ceph/src/pybind/mgr/cephadm/templates/services/ingress/haproxy.cfg.j2

   1 # {{ cephadm_managed }}
   2 global
   3     log         127.0.0.1 local2
   4     chroot      /var/lib/haproxy
   5     pidfile     /var/lib/haproxy/haproxy.pid
   6     maxconn     8000
   7     daemon
   8     stats socket /var/lib/haproxy/stats
   9 {% if spec.ssl_cert %}
  10   {% if spec.ssl_dh_param %}
  11     tune.ssl.default-dh-param {{ spec.ssl_dh_param }}
  12   {% endif %}
  13   {% if spec.ssl_ciphers %}
  14     ssl-default-bind-ciphers {{ spec.ssl_ciphers | join(':') }}
  15   {% endif %}
  16   {% if spec.ssl_options %}
  17     ssl-default-bind-options {{ spec.ssl_options | join(' ') }}
  18   {% endif %}
  19 {% endif %}
  20
  21 defaults
  22     mode                    {{ mode }}
  23     log                     global
  24 {% if mode == 'http' %}
  25     option                  httplog
  26     option                  dontlognull
  27     option http-server-close
  28     option forwardfor       except 127.0.0.0/8
  29     option                  redispatch
  30     retries                 3
  31     timeout queue           20s
  32     timeout connect         5s
  33     timeout http-request    1s
  34     timeout http-keep-alive 5s
  35     timeout client          1s
  36     timeout server          1s
  37     timeout check           5s
  38 {% endif %}
  39 {% if mode == 'tcp' %}
  40     timeout queue           1m
  41     timeout connect         10s
  42     timeout client          1m
  43     timeout server          1m
  44     timeout check           10s
  45 {% endif %}
  46     maxconn                 8000
  47
  48 frontend stats
  49     mode http
  50     bind {{ ip }}:{{ monitor_port }}
  51     bind localhost:{{ monitor_port }}
  52     stats enable
  53     stats uri /stats
  54     stats refresh 10s
  55     stats auth {{ user }}:{{ password }}
  56     http-request use-service prometheus-exporter if { path /metrics }
  57     monitor-uri /health
  58
  59 frontend frontend
  60 {% if spec.ssl_cert %}
  61     bind {{ ip }}:{{ frontend_port }} ssl crt /var/lib/haproxy/haproxy.pem
  62 {% else %}
  63     bind {{ ip }}:{{ frontend_port }}
  64 {% endif %}
  65     default_backend backend
  66
  67 backend backend
  68 {% if mode == 'http' %}
  69     option forwardfor
  70     balance static-rr
  71     option httpchk HEAD / HTTP/1.0
  72     {% for server in servers %}
  73     server {{ server.name }} {{ server.ip }}:{{ server.port }} check weight 100
  74     {% endfor %}
  75 {% endif %}
  76 {% if mode == 'tcp' %}
  77     mode        tcp
  78     balance     source
  79     hash-type   consistent
  80     {% for server in servers %}
  81     server {{ server.name }} {{ server.ip }}:{{ server.port }}
  82     {% endfor %}
  83 {% endif %}