Compare commits
1 commit
master
...
revert-51-
Author | SHA1 | Date | |
---|---|---|---|
|
2a6d65e8d5 |
8 changed files with 21 additions and 133 deletions
|
@ -35,7 +35,7 @@ Currently, only a handful of options can be set using the pillar:
|
|||
|
||||
- Global
|
||||
|
||||
+ stats: enable stats, curently only via a unix socket which can be set to a path with custom permissions
|
||||
+ stats: enable stats, curently only via a unix socket which can be set to a path
|
||||
+ user: sets the user haproxy shall run as
|
||||
+ group: sets the group haproxy shall run as
|
||||
+ chroot: allows you to turn on chroot and set a directory
|
||||
|
@ -74,7 +74,6 @@ Currently, only a handful of options can be set using the pillar:
|
|||
+ port: the port to contact the server on
|
||||
+ check: set to check to enable checking
|
||||
|
||||
- For global, default, frontend, listener, backend and server it is possible to use the "extra" option for more rare settings not mentioned above.
|
||||
|
||||
``haproxy.service``
|
||||
-------------------
|
||||
|
|
|
@ -1,19 +1,12 @@
|
|||
{% from "haproxy/map.jinja" import haproxy with context %}
|
||||
|
||||
{% set config_file = salt['pillar.get']('haproxy:config_file_path', haproxy.config_file) %}
|
||||
haproxy.config:
|
||||
file.managed:
|
||||
- name: {{ config_file }}
|
||||
- source: {{ haproxy.config_file_source }}
|
||||
- name: {{ salt['pillar.get']('haproxy:config_file_path', '/etc/haproxy/haproxy.cfg') }}
|
||||
- source: salt://haproxy/templates/haproxy.jinja
|
||||
- template: jinja
|
||||
- user: {{ haproxy.user }}
|
||||
- group: {{ haproxy.group }}
|
||||
- user: root
|
||||
- group: root
|
||||
- mode: 644
|
||||
- require_in:
|
||||
- service: haproxy.service
|
||||
- watch_in:
|
||||
- service: haproxy.service
|
||||
{% if salt['pillar.get']('haproxy:overwrite', default=True) == False %}
|
||||
- unless:
|
||||
- test -e {{ config_file }}
|
||||
{% endif %}
|
||||
|
|
|
@ -3,10 +3,11 @@
|
|||
# Meta-state to fully setup haproxy on debian. (or any other distro that has haproxy in their repo)
|
||||
|
||||
include:
|
||||
{%- set haproxy_items = salt['pillar.get']('haproxy:include', []) %}
|
||||
{%- for item in haproxy_items %}
|
||||
{% if salt['pillar.get']('haproxy:include') %}
|
||||
{% for item in salt['pillar.get']('haproxy:include') %}
|
||||
- {{ item }}
|
||||
{%- endfor %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
- haproxy.install
|
||||
- haproxy.service
|
||||
- haproxy.config
|
||||
|
|
|
@ -1,8 +1,6 @@
|
|||
{% from "haproxy/map.jinja" import haproxy with context %}
|
||||
|
||||
haproxy.install:
|
||||
pkg.installed:
|
||||
- name: {{ haproxy.package }}
|
||||
- name: haproxy
|
||||
{% if salt['pillar.get']('haproxy:require') %}
|
||||
- require:
|
||||
{% for item in salt['pillar.get']('haproxy:require') %}
|
||||
|
|
|
@ -1,14 +0,0 @@
|
|||
{% set haproxy = salt['grains.filter_by']({
|
||||
'default': {
|
||||
'package': 'haproxy',
|
||||
'config_file': '/etc/haproxy/haproxy.cfg',
|
||||
'config_file_source': 'salt://haproxy/templates/haproxy.jinja',
|
||||
'user': 'root',
|
||||
'group': 'root',
|
||||
'service': 'haproxy',
|
||||
},
|
||||
'FreeBSD': {
|
||||
'group': 'wheel',
|
||||
},
|
||||
}, merge=salt['pillar.get']('haproxy:lookup'), base='default') %}
|
||||
|
|
@ -1,19 +1,17 @@
|
|||
{% from "haproxy/map.jinja" import haproxy with context %}
|
||||
|
||||
haproxy.service:
|
||||
{% if salt['pillar.get']('haproxy:enable', True) %}
|
||||
service.running:
|
||||
- name: {{ haproxy.service }}
|
