Add http and rsp options, include minor gremlim zapping

This commit is contained in:
John Keates 2015-08-30 03:48:12 +02:00
parent d0bed71f7f
commit 7def329f6d

View file

@ -5,10 +5,23 @@
# This file is managed by Salt. # This file is managed by Salt.
# Any changes will be overwritten. # Any changes will be overwritten.
{%- macro render_list_of_dictionaries(name, list, indent = ' ', infix = ' ', postfix = '\t') %}
{%- if list is not iterable or list is string %}
{{ indent ~ name ~ postfix ~ list }}
{%- else %}{% for item in list %}
{%- if item is not iterable or item is string %}
{{ indent ~ name ~ postfix ~ item }}
{%- else %}{% for key, value in item.items() %}
{{- render_list_of_dictionaries(indent ~ name ~ infix ~ key, value, '', infix, postfix) }}
{%- endfor %}
{%- endif %}
{%- endfor %}
{%- endif %}
{%- endmacro %}
#--------------------------------------------------------------------- #------------------
# Global settings # Global settings
#--------------------------------------------------------------------- #------------------
global global
log /dev/log local0 log /dev/log local0
log /dev/log local1 notice log /dev/log local1 notice
@ -16,21 +29,36 @@ global
group {{ salt['pillar.get']('haproxy:global:group', 'haproxy') }} group {{ salt['pillar.get']('haproxy:global:group', 'haproxy') }}
{%- if salt['pillar.get']('haproxy:global:chroot:enable', 'no') == True %} {%- if salt['pillar.get']('haproxy:global:chroot:enable', 'no') == True %}
chroot {{ salt['pillar.get']('haproxy:global:chroot:path', '/tmp') }} chroot {{ salt['pillar.get']('haproxy:global:chroot:path', '/tmp') }}
{%- endif -%} {%- endif %}
{% if salt['pillar.get']('haproxy:global:daemon', 'no') == True %} {%- if salt['pillar.get']('haproxy:global:daemon', 'no') == True %}
daemon daemon
{% endif %} {%- endif %}
{%- if salt['pillar.get']('haproxy:global:stats:enable', 'no') == True %} {%- if salt['pillar.get']('haproxy:global:stats:enable', 'no') == True %}
# Stats support is currently limited to socket mode
stats socket {{ salt['pillar.get']('haproxy:global:stats:socketpath', '/tmp/ha_stats.sock') }} stats socket {{ salt['pillar.get']('haproxy:global:stats:socketpath', '/tmp/ha_stats.sock') }}
{% endif %} {%- endif %}
{%- if 'maxconn' in salt['pillar.get']('haproxy:global', {}) %}
maxconn {{ salt['pillar.get']('haproxy:global:maxconn') }}
{%- endif %}
{%- if 'maxpipes' in salt['pillar.get']('haproxy:global', {}) %}
maxpipes {{ salt['pillar.get']('haproxy:global:maxpipes') }}
{%- endif %}
{%- if 'spreadchecks' in salt['pillar.get']('haproxy:global', {}) %}
spread-checks {{ salt['pillar.get']('haproxy:global:spreadchecks') }}
{%- endif %}
{%- if 'tune' in salt['pillar.get']('haproxy:global', {}) %}
{{- render_list_of_dictionaries('tune', salt['pillar.get']('haproxy:global:tune'), ' ','.') }}
{%- endif %}
{%- if 'ssl-default-bind-ciphers' in salt['pillar.get']('haproxy:global', {}) %}
{{- render_list_of_dictionaries('ssl-default-bind-ciphers', salt['pillar.get']('haproxy:global:ssl-default-bind-ciphers')) }}
{%- endif %}
{%- if 'ssl-default-bind-options' in salt['pillar.get']('haproxy:global', {}) %}
{{- render_list_of_dictionaries('ssl-default-bind-options', salt['pillar.get']('haproxy:global:ssl-default-bind-options')) }}
{%- endif %}
