From 5b0e78c5a0e3015d4f17eb8943b5904aa579054f Mon Sep 17 00:00:00 2001 From: Ian Clark Date: Tue, 4 Sep 2018 22:57:19 -0700 Subject: [PATCH 1/3] cleaning up template whitespace --- templates/etc/haproxy/backend.cfg.j2 | 25 --------------------- templates/etc/haproxy/defaults.cfg.j2 | 8 ------- templates/etc/haproxy/frontend.cfg.j2 | 27 ----------------------- templates/etc/haproxy/global.cfg.j2 | 21 +----------------- templates/etc/haproxy/listen.cfg.j2 | 31 --------------------------- 5 files changed, 1 insertion(+), 111 deletions(-) diff --git a/templates/etc/haproxy/backend.cfg.j2 b/templates/etc/haproxy/backend.cfg.j2 index 5d20da34..1c4129c3 100644 --- a/templates/etc/haproxy/backend.cfg.j2 +++ b/templates/etc/haproxy/backend.cfg.j2 @@ -3,65 +3,49 @@ backend {{ backend.name }} {% if backend.description is defined %} description {{ backend.description }} {% endif %} - {% if backend.bind_process is defined %} bind-process {{ backend.bind_process | join(' ') }} {% endif %} - mode {{ backend.mode }} - balance {{ backend.balance }} - {% if backend.source is defined %} source {{ backend.source }} {% endif %} - {% for option in backend.option | default([])%} option {{ option }} {% endfor %} - {% for option in backend.no_option | default([])%} no option {{ option }} {% endfor %} - {% if backend.http_check is defined %} http-check {{ backend.http_check }} {% endif %} - {% if backend.cookie is defined %} cookie {{ backend.cookie }} {% endif %} - {% for stick in backend.stick | default([]) %} stick-table {{ stick.table }} stick on {{ stick.stick_on }} {% endfor %} - {% for option in backend.no_option | default([]) %} no option {{ option }} {% endfor %} - {% if backend.no_log | default(false) == true %} no log {% endif %} - {% for tcp_check in backend.tcp_check | default([]) %} tcp-check {{ tcp_check }} {% endfor %} - {% for timeout in backend.timeout | default([]) %} timeout {{ timeout.type }} {{ timeout.timeout }} {% endfor %} - {% for acl in backend.acl | default([]) %} acl {{ acl.string }} {% endfor %} - {% for rspirep in backend.rspirep | default([]) %} rspirep {{ rspirep.search }} {{ rspirep.string }}{% if rspirep.cond is defined %} {{ rspirep.cond }}{% endif %} {% endfor %} - {% if backend.stats is defined %} {% if backend.stats.enable is defined and backend.stats.enable | bool == true %} stats enable @@ -77,40 +61,31 @@ backend {{ backend.name }} {% endfor %} {% for auth in backend.stats.auth | default([]) %} stats auth {{ auth.user }}:{{ auth.passwd }} - {% endfor %} {% endif %} {% endif %} - {% for http_request in backend.http_request | default([]) %} http-request {{ http_request.action }}{% if http_request.param is defined %} {{ http_request.param }}{% endif %}{% if http_request.cond is defined %} {{ http_request.cond }}{% endif %} {% endfor %} - {% for tcp_request_inspect_delay in backend.tcp_request_inspect_delay | default([]) %} tcp-request inspect-delay {{ tcp_request_inspect_delay.timeout }} - {% endfor %} - {% for tcp_request_content in backend.tcp_request_content | default([]) %} tcp-request content {{ tcp_request_content.action }}{% if tcp_request_content.cond is defined %} {{ tcp_request_content.cond }}{% endif %} {% endfor %} - {% for http_response in backend.http_response | default([]) %} http-response {{ http_response.action }}{% if http_response.param is defined %} {{ http_response.param }}{% endif %}{% if http_response.cond is defined %} {{ http_response.cond }}{% endif %} {% endfor %} - {% for compression in backend.compression | default([]) %} compression {{ compression.name }} {{ compression.value }} {% endfor %} - {% for server in backend.server | default([]) %} server {{ server.name }} {{ server.listen }}{% for param in server.param | default([]) %} {{ param }}{% endfor %} {% endfor %} - {% for errorfile in backend.errorfile | default([]) %} errorfile {{ errorfile.code }} {{ errorfile.file }} {% endfor %} diff --git a/templates/etc/haproxy/defaults.cfg.j2 b/templates/etc/haproxy/defaults.cfg.j2 