Compare commits

..

1 commit

Author SHA1 Message Date
Forrest
2a6d65e8d5 Revert "Feature/more modular template" 2016-04-07 17:43:00 -07:00
8 changed files with 21 additions and 133 deletions

View file

@ -35,7 +35,7 @@ Currently, only a handful of options can be set using the pillar:
- Global - Global
+ stats: enable stats, curently only via a unix socket which can be set to a path with custom permissions + stats: enable stats, curently only via a unix socket which can be set to a path
+ user: sets the user haproxy shall run as + user: sets the user haproxy shall run as
+ group: sets the group haproxy shall run as + group: sets the group haproxy shall run as
+ chroot: allows you to turn on chroot and set a directory + chroot: allows you to turn on chroot and set a directory
@ -74,7 +74,6 @@ Currently, only a handful of options can be set using the pillar:
+ port: the port to contact the server on + port: the port to contact the server on
+ check: set to check to enable checking + check: set to check to enable checking
- For global, default, frontend, listener, backend and server it is possible to use the "extra" option for more rare settings not mentioned above.
``haproxy.service`` ``haproxy.service``
------------------- -------------------

View file

@ -1,19 +1,12 @@
{% from "haproxy/map.jinja" import haproxy with context %}
{% set config_file = salt['pillar.get']('haproxy:config_file_path', haproxy.config_file) %}
haproxy.config: haproxy.config:
file.managed: file.managed:
- name: {{ config_file }} - name: {{ salt['pillar.get']('haproxy:config_file_path', '/etc/haproxy/haproxy.cfg') }}
- source: {{ haproxy.config_file_source }} - source: salt://haproxy/templates/haproxy.jinja
- template: jinja - template: jinja
- user: {{ haproxy.user }} - user: root
- group: {{ haproxy.group }} - group: root
- mode: 644 - mode: 644
- require_in: - require_in:
- service: haproxy.service - service: haproxy.service
- watch_in: - watch_in:
- service: haproxy.service - service: haproxy.service
{% if salt['pillar.get']('haproxy:overwrite', default=True) == False %}
- unless:
- test -e {{ config_file }}
{% endif %}

View file

@ -3,10 +3,11 @@
# Meta-state to fully setup haproxy on debian. (or any other distro that has haproxy in their repo) # Meta-state to fully setup haproxy on debian. (or any other distro that has haproxy in their repo)
include: include:
{%- set haproxy_items = salt['pillar.get']('haproxy:include', []) %} {% if salt['pillar.get']('haproxy:include') %}
{%- for item in haproxy_items %} {% for item in salt['pillar.get']('haproxy:include') %}
- {{ item }} - {{ item }}
{%- endfor %} {% endfor %}
{% endif %}
- haproxy.install - haproxy.install
- haproxy.service - haproxy.service
- haproxy.config - haproxy.config

View file

@ -1,8 +1,6 @@
{% from "haproxy/map.jinja" import haproxy with context %}
haproxy.install: haproxy.install:
pkg.installed: pkg.installed:
- name: {{ haproxy.package }} - name: haproxy
{% if salt['pillar.get']('haproxy:require') %} {% if salt['pillar.get']('haproxy:require') %}
- require: - require:
{% for item in salt['pillar.get']('haproxy:require') %} {% for item in salt['pillar.get']('haproxy:require') %}

View file

@ -1,14 +0,0 @@
{% set haproxy = salt['grains.filter_by']({
'default': {
'package': 'haproxy',
'config_file': '/etc/haproxy/haproxy.cfg',
'config_file_source': 'salt://haproxy/templates/haproxy.jinja',
'user': 'root',
'group': 'root',
'service': 'haproxy',
},
'FreeBSD': {
'group': 'wheel',
},
}, merge=salt['pillar.get']('haproxy:lookup'), base='default') %}

