feat: add haproxy2 role (#322)

- add basic haproxy2 role
- add peers and resolvers
- add haproxy2+ metrics frontend

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/322
This commit was merged in pull request #322.
This commit is contained in:
2025-06-28 16:20:06 +10:00
parent bd9e08dc24
commit 770fd643ac
9 changed files with 529 additions and 21 deletions
+28 -16
View File
@@ -1,7 +1,6 @@
# profiles::haproxy::dns
class profiles::haproxy::dns (
Stdlib::IP::Address $vrrp_ipaddr,
Boolean $vrrp_master = false,
Stdlib::IP::Address $ipaddr,
Array[Stdlib::Fqdn] $vrrp_cnames = [],
Array[Stdlib::Fqdn] $cnames = [],
Integer $order = 10,
@@ -28,24 +27,37 @@ class profiles::haproxy::dns (
}
}
# export a/cnames for haproxy applications
if $vrrp_master {
profiles::dns::record { "${facts['networking']['fqdn']}_vrrp_${location_environment}-halb-vrrp":
value => $vrrp_ipaddr,
type => 'A',
record => "${location_environment}-halb-vrrp",
zone => $::facts['networking']['domain'],
order => $order,
}
# if it is, find hosts, sort them so they dont cause changes every run
$servers_array = sort(query_nodes(
"enc_role='${facts['enc_role']}' and
country='${facts['country']}' and
region='${facts['region']}' and
environment='${facts['environment']}'",
'networking.fqdn'
))
$vrrp_cnames.each |$cname| {
profiles::dns::record { "${::facts['networking']['fqdn']}_${cname}_CNAME":
value => "${location_environment}-halb-vrrp",
type => 'CNAME',
record => "${cname}.",
# give enough time for a few hosts to be provisioned
if length($servers_array) >= 3 {
# if this is the first host in the returned filter, export a/cnames for haproxy applications
if $servers_array[0] == $trusted['certname'] {
profiles::dns::record { "${facts['networking']['fqdn']}_vrrp_${location_environment}-halb-vrrp":
value => $ipaddr,
type => 'A',
record => "${location_environment}-halb-vrrp",
zone => $::facts['networking']['domain'],
order => $order,
}
$vrrp_cnames.each |$cname| {
profiles::dns::record { "${::facts['networking']['fqdn']}_${cname}_CNAME":
value => "${location_environment}-halb-vrrp",
type => 'CNAME',
record => "${cname}.",
zone => $::facts['networking']['domain'],
order => $order,
}
}
}
}
}
+24
View File
@@ -0,0 +1,24 @@
# profiles::haproxy::peers
class profiles::haproxy::peers (
Boolean $enable = false,
){
if $enable {
$peer_tag = "${facts['country']}-${facts['region']}-${facts['environment']}"
@@haproxy::peer { "${peer_tag}_${facts['networking']['fqdn']}":
peers_name => $facts['networking']['fqdn'],
port => 10000,
tag => $peer_tag,
}
# collect exported resources
Haproxy::Peer <<| tag == $peer_tag |>>
haproxy::peers { $peer_tag:
collect_exported => true
}
}
}
@@ -0,0 +1,20 @@
# profiles::haproxy::resolvers
class profiles::haproxy::resolvers (
Boolean $enable = false,
) {
haproxy::resolver { 'internal':
nameservers => {
'dns1' => '198.18.19.16:53',
},
hold => {
'nx' => '30s',
'valid' => '10s'
},
resolve_retries => 3,
timeout => {
'retry' => '1s'
},
accepted_payload_size => 512,
}
}
+10 -3
View File
@@ -36,16 +36,21 @@ class profiles::haproxy::server (
$merged_default_options = merge($default_options, $defaults)
# wait until enc_role matches haproxy enc_role
if $facts['enc_role'] == 'roles::infra::halb::haproxy' {
if $facts['enc_role'] in [
'roles::infra::halb::haproxy',
'roles::infra::halb::haproxy2'
] {
# manage selinux
include profiles::haproxy::selinux
if $facts['virtual'] != 'lxc' {
include profiles::haproxy::selinux
}
# create the haproxy service/instance
class { 'haproxy':
global_options => $merged_global_options,
defaults_options => $merged_default_options,
require => Class['profiles::haproxy::selinux']
#require => Class['profiles::haproxy::selinux']
}
include certbot::client # download certbot certs
@@ -53,9 +58,11 @@ class profiles::haproxy::server (
include profiles::haproxy::mappings # manage the domain to backend mappings
include profiles::haproxy::ls_stats # default status listener
include profiles::haproxy::dns # manage dns for haproxy
include profiles::haproxy::resolvers # manage resolvers
include profiles::haproxy::frontends # create frontends
include profiles::haproxy::backends # create backends
include profiles::haproxy::listeners # create listeners
include profiles::haproxy::peers # create peers
include prometheus::haproxy_exporter # generate metrics
Class['profiles::haproxy::certlist']
@@ -0,0 +1,10 @@
# a role to deploy an anycast haproxy2 node
class roles::infra::halb::haproxy2 {
if $facts['firstrun'] {
include profiles::defaults
include profiles::firstrun::init
}else{
include profiles::defaults
include profiles::base
}
}