blob: 871f5679929b02bb457bc9ff7499f0f28999d539 [file] [log] [blame]
Filip Pytloun48d38302015-10-06 16:28:31 +02001=======
2HAproxy
3=======
4
5The Reliable, High Performance TCP/HTTP Load Balancer.
6
Jiri Konecny371c6de2016-03-02 11:32:46 +01007
8Sample pillars
9==============
10
11Simple admin listener
12
13.. code-block:: yaml
14
15 haproxy:
16 proxy:
17 enabled: True
18 listen:
19 admin_page:
20 type: admin
21 binds:
22 - address: 0.0.0.0
23 port: 8801
24 user: fsdfdsfds
25 password: dsfdsf
26
Jiri Konecny371c6de2016-03-02 11:32:46 +010027Simple stats listener
28
29.. code-block:: yaml
30
31 haproxy:
32 proxy:
33 enabled: True
34 listen:
35 admin_page:
36 type: stats
37 binds:
38 - address: 0.0.0.0
39 port: 8801
40
41
42
43Sample pillar with admin
Filip Pytloun48d38302015-10-06 16:28:31 +020044
45.. code-block:: yaml
46
47 haproxy:
48 proxy:
49 enabled: True
50 mode: http/tcp
Jiri Konecny371c6de2016-03-02 11:32:46 +010051 logging: syslog
Filip Pytloun98f7a4f2016-09-19 14:07:24 +020052 maxconn: 1024
53 timeout:
54 connect: 5000
55 client: 50000
56 server: 50000
Filip Pytloun48d38302015-10-06 16:28:31 +020057 listens:
58 - name: https-in
59 bind:
60 address: 0.0.0.0
61 port: 443
62 servers:
63 - name: server1
64 host: 10.0.0.1
65 port: 8443
66 - name: server2
67 host: 10.0.0.2
68 port: 8443
69 params: 'maxconn 256'
70
Jiri Konecny371c6de2016-03-02 11:32:46 +010071
Filip Pytloun48d38302015-10-06 16:28:31 +020072Sample pillar with custom logging
Filip Pytloun48d38302015-10-06 16:28:31 +020073
74.. code-block:: yaml
75
76 haproxy:
77 proxy:
78 enabled: True
79 mode: http/tcp
80 logging: syslog
Filip Pytloun98f7a4f2016-09-19 14:07:24 +020081 maxconn: 1024
82 timeout:
83 connect: 5000
84 client: 50000
85 server: 50000
Filip Pytloun48d38302015-10-06 16:28:31 +020086 listens:
87 - name: https-in
88 bind:
89 address: 0.0.0.0
90 port: 443
91 servers:
92 - name: server1
93 host: 10.0.0.1
94 port: 8443
95 - name: server2
96 host: 10.0.0.2
97 port: 8443
98 params: 'maxconn 256'
99
100.. code-block:: yaml
101
102 haproxy:
103 proxy:
104 enabled: true
105 mode: tcp
106 logging: syslog
107 max_connections: 1024
108 listens:
109 - name: mysql
110 type: mysql
111 binds:
112 - address: 10.0.88.70
113 port: 3306
114 servers:
115 - name: node1
116 host: 10.0.88.13
117 port: 3306
118 params: check inter 15s fastinter 2s downinter 1s rise 5 fall 3
119 - name: node2
120 host: 10.0.88.14
121 port: 3306
122 params: check inter 15s fastinter 2s downinter 1s rise 5 fall 3 backup
123 - name: node3
124 host: 10.0.88.15
125 port: 3306
126 params: check inter 15s fastinter 2s downinter 1s rise 5 fall 3 backup
127 - name: rabbitmq
128 type: rabbitmq
129 binds:
130 - address: 10.0.88.70
131 port: 5672
132 servers:
133 - name: node1
134 host: 10.0.88.13
135 port: 5673
136 params: check inter 5000 rise 2 fall 3
137 - name: node2
138 host: 10.0.88.14
139 port: 5673
140 params: check inter 5000 rise 2 fall 3 backup
141 - name: node3
142 host: 10.0.88.15
143 port: 5673
144 params: check inter 5000 rise 2 fall 3 backup
145 -name: keystone-1
146 type: general-service
147 bins:
148 - address: 10.0.106.170
149 port: 5000
150 servers:
151 -name: node1
152 host: 10.0.88.13
153 port: 5000
154 params: check
155
156.. code-block:: yaml
157
