cookbook 'haproxy-ng', '= 1.0.2', :supermarket
haproxy-ng
(36) Versions
1.0.2
-
Follow11
modern, resource-driven cookbook for managing haproxy
cookbook 'haproxy-ng', '= 1.0.2'
knife cookbook site install haproxy-ng
knife cookbook site download haproxy-ng
haproxy-ng cookbook 
A resource-driven cookbook for configuring HAProxy.
Cookbook builds on 2 core resources:
haproxy_instance: the "parent" resource, which maps to a complete configuration and (probably) a running haproxy daemonhaproxy_proxy: the "core" proxy resource, which maps to a specific proxy
Additional resources haproxy_peers, haproxy_userlist, haproxy_frontend,
haproxy_backend, haproxy_defaults, and haproxy_listen extend the haproxy_proxy
resource with additional validation for common configuration keywords for their respective
proxy types.
Suggested background reading:
- The Fine Manual
- This README, the modules in
libraries/haproxy*.rb, and the individual resources/providers (libraries/chef_haproxy*.rb) - the test target and example wrapper cookbook: 'test/fixtures/cookbooks/my-lb'
- the consul-template powered example wrapper cookbook: 'test/fixtures/cookbooks/my-consul-lb'
Recipes
haproxy-ng::default
Configures a default instance, 'haproxy_instance[haproxy]', and corresponding
'haproxy' service via the config, tuning, and proxies cookbook attributes
(which are mapped onto the corresponding resource attributes).
This recipe also provides a useful example of using the provided helper,
Haproxy::Helpers#proxy, to map a list of proxies to their corresponding
resources in the resource collection.
See wrapper cookbook example at 'test/fixtures/cookbooks/my-lb'.
haproxy-ng::install
Installs haproxy via the node['haproxy']['install_method'] method.
Supports 'package', 'source', and 'ppa'.
haproxy-ng::service
Configures a default-named ("haproxy") service resource.
Useful for typical installs running a single haproxy daemon under the default 'haproxy' service name. Service providers, or those running multiple haproxy daemons on a single host will most likely want to configure a service instance per haproxy_instance.
Attributes
| Attribute | Description | Default |
|---|---|---|
| install_method | One of: 'package', 'source', 'ppa' | package |
| proxies | Array of proxy names for the default haproxy_instance[haproxy] | [] |
| config | global config of resource haproxy_instance[haproxy] | See attributes/default.rb |
| tuning | global tuning of resource haproxy_instance[haproxy] | See attributes/default.rb |
And more! (see attributes/*.rb)
Resources
haproxy_instance
The "parent" resource. Maps 1-to-1 with a generated haproxy config file, and most likely to a running service.
| Attribute | Description | Default |
|---|---|---|
| verify | whether to perform resource whitelist validation | true |
| config | global keywords for process mgmt | ['daemon'] |
| tuning | global keywords for performance | ['maxconn 256'] |
| debug | global keyword for debugging ('debug', 'quiet') | nil |
| proxies | array of proxies, see default recipe for example |
[] |
haproxy_proxy
The simplest proxy representation and base class for the other proxy resources (peers, userlist, defaults, frontend, backend, listen).
| Attribute | Description | Default |
|---|---|---|
| verify | whether to perform resource whitelist validation | true |
| type | String denoting proxy type. (defaults, frontend, backend, listen, peers, userlist) | nil |
| config | array of keywords, validated against specified type | [] |
haproxy_peers
Maps to a peers block in haproxy configuration. Not actually a proxy, but treating it like one is useful for code reusability. Don't judge me.
| Attribute | Description | Default |
|---|---|---|
| verify | whether to perform resource whitelist validation | true |
| peers | array of hashes. each hash requires 'name', 'config' keys | [] |
| config | array of peers keywords. validated against whitelist | [] |
For example, this resource:
haproxy_peers 'lb' do
peers [
{
'name' => 'lb01',
'address' => '12.4.56.78',
'port' => 1_024
},
{
'name' => 'lb02',
'address' => '12.34.56.8',
'port' => 1_024
},
]
end
will render this configuration:
peers lb
peer lb01 12.4.56.78:1024
peer lb02 12.34.56.8:1024
haproxy_userlist
Maps to a userlist block in haproxy configuration. Also not actually a proxy, as such.
| Attribute | Description | Default |
|---|---|---|
| verify | whether to perform resource whitelist validation | true |
| groups | array of hashes. hashes require 'name', 'config' keys | [] |
| users | array of hashes. hashes require 'name', 'config' keys | [] |
| config | array of userlist keywords, validated against whitelist | [] |
For example, this resource:
haproxy_userlist 'L1' do
groups [
{ 'name' => 'G1', 'config' => 'users tiger,scott' },
{ 'name' => 'G2', 'config' => 'users xdb,scott' }
]
users [
{ 'name' => 'tiger', 'config' => 'insecure-password password123' },
{ 'name' => 'scott', 'config' => 'insecure-password pa55word123' },
{ 'name' => 'xdb', 'config' => 'insecure-password hello' }
]
end
will render this configuration:
userlist L1
group G1 users tiger,scott
group G2 users xdb,scott
user tiger insecure-password password123
user scott insecure-password pa55word123
user xdb insecure-password hello
haproxy_defaults
Maps to a 'defaults' block in haproxy configuration. Convention suggests that resource names be capitalized (e.g. haproxy_defaults[HTTP]).
