Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / haproxy / 11926633f8268821d855b4583ab1b550a73f3318 / . / haproxy / files / haproxy.cfg
blob: 990f01c32c7c1a880623e7822bc15ad7305edb60 [file] [log] [blame]
{%- from "haproxy/map.jinja" import proxy with context -%}
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket {{ proxy.stats_socket }} mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
pidfile /var/run/haproxy.pid
spread-checks 4
tune.maxrewrite 1024
tune.bufsize 32768
maxconn 16000
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3
defaults
log global
mode http
maxconn 8000
{#
timeout connect {{ proxy.get('connect_timeout', '5000') }}ms
timeout client {{ proxy.get('client_timeout', '50000ms') }}ms
timeout server {{ proxy.get('server_timeout', '50000ms') }}ms
#}
option redispatch
retries 3
stats enable
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout check 10s
{%- if proxy.listen.admin_page is defined and proxy.listen.admin_page.user is defined %}
userlist STATSUSERS
group admin users admin
user {{ proxy.listen.admin_page.user }} insecure-password {{ proxy.listen.admin_page.password }}
user stats insecure-password {{ proxy.listen.admin_page.password }}
{#
{%- for listen_name, listen in proxy.get('listen', {}).iteritems() %}
{%- if listen.user is defined %}
user {{ listen.user }} insecure-password {{ listen.password }}
{%- endif %}
{%- endfor %}
#}
{%- endif %}
{%- for listen_name, listen in proxy.get('listen', {}).iteritems() %}
{%- if listen.get('format', 'listen') == 'listen' %}
listen {{ listen_name }}
{%- for bind in listen.binds %}
bind {{ bind.address }}:{{ bind.port }}
{%- endfor %}
{%- if listen.type == 'http' %}
mode http
balance roundrobin
option httplog
{%- endif %}
{%- if listen.type == 'rabbitmq' %}
balance roundrobin
mode tcp
option tcpka
timeout client 48h
timeout server 48h
{%- endif %}
{%- if listen.type == 'mysql' %}
balance leastconn
mode tcp
option httpchk
option tcplog
option clitcpka
option srvtcpka
timeout client 28801s
timeout server 28801s
option mysql-check user haproxy
{%- endif %}
{%- if listen.type == 'horizon' %}
balance source
capture cookie vgnvisitor= len 32
cookie SERVERID insert indirect nocache
mode http
option forwardfor
option httpchk
option httpclose
option httplog
rspidel ^Set-cookie:\ IP=
{%- endif %}
{%- if listen.type == 'general-service' %}
mode http
balance roundrobin
option httplog
{%- endif %}
{%- if listen.type == 'openstack-service' %}
option httpchk
option httplog
option httpclose
{%- endif %}
{%- if listen.type == 'heat' %}
balance source
option tcpka
option httpchk
option tcplog
{%- endif %}
{%- if listen.type == 'contrail-config' %}
mode http
stats enable
stats uri /
stats auth {{ listen.user }}:{{ listen.password }}
{%- endif %}
{%- if listen.type == 'contrail-api' %}
option nolinger
balance roundrobin
{%- endif %}
{%- if listen.type == 'contrail-analytics' %}
option nolinger
balance roundrobin
option tcp-check
tcp-check connect port 6379
default-server error-limit 1 on-error mark-down
{%- endif %}
{%- if listen.type == 'stats' %}
mode http
stats enable
stats uri /
{%- if listen.user is defined %}
stats auth {{ listen.user }}:{{ listen.password }}
{%- endif %}
{%- endif %}
{%- if listen.type == 'admin' %}
mode http
acl AuthOkay_ReadOnly http_auth(STATSUSERS)
acl AuthOkay_Admin http_auth_group(STATSUSERS) {{ listen.user }}
stats enable
stats refresh 60s
stats uri /
stats http-request auth realm admin_page unless AuthOkay_ReadOnly
stats admin if AuthOkay_Admin
{%- endif %}
{%- for server in listen.get('servers', []) %}
server {{ server.name }} {{ server.host }}:{{ server.port }} {{ server.get('params', '') }}
{%- endfor %}
{%- endif %}
{%- endfor %}
{%- for listen_name, listen in proxy.get('listen', {}).iteritems() %}
{%- if listen.get('format', 'listen') == 'end' %}
frontend {{ listen_name }} {{ listen.binds[0].address }}:{{ listen.binds[0].port }}
{%- for acl in listen.get('acls', []) %}
{%- for condition in acl.get('conditions', []) %}
acl {{ acl.name }} {{ condition.type }} {{ condition.condition }}
{%- endfor %}
use_backend {{ acl.name }}-backend if {{ acl.name }}
{%- endfor %}
default_backend {{ listen_name }}-backend
backend {{ listen_name }}-backend
{%- if listen.type == 'http' %}
balance roundrobin
{%- endif %}
{%- for server in listen.get('servers', []) %}
server {{ server.get('name', server.host) }} {{ server.host }}:{{ server.port }} {{ server.get('params', '') }}
{%- endfor %}
{%- for acl in listen.get('acls', []) %}
backend {{ acl.name }}-backend
balance roundrobin
{%- for server in acl.get('servers', []) %}
server {{ server.get('name', server.host) }} {{ server.host }}:{{ server.port }} {{ server.get('params', '') }}
{%- endfor %}
{%- endfor %}
{%- endif %}
{%- endfor %}