# HAProxy configuration # # **** DO NOT EDIT THIS FILE **** # # This file is managed by Salt. # Any changes will be overwritten. {%- macro render_list_of_dictionaries(name, list, indent = ' ', infix = ' ', postfix = '\t') %} {%- if list is not iterable or list is string %} {{ indent ~ name ~ postfix ~ list }} {%- else %}{% for item in list %} {%- if item is not iterable or item is string %} {{ indent ~ name ~ postfix ~ item }} {%- else %}{% for key, value in item.items() %} {{- render_list_of_dictionaries(indent ~ name ~ infix ~ key, value, '', infix, postfix) }} {%- endfor %} {%- endif %} {%- endfor %} {%- endif %} {%- endmacro %} #------------------ # Global settings #------------------ global log /dev/log local0 log /dev/log local1 notice user {{ salt['pillar.get']('haproxy:global:user', 'haproxy') }} group {{ salt['pillar.get']('haproxy:global:group', 'haproxy') }} {%- if salt['pillar.get']('haproxy:global:chroot:enable', 'no') == True %} chroot {{ salt['pillar.get']('haproxy:global:chroot:path', '/tmp') }} {%- endif %} {%- if salt['pillar.get']('haproxy:global:daemon', 'no') == True %} daemon {%- endif %} {%- if salt['pillar.get']('haproxy:global:stats:enable', 'no') == True %} stats socket {{ salt['pillar.get']('haproxy:global:stats:socketpath', '/tmp/ha_stats.sock') }} mode {{ salt['pillar.get']('haproxy:global:stats:mode', '660') }} level {{ salt['pillar.get']('haproxy:global:stats:level', 'operator') }} {%- endif %} {%- if 'maxconn' in salt['pillar.get']('haproxy:global', {}) %} maxconn {{ salt['pillar.get']('haproxy:global:maxconn') }} {%- endif %} {%- if 'maxpipes' in salt['pillar.get']('haproxy:global', {}) %} maxpipes {{ salt['pillar.get']('haproxy:global:maxpipes') }} {%- endif %} {%- if 'spreadchecks' in salt['pillar.get']('haproxy:global', {}) %} spread-checks {{ salt['pillar.get']('haproxy:global:spreadchecks') }} {%- endif %} {%- if 'tune' in salt['pillar.get']('haproxy:global', {}) %} {{- render_list_of_dictionaries('tune', salt['pillar.get']('haproxy:global:tune'), ' ','.') }} {%- endif %} {%- if 'tune.ssl.default-dh-param' in salt['pillar.get']('haproxy:global', {}) %} {{- render_list_of_dictionaries('tune.ssl.default-dh-param', salt['pillar.get']('haproxy:global:tune.ssl.default-dh-param'), ' ','.') }} {%- endif %} {%- if 'ca-base' in salt['pillar.get']('haproxy:global', {}) %} {{- render_list_of_dictionaries('ca-base', salt['pillar.get']('haproxy:global:ca-base'), ' ','.') }} {%- endif %} {%- if 'crt-base' in salt['pillar.get']('haproxy:global', {}) %} {{- render_list_of_dictionaries('crt-base', salt['pillar.get']('haproxy:global:crt-base'), ' ','.') }} {%- endif %} {%- if 'ssl-default-bind-ciphers' in salt['pillar.get']('haproxy:global', {}) %} {{- render_list_of_dictionaries('ssl-default-bind-ciphers', salt['pillar.get']('haproxy:global:ssl-default-bind-ciphers')) }} {%- endif %} {%- if 'ssl-default-bind-options' in salt['pillar.get']('haproxy:global', {}) %} {{- render_list_of_dictionaries('ssl-default-bind-options', salt['pillar.get']('haproxy:global:ssl-default-bind-options')) }} {%- endif %} {%- if 'extra' in salt['pillar.get']('haproxy:global', {}) %} {%- if salt['pillar.get']('haproxy:global:extra', {}) is string %} {{ salt['pillar.get']('haproxy:global:extra') }} {%- else %} {%- for line in salt['pillar.get']('haproxy:global:extra') %} {{ line }} {%- endfor %} {%- endif %} {%- endif %} {%- for id, userlist in salt['pillar.get']('haproxy:userlists', {})|dictsort %} #------------------ # Global Userlists #------------------ userlist {{ id }} {%- for id, entry in userlist|dictsort %} {%- if id == "groups" %} {%- for group_name, group in entry|dictsort %} group {{ group_name }} {{ group }} {%- endfor %} {% endif %} {%- if id == "users" %} {%- for user_name, user in entry|dictsort %} user {{ user_name }} {{ user }} {%- endfor %} {% endif %} {%- endfor %} {% endfor %} #------------------ # common defaults that all the 'listen' and 'backend' sections will # use- if not designated in their block #------------------ defaults log {{ salt['pillar.get']('haproxy:defaults:log', 'global') }} {%- if 'mode' in salt['pillar.get']('haproxy:defaults', {}) %} mode {{ salt['pillar.get']('haproxy:defaults:mode', 'http') }} {%- endif %} {%- if 'retries' in salt['pillar.get']('haproxy:defaults', {}) %} retries {{ salt['pillar.get']('haproxy:defaults:retries', '3') }} {%- endif %} {%- if 'balance' in salt['pillar.get']('haproxy:defaults', {}) %} balance {{ salt['pillar.get']('haproxy:defaults:balance', 'roundrobin') }} {%- endif %} {%- if 'monitoruri' in salt['pillar.get']('haproxy:defaults', {}) %} monitor-uri {{ salt['pillar.get']('haproxy:defaults:monitoruri') }} {%- endif %} {%- if 'hashtype' in salt['pillar.get']('haproxy:defaults', {}) %} hash-type {{ salt['pillar.get']('haproxy:defaults:hashtype', 'map-based') }} {%- endif %} {%- if 'options' in salt['pillar.get']('haproxy:defaults', {}) -%} {{- render_list_of_dictionaries('option', salt['pillar.get']('haproxy:defaults:options')) }} {%- endif %} {%- if 'logformat' in salt['pillar.get']('haproxy:defaults', {}) %} log-format {{ salt['pillar.get']('haproxy:defaults:logformat') }} {%- endif %} {%- if 'maxconn' in salt['pillar.get']('haproxy:defaults', {}) %} maxconn {{ salt['pillar.get']('haproxy:defaults:maxconn') }} {%- endif %} {%- if 'timeouts' in salt['pillar.get']('haproxy:defaults', {}) %} {%- for timeout in salt['pillar.get']('haproxy:defaults:timeouts') %} timeout {{ timeout }} {%- endfor %} {%- else %} timeout client 1m timeout connect 10s timeout server 1m {%- endif %} {%- if 'stats' in salt['pillar.get']('haproxy:defaults', {}) -%} {{ render_list_of_dictionaries('stats', salt['pillar.get']('haproxy:defaults:stats')) }} {%- endif %} {%- if 'extra' in salt['pillar.get']('haproxy:defaults', {}) %} {%- if salt['pillar.get']('haproxy:defaults:extra', {}) is string %} {{ salt['pillar.get']('haproxy:defaults:extra') }} {%- else %} {%- for line in salt['pillar.get']('haproxy:defaults:extra') %} {{ line }} {%- endfor %} {%- endif %} {%- endif %} {%- if 'errorfiles' in salt['pillar.get']('haproxy:defaults', {}) %} {%- for errorfile_name, errorfile in salt['pillar.get']('haproxy:defaults:errorfiles')|dictsort %} errorfile {{ errorfile_name }} {{ errorfile }} {%- endfor %} {% endif %} {%- if salt['pillar.get']('haproxy:resolvers') %} #------------------ # DNS resolvers #------------------ {%- for resolver_name, resolver in salt['pillar.get']('haproxy:resolvers', {})|dictsort %} resolvers {{ resolver_name }} {%- if 'options' in resolver %} {%- for option in resolver.options %} {{ option }} {%- endfor %} {%- endif %} {%- endfor %} {%- endif %} {%- if 'listens' in salt['pillar.get']('haproxy', {}) %} #------------------ # listen instances #------------------ {%- for listener_name, listener in salt['pillar.get']('haproxy:listens', {})|dictsort %} listen {{ listener.get('name', listener_name) }} {%- if 'bind' in listener %} {%- if listener.bind is string %} bind {{ listener.bind }} {%- else %} {%- for socket in listener.bind %} bind {{ socket }} {%- endfor %} {%- endif %} {%- endif %} {%- if 'log' in listener %} log {{ listener.log }} {%- endif %} {%- if 'mode' in listener %} mode {{ listener.mode }} {%- endif %} {%- if 'hashtype' in listener %} hash-type {{ listener.hashtype }} {%- endif %} {%- if 'logformat' in listener %} log-format {{ listener.logformat }} {%- endif %} {%- if 'uniqueidformat' in listener %} unique-id-format {{ listener.uniqueidformat }} {%- endif %} {%- if 'uniqueidheader' in listener %} unique-id-header {{ listener.uniqueidheader }} {%- endif %} {%- if 'sticktable' in listener %} stick-table {{ listener.sticktable }} {%- endif %} {%- if 'captures' in listener %} {%- if listener.captures is string %} capture {{ listener.captures }} {%- else %} {%- for capture in listener.captures %} capture {{ capture }} {%- endfor %} {%- endif %} {%- endif %} {%- if 'acls' in listener %} {%- if listener.acls is string %} acl {{ listener.acls }} {%- else %} {%- for acl in listener.acls %} acl {{ acl }} {%- endfor %} {%- endif %} {%- endif %} {%- if 'monitoruri' in listener %} monitor-uri {{ listener.monitoruri }} {%- endif %} {%- if 'monitor' in listener %} monitor {{ listener.monitor }} {%- endif %} {%- if 'tcprequests' in listener %} {%- if listener.tcprequests is string %} tcp-request {{ listner.tcprequests }} {%- else %} {%- for tcprequest in listener.tcprequests %} tcp-request {{ tcprequest }} {%- endfor %} {%- endif %} {%- endif %} {%- if 'tcpresponses' in listener %} {%- if listener.tcpresponses is string %} tcp-response {{ listener.tcpresponses }} {%- else %} {%- for tcpresponse in listener.tcpresponses %} tcp-response {{ tcpresponse }} {%- endfor %} {%- endif %} {%- endif %} {%- if 'httprequests' in listener %} {%- if listener.httprequests is string %} http-request {{ listener.httprequests }} {%- else %} {%- for httprequest in listener.httprequests %} http-request {{ httprequest }} {%- endfor %} {%- endif %} {%- endif %} {%- if 'httpcheck' in listener %} {%- if listener.httpcheck is string %} http-check {{ listener.httpcheck }} {%- endif %} {%- endif %} {%- if 'reqadds' in listener %} {%- if listener.reqadds is string %} reqadd {{ listener.reqadds }} {%- else %} {%- for reqadd in listener.reqadds %} reqadd {{ reqadd }} {%- endfor %} {%- endif %} {%- endif %} {%- if 'redirects' in listener %} {%- if listener.redirects is string %} redirect {{ listener.redirects }} {%- else %} {%- for redirect in listener.redirects %} redirect {{ redirect }} {%- endfor %} {%- endif %} {%- endif %} {%- if 'stickons' in listener %} {%- if listener.stickons is string %} stick on {{ listener.stickons }} {%- else %} {%- for stickon in listener.stickons %} stick on {{ stickon }} {%- endfor %} {%- endif %} {%- endif %} {%- if 'default_backend' in listener %} default_backend {{ listener.default_backend }} {%- endif %} {%- if 'use_backends' in listener %} {%- if listener.use_backends is string %} use_backend {{ listener.use_backends }} {%- else %} {%- for use_backend in listener.use_backends %} use_backend {{ use_backend }} {%- endfor %} {%- endif %} {%- endif %} {%- if 'balance' in listener %} balance {{ listener.balance }} {%- endif %} {%- if 'maxconn' in listener %} maxconn {{ listener.maxconn }} {%- endif %} {%- if 'timeouts' in listener %} {%- for timeout in listener.timeouts %} timeout {{ timeout }} {%- endfor %} {%- endif %} {%- if 'options' in listener %} {%- if listener.options is string %} option {{ listener.options }} {%- else %} {%- for option in listener.options %} option {{ option }} {%- endfor %} {%- endif %} {%- endif %} {%- if 'cookie' in listener %} cookie {{ listener.cookie }} {%- endif %} {%- if 'stats' in listener %} {%- for option, value in listener.stats|dictsort %} {%- if option == 'enable' and value %} stats enable {%- else %} stats {{ option }} {{ value }} {%- endif %} {%- endfor %} {%- endif %} {%- if 'appsession' in listener %} {%- if listener.appsession is string %} appsession {{ listener.appsession }} {%- else %} appsession {%- for option in listener.appsession %} {{ option }} {%- endfor %} {%- endif %} {%- endif %} {%- if 'extra' in listener %} {%- if listener.extra is string %} {{ listener.extra }} {%- else %} {%- for line in listerner.extra %} {{ line }} {%- endfor %} {%- endif %} {%- endif %} {%- if 'defaultserver' in listener %} default-server {%- for option, value in listener.defaultserver|dictsort %} {{ ' '.join((option, value|string, '')) }} {%- endfor %} {%- endif %} {%- if 'servers' in listener %} {%- for server_name, server in listener.servers|dictsort %} server {{ server.get('name', server_name) }} {{ server.host }}{% if 'port' in server %}:{{ server.port }}{% endif %} {% if 'maxconn' in server %} maxconn {{ server.maxconn }}{% endif %} {{ server.get('check', '') }} {{ server.get('extra', '') }} {%- endfor %} {%- endif %} {% endfor %} {% endif %} {%- if 'frontends' in salt['pillar.get']('haproxy', {}) %} #------------------ # frontend instances #------------------ {%- for frontend_name, frontend in salt['pillar.get']('haproxy:frontends', {})|dictsort %} frontend {{ frontend.get('name', frontend_name) }} {%- if 'bind' in frontend %} {{- render_list_of_dictionaries('bind', frontend.bind) }} {%- endif %} {%- if 'log' in frontend %} log {{ frontend.log }} {%- endif %} {%- if 'logformat' in frontend %} log-format {{ frontend.logformat }} {%- endif %} {%- if 'mode' in frontend %} mode {{ frontend.mode }} {%- endif %} {%- if 'maxconn' in frontend %} maxconn {{ frontend.maxconn }} {%- endif %} {%- if 'options' in frontend %} {{- render_list_of_dictionaries('option', frontend.options) }} {%- endif %} {%- if 'uniqueidformat' in frontend %} unique-id-format {{ frontend.uniqueidformat }} {%- endif %} {%- if 'uniqueidheader' in frontend %} unique-id-header {{ frontend.uniqueidheader }} {%- endif %} {%- if 'sticktable' in frontend %} stick-table {{ frontend.sticktable }} {%- endif %} {%- if 'captures' in frontend %} {{- render_list_of_dictionaries('capture', frontend.captures) }} {%- endif %} {%- if 'acls' in frontend %} {{- render_list_of_dictionaries('acl', frontend.acls) }} {%- endif %} {%- if 'blocks' in frontend %} {{- render_list_of_dictionaries('block', frontend.blocks) }} {%- endif %} {%- if 'monitoruri' in frontend %} monitor-uri {{ frontend.monitoruri }} {%- endif %} {%- if 'monitor' in frontend %} monitor {{ frontend.monitor }} {%- endif %} {%- if 'tcprequests' in frontend %} {{- render_list_of_dictionaries('tcp-request', frontend.tcprequests) }} {%- endif %} {%- if 'tcpresponses' in frontend %} {{- render_list_of_dictionaries('tcp-response', frontend.tcpresponses) }} {%- endif %} {%- if 'httprequests' in frontend %} {{- render_list_of_dictionaries('http-request', frontend.httprequests) }} {%- endif %} {%- if 'httpresponses' in frontend %} {{- render_list_of_dictionaries('http-response', frontend.httpresponses) }} {%- endif %} {%- if 'rspadds' in frontend %} {{- render_list_of_dictionaries('rspadd', frontend.rspadds) }} {%- endif %} {%- if 'reqreps' in frontend %} {{- render_list_of_dictionaries('reqrep', frontend.reqreps) }} {%- endif %} {%- if 'reqadds' in frontend %} {{- render_list_of_dictionaries('reqadd', frontend.reqadds) }} {%- endif %} {%- if 'redirects' in frontend %} {{- render_list_of_dictionaries('redirect', frontend.redirects) }} {%- endif %} {%- if 'stickons' in frontend %} {{- render_list_of_dictionaries('stickon', frontend.stickons) }} {%- endif %} {%- if 'extra' in frontend %} {%- if frontend.extra is string %} {{ frontend.extra }} {%- else %} {%- for line in frontend.extra %} {{ line }} {%- endfor %} {%- endif %} {%- endif %} {%- if 'default_backend' in frontend %} default_backend {{ frontend.default_backend }} {%- endif %} {%- if 'use_backends' in frontend %} {{- render_list_of_dictionaries('use_backend', frontend.use_backends) }} {%- endif %} {% endfor %} {% endif %} {%- if 'backends' in salt['pillar.get']('haproxy', {}) %} #------------------ # backend instances #------------------ {%- for backend_name, backend in salt['pillar.get']('haproxy:backends', {})|dictsort %} backend {{ backend.get('name', backend_name) }} {%- if 'mode' in backend %} mode {{ backend.mode }} {%- endif %} {%- if 'hashtype' in backend %} hash-type {{ backend.hashtype }} {%- endif %} {%- if 'balance' in backend %} balance {{ backend.balance }} {%- endif %} {%- if 'options' in backend %} {%- if backend.options is string %} option {{ backend.options }} {%- else %} {%- for option in backend.options %} option {{ option }} {%- endfor %} {%- endif %} {%- endif %} {%- if 'sticktable' in backend %} stick-table {{ backend.sticktable }} {%- endif %} {%- if 'acls' in backend %} {{- render_list_of_dictionaries('acl', backend.acls) }} {%- endif %} {%- if 'tcprequests' in backend %} {%- if backend.tcprequests is string %} tcp-request {{ backend.tcprequests }} {%- else %} {%- for tcprequest in backend.tcprequests %} tcp-request {{ tcprequest }} {%- endfor %} {%- endif %} {%- endif %} {%- if 'tcpresponses' in backend %} {%- if backend.tcpresponses is string %} tcp-response {{ backend.tcpresponses }} {%- else %} {%- for tcpresponse in backend.tcpresponses %} tcp-response {{ tcpresponse }} {%- endfor %} {%- endif %} {%- endif %} {%- if 'httprequests' in backend %} {%- if backend.httprequests is string %} http-request {{ backend.httprequests }} {%- else %} {%- for httprequest in backend.httprequests %} http-request {{ httprequest }} {%- endfor %} {%- endif %} {%- endif %} {%- if 'httpcheck' in backend %} {%- if backend.httpcheck is string %} http-check {{ backend.httpcheck }} {%- endif %} {%- endif %} {%- if 'redirects' in backend %} {%- if backend.redirects is string %} redirect {{ backend.redirects }} {%- else %} {%- for redirect in backend.redirects %} redirect {{ redirect }} {%- endfor %} {%- endif %} {%- endif %} {%- if 'stickons' in backend %} {%- if backend.stickons is string %} stick on {{ backend.stickons }} {%- else %} {%- for stickon in backend.stickons %} stick on {{ stickon }} {%- endfor %} {%- endif %} {%- endif %} {%- if 'cookie' in backend %} cookie {{ backend.cookie }} {%- endif %} {%- if 'stats' in backend %} {%- for option, value in backend.stats|dictsort %} {%- if option == 'enable' and value %} stats enable {%- else %} stats {{ option }} {{ value }} {%- endif %} {%- endfor %} {%- endif %} {%- if 'appsession' in backend %} {%- if backend.appsession is string %} appsession {{ backend.appsession }} {%- else %} appsession {%- for option in backend.appsession %} {{ option }} {%- endfor %} {%- endif %} {%- endif %} {%- if 'reqreps' in backend %} {{- render_list_of_dictionaries('reqrep', backend.reqreps) }} {%- endif %} {%- if 'extra' in backend %} {%- if backend.extra is string %} {{ backend.extra }} {%- else %} {%- for line in backend.extra %} {{ line }} {%- endfor %} {%- endif %} {%- endif %} {%- if 'defaultserver' in backend %} default-server {%- for option, value in backend.defaultserver|dictsort %} {{ ' '.join((option, value|string, '')) }} {%- endfor %} {%- endif %} {%- if 'servers' in backend %} {%- for server_name, server in backend.servers|dictsort %} server {{ server.get('name', server_name) }} {{ server.host }}{% if 'port' in server %}:{{ server.port }}{% endif %} {{ server.get('check', '') }} {{ server.get('extra', '') }} {%- endfor %} {%- endif %} {% endfor %} {%- endif %}