hcp-ansible/playbooks/group_vars/all/haproxy.yml

99 lines
3.7 KiB
YAML

---
#####################################################
# #
# HAProxy Configuration #
# #
#####################################################
deploy_haproxy_deploy_method: "{{ deployment_method }}"
deploy_haproxy_version: "{{ haproxy_version }}"
deploy_haproxy_env_variables: {}
deploy_haproxy_start_service: true
deploy_haproxy_cert_dir: "{{ sub_configuration_directories['certificates']~'/external' if (enable_tls_external and not external_tls_externally_managed_certs) }}"
deploy_haproxy_extra_container_volumes: []
deploy_haproxy_global:
- log /dev/log local0
- log /dev/log local1 notice
- stats socket {{ deploy_haproxy_socket }} level admin
- chroot {{ deploy_haproxy_chroot }}
- daemon
- description hashistack haproxy
deploy_haproxy_defaults:
- log global
- mode http
- option httplog
- option dontlognull
- timeout connect 5000
- timeout client 5000
- timeout server 5000
deploy_haproxy_frontends:
- name: external_http
options: >-
{%- set haproxy_options = [
'description hashistack external http frontend',
'mode http',
'bind :80'
] -%}
{%- if enable_tls_external -%}
{%- set tls_cert_paths = [] -%}
{%- for item in ['consul', 'nomad', 'vault'] if vars['enable_' + item] | bool -%}
{%- set crt_option = '/var/lib/haproxy/certs/' + vars[item + '_fqdn'] + '.pem' -%}
{%- set _ = tls_cert_paths.append(crt_option) -%}
{%- endfor -%}
{%- set tls_options = ['bind :443 ssl crt ' + tls_cert_paths | join(' crt ') ] -%}
{%- set _ = tls_options.append('http-request redirect scheme https unless { ssl_fc }') -%}
{%- set haproxy_options = haproxy_options + tls_options -%}
{%- endif -%}
{%- set haproxy_options = haproxy_options + consul_haproxy_frontend_options + vault_haproxy_frontend_options -%}
{{ haproxy_options }}
deploy_haproxy_backends: "{{ consul_haproxy_backends + vault_haproxy_backends }}"
deploy_haproxy_listen:
- name: monitoring
options:
- bind :9000
- mode http
- option httpchk
- stats enable
- stats uri /stats
- stats refresh 30s
- stats show-desc
- stats show-legends
- stats auth admin:password
- http-check send meth GET uri /health ver HTTP/1.1 hdr Host localhost
- http-check expect status 200
- acl health_check_ok nbsrv() ge 1
- monitor-uri /health
- http-request use-service prometheus-exporter if { path /metrics }
deploy_keepalived_deploy_method: "{{ deployment_method }}"
deploy_keepalived_version: "latest"
deploy_keepalived_start_service: true
deploy_keepalived_env_variables: {}
deploy_keepalived_vrrp_instance_name: "{{ ansible_hostname }}"
deploy_keepalived_interface: "{{ api_interface }}"
deploy_keepalived_state: "BACKUP"
deploy_keepalived_router_id: 50
deploy_keepalived_priority: 100
deploy_keepalived_advert_interval: 1
deploy_keepalived_unicast_source: "{{ api_interface_address }}"
deploy_keepalived_unicast_peers: "{{ groups['haproxy_servers'] | difference([ansible_hostname]) | map('extract', hostvars, ['api_interface_address']) | list }}"
deploy_keepalived_auth_passwd: "password"
deploy_keepalived_virtual_ips:
- "{{ hashistack_external_vip_addr }}/32 dev {{ hashistack_external_vip_interface }}"
deploy_keepalived_notify_script: notify.sh
deploy_keepalived_custom_scripts_src: tasks/haproxy/files/keepalived/scripts.d
deploy_keepalived_extra_container_volumes: []
deploy_keepalived_use_custom_config: true
deploy_keepalived_custom_config_src: tasks/haproxy/files/keepalived/keepalived.conf.j2