index 6a2f95ec..677071bb 100644 --- a/templates/etc/haproxy/defaults.cfg.j2 +++ b/templates/etc/haproxy/defaults.cfg.j2 @@ -1,41 +1,33 @@ {% if haproxy_defaults_log != false %} log {{ haproxy_defaults_log }} {% endif %} - {% if haproxy_defaults_logformat is defined %} log-format {{ haproxy_defaults_logformat }} {% endif %} - {% if haproxy_defaults_mode != false %} mode {{ haproxy_defaults_mode }} {% endif %} - {% if haproxy_defaults_source is defined %} source {{ haproxy_defaults_source }} {% endif %} - {% if haproxy_defaults_option != false %} {% for option in haproxy_defaults_option %} option {{ option }} {% endfor %} {% endif %} - {% for option in haproxy_defaults_no_option | default([]) %} no option {{ option }} {% endfor %} - {% if haproxy_defaults_timeout != false %} {% for timeout in haproxy_defaults_timeout %} timeout {{ timeout.type }} {{ timeout.timeout }} {% endfor %} {% endif %} - {% if haproxy_defaults_errorfile != false %} {% for errorfile in haproxy_defaults_errorfile %} errorfile {{ errorfile.code }} {{ errorfile.file }} {% endfor %} {% endif %} - {% for compression in haproxy_defaults_compression | default([]) %} compression {{ compression.name }} {{ compression.value }} {% endfor %} diff --git a/templates/etc/haproxy/frontend.cfg.j2 b/templates/etc/haproxy/frontend.cfg.j2 index 69af77b2..89151138 100644 --- a/templates/etc/haproxy/frontend.cfg.j2 +++ b/templates/etc/haproxy/frontend.cfg.j2 @@ -3,108 +3,83 @@ frontend {{ frontend.name }} {% if frontend.description is defined %} description {{ frontend.description }} {% endif %} - {% for bind in frontend.bind %} bind {{ bind.listen }}{% for param in bind.param | default([]) %} {{ param }}{% endfor %} {% endfor %} - {% if frontend.bind_process is defined %} bind-process {{ frontend.bind_process | join(' ') }} {% endif %} - mode {{ frontend.mode }} - {% if frontend.maxconn is defined %} maxconn {{ frontend.maxconn }} {% endif %} - {% for stick in frontend.stick | default([]) %} stick-table {{ stick.table }} {% endfor %} - {% for option in frontend.option | default([]) %} option {{ option }} {% endfor %} - {% for option in frontend.no_option | default([]) %} no option {{ option }} {% endfor %} - {% if frontend.logformat is defined %} log-format {{ frontend.logformat }} {% endif %} - {% if frontend.no_log | default(false) == true %} no log {% endif %} - {% for timeout in frontend.timeout | default([]) %} timeout {{ timeout.type }} {{ timeout.timeout }} {% endfor %} - {% for acl in frontend.acl | default([]) %} acl {{ acl.string }} {% endfor %} - {% for capture in frontend.capture | default([]) %} capture {{ capture.type }} {{ capture.name }} len {{ capture.length }} {% endfor %} - {% for http_request in frontend.http_request | default([]) %} http-request {{ http_request.action }}{% if http_request.param is defined %} {{ http_request.param }}{% endif %}{% if http_request.cond is defined %} {{ http_request.cond }}{% endif %} {% endfor %} - {% for http_response in frontend.http_response | default([]) %} http-response {{ http_response.action }}{% if http_response.param is defined %} {{ http_response.param }}{% endif %}{% if http_response.cond is defined %} {{ http_response.cond }}{% endif %} {% endfor %} - {% for tcp_request_inspect_delay in frontend.tcp_request_inspect_delay | default([]) %} tcp-request inspect-delay {{ tcp_request_inspect_delay.timeout }} - {% endfor %} - {% for tcp_request_connection in frontend.tcp_request_connection | default([]) %} tcp-request connection {{ tcp_request_connection.action }}{% if tcp_request_connection.cond is defined %} {{ tcp_request_connection.cond }}{% endif %} {% endfor %} - {% for tcp_request_content in frontend.tcp_request_content | default([]) %} tcp-request content {{ tcp_request_content.action }}{% if tcp_request_content.cond is defined %} {{ tcp_request_content.cond }}{% endif %} {% endfor %} - {% for tcp_request_session in frontend.tcp_request_session | default([]) %} tcp-request session {{ tcp_request_session.action }}{% if tcp_request_session.cond is defined %} {{ tcp_request_session.cond }}{% endif %} {% endfor %} - {% for rspadd in frontend.rspadd | default([]) %} rspadd {{ rspadd.string }}{% if rspadd.cond is defined %} {{ rspadd.cond }}{% endif %} {% endfor %} - {% for rsprep in frontend.rsprep | default([]) %} rsprep {{ rsprep.string }}{% if rsprep.cond is defined %} {{ rsprep.cond }}{% endif %} {% endfor %} - {% for rspirep in frontend.rspirep | default([]) %} rspirep {{ rspirep.search }} {{ rspirep.string }}{% if rspirep.cond is defined %} {{ rspirep.cond }}{% endif %} {% endfor %} - {% for redirect in frontend.redirect | default([]) %} redirect {{ redirect.string }}{% if redirect.cond is defined %} {{ redirect.cond }}{% endif %} {% endfor %} - {% for compression in frontend.compression | default([]) %} compression {{ compression.name }} {{ compression.value }} {% endfor %} - {% if frontend.use_backend is defined %} {% if frontend.use_backend is iterable and frontend.use_backend is not string %} {% for use_backend in frontend.use_backend | default([]) %} @@ -114,11 +89,9 @@ frontend {{ frontend.name }} use_backend {{ frontend.use_backend }} {% endif %} {% endif %} - {% if frontend.default_backend is defined %} default_backend {{ frontend.default_backend }} {% endif %} - {% for errorfile in frontend.errorfile | default([]) %} errorfile {{ errorfile.code }} {{ errorfile.file }} {% endfor %} diff --git a/templates/etc/haproxy/global.cfg.j2 b/templates/etc/haproxy/global.cfg.j2 index 500f144e..15fb8c2d 100644 --- a/templates/etc/haproxy/global.cfg.j2 +++ b/templates/etc/haproxy/global.cfg.j2 @@ -4,11 +4,9 @@ {% endfor %} {% endif %} - {% if haproxy_global_chroot is defined %} chroot {{ haproxy_global_chroot }} {% endif %} - {% if haproxy_global_stats != false %} {% for socket in haproxy_global_stats.sockets | default([]) %} stats socket {{ socket.listen }}{% for param in socket.param | default([]) %} {{ param }}{% endfor %} @@ -18,80 +16,63 @@ stats timeout {{ haproxy_global_stats.timeout }} {% endif -%} {% endif %} - {% if haproxy_global_user != false %} user {{ haproxy_global_user }} {% endif %} - {% if haproxy_global_group != false %} group {{ haproxy_global_group }} {% endif %} - {% if haproxy_global_daemon | bool == true %} daemon {% endif %} - {% if haproxy_global_master_worker | default(false) | bool %} master-worker {% endif %} - {% if haproxy_global_maxconn is defined %} maxconn {{ haproxy_global_maxconn }} {% endif %} - {% if haproxy_global_ca_base != false %} # Default SSL material locations ca-base {{ haproxy_global_ca_base }} {% endif %} - {% if haproxy_global_crt_base != false %} crt-base {{ haproxy_global_crt_base }} {% endif %} - {% if haproxy_global_ssl_default_bind_ciphers != false %} # Default ciphers to use on SSL-enabled listening sockets. # For more information, see ciphers(1SSL). This list is from: # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ ssl-default-bind-ciphers {{ haproxy_global_ssl_default_bind_ciphers }} {% endif %} - {% if haproxy_global_ssl_default_bind_options != false %} ssl-default-bind-options {{ haproxy_global_ssl_default_bind_options }} {% endif %} - {% if haproxy_global_ssl_default_server_ciphers != false %} # Default ciphers to use on SSL-enabled listening sockets. # For more information, see ciphers(1SSL). This list is from: # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ ssl-default-server-ciphers {{ haproxy_global_ssl_default_server_ciphers }} {% endif %} - {% if haproxy_global_ssl_default_server_options != false %} ssl-default-server-options {{ haproxy_global_ssl_default_server_options }} {% endif %} - {% for ssl_engine in haproxy_global_ssl_engines | default([]) %} ssl-engine {{ ssl_engine.name }}{% if ssl_engine.algos | default([]) | length %} algo {{ ssl_engine.algos | join(', ') }}{% endif %} -{% endfor %} +{% endfor %} {% if haproxy_global_ssl_mode_async | default(false) | bool %} ssl-mode-async {% endif %} - nbproc {{ haproxy_global_nbproc }} - {% if haproxy_global_nbthread is defined %} nbthread {{ haproxy_global_nbthread }} {% endif %} - {% for tune in haproxy_global_tune | default([]) %} tune.