Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / haproxy / 5ea19a668be4fa34d2a416aa5bebedbc24b7ac7f / . / README.rst
blob: 659d66e462439b1d26ade773afd3d716a50b804a [file] [log] [blame]
OlgaGusarenko0a99f8a2018-07-30 18:07:08 +0300[diff] [blame]1=====
2Usage
3=====
Filip Pytloun48d38302015-10-06 16:28:31 +0200[diff] [blame]4
Ildar Svetlov77636142017-09-28 16:42:16 +0400[diff] [blame]5The Reliable, High Performance TCP/HTTP Load Balancer.
Filip Pytloun48d38302015-10-06 16:28:31 +0200[diff] [blame]6
Jiri Konecny371c6de2016-03-02 11:32:46 +0100[diff] [blame]7Sample pillars
8==============
9
10Simple admin listener
11
12.. code-block:: yaml
13
14 haproxy:
15 proxy:
16 enabled: True
17 listen:
18 admin_page:
19 type: admin
20 binds:
21 - address: 0.0.0.0
22 port: 8801
23 user: fsdfdsfds
24 password: dsfdsf
25
Jiri Konecny371c6de2016-03-02 11:32:46 +0100[diff] [blame]26Simple stats listener
27
28.. code-block:: yaml
29
30 haproxy:
31 proxy:
32 enabled: True
33 listen:
34 admin_page:
35 type: stats
36 binds:
37 - address: 0.0.0.0
38 port: 8801
39
40
41
42Sample pillar with admin
Filip Pytloun48d38302015-10-06 16:28:31 +0200[diff] [blame]43
44.. code-block:: yaml
45
46 haproxy:
47 proxy:
48 enabled: True
Filip Pytloun98f7a4f2016-09-19 14:07:24 +0200[diff] [blame]49 maxconn: 1024
50 timeout:
51 connect: 5000
52 client: 50000
53 server: 50000
Brian McQueen306a5ca2017-12-09 17:30:32 -0800[diff] [blame]54 listen:
55 https-in:
56 binds:
57 - address: 0.0.0.0
58 port: 443
59 servers:
60 - name: server1
61 host: 10.0.0.1
62 port: 8443
63 - name: server2
64 host: 10.0.0.2
65 port: 8443
66 params: 'maxconn 256'
Filip Pytloun48d38302015-10-06 16:28:31 +0200[diff] [blame]67
Jiri Konecny371c6de2016-03-02 11:32:46 +0100[diff] [blame]68
Filip Pytloun48d38302015-10-06 16:28:31 +0200[diff] [blame]69Sample pillar with custom logging
Filip Pytloun48d38302015-10-06 16:28:31 +0200[diff] [blame]70
71.. code-block:: yaml
72
73 haproxy:
74 proxy:
75 enabled: True
Filip Pytloun98f7a4f2016-09-19 14:07:24 +0200[diff] [blame]76 maxconn: 1024
77 timeout:
78 connect: 5000
79 client: 50000
80 server: 50000
Brian McQueen306a5ca2017-12-09 17:30:32 -0800[diff] [blame]81 listen:
82 https-in:
83 binds:
84 address: 0.0.0.0
85 port: 443
86 servers:
87 - name: server1
88 host: 10.0.0.1
89 port: 8443
90 - name: server2
91 host: 10.0.0.2
92 port: 8443
93 params: 'maxconn 256'
Filip Pytloun48d38302015-10-06 16:28:31 +0200[diff] [blame]94
95.. code-block:: yaml
96
97 haproxy:
98 proxy:
99 enabled: true
Brian McQueen306a5ca2017-12-09 17:30:32 -0800[diff] [blame]100 listen:
101 mysql:
102 type: mysql
103 binds:
104 - address: 10.0.88.70
105 port: 3306
106 servers:
107 - name: node1
108 host: 10.0.88.13
109 port: 3306
110 params: check inter 15s fastinter 2s downinter 1s rise 5 fall 3
111 - name: node2
112 host: 10.0.88.14
113 port: 3306
114 params: check inter 15s fastinter 2s downinter 1s rise 5 fall 3 backup
115 - name: node3
116 host: 10.0.88.15
117 port: 3306
118 params: check inter 15s fastinter 2s downinter 1s rise 5 fall 3 backup
119 rabbitmq:
120 type: rabbitmq
121 binds:
122 - address: 10.0.88.70
123 port: 5672
124 servers:
125 - name: node1
126 host: 10.0.88.13
127 port: 5673
128 params: check inter 5000 rise 2 fall 3
129 - name: node2
130 host: 10.0.88.14
131 port: 5673
132 params: check inter 5000 rise 2 fall 3 backup
133 - name: node3
134 host: 10.0.88.15
135 port: 5673
136 params: check inter 5000 rise 2 fall 3 backup
137 keystone-1:
138 type: general-service
139 binds:
140 - address: 10.0.106.170
141 port: 5000
142 servers:
143 - name: node1
144 host: 10.0.88.13
145 port: 5000
146 params: check
Filip Pytloun48d38302015-10-06 16:28:31 +0200[diff] [blame]147
148.. code-block:: yaml
149
150 haproxy:
151 proxy:
152 enabled: true
Brian McQueen306a5ca2017-12-09 17:30:32 -0800[diff] [blame]153 listen:
154 mysql:
155 type: mysql
156 binds:
157 - address: 10.0.88.70
158 port: 3306
159 servers:
160 - name: node1
161 host: 10.0.88.13
162 port: 3306
163 params: check inter 15s fastinter 2s downinter 1s rise 5 fall 3
164 - name: node2
165 host: 10.0.88.14
166 port: 3306
167 params: check inter 15s fastinter 2s downinter 1s rise 5 fall 3 backup
168 - name: node3
169 host: 10.0.88.15
170 port: 3306
171 params: check inter 15s fastinter 2s downinter 1s rise 5 fall 3 backup
172 rabbitmq:
173 type: rabbitmq
174 binds:
175 - address: 10.0.88.70
176 port: 5672
177 servers:
178 - name: node1
179 host: 10.0.88.13
180 port: 5673
181 params: check inter 5000 rise 2 fall 3
182 - name: node2
183 host: 10.0.88.14
184 port: 5673
185 params: check inter 5000 rise 2 fall 3 backup
186 - name: node3
187 host: 10.0.88.15
188 port: 5673
189 params: check inter 5000 rise 2 fall 3 backup
190 keystone-1:
191 type: general-service
192 binds:
193 - address: 10.0.106.170
194 port: 5000
195 servers:
196 - name: node1
197 host: 10.0.88.13
198 port: 5000
199 params: check
Filip Pytloun48d38302015-10-06 16:28:31 +0200[diff] [blame]200
Petr Jedinýc1461642018-04-17 17:21:28 +0200[diff] [blame]201Sample pillar with port range and port offset
202
203This is usefull in listen blocks for definition of multiple servers
204that differs only by port number in port range block. This situation
205can be result of multiple single-thread servers deployed in multi-core
206environment to better utilize the available cores.
207
OlgaGusarenko0a99f8a2018-07-30 18:07:08 +0300[diff] [blame]208For example, five contrail-api workers occupy ports ``9100-9104``.
Petr Jedinýc1461642018-04-17 17:21:28 +0200[diff] [blame]209This can be achieved by using ``port_range_length`` in the pillar,
210``port_range_length: 5`` in this case.
211For skipping first worker (``worker_id 0``), because it has other
212responsibilities and to avoid overloading it by http requests
213use the ``port_range_start_offset`` in the pillar,
214``port_range_start_offset: 1`` in this case, it will only use ports
2159101-9104 (skipping 9100).
216
217- ``port_range_length`` parameter is used to calculate port range end
218- ``port_range_start_offset`` will skip first n ports in port range
219
220For backward compatibility, the name of the first server in port range
221has no ``pN`` suffix.