View file

@ -1,19 +1,17 @@
{% from "haproxy/map.jinja" import haproxy with context %}
haproxy.service: haproxy.service:
{% if salt['pillar.get']('haproxy:enable', True) %} {% if salt['pillar.get']('haproxy:enable', True) %}
service.running: service.running:
- name: {{ haproxy.service }} - name: haproxy
- enable: True - enable: True
- reload: True - reload: True
- require: - require:
- pkg: haproxy.install - pkg: haproxy
{% if salt['grains.get']('os_family') == 'Debian' %} {% if salt['grains.get']('os_family') == 'Debian' %}
- file: haproxy.service - file: haproxy.service
{% endif %} {% endif %}
{% else %} {% else %}
service.dead: service.dead:
- name: {{ haproxy.service }} - name: haproxy
- enable: False - enable: False
{% endif %} {% endif %}
{% if salt['grains.get']('os_family') == 'Debian' %} {% if salt['grains.get']('os_family') == 'Debian' %}

View file

@ -23,14 +23,8 @@
# Global settings # Global settings
#------------------ #------------------
global global
{%- if salt['pillar.get']('haproxy:global:log', []) != [] %}
{%- for log in salt['pillar.get']('haproxy:global:log') %}
log {{log}}
{%- endfor %}
{%- else %}
log /dev/log local0 log /dev/log local0
log /dev/log local1 notice log /dev/log local1 notice
{%- endif %}
user {{ salt['pillar.get']('haproxy:global:user', 'haproxy') }} user {{ salt['pillar.get']('haproxy:global:user', 'haproxy') }}
group {{ salt['pillar.get']('haproxy:global:group', 'haproxy') }} group {{ salt['pillar.get']('haproxy:global:group', 'haproxy') }}
{%- if salt['pillar.get']('haproxy:global:chroot:enable', 'no') == True %} {%- if salt['pillar.get']('haproxy:global:chroot:enable', 'no') == True %}
@ -40,7 +34,7 @@ global
daemon daemon
{%- endif %} {%- endif %}
{%- if salt['pillar.get']('haproxy:global:stats:enable', 'no') == True %} {%- if salt['pillar.get']('haproxy:global:stats:enable', 'no') == True %}
stats socket {{ salt['pillar.get']('haproxy:global:stats:socketpath', '/tmp/ha_stats.sock') }} mode {{ salt['pillar.get']('haproxy:global:stats:mode', '660') }} level {{ salt['pillar.get']('haproxy:global:stats:level', 'operator') }} stats socket {{ salt['pillar.get']('haproxy:global:stats:socketpath', '/tmp/ha_stats.sock') }} level {{ salt['pillar.get']('haproxy:global:stats:level', 'operator') }}
{%- endif %} {%- endif %}
{%- if 'maxconn' in salt['pillar.get']('haproxy:global', {}) %} {%- if 'maxconn' in salt['pillar.get']('haproxy:global', {}) %}
maxconn {{ salt['pillar.get']('haproxy:global:maxconn') }} maxconn {{ salt['pillar.get']('haproxy:global:maxconn') }}
@ -69,15 +63,6 @@ global
{%- if 'ssl-default-bind-options' in salt['pillar.get']('haproxy:global', {}) %} {%- if 'ssl-default-bind-options' in salt['pillar.get']('haproxy:global', {}) %}
{{- render_list_of_dictionaries('ssl-default-bind-options', salt['pillar.get']('haproxy:global:ssl-default-bind-options')) }} {{- render_list_of_dictionaries('ssl-default-bind-options', salt['pillar.get']('haproxy:global:ssl-default-bind-options')) }}
{%- endif %} {%- endif %}
{%- if 'extra' in salt['pillar.get']('haproxy:global', {}) %}
{%- if salt['pillar.get']('haproxy:global:extra', {}) is string %}
{{ salt['pillar.get']('haproxy:global:extra') }}
{%- else %}
{%- for line in salt['pillar.get']('haproxy:global:extra') %}
{{ line }}
{%- endfor %}
{%- endif %}
{%- endif %}
{%- for id, userlist in salt['pillar.get']('haproxy:userlists', {})|dictsort %} {%- for id, userlist in salt['pillar.get']('haproxy:userlists', {})|dictsort %}
#------------------ #------------------
@ -104,21 +89,13 @@ userlist {{ id }}
#------------------ #------------------
defaults defaults
log {{ salt['pillar.get']('haproxy:defaults:log', 'global') }} log {{ salt['pillar.get']('haproxy:defaults:log', 'global') }}
{%- if 'mode' in salt['pillar.get']('haproxy:defaults', {}) %}
