{%- for acl in frontend[1].acls %}
acl {{ acl }}
{%- endfor %}
{%- endif %}
{%- if 'reqadd' in frontend[1] %}
{%- for reqadd in frontend[1].reqadd %}
reqadd {{ reqadd }}
{%- endfor %}
{%- endif %}
default_backend {{ frontend[1].default_backend }}
{%-if 'use_backends' in frontend[1] -%}
{%- for use_backend in frontend[1].use_backends %}
use_backend {{ use_backend }}
{% endfor %}
{%- endif %}
{% endfor %}
{%- endif %}
#---------------------------------------------------------------------
# backend instances
#---------------------------------------------------------------------
{%- if 'backends' in salt['pillar.get']('haproxy', {}) %}
{%- for backend in salt['pillar.get']('haproxy:backends', {}).iteritems() %}
backend {{ backend[1].name }}
balance {{ backend[1].balance }}
{%- if 'servers' in backend[1] %}
{%- for server in backend[1].servers.iteritems() %}
server {{ server[1].name }} {{ server[1].host }}:{{ server[1].port }} {{ server[1].check }}{% endfor %}
{% endif %}
{% endfor %}
{% endif %}

85
pillar.example
View File

@ -0,0 +1,85 @@
#
# Example pillar configuration
#
haproxy:
global:
stats:
enable: True
socketpath: /var/lib/haproxy/stats
user: haproxy
group: haproxy
chroot:
enable: True
path: /var/lib/haproxy
daemon: True
defaults:
log: global
mode: http
retries: 3
options:
- httplog
- dontlognull
- forwardfor
- http-server-close
timeouts:
- http-request 10s
- queue 1m
- connect 10s
- client 1m
- server 1m
- http-keep-alive 10s
- check 10s
errorfiles:
400: /etc/haproxy/errors/400.http
403: /etc/haproxy/errors/403.http
408: /etc/haproxy/errors/408.http
500: /etc/haproxy/errors/500.http
502: /etc/haproxy/errors/502.http
503: /etc/haproxy/errors/503.http
504: /etc/haproxy/errors/504.http
frontends:
frontend1:
name: www-http
bind: "*:80"
reqadd:
- "X-Forwarded-Proto:\\ http"
default_backend: www-backend
frontend2:
name: www-https
bind: "*:443 ssl crt /etc/ssl/private/certificate-chain-and-key-combined.pem"
reqadd:
- "X-Forwarded-Proto:\\ https"
default_backend: www-backend
acls:
- url_static path_beg -i /static /images /javascript /stylesheets
- url_static path_end -i .jpg .gif .png .css .js
use_backends:
- static if url_static
backends:
backend1:
name: www-backend
balance: roundrobin
redirect: scheme https if !{ ssl_fc }
servers:
server1:
name: server1-its-name
host: 192.168.1.213
check: check
backend2:
name: static
balance: roundrobin
redirect: scheme https if !{ ssl_fc }
servers:
server1:
name: some-server
host: 123.156.189.111
port: 8080
check: check