222
223The following sample will result in
224
225.. code-block:: text
226
227 listen contrail_api
228 bind 172.16.10.252:8082
Petr Jedinýc1461642018-04-17 17:21:28 +0200[diff] [blame]229 balance leastconn
230 server ntw01p1 172.16.10.95:9101 check inter 2000 rise 2 fall 3
231 server ntw01p2 172.16.10.95:9102 check inter 2000 rise 2 fall 3
232 server ntw01p3 172.16.10.95:9103 check inter 2000 rise 2 fall 3
233 server ntw01p4 172.16.10.95:9104 check inter 2000 rise 2 fall 3
234 server ntw02 172.16.10.96:9100 check inter 2000 rise 2 fall 3
235 server ntw02p1 172.16.10.96:9101 check inter 2000 rise 2 fall 3
236 server ntw02p2 172.16.10.96:9102 check inter 2000 rise 2 fall 3
237 server ntw02p3 172.16.10.96:9103 check inter 2000 rise 2 fall 3
238 server ntw02p4 172.16.10.96:9104 check inter 2000 rise 2 fall 3
239 server ntw03 172.16.10.94:9100 check inter 2000 rise 2 fall 3
240 server ntw03p1 172.16.10.94:9101 check inter 2000 rise 2 fall 3
241 server ntw03p2 172.16.10.94:9102 check inter 2000 rise 2 fall 3
242 server ntw03p3 172.16.10.94:9103 check inter 2000 rise 2 fall 3
243 server ntw03p4 172.16.10.94:9104 check inter 2000 rise 2 fall 3
244
245.. code-block:: yaml
246
247 haproxy:
248 proxy:
249 listen:
250 contrail_api:
251 type: contrail-api
252 service_name: contrail
253 balance: leastconn
254 binds:
255 - address: 10.10.10.10
256 port: 8082
257 servers:
258 - name: ntw01
259 host: 10.10.10.11
260 port: 9100
261 port_range_length: 5
262 port_range_start_offset: 1
263 params: check inter 2000 rise 2 fall 3
264 - name: ntw02
265 host: 10.10.10.12
266 port: 9100
267 port_range_length: 5
268 port_range_start_offset: 0
269 params: check inter 2000 rise 2 fall 3
270 - name: ntw03
271 host: 10.10.10.13
272 port: 9100
273 port_range_length: 5
274 params: check inter 2000 rise 2 fall 3
275
276
Filip Pytloune1a6f062016-08-26 15:13:38 +0200[diff] [blame]277Custom more complex listener (for Artifactory and subdomains for docker
278registries)
279
280.. code-block:: yaml
281
282 haproxy:
283 proxy:
284 listen:
285 artifactory:
286 mode: http
287 options:
288 - forwardfor
289 - forwardfor header X-Real-IP
290 - httpchk
291 - httpclose
292 - httplog
Jakub Pavlikc9f84c42016-12-10 16:16:08 +0100[diff] [blame]293 sticks:
294 - stick on src
295 - stick-table type ip size 200k expire 2m
Filip Pytloune1a6f062016-08-26 15:13:38 +0200[diff] [blame]296 acl:
297 is_docker: "path_reg ^/v[12][/.]*"
298 http_request:
299 - action: "set-path /artifactory/api/docker/%[req.hdr(host),lower,field(1,'.')]%[path]"
300 condition: "if is_docker"
301 balance: source
302 binds:
303 - address: ${_param:cluster_vip_address}
304 port: 8082
Filip Pytloun4201b382016-09-09 12:21:18 +0200[diff] [blame]305 ssl:
306 enabled: true
307 # This PEM file needs to contain key, cert, CA and possibly
308 # intermediate certificates
309 pem_file: /etc/haproxy/ssl/server.pem
Filip Pytloune1a6f062016-08-26 15:13:38 +0200[diff] [blame]310 servers:
311 - name: ${_param:cluster_node01_name}
312 host: ${_param:cluster_node01_address}
313 port: 8082
314 params: check
315 - name: ${_param:cluster_node02_name}
316 host: ${_param:cluster_node02_address}
317 port: 8082
318 params: backup check
319
Filip Pytlound95069e2017-03-10 16:12:03 +0100[diff] [blame]320It's also possible to use multiple certificates for one listener (eg. when
321it's bind on multiple interfaces):
322
323.. code-block:: yaml
324
325 haproxy:
326 proxy:
327 listen:
328 dummy_site:
329 mode: http
330 binds:
331 - address: 127.0.0.1
332 port: 8080
333 ssl:
334 enabled: true
335 key: |
336 my super secret key follows
337 cert: |
338 certificate
339 chain: |
340 CA chain (if any)
341 - address: 127.0.1.1
342 port: 8081
343 ssl:
344 enabled: true
345 key: |
346 my super secret key follows
347 cert: |
348 certificate
349 chain: |
350 CA chain (if any)
351
352Definition above will result in creation of ``/etc/haproxy/ssl/dummy_site``
353directory with files ``1-all.pem`` and ``2-all.pem`` (per binds).
