# HAProxy configuration
# This file is managed by Salt.
# Any changes will be overwritten.
# Global settings
log /dev/log local0
log /dev/log local1 notice
user {{ salt['pillar.get']('haproxy:global:user', 'haproxy') }}
group {{ salt['pillar.get']('haproxy:global:group', 'haproxy') }}
{%- if salt['pillar.get']('haproxy:global:chroot:enable', 'no') == True %}
chroot {{ salt['pillar.get']('haproxy:global:chroot:path', '/tmp') }}
{%- endif -%}
{% if salt['pillar.get']('haproxy:global:daemon', 'no') == True %}
{% endif %}
{%- if salt['pillar.get']('haproxy:global:stats:enable', 'no') == True %}
# Stats support is currently limited to socket mode
stats socket {{ salt['pillar.get']('haproxy:global:stats:socketpath', '/tmp/ha_stats.sock') }}
{% endif %}
# TODO: Make the following configurable from pillar
ssl-default-bind-options no-sslv3 no-tls-tickets force-tlsv12
ssl-default-bind-ciphers AES128+EECDH:AES128+EDH
tune.ssl.default-dh-param 2048
{%- for id, userlist in salt['pillar.get']('haproxy:userlists', {}).iteritems() %}
userlist {{ id }}
{%- for id, entry in userlist.iteritems() %}
{%- if id == "groups" %}
{%- for group in entry.iteritems() %}
group {{ group[0] }} {{ group[1] }}
{%- endfor %}
{% endif %}
{%- if id == "users" %}
{%- for user in entry.iteritems() %}
user {{ user[0] }} {{ user[1] }}
{%- endfor %}
{% endif %}
{%- endfor %}
{% endfor %}
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
log {{ salt['pillar.get']('haproxy:defaults:log') }}
mode {{ salt['pillar.get']('haproxy:defaults:mode') }}
retries {{ salt['pillar.get']('haproxy:defaults:retries') }}
# options
{%- if 'options' in salt['pillar.get']('haproxy:defaults', {}) %}
{%- for option in salt['pillar.get']('haproxy:defaults:options') %}
option {{ option }}
{%- endfor %}
{% endif %}
# timeouts
{%- if 'timeouts' in salt['pillar.get']('haproxy:defaults', {}) %}
{%- for timeout in salt['pillar.get']('haproxy:defaults:timeouts') %}
timeout {{ timeout }}
{%- endfor %}
{% endif %}
# errorfiles
{%- if 'errorfiles' in salt['pillar.get']('haproxy:defaults', {}) %}
{%- for errorfile in salt['pillar.get']('haproxy:defaults:errorfiles').iteritems() %}
errorfile {{ errorfile[0] }} {{ errorfile[1] }}
{%- endfor %}
{% endif %}
# frontend instances
{%- if 'frontends' in salt['pillar.get']('haproxy', {}) %}
{%- for frontend in salt['pillar.get']('haproxy:frontends', {}).iteritems() %}
frontend {{ frontend[1].name }}
bind {{ frontend[1].bind }}
# frontend redirects
{%- if 'redirects' in frontend[1] %}
{%- for front_redirect in frontend[1].redirects %}
redirect {{ front_redirect }}
{% endfor %}
{%- endif %}
# frontend acls
{%- if 'acls' in frontend[1] %}
{%- for acl in frontend[1].acls %}
acl {{ acl }}
{%- endfor %}
{%- endif %}
# frontend http-requests
{%- if 'http_requests' in frontend[1] %}
{%- for http_request in frontend[1].http_requests %}
http-request {{ http_request }}
{% endfor %}
{%- endif %}
# frontend reqadds
{%- if 'reqadd' in frontend[1] %}
{%- for reqadd in frontend[1].reqadd %}
reqadd {{ reqadd }}
{%- endfor %}
{%- endif %}
# frontend http-responses
{%- if 'http-responses' in frontend[1] %}
{%- for http_response in frontend[1].http_responses %}
http-response {{ http_response }}
{% endfor %}
{%- endif %}
# frontend rspadds
{%- if 'rspadd' in frontend[1] %}
{%- for rspadd in frontend[1].rspadd %}
rspadd {{ rspadd }}
{%- endfor %}
{%- endif %}
# frontend captures
{%- if 'captures' in frontend[1] %}
{%- for capture in frontend[1].captures %}
capture {{ capture }}
{%- endfor %}
{%- endif %}
# backend targets
default_backend {{ frontend[1].default_backend }}
{%-if 'use_backends' in frontend[1] -%}
{%- for use_backend in frontend[1].use_backends %}
use_backend {{ use_backend }}
{% endfor %}
{%- endif %}
{% endfor %}
{%- endif %}
# backend instances
{%- if 'backends' in salt['pillar.get']('haproxy', {}) %}
{%- for backend in salt['pillar.get']('haproxy:backends', {}).iteritems() %} # Backend loop start
backend {{ backend[1].name }}
{%- if 'redirects' in backend[1] %}
{%- for redirect in backend[1].redirects %} # Redirect loop start
redirect {{ redirect }}{% endfor %}
{%- endif %}
{%- if 'http_requests' in backend[1] %}
{%- for http_request in backend[1].http_requests %}
http-request {{ http_request }}
{% endfor %}
{%- endif %}
{%- if 'acls' in backend[1] %}
{%- for acl in backend[1].acls %}
acl {{ acl }}
{%- endfor %}
{%- endif %}
balance {{ backend[1].balance }}
{%- if 'options' in backend[1] %}
{%- for option in backend[1].options %}
option {{ option }}
{%- endfor %}
{%- endif %}
{%- if 'cookie' in backend[1] %}
cookie {{ backend[1].cookie }}
{%- endif %}
{%- if 'stats' in backend[1] %}
{%- for option, value in backend[1].stats.iteritems() %}
{%- if option == 'enable' and value %}
stats enable
{%- else %}
stats {{ option }} {{ value }}
{%- endif %}
{%- endfor %}
{%- endif %}
{%- if 'servers' in backend[1] %}
{%- for server in backend[1].servers.iteritems() %}
server {{ server[1].name }} {{ server[1].host }}:{{ server[1].port }} {{ server[1].check }}{% endfor %}
{% endif %}
{% endfor %} # Backend loop end
{% endif %}