This module will manage HAProxy installation and configurations. Configuration is broken up into parts (frontend, backend, acls, etc.) to save on code reuse. This is a fork of the fpizzurro/puppet-haproxy project but has been heavily modified to provide more flexibility. Significant portions of the templates used in this project were inspired by (or in some cases, lifted directly from) the puppetlabs-haproxy project.
- stdlib (for merge and concat functions)
- concat
- CentOS 6
Start by overriding any of the default settings you might wish to.
class { 'haproxy' :
package_name => 'haproxy',
service_name => 'haproxy',
service_ensure => 'running',
service_enable => true, # true: enable service startup at boot time
service_reload => true, # true: reload the haproxy service after a config change
service_user => 'haproxy',
service_group => 'haproxy',
sock_path => '/var/run/haproxy/haproxy.sock',
log_dir => '/var/log/haproxy',
archive_log_dir => '/var/log',
config_dir => '/etc/haproxy',
default_config_path => '/etc/default/haproxy',
enable_stats => true,
enable_hatop => true, # true: install hatop 0.77 to /usr/local/bin
global_options => {
'log' => "127.0.0.1 local0",
'chroot' => '/var/lib/haproxy',
'pidfile' => '/var/run/haproxy.pid',
'maxconn' => '4000',
'user' => 'haproxy',
'group' => 'haproxy',
'daemon' => '',
'stats' => 'socket /var/lib/haproxy/stats'
},
defaults_options => {
'log' => 'global',
'stats' => 'enable',
'option' => 'redispatch',
'retries' => '3',
'maxconn' => '8000',
'timeout' => [
'http-request 10s',
'queue 1m',
'connect 10s',
'client 1m',
'server 1m',
'check 10s',
],
},
}
haproxy::backend { "$name" :
backend_name = $name,
file_template = 'haproxy/haproxy_backend_header.erb',
options = {
'balance' => 'roundrobin',
},
mode = '', # Can be 'http', 'tcp' or blank if mode is specified in defaults
servers = {}, # Hash of servers built for haproxy::backend::server
}
haproxy::backend { 'articolo_http' :
options => {
'option' => [ 'httpclose' , 'forwardfor' ],
'balance' => 'roundrobin',
}
mode => 'http',
servers => {
'articolo_www01' => {
'host' => 'www01.articolo.lan',
'port' => '8080',
'params' => 'check weight 100',
'server_name' => 'www01',
}
},
}
backend articolo_http
mode http
balance roundrobin
option httpclose
option forwardfor
server www01 www01.articolo.lan check weight 100
haproxy::backend::server { "$name" :
backend_name, # name of the backend to attach this server to
host, # hostname or IP of the server
port = '', # port number to connect to
file_template = 'haproxy/backend/server.erb',
server_name = '', # optional friendly name for server
params = '', # string of haproxy server params, eg: check, weight, rise, fall etc.
}
haproxy::backend::server { 'articolo_www02' :
backend => 'articolo_http',
host => 'www02.articolo.lan',
port => '8080',
params => 'check weight 100',
server_name => 'www01',
}
server www01 www01.articolo.lan:80 check weight 100
haproxy::frontend { "$name" :
bind, # IP and port to bind to
default_backend, # Name of the default backend
frontend_name = '', # Optional, $name is used if left blank
file_template = 'haproxy/haproxy_frontend_header.erb',
mode = 'http',
options = {}, # Same format as the backend options param
}
haproxy::frontend { 'articolo_www' :
bind => [ '*:80', '10.0.1.5:88' ]
default_backend => 'articolo_http',
}
frontend articolo_www
bind *:80
bind 10.0.1.5:88
default_backend articolo_http
ACLs can be applied to frontends, backends or listens. The name of one must be specified in the parameters. A use_backend can be added to frontends and listens at this time as well. If extra acl names are needed for the use backend, they can be added with the extra_acls parameter as strings in an array.
haproxy::acl { "$name" :
<target>_name, # Name of the backend, frontend or listen to add the ACL to.
# Param name is backend_name, frontend_name or listen_name
condition,
acl_name = '', # Defaults to $name
use_backend = '', # Name of backend to use when matching ACL. Not a valid param for haproxy::backend::acl!
extra_acls = [], # Extra ACL names to apply to the use_backend line
}
haproxy::frontend::acl { 'is_test' :
frontend_name => 'articolo_www',
condition => 'hdr_beg(host) -i test.articolo.lan',
use_backend => 'articolo_http_test',
}
frontend articolo_www
bind *:80
bind 10.0.1.5:88
default_backend articolo_http
acl is_test hdr_beg(host) -i test.articolo.lan
use_backend articolo_http_test if is_test
If we want to manage persistent session, we can define one or more appsession. This should be cookies created by the application at session start. We add in the declared backend JSESSIONID but we can add more appsession cookie
haproxy::backend::appsession {'JSESSIONID':
backend_name => 'articolo_http',
length => 52,
timeout => '30m',
options => [ 'request-learn', 'prefix' ],
}
Add header name X-HaProxy-Id to the request.
haproxy::backend::add_header {'X-HaProxy-Id':
request => true, #(if response => true is used, header will be added on respose)
value => 'botolo01',
backend_name => 'articolo_http',
}
Add the same header on the response haproxy::backend::add_header {'X-HaProxy-Id': response => true, #(response and request cannot be used in conjuction) value => 'botolo01', backend_name => 'articolo_http', }
In the defined frontend we want to capture some cookies or header that will be logged
haproxy::frontend::capture {'JSESSIONID=':
frontend_name => 'http':
type => 'cookie',
length => 52
}
haproxy::frontend::capture {'X-Backend-Id':
frontend_name => 'http':
type => 'response header',
length => 10
}
haproxy::frontend::capture {'X-Varnish-Id':
frontend_name => 'http':
type => 'response header',
length => 10
}
Create use_backend lines manually, rather than within haproxy::acl
haproxy::[frontend|listen]::use_backend { 'articolo_http':
<target>_name => 'articolo_www', # frontend_name or listen_name
backend_name => 'articolo_http',
if_acl => [ 'acl_name' ] # resource Haproxy::Acl['acl_name'] must exist
}