mode {{ salt['pillar.get']('haproxy:defaults:mode', 'http') }} mode {{ salt['pillar.get']('haproxy:defaults:mode', 'http') }}
{%- endif %}
{%- if 'retries' in salt['pillar.get']('haproxy:defaults', {}) %}
retries {{ salt['pillar.get']('haproxy:defaults:retries', '3') }} retries {{ salt['pillar.get']('haproxy:defaults:retries', '3') }}
{%- endif %}
{%- if 'balance' in salt['pillar.get']('haproxy:defaults', {}) %}
balance {{ salt['pillar.get']('haproxy:defaults:balance', 'roundrobin') }} balance {{ salt['pillar.get']('haproxy:defaults:balance', 'roundrobin') }}
{%- endif %} {%- if 'monitoruri' in salt['pillar.get']('haproxy:defaults', {}) -%}
{%- if 'monitoruri' in salt['pillar.get']('haproxy:defaults', {}) %}
monitor-uri {{ salt['pillar.get']('haproxy:defaults:monitoruri') }} monitor-uri {{ salt['pillar.get']('haproxy:defaults:monitoruri') }}
{%- endif %} {%- endif %}
{%- if 'hashtype' in salt['pillar.get']('haproxy:defaults', {}) %}
hash-type {{ salt['pillar.get']('haproxy:defaults:hashtype', 'map-based') }} hash-type {{ salt['pillar.get']('haproxy:defaults:hashtype', 'map-based') }}
{%- endif %}
{%- if 'options' in salt['pillar.get']('haproxy:defaults', {}) -%} {%- if 'options' in salt['pillar.get']('haproxy:defaults', {}) -%}
{{- render_list_of_dictionaries('option', salt['pillar.get']('haproxy:defaults:options')) }} {{- render_list_of_dictionaries('option', salt['pillar.get']('haproxy:defaults:options')) }}
{%- endif %} {%- endif %}
@ -140,15 +117,6 @@ defaults
{%- if 'stats' in salt['pillar.get']('haproxy:defaults', {}) -%} {%- if 'stats' in salt['pillar.get']('haproxy:defaults', {}) -%}
{{ render_list_of_dictionaries('stats', salt['pillar.get']('haproxy:defaults:stats')) }} {{ render_list_of_dictionaries('stats', salt['pillar.get']('haproxy:defaults:stats')) }}
{%- endif %} {%- endif %}
{%- if 'extra' in salt['pillar.get']('haproxy:defaults', {}) %}
{%- if salt['pillar.get']('haproxy:defaults:extra', {}) is string %}
{{ salt['pillar.get']('haproxy:defaults:extra') }}
{%- else %}
{%- for line in salt['pillar.get']('haproxy:defaults:extra') %}
{{ line }}
{%- endfor %}
{%- endif %}
{%- endif %}
{%- if 'errorfiles' in salt['pillar.get']('haproxy:defaults', {}) %} {%- if 'errorfiles' in salt['pillar.get']('haproxy:defaults', {}) %}
{%- for errorfile_name, errorfile in salt['pillar.get']('haproxy:defaults:errorfiles')|dictsort %} {%- for errorfile_name, errorfile in salt['pillar.get']('haproxy:defaults:errorfiles')|dictsort %}
errorfile {{ errorfile_name }} {{ errorfile }} errorfile {{ errorfile_name }} {{ errorfile }}
@ -232,7 +200,7 @@ listen {{ listener.get('name', listener_name) }}
{%- endif %} {%- endif %}
{%- if 'tcprequests' in listener %} {%- if 'tcprequests' in listener %}
{%- if listener.tcprequests is string %} {%- if listener.tcprequests is string %}
tcp-request {{ listener.tcprequests }} tcp-request {{ listner.tcprequests }}
{%- else %} {%- else %}
{%- for tcprequest in listener.tcprequests %} {%- for tcprequest in listener.tcprequests %}
tcp-request {{ tcprequest }} tcp-request {{ tcprequest }}
@ -307,11 +275,6 @@ listen {{ listener.get('name', listener_name) }}
{%- if 'maxconn' in listener %} {%- if 'maxconn' in listener %}
maxconn {{ listener.maxconn }} maxconn {{ listener.maxconn }}
{%- endif %} {%- endif %}
{%- if 'timeouts' in listener %}
{%- for timeout in listener.timeouts %}
timeout {{ timeout }}
{%- endfor %}
{%- endif %}
{%- if 'options' in listener %} {%- if 'options' in listener %}
{%- if listener.options is string %} {%- if listener.options is string %}
option {{ listener.options }} option {{ listener.options }}
@ -340,20 +303,12 @@ listen {{ listener.get('name', listener_name) }}
appsession {%- for option in listener.appsession %} {{ option }} {%- endfor %} appsession {%- for option in listener.appsession %} {{ option }} {%- endfor %}
{%- endif %} {%- endif %}
{%- endif %} {%- endif %}
