openstack/openstack-ansible-haproxy_server
Code Issues Proposed changes
Files
67e19ebccd67d582e8770b1608307430d1ce5570
openstack-ansible-haproxy_s…/templates/haproxy.cfg.j2
Dmitriy Rabotyagov 6025eaac36 Allow do disable SSL only for stats frontend 
Currently there is no way of disabling SSL connection for stats frontend
as it implies more global variable. However, for some systems consuming
self-signed root certificate might be not an option and disabling
SSL verification tricky. Thus, we introduce new variable that allows to
nicely control if SSL should be served for stats frontend or not.

Change-Id: Ic4bc4393ec89469876e9e95b12bb9c4069972713
2022-10-05 11:29:50 +00:00

65 lines
2.4 KiB
Django/Jinja
Raw Blame History

# {{ ansible_managed }}
global
log /dev/log local0
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
maxconn {{ haproxy_maxconn }}
{% for key, value in ((_haproxy_default_tuning_params | default({})) | combine(haproxy_tuning_params)).items() %}
{{ key }} {{ value }}
{% endfor %}
stats socket /var/run/haproxy.stat level admin mode 600
{% if haproxy_stats_process is defined %}
stats bind-process {{ haproxy_stats_process }}
{% endif %}
{% if haproxy_ssl | bool %}
ssl-default-bind-options {{ haproxy_ssl_bind_options }}
ssl-default-server-options {{ haproxy_ssl_server_options }}
{% if haproxy_ssl_cipher_suite_tls13 != "" -%}
ssl-default-bind-ciphersuites {{ haproxy_ssl_cipher_suite_tls13 }}
ssl-default-server-ciphersuites {{ haproxy_ssl_cipher_suite_tls13 }}
{% endif -%}
{% if haproxy_ssl_cipher_suite_tls12 != "" -%}
ssl-default-bind-ciphers {{ haproxy_ssl_cipher_suite_tls12 }}
ssl-default-server-ciphers {{ haproxy_ssl_cipher_suite_tls12 }}
{% endif -%}
tune.ssl.default-dh-param {{ haproxy_ssl_dh_param }}
{% endif %}
defaults
log global
option dontlognull
option redispatch
option {{ haproxy_keepalive_mode }}
retries {{ haproxy_retries }}
timeout client {{ haproxy_client_timeout }}
timeout connect {{ haproxy_connect_timeout }}
timeout http-request {{ haproxy_http_request_timeout }}
timeout server {{ haproxy_server_timeout }}
maxconn {{ haproxy_maxconn }}
{% if haproxy_stats_enabled | bool %}
listen stats
bind {{ haproxy_stats_bind_address }}:{{ haproxy_stats_port }} {% if haproxy_stats_ssl | bool %}ssl crt {{ haproxy_ssl_cert_path }}/haproxy_{{ ansible_facts['hostname'] }}-{{ haproxy_bind_internal_lb_vip_address }}.pem{% endif %}
{% if haproxy_stats_process is defined %}
bind-process {{ haproxy_stats_process }}
{% endif %}
mode http
{% if haproxy_stats_prometheus_enabled | bool %}
option http-use-htx
http-request use-service prometheus-exporter if { path /metrics }
{% endif %}
stats enable
stats hide-version
stats realm Haproxy\ Statistics
stats uri /
stats show-node
stats show-legends
stats auth {{ haproxy_username }}:{{ haproxy_stats_password }}
stats admin if TRUE
stats refresh {{ haproxy_stats_refresh_interval }}s
{% endif %}
View Git Blame Copy Permalink