forked from evolix/ansible-roles
haproxy: enable stats frontend with access lists
This commit is contained in:
parent
f5d06ad0b1
commit
45731c7755
|
@ -12,6 +12,7 @@ The **patch** part changes incrementally at each release.
|
|||
|
||||
### Added
|
||||
|
||||
* haproxy: enable stats frontend with access lists
|
||||
* lxc-php: Install php-sqlite by default
|
||||
* lxc-php: Don't disable putenv() by default in PHP settings
|
||||
* mysql: activate binary logs by specifying log_bin path
|
||||
|
|
|
@ -7,3 +7,10 @@ haproxy_force_config: True
|
|||
|
||||
haproxy_socket: /run/haproxy/admin.sock
|
||||
haproxy_chroot: /var/lib/haproxy
|
||||
|
||||
haproxy_stats_access_ips: []
|
||||
haproxy_stats_admin_ips: []
|
||||
haproxy_maintenance_ips: []
|
||||
|
||||
haproxy_stats_enable: False
|
||||
haproxy_stats_bind: "*:8080 ssl crt /etc/haproxy/ssl/"
|
||||
|
|
|
@ -35,4 +35,40 @@
|
|||
- haproxy
|
||||
- config
|
||||
|
||||
- name: HAProxy stats_access_ips are present
|
||||
blockinfile:
|
||||
dest: /etc/haproxy/stats_access_ips
|
||||
create: yes
|
||||
block: |
|
||||
{% for ip in haproxy_stats_access_ips | default([]) %}
|
||||
{{ ip }}
|
||||
{% endfor %}
|
||||
notify: reload haproxy
|
||||
tags:
|
||||
- haproxy
|
||||
- config
|
||||
|
||||
- name: HAProxy stats_admin_ips are present
|
||||
blockinfile:
|
||||
dest: /etc/haproxy/stats_admin_ips
|
||||
create: yes
|
||||
block: |
|
||||
{% for ip in haproxy_stats_admin_ips | default([]) %}
|
||||
{{ ip }}
|
||||
{% endfor %}
|
||||
notify: reload haproxy
|
||||
tags:
|
||||
- haproxy
|
||||
- config
|
||||
|
||||
- name: HAProxy maintenance_ips are present
|
||||
blockinfile:
|
||||
dest: /etc/haproxy/maintenance_ips
|
||||
create: yes
|
||||
block: |
|
||||
{% for ip in haproxy_maintenance_ips | default([]) %}
|
||||
{{ ip }}
|
||||
{% endfor %}
|
||||
notify: reload haproxy
|
||||
|
||||
- include: munin.yml
|
||||
|
|
|
@ -37,3 +37,23 @@ defaults
|
|||
errorfile 502 /etc/haproxy/errors/502.http
|
||||
errorfile 503 /etc/haproxy/errors/503.http
|
||||
errorfile 504 /etc/haproxy/errors/504.http
|
||||
|
||||
{% if haproxy_stats_enable %}
|
||||
listen stats
|
||||
mode http
|
||||
bind {{ haproxy_stats_bind }}
|
||||
|
||||
stats enable
|
||||
stats refresh 10s
|
||||
stats uri /
|
||||
stats show-legends
|
||||
stats show-node
|
||||
|
||||
acl stats_access_ips src -f /etc/haproxy/stats_access_ips
|
||||
http-request deny if !stats_access_ips
|
||||
|
||||
acl stats_admin_ips src -f /etc/haproxy/stats_admin_ips
|
||||
stats admin if stats_admin_ips
|
||||
|
||||
http-request set-log-level silent
|
||||
{% endif %}
|
||||
|
|
Loading…
Reference in a new issue