Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / haproxy / 01752fea9ab5162ed52db3a7e94251929d23289d / . / README.rst
blob: 06fd886d34cea4e8619632b8d283f49de59a4e90 [file] [log] [blame]
Filip Pytloun48d38302015-10-06 16:28:31 +0200[diff] [blame]1=======
2HAproxy
3=======
4
Ildar Svetlov77636142017-09-28 16:42:16 +0400[diff] [blame]5The Reliable, High Performance TCP/HTTP Load Balancer.
Filip Pytloun48d38302015-10-06 16:28:31 +0200[diff] [blame]6
Jiri Konecny371c6de2016-03-02 11:32:46 +0100[diff] [blame]7
8Sample pillars
9==============
10
11Simple admin listener
12
13.. code-block:: yaml
14
15 haproxy:
16 proxy:
17 enabled: True
18 listen:
19 admin_page:
20 type: admin
21 binds:
22 - address: 0.0.0.0
23 port: 8801
24 user: fsdfdsfds
25 password: dsfdsf
26
Jiri Konecny371c6de2016-03-02 11:32:46 +0100[diff] [blame]27Simple stats listener
28
29.. code-block:: yaml
30
31 haproxy:
32 proxy:
33 enabled: True
34 listen:
35 admin_page:
36 type: stats
37 binds:
38 - address: 0.0.0.0
39 port: 8801
40
41
42
43Sample pillar with admin
Filip Pytloun48d38302015-10-06 16:28:31 +0200[diff] [blame]44
45.. code-block:: yaml
46
47 haproxy:
48 proxy:
49 enabled: True
50 mode: http/tcp
Jiri Konecny371c6de2016-03-02 11:32:46 +0100[diff] [blame]51 logging: syslog
Filip Pytloun98f7a4f2016-09-19 14:07:24 +0200[diff] [blame]52 maxconn: 1024
53 timeout:
54 connect: 5000
55 client: 50000
56 server: 50000
Brian McQueen306a5ca2017-12-09 17:30:32 -0800[diff] [blame]57 listen:
58 https-in:
59 binds:
60 - address: 0.0.0.0
61 port: 443
62 servers:
63 - name: server1
64 host: 10.0.0.1
65 port: 8443
66 - name: server2
67 host: 10.0.0.2
68 port: 8443
69 params: 'maxconn 256'
Filip Pytloun48d38302015-10-06 16:28:31 +0200[diff] [blame]70
Jiri Konecny371c6de2016-03-02 11:32:46 +0100[diff] [blame]71
Filip Pytloun48d38302015-10-06 16:28:31 +0200[diff] [blame]72Sample pillar with custom logging
Filip Pytloun48d38302015-10-06 16:28:31 +0200[diff] [blame]73
74.. code-block:: yaml
75
76 haproxy:
77 proxy:
78 enabled: True
79 mode: http/tcp
80 logging: syslog
Filip Pytloun98f7a4f2016-09-19 14:07:24 +0200[diff] [blame]81 maxconn: 1024
82 timeout:
83 connect: 5000
84 client: 50000
85 server: 50000
Brian McQueen306a5ca2017-12-09 17:30:32 -0800[diff] [blame]86 listen:
87 https-in:
88 binds:
89 address: 0.0.0.0
90 port: 443
91 servers:
92 - name: server1
93 host: 10.0.0.1
94 port: 8443
95 - name: server2
96 host: 10.0.0.2
97 port: 8443
98 params: 'maxconn 256'
Filip Pytloun48d38302015-10-06 16:28:31 +0200[diff] [blame]99
100.. code-block:: yaml
101
102 haproxy:
103 proxy:
104 enabled: true
105 mode: tcp
106 logging: syslog
107 max_connections: 1024
Brian McQueen306a5ca2017-12-09 17:30:32 -0800[diff] [blame]108 listen:
109 mysql:
110 type: mysql
111 binds:
112 - address: 10.0.88.70
113 port: 3306
114 servers:
115 - name: node1
116 host: 10.0.88.13
117 port: 3306
118 params: check inter 15s fastinter 2s downinter 1s rise 5 fall 3
119 - name: node2
120 host: 10.0.88.14
121 port: 3306
122 params: check inter 15s fastinter 2s downinter 1s rise 5 fall 3 backup
123 - name: node3
124 host: 10.0.88.15
125 port: 3306
126 params: check inter 15s fastinter 2s downinter 1s rise 5 fall 3 backup
127 rabbitmq:
128 type: rabbitmq
129 binds:
130 - address: 10.0.88.70
131 port: 5672
132 servers:
133 - name: node1
134 host: 10.0.88.13
135 port: 5673
136 params: check inter 5000 rise 2 fall 3
137 - name: node2
138 host: 10.0.88.14
139 port: 5673
140 params: check inter 5000 rise 2 fall 3 backup
141 - name: node3
142 host: 10.0.88.15
143 port: 5673
144 params: check inter 5000 rise 2 fall 3 backup
145 keystone-1:
146 type: general-service
147 binds:
