feat: haproxy refactor
- configure deep merging in hiera - move fe_http and fe_https to hiera - configure pve backends for standard and api traffic
This commit is contained in:
@@ -1,23 +0,0 @@
|
||||
# default http frontend
|
||||
class profiles::haproxy::fe_http (
|
||||
Stdlib::IP::Address $bind_addr = $facts['networking']['ip'],
|
||||
Stdlib::Port $bind_port = 80,
|
||||
Array $bind_opts = ['transparent'],
|
||||
Array $acls = [],
|
||||
Array $http_request = [],
|
||||
Array $http_response = [],
|
||||
) {
|
||||
haproxy::frontend { 'fe_http':
|
||||
description => 'Default HTTP Frontend',
|
||||
bind => { "${bind_addr}:${bind_port}" => $bind_opts },
|
||||
mode => 'http',
|
||||
options => {
|
||||
'acl' => $acls,
|
||||
'http-request' => $http_request,
|
||||
'http-response' => $http_response,
|
||||
'use_backend' => [
|
||||
'%[req.hdr(host),lower,map(/etc/haproxy/fe_http.map,be_default)]',
|
||||
],
|
||||
},
|
||||
}
|
||||
}
|
||||
@@ -1,23 +0,0 @@
|
||||
# default https frontend
|
||||
class profiles::haproxy::fe_https (
|
||||
Stdlib::IP::Address $bind_addr = $facts['networking']['ip'],
|
||||
Stdlib::Port $bind_port = 443,
|
||||
Array $bind_opts = [],
|
||||
Array $acls = [],
|
||||
Array $http_request = [],
|
||||
Array $http_response = [],
|
||||
) {
|
||||
haproxy::frontend { 'fe_https':
|
||||
description => 'Default HTTPS Frontend',
|
||||
bind => { "${bind_addr}:${bind_port}" => $bind_opts },
|
||||
mode => 'http',
|
||||
options => {
|
||||
'acl' => $acls,
|
||||
'http-request' => $http_request,
|
||||
'http-response' => $http_response,
|
||||
'use_backend' => [
|
||||
'%[req.hdr(host),lower,map(/etc/haproxy/fe_https.map,be_default)]',
|
||||
],
|
||||
},
|
||||
}
|
||||
}
|
||||
@@ -1,21 +0,0 @@
|
||||
# profiles::haproxy::listener
|
||||
define profiles::haproxy::listener (
|
||||
Boolean $bind = false,
|
||||
Boolean $listen = false,
|
||||
Enum['roundrobin', 'leastconn'] $balance = 'roundrobin',
|
||||
Array $option = ['tcplog'],
|
||||
Enum['tcp', 'http'] $mode = 'http',
|
||||
Stdlib::Port $ports = 443,
|
||||
) {
|
||||
|
||||
haproxy::listen { 'puppet00':
|
||||
ipaddress => $facts['networking']['ip'],
|
||||
ports => $ports,
|
||||
mode => $mode,
|
||||
options => {
|
||||
'option' => $option,
|
||||
'balance' => $balance,
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
@@ -51,8 +51,6 @@ class profiles::haproxy::server (
|
||||
include profiles::haproxy::certlist # manage the certificate list file
|
||||
include profiles::haproxy::mappings # manage the domain to backend mappings
|
||||
include profiles::haproxy::ls_stats # default status listener
|
||||
include profiles::haproxy::fe_http # default http frontend
|
||||
include profiles::haproxy::fe_https # default https frontend
|
||||
include profiles::haproxy::dns # manage dns for haproxy
|
||||
include profiles::haproxy::frontends # create frontends
|
||||
include profiles::haproxy::backends # create backends
|
||||
|
||||
@@ -6,7 +6,7 @@ class profiles::proxmox::weblb {
|
||||
|
||||
# export haproxy balancemember
|
||||
profiles::haproxy::balancemember { "${facts['networking']['fqdn']}_${profiles::proxmox::params::pve_webport}}":
|
||||
service => "be_${facts['country']}${facts['region']}pve",
|
||||
service => "be_${facts['country']}${facts['region']}pve_web",
|
||||
ports => [$profiles::proxmox::params::pve_webport],
|
||||
options => [
|
||||
"cookie ${facts['networking']['hostname']}",
|
||||
@@ -18,4 +18,16 @@ class profiles::proxmox::weblb {
|
||||
'fall 2',
|
||||
]
|
||||
}
|
||||
profiles::haproxy::balancemember { "${facts['networking']['fqdn']}_${profiles::proxmox::params::pve_webport}_api2}":
|
||||
service => "be_${facts['country']}${facts['region']}pve_api",
|
||||
ports => [$profiles::proxmox::params::pve_webport],
|
||||
options => [
|
||||
'ssl',
|
||||
'verify none',
|
||||
'check',
|
||||
'inter 2s',
|
||||
'rise 3',
|
||||
'fall 2',
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user