# TODO: Make the following configurable from pillar {%- for id, userlist in salt['pillar.get']('haproxy:userlists', {}).iteritems() %}
ssl-default-bind-options no-sslv3 no-tls-tickets force-tlsv12 #------------------
ssl-default-bind-ciphers AES128+EECDH:AES128+EDH # Global Userlists
tune.ssl.default-dh-param 2048 #------------------
{%- for id, userlist in salt['pillar.get']('haproxy:userlists', {}).iteritems() %}
userlist {{ id }} userlist {{ id }}
{%- for id, entry in userlist.iteritems() %} {%- for id, entry in userlist.iteritems() %}
{%- if id == "groups" %} {%- if id == "groups" %}
@ -44,150 +72,385 @@ userlist {{ id }}
{%- endfor %} {%- endfor %}
{% endif %} {% endif %}
{%- endfor %} {%- endfor %}
{% endfor %} {% endfor %}
#------------------
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will # common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block # use- if not designated in their block
#--------------------------------------------------------------------- #------------------
defaults defaults
log {{ salt['pillar.get']('haproxy:defaults:log') }} log {{ salt['pillar.get']('haproxy:defaults:log', 'global') }}
mode {{ salt['pillar.get']('haproxy:defaults:mode') }} mode {{ salt['pillar.get']('haproxy:defaults:mode', 'http') }}
retries {{ salt['pillar.get']('haproxy:defaults:retries') }} retries {{ salt['pillar.get']('haproxy:defaults:retries', '3') }}
balance {{ salt['pillar.get']('haproxy:defaults:balance', 'roundrobin') }}
# options {%- if 'options' in salt['pillar.get']('haproxy:defaults', {}) -%}
{%- if 'options' in salt['pillar.get']('haproxy:defaults', {}) %} {{- render_list_of_dictionaries('option', salt['pillar.get']('haproxy:defaults:options')) }}
{%- for option in salt['pillar.get']('haproxy:defaults:options') %} {%- endif %}
option {{ option }} {%- if 'maxconn' in salt['pillar.get']('haproxy:defaults', {}) %}
{%- endfor %} maxconn {{ salt['pillar.get']('haproxy:defaults:maxconn') }}
{% endif %} {%- endif %}
# timeouts
{%- if 'timeouts' in salt['pillar.get']('haproxy:defaults', {}) %} {%- if 'timeouts' in salt['pillar.get']('haproxy:defaults', {}) %}
{%- for timeout in salt['pillar.get']('haproxy:defaults:timeouts') %} {%- for timeout in salt['pillar.get']('haproxy:defaults:timeouts') %}
timeout {{ timeout }} timeout {{ timeout }}
{%- endfor %} {%- endfor %}
{% endif %} {%- else %}
# errorfiles timeout client 1m
timeout connect 10s
timeout server 1m
{%- endif %}
{%- if 'stats' in salt['pillar.get']('haproxy:defaults', {}) -%}
{{ render_list_of_dictionaries('stats', salt['pillar.get']('haproxy:defaults:stats')) }}
{%- endif %}
{%- if 'errorfiles' in salt['pillar.get']('haproxy:defaults', {}) %} {%- if 'errorfiles' in salt['pillar.get']('haproxy:defaults', {}) %}
{%- for errorfile in salt['pillar.get']('haproxy:defaults:errorfiles').iteritems() %} {%- for errorfile in salt['pillar.get']('haproxy:defaults:errorfiles').iteritems() %}
errorfile {{ errorfile[0] }} {{ errorfile[1] }} errorfile {{ errorfile[0] }} {{ errorfile[1] }}
{%- endfor %} {%- endfor %}
{% endif %} {% endif %}
{%- if salt['pillar.get']('haproxy:resolvers') %}
#------------------
# DNS resolvers
#--------------------------------------------------------------------- #------------------
# frontend instances {%- for resolver in salt['pillar.get']('haproxy:resolvers', {}).iteritems() %}
#--------------------------------------------------------------------- resolvers {{ resolver[0] }}
