Browse Source

haproxy: dedicated internal address/binding (without SSL)

pull/125/head
Jérémy Lecour 1 month ago
committed by Jérémy Lecour
parent
commit
a5a2c6e335
  1. 2
      CHANGELOG.md
  2. 28
      haproxy/defaults/main.yml
  3. 3
      haproxy/templates/haproxy.default.cfg.j2
  4. 4
      haproxy/templates/munin.conf.j2

2
CHANGELOG.md

@ -12,6 +12,8 @@ The **patch** part changes incrementally at each release.
### Added
* haproxy: dedicated internal address/binding (without SSL)
### Changed
### Fixed

28
haproxy/defaults/main.yml

@ -1,20 +1,20 @@
---
haproxy_ssl_dir: "/etc/haproxy/ssl/"
# backward compatibility with a previously used variable
haproxy_stats_enable: False
haproxy_stats_ssl: True
haproxy_stats_host: "*"
haproxy_stats_port: "8080"
haproxy_stats_path: "/"
haproxy_stats_bind_directive: "{{ haproxy_stats_host }}:{{ haproxy_stats_port }} {% if haproxy_stats_ssl %}ssl crt {{ haproxy_ssl_dir }}{% endif %}"
haproxy_stats_internal_url: "{% if haproxy_stats_ssl %}https:{% else %}http:{% endif %}//{% if haproxy_stats_host == '*' or haproxy_stats_host == '0.0.0.0' %}127.0.0.1{% else %}{{ haproxy_stats_host }}{% endif %}:{{ haproxy_stats_port }}{{ haproxy_stats_path }}"
haproxy_stats_external_url: "{% if haproxy_stats_ssl %}https:{% else %}http:{% endif %}//{{ ansible_fqdn }}:{{ haproxy_stats_port }}{{ haproxy_stats_path }}"
haproxy_backports: "{{ haproxy_jessie_backports | default(false, true) }}"
haproxy_update_config: True
haproxy_force_config: True
haproxy_stats_internal_enable: True
haproxy_stats_internal_host: "127.0.0.1"
haproxy_stats_internal_port: "8081"
haproxy_socket: /run/haproxy/admin.sock
haproxy_chroot: /var/lib/haproxy
haproxy_stats_external_url: "{% if haproxy_stats_ssl %}https:{% else %}http:{% endif %}//{{ ansible_fqdn }}:{{ haproxy_stats_port }}{{ haproxy_stats_path }}"
haproxy_stats_access_ips: []
haproxy_stats_admin_ips: []
@ -22,13 +22,15 @@ haproxy_stats_users: []
## use crypt(8) password encryption
# haproxy_stats_users:
# - { login: "", password: "" }
haproxy_maintenance_ips: []
haproxy_deny_ips: []
haproxy_ssl_dir: "/etc/haproxy/ssl/"
haproxy_backports: "{{ haproxy_jessie_backports | default(false, true) }}"
haproxy_update_config: True
haproxy_force_config: True
haproxy_stats_enable: False
haproxy_stats_bind: "*:8080 ssl crt /etc/haproxy/ssl/"
haproxy_socket: /run/haproxy/admin.sock
haproxy_chroot: /var/lib/haproxy
haproxy_maintenance_ips: []
haproxy_deny_ips: []
haproxy_backports_packages_stretch: haproxy libssl1.0.0
haproxy_backports_packages_buster: haproxy

3
haproxy/templates/haproxy.default.cfg.j2

@ -45,6 +45,9 @@ userlist stats_users
listen stats
mode http
bind {{ haproxy_stats_bind_directive }}
{% if haproxy_stats_internal_enable %}
bind {{ haproxy_stats_internal_host }}:{{ haproxy_stats_internal_port }}
{% endif %}
acl stats_access_ips src -f /etc/haproxy/stats_access_ips
acl stats_admin_ips src -f /etc/haproxy/stats_admin_ips

4
haproxy/templates/munin.conf.j2

@ -1,2 +1,4 @@
[haproxy_*]
env.url {{ haproxy_stats_internal_url }};csv;norefresh
{% if haproxy_stats_internal_enable %}
env.url http://{{ haproxy_stats_internal_host }}:{{ haproxy_stats_internal_port }}/;csv;norefresh
{% endif %}
Loading…
Cancel
Save