Ruby Shell HTML
Clone or download
Stromweld and damacus removed a couple default values from resources properties (#308)
* Removed default values so they can be defined in the haproxy.cfg default section. Added reload example to haproxy_service in readme.

* fix template errors with removing defaults

* fix template frontend maxconn check
Latest commit 04b42ee Aug 8, 2018
Permalink
Failed to load latest commit information.
.circleci Move Danger to CircleCI Aug 1, 2018
.delivery Test with Delivery local Mar 4, 2017
.github Add lockbot Jun 9, 2018
example_configs fix markdown table syntax (#278) Feb 16, 2018
files Sync default init script with latest upstream changes (#233) Jun 27, 2017
resources removed a couple default values from resources properties (#308) Aug 8, 2018
spec Custom resource rewrite (#164) Apr 18, 2017
templates removed a couple default values from resources properties (#308) Aug 8, 2018
test added source crypt support (#305) Aug 1, 2018
.foodcritic Ignore FC121, build essential dep Aug 1, 2018
.gitignore 1.8.4 (#279) Feb 16, 2018
.kitchen.dokken.yml Haproxy service resource (#287) Apr 12, 2018
.kitchen.yml Haproxy service resource (#287) Apr 12, 2018
.travis.yml Move Danger to CircleCI Aug 1, 2018
Berksfile Custom resource rewrite (#164) Apr 18, 2017
CHANGELOG.md removed a couple default values from resources properties (#308) Aug 8, 2018
CODEOWNERS Add CODEOWNERS Jul 18, 2017
CODE_OF_CONDUCT.md Update CODE_OF_CONDUCT.md Dec 8, 2016
CONTRIBUTING.md Fix contributing doc typo Mar 4, 2017
Dangerfile Add Dangerfile! (#293) Mar 29, 2018
Guardfile Custom resource rewrite (#164) Apr 18, 2017
LICENSE Preparing repository for splitting cookbooks into their own repos. Feb 28, 2012
README.md removed a couple default values from resources properties (#308) Aug 8, 2018
TESTING.md adding in changelog updates (#192) Apr 19, 2017
chefignore Remove resource cloning config and use opensuse slug (#282) Feb 20, 2018
metadata.rb removed a couple default values from resources properties (#308) Aug 8, 2018

README.md

haproxy Cookbook

Build Status Cookbook Version

Installs and configures haproxy.

Requirements

  • Chef 12.20+

Platforms

  • Ubuntu Ubuntu 14.04+, Ubuntu 16.04
  • RHEL 6+, CentOS6+, OracleLinux6+
  • RHEL 7+, CentOS7+, OracleLinux7+
  • Debian 8+

Examples

Please check for working examples in TEST

Resources

haproxy_acl

Access Control Lists creates a new ACL or completes an existing one with new tests.

The actions generally consist in blocking a request, selecting a backend, or adding a header.

Introduced: v4.2.0

Actions

  • :create

Properties

  • acl - (is: [String, Array])
  • section - (is: String)
  • section_name - (is: String)
  • config_dir - (is: String)
  • config_file - (is: String)

Examples

haproxy_acl 'gina_host hdr(host) -i foo.bar.com' do
  section 'frontend'
  section_name 'http'
end
haproxy_acl 'acls for frontend:http' do
  section 'frontend'
  section_name 'http'
  acl [
    'rrhost_host hdr(host) -i dave.foo.bar.com foo.foo.com',
    'tile_host hdr(host) -i dough.foo.bar.com',
  ]
end
haproxy_acl 'acls for listen' do
  section 'listen'
  section_name 'admin'
  acl ['network_allowed src 127.0.0.1']
end

haproxy_backend

Backend describes a set of servers to which the proxy will connect to forward incoming connections.