{{ tune.key }} {{ tune.value }} {% endfor %} - {% for option in haproxy_global_option | default([]) %} {{ option }} {% endfor %} - {% for peers in haproxy_global_peers | default([]) %} peers {{ peers.name }} {% for peer in peers.peers | default([]) %} diff --git a/templates/etc/haproxy/listen.cfg.j2 b/templates/etc/haproxy/listen.cfg.j2 index 950ab97d..754f8f6a 100644 --- a/templates/etc/haproxy/listen.cfg.j2 +++ b/templates/etc/haproxy/listen.cfg.j2 @@ -3,67 +3,51 @@ listen {{ listen.name }} {% if listen.description is defined %} description {{ listen.description }} {% endif %} - {% for bind in listen.bind %} bind {{ bind.listen }}{% for param in bind.param | default([]) %} {{ param }}{% endfor %} {% endfor %} - {% if listen.bind_process is defined %} bind-process {{ listen.bind_process | join(' ') }} {% endif %} - mode {{ listen.mode }} - {% if listen.balance is defined %} balance {{ listen.balance }} {% endif %} - {% if listen.maxconn is defined %} maxconn {{ listen.maxconn }} {% endif %} - {% if listen.http_check is defined %} http-check {{ listen.http_check }} {% endif %} - {% for stick in listen.stick | default([]) %} stick-table {{ stick.table }} stick on {{ stick.stick_on }} {% endfor %} - {% if listen.source is defined %} source {{ listen.source }} {% endif %} - {% for option in listen.option | default([]) %} option {{ option }} {% endfor %} - {% for option in listen.no_option | default([]) %} no option {{ option }} {% endfor %} - {% if listen.no_log | default(false) == true %} no log {% endif %} - {% for tcp_check in listen.tcp_check | default([]) %} tcp-check {{ tcp_check }} {% endfor %} - {% for timeout in listen.timeout | default([]) %} timeout {{ timeout.type }} {{ timeout.timeout }} {% endfor %} - {% for acl in listen.acl | default([]) %} acl {{ acl.string }} {% endfor %} - {% for capture in listen.capture | default([]) %} capture {{ capture.type }} {{ capture.name }} len {{ capture.length }} {% endfor %} - {% if listen.stats is defined %} {% if listen.stats.enable is defined and listen.stats.enable | bool == true %} stats enable @@ -79,70 +63,55 @@ listen {{ listen.name }} {% endfor %} {% for auth in listen.stats.auth | default([]) %} stats auth {{ auth.user }}:{{ auth.passwd }} - {% endfor %} {% endif %} {% endif %} - {% for http_request in listen.http_request | default([]) %} http-request {{ http_request.action }}{% if http_request.param is defined %} {{ http_request.param }}{% endif %}{% if http_request.cond is defined %} {{ http_request.cond }}{% endif %} {% endfor %} - {% for tcp_request_inspect_delay in listen.tcp_request_inspect_delay | default([]) %} tcp-request inspect-delay {{ tcp_request_inspect_delay.timeout }} - {% endfor %} - {% for tcp_request_connection in listen.tcp_request_connection | default([]) %} tcp-request connection {{ tcp_request_connection.action }}{% if tcp_request_connection.cond is defined %} {{ tcp_request_connection.cond }}{% endif %} {% endfor %} - {% for tcp_request_content in listen.tcp_request_content | default([]) %} tcp-request content {{ tcp_request_content.action }}{% if tcp_request_content.cond is defined %} {{ tcp_request_content.cond }}{% endif %} {% endfor %} - {% for tcp_request_session in listen.tcp_request_session | default([]) %} tcp-request session {{ tcp_request_session.action }}{% if tcp_request_session.cond is defined %} {{ tcp_request_session.cond }}{% endif %} {% endfor %} - {% for http_response in listen.http_response | default([]) %} http-response {{ http_response.action }}{% if http_response.param is defined %} {{ http_response.param }}{% endif %}{% if http_response.cond is defined %} {{ http_response.cond }}{% endif %} {% endfor %} - {% for rspadd in listen.rspadd | default([]) %} rspadd {{ rspadd.string }}{% if rspadd.cond is defined %} {{ rspadd.cond }}{% endif %} {% endfor %} - {% for