feat: add haproxy profile

- add haproxy server class
- add haproxy profile to role
- add hiera data for region specific haproxy
- add selinux configuration
- add certlist management
- add default http and https frontends
- add default stats listener
This commit is contained in:
2024-01-05 22:47:37 +11:00
parent e15ebd4571
commit 2091f1ada3
15 changed files with 324 additions and 0 deletions
@@ -0,0 +1,32 @@
# profiles::haproxy::selinux
class profiles::haproxy::selinux (
Array[String] $sebooleans = [],
Array[Stdlib::Port] $ports = [],
) {
# manage enforcing mode
include profiles::selinux::setenforce
# manage selinux requirements for haproxy
if $::facts['os']['selinux']['config_mode'] == 'enforcing' {
# set context for ports
$ports.each |$port| {
selinux::port { "haproxy_port_${port}":
ensure => 'present',
seltype => 'http_port_t',
protocol => 'tcp',
port => $port,
}
}
# enable sebooleans
$sebooleans.each |$bool| {
selboolean { $bool:
value => on,
persistent => true,
}
}
}
}