||||
- name: haproxy
|
||||
- enable: True
|
||||
- reload: True
|
||||
- require:
|
||||
- pkg: haproxy.install
|
||||
- pkg: haproxy
|
||||
{% if salt['grains.get']('os_family') == 'Debian' %}
|
||||
- file: haproxy.service
|
||||
{% endif %}
|
||||
{% else %}
|
||||
service.dead:
|
||||
- name: {{ haproxy.service }}
|
||||
- name: haproxy
|
||||
- enable: False
|
||||
{% endif %}
|
||||
{% if salt['grains.get']('os_family') == 'Debian' %}
|
||||
|
|
|
@ -23,14 +23,8 @@
|
|||
# Global settings
|
||||
#------------------
|
||||
global
|
||||
{%- if salt['pillar.get']('haproxy:global:log', []) != [] %}
|
||||
{%- for log in salt['pillar.get']('haproxy:global:log') %}
|
||||
log {{log}}
|
||||
{%- endfor %}
|
||||
{%- else %}
|
||||
log /dev/log local0
|
||||
log /dev/log local1 notice
|
||||
{%- endif %}
|
||||
user {{ salt['pillar.get']('haproxy:global:user', 'haproxy') }}
|
||||
group {{ salt['pillar.get']('haproxy:global:group', 'haproxy') }}
|
||||
{%- if salt['pillar.get']('haproxy:global:chroot:enable', 'no') == True %}
|
||||
|
@ -40,7 +34,7 @@ global
|
|||
daemon
|
||||
{%- endif %}
|
||||
{%- if salt['pillar.get']('haproxy:global:stats:enable', 'no') == True %}
|
||||
stats socket {{ salt['pillar.get']('haproxy:global:stats:socketpath', '/tmp/ha_stats.sock') }} mode {{ salt['pillar.get']('haproxy:global:stats:mode', '660') }} level {{ salt['pillar.get']('haproxy:global:stats:level', 'operator') }}
|
||||
stats socket {{ salt['pillar.get']('haproxy:global:stats:socketpath', '/tmp/ha_stats.sock') }} level {{ salt['pillar.get']('haproxy:global:stats:level', 'operator') }}
|
||||
{%- endif %}
|
||||
{%- if 'maxconn' in salt['pillar.get']('haproxy:global', {}) %}
|
||||
maxconn {{ salt['pillar.get']('haproxy:global:maxconn') }}
|
||||
|
@ -69,15 +63,6 @@ global
|
|||
{%- if 'ssl-default-bind-options' in salt['pillar.get']('haproxy:global', {}) %}
|
||||
{{- render_list_of_dictionaries('ssl-default-bind-options', salt['pillar.get']('haproxy:global:ssl-default-bind-options')) }}
|
||||
{%- endif %}
|
||||
{%- if 'extra' in salt['pillar.get']('haproxy:global', {}) %}
|
||||
{%- if salt['pillar.get']('haproxy:global:extra', {}) is string %}
|
||||
{{ salt['pillar.get']('haproxy:global:extra') }}
|
||||
{%- else %}
|
||||
{%- for line in salt['pillar.get']('haproxy:global:extra') %}
|
||||
{{ line }}
|
||||
{%- endfor %}
|
||||
{%- endif %}
|
||||
{%- endif %}
|
||||
|
||||
{%- for id, userlist in salt['pillar.get']('haproxy:userlists', {})|dictsort %}
|
||||
#------------------
|
||||
|
@ -104,21 +89,13 @@ userlist {{ id }}
|
|||
#------------------
|
||||
defaults
|
||||
log {{ salt['pillar.get']('haproxy:defaults:log', 'global') }}
|
||||
{%- if 'mode' in salt['pillar.get']('haproxy:defaults', {}) %}
|
||||
mode {{ salt['pillar.get']('haproxy:defaults:mode', 'http') }}
|
||||
{%- endif %}
|
||||
{%- if 'retries' in salt['pillar.get']('haproxy:defaults', {}) %}
|
||||
retries {{ salt['pillar.get']('haproxy:defaults:retries', '3') }}
|
||||
{%- endif %}
|
||||
{%- if 'balance' in salt['pillar.get']('haproxy:defaults', {}) %}
|
||||
balance {{ salt['pillar.get']('haproxy:defaults:balance', 'roundrobin') }}
|
||||
{%- endif %}
|
||||
{%- if 'monitoruri' in salt['pillar.get']('haproxy:defaults', {}) %}
|
||||
{%- if 'monitoruri' in salt['pillar.get']('haproxy:defaults', {}) -%}
|
||||
monitor-uri {{ salt['pillar.get']('haproxy:defaults:monitoruri') }}
|
||||
{%- endif %}
|
||||
{%- if 'hashtype' in salt['pillar.get']('haproxy:defaults', {}) %}
|
||||