{%- if 'frontends' in salt['pillar.get']('haproxy', {}) %} {%- if 'options' in resolver[1] %}
{%- for frontend in salt['pillar.get']('haproxy:frontends', {}).iteritems() %} {%- for option in resolver[1].options %}
frontend {{ frontend[1].name }} {{ option }}
bind {{ frontend[1].bind }}
# frontend redirects
{%- if 'redirects' in frontend[1] %}
{%- for front_redirect in frontend[1].redirects %}
redirect {{ front_redirect }}
{% endfor %}
{%- endif %}
# frontend acls
{%- if 'acls' in frontend[1] %}
{%- for acl in frontend[1].acls %}
acl {{ acl }}
{%- endfor %} {%- endfor %}
{%- endif %} {%- endif %}
{%- endfor %}
{%- endif %}
{%- if 'listens' in salt['pillar.get']('haproxy', {}) %}
# frontend http-requests #------------------
{%- if 'http_requests' in frontend[1] %} # listen instances
{%- for http_request in frontend[1].http_requests %} #------------------
http-request {{ http_request }} {%- for listener in salt['pillar.get']('haproxy:listens', {}).iteritems() %}
{% endfor %} listen {{ listener[1].get('name', listener[0]) }}
{%- if 'bind' in listener[1] %}
{%- if listener[1].bind is string %}
bind {{ listener[1].bind }}
{%- else %}
{%- for socket in listener[1].bind %}
bind {{ socket }}
{%- endfor %}
{%- endif %}
{%- endif %} {%- endif %}
{%- if 'log' in listener[1] %}
# frontend reqadds log {{ listener[1].log }}
{%- if 'reqadd' in frontend[1] %}
{%- for reqadd in frontend[1].reqadd %}
reqadd {{ reqadd }}
{%- endfor %}
{%- endif %} {%- endif %}
{%- if 'mode' in listener[1] %}
# frontend http-responses mode {{ listener[1].mode }}
{%- if 'http_responses' in frontend[1] %}
{%- for http_response in frontend[1].http_responses %}
http-response {{ http_response }}
{% endfor %}
{%- endif %} {%- endif %}
{%- if 'uniqueidformat' in listener[1] %}
# frontend rspadds unique-id-format {{ listener[1].uniqueidformat }}
{%- if 'rspadd' in frontend[1] %}
{%- for rspadd in frontend[1].rspadd %}
rspadd {{ rspadd }}
{%- endfor %}
{%- endif %} {%- endif %}
{%- if 'uniqueidheader' in listener[1] %}
# frontend captures unique-id-header {{ listener[1].uniqueidheader }}
{%- if 'captures' in frontend[1] %} {%- endif %}
{%- for capture in frontend[1].captures %} {%- if 'sticktable' in listener[1] %}
stick-table {{ listener[1].sticktable }}
{%- endif %}
{%- if 'captures' in listener[1] %}
{%- if listener[1].captures is string %}
capture {{ listener[1].captures }}
{%- else %}
{%- for capture in listener[1].captures %}
capture {{ capture }} capture {{ capture }}
{%- endfor %}
{%- endif %}
{%- endif %}
{%- if 'acls' in listener[1] %}
{%- if listener[1].acls is string %}
acl {{ listener[1].acls }}
{%- else %}
{%- for acl in listener[1].acls %}
acl {{ acl }}
{%- endfor %}
{%- endif %}
{%- endif %}
{%- if 'tcprequests' in listener[1] %}
{%- if listener[1].tcprequests is string %}
tcp-request {{ listner[1].tcprequests }}
{%- else %}
{%- for tcprequest in listener[1].tcprequests %}
tcp-request {{ tcprequest }}
{%- endfor %}
{%- endif %}
{%- endif %}
{%- if 'tcpresponses' in listener[1] %}
{%- if listener[1].tcpresponses is string %}
tcp-response {{ listener[1].tcpresponses }}
{%- else %}
{%- for tcpresponse in listener[1].tcpresponses %}
tcp-response {{ tcpresponse }}
{%- endfor %}
{%- endif %}
{%- endif %}
{%- if 'httprequests' in listener[1] %}
{%- if listener[1].httprequests is string %}
