From 7e35a90b19f34caa5575bf8e8cc86eaf5418cc64 Mon Sep 17 00:00:00 2001 From: Paul Lecuq Date: Sat, 17 Dec 2022 23:26:58 +0100 Subject: [PATCH] updated haproxy state --- states/haproxy/config.sls | 2 +- states/haproxy/defaults.yaml | 6 +++--- states/haproxy/templates/haproxy.cfg.j2 | 9 ++++----- states/haproxy/templates/spoe.cfg.j2 | 27 +++++++++---------------- 4 files changed, 18 insertions(+), 26 deletions(-) diff --git a/states/haproxy/config.sls b/states/haproxy/config.sls index 94e4a8b..55d3f25 100644 --- a/states/haproxy/config.sls +++ b/states/haproxy/config.sls @@ -16,7 +16,7 @@ haproxy-maps-{{ filename }}: haproxy-spoe-config: file.managed: - name: {{ haproxy.config.dir }}/spoe.cfg - - source: salt://haproxy/spoe/spoe.cfg.j2 + - source: salt://haproxy/templates/spoe.cfg.j2 - user: {{ haproxy.config.user }} - group: {{ haproxy.config.group }} - mode: "0600" diff --git a/states/haproxy/defaults.yaml b/states/haproxy/defaults.yaml index 5513a71..1a85af9 100644 --- a/states/haproxy/defaults.yaml +++ b/states/haproxy/defaults.yaml @@ -27,10 +27,10 @@ haproxy: #log: 127.0.0.1 local0 log: stdout format raw daemon info retries: 2 + timeout check: 1s timeout client: 30m - timeout connect: 4s + timeout connect: 1s timeout server: 30m - timeout check: 5s unique-id-format: "%{+X}o\\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid" balance: roundrobin check: true @@ -44,7 +44,7 @@ haproxy: port: 7000 api: enable: true - filesocket: /var/run/hap-lb.sock + filesocket: /var/run/haproxy.sock tcpsocket: ipv4@127.0.0.1:9990 acme_dir: /etc/acme acme_fullchains_dir: /etc/acme/fullchains diff --git a/states/haproxy/templates/haproxy.cfg.j2 b/states/haproxy/templates/haproxy.cfg.j2 index 6b2265e..52db8ea 100644 --- a/states/haproxy/templates/haproxy.cfg.j2 +++ b/states/haproxy/templates/haproxy.cfg.j2 @@ -120,7 +120,7 @@ frontend https acl path_host path /host acl path_date path /date {%- if haproxy.config.admin.enable %} - acl admin path /server-status + acl admin path_beg /server-status {%- endif %} http-request set-var(req.src) src http-request set-var(req.host) req.hdr(host) @@ -136,7 +136,6 @@ frontend https http-request deny deny_status 429 if { sc_http_req_rate(0) gt {{ haproxy.config.ddos.maxrequests|default(200)}} } !internal ## Returns - http-request return status 200 content-type text/html lf-string "%H\n" if path_host http-request return status 200 content-type text/html string "User-agent: *\r\nDisallow: /" if robots_txt http-request return status 200 content-type text/html lf-string "%H\n" if path_host http-request return status 200 content-type text/html lf-string "%T\n" if path_date @@ -203,14 +202,14 @@ listen {{ name }} {%- endif %} default-server inter 3s fall 3 {{- tcpendpoints(servers=values.servers, check=values.check|default(haproxy.config.check)) }} -{% endfor -%} +{% endfor %} # SPOE Agents {%- for name, values in haproxy.config.spoe.items() %} listen {{ name }} bind *:{{ values.port }},:::{{ values.port }} v4v6 -{% endfor -%} +{% endfor %} -{% if haproxy.config.admin.enable %} +{%- if haproxy.config.admin.enable %} {{ admin() }} {%- endif %} diff --git a/states/haproxy/templates/spoe.cfg.j2 b/states/haproxy/templates/spoe.cfg.j2 index 293da0f..ac4ffa3 100644 --- a/states/haproxy/templates/spoe.cfg.j2 +++ b/states/haproxy/templates/spoe.cfg.j2 @@ -11,20 +11,13 @@ spoe-agent {{ name }} use-backend {{ name }} log global -{%- for m, m_values in values.messages.items() %} -spoe-message {{ m }} - {%- if m_values.args.keys() > 0 %} - args {{ " ".join([i+"="+v for i, v in m_values.args.items()]) }} - {%- endif %} - {%- if m_values.event %} - event {{ m_values.event }} - {%- endif %} -{% endfor %} - -spoe-message request - args unique_id=unique-id clientip=src host=req.hdr(Host) method=method path=pathq headers=req.hdrs body_size=req.body_size body=req.body - event on-frontend-http-request -spoe-message response - args unique_id=unique-id status=status - event on-http-response -{% endfor -%} +#{%- for m, m_values in values.messages.items() %} +#spoe-message {{ m }} +# {%- if m_values.args.keys() > 0 %} +# args {# " ".join(["%s=%s".format(i,v) for (i, v) in m_values.args.items()]) #} +# {%- endif %} +# {%- if m_values.event %} +# event {{ m_values.event }} +# {%- endif %} +#{% endfor %} +#{% endfor -%}