Introduced: v4.0.0

Actions

  • :create

Properties

  • mode - (is: String)
  • server - (is: Array)
  • tcp_request - (is: Array)
  • acl - (is: Array)
  • option - (is: Array)
  • extra_options - (is: Hash)
  • config_dir - (is: String)
  • config_file - (is: String)

Examples

haproxy_backend 'servers' do
  server ['server1 127.0.0.1:8000 maxconn 32']
end
haproxy_backend 'tiles_public' do
  server ['tile0 10.0.0.10:80 check weight 1 maxconn 100',
          'tile1 10.0.0.10:80 check weight 1 maxconn 100']
  tcp_request ['content track-sc2 src',
               'content reject if conn_rate_abuse mark_as_abuser']
  option %w(httplog dontlognull forwardfor)
  acl ['conn_rate_abuse sc2_conn_rate gt 3000',
       'data_rate_abuse sc2_bytes_out_rate gt 20000000',
       'mark_as_abuser sc1_inc_gpc0 gt 0',
     ]
  extra_options(
    'stick-table' => 'type ip size 200k expire 2m store conn_rate(60s),bytes_out_rate(60s)',
    'http-request' => 'set-header X-Public-User yes'
  )
end

haproxy_config_defaults

Defaults sets default parameters for all other sections following its declaration. Those default parameters are reset by the next "defaults" section.

Introduced: v4.0.0

Actions

  • :create

Properties

  • timeout - (is: Hash)
  • log - (is: String)
  • mode - (is: String)
  • balance - (is: )
  • option - (is: Array)
  • stats - (is: Hash)
  • maxconn - (is: Integer)
  • extra_options - (is: Hash)
  • haproxy_retries - (is: Integer)
  • config_dir - (is: String)
  • config_file - (is: String)

Examples

haproxy_config_defaults 'defaults' do
  mode 'http'
  timeout connect: '5000ms',
          client: '5000ms',
          server: '5000ms'
  haproxy_retries 5
end
haproxy_config_defaults 'defaults' do
  mode 'http'
  timeout connect: '5s',
          client: '50s',
          server: '50s'
  log 'global'
  retries 3
end

haproxy_config_global

Parameters in the "global" section are process-wide and often OS-specific.

They are generally set once for all and do not need being changed once correct.

Introduced: v4.0.0

Actions

  • :create

Properties

  • haproxy_user - (is: String)
  • haproxy_group - (is: String)
  • pidfile - (is: String)
  • log - (is: [String, Array])
  • daemon - (is: [TrueClass, FalseClass])
  • debug_option - (is: String)
  • stats - (is: Hash)
  • maxconn - (is: Integer)
  • config_cookbook - (is: String)
  • chroot - (is: String)
  • log_tag - (is: String)
  • tuning - (is: Hash)
  • extra_options - (is: Hash)
  • config_dir - (is: String)
  • config_file - (is: String)

Examples

haproxy_config_global '' do
  chroot '/var/lib/haproxy'
  daemon true
  maxconn 256
  log '/dev/log local0'
  log_tag 'WARDEN'
  pidfile '/var/run/haproxy.pid'
  stats socket: '/var/lib/haproxy/stats level admin'
  tuning 'bufsize' => '262144'
end
haproxy_config_global 'global' do
  daemon false
  maxconn 4097
  chroot '/var/lib/haproxy'
  stats socket: '/var/lib/haproxy/haproxy.stat mode 600 level admin',
        timeout: '2m'
end

haproxy_frontend

Frontend describes a set of listening sockets accepting client connections.

Introduced: v4.0.0

Actions

  • :create

Properties

  • bind - (is: [String, Hash])
  • mode - (is: String)
  • maxconn - (is: Integer)
  • default_backend - (is: String)
  • use_backend - (is: Array)
  • acl - (is: Array)
  • option - (is: Array)
  • stats - (is: Hash)
  • extra_options - (is: Hash)
  • config_dir - (is: String)
  • config_file - (is: String)

Examples

haproxy_frontend 'http-in' do
  bind '*:80'
  default_backend 'servers'
end

haproxy_frontend 'tcp-in' do
  mode 'tcp'
  bind '*:3307'
  default_backend 'tcp-servers'
end

haproxy_install

Install HAProxy from package or source.

Introduced: v4.0.0

Actions

  • :create

Properties

  • install_type - (is: String)
  • conf_template_source - (is: String)
  • conf_cookbook - (is: String)
  • conf_file_mode - (is: String)
  • bin_prefix - (is: String)
  • config_dir - (is: String)
  • config_file - (is: String)
  • haproxy_user - (is: String)
  • haproxy_group - (is: String)
  • install_only - (is: [true, false])
  • service_name - (is: String)
  • use_systemd - (is: String)
  • package_name - (is: String)
  • package_version - (is: [String, nil])
  • source_version - (is: String)
  • source_url - (is: String)
  • source_checksum - (is: String)
  • source_target_cpu - (is: [String, nil])
  • source_target_arch - (is: [String, nil])
  • source_target_os - (is: String)
  • use_libcrypt - (is: String)
  • use_pcre - (is: String)
  • use_openssl - (is: String)
  • use_zlib - (is: String)
  • use_linux_tproxy - (is: String)
  • use_linux_splice - (is: String)