354
Dzmitry Stremkouski9510dcf2018-10-25 17:48:20 +0200[diff] [blame]355Custom listener with http-check options specified
356
357.. code-block:: yaml
358
359 haproxy:
360 proxy:
361 enabled: true
362 forwardfor:
363 enabled: true
364 except: 127.0.0.1
365 header: X-Forwarded-For
366 if-none: false
367 listen:
368 glance_api:
369 binds:
370 - address: 192.168.2.11
371 port: 9292
372 ssl:
373 enabled: true
374 pem_file: /etc/haproxy/ssl/all.pem
375 http_request:
376 - action: set-header X-Forwarded-Proto https
377 mode: http
378 options:
379 - httpchk GET /
380 - httplog
381 - httpclose
382 servers:
383 - host: 127.0.0.1
384 name: ctl01
385 params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
386 port: 9292
387
Adam Tengler4cf961b2017-01-26 16:05:21 +0000[diff] [blame]388Custom listener with tcp-check options specified (for Redis cluster with Sentinel)
389
390.. code-block:: yaml
391
392 haproxy:
393 proxy:
394 listen:
395 redis_cluster:
396 service_name: redis
Guillaume Thouvenin3adff8c2017-02-21 14:29:07 +0100[diff] [blame]397 health-check:
Adam Tengler4cf961b2017-01-26 16:05:21 +0000[diff] [blame]398 tcp:
399 enabled: True
400 options:
401 - send PING\r\n
402 - expect string +PONG
403 - send info\ replication\r\n
404 - expect string role:master
405 - send QUIT\r\n
406 - expect string +OK
407 binds:
408 - address: ${_param:cluster_address}
409 port: 6379
410 servers:
411 - name: ${_param:cluster_node01_name}
412 host: ${_param:cluster_node01_address}
413 port: 6379
414 params: check inter 1s
415 - name: ${_param:cluster_node02_name}
416 host: ${_param:cluster_node02_address}
417 port: 6379
418 params: check inter 1s
419 - name: ${_param:cluster_node03_name}
420 host: ${_param:cluster_node03_address}
421 port: 6379
422 params: check inter 1s
423
Sergey Otpuschennikov3e831332017-08-01 13:31:03 +0400[diff] [blame]424Frontend for routing between exists listeners via URL with SSL an redirects.
425You can use one backend for several URLs.
426
427.. code-block:: yaml
428
429 haproxy:
430 proxy:
431 listen:
432 service_proxy:
433 mode: http
434 balance: source
435 format: end
436 binds:
437 - address: ${_param:haproxy_bind_address}
438 port: 80
439 ssl: ${_param:haproxy_frontend_ssl}
440 ssl_port: 443
441 redirects:
442 - code: 301
443 location: domain.com/images
444 conditions:
445 - type: hdr_dom(host)
446 condition: images.domain.com
447 acls:
448 - name: gerrit
449 conditions:
450 - type: hdr_dom(host)
451 condition: gerrit.domain.com
452 - name: jenkins
453 conditions:
454 - type: hdr_dom(host)
455 condition: jenkins.domain.com
456 - name: docker
457 backend: artifactroy
458 conditions:
459 - type: hdr_dom(host)
460 condition: docker.domain.com
461
Ildar Svetlov77636142017-09-28 16:42:16 +0400[diff] [blame]462Enable customisable ``forwardfor`` option in ``defaults`` section.