hash-type {{ salt['pillar.get']('haproxy:defaults:hashtype', 'map-based') }}
|
||||
{%- endif %}
|
||||
{%- if 'options' in salt['pillar.get']('haproxy:defaults', {}) -%}
|
||||
{{- render_list_of_dictionaries('option', salt['pillar.get']('haproxy:defaults:options')) }}
|
||||
{%- endif %}
|
||||
|
@ -140,15 +117,6 @@ defaults
|
|||
{%- if 'stats' in salt['pillar.get']('haproxy:defaults', {}) -%}
|
||||
{{ render_list_of_dictionaries('stats', salt['pillar.get']('haproxy:defaults:stats')) }}
|
||||
{%- endif %}
|
||||
{%- if 'extra' in salt['pillar.get']('haproxy:defaults', {}) %}
|
||||
{%- if salt['pillar.get']('haproxy:defaults:extra', {}) is string %}
|
||||
{{ salt['pillar.get']('haproxy:defaults:extra') }}
|
||||
{%- else %}
|
||||
{%- for line in salt['pillar.get']('haproxy:defaults:extra') %}
|
||||
{{ line }}
|
||||
{%- endfor %}
|
||||
{%- endif %}
|
||||
{%- endif %}
|
||||
{%- if 'errorfiles' in salt['pillar.get']('haproxy:defaults', {}) %}
|
||||
{%- for errorfile_name, errorfile in salt['pillar.get']('haproxy:defaults:errorfiles')|dictsort %}
|
||||
errorfile {{ errorfile_name }} {{ errorfile }}
|
||||
|
@ -232,7 +200,7 @@ listen {{ listener.get('name', listener_name) }}
|
|||
{%- endif %}
|
||||
{%- if 'tcprequests' in listener %}
|
||||
{%- if listener.tcprequests is string %}
|
||||
tcp-request {{ listener.tcprequests }}
|
||||
tcp-request {{ listner.tcprequests }}
|
||||
{%- else %}
|
||||
{%- for tcprequest in listener.tcprequests %}
|
||||
tcp-request {{ tcprequest }}
|
||||
|
@ -307,11 +275,6 @@ listen {{ listener.get('name', listener_name) }}
|
|||
{%- if 'maxconn' in listener %}
|
||||
maxconn {{ listener.maxconn }}
|
||||
{%- endif %}
|
||||
{%- if 'timeouts' in listener %}
|
||||
{%- for timeout in listener.timeouts %}
|
||||
timeout {{ timeout }}
|
||||
{%- endfor %}
|
||||
{%- endif %}
|
||||
{%- if 'options' in listener %}
|
||||
{%- if listener.options is string %}
|
||||
option {{ listener.options }}
|
||||
|
@ -340,20 +303,12 @@ listen {{ listener.get('name', listener_name) }}
|
|||
appsession {%- for option in listener.appsession %} {{ option }} {%- endfor %}
|
||||
{%- endif %}
|
||||
{%- endif %}
|
||||
{%- if 'extra' in listener %}
|
||||
{%- if listener.extra is string %}
|
||||
{{ listener.extra }}
|
||||
{%- else %}
|
||||
{%- for line in listener.extra %}
|
||||
{{ line }} {%- endfor %}
|
||||
{%- endif %}
|
||||
{%- endif %}
|
||||
{%- if 'defaultserver' in listener %}
|
||||
default-server {%- for option, value in listener.defaultserver|dictsort %} {{ ' '.join((option, value|string, '')) }} {%- endfor %}
|
||||
{%- endif %}
|
||||
{%- if 'servers' in listener %}
|
||||
{%- for server_name, server in listener.servers|dictsort %}
|
||||
server {{ server.get('name', server_name) }} {{ server.host }}{% if 'port' in server %}:{{ server.port }}{% endif %} {% if 'maxconn' in server %} maxconn {{ server.maxconn }}{% endif %} {{ server.get('check', '') }} {{ server.get('extra', '') }}
|
||||
server {{ server.get('name', server_name) }} {{ server.host }}{% if 'port' in server %}:{{ server.port }}{% endif %} {{ server.get('check', '') }} {{ server.get('extra', '') }}
|
||||
{%- endfor %}
|
||||
{%- endif %}
|
||||
{% endfor %}
|
||||
|
@ -380,11 +335,6 @@ frontend {{ frontend.get('name', frontend_name) }}
|
|||
{%- if 'maxconn' in frontend %}
|
||||
maxconn {{ frontend.maxconn }}
|
||||
{%- endif %}
|
||||
{%- if 'timeouts' in frontend %}
|
||||
{%- for timeout in frontend.timeouts %}
|
||||
timeout {{ timeout }}
|
||||
{%- endfor %}
|
||||
{%- endif %}
|
||||
{%- if 'options' in frontend %}