http-request {{ listener[1].httprequests }}
{%- else %}
{%- for httprequest in listener[1].httprequests %}
http-request {{ httprequest }}
{%- endfor %}
{%- endif %}
{%- endif %}
{%- if 'reqadds' in listener[1] %}
{%- if listener[1].reqadds is string %}
reqadd {{ listener[1].reqadds }}
{%- else %}
{%- for reqadd in listener[1].reqadds %}
reqadd {{ reqadd }}
{%- endfor %}
{%- endif %}
{%- endif %}
{%- if 'redirects' in listener[1] %}
{%- if listener[1].redirects is string %}
redirect {{ listener[1].redirects }}
{%- else %}
{%- for redirect in listener[1].redirects %}
redirect {{ redirect }}
{%- endfor %}
{%- endif %}
{%- endif %}
{%- if 'stickons' in listener[1] %}
{%- if listener[1].stickons is string %}
stick on {{ listener[1].stickons }}
{%- else %}
{%- for stickon in listener[1].stickons %}
stick on {{ stickon }}
{%- endfor %}
{%- endif %}
{%- endif %}
{%- if 'default_backend' in listener[1] %}
default_backend {{ listener[1].default_backend }}
{%- endif %}
{%- if 'use_backends' in listener[1] %}
{%- if listener[1].use_backends is string %}
use_backend {{ listener[1].use_backends }}
{%- else %}
{%- for use_backend in listener[1].use_backends %}
use_backend {{ use_backend }}
{%- endfor %}
{%- endif %}
{%- endif %}
{%- if 'balance' in listener[1] %}
balance {{ listener[1].balance }}
{%- endif %}
{%- if 'maxconn' in listener[1] %}
maxconn {{ listener[1].maxconn }}
{%- endif %}
{%- if 'options' in listener[1] %}
{%- if listener[1].options is string %}
option {{ listener[1].options }}
{%- else %}
{%- for option in listener[1].options %}
option {{ option }}
{%- endfor %}
{%- endif %}
{%- endif %}
{%- if 'cookie' in listener[1] %}
cookie {{ listener[1].cookie }}
{%- endif %}
{%- if 'stats' in listener[1] %}
{%- for option, value in listener[1].stats.iteritems() %}
{%- if option == 'enable' and value %}
stats enable
{%- else %}
stats {{ option }} {{ value }}
{%- endif %}
{%- endfor %} {%- endfor %}
{%- endif %} {%- endif %}
{%- if 'appsession' in listener[1] %}
{%- if listener[1].appsession is string %}
appsession {{ listener[1].appsession }}
{%- else %}
appsession {%- for option in listener[1].appsession %} {{ option }} {%- endfor %}
{%- endif %}
{%- endif %}
{%- if 'defaultserver' in listener[1] %}
default-server {%- for option, value in listener[1].defaultserver.iteritems() %} {{ ' '.join((option, value|string, '')) }} {%- endfor %}
{%- endif %}
{%- if 'servers' in listener[1] %}
{%- for server in listener[1].servers.iteritems() %}
server {{ server[1].get('name',server[0]) }} {{ server[1].host }}:{{ server[1].port }} {{ server[1].check }} {{ server[1].get('extra', '') }}
{%- endfor %}
{%- endif %}
{% endfor %}
{% endif %}
{%- if 'frontends' in salt['pillar.get']('haproxy', {}) %}
# backend targets #------------------
# frontend instances
#------------------
{%- for frontend in salt['pillar.get']('haproxy:frontends', {}).iteritems() %}
frontend {{ frontend[1].get('name', frontend[0]) }}
{%- if 'bind' in frontend[1] %}
{{- render_list_of_dictionaries('bind', frontend[1].bind) }}
{%- endif %}
{%- if 'log' in frontend[1] %}
log {{ frontend[1].log }}
{%- endif %}
{%- if 'mode' in frontend[1] %}
mode {{ frontend[1].mode }}
{%- endif %}
{%- if 'maxconn' in frontend[1] %}
maxconn {{ frontend[1].maxconn }}
{%- endif %}
{%- if 'options' in frontend[1] %}