158 haproxy:
159 proxy:
160 enabled: true
161 mode: tcp
162 logging: syslog
163 max_connections: 1024
164 listens:
165 - name: mysql
166 type: mysql
167 binds:
168 - address: 10.0.88.70
169 port: 3306
170 servers:
171 - name: node1
172 host: 10.0.88.13
173 port: 3306
174 params: check inter 15s fastinter 2s downinter 1s rise 5 fall 3
175 - name: node2
176 host: 10.0.88.14
177 port: 3306
178 params: check inter 15s fastinter 2s downinter 1s rise 5 fall 3 backup
179 - name: node3
180 host: 10.0.88.15
181 port: 3306
182 params: check inter 15s fastinter 2s downinter 1s rise 5 fall 3 backup
183 - name: rabbitmq
184 type: rabbitmq
185 binds:
186 - address: 10.0.88.70
187 port: 5672
188 servers:
189 - name: node1
190 host: 10.0.88.13
191 port: 5673
192 params: check inter 5000 rise 2 fall 3
193 - name: node2
194 host: 10.0.88.14
195 port: 5673
196 params: check inter 5000 rise 2 fall 3 backup
197 - name: node3
198 host: 10.0.88.15
199 port: 5673
200 params: check inter 5000 rise 2 fall 3 backup
201 -name: keystone-1
202 type: general-service
203 bins:
204 - address: 10.0.106.170
205 port: 5000
206 servers:
207 -name: node1
208 host: 10.0.88.13
209 port: 5000
210 params: check
211
Filip Pytloune1a6f062016-08-26 15:13:38 +0200212Custom more complex listener (for Artifactory and subdomains for docker
213registries)
214
215.. code-block:: yaml
216
217 haproxy:
218 proxy:
219 listen:
220 artifactory:
221 mode: http
222 options:
223 - forwardfor
224 - forwardfor header X-Real-IP
225 - httpchk
226 - httpclose
227 - httplog
Jakub Pavlikc9f84c42016-12-10 16:16:08 +0100228 sticks:
229 - stick on src
230 - stick-table type ip size 200k expire 2m
Filip Pytloune1a6f062016-08-26 15:13:38 +0200231 acl:
232 is_docker: "path_reg ^/v[12][/.]*"
233 http_request:
234 - action: "set-path /artifactory/api/docker/%[req.hdr(host),lower,field(1,'.')]%[path]"
235 condition: "if is_docker"
236 balance: source
237 binds:
238 - address: ${_param:cluster_vip_address}
239 port: 8082
Filip Pytloun4201b382016-09-09 12:21:18 +0200240 ssl:
241 enabled: true
242 # This PEM file needs to contain key, cert, CA and possibly
243 # intermediate certificates
244 pem_file: /etc/haproxy/ssl/server.pem
Filip Pytloune1a6f062016-08-26 15:13:38 +0200245 servers:
246 - name: ${_param:cluster_node01_name}
247 host: ${_param:cluster_node01_address}
248 port: 8082
249 params: check
250 - name: ${_param:cluster_node02_name}
251 host: ${_param:cluster_node02_address}
252 port: 8082
253 params: backup check
254
Filip Pytlound95069e2017-03-10 16:12:03 +0100255It's also possible to use multiple certificates for one listener (eg. when
256it's bind on multiple interfaces):
257
258.. code-block:: yaml
259
260 haproxy:
261 proxy:
262 listen:
263 dummy_site:
264 mode: http
265 binds:
266 - address: 127.0.0.1
267 port: 8080
268 ssl:
269 enabled: true
270 key: |
271 my super secret key follows
272 cert: |
273 certificate
274 chain: |
275 CA chain (if any)
276 - address: 127.0.1.1
277 port: 8081
278 ssl:
279 enabled: true
280 key: |
281 my super secret key follows
282 cert: |
283 certificate
284 chain: |
285 CA chain (if any)
286
287Definition above will result in creation of ``/etc/haproxy/ssl/dummy_site``
288directory with files ``1-all.pem`` and ``2-all.pem`` (per binds).