Examples

haproxy_install 'package'
haproxy_install 'source' do
  source_url node['haproxy']['source_url']
  source_checksum node['haproxy']['source_checksum']
  source_version node['haproxy']['source_version']
  use_pcre '1'
  use_openssl '1'
  use_zlib '1'
  use_linux_tproxy '1'
  use_linux_splice '1'
end

haproxy_listen

Listen defines a complete proxy with its frontend and backend parts combined in one section.

It is generally useful for TCP-only traffic.

Introduced: v4.0.0

Actions

  • :create

Properties

  • mode - (is: String)
  • bind - (is: [String, Hash])
  • maxconn - (is: Integer)
  • stats - (is: Hash)
  • http_request - (is: String)
  • http_response - (is: String)
  • default_backend - (is: String)
  • use_backend - (is: Array)
  • acl - (is: Array)
  • extra_options - (is: Hash)
  • config_dir - (is: String)
  • config_file - (is: String)

Examples

haproxy_listen 'admin' do
  bind '0.0.0.0:1337'
  mode 'http'
  stats uri: '/',
        realm: 'Haproxy-Statistics',
        auth: 'user:pwd'
  http_request 'add-header X-Proto http'
  http_response 'set-header Expires %[date(3600),http_date]'
  default_backend 'servers'
  extra_options('bind-process' => 'odd')
end

haproxy_resolver

Configuration related to name resolution in HAProxy. There can be as many as resolvers section as needed.

Each section can contain many name servers.

Introduced: v4.5.0

Actions

  • :create

Properties

  • nameserver - (is: Array)
  • extra_options - (is: Hash)
  • config_dir - (is: String)
  • config_file - (is: String)

Examples

haproxy_resolver 'dns' do
  nameserver ['google 8.8.8.8:53']
  extra_options('resolve_retries' => 30,
                'timeout' => 'retry 1s')
  notifies :restart, 'haproxy_service[haproxy]', :delayed
end

haproxy_service

Installs HAProxy as a systemd or sysvinit service. To reload HAProxy service add a subscribes option to the resource block. See example below.

Introduced: v4.0.0

Actions

  • :create
  • :start
  • :stop
  • :restart
  • :reload
  • :enable

Properties

  • bin_prefix - (is: String)
  • config_dir - (is: String)
  • config_file - (is: String)
  • haproxy_user - (is: String)
  • haproxy_group - (is: String)
  • service_name - (is: String)
  • source_version - (is: String)
  • use_systemd - (is: String)

Examples

haproxy_service 'haproxy'
haproxy_service 'haproxy' do
  source_version node['haproxy']['source_version']
  action :create
  subscribes :reload, 'template[/etc/haproxy/haproxy.cfg]', :immediately
end

haproxy_use_backend

Switch to a specific backend if/unless an ACL-based condition is matched.

Introduced: v4.2.0

Actions

  • :create

Properties

  • use_backend - (is: [String, Array])
  • section - (is: String)
  • section_name - (is: String)
  • config_dir - (is: String)
  • config_file - (is: String)

Examples

haproxy_use_backend 'gina if gina_host' do
  section 'frontend'
  section_name 'http'
end
haproxy_use_backend 'use_backends for frontend:http' do
  section 'frontend'
  section_name 'http'
  use_backend [
    'rrhost if rrhost_host',
    'tiles_public if tile_host',
  ]
end

haproxy_userlist

Control access to frontend/backend/listen sections or to http stats by allowing only authenticated and authorized users.

Introduced: v4.1.0

Actions

  • :create

Properties

  • group - (is: Hash)
  • user - (is: Hash)
  • config_dir - (is: String)
  • config_file - (is: String)

Examples

haproxy_userlist 'mylist' do
  group 'G1' => 'users tiger,scott',
        'G2' => 'users xdb,scott'
  user  'tiger' => 'password $6$k6y3o.eP$JlKBx9za9667qe4(...)xHSwRv6J.C0/D7cV91',
        'scott' => 'insecure-password elgato',
        'xdb' => 'insecure-password hello'
end

License & Authors

Copyright:: Heavy Water Operations, LLC.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.