rsprep in listen.rsprep | default([]) %} rsprep {{ rsprep.string }}{% if rsprep.cond is defined %} {{ rsprep.cond }}{% endif %} {% endfor %} - {% for rspirep in listen.rspirep | default([]) %} rspirep {{ rspirep.search }} {{ rspirep.string }}{% if rspirep.cond is defined %} {{ rspirep.cond }}{% endif %} {% endfor %} - {% for redirect in listen.redirect | default([]) %} redirect {{ redirect.string }}{% if redirect.cond is defined %} {{ redirect.cond }}{% endif %} {% endfor %} - {% for compression in listen.compression | default([]) %} compression {{ compression.name }} {{ compression.value }} {% endfor %} - {% for server in listen.server | default([]) %} server {{ server.name }} {{ server.listen }}{% for param in server.param | default([]) %} {{ param }}{% endfor %} {% endfor %} - {% for errorfile in listen.errorfile | default([]) %} errorfile {{ errorfile.code }} {{ errorfile.file }} {% endfor %} From 6ac198ec9b8fe00d23c39b1de0f92292f1035af9 Mon Sep 17 00:00:00 2001 From: Ian Clark Date: Fri, 1 Mar 2019 21:25:35 +0000 Subject: [PATCH 2/3] this adds support for backend servers generated from ansible inventory groups --- templates/etc/haproxy/backend.cfg.j2 | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/templates/etc/haproxy/backend.cfg.j2 b/templates/etc/haproxy/backend.cfg.j2 index 2e08dc53..d28ec154 100644 --- a/templates/etc/haproxy/backend.cfg.j2 +++ b/templates/etc/haproxy/backend.cfg.j2 @@ -104,6 +104,13 @@ backend {{ backend.name }} {% for server in backend.server | default([]) %} server {{ server.name }} {{ server.listen }}{% for param in server.param | default([]) %} {{ param }}{% endfor %} +{% endfor %} +{% for server_dynamic in backend.server_dynamic | default([]) %} +{% for server_name in groups[server_dynamic.group] %} +{% set server = hostvars[server_name] %} + server {{ server.inventory_hostname }} {% if server.ansible_host is defined %}{{ server.ansible_host }}{% else %}{{ server_name }}{% endif %}{% if server_dynamic.listen_port is defined %}:{{ server_dynamic.listen_port }}{% endif %}{% for param in server_dynamic.param | default([]) %} {{ param }}{% endfor %} + +{% endfor %} {% endfor %} {% for errorfile in backend.errorfile | default([]) %} errorfile {{ errorfile.code }} {{ errorfile.file }} From 9714d52632c83950c27e5cdb85737784d9b84a14 Mon Sep 17 00:00:00 2001 From: Ian Clark Date: Fri, 5 Jun 2020 16:23:56 +0000 Subject: [PATCH 3/3] updating readme for server_dyanamic --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 4ee7ae31..f1b22a8c 100644 --- a/README.md +++ b/README.md @@ -379,6 +379,10 @@ Set up (the latest version of) [HAProxy](http://www.haproxy.org/) in Ubuntu syst * `haproxy_backend.{n}.server_template.fqdn`: [required]: A FQDN for all the servers this template initializes * `haproxy_backend.{n}.server_template.port`: [optional]: Port specification * `haproxy_backend.{n}.server_template.{n}.param`: [optional]: A list of parameters for this server template +* `haproxy_backend.{n}.server_dynamic`: [optional]: Dynamic backend server declaration +* `haproxy_backend.{n}.server_dynamic.{n}.group`: [required]: An ansible group containing hosts to be added as backend servers. Uses `inventory_hostname` for name and either `ansible_host` (if defined) or `inventory_hostname` for the listen address of each host. +* `haproxy_backend.{n}.server_dynamic.{n}.listen_port`: [optional]: The port to use with each dynamic backend (translates to `listen :`). +* `haproxy_backend.{n}.server_dynamic.{n}.param`: [optional]: A list of parameters to apply on each backend server. * `haproxy_backend.{n}.retry_on`: [optional, default `[]`]: Specify when to attempt to automatically retry a failed request. Provide a list of keywords or HTTP status codes, each representing a type of failure event on which an attempt to retry the request is desired. For details, see HAProxy documentation. * `haproxy_backend.{n}.retries`: [optional]: Number of retries to perform on a server after a connection failure