feat: haproxy refactor

- configure deep merging in hiera
- move fe_http and fe_https to hiera
- configure pve backends for standard and api traffic
This commit is contained in:
2024-04-28 22:19:44 +10:00
parent 220ac182f4
commit 8697492611
9 changed files with 113 additions and 163 deletions
@@ -1,23 +0,0 @@
# default http frontend
class profiles::haproxy::fe_http (
Stdlib::IP::Address $bind_addr = $facts['networking']['ip'],
Stdlib::Port $bind_port = 80,
Array $bind_opts = ['transparent'],
Array $acls = [],
Array $http_request = [],
Array $http_response = [],
) {
haproxy::frontend { 'fe_http':
description => 'Default HTTP Frontend',
bind => { "${bind_addr}:${bind_port}" => $bind_opts },
mode => 'http',
options => {
'acl' => $acls,
'http-request' => $http_request,
'http-response' => $http_response,
'use_backend' => [
'%[req.hdr(host),lower,map(/etc/haproxy/fe_http.map,be_default)]',
],
},
}
}
@@ -1,23 +0,0 @@
# default https frontend
class profiles::haproxy::fe_https (
Stdlib::IP::Address $bind_addr = $facts['networking']['ip'],
Stdlib::Port $bind_port = 443,
Array $bind_opts = [],
Array $acls = [],
Array $http_request = [],
Array $http_response = [],
) {
haproxy::frontend { 'fe_https':
description => 'Default HTTPS Frontend',
bind => { "${bind_addr}:${bind_port}" => $bind_opts },
mode => 'http',
options => {
'acl' => $acls,
'http-request' => $http_request,
'http-response' => $http_response,
'use_backend' => [
'%[req.hdr(host),lower,map(/etc/haproxy/fe_https.map,be_default)]',
],
},
}
}
@@ -1,21 +0,0 @@
# profiles::haproxy::listener
define profiles::haproxy::listener (
Boolean $bind = false,
Boolean $listen = false,
Enum['roundrobin', 'leastconn'] $balance = 'roundrobin',
Array $option = ['tcplog'],
Enum['tcp', 'http'] $mode = 'http',
Stdlib::Port $ports = 443,
) {
haproxy::listen { 'puppet00':
ipaddress => $facts['networking']['ip'],
ports => $ports,
mode => $mode,
options => {
'option' => $option,
'balance' => $balance,
},
}
}
@@ -51,8 +51,6 @@ class profiles::haproxy::server (
include profiles::haproxy::certlist # manage the certificate list file
include profiles::haproxy::mappings # manage the domain to backend mappings
include profiles::haproxy::ls_stats # default status listener
include profiles::haproxy::fe_http # default http frontend
include profiles::haproxy::fe_https # default https frontend
include profiles::haproxy::dns # manage dns for haproxy
include profiles::haproxy::frontends # create frontends
include profiles::haproxy::backends # create backends
+13 -1
View File
@@ -6,7 +6,7 @@ class profiles::proxmox::weblb {
# export haproxy balancemember
profiles::haproxy::balancemember { "${facts['networking']['fqdn']}_${profiles::proxmox::params::pve_webport}}":
service => "be_${facts['country']}${facts['region']}pve",
service => "be_${facts['country']}${facts['region']}pve_web",
ports => [$profiles::proxmox::params::pve_webport],
options => [
"cookie ${facts['networking']['hostname']}",
@@ -18,4 +18,16 @@ class profiles::proxmox::weblb {
'fall 2',
]
}
profiles::haproxy::balancemember { "${facts['networking']['fqdn']}_${profiles::proxmox::params::pve_webport}_api2}":
service => "be_${facts['country']}${facts['region']}pve_api",
ports => [$profiles::proxmox::params::pve_webport],
options => [
'ssl',
'verify none',
'check',
'inter 2s',
'rise 3',
'fall 2',
]
}
}