Compare commits

..

1 commit

Author SHA1 Message Date
Forrest
2a6d65e8d5 Revert "Feature/more modular template" 2016-04-07 17:43:00 -07:00
8 changed files with 21 additions and 133 deletions

View file

@ -35,7 +35,7 @@ Currently, only a handful of options can be set using the pillar:
- Global
+ stats: enable stats, curently only via a unix socket which can be set to a path with custom permissions
+ stats: enable stats, curently only via a unix socket which can be set to a path
+ user: sets the user haproxy shall run as
+ group: sets the group haproxy shall run as
+ chroot: allows you to turn on chroot and set a directory
@ -74,7 +74,6 @@ Currently, only a handful of options can be set using the pillar:
+ port: the port to contact the server on
+ check: set to check to enable checking
- For global, default, frontend, listener, backend and server it is possible to use the "extra" option for more rare settings not mentioned above.
``haproxy.service``
-------------------

View file

@ -1,19 +1,12 @@
{% from "haproxy/map.jinja" import haproxy with context %}
{% set config_file = salt['pillar.get']('haproxy:config_file_path', haproxy.config_file) %}
haproxy.config:
file.managed:
- name: {{ config_file }}
- source: {{ haproxy.config_file_source }}
- name: {{ salt['pillar.get']('haproxy:config_file_path', '/etc/haproxy/haproxy.cfg') }}
- source: salt://haproxy/templates/haproxy.jinja
- template: jinja
- user: {{ haproxy.user }}
- group: {{ haproxy.group }}
- user: root
- group: root
- mode: 644
- require_in:
- service: haproxy.service
- watch_in:
- service: haproxy.service
{% if salt['pillar.get']('haproxy:overwrite', default=True) == False %}
- unless:
- test -e {{ config_file }}
{% endif %}
- service: haproxy.service

View file

@ -3,10 +3,11 @@
# Meta-state to fully setup haproxy on debian. (or any other distro that has haproxy in their repo)
include:
{%- set haproxy_items = salt['pillar.get']('haproxy:include', []) %}
{%- for item in haproxy_items %}
{% if salt['pillar.get']('haproxy:include') %}
{% for item in salt['pillar.get']('haproxy:include') %}
- {{ item }}
{%- endfor %}
{% endfor %}
{% endif %}
- haproxy.install
- haproxy.service
- haproxy.config

View file

@ -1,8 +1,6 @@
{% from "haproxy/map.jinja" import haproxy with context %}
haproxy.install:
pkg.installed:
- name: {{ haproxy.package }}
- name: haproxy
{% if salt['pillar.get']('haproxy:require') %}
- require:
{% for item in salt['pillar.get']('haproxy:require') %}

View file

@ -1,14 +0,0 @@
{% set haproxy = salt['grains.filter_by']({
'default': {
'package': 'haproxy',
'config_file': '/etc/haproxy/haproxy.cfg',
'config_file_source': 'salt://haproxy/templates/haproxy.jinja',
'user': 'root',
'group': 'root',
'service': 'haproxy',
},
'FreeBSD': {
'group': 'wheel',
},
}, merge=salt['pillar.get']('haproxy:lookup'), base='default') %}

View file

@ -1,19 +1,17 @@
{% from "haproxy/map.jinja" import haproxy with context %}
haproxy.service:
{% if salt['pillar.get']('haproxy:enable', True) %}
service.running:
- name: {{ haproxy.service }}
- name: haproxy
- enable: True
- reload: True
- require:
- pkg: haproxy.install
- pkg: haproxy
{% if salt['grains.get']('os_family') == 'Debian' %}
- file: haproxy.service
{% endif %}
{% else %}
service.dead:
- name: {{ haproxy.service }}
- name: haproxy
- enable: False
{% endif %}
{% if salt['grains.get']('os_family') == 'Debian' %}

