From 4e484c40918f79686585aa0ad6c6d0a3b2b5482d Mon Sep 17 00:00:00 2001 From: Cédric Jeanneret Date: Tue, 12 Sep 2017 17:01:29 +0200 Subject: Added new parameter for HAProxy configuration This allow to set the socket access level to admin instead of default "user". This "admin" access adds the capability to interact with HAproxy in order to manage its configuration, at least temporarly. This changes keeps the default "user" access level, as "admin" might break things if misused. Change-Id: I1a4612b9f8aacc410b48a04dac3bf300bbb0e08e Closes-bug: #1716692 (cherry picked from commit 33479418eec7c1a18d57d755be47eca800b918a6) --- manifests/haproxy.pp | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index 9386036..e9b5b63 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -53,6 +53,11 @@ # Should haproxy run in daemon mode or not # Defaults to true # +# [*haproxy_socket_access_level*] +# Access level for HAProxy socket. +# Can be "user" or "admin" +# Defaults to "user" +# # [*manage_firewall*] # (optional) Enable or disable firewall settings for ports exposed by HAProxy # (false means disabled, and true means enabled) @@ -569,6 +574,7 @@ class tripleo::haproxy ( $haproxy_member_options = [ 'check', 'inter 2000', 'rise 2', 'fall 5' ], $haproxy_log_address = '/dev/log', $haproxy_daemon = true, + $haproxy_socket_access_level = 'user', $haproxy_stats_user = 'admin', $haproxy_stats_password = undef, $manage_firewall = hiera('tripleo::firewall::manage_firewall', true), @@ -799,7 +805,7 @@ class tripleo::haproxy ( 'ssl-default-bind-ciphers' => $ssl_cipher_suite, 'ssl-default-bind-options' => $ssl_options, 'stats' => [ - 'socket /var/lib/haproxy/stats mode 600 level user', + "socket /var/lib/haproxy/stats mode 600 level ${haproxy_socket_access_level}", 'timeout 2m' ], } -- cgit 1.2.3-korg