148 - address: 10.0.106.170
149 port: 5000
150 servers:
151 - name: node1
152 host: 10.0.88.13
153 port: 5000
154 params: check
Filip Pytloun48d38302015-10-06 16:28:31 +0200[diff] [blame]155
156.. code-block:: yaml
157
158 haproxy:
159 proxy:
160 enabled: true
161 mode: tcp
162 logging: syslog
163 max_connections: 1024
Brian McQueen306a5ca2017-12-09 17:30:32 -0800[diff] [blame]164 listen:
165 mysql:
166 type: mysql
167 binds:
168 - address: 10.0.88.70
169 port: 3306
170 servers:
171 - name: node1
172 host: 10.0.88.13
173 port: 3306
174 params: check inter 15s fastinter 2s downinter 1s rise 5 fall 3
175 - name: node2
176 host: 10.0.88.14
177 port: 3306
178 params: check inter 15s fastinter 2s downinter 1s rise 5 fall 3 backup
179 - name: node3
180 host: 10.0.88.15
181 port: 3306
182 params: check inter 15s fastinter 2s downinter 1s rise 5 fall 3 backup
183 rabbitmq:
184 type: rabbitmq
185 binds:
186 - address: 10.0.88.70
187 port: 5672
188 servers:
189 - name: node1
190 host: 10.0.88.13
191 port: 5673
192 params: check inter 5000 rise 2 fall 3
193 - name: node2
194 host: 10.0.88.14
195 port: 5673
196 params: check inter 5000 rise 2 fall 3 backup
197 - name: node3
198 host: 10.0.88.15
199 port: 5673
200 params: check inter 5000 rise 2 fall 3 backup
201 keystone-1:
202 type: general-service
203 binds:
204 - address: 10.0.106.170
205 port: 5000
206 servers:
207 - name: node1
208 host: 10.0.88.13
209 port: 5000
210 params: check
Filip Pytloun48d38302015-10-06 16:28:31 +0200[diff] [blame]211
Filip Pytloune1a6f062016-08-26 15:13:38 +0200[diff] [blame]212Custom more complex listener (for Artifactory and subdomains for docker
213registries)
214
215.. code-block:: yaml
216
217 haproxy:
218 proxy:
219 listen:
220 artifactory:
221 mode: http
222 options:
223 - forwardfor
224 - forwardfor header X-Real-IP
225 - httpchk
226 - httpclose
227 - httplog
Jakub Pavlikc9f84c42016-12-10 16:16:08 +0100[diff] [blame]228 sticks:
229 - stick on src
230 - stick-table type ip size 200k expire 2m
Filip Pytloune1a6f062016-08-26 15:13:38 +0200[diff] [blame]231 acl:
232 is_docker: "path_reg ^/v[12][/.]*"
233 http_request:
234 - action: "set-path /artifactory/api/docker/%[req.hdr(host),lower,field(1,'.')]%[path]"
235 condition: "if is_docker"
236 balance: source
237 binds:
238 - address: ${_param:cluster_vip_address}
239 port: 8082
Filip Pytloun4201b382016-09-09 12:21:18 +0200[diff] [blame]240 ssl:
241 enabled: true
242 # This PEM file needs to contain key, cert, CA and possibly
243 # intermediate certificates
244 pem_file: /etc/haproxy/ssl/server.pem
Filip Pytloune1a6f062016-08-26 15:13:38 +0200[diff] [blame]245 servers:
246 - name: ${_param:cluster_node01_name}
247 host: ${_param:cluster_node01_address}
248 port: 8082
249 params: check
250 - name: ${_param:cluster_node02_name}
251 host: ${_param:cluster_node02_address}
252 port: 8082
253 params: backup check
254
Filip Pytlound95069e2017-03-10 16:12:03 +0100[diff] [blame]255It's also possible to use multiple certificates for one listener (eg. when
256it's bind on multiple interfaces):
257
258.. code-block:: yaml
259
260 haproxy:
261 proxy:
262 listen:
263 dummy_site:
264 mode: http
265 binds:
266 - address: 127.0.0.1
267 port: 8080
268 ssl:
269 enabled: true
270 key: |
271 my super secret key follows
272 cert: |
273 certificate
274 chain: |
275 CA chain (if any)
276 - address: 127.0.1.1
277 port: 8081
278 ssl:
279 enabled: true
280 key: |
281 my super secret key follows
282 cert: |
283 certificate
284 chain: |
285 CA chain (if any)
286
287Definition above will result in creation of ``/etc/haproxy/ssl/dummy_site``
288directory with files ``1-all.pem`` and ``2-all.pem`` (per binds).