463
464.. code-block:: yaml
465
466 haproxy:
467 proxy:
468 enabled: true
Ildar Svetlov77636142017-09-28 16:42:16 +0400[diff] [blame]469 forwardfor:
470 enabled: true
471 except:
472 header:
473 if-none: false
474
475.. code-block:: yaml
476
477 haproxy:
478 proxy:
479 enabled: true
Ildar Svetlov77636142017-09-28 16:42:16 +0400[diff] [blame]480 forwardfor:
481 enabled: true
482 except: 127.0.0.1
483 header: X-Real-IP
484 if-none: false
485
stelucz01752fe2018-01-26 12:39:23 +0100[diff] [blame]486Sample pillar with multiprocess multicore configuration
487
488.. code-block:: yaml
489
490 haproxy:
491 proxy:
492 enabled: True
493 nbproc: 4
494 cpu_map:
495 1: 0
496 2: 1
497 3: 2
498 4: 3
499 stats_bind_process: "1 2"
stelucz01752fe2018-01-26 12:39:23 +0100[diff] [blame]500 maxconn: 1024
501 timeout:
502 connect: 5000
503 client: 50000
504 server: 50000
505 listen:
506 https-in:
507 bind_process: "1 2 3 4"
508 binds:
509 - address: 0.0.0.0
510 port: 443
511 servers:
512 - name: server1
513 host: 10.0.0.1
514 port: 8443
515 - name: server2
516 host: 10.0.0.2
517 port: 8443
518 params: 'maxconn 256'
519
Michel Nederlof14da7092018-03-12 22:46:36 +0100[diff] [blame]520Implement rate limiting, to prevent excessive requests
521This feature only works if using 'format: end'
522
523.. code-block:: yaml
OlgaGusarenko0a99f8a2018-07-30 18:07:08 +0300[diff] [blame]524
Michel Nederlof14da7092018-03-12 22:46:36 +0100[diff] [blame]525 haproxy:
526 proxy:
527 ...
528 listen:
529 nova_metadata_api:
530 ...
531 format: end
532 options:
533 - httpchk
534 - httpclose
535 - httplog
536 rate_limit:
537 duration: 900s
538 enabled: true
539 requests: 125
540 track: content
541 servers:
542 ...
543 type: http
544
Oleksii Grudevb53828d2018-11-07 12:14:40 +0200[diff] [blame]545Implement haproxy configuration without specifying certain type or with type='None'.
546This approach allows to set all major haproxy parameters manually.
547Sample pillar:
548
549.. code-block:: yaml
550
551 haproxy:
552 proxy:
553 listen:
554 manila_api:
555 type: None
556 mode: tcp
557 balance: roundrobin
558 timeout:
559 check: 10
560 client: 20
561 http_request:
562 - action: "add-header X-Forwarded-Proto https"
563 condition: "if { ssl_fc }"
564 options: ${_param:haproxy_https_check_options}
565 capture:
566 - cookie ASPSESSION len 32
567 - request header Host len 15
568 compression:
569 - algo gzip
570 - type text/html text/plain
571 declare_capture: request len 50
572 email_alert:
573 - myhostname myserver
574 - from server@localhost
575 - level warning
576 errorfile:
577 file_500:
578 code: 500
579 file: /tmp/error_500.log
580 file_404:
581 code: 400
582 file: /tmp/error_400.log
583 max_keep_alive_queue: 100
584 maxconn: 10000
585 reqadd:
586 - X-Proto:\ SSL if is-ssl
587 reqirep:
588 - ^Host:\ www.mydomain.com Host:\ www
589 modify_headers:
590 - reqallow ^Host:\ www\.
591 - reqdel ^Host:\ .*\.local
592 - reqdeny ^Host:\ .*\.local
593 - reqiallow ^Host:\ www\.
594 - reqidel ^Host:\ .*\.local
595 - reqideny ^Host:\ .*\.local
596 - reqipass ^Host:\ .*\.local
597 - reqpass ^Host:\ .*\.local
598 - reqitarpit ^Host:\ .*\.local
599 - reqtarpit ^Host:\ .*\.local
600 retries: 10
601 stats:
602 - enable
603 - auth admin1:AdMiN123
604 rate_limit_sessions: 1000
605
Oleksandr Bryndzii57aa7b42018-12-11 11:48:23 +0000[diff] [blame]606Implement rate limiting, to prevent excessive requests
607using 'format: listen'
608
609.. code-block:: yaml
610
611 haproxy:
612 proxy:
613 ...
614 listen:
615 nova_metadata_api:
616 ...
617 rate_limit:
618 duration: 3s
619 enabled: true
620 requests: 60
621 track: connection
622 servers:
623 ...
