updated haproxy state

states/haproxy/config.sls

@@ -13,7 +13,7 @@ haproxy-maps-{{ filename }}:
       - service: haproxy-service
 {% endfor %}
 
-haproxy-config:
+haproxy-config-main:
   file.managed:
     - name: {{ haproxy.config.dir }}/{{ haproxy.config.configfile }}
     - source: salt://haproxy/templates/haproxy.cfg.j2
@@ -24,7 +24,7 @@ haproxy-config:
     - watch_in:
       - service: haproxy-service
 
-haproxy-spoe-config:
+haproxy-config-spoe:
   file.managed:
     - name: {{ haproxy.config.dir }}/spoe.cfg
     - source: salt://haproxy/templates/spoe.cfg.j2

states/haproxy/defaults.yaml

@@ -3,6 +3,19 @@ haproxy:
   enabled: true
   packages:
     - haproxy
+  maps:
+    - access
+    - domains
+    - redirects
+    - vhosts
+  config:
+    dir: /etc/haproxy
+    configfile: haproxy.cfg
+    dirs:
+      - maps
+      - scripts
+      - mods
+      - errors
     scripts:
       - name: scripts/http.lua
         lib: true
@@ -12,37 +25,27 @@ haproxy:
         lib: false
       - name: scripts/weight_by_latency.lua
         lib: false
-  maps:
-    - access
-    - domains
-    - redirects
-    - vhosts
-  config:
-    dir: /etc/haproxy
-    configfile: haproxy.cfg
     namespace: paulbsd
-    servername: "High-performance Web Server"
+    user: haproxy
+    group: haproxy
+    servername: High-performance Web Server
     http2: true
     defaults:
       #log: global
       #log: 127.0.0.1 local0
       log: stdout format raw daemon info
       retries: 2
-      timeout check: 1s
-      timeout client: 30m
-      timeout connect: 1s
-      timeout server: 30m
+      timeout check: 2s
+      timeout client: 60m
+      timeout connect: 2s
+      timeout server: 60m
       unique-id-format: "%{+X}o\\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid"
     balance: roundrobin
     check: true
-    user: haproxy
-    group: haproxy
     http_port: 80
     https_port: 443
     capture_length: 200
-    admin:
-      enable: false
-      port: 7000
+    admin: false
     api:
       enable: true
       filesocket: /var/run/haproxy-admin.sock

states/haproxy/install.sls

@@ -11,28 +11,16 @@ haproxy-config-dir:
     - group: {{ haproxy.config.group }}
     - mode: "0700"
 
-haproxy-config-maps-dir:
+{% for dir in haproxy.config.dirs %}
+haproxy-config-{{ dir }}-dir:
   file.directory:
-    - name: {{ haproxy.config.dir }}/maps
+    - name: {{ haproxy.config.dir }}/{{ dir }}
     - user: {{ haproxy.config.user }}
     - group: {{ haproxy.config.group }}
     - mode: "0700"
+{% endfor %}
 
-haproxy-config-script-dir:
-  file.directory:
-    - name: {{ haproxy.config.dir }}/scripts
-    - user: {{ haproxy.config.user }}
-    - group: {{ haproxy.config.group }}
-    - mode: "0700"
-
-haproxy-config-mods-dir:
-  file.directory:
-    - name: {{ haproxy.config.dir }}/mods
-    - user: {{ haproxy.config.user }}
-    - group: {{ haproxy.config.group }}
-    - mode: "0700"
-
-{% for file in haproxy.scripts %}
+{% for file in haproxy.config.scripts %}
 haproxy-script-{{ file.name }}:
   file.managed:
     - name: {{ haproxy.config.dir }}/{{ file.name }}

states/haproxy/templates/haproxy.cfg.j2

@@ -3,7 +3,7 @@
 
 {%- set fqdn = salt["grains.get"]("fqdn") %}
 {%- set default_backend = "test" %}
-{% set ns = namespace(default_backend='notdefined') %}
+{%- set ns = namespace(default_backend='notdefined') %}
 {%- for name, values in haproxy.config.vhosts.items() %}{% if values.default_backend|default(false) %}{% set ns.default_backend = name %}{% endif %}{% endfor %}
 