View file

@ -23,14 +23,8 @@
# Global settings
#------------------
global
{%- if salt['pillar.get']('haproxy:global:log', []) != [] %}
{%- for log in salt['pillar.get']('haproxy:global:log') %}
log {{log}}
{%- endfor %}
{%- else %}
log /dev/log local0
log /dev/log local1 notice
{%- endif %}
user {{ salt['pillar.get']('haproxy:global:user', 'haproxy') }}
group {{ salt['pillar.get']('haproxy:global:group', 'haproxy') }}
{%- if salt['pillar.get']('haproxy:global:chroot:enable', 'no') == True %}
@ -40,7 +34,7 @@ global
daemon
{%- endif %}
{%- if salt['pillar.get']('haproxy:global:stats:enable', 'no') == True %}
stats socket {{ salt['pillar.get']('haproxy:global:stats:socketpath', '/tmp/ha_stats.sock') }} mode {{ salt['pillar.get']('haproxy:global:stats:mode', '660') }} level {{ salt['pillar.get']('haproxy:global:stats:level', 'operator') }}
stats socket {{ salt['pillar.get']('haproxy:global:stats:socketpath', '/tmp/ha_stats.sock') }} level {{ salt['pillar.get']('haproxy:global:stats:level', 'operator') }}
{%- endif %}
{%- if 'maxconn' in salt['pillar.get']('haproxy:global', {}) %}
maxconn {{ salt['pillar.get']('haproxy:global:maxconn') }}
@ -69,15 +63,6 @@ global
{%- if 'ssl-default-bind-options' in salt['pillar.get']('haproxy:global', {}) %}
{{- render_list_of_dictionaries('ssl-default-bind-options', salt['pillar.get']('haproxy:global:ssl-default-bind-options')) }}
{%- endif %}
{%- if 'extra' in salt['pillar.get']('haproxy:global', {}) %}
{%- if salt['pillar.get']('haproxy:global:extra', {}) is string %}
{{ salt['pillar.get']('haproxy:global:extra') }}
{%- else %}
{%- for line in salt['pillar.get']('haproxy:global:extra') %}
{{ line }}
{%- endfor %}
{%- endif %}
{%- endif %}
{%- for id, userlist in salt['pillar.get']('haproxy:userlists', {})|dictsort %}
#------------------
@ -104,21 +89,13 @@ userlist {{ id }}
#------------------
defaults
log {{ salt['pillar.get']('haproxy:defaults:log', 'global') }}
{%- if 'mode' in salt['pillar.get']('haproxy:defaults', {}) %}
mode {{ salt['pillar.get']('haproxy:defaults:mode', 'http') }}
{%- endif %}
{%- if 'retries' in salt['pillar.get']('haproxy:defaults', {}) %}
retries {{ salt['pillar.get']('haproxy:defaults:retries', '3') }}
{%- endif %}
{%- if 'balance' in salt['pillar.get']('haproxy:defaults', {}) %}
balance {{ salt['pillar.get']('haproxy:defaults:balance', 'roundrobin') }}
{%- endif %}
{%- if 'monitoruri' in salt['pillar.get']('haproxy:defaults', {}) %}
{%- if 'monitoruri' in salt['pillar.get']('haproxy:defaults', {}) -%}
monitor-uri {{ salt['pillar.get']('haproxy:defaults:monitoruri') }}
{%- endif %}
{%- if 'hashtype' in salt['pillar.get']('haproxy:defaults', {}) %}
hash-type {{ salt['pillar.get']('haproxy:defaults:hashtype', 'map-based') }}
{%- endif %}
{%- if 'options' in salt['pillar.get']('haproxy:defaults', {}) -%}
{{- render_list_of_dictionaries('option', salt['pillar.get']('haproxy:defaults:options')) }}
{%- endif %}
@ -140,15 +117,6 @@ defaults
{%- if 'stats' in salt['pillar.get']('haproxy:defaults', {}) -%}
{{ render_list_of_dictionaries('stats', salt['pillar.get']('haproxy:defaults:stats')) }}
{%- endif %}
{%- if 'extra' in salt['pillar.get']('haproxy:defaults', {}) %}
{%- if salt['pillar.get']('haproxy:defaults:extra', {}) is string %}
{{ salt['pillar.get']('haproxy:defaults:extra') }}
{%- else %}
{%- for line in salt['pillar.get']('haproxy:defaults:extra') %}
{{ line }}
{%- endfor %}
{%- endif %}
{%- endif %}
{%- if 'errorfiles' in salt['pillar.get']('haproxy:defaults', {}) %}
{%- for errorfile_name, errorfile in salt['pillar.get']('haproxy:defaults:errorfiles')|dictsort %}
errorfile {{ errorfile_name }} {{ errorfile }}
@ -232,7 +200,7 @@ listen {{ listener.get('name', listener_name) }}
{%- endif %}
{%- if 'tcprequests' in listener %}
{%- if listener.tcprequests is string %}
tcp-request {{ listener.tcprequests }}
tcp-request {{ listner.tcprequests }}
{%- else %}
{%- for tcprequest in listener.tcprequests %}
tcp-request {{ tcprequest }}
@ -307,11 +275,6 @@ listen {{ listener.get('name', listener_name) }}
{%- if 'maxconn' in listener %}
maxconn {{ listener.maxconn }}
{%- endif %}
{%- if 'timeouts' in listener %}
{%- for timeout in listener.timeouts %}
timeout {{ timeout }}
{%- endfor %}
{%- endif %}
{%- if 'options' in listener %}
{%- if listener.options is string %}
option {{ listener.options }}
@ -340,20 +303,12 @@ listen {{ listener.get('name', listener_name) }}
appsession {%- for option in listener.appsession %} {{ option }} {%- endfor %}
{%- endif %}
{%- endif %}
{%- if 'extra' in listener %}
{%- if listener.extra is string %}
{{ listener.extra }}
{%- else %}
{%- for line in listener.extra %}
{{ line }} {%- endfor %}
{%- endif %}
{%- endif %}
{%- if 'defaultserver' in listener %}
default-server {%- for option, value in listener.defaultserver|dictsort %} {{ ' '.join((option, value|string, '')) }} {%- endfor %}
{%- endif %}
{%- if 'servers' in listener %}
{%- for server_name, server in listener.servers|dictsort %}
server {{ server.get('name', server_name) }} {{ server.host }}{% if 'port' in server %}:{{ server.port }}{% endif %} {% if 'maxconn' in server %} maxconn {{ server.maxconn }}{% endif %} {{ server.get('check', '') }} {{ server.get('extra', '') }}
server {{ server.get('name', server_name) }} {{ server.host }}{% if 'port' in server %}:{{ server.port }}{% endif %} {{ server.get('check', '') }} {{ server.get('extra', '') }}
{%- endfor %}
{%- endif %}
{% endfor %}
@ -380,11 +335,6 @@ frontend {{ frontend.get('name', frontend_name) }}
{%- if 'maxconn' in frontend %}
maxconn {{ frontend.maxconn }}
{%- endif %}
{%- if 'timeouts' in frontend %}
{%- for timeout in frontend.timeouts %}
timeout {{ timeout }}
{%- endfor %}
{%- endif %}
{%- if 'options' in frontend %}
{{- render_list_of_dictionaries('option', frontend.options) }}
{%- endif %}
@ -439,15 +389,6 @@ frontend {{ frontend.get('name', frontend_name) }}
{%- if 'stickons' in frontend %}
{{- render_list_of_dictionaries('stickon', frontend.stickons) }}
{%- endif %}
{%- if 'extra' in frontend %}
{%- if frontend.extra is string %}
{{ frontend.extra }}
{%- else %}
{%- for line in frontend.extra %}
{{ line }}
{%- endfor %}
{%- endif %}
{%- endif %}
{%- if 'default_backend' in frontend %}
default_backend {{ frontend.default_backend }}
{%- endif %}
@ -472,11 +413,6 @@ backend {{ backend.get('name', backend_name) }}
{%- if 'balance' in backend %}
balance {{ backend.balance }}
{%- endif %}
{%- if 'timeouts' in backend %}
{%- for timeout in backend.timeouts %}
timeout {{ timeout }}
{%- endfor %}
{%- endif %}
{%- if 'options' in backend %}
{%- if backend.options is string %}
option {{ backend.options }}
@ -564,15 +500,6 @@ backend {{ backend.get('name', backend_name) }}
{%- if 'reqreps' in backend %}
{{- render_list_of_dictionaries('reqrep', backend.reqreps) }}
{%- endif %}
{%- if 'extra' in backend %}
{%- if backend.extra is string %}
{{ backend.extra }}
{%- else %}
{%- for line in backend.extra %}
{{ line }}
{%- endfor %}
{%- endif %}
{%- endif %}
{%- if 'defaultserver' in backend %}
default-server {%- for option, value in backend.defaultserver|dictsort %} {{ ' '.join((option, value|string, '')) }} {%- endfor %}
{%- endif %}