Oleksandr Bryndziiff290262019-01-18 13:06:35 +0000[diff] [blame]624Implement rate limiting, to prevent excessive requests
625using 'format: listen' and acls/request/backend stick list
626
627.. code-block:: yaml
628
629 haproxy:
630 proxy:
631 listen:
632 nova_metadata_api:
633 options:
634 - httplog
635 rate_limit:
636 enabled: true
637 type: string
638 len: 36
639 size: 10m
640 duration: 60s
641 acls:
642 101:
643 enabled: true
644 value: acl too_many_requests_3 sc0_gpc0_rate() gt 3
645 102:
646 enabled: true
647 value: acl mark_seen sc0_inc_gpc0 gt 0
648 110:
649 enabled: true
650 value: acl x_instance_id hdr(x-instance-id) -i 4777e8e0-16e8-46ce-a3fe-0a1ad9b3ebdc
651 111:
652 enabled: true
653 value: acl x_instance_id hdr(x-instance-id) -i ca2395dd-f73f-4d43-8fe7-f7078a0920af
654 201:
655 enabled: true
656 value: acl too_many_requests_6 sc0_gpc0_rate() gt 6
657 202:
658 enabled: true
659 value: acl mark_seen sc0_inc_gpc0 gt 0
660 210:
661 enabled: true
662 value: acl x_tenant_id hdr(x-tenant-id) -i 2b76cc56a437404bb8cb6cb20dbb0ea4
663 tcp_request:
664 001:
665 enabled: true
666 value: tcp-request inspect-delay 5s
667 101:
668 enabled: true
669 value: tcp-request content track-sc0 hdr(x-instance-id) if ! too_many_requests_3
670 201:
671 enabled: true
672 value: tcp-request content track-sc0 hdr(x-tenant-id) if ! too_many_requests_6
673 use_backend:
674 101:
675 enabled: true
676 value: use_backend nova_metadata_api-rate_limit if mark_seen too_many_requests_3 x_instance_id
677 201:
678 enabled: true
679 value: use_backend nova_metadata_api-rate_limit if mark_seen too_many_requests_6 x_tenant_id
Oleksandr Bryndzii57aa7b42018-12-11 11:48:23 +0000[diff] [blame]680
Martin Polreicheef51a12019-04-17 11:31:01 +0200[diff] [blame]681Pillar demostrating all global variables which are parametrized
682
683 All values may be defined as a single element or a list of elements with the same keyword
684 Keyword is added automatically and should not be included in the value
685
686.. code-block:: yaml
687
688 haproxy:
689 proxy:
690 global:
691 chroot: /var/lib/haproxy
692 daemon: true
693 gid: ''
694 group: haproxy
695 cpu-map:
696 - '0 1'
697 - '1 2'
698 log:
699 - '/dev/log local0'
700 - '/dev/log local1 notice'
701 log-send-hostname: ''
702 nbproc: 5
703 pidfile: '/var/run/haproxy.pid'
704 uid: ''
705 ulimit-n: ''
706 user: 'haproxy'
707 stats:
708 - 'socket /var/run/new.sock mode 660 level admin'
709 - 'timeout 30s'
710 - 'bind-process 1 2'
711 node: ''
712 description: ''
713 maxconn: 25000
714 maxpipes: ''
715 noepoll: ''
716 nokqueue: ''
717 nopoll: ''
718 nosepoll: ''
719 nosplice: ''
720 spread-checks: 4
721 tune_bufsize: 32768
722 tune_chksize: ''
723 tune_maxaccept: ''
724 tune_maxpollevents: ''
725 tune_maxrewrite: 1024
726 tune_rcvbuf_client: ''
727 tune_rcvbuf_server: ''
728 tune_sndbuf_client: ''
729 tune_sndbuf_server: ''
Oleksandr Bryndzii57aa7b42018-12-11 11:48:23 +0000[diff] [blame]730
Filip Pytloun48d38302015-10-06 16:28:31 +0200[diff] [blame]731Read more
732=========
733
734* https://github.com/jesusaurus/hpcs-salt-state/tree/master/haproxy
OlgaGusarenko0a99f8a2018-07-30 18:07:08 +0300[diff] [blame]735* http://www.nineproductions.com/saltstack-ossec-state-using-reactor/
736* https://gist.github.com/tomeduarte/6340205 - example on how to use peer
737 from within a config file (using jinja)
738* http://youtu.be/jJJ8cfDjcTc?t=8m58s - from 9:00 on, a good overview
739 of peer vs mine
Filip Pytloun48d38302015-10-06 16:28:31 +0200[diff] [blame]740* https://github.com/russki/cluster-agents