Bertrand Lanson
95a1d80f76
All checks were successful
development / Check commit compliance (push) Successful in 26s
99 lines
3.7 KiB
YAML
99 lines
3.7 KiB
YAML
---
|
|
#####################################################
|
|
# #
|
|
# HAProxy Configuration #
|
|
# #
|
|
#####################################################
|
|
|
|
deploy_haproxy_deploy_method: "host"
|
|
deploy_haproxy_version: "{{ haproxy_version }}"
|
|
|
|
deploy_haproxy_env_variables: {}
|
|
deploy_haproxy_start_service: true
|
|
deploy_haproxy_cert_dir: "{{ sub_configuration_directories['certificates']~'/external' if (enable_tls_external and not external_tls_externally_managed_certs) }}"
|
|
deploy_haproxy_extra_container_volumes: []
|
|
deploy_haproxy_global:
|
|
- log /dev/log local0
|
|
- log /dev/log local1 notice
|
|
- stats socket {{ deploy_haproxy_socket }} level admin
|
|
- chroot {{ deploy_haproxy_chroot }}
|
|
- daemon
|
|
- description hashistack haproxy
|
|
|
|
deploy_haproxy_defaults:
|
|
- log global
|
|
- mode http
|
|
- option httplog
|
|
- option dontlognull
|
|
- timeout connect 5000
|
|
- timeout client 5000
|
|
- timeout server 5000
|
|
|
|
deploy_haproxy_frontends:
|
|
- name: external_http
|
|
options: >-
|
|
{%- set haproxy_options = [
|
|
'description hashistack external http frontend',
|
|
'mode http',
|
|
'bind :80'
|
|
] -%}
|
|
|
|
{%- if enable_tls_external -%}
|
|
{%- set tls_cert_paths = [] -%}
|
|
{%- for item in ['consul', 'nomad', 'vault'] if vars['enable_' + item] | bool -%}
|
|
{%- set crt_option = '/var/lib/haproxy/certs/' + vars[item + '_fqdn'] + '.pem' -%}
|
|
{%- set _ = tls_cert_paths.append(crt_option) -%}
|
|
{%- endfor -%}
|
|
{%- set tls_options = ['bind :443 ssl crt ' + tls_cert_paths | join(' crt ') ] -%}
|
|
{%- set _ = tls_options.append('http-request redirect scheme https unless { ssl_fc }') -%}
|
|
{%- set haproxy_options = haproxy_options + tls_options -%}
|
|
{%- endif -%}
|
|
|
|
{%- set haproxy_options = haproxy_options + consul_haproxy_frontend_options + vault_haproxy_frontend_options + nomad_haproxy_frontend_options -%}
|
|
|
|
{{ haproxy_options }}
|
|
|
|
deploy_haproxy_backends: "{{ consul_haproxy_backends + vault_haproxy_backends + nomad_haproxy_backends }}"
|
|
|
|
deploy_haproxy_listen:
|
|
- name: monitoring
|
|
options:
|
|
- bind :9000
|
|
- mode http
|
|
- option httpchk
|
|
- stats enable
|
|
- stats uri /stats
|
|
- stats refresh 30s
|
|
- stats show-desc
|
|
- stats show-legends
|
|
- stats auth admin:password
|
|
- http-check send meth GET uri /health ver HTTP/1.1 hdr Host localhost
|
|
- http-check expect status 200
|
|
- acl health_check_ok nbsrv() ge 1
|
|
- monitor-uri /health
|
|
- http-request use-service prometheus-exporter if { path /metrics }
|
|
|
|
deploy_keepalived_deploy_method: "host"
|
|
deploy_keepalived_version: "latest"
|
|
deploy_keepalived_start_service: true
|
|
deploy_keepalived_env_variables: {}
|
|
|
|
deploy_keepalived_vrrp_instance_name: "{{ ansible_hostname }}"
|
|
deploy_keepalived_interface: "{{ api_interface }}"
|
|
deploy_keepalived_state: "BACKUP"
|
|
deploy_keepalived_router_id: 50
|
|
deploy_keepalived_priority: 100
|
|
deploy_keepalived_advert_interval: 1
|
|
deploy_keepalived_unicast_source: "{{ api_interface_address }}"
|
|
deploy_keepalived_unicast_peers: "{{ groups['haproxy_servers'] | difference([ansible_hostname]) | map('extract', hostvars, ['api_interface_address']) | list }}"
|
|
deploy_keepalived_auth_passwd: "password"
|
|
deploy_keepalived_virtual_ips:
|
|
- "{{ hashistack_external_vip_addr }}/32 dev {{ hashistack_external_vip_interface }}"
|
|
deploy_keepalived_notify_script: notify.sh
|
|
|
|
deploy_keepalived_custom_scripts_src: tasks/haproxy/files/keepalived/scripts.d
|
|
deploy_keepalived_extra_container_volumes: []
|
|
|
|
deploy_keepalived_use_custom_config: true
|
|
deploy_keepalived_custom_config_src: tasks/haproxy/files/keepalived/keepalived.conf.j2
|