haproxy/files/haproxy.cfg

{%- from "haproxy/map.jinja" import proxy with context -%}

global
  log /dev/log  local0
  log /dev/log  local1 notice
  chroot /var/lib/haproxy
  stats  socket {{ proxy.stats_socket }} mode 660 level admin
  stats timeout 30s
  user  haproxy
  group haproxy
  daemon
  pidfile  /var/run/haproxy.pid
  spread-checks 4
  tune.maxrewrite 1024
  tune.bufsize 32768
  maxconn  16000

defaults
  log  global
  mode http

  maxconn 8000
  {#
  timeout connect {{ proxy.get('connect_timeout', '5000') }}ms
  timeout client {{ proxy.get('client_timeout', '50000ms') }}ms
  timeout server {{ proxy.get('server_timeout', '50000ms') }}ms
  #}
  option  redispatch
  retries  3
  stats  enable
  timeout http-request 10s
  timeout queue 1m
  timeout connect 10s
  timeout client 1m
  timeout server 1m
  timeout check 10s

{%- if proxy.listen.admin_page is defined and proxy.listen.admin_page.user is defined %}

userlist STATSUSERS
  group admin users admin
  user {{ proxy.listen.admin_page.user }} insecure-password {{ proxy.listen.admin_page.password }}
  user stats insecure-password {{ proxy.listen.admin_page.password }}
{#
{%- for listen_name, listen in proxy.get('listen', {}).iteritems() %}
{%- if listen.user is defined %}
  user {{ listen.user }} insecure-password {{ listen.password }}
{%- endif %}
{%- endfor %}
#}

{%- endif %}

{%- for listen_name, listen in proxy.get('listen', {}).iteritems() %}
{%- if listen.get('format', 'listen') == 'listen' %}

listen {{ listen_name }}
  {%- for bind in listen.binds %}
  bind {{ bind.address }}:{{ bind.port }}
  {%- endfor %}
  {%- if listen.get('type', None) == 'http' %}
  mode http
  balance  roundrobin
  option  httplog
  {%- elif listen.get('type', None) == 'rabbitmq' %}
  balance roundrobin
  mode tcp
  option tcpka
  timeout client 48h
  timeout server 48h
  {%- elif listen.get('type', None) == 'mysql' %}
  balance leastconn
  mode tcp
  option httpchk
  option tcplog
  option clitcpka
  option srvtcpka
  timeout client  28801s
  timeout server  28801s
  option mysql-check user haproxy
  {%- elif listen.get('type', None) == 'horizon' %}
  balance  source
  capture  cookie vgnvisitor= len 32
  cookie  SERVERID insert indirect nocache
  mode http
  option forwardfor
  option httpchk
  option httpclose
  option httplog
  rspidel ^Set-cookie:\ IP=
  {%- elif listen.get('type', None) == 'general-service' %}
  mode http
  balance  roundrobin
  option  httplog
  {%- elif listen.get('type', None) == 'openstack-service' %}
  option  httpchk
  option  httplog
  option  httpclose
  {%- elif listen.get('type', None) == 'heat' %}
  balance  source
  option tcpka
  option httpchk
  option tcplog
  {%- elif listen.get('type', None) == 'contrail-config' %}
  mode http
  stats enable
  stats uri /
  stats auth {{ listen.user }}:{{ listen.password }}
  {%- elif listen.get('type', None) == 'contrail-api' %}
  option nolinger
  balance roundrobin
  {%- elif listen.get('type', None) == 'contrail-analytics' %}
  option nolinger
  balance roundrobin
  option tcp-check
  tcp-check connect port 6379
  default-server error-limit 1 on-error mark-down
  {%- elif listen.get('type', None) == 'stats' %}
  mode http
  stats enable
  stats uri /
  {%- if listen.user is defined %}
  stats auth {{ listen.user }}:{{ listen.password }}
  {%- endif %}
  {%- elif listen.get('type', None) == 'admin' %}
  mode  http
  acl  AuthOkay_ReadOnly http_auth(STATSUSERS)
  acl  AuthOkay_Admin http_auth_group(STATSUSERS) {{ listen.user }}
  stats  enable
  stats  refresh 60s
  stats  uri /
  stats  http-request auth realm admin_page unless AuthOkay_ReadOnly
  stats  admin if AuthOkay_Admin
  {%- else %}
  {# no type specified #}
  mode {{ listen.mode|default('tcp') }}
  {%- for acl in listen.get('acl', []) %}
  acl {{ acl }}
  {%- endfor %}
  balance {{ listen.balance|default('roundrobin') }}
  {%- for option in listen.get('options', []) %}
  option {{ option }}
  {%- endfor %}
  {%- for reqadd in listen.get('reqadd', []) %}
  reqadd {{ reqadd }}
  {%- endfor %}
  {%- for reqirep in listen.get('reqirep', []) %}
  reqirep {{ reqirep }}
  {%- endfor %}
  {%- endif %}
  {%- for server in listen.get('servers', []) %}
  server {{ server.name }} {{ server.host }}:{{ server.port }} {{ server.get('params', '') }}
  {%- endfor %}
{%- endif %}
{%- endfor %}

{%- for listen_name, listen in proxy.get('listen', {}).iteritems() %}
{%- if listen.get('format', 'listen') == 'end' %}

frontend  {{ listen_name }} {{ listen.binds[0].address }}:{{ listen.binds[0].port }}
  {%- for acl in listen.get('acls', []) %}
  {%- for condition in acl.get('conditions', []) %}
  acl {{ acl.name }} {{ condition.type }} {{ condition.condition }}
  {%- endfor %}
  use_backend {{ acl.name }}-backend   if {{ acl.name }}
  {%- endfor %}
  default_backend {{ listen_name }}-backend

backend {{ listen_name }}-backend
  {%- if listen.get('type', None) == 'http' %}
  balance roundrobin
  {%- endif %}
  {%- for server in listen.get('servers', []) %}
  server {{ server.get('name', server.host) }} {{ server.host }}:{{ server.port }} {{ server.get('params', '') }}
  {%- endfor %}
{%- for acl in listen.get('acls', []) %}

backend {{ acl.name }}-backend
  balance     roundrobin
  {%- for server in acl.get('servers', []) %}
  server {{ server.get('name', server.host) }} {{ server.host }}:{{ server.port }} {{ server.get('params', '') }}
  {%- endfor %}
{%- endfor %}
{%- endif %}
{%- endfor %}