2024-03-17 09:57:02 +00:00
---
#####################################################
# #
# HAProxy Configuration #
# #
#####################################################
deploy_haproxy_deploy_method : "{{ deployment_method }}"
2024-04-01 21:59:48 +00:00
deploy_haproxy_version : "{{ haproxy_version }}"
2024-03-17 09:57:02 +00:00
deploy_haproxy_env_variables : {}
deploy_haproxy_start_service : true
2024-04-01 21:59:48 +00:00
deploy_haproxy_cert_dir : "{{ sub_configuration_directories['certificates']~'/external' if (enable_tls_external and not external_tls_externally_managed_certs) }}"
2024-03-17 09:57:02 +00:00
deploy_haproxy_extra_container_volumes : [ ]
deploy_haproxy_global :
- log /dev/log local0
- log /dev/log local1 notice
- stats socket {{ deploy_haproxy_socket }} level admin
- chroot {{ deploy_haproxy_chroot }}
- daemon
- description hashistack haproxy
deploy_haproxy_defaults :
- log global
- mode http
- option httplog
- option dontlognull
- timeout connect 5000
- timeout client 5000
- timeout server 5000
2024-04-01 21:59:48 +00:00
deploy_haproxy_frontends :
- name : external_http
options : >-
{%- set haproxy_options = [
'description hashistack external http frontend' ,
'mode http' ,
'bind :80'
] -%}
2024-03-17 09:57:02 +00:00
2024-04-01 21:59:48 +00:00
{%- if enable_tls_external -%}
{%- set tls_cert_paths = [] -%}
{%- for item in ['consul', 'nomad', 'vault'] if vars['enable_' + item] | bool -%}
{%- set crt_option = '/var/lib/haproxy/certs/' + vars[item + '_fqdn'] + '.pem' -%}
{%- set _ = tls_cert_paths.append(crt_option) -%}
{%- endfor -%}
{%- set tls_options = ['bind :443 ssl crt ' + tls_cert_paths | join(' crt ') ] -%}
{%- set _ = tls_options.append('http-request redirect scheme https unless { ssl_fc }') -%}
{%- set haproxy_options = haproxy_options + tls_options -%}
{%- endif -%}
{%- set haproxy_options = haproxy_options + consul_haproxy_frontend_options + vault_haproxy_frontend_options -%}
{{ haproxy_options }}
deploy_haproxy_backends : "{{ consul_haproxy_backends + vault_haproxy_backends }}"
2024-03-17 09:57:02 +00:00
deploy_haproxy_listen :
- name : monitoring
options :
- bind :9000
- mode http
- option httpchk
- stats enable
- stats uri /stats
- stats refresh 30s
- stats show-desc
- stats show-legends
- stats auth admin:password
- http-check send meth GET uri /health ver HTTP/1.1 hdr Host localhost
- http-check expect status 200
- acl health_check_ok nbsrv() ge 1
- monitor-uri /health
- http-request use-service prometheus-exporter if { path /metrics }
deploy_keepalived_deploy_method : "{{ deployment_method }}"
deploy_keepalived_version : "latest"
deploy_keepalived_start_service : true
deploy_keepalived_env_variables : {}
deploy_keepalived_vrrp_instance_name : "{{ ansible_hostname }}"
deploy_keepalived_interface : "{{ api_interface }}"
deploy_keepalived_state : "BACKUP"
deploy_keepalived_router_id : 50
deploy_keepalived_priority : 100
deploy_keepalived_advert_interval : 1
deploy_keepalived_unicast_source : "{{ api_interface_address }}"
deploy_keepalived_unicast_peers : "{{ groups['haproxy_servers'] | difference([ansible_hostname]) | map('extract', hostvars, ['api_interface_address']) | list }}"
deploy_keepalived_auth_passwd : "password"
deploy_keepalived_virtual_ips :
- "{{ hashistack_external_vip_addr }}/32 dev {{ hashistack_external_vip_interface }}"
deploy_keepalived_notify_script : notify.sh
2024-03-17 18:05:02 +00:00
deploy_keepalived_custom_scripts_src : tasks/haproxy/files/keepalived/scripts.d
2024-03-17 09:57:02 +00:00
deploy_keepalived_extra_container_volumes : [ ]
2024-03-17 18:05:02 +00:00
deploy_keepalived_use_custom_config : true
deploy_keepalived_custom_config_src : tasks/haproxy/files/keepalived/keepalived.conf.j2
