--- # Copyright 2014, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Validate Certificates when downloading hatop. May be set to "no" when proxy server # is intercepting the certificates. haproxy_hatop_download_validate_certs: yes # Set the package install state for distribution packages # Options are 'present' and 'latest' haproxy_package_state: "latest" ## Haproxy Configuration haproxy_rise: 3 haproxy_fall: 3 haproxy_interval: 12000 ## Haproxy Stats haproxy_stats_enabled: False haproxy_stats_bind_address: 127.0.0.1 haproxy_stats_port: 1936 haproxy_username: admin haproxy_stats_password: secrete haproxy_stats_refresh_interval: 60 # Default haproxy backup nodes to empty list so this doesn't have to be # defined for each service. haproxy_backup_nodes: [] haproxy_service_configs: [] # Example: # haproxy_service_configs: # - service: # haproxy_service_name: haproxy_all # haproxy_backend_nodes: "{{ groups['haproxy_all'][0] }}" # # haproxy_backup_nodes: "{{ groups['haproxy_all'][1:] }}" # haproxy_port: 80 # haproxy_balance_type: http # haproxy_backend_options: # - "forwardfor" # - "httpchk" # - "httplog" # haproxy_acls: # white_list: # rule: "src 127.0.0.1/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8" # backend_name: "mybackend" galera_monitoring_user: monitoring haproxy_bind_on_non_local: False ## haproxy SSL haproxy_ssl: true haproxy_ssl_dh_param: 2048 haproxy_ssl_self_signed_regen: no haproxy_ssl_cert: /etc/ssl/certs/haproxy.cert haproxy_ssl_key: /etc/ssl/private/haproxy.key haproxy_ssl_pem: /etc/ssl/private/haproxy.pem haproxy_ssl_ca_cert: /etc/ssl/certs/haproxy-ca.pem haproxy_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ external_lb_vip_address }}/subjectAltName=IP.1={{ external_lb_vip_address }}" haproxy_ssl_cipher_suite: "{{ ssl_cipher_suite | default('ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS') }}" haproxy_ssl_bind_options: "force-tlsv12" # hatop extra package URL and checksum haproxy_hatop_download_url: "https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/hatop/hatop-0.7.7.tar.gz" haproxy_hatop_download_checksum: "sha256:0b9fc1b84ce4e469a069e3a3c7c1b5eea10e6bb24bc66bd32af453acd54636ab" # Where the extra package download is executed from. # Options are ['deployment-host', 'target-host'] haproxy_hatop_downloader: "deployment-host" # The location where the extra packages are downloaded to haproxy_hatop_download_path: "/opt/cache/files" ## haproxy default # Set the number of retries to perform on a server after a connection failure haproxy_retries: "3" # Set the maximum inactivity time on the client side haproxy_client_timeout: "50s" # Set the maximum time to wait for a connection attempt to a server to succeed haproxy_connect_timeout: "10s" # Set the maximum allowed time to wait for a complete HTTP request haproxy_http_request_timeout: "5s" # Set the maximum inactivity time on the server side haproxy_server_timeout: "50s" ## haproxy tuning params haproxy_maxconn: 4096 # Parameters below should only be specified if necessary, defaults are programmed in the template #haproxy_tuning_params: # nbproc: 1 # bufsize: 384000 # chksize: 16384 # comp_maxlevel: 1 # http_maxhdr: 101 # maxaccept: 64 # ssl_cachesize: 20000 # ssl_lifetime: 300