{{- render_list_of_dictionaries('options', frontend[1].options) }}
{%- endif %}
{%- if 'uniqueidformat' in frontend[1] %}
unique-id-format {{ frontend[1].uniqueidformat }}
{%- endif %}
{%- if 'uniqueidheader' in frontend[1] %}
unique-id-header {{ frontend[1].uniqueidheader }}
{%- endif %}
{%- if 'sticktable' in frontend[1] %}
stick-table {{ frontend[1].sticktable }}
{%- endif %}
{%- if 'captures' in frontend[1] %}
{{- render_list_of_dictionaries('capture', frontend[1].captures) }}
{%- endif %}
{%- if 'acls' in frontend[1] %}
{{- render_list_of_dictionaries('acl', frontend[1].acls) }}
{%- endif %}
{%- if 'tcprequests' in frontend[1] %}
{{- render_list_of_dictionaries('tcp-request', frontend[1].tcprequests) }}
{%- endif %}
{%- if 'tcpresponses' in frontend[1] %}
{{- render_list_of_dictionaries('tcp-response', frontend[1].tcpresponses) }}
{%- endif %}
{%- if 'httprequests' in frontend[1] %}
{{- render_list_of_dictionaries('http-request', frontend[1].httprequests) }}
{%- endif %}
{%- if 'httpresponses' in frontend[1] %}
{{- render_list_of_dictionaries('http-response', frontend[1].httpresponses) }}
{%- endif %}
{%- if 'rspadds' in frontend[1] %}
{{- render_list_of_dictionaries('rspadd', frontend[1].rspadds) }}
{%- endif %}
{%- if 'reqadds' in frontend[1] %}
{{- render_list_of_dictionaries('reqadd', frontend[1].reqadds) }}
{%- endif %}
{%- if 'redirects' in frontend[1] %}
{{- render_list_of_dictionaries('redirect', frontend[1].redirects) }}
{%- endif %}
{%- if 'stickons' in frontend[1] %}
{{- render_list_of_dictionaries('stickon', frontend[1].stickons) }}
{%- endif %}
{%- if 'default_backend' in frontend[1] %}
default_backend {{ frontend[1].default_backend }} default_backend {{ frontend[1].default_backend }}
{%-if 'use_backends' in frontend[1] -%} {%- endif %}
{%- for use_backend in frontend[1].use_backends %} {%- if 'use_backends' in frontend[1] %}
use_backend {{ use_backend }} {{- render_list_of_dictionaries('use_backend', frontend[1].use_backends) }}
{% endfor %} {%- endif %}
{% endfor %}
{% endif %}
{%- if 'backends' in salt['pillar.get']('haproxy', {}) %}
#------------------
# backend instances
#------------------
{%- for backend in salt['pillar.get']('haproxy:backends', {}).iteritems() %}
backend {{ backend[1].get('name',backend[0]) }}
{%- if 'mode' in backend[1] %}
mode {{ backend[1].mode }}
{%- endif %}
{%- if 'balance' in backend[1] %}
balance {{ backend[1].balance }}
{%- endif %}
{%- if 'options' in backend[1] %}
{%- if backend[1].options is string %}
option {{ backend[1].options }}
{%- else %}
{%- for option in backend[1].options %}
option {{ option }}
{%- endfor %}
{%- endif %}
{%- endif %}
{%- if 'sticktable' in backend[1] %}
stick-table {{ backend[1].sticktable }}
{%- endif %}
{%- if 'acls' in backend[1] %}
{{- render_list_of_dictionaries('acl', backend[1].acls) }}
{%- endif %}
{%- if 'tcprequests' in backend[1] %}
{%- if backend[1].tcprequests is string %}
tcp-request {{ backend[1].tcprequests }}
{%- else %}
{%- for tcprequest in backend[1].tcprequests %}
tcp-request {{ tcprequest }}
{%- endfor %}
{%- endif %}
{%- endif %}
{%- if 'tcpresponses' in backend[1] %}
{%- if backend[1].tcpresponses is string %}
tcp-response {{ backend[1].tcpresponses }}
{%- else %}
{%- for tcpresponse in backend[1].tcpresponses %}
tcp-response {{ tcpresponse }}
{%- endfor %}
{%- endif %}
{%- endif %}
