summaryrefslogtreecommitdiffstats
path: root/manifests/haproxy/endpoint.pp
diff options
context:
space:
mode:
Diffstat (limited to 'manifests/haproxy/endpoint.pp')
-rw-r--r--manifests/haproxy/endpoint.pp120
1 files changed, 120 insertions, 0 deletions
diff --git a/manifests/haproxy/endpoint.pp b/manifests/haproxy/endpoint.pp
new file mode 100644
index 0000000..94bfcff
--- /dev/null
+++ b/manifests/haproxy/endpoint.pp
@@ -0,0 +1,120 @@
+# Copyright 2014 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# == Class: tripleo::haproxy::endpoint
+#
+# Configure a HAProxy listen endpoint
+#
+# [*internal_ip*]
+# The IP in which the proxy endpoint will be listening in the internal
+# network.
+#
+# [*service_port*]
+# The default port on which the endpoint will be listening.
+#
+# [*ip_addresses*]
+# The ordered list of IPs to be used to contact the balancer member.
+#
+# [*server_names*]
+# The names of the balancer members, which usually should be the hostname.
+#
+# [*member_options*]
+# Options for the balancer member, specified after the server declaration.
+# These should go in the member's configuration block.
+#
+# [*public_virtual_ip*]
+# Address in which the proxy endpoint will be listening in the public network.
+# If this service is internal only this should be ommited.
+# Defaults to undef.
+#
+# [*mode*]
+# HAProxy mode in which the endpoint will be listening. This can be undef,
+# tcp, http or health.
+# Defaults to undef.
+#
+# [*haproxy_listen_bind_param*]
+# A list of params to be added to the HAProxy listener bind directive.
+# Defaults to undef.
+#
+# [*listen_options*]
+# Options specified for the listening service's configuration block (in
+# HAproxy terms, the frontend).
+# defaults to {'option' => []}
+#
+# [*public_ssl_port*]
+# The port used for the public proxy endpoint if it differs from the default
+# one. This is used only if SSL is enabled, and it's used in order to avoid
+# overriding with the internal proxy endpoint (which could happen if they were
+# in the same network).
+# Defaults to undef.
+#
+# [*public_certificate*]
+# Certificate path used to enable TLS for the public proxy endpoint.
+# Defaults to undef.
+#
+# [*internal_certificate*]
+# Certificate path used to enable TLS for the internal proxy endpoint.
+# Defaults to undef.
+#
+define tripleo::haproxy::endpoint (
+ $internal_ip,
+ $service_port,
+ $ip_addresses,
+ $server_names,
+ $member_options,
+ $public_virtual_ip = undef,
+ $mode = undef,
+ $haproxy_listen_bind_param = undef,
+ $listen_options = {
+ 'option' => [],
+ },
+ $public_ssl_port = undef,
+ $public_certificate = undef,
+ $internal_certificate = undef,
+) {
+ if $public_virtual_ip {
+ # service exposed to the public network
+
+ if $public_certificate {
+ $public_bind_opts = list_to_hash(suffix(any2array($public_virtual_ip), ":${public_ssl_port}"), union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate]))
+ } else {
+ $public_bind_opts = list_to_hash(suffix(any2array($public_virtual_ip), ":${service_port}"), $haproxy_listen_bind_param)
+ }
+ } else {
+ # internal service only
+ $public_bind_opts = {}
+ }
+
+ if $internal_certificate {
+ $internal_bind_opts = list_to_hash(suffix(any2array($internal_ip), ":${service_port}"), union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate]))
+ } else {
+ $internal_bind_opts = list_to_hash(suffix(any2array($internal_ip), ":${service_port}"), $haproxy_listen_bind_param)
+ }
+ $bind_opts = merge($internal_bind_opts, $public_bind_opts)
+
+ haproxy::listen { "${name}":
+ bind => $bind_opts,
+ collect_exported => false,
+ mode => $mode,
+ options => $listen_options,
+ }
+ haproxy::balancermember { "${name}":
+ listening_service => $name,
+ ports => $service_port,
+ ipaddresses => $ip_addresses,
+ server_names => $server_names,
+ options => $member_options,
+ }
+}