aboutsummaryrefslogtreecommitdiffstats
path: root/manifests/haproxy
diff options
context:
space:
mode:
Diffstat (limited to 'manifests/haproxy')
-rw-r--r--manifests/haproxy/endpoint.pp8
-rw-r--r--manifests/haproxy/stats.pp74
2 files changed, 81 insertions, 1 deletions
diff --git a/manifests/haproxy/endpoint.pp b/manifests/haproxy/endpoint.pp
index f1e80e8..9139061 100644
--- a/manifests/haproxy/endpoint.pp
+++ b/manifests/haproxy/endpoint.pp
@@ -86,6 +86,11 @@
# fetching the certificate for that specific network.
# Defaults to undef
#
+# [*manage_firewall*]
+# (optional) Enable or disable firewall settings for ports exposed by HAProxy
+# (false means disabled, and true means enabled)
+# Defaults to hiera('tripleo::firewall::manage_firewall', true)
+#
define tripleo::haproxy::endpoint (
$internal_ip,
$service_port,
@@ -103,6 +108,7 @@ define tripleo::haproxy::endpoint (
$use_internal_certificates = false,
$internal_certificates_specs = {},
$service_network = undef,
+ $manage_firewall = hiera('tripleo::firewall::manage_firewall', true),
) {
if $public_virtual_ip {
# service exposed to the public network
@@ -158,7 +164,7 @@ define tripleo::haproxy::endpoint (
server_names => $server_names,
options => $member_options,
}
- if hiera('tripleo::firewall::manage_firewall', true) {
+ if $manage_firewall {
include ::tripleo::firewall
# This block will construct firewall rules only when we specify
# a port for the regular service and also the ssl port for the service.
diff --git a/manifests/haproxy/stats.pp b/manifests/haproxy/stats.pp
new file mode 100644
index 0000000..f185c29
--- /dev/null
+++ b/manifests/haproxy/stats.pp
@@ -0,0 +1,74 @@
+# Copyright 2014 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# == Class: tripleo::haproxy::stats
+#
+# Configure the HAProxy stats interface
+#
+# [*haproxy_listen_bind_param*]
+# A list of params to be added to the HAProxy listener bind directive.
+#
+# [*ip*]
+# IP Address on which the stats interface is listening on. This right now
+# assumes that it's in the ctlplane network.
+#
+# [*password*]
+# Password for haproxy stats authentication. When set, authentication is
+# enabled on the haproxy stats endpoint.
+# A string.
+# Defaults to undef
+#
+# [*certificate*]
+# Filename of an HAProxy-compatible certificate and key file
+# When set, enables SSL on the haproxy stats endpoint using the specified file.
+# Defaults to undef
+#
+# [*user*]
+# Username for haproxy stats authentication.
+# A string.
+# Defaults to 'admin'
+#
+class tripleo::haproxy::stats (
+ $haproxy_listen_bind_param,
+ $ip,
+ $password = undef,
+ $certificate = undef,
+ $user = 'admin'
+) {
+ if $certificate {
+ $haproxy_stats_bind_opts = {
+ "${ip}:1993" => union($haproxy_listen_bind_param, ['ssl', 'crt', $certificate]),
+ }
+ } else {
+ $haproxy_stats_bind_opts = {
+ "${ip}:1993" => $haproxy_listen_bind_param,
+ }
+ }
+
+ $stats_base = ['enable', 'uri /']
+ if $password {
+ $stats_config = union($stats_base, ["auth ${user}:${password}"])
+ } else {
+ $stats_config = $stats_base
+ }
+ haproxy::listen { 'haproxy.stats':
+ bind => $haproxy_stats_bind_opts,
+ mode => 'http',
+ options => {
+ 'stats' => $stats_config,
+ },
+ collect_exported => false,
+ }
+}