]>
Commit | Line | Data |
---|---|---|
f67539c2 TL |
1 | # {{ cephadm_managed }} |
2 | global | |
3 | log 127.0.0.1 local2 | |
4 | chroot /var/lib/haproxy | |
5 | pidfile /var/lib/haproxy/haproxy.pid | |
6 | maxconn 8000 | |
7 | daemon | |
8 | stats socket /var/lib/haproxy/stats | |
9 | {% if spec.ssl_cert %} | |
10 | {% if spec.ssl_dh_param %} | |
11 | tune.ssl.default-dh-param {{ spec.ssl_dh_param }} | |
12 | {% endif %} | |
13 | {% if spec.ssl_ciphers %} | |
14 | ssl-default-bind-ciphers {{ spec.ssl_ciphers | join(':') }} | |
15 | {% endif %} | |
16 | {% if spec.ssl_options %} | |
17 | ssl-default-bind-options {{ spec.ssl_options | join(' ') }} | |
18 | {% endif %} | |
19 | {% endif %} | |
20 | ||
21 | defaults | |
b3b6e05e | 22 | mode {{ mode }} |
f67539c2 | 23 | log global |
b3b6e05e | 24 | {% if mode == 'http' %} |
f67539c2 TL |
25 | option httplog |
26 | option dontlognull | |
27 | option http-server-close | |
28 | option forwardfor except 127.0.0.0/8 | |
29 | option redispatch | |
30 | retries 3 | |
f67539c2 TL |
31 | timeout queue 20s |
32 | timeout connect 5s | |
b3b6e05e TL |
33 | timeout http-request 1s |
34 | timeout http-keep-alive 5s | |
39ae355f TL |
35 | timeout client 30s |
36 | timeout server 30s | |
f67539c2 | 37 | timeout check 5s |
b3b6e05e TL |
38 | {% endif %} |
39 | {% if mode == 'tcp' %} | |
40 | timeout queue 1m | |
41 | timeout connect 10s | |
42 | timeout client 1m | |
43 | timeout server 1m | |
44 | timeout check 10s | |
45 | {% endif %} | |
f67539c2 TL |
46 | maxconn 8000 |
47 | ||
48 | frontend stats | |
b3b6e05e | 49 | mode http |
f67539c2 | 50 | bind {{ ip }}:{{ monitor_port }} |
1e59de90 | 51 | bind {{ local_host_ip }}:{{ monitor_port }} |
f67539c2 TL |
52 | stats enable |
53 | stats uri /stats | |
54 | stats refresh 10s | |
55 | stats auth {{ user }}:{{ password }} | |
56 | http-request use-service prometheus-exporter if { path /metrics } | |
57 | monitor-uri /health | |
58 | ||
59 | frontend frontend | |
60 | {% if spec.ssl_cert %} | |
61 | bind {{ ip }}:{{ frontend_port }} ssl crt /var/lib/haproxy/haproxy.pem | |
62 | {% else %} | |
63 | bind {{ ip }}:{{ frontend_port }} | |
64 | {% endif %} | |
65 | default_backend backend | |
66 | ||
67 | backend backend | |
b3b6e05e | 68 | {% if mode == 'http' %} |
f67539c2 | 69 | option forwardfor |
39ae355f TL |
70 | {% if backend_spec.ssl %} |
71 | default-server ssl | |
72 | default-server verify none | |
73 | {% endif %} | |
f67539c2 TL |
74 | balance static-rr |
75 | option httpchk HEAD / HTTP/1.0 | |
76 | {% for server in servers %} | |
77 | server {{ server.name }} {{ server.ip }}:{{ server.port }} check weight 100 | |
78 | {% endfor %} | |
b3b6e05e TL |
79 | {% endif %} |
80 | {% if mode == 'tcp' %} | |
81 | mode tcp | |
82 | balance source | |
83 | hash-type consistent | |
aee94f69 TL |
84 | {% if default_server_opts %} |
85 | default-server {{ default_server_opts|join(" ") }} | |
86 | {% endif %} | |
b3b6e05e TL |
87 | {% for server in servers %} |
88 | server {{ server.name }} {{ server.ip }}:{{ server.port }} | |
89 | {% endfor %} | |
90 | {% endif %} |