|
||||
{{- render_list_of_dictionaries('option', frontend.options) }}
|
||||
{%- endif %}
|
||||
|
@ -439,15 +389,6 @@ frontend {{ frontend.get('name', frontend_name) }}
|
|||
{%- if 'stickons' in frontend %}
|
||||
{{- render_list_of_dictionaries('stickon', frontend.stickons) }}
|
||||
{%- endif %}
|
||||
{%- if 'extra' in frontend %}
|
||||
{%- if frontend.extra is string %}
|
||||
{{ frontend.extra }}
|
||||
{%- else %}
|
||||
{%- for line in frontend.extra %}
|
||||
{{ line }}
|
||||
{%- endfor %}
|
||||
{%- endif %}
|
||||
{%- endif %}
|
||||
{%- if 'default_backend' in frontend %}
|
||||
default_backend {{ frontend.default_backend }}
|
||||
{%- endif %}
|
||||
|
@ -472,11 +413,6 @@ backend {{ backend.get('name', backend_name) }}
|
|||
{%- if 'balance' in backend %}
|
||||
balance {{ backend.balance }}
|
||||
{%- endif %}
|
||||
{%- if 'timeouts' in backend %}
|
||||
{%- for timeout in backend.timeouts %}
|
||||
timeout {{ timeout }}
|
||||
{%- endfor %}
|
||||
{%- endif %}
|
||||
{%- if 'options' in backend %}
|
||||
{%- if backend.options is string %}
|
||||
option {{ backend.options }}
|
||||
|
@ -564,15 +500,6 @@ backend {{ backend.get('name', backend_name) }}
|
|||
{%- if 'reqreps' in backend %}
|
||||
{{- render_list_of_dictionaries('reqrep', backend.reqreps) }}
|
||||
{%- endif %}
|
||||
{%- if 'extra' in backend %}
|
||||
{%- if backend.extra is string %}
|
||||
{{ backend.extra }}
|
||||
{%- else %}
|
||||
{%- for line in backend.extra %}
|
||||
{{ line }}
|
||||
{%- endfor %}
|
||||
{%- endif %}
|
||||
{%- endif %}
|
||||
{%- if 'defaultserver' in backend %}
|
||||
default-server {%- for option, value in backend.defaultserver|dictsort %} {{ ' '.join((option, value|string, '')) }} {%- endfor %}
|
||||
{%- endif %}
|
||||
|
|
|
@ -3,24 +3,12 @@
|
|||
#
|
||||
|
||||
haproxy:
|
||||
# use lookup section to override 'map.jinja' values
|
||||
#lookup:
|
||||
#user: 'custom-user'
|
||||
#group: 'custom-group'
|
||||
# new setting to override configuration file path
|
||||
#config_file: /etc/haproxy/haproxy.cfg
|
||||
enabled: True
|
||||
overwrite: True # Overwrite an existing config file if present (default behaviour unless set to false)
|
||||
# old setting to override configuration file path, kept for compatibility
|
||||
#config_file_path: /etc/haproxy/haproxy.cfg
|
||||
config_file_path: /etc/haproxy/haproxy.cfg
|
||||
global:
|
||||
log:
|
||||
- 127.0.0.1 local2
|
||||
- 127.0.0.1 local1 notice
|
||||
stats:
|
||||
enable: True
|
||||
socketpath: /var/lib/haproxy/stats
|
||||
mode: 660
|
||||
level: admin
|
||||
ssl-default-bind-ciphers: "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384"
|
||||
ssl-default-bind-options: "no-sslv3 no-tlsv10 no-tlsv11"
|
||||
|
@ -139,7 +127,6 @@ haproxy:
|
|||
- url_static path_end -i .jpg .gif .png .css .js
|
||||
use_backends:
|
||||
- static-backend if url_static
|
||||
extra: "rspadd Strict-Transport-Security:\ max-age=15768000"
|
||||
some-services:
|
||||
bind:
|
||||
- "*:8080"
|
||||
|
@ -152,7 +139,6 @@ haproxy:
|
|||
balance: roundrobin
|
||||
redirects:
|
||||
- scheme https if !{ ssl_fc }
|
||||
extra: "reqidel ^X-Forwarded-For:"
|
||||
servers:
|
||||
server1:
|
||||
name: server1-its-name
|
||||
|
@ -210,6 +196,6 @@ haproxy:
|
|||
- "content accept if serverhello"
|
||||
stickons:
|
||||
- "payload_lv(43,1) if clienthello"
|
||||
reqreps:
|
||||
- '^([^\ :]*)\ /static/(.*) \1\ \2'
|
||||
reqrep:
|
||||
- "^([^\ :]*)\ /static/(.*) \1\ \2"
|
||||
options: "ssl-hello-chk"
|
||||
|
|
Loading…
Reference in a new issue