289
Adam Tengler4cf961b2017-01-26 16:05:21 +0000290Custom listener with tcp-check options specified (for Redis cluster with Sentinel)
291
292.. code-block:: yaml
293
294 haproxy:
295 proxy:
296 listen:
297 redis_cluster:
298 service_name: redis
Guillaume Thouvenin3adff8c2017-02-21 14:29:07 +0100299 health-check:
Adam Tengler4cf961b2017-01-26 16:05:21 +0000300 tcp:
301 enabled: True
302 options:
303 - send PING\r\n
304 - expect string +PONG
305 - send info\ replication\r\n
306 - expect string role:master
307 - send QUIT\r\n
308 - expect string +OK
309 binds:
310 - address: ${_param:cluster_address}
311 port: 6379
312 servers:
313 - name: ${_param:cluster_node01_name}
314 host: ${_param:cluster_node01_address}
315 port: 6379
316 params: check inter 1s
317 - name: ${_param:cluster_node02_name}
318 host: ${_param:cluster_node02_address}
319 port: 6379
320 params: check inter 1s
321 - name: ${_param:cluster_node03_name}
322 host: ${_param:cluster_node03_address}
323 port: 6379
324 params: check inter 1s
325
Sergey Otpuschennikov3e831332017-08-01 13:31:03 +0400326Frontend for routing between exists listeners via URL with SSL an redirects.
327You can use one backend for several URLs.
328
329.. code-block:: yaml
330
331 haproxy:
332 proxy:
333 listen:
334 service_proxy:
335 mode: http
336 balance: source
337 format: end
338 binds:
339 - address: ${_param:haproxy_bind_address}
340 port: 80
341 ssl: ${_param:haproxy_frontend_ssl}
342 ssl_port: 443
343 redirects:
344 - code: 301
345 location: domain.com/images
346 conditions:
347 - type: hdr_dom(host)
348 condition: images.domain.com
349 acls:
350 - name: gerrit
351 conditions:
352 - type: hdr_dom(host)
353 condition: gerrit.domain.com
354 - name: jenkins
355 conditions:
356 - type: hdr_dom(host)
357 condition: jenkins.domain.com
358 - name: docker
359 backend: artifactroy
360 conditions:
361 - type: hdr_dom(host)
362 condition: docker.domain.com
363
Filip Pytloun48d38302015-10-06 16:28:31 +0200364Read more
365=========
366
367* https://github.com/jesusaurus/hpcs-salt-state/tree/master/haproxy
368* http://www.nineproductions.com/saltstack-ossec-state-using-reactor/ - example reactor usage.
369* https://gist.github.com/tomeduarte/6340205 - example on how to use peer from within a config file (using jinja)
370* http://youtu.be/jJJ8cfDjcTc?t=8m58s - from 9:00 on, a good overview of peer vs mine
371* https://github.com/russki/cluster-agents
Filip Pytloun5cde0482017-02-02 13:02:03 +0100372
373Documentation and Bugs
374======================
375
376To learn how to install and update salt-formulas, consult the documentation
377available online at:
378
379 http://salt-formulas.readthedocs.io/
380
381In the unfortunate event that bugs are discovered, they should be reported to
382the appropriate issue tracker. Use Github issue tracker for specific salt
383formula:
384
385 https://github.com/salt-formulas/salt-formula-haproxy/issues
386
387For feature requests, bug reports or blueprints affecting entire ecosystem,
388use Launchpad salt-formulas project:
389
390 https://launchpad.net/salt-formulas
391
392You can also join salt-formulas-users team and subscribe to mailing list:
393
394 https://launchpad.net/~salt-formulas-users
395
396Developers wishing to work on the salt-formulas projects should always base
397their work on master branch and submit pull request against specific formula.
398
399 https://github.com/salt-formulas/salt-formula-haproxy
400
401Any questions or feedback is always welcome so feel free to join our IRC
402channel:
403
404 #salt-formulas @ irc.freenode.net