openstack/openstack-ansible-haproxy_server
Code Issues Proposed changes
Files
be9a66c2807b5e7edb4f9868c6491ce26f0b5d7f
openstack-ansible-haproxy_s…/templates/haproxy.cfg.j2
Dmitriy Rabotyagov be9a66c280 Don't restrict haproxy tunable options 
Instead of hardcoding specific supported tunable options, we
just pass key as an option to haproxy config.

This change might break deployments during upgrades, since format of
values in variable has changed, but appropriate release note was written

We also increase maxrewrite by default, as otherwise usage of CSP leads
to 500 error.

Change-Id: I949960420ed5dbd6d58f0de7dae0ac629a85b7fc
Related-Bug: https://github.com/haproxy/haproxy/issues/1597
Needed-By: https://review.opendev.org/c/openstack/openstack-ansible-os_horizon/+/844815
2022-06-20 08:27:40 +02:00

65 lines
2.4 KiB
Django/Jinja
Raw Blame History

# {{ ansible_managed }}
global
log /dev/log local0
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
maxconn {{ haproxy_maxconn }}
{% for key, value in ((_haproxy_default_tuning_params | default({})) | combine(haproxy_tuning_params)).items() %}
{{ key }} {{ value }}
{% endfor %}
stats socket /var/run/haproxy.stat level admin mode 600
{% if haproxy_stats_process is defined %}
stats bind-process {{ haproxy_stats_process }}
{% endif %}
{% if haproxy_ssl | bool %}
ssl-default-bind-options {{ haproxy_ssl_bind_options }}
ssl-default-server-options {{ haproxy_ssl_server_options }}
{% if haproxy_ssl_cipher_suite_tls13 != "" -%}
ssl-default-bind-ciphersuites {{ haproxy_ssl_cipher_suite_tls13 }}
ssl-default-server-ciphersuites {{ haproxy_ssl_cipher_suite_tls13 }}
{% endif -%}
{% if haproxy_ssl_cipher_suite_tls12 != "" -%}
ssl-default-bind-ciphers {{ haproxy_ssl_cipher_suite_tls12 }}
ssl-default-server-ciphers {{ haproxy_ssl_cipher_suite_tls12 }}
{% endif -%}
tune.ssl.default-dh-param {{ haproxy_ssl_dh_param }}
{% endif %}
defaults
log global
option dontlognull
option redispatch
option {{ haproxy_keepalive_mode }}
retries {{ haproxy_retries }}
timeout client {{ haproxy_client_timeout }}
timeout connect {{ haproxy_connect_timeout }}
timeout http-request {{ haproxy_http_request_timeout }}
timeout server {{ haproxy_server_timeout }}
maxconn {{ haproxy_maxconn }}
{% if haproxy_stats_enabled | bool %}
listen stats
bind {{ haproxy_stats_bind_address }}:{{ haproxy_stats_port }} {% if haproxy_ssl | bool %}ssl crt {{ haproxy_ssl_cert_path }}/haproxy_{{ ansible_facts['hostname'] }}-{{ haproxy_bind_internal_lb_vip_address }}.pem{% endif %}
{% if haproxy_stats_process is defined %}
bind-process {{ haproxy_stats_process }}
{% endif %}
mode http
{% if haproxy_stats_prometheus_enabled | bool %}
option http-use-htx
http-request use-service prometheus-exporter if { path /metrics }
{% endif %}
stats enable
stats hide-version
stats realm Haproxy\ Statistics
stats uri /
stats show-node
stats show-legends
stats auth {{ haproxy_username }}:{{ haproxy_stats_password }}
stats admin if TRUE
stats refresh {{ haproxy_stats_refresh_interval }}s
{% endif %}
View Git Blame Copy Permalink