{%- if 'extra' in listener %}
{%- if listener.extra is string %}
{{ listener.extra }}
{%- else %}
{%- for line in listener.extra %}
{{ line }} {%- endfor %}
{%- endif %}
{%- endif %}
{%- if 'defaultserver' in listener %} {%- if 'defaultserver' in listener %}
default-server {%- for option, value in listener.defaultserver|dictsort %} {{ ' '.join((option, value|string, '')) }} {%- endfor %} default-server {%- for option, value in listener.defaultserver|dictsort %} {{ ' '.join((option, value|string, '')) }} {%- endfor %}
{%- endif %} {%- endif %}
{%- if 'servers' in listener %} {%- if 'servers' in listener %}
{%- for server_name, server in listener.servers|dictsort %} {%- for server_name, server in listener.servers|dictsort %}
server {{ server.get('name', server_name) }} {{ server.host }}{% if 'port' in server %}:{{ server.port }}{% endif %} {% if 'maxconn' in server %} maxconn {{ server.maxconn }}{% endif %} {{ server.get('check', '') }} {{ server.get('extra', '') }} server {{ server.get('name', server_name) }} {{ server.host }}{% if 'port' in server %}:{{ server.port }}{% endif %} {{ server.get('check', '') }} {{ server.get('extra', '') }}
{%- endfor %} {%- endfor %}
{%- endif %} {%- endif %}
{% endfor %} {% endfor %}
@ -380,11 +335,6 @@ frontend {{ frontend.get('name', frontend_name) }}
{%- if 'maxconn' in frontend %} {%- if 'maxconn' in frontend %}
maxconn {{ frontend.maxconn }} maxconn {{ frontend.maxconn }}
{%- endif %} {%- endif %}
{%- if 'timeouts' in frontend %}
{%- for timeout in frontend.timeouts %}
timeout {{ timeout }}
{%- endfor %}
{%- endif %}
{%- if 'options' in frontend %} {%- if 'options' in frontend %}
{{- render_list_of_dictionaries('option', frontend.options) }} {{- render_list_of_dictionaries('option', frontend.options) }}
{%- endif %} {%- endif %}
@ -439,15 +389,6 @@ frontend {{ frontend.get('name', frontend_name) }}
{%- if 'stickons' in frontend %} {%- if 'stickons' in frontend %}
{{- render_list_of_dictionaries('stickon', frontend.stickons) }} {{- render_list_of_dictionaries('stickon', frontend.stickons) }}
{%- endif %} {%- endif %}
{%- if 'extra' in frontend %}
{%- if frontend.extra is string %}
{{ frontend.extra }}
{%- else %}
{%- for line in frontend.extra %}
{{ line }}
{%- endfor %}
{%- endif %}
{%- endif %}
{%- if 'default_backend' in frontend %} {%- if 'default_backend' in frontend %}
default_backend {{ frontend.default_backend }} default_backend {{ frontend.default_backend }}
{%- endif %} {%- endif %}
@ -472,11 +413,6 @@ backend {{ backend.get('name', backend_name) }}
{%- if 'balance' in backend %} {%- if 'balance' in backend %}
balance {{ backend.balance }} balance {{ backend.balance }}
{%- endif %} {%- endif %}
{%- if 'timeouts' in backend %}
{%- for timeout in backend.timeouts %}
timeout {{ timeout }}
{%- endfor %}
{%- endif %}
{%- if 'options' in backend %} {%- if 'options' in backend %}
{%- if backend.options is string %} {%- if backend.options is string %}
option {{ backend.options }} option {{ backend.options }}
@ -564,15 +500,6 @@ backend {{ backend.get('name', backend_name) }}
{%- if 'reqreps' in backend %} {%- if 'reqreps' in backend %}
{{- render_list_of_dictionaries('reqrep', backend.reqreps) }} {{- render_list_of_dictionaries('reqrep', backend.reqreps) }}
{%- endif %} {%- endif %}
{%- if 'extra' in backend %}
{%- if backend.extra is string %}
{{ backend.extra }}
{%- else %}
{%- for line in backend.extra %}
{{ line }}
{%- endfor %}
{%- endif %}
{%- endif %}
{%- if 'defaultserver' in backend %} {%- if 'defaultserver' in backend %}
default-server {%- for option, value in backend.defaultserver|dictsort %} {{ ' '.join((option, value|string, '')) }} {%- endfor %} default-server {%- for option, value in backend.defaultserver|dictsort %} {{ ' '.join((option, value|string, '')) }} {%- endfor %}
{%- endif %} {%- endif %}

