Merge pull request #72 from mymasse/feature/fix_override

Fix service state when override are used
2018-03-23 09:22:22 +01:00 · 2018-03-22 20:43:25 -04:00 · 2017-12-13 22:30:14 +00:00 · 2017-11-06 16:58:30 +01:00 · 2017-10-31 14:42:20 +01:00 · 2017-10-31 14:41:54 +01:00
8 changed files with 133 additions and 21 deletions
--- a/README.rst
+++ b/README.rst
@ -35,7 +35,7 @@ Currently, only a handful of options can be set using the pillar:

 - Global

-  + stats: enable stats, curently only via a unix socket which can be set to a path
+  + stats: enable stats, curently only via a unix socket which can be set to a path with custom permissions
  + user: sets the user haproxy shall run as
  + group: sets the group haproxy shall run as
  + chroot: allows you to turn on chroot and set a directory
@ -74,6 +74,7 @@ Currently, only a handful of options can be set using the pillar:
    + port: the port to contact the server on
    + check: set to check to enable checking

+- For global, default, frontend, listener, backend and server it is possible to use the "extra" option for more rare settings not mentioned above.

 ``haproxy.service``
 -------------------
--- a/haproxy/config.sls
+++ b/haproxy/config.sls
@ -1,12 +1,19 @@
+{% from "haproxy/map.jinja" import haproxy with context %}
+
+{% set config_file = salt['pillar.get']('haproxy:config_file_path', haproxy.config_file) %}
 haproxy.config:
 file.managed:
-   - name: {{ salt['pillar.get']('haproxy:config_file_path', '/etc/haproxy/haproxy.cfg') }}
-   - source: salt://haproxy/templates/haproxy.jinja
+   - name: {{ config_file }}
+   - source: {{ haproxy.config_file_source }}
   - template: jinja
-   - user: root
-   - group: root
+   - user: {{ haproxy.user }}
+   - group: {{ haproxy.group }}
   - mode: 644
   - require_in:
     - service: haproxy.service
   - watch_in:
-     - service: haproxy.service
+     - service: haproxy.service
+   {% if salt['pillar.get']('haproxy:overwrite', default=True) == False %}
+   - unless:
+     - test -e {{ config_file }}
+   {% endif %}
--- a/haproxy/init.sls
+++ b/haproxy/init.sls
@ -3,11 +3,10 @@
 # Meta-state to fully setup haproxy on debian. (or any other distro that has haproxy in their repo)

 include:
-{% if salt['pillar.get']('haproxy:include') %}
-{% for item in salt['pillar.get']('haproxy:include') %}
+{%- set haproxy_items = salt['pillar.get']('haproxy:include', []) %}
+{%- for item in haproxy_items %}
  - {{ item }}
-{% endfor %}
-{% endif %}
+{%- endfor %}
  - haproxy.install
  - haproxy.service
  - haproxy.config
--- a/haproxy/install.sls
+++ b/haproxy/install.sls
@ -1,6 +1,8 @@
+{% from "haproxy/map.jinja" import haproxy with context %}
+
 haproxy.install:
  pkg.installed:
-    - name: haproxy
+    - name: {{ haproxy.package }}
 {% if salt['pillar.get']('haproxy:require') %}
    - require:
 {% for item in salt['pillar.get']('haproxy:require') %}
--- a/haproxy/map.jinja
+++ b/haproxy/map.jinja
@ -0,0 +1,14 @@
+{% set haproxy = salt['grains.filter_by']({
+    'default': {
+        'package': 'haproxy',
+        'config_file': '/etc/haproxy/haproxy.cfg',
+        'config_file_source': 'salt://haproxy/templates/haproxy.jinja',
+        'user': 'root',
+        'group': 'root',
+        'service': 'haproxy',
+    },
+    'FreeBSD': {
+        'group': 'wheel',
+    },
+}, merge=salt['pillar.get']('haproxy:lookup'), base='default') %}
+
--- a/haproxy/service.sls
+++ b/haproxy/service.sls
@ -1,17 +1,19 @@
+{% from "haproxy/map.jinja" import haproxy with context %}
+
 haproxy.service:
 {% if salt['pillar.get']('haproxy:enable', True) %}
  service.running:
-    - name: haproxy
+    - name: {{ haproxy.service }}
    - enable: True
