haproxy/files/haproxy.cfg - salt-formulas/haproxy - Gitiles

 {%- set proxy = pillar.haproxy.proxy %}
 {%- set haproxy_logging = pillar.haproxy.proxy.get('logging', "") %}

 global
 {%- if grains.os_family == "RedHat" %}
   chroot  /var/lib/haproxy
   stats  socket /var/lib/haproxy/stats
 {%- endif %}
   daemon
   maxconn  16000
   pidfile  /var/run/haproxy.pid
   user  haproxy
   group  haproxy
   spread-checks 4
   tune.maxrewrite 1024
   tune.bufsize 32768


 defaults
   log  global
   mode http
   {%- if haproxy_logging == 'syslog' %}
   log 127.0.0.1 local0
   {%- endif %}

   maxconn 8000
   {#
   timeout connect {{ proxy.get('connect_timeout', '5000') }}ms
   timeout client {{ proxy.get('client_timeout', '50000ms') }}ms
   timeout server {{ proxy.get('server_timeout', '50000ms') }}ms
   #}
   option  redispatch
   retries  3
   stats  enable
   timeout http-request 10s
   timeout queue 1m
   timeout connect 10s
   timeout client 1m
   timeout server 1m
   timeout check 10s

 {%- if proxy.listen.admin_page is defined and proxy.listen.admin_page.user is defined %}

 userlist STATSUSERS
   group admin users admin
   user {{ proxy.listen.admin_page.user }} insecure-password {{ proxy.listen.admin_page.password }}
   user stats insecure-password {{ proxy.listen.admin_page.password }}
 {#
 {%- for listen_name, listen in proxy.get('listen', {}).iteritems() %}
 {%- if listen.user is defined %}
   user {{ listen.user }} insecure-password {{ listen.password }}
 {%- endif %}
 {%- endfor %}
 #}

 {%- endif %}

 {%- for listen_name, listen in proxy.get('listen', {}).iteritems() %}
 {%- if listen.get('format', 'listen') == 'listen' %}

 listen {{ listen_name }}
   {%- for bind in listen.binds %}
   bind {{ bind.address }}:{{ bind.port }}
   {%- endfor %}
   {%- if listen.type == 'http' %}
   mode http
   balance  roundrobin
   option  httplog
   {%- endif %}
   {%- if listen.type == 'rabbitmq' %}
   balance roundrobin
   mode tcp
   option tcpka
   timeout client 48h
   timeout server 48h
   {%- endif %}
   {%- if listen.type == 'mysql' %}
   balance leastconn
   mode tcp
   option httpchk
   option tcplog
   option clitcpka
   option srvtcpka
   timeout client  28801s
   timeout server  28801s
   option mysql-check user haproxy
   {%- endif %}
   {%- if listen.type == 'horizon' %}
   balance  source
   capture  cookie vgnvisitor= len 32
   cookie  SERVERID insert indirect nocache
   mode http
   option forwardfor
   option httpchk
   option httpclose
   option httplog
   rspidel ^Set-cookie:\ IP=
   {%- endif %}
   {%- if listen.type == 'general-service' %}
   mode http
   balance  roundrobin
   option  httplog
   {%- endif %}
   {%- if listen.type == 'openstack-service' %}
   option  httpchk
   option  httplog
   option  httpclose
   {%- endif %}
   {%- if listen.type == 'heat' %}
   balance  source
   option tcpka
   option httpchk
   option tcplog
   {%- endif %}
   {%- if listen.type == 'contrail-config' %}
   mode http
   stats enable
   stats uri /
   stats auth {{ listen.user }}:{{ listen.password }}
   {%- endif %}
   {%- if listen.type == 'contrail-api' %}
   option nolinger
   balance roundrobin
   {%- endif %}
   {%- if listen.type == 'contrail-analytics' %}
   option nolinger
   balance roundrobin
   option tcp-check
   tcp-check connect port 6379
   default-server error-limit 1 on-error mark-down
   {%- endif %}
   {%- if listen.type == 'stats' %}
   mode http
   stats enable
   stats uri /
   {%- if listen.user is defined %}
   stats auth {{ listen.user }}:{{ listen.password }}
   {%- endif %}
   {%- endif %}
   {%- if listen.type == 'admin' %}
   mode  http
   acl  AuthOkay_ReadOnly http_auth(STATSUSERS)
   acl  AuthOkay_Admin http_auth_group(STATSUSERS) {{ listen.user }}
   stats  enable
   stats  refresh 60s
   stats  uri /
   stats  http-request auth realm admin_page unless AuthOkay_ReadOnly
   stats  admin if AuthOkay_Admin
   {%- endif %}
   {%- for server in listen.get('servers', []) %}
   server {{ server.name }} {{ server.host }}:{{ server.port }} {{ server.get('params', '') }}
   {%- endfor %}
 {%- endif %}
 {%- endfor %}