View file

@ -3,24 +3,12 @@
# #
haproxy: haproxy:
# use lookup section to override 'map.jinja' values
#lookup:
#user: 'custom-user'
#group: 'custom-group'
# new setting to override configuration file path
#config_file: /etc/haproxy/haproxy.cfg
enabled: True enabled: True
overwrite: True # Overwrite an existing config file if present (default behaviour unless set to false) config_file_path: /etc/haproxy/haproxy.cfg
# old setting to override configuration file path, kept for compatibility
#config_file_path: /etc/haproxy/haproxy.cfg
global: global:
log:
- 127.0.0.1 local2
- 127.0.0.1 local1 notice
stats: stats:
enable: True enable: True
socketpath: /var/lib/haproxy/stats socketpath: /var/lib/haproxy/stats
mode: 660
level: admin level: admin
ssl-default-bind-ciphers: "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384" ssl-default-bind-ciphers: "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384"
ssl-default-bind-options: "no-sslv3 no-tlsv10 no-tlsv11" ssl-default-bind-options: "no-sslv3 no-tlsv10 no-tlsv11"
@ -139,7 +127,6 @@ haproxy:
- url_static path_end -i .jpg .gif .png .css .js - url_static path_end -i .jpg .gif .png .css .js
use_backends: use_backends:
- static-backend if url_static - static-backend if url_static
extra: "rspadd Strict-Transport-Security:\ max-age=15768000"
some-services: some-services:
bind: bind:
- "*:8080" - "*:8080"
@ -152,7 +139,6 @@ haproxy:
balance: roundrobin balance: roundrobin
redirects: redirects:
- scheme https if !{ ssl_fc } - scheme https if !{ ssl_fc }
extra: "reqidel ^X-Forwarded-For:"
servers: servers:
server1: server1:
name: server1-its-name name: server1-its-name
@ -210,6 +196,6 @@ haproxy:
- "content accept if serverhello" - "content accept if serverhello"
stickons: stickons:
- "payload_lv(43,1) if clienthello" - "payload_lv(43,1) if clienthello"
reqreps: reqrep:
- '^([^\ :]*)\ /static/(.*) \1\ \2' - "^([^\ :]*)\ /static/(.*) \1\ \2"
options: "ssl-hello-chk" options: "ssl-hello-chk"