[ceph.git] / ceph / src / pybind / mgr / cephadm / templates / services / ingress / haproxy.cfg.j2

# {{ cephadm_managed }}
global
    log         127.0.0.1 local2
    chroot      /var/lib/haproxy
    pidfile     /var/lib/haproxy/haproxy.pid
    maxconn     8000
    daemon
    stats socket /var/lib/haproxy/stats
{% if spec.ssl_cert %}
  {% if spec.ssl_dh_param %}
    tune.ssl.default-dh-param {{ spec.ssl_dh_param }}
  {% endif %}
  {% if spec.ssl_ciphers %}
    ssl-default-bind-ciphers {{ spec.ssl_ciphers | join(':') }}
  {% endif %}
  {% if spec.ssl_options %}
    ssl-default-bind-options {{ spec.ssl_options | join(' ') }}
  {% endif %}
{% endif %}

defaults
    mode                    {{ mode }}
    log                     global
{% if mode == 'http' %}
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout queue           20s
    timeout connect         5s
    timeout http-request    1s
    timeout http-keep-alive 5s
    timeout client          30s
    timeout server          30s
    timeout check           5s
{% endif %}
{% if mode == 'tcp' %}
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout check           10s
{% endif %}
    maxconn                 8000

frontend stats
    mode http
    bind {{ ip }}:{{ monitor_port }}
    bind {{ local_host_ip }}:{{ monitor_port }}
    stats enable
    stats uri /stats
    stats refresh 10s
    stats auth {{ user }}:{{ password }}
    http-request use-service prometheus-exporter if { path /metrics }
    monitor-uri /health

frontend frontend
{% if spec.ssl_cert %}
    bind {{ ip }}:{{ frontend_port }} ssl crt /var/lib/haproxy/haproxy.pem
{% else %}
    bind {{ ip }}:{{ frontend_port }}
{% endif %}
    default_backend backend

backend backend
{% if mode == 'http' %}
    option forwardfor
{% if backend_spec.ssl %}
    default-server ssl
    default-server verify none
{% endif %}
    balance static-rr
    option httpchk HEAD / HTTP/1.0
    {% for server in servers %}
    server {{ server.name }} {{ server.ip }}:{{ server.port }} check weight 100
    {% endfor %}
{% endif %}
{% if mode == 'tcp' %}
    mode        tcp
    balance     source
    hash-type   consistent
{% if default_server_opts %}
    default-server {{ default_server_opts|join(" ") }}
{% endif %}
    {% for server in servers %}
    server {{ server.name }} {{ server.ip }}:{{ server.port }}
    {% endfor %}
{% endif %}
Commit	Line	Data
f67539c2 TL	1	# {{ cephadm_managed }}
	2	global
	3	log 127.0.0.1 local2
	4	chroot /var/lib/haproxy
	5	pidfile /var/lib/haproxy/haproxy.pid
	6	maxconn 8000
	7	daemon
	8	stats socket /var/lib/haproxy/stats
	9	{% if spec.ssl_cert %}
	10	{% if spec.ssl_dh_param %}
	11	tune.ssl.default-dh-param {{ spec.ssl_dh_param }}
	12	{% endif %}
	13	{% if spec.ssl_ciphers %}
	14	ssl-default-bind-ciphers {{ spec.ssl_ciphers \| join(':') }}
	15	{% endif %}
	16	{% if spec.ssl_options %}
	17	ssl-default-bind-options {{ spec.ssl_options \| join(' ') }}
	18	{% endif %}
	19	{% endif %}
	20
	21	defaults
b3b6e05e	22	mode {{ mode }}
f67539c2	23	log global
b3b6e05e	24	{% if mode == 'http' %}
f67539c2 TL	25	option httplog
	26	option dontlognull
	27	option http-server-close
	28	option forwardfor except 127.0.0.0/8
	29	option redispatch
	30	retries 3
f67539c2 TL	31	timeout queue 20s
f67539c2 TL	32	timeout connect 5s
b3b6e05e TL	33	timeout http-request 1s
b3b6e05e TL	34	timeout http-keep-alive 5s
39ae355f TL	35	timeout client 30s
39ae355f TL	36	timeout server 30s
f67539c2	37	timeout check 5s
b3b6e05e TL	38	{% endif %}
	39	{% if mode == 'tcp' %}
	40	timeout queue 1m
	41	timeout connect 10s
	42	timeout client 1m
	43	timeout server 1m
	44	timeout check 10s
	45	{% endif %}
f67539c2 TL	46	maxconn 8000
	47
	48	frontend stats
b3b6e05e	49	mode http
f67539c2	50	bind {{ ip }}:{{ monitor_port }}
1e59de90	51	bind {{ local_host_ip }}:{{ monitor_port }}
f67539c2 TL	52	stats enable
	53	stats uri /stats
	54	stats refresh 10s
	55	stats auth {{ user }}:{{ password }}
	56	http-request use-service prometheus-exporter if { path /metrics }
	57	monitor-uri /health
	58
	59	frontend frontend
	60	{% if spec.ssl_cert %}
	61	bind {{ ip }}:{{ frontend_port }} ssl crt /var/lib/haproxy/haproxy.pem
	62	{% else %}
	63	bind {{ ip }}:{{ frontend_port }}
	64	{% endif %}
	65	default_backend backend
	66
	67	backend backend
b3b6e05e	68	{% if mode == 'http' %}
f67539c2	69	option forwardfor
39ae355f TL	70	{% if backend_spec.ssl %}
	71	default-server ssl
	72	default-server verify none
	73	{% endif %}
f67539c2 TL	74	balance static-rr
	75	option httpchk HEAD / HTTP/1.0
	76	{% for server in servers %}
	77	server {{ server.name }} {{ server.ip }}:{{ server.port }} check weight 100
	78	{% endfor %}
b3b6e05e TL	79	{% endif %}
	80	{% if mode == 'tcp' %}
	81	mode tcp
	82	balance source
	83	hash-type consistent
aee94f69 TL	84	{% if default_server_opts %}
	85	default-server {{ default_server_opts\|join(" ") }}
	86	{% endif %}
b3b6e05e TL	87	{% for server in servers %}
	88	server {{ server.name }} {{ server.ip }}:{{ server.port }}
	89	{% endfor %}
	90	{% endif %}