 {%- for listen_name, listen in proxy.get('listen', {}).iteritems() %}
 {%- if listen.get('format', 'listen') == 'end' %}

 frontend  {{ listen_name }} {{ listen.binds[0].address }}:{{ listen.binds[0].port }}
   {%- for acl in listen.get('acls', []) %}
   {%- for condition in acl.get('conditions', []) %}
   acl {{ acl.name }} {{ condition.type }} {{ condition.condition }}
   {%- endfor %}
   use_backend {{ acl.name }}-backend   if {{ acl.name }}
   {%- endfor %}
   default_backend {{ listen_name }}-backend

 backend {{ listen_name }}-backend
   {%- if listen.type == 'http' %}
   balance roundrobin
   {%- endif %}
   {%- for server in listen.get('servers', []) %}
   server {{ server.get('name', server.host) }} {{ server.host }}:{{ server.port }} {{ server.get('params', '') }}
   {%- endfor %}
 {%- for acl in listen.get('acls', []) %}

 backend {{ acl.name }}-backend
   balance     roundrobin
   {%- for server in acl.get('servers', []) %}
   server {{ server.get('name', server.host) }} {{ server.host }}:{{ server.port }} {{ server.get('params', '') }}
   {%- endfor %}
 {%- endfor %}
 {%- endif %}
 {%- endfor %}
	{%- set proxy = pillar.haproxy.proxy %}
	{%- set haproxy_logging = pillar.haproxy.proxy.get('logging', "") %}

	global
	{%- if grains.os_family == "RedHat" %}
	chroot /var/lib/haproxy
	stats socket /var/lib/haproxy/stats
	{%- endif %}
	daemon
	maxconn 16000
	pidfile /var/run/haproxy.pid
	user haproxy
	group haproxy
	spread-checks 4
	tune.maxrewrite 1024
	tune.bufsize 32768


	defaults
	log global
	mode http
	{%- if haproxy_logging == 'syslog' %}
	log 127.0.0.1 local0
	{%- endif %}

	maxconn 8000
	{#
	timeout connect {{ proxy.get('connect_timeout', '5000') }}ms
	timeout client {{ proxy.get('client_timeout', '50000ms') }}ms
	timeout server {{ proxy.get('server_timeout', '50000ms') }}ms
	#}
	option redispatch
	retries 3
	stats enable
	timeout http-request 10s
	timeout queue 1m
	timeout connect 10s
	timeout client 1m
	timeout server 1m
	timeout check 10s

	{%- if proxy.listen.admin_page is defined and proxy.listen.admin_page.user is defined %}

	userlist STATSUSERS
	group admin users admin
	user {{ proxy.listen.admin_page.user }} insecure-password {{ proxy.listen.admin_page.password }}
	user stats insecure-password {{ proxy.listen.admin_page.password }}
	{#
	{%- for listen_name, listen in proxy.get('listen', {}).iteritems() %}
	{%- if listen.user is defined %}
	user {{ listen.user }} insecure-password {{ listen.password }}
	{%- endif %}
	{%- endfor %}
	#}