    - reload: True
    - require:
-      - pkg: haproxy
+      - pkg: haproxy.install
 {% if salt['grains.get']('os_family') == 'Debian' %}
      - file: haproxy.service
 {% endif %}
 {% else %}
  service.dead:
-    - name: haproxy
+    - name: {{ haproxy.service }}
    - enable: False
 {% endif %}
 {% if salt['grains.get']('os_family') == 'Debian' %}
--- a/haproxy/templates/haproxy.jinja
+++ b/haproxy/templates/haproxy.jinja
@ -23,8 +23,14 @@
 # Global settings
 #------------------
 global
+{%- if salt['pillar.get']('haproxy:global:log', []) != [] %}
+{%- for log in salt['pillar.get']('haproxy:global:log') %}
+    log {{log}}
+{%- endfor %}
+{%- else %}
    log /dev/log    local0
    log /dev/log    local1 notice
+{%- endif %}
    user {{ salt['pillar.get']('haproxy:global:user', 'haproxy') }}
    group {{ salt['pillar.get']('haproxy:global:group', 'haproxy') }}
 {%- if salt['pillar.get']('haproxy:global:chroot:enable', 'no') == True %}
@ -34,7 +40,7 @@ global
    daemon
 {%- endif %}
 {%- if salt['pillar.get']('haproxy:global:stats:enable', 'no') == True %}
-    stats socket {{ salt['pillar.get']('haproxy:global:stats:socketpath', '/tmp/ha_stats.sock') }} level {{ salt['pillar.get']('haproxy:global:stats:level', 'operator') }}
+    stats socket {{ salt['pillar.get']('haproxy:global:stats:socketpath', '/tmp/ha_stats.sock') }} mode {{ salt['pillar.get']('haproxy:global:stats:mode', '660') }} level {{ salt['pillar.get']('haproxy:global:stats:level', 'operator') }}
 {%- endif %}
 {%- if 'maxconn' in salt['pillar.get']('haproxy:global', {}) %}
    maxconn {{ salt['pillar.get']('haproxy:global:maxconn') }}
@ -63,6 +69,15 @@ global
 {%- if 'ssl-default-bind-options' in salt['pillar.get']('haproxy:global', {}) %}
    {{- render_list_of_dictionaries('ssl-default-bind-options', salt['pillar.get']('haproxy:global:ssl-default-bind-options')) }}
 {%- endif %}
+{%- if 'extra' in salt['pillar.get']('haproxy:global', {}) %}
+  {%- if salt['pillar.get']('haproxy:global:extra', {}) is string %}
+    {{ salt['pillar.get']('haproxy:global:extra') }}
+  {%- else %}
+    {%- for line in salt['pillar.get']('haproxy:global:extra') %}
+    {{ line }}
+    {%- endfor %}
+  {%- endif %}
+{%- endif %}

 {%- for id, userlist in salt['pillar.get']('haproxy:userlists',  {})|dictsort %}
 #------------------
@ -89,13 +104,21 @@ userlist {{ id }}
 #------------------
 defaults
    log {{ salt['pillar.get']('haproxy:defaults:log', 'global') }}
+{%- if 'mode' in salt['pillar.get']('haproxy:defaults', {}) %}
    mode {{ salt['pillar.get']('haproxy:defaults:mode', 'http') }}
+{%- endif %}
+{%- if 'retries' in salt['pillar.get']('haproxy:defaults', {}) %}
    retries {{ salt['pillar.get']('haproxy:defaults:retries', '3') }}
+{%- endif %}
+{%- if 'balance' in salt['pillar.get']('haproxy:defaults', {}) %}
    balance {{ salt['pillar.get']('haproxy:defaults:balance', 'roundrobin') }}
-{%- if 'monitoruri' in salt['pillar.get']('haproxy:defaults', {}) -%}
+{%- endif %}
+{%- if 'monitoruri' in salt['pillar.get']('haproxy:defaults', {}) %}
    monitor-uri {{ salt['pillar.get']('haproxy:defaults:monitoruri') }}
 {%- endif %}
+{%- if 'hashtype' in salt['pillar.get']('haproxy:defaults', {}) %}
    hash-type {{ salt['pillar.get']('haproxy:defaults:hashtype', 'map-based') }}
+{%- endif %}
 {%- if 'options' in salt['pillar.get']('haproxy:defaults', {}) -%}
    {{- render_list_of_dictionaries('option', salt['pillar.get']('haproxy:defaults:options')) }}
 {%- endif %}
@ -117,6 +140,15 @@ defaults
 {%- if 'stats' in salt['pillar.get']('haproxy:defaults', {}) -%}
    {{ render_list_of_dictionaries('stats', salt['pillar.get']('haproxy:defaults:stats')) }}