 {%- macro internal() -%}
@@ -67,7 +67,7 @@ backend admin from {{ haproxy.config.namespace }}
 global
   lua-prepend-path {{ haproxy.config.dir }}/mods/?.so cpath
   lua-prepend-path {{ haproxy.config.dir }}/scripts/?.lua
-{%- for file in haproxy.scripts %}
+{%- for file in haproxy.config.scripts %}
   {%- if not file.lib %}
   lua-load {{ haproxy.config.dir }}/{{ file.name }}
   {%- endif %}
@@ -101,7 +101,7 @@ backend per_ip_rates from {{ haproxy.config.namespace }}
 
 # Default HTTP frontend
 frontend http from {{ haproxy.config.namespace }}
-  bind *:{{ haproxy.config.http_port }},:::{{ haproxy.config.http_port }} v4v6
+  bind *:{{ haproxy.config.http_port }},:::{{ haproxy.config.http_port }} v4v6 name http
   mode http
 
   ## ACLs
@@ -122,7 +122,7 @@ frontend http from {{ haproxy.config.namespace }}
 
 # Default HTTPS frontend
 frontend https from {{ haproxy.config.namespace }}
-  bind *:{{ haproxy.config.https_port }},:::{{ haproxy.config.https_port }} v4v6 ssl crt {{ haproxy.config.acme_fullchains_dir }}{% if haproxy.config.http2 %} alpn h2,http/1.1{% endif %}
+  bind *:{{ haproxy.config.https_port }},:::{{ haproxy.config.https_port }} v4v6 ssl crt {{ haproxy.config.acme_fullchains_dir }}{% if haproxy.config.http2 %} alpn h2,http/1.1{% endif %} name https
   #bind quic4@*:{{ haproxy.config.https_port }},quic6@:::{{ haproxy.config.https_port }} v4v6 ssl crt {{ haproxy.config.acme_fullchains_dir }}{% if haproxy.config.http2 %} alpn h2,http/1.1{% endif %}
   mode http
   option httplog
@@ -133,6 +133,7 @@ frontend https from {{ haproxy.config.namespace }}
   acl robots_txt path /robots.txt
   acl self_host req.hdr(Host) {{ fqdn }}
   acl path_root path /
+  acl path_admin path_beg /;
   acl path_host path_dir /host
   acl path_date path_dir /date
   acl path_srchash path /srchash
@@ -171,10 +172,10 @@ frontend https from {{ haproxy.config.namespace }}
   log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r"
   http-request redirect location %[req.hdr(Host),map_dom({{ haproxy.config.dir }}/maps/redirects)] code 301 if { req.hdr(Host),map_dom({{ haproxy.config.dir }}/maps/redirects) -m found }
   http-request deny deny_status 404 unless domains
-{%- if haproxy.config.admin.enable %}
-  use_backend admin if self_host internal path_root
+{%- if haproxy.config.admin %}
+  use_backend admin if self_host internal path_root || path_admin
 {%- endif %}
-  use_backend %[req.hdr(Host),lower,map({{ haproxy.config.dir }}/maps/vhosts)]
+  use_backend %[req.hdr(Host),lower,map({{ haproxy.config.dir }}/maps/vhosts,nginx)]
   monitor-uri /dead_or_alive
   default_backend {{ ns.default_backend }}
 
@@ -191,7 +192,6 @@ backend {{ name }} from {{ haproxy.config.namespace }}
   http-check {{ step }}
 {%- endfor %}
 {%- endif %}
-  {{ statusresponses() }}
 {%- if values.head|default(False) %}
   {{ head() }}
 {%- endif %}
@@ -214,7 +214,7 @@ backend {{ name }} from {{ haproxy.config.namespace }}
 # TCP services
 {%- for name, values in haproxy.config.services.items() %}
 listen {{ name }} from {{ haproxy.config.namespace }}
-  bind *:{{ values.port }},:::{{ values.port }} v4v6
+  bind *:{{ values.port }},:::{{ values.port }} v4v6 name {{ name }}
   mode tcp
   option tcplog
 {%- if values.type == "postgres" %}
@@ -231,6 +231,6 @@ listen {{ name }} from {{ haproxy.config.namespace }}
   bind *:{{ values.port }},:::{{ values.port }} v4v6
 {% endfor %}
 
-{%- if haproxy.config.admin.enable %}
+{%- if haproxy.config.admin %}
 {{ admin() }}
 {%- endif %}