From 33479418eec7c1a18d57d755be47eca800b918a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Jeanneret?= Date: Tue, 12 Sep 2017 17:01:29 +0200 Subject: [PATCH] Added new parameter for HAProxy configuration This allow to set the socket access level to admin instead of default "user". This "admin" access adds the capability to interact with HAproxy in order to manage its configuration, at least temporarly. This changes keeps the default "user" access level, as "admin" might break things if misused. Change-Id: I1a4612b9f8aacc410b48a04dac3bf300bbb0e08e Closes-bug: #1716692 --- manifests/haproxy.pp | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index 93860367e..e9b5b6307 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -53,6 +53,11 @@ # Should haproxy run in daemon mode or not # Defaults to true # +# [*haproxy_socket_access_level*] +# Access level for HAProxy socket. +# Can be "user" or "admin" +# Defaults to "user" +# # [*manage_firewall*] # (optional) Enable or disable firewall settings for ports exposed by HAProxy # (false means disabled, and true means enabled) @@ -569,6 +574,7 @@ class tripleo::haproxy ( $haproxy_member_options = [ 'check', 'inter 2000', 'rise 2', 'fall 5' ], $haproxy_log_address = '/dev/log', $haproxy_daemon = true, + $haproxy_socket_access_level = 'user', $haproxy_stats_user = 'admin', $haproxy_stats_password = undef, $manage_firewall = hiera('tripleo::firewall::manage_firewall', true), @@ -799,7 +805,7 @@ class tripleo::haproxy ( 'ssl-default-bind-ciphers' => $ssl_cipher_suite, 'ssl-default-bind-options' => $ssl_options, 'stats' => [ - 'socket /var/lib/haproxy/stats mode 600 level user', + "socket /var/lib/haproxy/stats mode 600 level ${haproxy_socket_access_level}", 'timeout 2m' ], }