 {%- endif %}
+{%- if 'extra' in salt['pillar.get']('haproxy:defaults', {}) %}
+  {%- if salt['pillar.get']('haproxy:defaults:extra', {}) is string %}
+    {{ salt['pillar.get']('haproxy:defaults:extra') }}
+  {%- else %}
+    {%- for line in salt['pillar.get']('haproxy:defaults:extra') %}
+    {{ line }}
+    {%- endfor %}
+  {%- endif %}
+{%- endif %}
 {%- if 'errorfiles' in salt['pillar.get']('haproxy:defaults', {}) %}
  {%- for errorfile_name, errorfile in salt['pillar.get']('haproxy:defaults:errorfiles')|dictsort %}
    errorfile {{ errorfile_name }} {{ errorfile }}
@ -200,7 +232,7 @@ listen {{ listener.get('name', listener_name) }}
    {%- endif %}
    {%- if 'tcprequests' in listener %}
      {%- if listener.tcprequests is string %}
-    tcp-request {{ listner.tcprequests }}
+    tcp-request {{ listener.tcprequests }}
      {%- else %}
        {%- for tcprequest in listener.tcprequests %}
    tcp-request {{ tcprequest }}
@ -275,6 +307,11 @@ listen {{ listener.get('name', listener_name) }}
    {%- if 'maxconn' in listener %}
    maxconn {{ listener.maxconn }}
    {%- endif %}
+    {%- if 'timeouts' in listener %}
+      {%- for timeout in listener.timeouts %}
+    timeout {{ timeout }}
+      {%- endfor %}
+    {%- endif %}
    {%- if 'options' in listener %}
      {%- if listener.options is string %}
    option {{ listener.options }}
@ -303,12 +340,20 @@ listen {{ listener.get('name', listener_name) }}
    appsession {%- for option in listener.appsession %}  {{ option }}  {%- endfor %}
      {%- endif %}
    {%- endif %}
+    {%- if 'extra' in listener %}
+      {%- if listener.extra is string %}
+    {{ listener.extra }}
+      {%- else %}
+    {%- for line in listener.extra %}
+    {{ line }}  {%- endfor %}
+      {%- endif %}
+    {%- endif %}
    {%- if 'defaultserver' in listener %}
    default-server {%- for option, value in listener.defaultserver|dictsort %} {{ ' '.join((option, value|string, '')) }} {%- endfor %}
    {%- endif %}
    {%- if 'servers' in listener %}
      {%- for server_name, server in listener.servers|dictsort %}
-    server {{ server.get('name', server_name) }} {{ server.host }}{% if 'port' in server %}:{{ server.port }}{% endif %} {{ server.get('check', '') }} {{ server.get('extra', '') }}
+    server {{ server.get('name', server_name) }} {{ server.host }}{% if 'port' in server %}:{{ server.port }}{% endif %} {% if 'maxconn' in server %} maxconn {{ server.maxconn }}{% endif %} {{ server.get('check', '') }} {{ server.get('extra', '') }}
      {%- endfor %}
    {%- endif %}
  {% endfor %}
@ -335,6 +380,11 @@ frontend {{ frontend.get('name', frontend_name) }}
    {%- if 'maxconn' in frontend %}
    maxconn {{ frontend.maxconn }}
    {%- endif %}
+    {%- if 'timeouts' in frontend %}
+      {%- for timeout in frontend.timeouts %}
+    timeout {{ timeout }}
+      {%- endfor %}
+    {%- endif %}
    {%- if 'options' in frontend %}
    {{- render_list_of_dictionaries('option', frontend.options) }}
    {%- endif %}
@ -389,6 +439,15 @@ frontend {{ frontend.get('name', frontend_name) }}
    {%- if 'stickons' in frontend %}
    {{- render_list_of_dictionaries('stickon', frontend.stickons) }}
    {%- endif %}
+    {%- if 'extra' in frontend %}
+      {%- if frontend.extra is string %}
+    {{ frontend.extra }}
+      {%- else %}
+    {%- for line in frontend.extra %}
+    {{ line }}
+    {%- endfor %}
+      {%- endif %}
+    {%- endif %}
    {%- if 'default_backend' in frontend %}
    default_backend {{ frontend.default_backend }}
    {%- endif %}
@ -413,6 +472,11 @@ backend {{ backend.get('name', backend_name) }}
    {%- if 'balance' in backend %}
    balance {{ backend.balance }}