	{%- endif %}

	{%- for listen_name, listen in proxy.get('listen', {}).iteritems() %}
	{%- if listen.get('format', 'listen') == 'listen' %}

	listen {{ listen_name }}
	{%- for bind in listen.binds %}
	bind {{ bind.address }}:{{ bind.port }}
	{%- endfor %}
	{%- if listen.type == 'http' %}
	mode http
	balance roundrobin
	option httplog
	{%- endif %}
	{%- if listen.type == 'rabbitmq' %}
	balance roundrobin
	mode tcp
	option tcpka
	timeout client 48h
	timeout server 48h
	{%- endif %}
	{%- if listen.type == 'mysql' %}
	balance leastconn
	mode tcp
	option httpchk
	option tcplog
	option clitcpka
	option srvtcpka
	timeout client 28801s
	timeout server 28801s
	option mysql-check user haproxy
	{%- endif %}
	{%- if listen.type == 'horizon' %}
	balance source
	capture cookie vgnvisitor= len 32
	cookie SERVERID insert indirect nocache
	mode http
	option forwardfor
	option httpchk
	option httpclose
	option httplog
	rspidel ^Set-cookie:\ IP=
	{%- endif %}
	{%- if listen.type == 'general-service' %}
	mode http
	balance roundrobin
	option httplog
	{%- endif %}
	{%- if listen.type == 'openstack-service' %}
	option httpchk
	option httplog
	option httpclose
	{%- endif %}
	{%- if listen.type == 'heat' %}
	balance source
	option tcpka
	option httpchk
	option tcplog
	{%- endif %}
	{%- if listen.type == 'contrail-config' %}
	mode http
	stats enable
	stats uri /
	stats auth {{ listen.user }}:{{ listen.password }}
	{%- endif %}
	{%- if listen.type == 'contrail-api' %}
	option nolinger
	balance roundrobin
	{%- endif %}
	{%- if listen.type == 'contrail-analytics' %}
	option nolinger
	balance roundrobin
	option tcp-check
	tcp-check connect port 6379
	default-server error-limit 1 on-error mark-down
	{%- endif %}
	{%- if listen.type == 'stats' %}
	mode http
	stats enable
	stats uri /
	{%- if listen.user is defined %}
	stats auth {{ listen.user }}:{{ listen.password }}
	{%- endif %}
	{%- endif %}
	{%- if listen.type == 'admin' %}
	mode http
	acl AuthOkay_ReadOnly http_auth(STATSUSERS)
	acl AuthOkay_Admin http_auth_group(STATSUSERS) {{ listen.user }}
	stats enable
	stats refresh 60s
	stats uri /
	stats http-request auth realm admin_page unless AuthOkay_ReadOnly
	stats admin if AuthOkay_Admin
	{%- endif %}
	{%- for server in listen.get('servers', []) %}
	server {{ server.name }} {{ server.host }}:{{ server.port }} {{ server.get('params', '') }}
	{%- endfor %}
	{%- endif %}
	{%- endfor %}

	{%- for listen_name, listen in proxy.get('listen', {}).iteritems() %}
	{%- if listen.get('format', 'listen') == 'end' %}

	frontend {{ listen_name }} {{ listen.binds[0].address }}:{{ listen.binds[0].port }}
	{%- for acl in listen.get('acls', []) %}
	{%- for condition in acl.get('conditions', []) %}
	acl {{ acl.name }} {{ condition.type }} {{ condition.condition }}
	{%- endfor %}
	use_backend {{ acl.name }}-backend if {{ acl.name }}
	{%- endfor %}
	default_backend {{ listen_name }}-backend

	backend {{ listen_name }}-backend
	{%- if listen.type == 'http' %}
	balance roundrobin
	{%- endif %}
	{%- for server in listen.get('servers', []) %}
	server {{ server.get('name', server.host) }} {{ server.host }}:{{ server.port }} {{ server.get('params', '') }}
	{%- endfor %}
	{%- for acl in listen.get('acls', []) %}

	backend {{ acl.name }}-backend
	balance roundrobin
	{%- for server in acl.get('servers', []) %}
	server {{ server.get('name', server.host) }} {{ server.host }}:{{ server.port }} {{ server.get('params', '') }}
	{%- endfor %}
	{%- endfor %}
	{%- endif %}
	{%- endfor %}