{%- if 'httprequests' in backend[1] %}
{%- if backend[1].httprequests is string %}
http-request {{ backend[1].httprequests }}
{%- else %}
{%- for httprequest in backend[1].httprequests %}
http-request {{ httprequest }}
{%- endfor %}
{%- endif %}
{%- endif %}
{%- if 'redirects' in backend[1] %}
{%- if backend[1].redirects is string %}
redirect {{ backend[1].redirects }}
{%- else %}
{%- for redirect in backend[1].redirects %}
redirect {{ redirect }}
{%- endfor %}
{%- endif %}
{%- endif %}
{%- if 'stickons' in backend[1] %}
{%- if backend[1].stickons is string %}
stick on {{ backend[1].stickons }}
{%- else %}
{%- for stickon in backend[1].stickons %}
stick on {{ stickon }}
{%- endfor %}
{%- endif %}
{%- endif %}
{%- if 'cookie' in backend[1] %}
cookie {{ backend[1].cookie }}
{%- endif %}
{%- if 'stats' in backend[1] %}
{%- for option, value in backend[1].stats.iteritems() %}
{%- if option == 'enable' and value %}
stats enable
{%- else %}
stats {{ option }} {{ value }}
{%- endif %}
{%- endfor %}
{%- endif %}
{%- if 'appsession' in backend[1] %}
{%- if backend[1].appsession is string %}
appsession {{ backend[1].appsession }}
{%- else %}
appsession {%- for option in backend[1].appsession %} {{ option }} {%- endfor %}
{%- endif %}
{%- endif %}
{%- if 'reqreps' in backend[1] %}
{{- render_list_of_dictionaries('reqrep', backend[1].reqreps) }}
{%- endif %}
{%- if 'defaultserver' in backend[1] %}
default-server {%- for option, value in backend[1].defaultserver.iteritems() %} {{ ' '.join((option, value|string, '')) }} {%- endfor %}
{%- endif %}
{%- if 'servers' in backend[1] %}
{%- for server in backend[1].servers.iteritems() %}
server {{ server[1].get('name',server[0]) }} {{ server[1].host }}:{{ server[1].port }} {{ server[1].check }} {{ server[1].get('extra', '') }}
{%- endfor %}
{%- endif %} {%- endif %}
{% endfor %} {% endfor %}
{%- endif %} {%- endif %}
#---------------------------------------------------------------------
# backend instances
#---------------------------------------------------------------------
{%- if 'backends' in salt['pillar.get']('haproxy', {}) %}
{%- for backend in salt['pillar.get']('haproxy:backends', {}).iteritems() %} # Backend loop start
backend {{ backend[1].name }}
{%- if 'redirects' in backend[1] %}
{%- for redirect in backend[1].redirects %} # Redirect loop start
redirect {{ redirect }}{% endfor %}
{%- endif %}
{%- if 'http_requests' in backend[1] %}
{%- for http_request in backend[1].http_requests %}
http-request {{ http_request }}
{% endfor %}
{%- endif %}
{%- if 'acls' in backend[1] %}
{%- for acl in backend[1].acls %}
acl {{ acl }}
{%- endfor %}
{%- endif %}
balance {{ backend[1].balance }}
{%- if 'options' in backend[1] %}
{%- for option in backend[1].options %}
option {{ option }}
{%- endfor %}
{%- endif %}
{%- if 'cookie' in backend[1] %}
cookie {{ backend[1].cookie }}
{%- endif %}
{%- if 'stats' in backend[1] %}
{%- for option, value in backend[1].stats.iteritems() %}
{%- if option == 'enable' and value %}
stats enable
{%- else %}
stats {{ option }} {{ value }}
{%- endif %}
{%- endfor %}
{%- endif %}
{%- if 'servers' in backend[1] %}
{%- for server in backend[1].servers.iteritems() %}
server {{ server[1].name }} {{ server[1].host }}:{{ server[1].port }} {{ server[1].check }}{% endfor %}
{% endif %}
{% endfor %} # Backend loop end
{% endif %}