    {%- endif %}
+    {%- if 'timeouts' in backend %}
+      {%- for timeout in backend.timeouts %}
+    timeout {{ timeout }}
+      {%- endfor %}
+    {%- endif %}
    {%- if 'options' in backend %}
      {%- if backend.options is string %}
    option {{ backend.options }}
@ -500,6 +564,15 @@ backend {{ backend.get('name', backend_name) }}
    {%- if 'reqreps' in backend %}
    {{- render_list_of_dictionaries('reqrep', backend.reqreps) }}
    {%- endif %}
+    {%- if 'extra' in backend %}
+      {%- if backend.extra is string %}
+    {{ backend.extra }}
+      {%- else %}
+    {%- for line in backend.extra %}
+    {{ line }}
+    {%- endfor %}
+      {%- endif %}
+    {%- endif %}
    {%- if 'defaultserver' in backend %}
    default-server {%- for option, value in backend.defaultserver|dictsort %} {{ ' '.join((option, value|string, '')) }} {%- endfor %}
    {%- endif %}
--- a/pillar.example
+++ b/pillar.example
@ -3,12 +3,24 @@
 #

 haproxy:
+  # use lookup section to override 'map.jinja' values
+  #lookup:
+    #user: 'custom-user'
+    #group: 'custom-group'
+    # new setting to override configuration file path
+    #config_file: /etc/haproxy/haproxy.cfg
  enabled: True
-  config_file_path: /etc/haproxy/haproxy.cfg
+  overwrite: True # Overwrite an existing config file if present (default behaviour unless set to false)
+  # old setting to override configuration file path, kept for compatibility
+  #config_file_path: /etc/haproxy/haproxy.cfg
  global:
+    log:
+      - 127.0.0.1 local2
+      - 127.0.0.1 local1 notice
    stats:
      enable: True
      socketpath: /var/lib/haproxy/stats
+      mode: 660
      level: admin
    ssl-default-bind-ciphers: "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384"
    ssl-default-bind-options: "no-sslv3 no-tlsv10 no-tlsv11"
@ -127,6 +139,7 @@ haproxy:
        - url_static       path_end       -i .jpg .gif .png .css .js
      use_backends:
        - static-backend  if url_static
+      extra: "rspadd  Strict-Transport-Security:\ max-age=15768000"
    some-services:
      bind:
        - "*:8080"
@ -139,6 +152,7 @@ haproxy:
      balance: roundrobin
      redirects: 
        - scheme https if !{ ssl_fc }
+      extra: "reqidel ^X-Forwarded-For:"
      servers:
        server1:
          name: server1-its-name
@ -196,6 +210,6 @@ haproxy:
        - "content accept if serverhello"
      stickons:
        - "payload_lv(43,1) if clienthello"
-      reqrep:
-        - "^([^\ :]*)\ /static/(.*)	\1\ \2"
+      reqreps:
+        - '^([^\ :]*)\ /static/(.*)	\1\ \2'
      options: "ssl-hello-chk"
Author	SHA1	Message	Date
Niels Abspoel	654fedfeab	Merge pull request #72 from mymasse/feature/fix_override Fix service state when override are used	2018-03-23 09:22:22 +01:00
Mathieu Masse	dafe8fd6a5	Fix service state when override are used Service.running now uses correct require pkg id if haproxy.lookup.package is used Service.dead now uses correct name when haproxy.lookup.service is used	2018-03-22 20:43:25 -04:00
N	1cbdd4cb79	Merge pull request #69 from daks/map.jinja Switching to map.jinja to define platform specific values	2017-12-13 22:30:14 +00:00
Eric Veiras Galisson	6493d24ad3	info in pillar.example about old and new setting for conf file path	2017-11-06 16:58:30 +01:00
Eric Veiras Galisson	752c3e5641	moving specific FreeBSD code to map.jinja, updating pillar.example	2017-10-31 14:42:20 +01:00
Eric Veiras Galisson	2b83ca0860	refactoring code to use map.jinja for config values at the moment only Debian managed, FreeBSD exception still in state	2017-10-31 14:41:54 +01:00
John Keates	0e697c67c9	Merge pull request #68 from stenstad/master Add timeouts handling to backend section of template.	2017-10-11 16:05:23 +02:00