| Attribute | Description | Default |
|---|---|---|
| verify | whether to perform resource whitelist validation | true |
| mode | specifies listener mode (http, tcp, health) | nil |
| default_backend | argument to default_backend keyword |
nil |
| balance | desired balancing algo (see docs for permitted values) | nil |
| source | argument to source keyword | nil |
| config | array of defaults keywords, validated against whitelist | [] |
For example, this resource:
haproxy_defaults 'TCP' do
mode 'tcp'
balance 'leastconn'
source node['ipaddress']
config [
'option clitcpka',
'option srvtcpka',
'timeout connect 5s',
'timeout client 300s',
'timeout server 300s'
]
end
will render this configuration:
defaults TCP
balance leastconn
mode tcp
option clitcpka
option srvtcpka
timeout connect 5s
timeout client 300s
timeout server 300s
source 10.0.2.15
haproxy_frontend
Maps to a frontend block in the instance configuration, and typically to one or more listening ports or sockets.
| Attribute | Description | Default |
|---|---|---|
| verify | whether to perform resource whitelist validation | true |
| mode | specifies listener mode (http, tcp, health) | nil |
| acls | array of hashes, each requiring 'name', 'criterion' keys | [] |
| description | string describing proxy | nil |
| bind | args to bind keyword |
nil |
| default_backend | argument to default_backend keyword |
nil |
| use_backends | array of hashes, each requiring 'backend', 'condition', keys | [] |
| config | array of frontend keywords, validated against whitelist | [] |
For example, this resource:
haproxy_frontend 'www' do
mode 'http'
acls [
{
'name' => 'inside',
'criterion' => 'src 10.0.0.0/8'
}
]
description 'http frontend'
bind '*:80'
default_backend 'app'
use_backends [
{
'backend' => 'app',
'condition' => 'if inside'
}
]
config [
'option clitcpka'
]
end
will render this configuration:
frontend www
bind *:80
mode http
option clitcpka
description http frontend
acl inside src 10.0.0.0/8
default_backend app
use_backend app if inside
haproxy_backend
Maps to a backend configuration block in haproxy configuration.
| Attribute | Description | Default |
|---|---|---|
| verify | whether to perform resource whitelist validation | true |
| mode | specifies listener mode (http, tcp, health) | nil |
| acls | array of hashes, each requiring 'name', 'criterion' keys | [] |
| description | string describing proxy | nil |
| balance | desired balancing algo (see docs for permitted values) | nil |
| source | string specifying args to source keyword | nil |
| servers | array of hashes, each requiring 'name', 'address', 'port' keys. 'config' key optional | [] |
| config | array of backend keywords, validated against whitelist | [] |
For example, this resource:
haproxy_backend 'app' do
mode 'http'
acls [
{
'name' => 'inside',
'criterion' => 'src 10.0.0.0/8'
}
]
description 'app pool'
balance 'roundrobin'
source node['ipaddress']
servers [
{
'name' => 'app01',
'address' => '12.34.56.78',
'port' => 80,
'config' => 'check inter 5000 rise 2 fall 5'
},
{
'name' => 'app02',
'address' => '12.4.56.78',
'port' => 80,
'config' => 'check inter 5000 rise 2 fall 5'
},
]
config [
'option httpchk GET /health_check HTTP/1.1\r\nHost:\ localhost'
]
end
will render this configuration:
backend app
balance roundrobin
mode http
option httpchk GET /health_check HTTP/1.1\r\nHost:\ localhost
description app pool
acl inside src 10.0.0.0/8
source 10.0.2.15
server app01 12.34.56.78:80 check inter 5000 rise 2 fall 5
server app02 22.4.56.78:80 check inter 5000 rise 2 fall 5
haproxy_listen
Maps to a listen configuration block, combines frontend and backend config blocks into a single proxy. Less flexible, but more concise. Typically used for tcp-mode proxies with a 1:1 frontend:backend mapping.
