# HAProxy configuration # # **** DO NOT EDIT THIS FILE **** # # This file is managed by Salt. # Any changes will be overwritten. #--------------------------------------------------------------------- # Global settings #--------------------------------------------------------------------- global log /dev/log local0 log /dev/log local1 notice user {{ salt['pillar.get']('haproxy:global:user', 'haproxy') }} group {{ salt['pillar.get']('haproxy:global:group', 'haproxy') }} {%- if salt['pillar.get']('haproxy:global:chroot:enable', 'no') == True %} chroot {{ salt['pillar.get']('haproxy:global:chroot:path', '/tmp') }} {%- endif -%} {% if salt['pillar.get']('haproxy:global:daemon', 'no') == True %} daemon {% endif %} {%- if salt['pillar.get']('haproxy:global:stats:enable', 'no') == True %} # Stats support is currently limited to socket mode stats socket {{ salt['pillar.get']('haproxy:global:stats:socketpath', '/tmp/ha_stats.sock') }} {% endif %} # TODO: Make the following configurable from pillar ssl-default-bind-options no-sslv3 no-tls-tickets force-tlsv12 ssl-default-bind-ciphers AES128+EECDH:AES128+EDH tune.ssl.default-dh-param 2048 {%- for id, userlist in salt['pillar.get']('haproxy:userlists', {}).iteritems() %} userlist {{ id }} {%- for id, entry in userlist.iteritems() %} {%- if id == "groups" %} {%- for group in entry.iteritems() %} group {{ group[0] }} {{ group[1] }} {%- endfor %} {% endif %} {%- if id == "users" %} {%- for user in entry.iteritems() %} user {{ user[0] }} {{ user[1] }} {%- endfor %} {% endif %} {%- endfor %} {% endfor %} #--------------------------------------------------------------------- # common defaults that all the 'listen' and 'backend' sections will # use if not designated in their block #--------------------------------------------------------------------- defaults log {{ salt['pillar.get']('haproxy:defaults:log') }} mode {{ salt['pillar.get']('haproxy:defaults:mode') }} retries {{ salt['pillar.get']('haproxy:defaults:retries') }} # options {%- if 'options' in salt['pillar.get']('haproxy:defaults', {}) %} {%- for option in salt['pillar.get']('haproxy:defaults:options') %} option {{ option }} {%- endfor %} {% endif %} # timeouts {%- if 'timeouts' in salt['pillar.get']('haproxy:defaults', {}) %} {%- for timeout in salt['pillar.get']('haproxy:defaults:timeouts') %} timeout {{ timeout }} {%- endfor %} {% endif %} # errorfiles {%- if 'errorfiles' in salt['pillar.get']('haproxy:defaults', {}) %} {%- for errorfile in salt['pillar.get']('haproxy:defaults:errorfiles').iteritems() %} errorfile {{ errorfile[0] }} {{ errorfile[1] }} {%- endfor %} {% endif %} #--------------------------------------------------------------------- # frontend instances #--------------------------------------------------------------------- {%- if 'frontends' in salt['pillar.get']('haproxy', {}) %} {%- for frontend in salt['pillar.get']('haproxy:frontends', {}).iteritems() %} frontend {{ frontend[1].name }} bind {{ frontend[1].bind }} # frontend redirects {%- if 'redirects' in frontend[1] %} {%- for front_redirect in frontend[1].redirects %} redirect {{ front_redirect }} {% endfor %} {%- endif %} # frontend acls {%- if 'acls' in frontend[1] %} {%- for acl in frontend[1].acls %} acl {{ acl }} {%- endfor %} {%- endif %} # frontend http-requests {%- if 'http_requests' in frontend[1] %} {%- for http_request in frontend[1].http_requests %} http-request {{ http_request }} {% endfor %} {%- endif %} # frontend reqadds {%- if 'reqadd' in frontend[1] %} {%- for reqadd in frontend[1].reqadd %} reqadd {{ reqadd }} {%- endfor %} {%- endif %} # backend targets default_backend {{ frontend[1].default_backend }} {%-if 'use_backends' in frontend[1] -%} {%- for use_backend in frontend[1].use_backends %} use_backend {{ use_backend }} {% endfor %} {%- endif %} {% endfor %} {%- endif %} #--------------------------------------------------------------------- # backend instances #--------------------------------------------------------------------- {%- if 'backends' in salt['pillar.get']('haproxy', {}) %} {%- for backend in salt['pillar.get']('haproxy:backends', {}).iteritems() %} # Backend loop start backend {{ backend[1].name }} {%- if 'redirects' in backend[1] %} {%- for redirect in backend[1].redirects %} # Redirect loop start redirect {{ redirect }}{% endfor %} {%- endif %} {%- if 'http_requests' in backend[1] %} {%- for http_request in backend[1].http_requests %} http-request {{ http_request }} {% endfor %} {%- endif %} {%- if 'acls' in backend[1] %} {%- for acl in backend[1].acls %} acl {{ acl }} {%- endfor %} {%- endif %} balance {{ backend[1].balance }} {%- if 'options' in backend[1] %} {%- for option in backend[1].options %} option {{ option }} {%- endfor %} {%- endif %} {%- if 'cookie' in backend[1] %} cookie {{ backend[1].cookie }} {%- endif %} {%- if 'stats' in backend[1] %} {%- for option, value in backend[1].stats.iteritems() %} {%- if option == 'enable' and value %} stats enable {%- else %} stats {{ option }} {{ value }} {%- endif %} {%- endfor %} {%- endif %} {%- if 'servers' in backend[1] %} {%- for server in backend[1].servers.iteritems() %} server {{ server[1].name }} {{ server[1].host }}:{{ server[1].port }} {{ server[1].check }}{% endfor %} {% endif %} {% endfor %} # Backend loop end {% endif %}