forked from evolix/ansible-roles
haproxy: enable stats frontend with access lists
This commit is contained in:
parent
f5d06ad0b1
commit
45731c7755
|
@ -12,6 +12,7 @@ The **patch** part changes incrementally at each release.
|
||||||
|
|
||||||
### Added
|
### Added
|
||||||
|
|
||||||
|
* haproxy: enable stats frontend with access lists
|
||||||
* lxc-php: Install php-sqlite by default
|
* lxc-php: Install php-sqlite by default
|
||||||
* lxc-php: Don't disable putenv() by default in PHP settings
|
* lxc-php: Don't disable putenv() by default in PHP settings
|
||||||
* mysql: activate binary logs by specifying log_bin path
|
* mysql: activate binary logs by specifying log_bin path
|
||||||
|
|
|
@ -7,3 +7,10 @@ haproxy_force_config: True
|
||||||
|
|
||||||
haproxy_socket: /run/haproxy/admin.sock
|
haproxy_socket: /run/haproxy/admin.sock
|
||||||
haproxy_chroot: /var/lib/haproxy
|
haproxy_chroot: /var/lib/haproxy
|
||||||
|
|
||||||
|
haproxy_stats_access_ips: []
|
||||||
|
haproxy_stats_admin_ips: []
|
||||||
|
haproxy_maintenance_ips: []
|
||||||
|
|
||||||
|
haproxy_stats_enable: False
|
||||||
|
haproxy_stats_bind: "*:8080 ssl crt /etc/haproxy/ssl/"
|
||||||
|
|
|
@ -35,4 +35,40 @@
|
||||||
- haproxy
|
- haproxy
|
||||||
- config
|
- config
|
||||||
|
|
||||||
|
- name: HAProxy stats_access_ips are present
|
||||||
|
blockinfile:
|
||||||
|
dest: /etc/haproxy/stats_access_ips
|
||||||
|
create: yes
|
||||||
|
block: |
|
||||||
|
{% for ip in haproxy_stats_access_ips | default([]) %}
|
||||||
|
{{ ip }}
|
||||||
|
{% endfor %}
|
||||||
|
notify: reload haproxy
|
||||||
|
tags:
|
||||||
|
- haproxy
|
||||||
|
- config
|
||||||
|
|
||||||
|
- name: HAProxy stats_admin_ips are present
|
||||||
|
blockinfile:
|
||||||
|
dest: /etc/haproxy/stats_admin_ips
|
||||||
|
create: yes
|
||||||
|
block: |
|
||||||
|
{% for ip in haproxy_stats_admin_ips | default([]) %}
|
||||||
|
{{ ip }}
|
||||||
|
{% endfor %}
|
||||||
|
notify: reload haproxy
|
||||||
|
tags:
|
||||||
|
- haproxy
|
||||||
|
- config
|
||||||
|
|
||||||
|
- name: HAProxy maintenance_ips are present
|
||||||
|
blockinfile:
|
||||||
|
dest: /etc/haproxy/maintenance_ips
|
||||||
|
create: yes
|
||||||
|
block: |
|
||||||
|
{% for ip in haproxy_maintenance_ips | default([]) %}
|
||||||
|
{{ ip }}
|
||||||
|
{% endfor %}
|
||||||
|
notify: reload haproxy
|
||||||
|
|
||||||
- include: munin.yml
|
- include: munin.yml
|
||||||
|
|
|
@ -37,3 +37,23 @@ defaults
|
||||||
errorfile 502 /etc/haproxy/errors/502.http
|
errorfile 502 /etc/haproxy/errors/502.http
|
||||||
errorfile 503 /etc/haproxy/errors/503.http
|
errorfile 503 /etc/haproxy/errors/503.http
|
||||||
errorfile 504 /etc/haproxy/errors/504.http
|
errorfile 504 /etc/haproxy/errors/504.http
|
||||||
|
|
||||||
|
{% if haproxy_stats_enable %}
|
||||||
|
listen stats
|
||||||
|
mode http
|
||||||
|
bind {{ haproxy_stats_bind }}
|
||||||
|
|
||||||
|
stats enable
|
||||||
|
stats refresh 10s
|
||||||
|
stats uri /
|
||||||
|
stats show-legends
|
||||||
|
stats show-node
|
||||||
|
|
||||||
|
acl stats_access_ips src -f /etc/haproxy/stats_access_ips
|
||||||
|
http-request deny if !stats_access_ips
|
||||||
|
|
||||||
|
acl stats_admin_ips src -f /etc/haproxy/stats_admin_ips
|
||||||
|
stats admin if stats_admin_ips
|
||||||
|
|
||||||
|
http-request set-log-level silent
|
||||||
|
{% endif %}
|
||||||
|
|
Loading…
Reference in a new issue