289
Adam Tengler4cf961b2017-01-26 16:05:21 +0000[diff] [blame]290Custom listener with tcp-check options specified (for Redis cluster with Sentinel)
291
292.. code-block:: yaml
293
294 haproxy:
295 proxy:
296 listen:
297 redis_cluster:
298 service_name: redis
Guillaume Thouvenin3adff8c2017-02-21 14:29:07 +0100[diff] [blame]299 health-check:
Adam Tengler4cf961b2017-01-26 16:05:21 +0000[diff] [blame]300 tcp:
301 enabled: True
302 options:
303 - send PING\r\n
304 - expect string +PONG
305 - send info\ replication\r\n
306 - expect string role:master
307 - send QUIT\r\n
308 - expect string +OK
309 binds:
310 - address: ${_param:cluster_address}
311 port: 6379
312 servers:
313 - name: ${_param:cluster_node01_name}
314 host: ${_param:cluster_node01_address}
315 port: 6379
316 params: check inter 1s
317 - name: ${_param:cluster_node02_name}
318 host: ${_param:cluster_node02_address}
319 port: 6379
320 params: check inter 1s
321 - name: ${_param:cluster_node03_name}
322 host: ${_param:cluster_node03_address}
323 port: 6379
324 params: check inter 1s
325
Sergey Otpuschennikov3e831332017-08-01 13:31:03 +0400[diff] [blame]326Frontend for routing between exists listeners via URL with SSL an redirects.
327You can use one backend for several URLs.
328
329.. code-block:: yaml
330
331 haproxy:
332 proxy:
333 listen:
334 service_proxy:
335 mode: http
336 balance: source
337 format: end
338 binds:
339 - address: ${_param:haproxy_bind_address}
340 port: 80
341 ssl: ${_param:haproxy_frontend_ssl}
342 ssl_port: 443
343 redirects:
344 - code: 301
345 location: domain.com/images
346 conditions:
347 - type: hdr_dom(host)
348 condition: images.domain.com
349 acls:
350 - name: gerrit
351 conditions:
352 - type: hdr_dom(host)
353 condition: gerrit.domain.com
354 - name: jenkins
355 conditions:
356 - type: hdr_dom(host)
357 condition: jenkins.domain.com
358 - name: docker
359 backend: artifactroy
360 conditions:
361 - type: hdr_dom(host)
362 condition: docker.domain.com
363
Ildar Svetlov77636142017-09-28 16:42:16 +0400[diff] [blame]364Enable customisable ``forwardfor`` option in ``defaults`` section.
365
366.. code-block:: yaml
367
368 haproxy:
369 proxy:
370 enabled: true
371 mode: tcp
372 logging: syslog
373 max_connections: 1024
374 forwardfor:
375 enabled: true
376 except:
377 header:
378 if-none: false
379
380.. code-block:: yaml
381
382 haproxy:
383 proxy:
384 enabled: true
385 mode: tcp
386 logging: syslog
387 max_connections: 1024
388 forwardfor:
389 enabled: true
390 except: 127.0.0.1
391 header: X-Real-IP
392 if-none: false
393
stelucz01752fe2018-01-26 12:39:23 +0100[diff] [blame^]394Sample pillar with multiprocess multicore configuration
395
396.. code-block:: yaml
397
398 haproxy:
399 proxy:
400 enabled: True
401 nbproc: 4
402 cpu_map:
403 1: 0
404 2: 1
405 3: 2
406 4: 3
407 stats_bind_process: "1 2"
408 mode: http/tcp
409 logging: syslog
410 maxconn: 1024
411 timeout:
412 connect: 5000
413 client: 50000
414 server: 50000
415 listen:
416 https-in:
417 bind_process: "1 2 3 4"
418 binds:
419 - address: 0.0.0.0
420 port: 443
421 servers:
422 - name: server1
423 host: 10.0.0.1
424 port: 8443
425 - name: server2
426 host: 10.0.0.2
427 port: 8443
428 params: 'maxconn 256'
429
Filip Pytloun48d38302015-10-06 16:28:31 +0200[diff] [blame]430Read more
431=========
432
433* https://github.com/jesusaurus/hpcs-salt-state/tree/master/haproxy
434* http://www.nineproductions.com/saltstack-ossec-state-using-reactor/ - example reactor usage.
435* https://gist.github.com/tomeduarte/6340205 - example on how to use peer from within a config file (using jinja)
436* http://youtu.be/jJJ8cfDjcTc?t=8m58s - from 9:00 on, a good overview of peer vs mine
437* https://github.com/russki/cluster-agents
Filip Pytloun5cde0482017-02-02 13:02:03 +0100[diff] [blame]438
439Documentation and Bugs
440======================
441
442To learn how to install and update salt-formulas, consult the documentation
443available online at:
444
445 http://salt-formulas.readthedocs.io/
446
447In the unfortunate event that bugs are discovered, they should be reported to
448the appropriate issue tracker. Use Github issue tracker for specific salt
449formula:
450
451 https://github.com/salt-formulas/salt-formula-haproxy/issues
452
453For feature requests, bug reports or blueprints affecting entire ecosystem,
454use Launchpad salt-formulas project:
455
456 https://launchpad.net/salt-formulas
457
458You can also join salt-formulas-users team and subscribe to mailing list:
459
460 https://launchpad.net/~salt-formulas-users
461
462Developers wishing to work on the salt-formulas projects should always base
463their work on master branch and submit pull request against specific formula.
464
465 https://github.com/salt-formulas/salt-formula-haproxy
466
467Any questions or feedback is always welcome so feel free to join our IRC
468channel:
469
470 #salt-formulas @ irc.freenode.net