--- # Copyright 2014, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Validate Certificates when downloading hatop. May be set to "no" when proxy server # is intercepting the certificates. haproxy_hatop_download_validate_certs: yes # Set the package install state for distribution packages # Options are 'present' and 'latest' haproxy_package_state: "latest" ## Haproxy Configuration haproxy_rise: 3 haproxy_fall: 3 haproxy_interval: 12000 ## Haproxy standard API haproxy_repo: {} haproxy_gpg_keys: [] haproxy_required_distro_packages: [] haproxy_distro_packages: [] ## Haproxy Stats haproxy_stats_enabled: False haproxy_stats_bind_address: 127.0.0.1 haproxy_stats_port: 1936 haproxy_username: admin haproxy_stats_password: secrete # Default haproxy backup nodes to empty list so this doesn't have to be # defined for each service. haproxy_backup_nodes: [] # haproxy_service_configs: # - service: # hap_service_name: haproxy_all # hap_backend_nodes: "{{ groups['haproxy_all'][0] }}" # # hap_backup_nodes: "{{ groups['haproxy_all'][1:] }}" # hap_port: 80 # hap_balance_type: http # hap_backend_options: # - "forwardfor" # - "httpchk" # - "httplog" # haproxy_acls: # white_list: # rule: "src 127.0.0.1/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8" # backend_name: "mybackend" galera_monitoring_user: monitoring haproxy_bind_on_non_local: False ## haproxy SSL haproxy_ssl: true haproxy_ssl_dh_param: 2048 haproxy_ssl_self_signed_regen: no haproxy_ssl_cert: /etc/ssl/certs/haproxy.cert haproxy_ssl_key: /etc/ssl/private/haproxy.key haproxy_ssl_pem: /etc/ssl/private/haproxy.pem haproxy_ssl_ca_cert: /etc/ssl/certs/haproxy-ca.pem haproxy_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ external_lb_vip_address }}/subjectAltName=IP.1={{ external_lb_vip_address }}" haproxy_ssl_cipher_suite: "{{ ssl_cipher_suite | default('ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS') }}" haproxy_ssl_bind_options: "no-sslv3" haproxy_hatop_download_url: "https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/hatop/hatop-0.7.7.tar.gz" ## haproxy default timeouts haproxy_http_request_timeout: "5s" ## haproxy tuning params haproxy_maxconn: 4096 # Parameters below should only be specified if necessary, defaults are programmed in the template #haproxy_tuning_params: # nbproc: 1 # bufsize: 384000 # chksize: 16384 # comp_maxlevel: 1 # http_maxhdr: 101 # http_maxaccept: 64 # ssl_cachesize: 20000 # ssl_lifetime: 300