diff options
| author |   Jenkins <jenkins@review.openstack.org> | 2017-07-31 19:32:33 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <review@openstack.org> | 2017-07-31 19:32:33 +0000 |
| commit | ee2a53afb1ad8f45be7d3986f5de2b6731048c65 (patch) | |
| tree | d525eb07f2480969d74c643793c1daff2f050d29 /manifests/haproxy | |
| parent | 48ead62f6fcb1b833c044f099644cb32a06c3206 (diff) | |
| parent | e51e79692032d2cf8c6092e86c5a28a0e7f1832d (diff) | |
Merge "Enable TLS for the HAProxy stats interface"
Diffstat (limited to 'manifests/haproxy')
| -rw-r--r-- | manifests/haproxy/stats.pp | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/manifests/haproxy/stats.pp b/manifests/haproxy/stats.pp new file mode 100644 index 0000000..f185c29 --- /dev/null +++ b/manifests/haproxy/stats.pp @@ -0,0 +1,74 @@ +# Copyright 2014 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# == Class: tripleo::haproxy::stats +# +# Configure the HAProxy stats interface +# +# [*haproxy_listen_bind_param*] +# A list of params to be added to the HAProxy listener bind directive. +# +# [*ip*] +# IP Address on which the stats interface is listening on. This right now +# assumes that it's in the ctlplane network. +# +# [*password*] +# Password for haproxy stats authentication. When set, authentication is +# enabled on the haproxy stats endpoint. +# A string. +# Defaults to undef +# +# [*certificate*] +# Filename of an HAProxy-compatible certificate and key file +# When set, enables SSL on the haproxy stats endpoint using the specified file. +# Defaults to undef +# +# [*user*] +# Username for haproxy stats authentication. +# A string. +# Defaults to 'admin' +# +class tripleo::haproxy::stats ( + $haproxy_listen_bind_param, + $ip, + $password = undef, + $certificate = undef, + $user = 'admin' +) { + if $certificate { + $haproxy_stats_bind_opts = { + "${ip}:1993" => union($haproxy_listen_bind_param, ['ssl', 'crt', $certificate]), + } + } else { + $haproxy_stats_bind_opts = { + "${ip}:1993" => $haproxy_listen_bind_param, + } + } + + $stats_base = ['enable', 'uri /'] + if $password { + $stats_config = union($stats_base, ["auth ${user}:${password}"]) + } else { + $stats_config = $stats_base + } + haproxy::listen { 'haproxy.stats': + bind => $haproxy_stats_bind_opts, + mode => 'http', + options => { + 'stats' => $stats_config, + }, + collect_exported => false, + } +} |