| Attribute | Description | Default |
|---|---|---|
| verify | whether to perform resource whitelist validation | true |
| mode | specifies listener mode (http, tcp, health) | nil |
| acls | array of hashes, each requiring 'name', 'criterion' keys | [] |
| description | string describing proxy | nil |
| balance | desired balancing algo (see docs for permitted values) | nil |
| source | string specifying args to source keyword | nil |
| servers | array of hashes, each requiring 'name', 'address', 'port' keys. 'config' key optional | [] |
| bind | args to bind keyword |
nil |
| default_backend | argument to default_backend keyword |
nil |
| use_backends | array of hashes, each requiring 'backend', 'condition', keys | [] |
| config | array of listen keywords, validated against whitelist | [] |
For example, this resource:
haproxy_listen 'mysql' do
mode 'tcp'
acls [
{
'name' => 'inside',
'criterion' => 'src 10.0.0.0/8'
}
]
description 'mysql pool'
balance 'leastconn'
source node['ipaddress']
bind '0.0.0.0:3306'
servers [
{
'name' => 'mysql01',
'address' => '12.34.56.89',
'port' => 3_306,
'config' => 'maxconn 500 check port 3306 inter 2s backup'
},
{
'name' => 'mysql02',
'address' => '12.34.56.90',
'port' => 3_306,
'config' => 'maxconn 500 check port 3306 inter 2s backup'
},
]
config [
'option mysql-check'
]
end
will generate this configuration:
listen mysql
bind 0.0.0.0:3306
balance leastconn
mode tcp
option mysql-check
description mysql pool
acl inside src 10.0.0.0/8
source 10.0.2.15
server mysql01 12.34.56.89:3306 maxconn 500 check port 3306 inter 2s backup
server mysql02 12.34.56.90:3306 maxconn 500 check port 3306 inter 2s backup
1.0.2 / 2015-08-25
- fix config merge when passing an attribute instead of an array (thanks @kwilczynski and @andrewdutton!)
1.0.1 / 2015-07-04
- update to haproxy 1.5.14
1.0.0 / 2015-06-26
- remove world-readability from config templates
- update to latest source release
0.5.2 / 2015-06-24
- add missing requires to libraries
- fix service provider for upstart service with package-install
- update version matching for ark resource
0.5.1 / 2015-06-24
- fix compile-time constant initialization warnings
- fix upstart service on EL6
0.5.0 / 2015-05-28
- break up the hwrp-supporting modules into smaller pieces
- update source installation to use the ark cookbook
0.4.1 / 2015-05-22
- doc updates related to 0.4.0
- fix disabling verification for proxy sub-resources
- demo using consul-template with haproxy-ng
0.4.0 / 2015-05-17
- rename validate_at_compile option to 'verify' to adhere to chef norms
- skip instance config verification if 'verify' attribute is false
0.3.0 / 2015-05-15
- add ability to disable compile-time validation of proxy/instance resources with the "validate_at_compile" resource attribute
- add new verify attribute to instance template when chef > 12; replaces validating execute resource
- updated testing/documentation
0.2.12 / 2015-05-09
- add extra keyword
0.2.11 / 2015-05-07
- explicitly list supported service actions (thanks @alefend)
0.2.10 / 2015-05-06
- fix cops
- bump to latest stable haproxy for source build
0.2.9 / 2015-04-03
- misc. doc updates
- misc. testing improvements
- backport upstream improvements to systemd service file
- sort servers by name to reduce unnecessary restart/reload
0.2.8 / 2015-02-27
- doc updates
0.2.7 / 2015-02-27
- unit testing improvements
- fix bind keyword matrix entry
0.2.6 / 2015-02-25
- add ppa install method (thanks @elementai!)
0.2.5 / 2015-02-25
- fix service setup on fedora when doing source install
0.2.4 / 2015-02-23
- fix stick-table entry
0.2.3 / 2015-02-19
- add peers resource
- add userlist resource
0.2.2 / 2015-02-17
- enable source install
- docs and testing updates
0.2.1 / 2015-02-13
- permit abuse of proxy resource for configuration of peers, userlists
- various testing improvements
0.2.0 / 2015-02-11
- set type as required attribute for haproxy_proxy resource
- remove default proxy list, proxies recipe
- various and sundry documentation and testing improvements
- add negated keyword equivalents where appropriate
0.1.22 / 2015-02-10
- fix Haproxy::Proxy::NonDefaults.merged_config source merge
0.1.20 / 2015-02-10
- instance resource filters on actionable proxies
- remove peer/usergroups attrs from instance resource pending actual build-out
- extract default instance config into attributes to make it easier to consume default recipe
0.1.18 / 2015-02-09
- add timeout options to redis listen proxy
- move mode attr back into modules
0.1.16 / 2015-02-09
- fix balance keyword for DefaultsBackend
0.1.14 / 2015-02-09
- add listen resource to default recipe for testing
- move mode attribute under general proxy resource
0.1.12 / 2015-02-09
- fix listen provider
- add dummy listen resource to default recipe
0.1.10 / 2015-02-09
- use strings as keys
0.1.8 / 2015-02-09
- fix option typo
0.1.6 / 2015-02-09
- fix type for listen resource
0.1.4 / 2015-02-06
- use the correct resource provider for the listener resource
0.1.2 / 2015-02-05
- more build-out, consolidation of attributes common to multiple resources
0.1.0 / 2015-02-03
- initial release
Foodcritic Metric
1.0.2 passed this metric
1.0.2 passed this metric