View file

@ -3,24 +3,12 @@
#
haproxy:
# use lookup section to override 'map.jinja' values
#lookup:
#user: 'custom-user'
#group: 'custom-group'
# new setting to override configuration file path
#config_file: /etc/haproxy/haproxy.cfg
enabled: True
overwrite: True # Overwrite an existing config file if present (default behaviour unless set to false)
# old setting to override configuration file path, kept for compatibility
#config_file_path: /etc/haproxy/haproxy.cfg
config_file_path: /etc/haproxy/haproxy.cfg
global:
log:
- 127.0.0.1 local2
- 127.0.0.1 local1 notice
stats:
enable: True
socketpath: /var/lib/haproxy/stats
mode: 660
level: admin
ssl-default-bind-ciphers: "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384"
ssl-default-bind-options: "no-sslv3 no-tlsv10 no-tlsv11"
@ -139,7 +127,6 @@ haproxy:
- url_static path_end -i .jpg .gif .png .css .js
use_backends:
- static-backend if url_static
extra: "rspadd Strict-Transport-Security:\ max-age=15768000"
some-services:
bind:
- "*:8080"
@ -152,7 +139,6 @@ haproxy:
balance: roundrobin
redirects:
- scheme https if !{ ssl_fc }
extra: "reqidel ^X-Forwarded-For:"
servers:
server1:
name: server1-its-name
@ -210,6 +196,6 @@ haproxy:
- "content accept if serverhello"
stickons:
- "payload_lv(43,1) if clienthello"
reqreps:
- '^([^\ :]*)\ /static/(.*) \1\ \2'
reqrep:
- "^([^\ :]*)\ /static/(.*) \1\ \2"
options: "ssl-hello-chk"