aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorCédric Jeanneret <cedric.jeanneret@camptocamp.com>2017-09-12 17:01:29 +0200
committerCédric Jeanneret <cedric.jeanneret@camptocamp.com>2017-09-14 18:05:48 +0000
commit4e484c40918f79686585aa0ad6c6d0a3b2b5482d (patch)
treea702e39824796fc230bd3072e7342fa2343509ee
parent0ebd5749f18b0f7671c2574bccb53b505f133650 (diff)
Added new parameter for HAProxy configuration
This allow to set the socket access level to admin instead of default "user". This "admin" access adds the capability to interact with HAproxy in order to manage its configuration, at least temporarly. This changes keeps the default "user" access level, as "admin" might break things if misused. Change-Id: I1a4612b9f8aacc410b48a04dac3bf300bbb0e08e Closes-bug: #1716692 (cherry picked from commit 33479418eec7c1a18d57d755be47eca800b918a6)
-rw-r--r--manifests/haproxy.pp8
1 files changed, 7 insertions, 1 deletions
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp
index 9386036..e9b5b63 100644
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@@ -53,6 +53,11 @@
# Should haproxy run in daemon mode or not
# Defaults to true
#
+# [*haproxy_socket_access_level*]
+# Access level for HAProxy socket.
+# Can be "user" or "admin"
+# Defaults to "user"
+#
# [*manage_firewall*]
# (optional) Enable or disable firewall settings for ports exposed by HAProxy
# (false means disabled, and true means enabled)
@@ -569,6 +574,7 @@ class tripleo::haproxy (
$haproxy_member_options = [ 'check', 'inter 2000', 'rise 2', 'fall 5' ],
$haproxy_log_address = '/dev/log',
$haproxy_daemon = true,
+ $haproxy_socket_access_level = 'user',
$haproxy_stats_user = 'admin',
$haproxy_stats_password = undef,
$manage_firewall = hiera('tripleo::firewall::manage_firewall', true),
@@ -799,7 +805,7 @@ class tripleo::haproxy (
'ssl-default-bind-ciphers' => $ssl_cipher_suite,
'ssl-default-bind-options' => $ssl_options,
'stats' => [
- 'socket /var/lib/haproxy/stats mode 600 level user',
+ "socket /var/lib/haproxy/stats mode 600 level ${haproxy_socket_access_level}",
'timeout 2m'
],
}