Add support for with_frontend and with_backend

This allows for more config flexibility - e.g. running multiple backends with a common frontend. Note this is a building block for future work on letsencrypt validator (which should offer backend and share frontend with any service running off 80/443 - which would be only horizon in the current default config), as well as any work towards single port (that is single frontend) and multiple services anchored at paths of it (which is the new recommended default). Change-Id: Ie088fcf575e4b5e8775f1f89dd705a275725e26d Partially-Implements: blueprint letsencrypt-https
2020-09-22 17:25:23 +02:00 · 2020-09-22 17:25:23 +02:00 · 3916c156be
parent 9451ac61a0
commit 3916c156be
2 changed files with 16 additions and 1 deletions
--- a/ansible/roles/haproxy-config/templates/haproxy_single_service_split.cfg.j2
+++ b/ansible/roles/haproxy-config/templates/haproxy_single_service_split.cfg.j2
@ -111,6 +111,10 @@ backend {{ service_name }}_back
        {% set custom_member_list = haproxy_service.custom_member_list|default(none) %}
        {# Mode defaults to http #}
        {% set mode = haproxy_service.mode|default('http') %}
+        {# By default each service has its own frontend (hence with_frontend is true by default) #}
+        {% set with_frontend = haproxy_service.with_frontend|default(true)|bool %}
+        {# By default each service has its own backend (hence with_backend is true by default) #}
+        {% set with_backend = haproxy_service.with_backend|default(true)|bool %}
        {# Use the parent host group but allow it to be overridden #}
        {% set host_group = haproxy_service.host_group|default(service.group) %}
        {# Additional options can be defined in config, and are additive to the global extras #}
@ -125,10 +129,12 @@ backend {{ service_name }}_back
        {% if auth_user and auth_pass %}
 {{ userlist_macro(haproxy_name, auth_user, auth_pass) }}
        {% endif %}
+        {% if with_frontend %}
 {{ frontend_macro(haproxy_name, haproxy_service.port, mode, external,
                  frontend_http_extra, frontend_tcp_extra) }}
+        {% endif %}
        {# Redirect (to https) is a special case, as it does not include a backend #}
-        {% if mode != 'redirect' %}
+        {% if with_backend and mode != 'redirect' %}
 {{ backend_macro(haproxy_name, listen_port, mode, host_group,
                 custom_member_list, backend_http_extra, backend_tcp_extra,
                 auth_user, auth_pass, tls_backend) }}
--- a/releasenotes/notes/haproxy-not-all-ends-ea1b2961f039abe7.yaml
+++ b/releasenotes/notes/haproxy-not-all-ends-ea1b2961f039abe7.yaml
@ -0,0 +1,9 @@
+---
+features:
+  - |
+    (internal/advanced) Adds support for ``with_frontend`` and ``with_backend``
+    to haproxy service definitions. These new fields preserve the old logic
+    by defaulting to ``true`` but can be set to ``false`` to make the selected
+    service not configure the respective "end".
+    This requires ``haproxy_service_template`` to be set to
+    ``haproxy_single_service_split.cfg.j2`` which is the new default.