Dag Stenstad	5a1d62f9ac	Add timeouts handling to backend section of template.	2017-10-11 15:55:03 +02:00
John Keates	2f2feec25e	Merge pull request #65 from kungfu71186/patch-1 Update pillar.example	2017-08-25 17:30:44 +02:00
John Keates	40c7ac8c70	Merge pull request #50 from hoonetorg/feature/modular_log allow to set arbitrary log options in global	2017-08-25 17:29:28 +02:00
John Keates	1c29ef813d	Merge pull request #67 from KerkhoffTechnologies/frontend_add_timeouts Add timeouts handling to frontend section of template	2017-06-21 21:54:57 +02:00
KTI - Richard Clark	2f2e0deca6	Add timeouts handling to frontent. Was only in listen	2017-06-21 21:38:08 +02:00
kungfu71186	2d74c71933	Update pillar.example reqrep should be reqreps and the string is not properly escaped, causes issues when compiling	2017-05-24 16:10:23 -04:00
Niels Abspoel	d815b4615a	Merge pull request #63 from Deltik/master Fix listens "extra"	2017-01-20 23:05:33 +01:00
Nick Liu	4abfac0eec	Fixed line break issue if listens.extra is a list	2017-01-20 07:42:33 -06:00
Nick Liu	7d4313aaf8	Fixed typo "listerner" => "listener"	2017-01-20 07:37:08 -06:00
Forrest	f4ce186b37	Merge pull request #61 from davidwalter0/patch-1 update haproxy.jinja : spelling correction listner	2016-09-29 10:01:03 -07:00
davidwalter0	44ec6ddfb5	update haproxy.jinja : spelling correction listner	2016-09-28 20:38:29 -04:00
Forrest	39390e8618	Merge pull request #59 from mikesager/fix_backend_extra_trimming haproxy.jinja bugfix: backend.extra array trimming	2016-09-17 12:04:48 -07:00
Mike Sager	991a502636	Fixed bug in haproxy.jinja that put all 'extra' lines from an extra array on the same line in the config	2016-09-16 21:41:52 -07:00
Forrest	d8d86caa45	Merge pull request #58 from cathode911/master added mode selection for stats socket in global definitions	2016-08-11 09:21:29 -07:00
Andrew Repulo	e7cddfe0e2	added mode selection for stats socket in global definitions	2016-08-11 18:49:06 +03:00
Forrest	b69c7edebd	Merge pull request #56 from grobinson-blockchain/master Support optional overwrite of existing configuration files	2016-06-29 09:52:58 -07:00
George Robinson	4e5f7632b9	Add overwrite option to pillar.example	2016-06-29 17:40:24 +01:00
George Robinson	32a732a8c6	Fix test to use config-file-path from pillar	2016-06-29 17:39:37 +01:00
George Robinson	df3aeb1e4c	Support disable overwrite of existing haproxy config file	2016-06-29 11:21:42 +01:00
abednarik	0a550b89b9	Add support for maxconn per server in haproxy configuration.	2016-06-29 11:21:42 +01:00
Forrest	dfd7468718	Merge pull request #55 from abednarik/abednarik_maxconn_per_server Add support for maxconn per server in haproxy configuration.	2016-06-17 13:25:14 -07:00
abednarik	533f275d08	Add support for maxconn per server in haproxy configuration.	2016-06-17 17:18:48 -03:00
Forrest	1b7e1794ef	Merge pull request #54 from sbraverman/brave-1 Simplifies jinja logic and removes extra lines	2016-06-16 17:36:10 -07:00
Steven Braverman	aeb1844e2f	Simplifies jinja logic and removes extra lines	2016-06-16 17:25:32 -07:00
Forrest	4586aea25c	Merge pull request #53 from abednarik/abednarik_freebsd_suppoprt Updated group wheel when os_family is FreeBSD.	2016-06-07 12:16:17 -07:00
abednarik	17c9373098	Updated group wheel when os_family is FreeBSD.	2016-06-07 16:06:56 -03:00
Forrest	52a4e1a0a2	Merge pull request #52 from mmh/feature/allow_custom_options allow custom options using "extra"	2016-06-02 10:22:19 -07:00
Morten M. Hansen	822db0e338	allow custom options using "extra"	2016-06-01 21:14:12 +02:00
hoonetorg	cbcb50ad84	allow to set arbitrary log options in global	2016-04-07 21:17:37 +02:00