feat: add haproxy profile
- add haproxy server class - add haproxy profile to role - add hiera data for region specific haproxy - add selinux configuration - add certlist management - add default http and https frontends - add default stats listener
This commit is contained in:
@@ -0,0 +1,32 @@
|
||||
# profiles::haproxy::selinux
|
||||
class profiles::haproxy::selinux (
|
||||
Array[String] $sebooleans = [],
|
||||
Array[Stdlib::Port] $ports = [],
|
||||
) {
|
||||
|
||||
# manage enforcing mode
|
||||
include profiles::selinux::setenforce
|
||||
|
||||
# manage selinux requirements for haproxy
|
||||
if $::facts['os']['selinux']['config_mode'] == 'enforcing' {
|
||||
|
||||
# set context for ports
|
||||
$ports.each |$port| {
|
||||
selinux::port { "haproxy_port_${port}":
|
||||
ensure => 'present',
|
||||
seltype => 'http_port_t',
|
||||
protocol => 'tcp',
|
||||
port => $port,
|
||||
}
|
||||
}
|
||||
|
||||
# enable sebooleans
|
||||
$sebooleans.each |$bool| {
|
||||
selboolean { $bool:
|
||||
value => on,
|
||||
persistent => true,
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user