haproxy
Version information
This version is compatible with:
- Puppet Enterprise 2023.8.x, 2023.7.x, 2023.6.x, 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x
- Puppet >= 7.0.0 < 9.0.0
- , , , , , , ,
Start using this module
Add this module to your Puppetfile:
mod 'puppetlabs-haproxy', '8.1.0'
Learn more about managing modules with a PuppetfileDocumentation
haproxy
Table of Contents
- Overview
- Module Description - What the module does and why it is useful
- Setup - The basics of getting started with haproxy
- Usage - Configuration options and additional functionality
- Configure HAProxy options
- HAProxy and Software Collections
- Configure HAProxy daemon listener
- Configure multi-network daemon listener
- Configure HAProxy load-balanced member nodes
- Configure a load balancer with exported resources
- Set up a frontend service
- Set up a backend service
- Set up a resolver
- Configure multiple haproxy instances on one machine
- Manage a map file
- Reference - An under-the-hood peek at what the module is doing and how
- Limitations - OS compatibility, etc.
- License
- Development - Guide for contributing to the module
Overview
The haproxy module lets you use Puppet to install, configure, and manage HAProxy.
Module Description
HAProxy is a daemon for load-balancing and proxying TCP- and HTTP-based services. This module lets you use Puppet to configure HAProxy servers and backend member servers.
Setup
Beginning with haproxy
The simplest HAProxy configuration consists of a server that listens on a port and balances against some other nodes:
node 'haproxy-server' {
include ::haproxy
haproxy::listen { 'puppet00':
collect_exported => false,
ipaddress => $facts['networking']['ip'],
ports => [8140],
}
haproxy::balancermember { 'server00':
listening_service => 'puppet00',
server_names => 'server00.example.com',
ipaddresses => '10.0.0.10',
ports => [8140],
options => 'check',
}
haproxy::balancermember { 'server01':
listening_service => 'puppet00',
server_names => 'server01.example.com',
ipaddresses => '10.0.0.11',
ports => [8140],
options => 'check',
}
}
Usage
Configure HAProxy options
The main haproxy
class has many options for configuring your HAProxy server:
class { 'haproxy':
global_options => {
'log' => "${facts['networking']['ip']} local0",
'chroot' => '/var/lib/haproxy',
'pidfile' => '/var/run/haproxy.pid',
'maxconn' => '4000',
'user' => 'haproxy',
'group' => 'haproxy',
'daemon' => '',
'stats' => 'socket /var/lib/haproxy/stats',
},
defaults_options => {
'log' => 'global',
'stats' => 'enable',
'option' => [
'redispatch',
],
'retries' => '3',
'timeout' => [
'http-request 10s',
'queue 1m',
'connect 10s',
'client 1m',
'server 1m',
'check 10s',
],
'maxconn' => '8000',
},
}
The above shown values are the module's defaults for platforms like Debian and RedHat (see haproxy::params
for details). If you wish to override or add to any of these defaults set merge_options => true
(see below) and set global_options
and/or defaults_options
to a hash containing just the option => value
pairs you need changed or added. In case of duplicates your supplied values will "win" over the default values (this is especially noteworthy for arrays -- they cannot be merged easily). If you want to completely remove a parameter set it to the special value undef
:
class { 'haproxy':
global_options => {
'maxconn' => undef,
'user' => 'root',
'group' => 'root',
'stats' => [
'socket /var/lib/haproxy/stats',
'timeout 30s'
]
},
defaults_options => {
'retries' => '5',
'option' => [
'redispatch',
'http-server-close',
'logasap',
],
'timeout' => [
'http-request 7s',
'connect 3s',
'check 9s',
],
'maxconn' => '15000',
},
}
HAProxy and Software Collections
To use this module with a software collection such as rh-haproxy18 you will need to set a few extra parameters like so:
class { 'haproxy':
package_name => 'rh-haproxy18',
config_dir => '/etc/opt/rh/rh-haproxy18/haproxy',
config_file => '/etc/opt/rh/rh-haproxy18/haproxy/haproxy.cfg',
config_validate_cmd => '/bin/scl enable rh-haproxy18 "haproxy -f % -c"',
service_name => 'rh-haproxy18-haproxy',
}
Configure HAProxy daemon listener
To export the resource for a balancermember and collect it on a single HAProxy load balancer server:
haproxy::listen { 'puppet00':
ipaddress => $facts['networking']['ip'],
ports => [8140],
mode => 'tcp',
options => {
'option' => [
'tcplog',
],
'balance' => 'roundrobin',
},
}
Configure multi-network daemon listener
If you need a more complex configuration for the listen block, use the $bind
parameter:
haproxy::listen { 'puppet00':
mode => 'tcp',
options => {
'option' => [
'tcplog',
],
'balance' => 'roundrobin',
},
bind => {
'10.0.0.1:443' => ['ssl', 'crt', 'puppetlabs.com'],
'168.12.12.12:80' => [],
'192.168.122.42:8000-8100' => ['ssl', 'crt', 'puppetlabs.com'],
':8443,:8444' => ['ssl', 'crt', 'internal.puppetlabs.com']
},
}
Note: $ports
and $ipaddress
cannot be used in combination with $bind
.
Configure HAProxy load-balanced member nodes
First export the resource for a balancermember:
@@haproxy::balancermember { 'haproxy':
listening_service => 'puppet00',
ports => '8140',
server_names => $facts['networking']['hostname'],
ipaddresses => $facts['networking']['ip'],
options => 'check',
}
Then collect the resource on a load balancer:
Haproxy::Balancermember <<| listening_service == 'puppet00' |>>
Then create the resource for multiple balancermembers at once:
haproxy::balancermember { 'haproxy':
listening_service => 'puppet00',
ports => 8140,
server_names => ['server01', 'server02'],
ipaddresses => ['192.168.56.200', '192.168.56.201'],
options => 'check',
}
This example assumes a single-pass installation of HAProxy where you know the members in advance. Otherwise, you'd need a first pass to export the resources.
Configure a load balancer with exported resources
Install and configure an HAProxy service listening on port 8140 and balanced against all collected nodes:
node 'haproxy-server' {
include ::haproxy
haproxy::listen { 'puppet00':
ipaddress => $facts['networking']['ip'],
ports => 8140,
}
}
node /^server\d+/ {
@@haproxy::balancermember { $facts['networking']['fqdn']:
listening_service => 'puppet00',
server_names => $facts['networking']['hostname'],
ipaddresses => $facts['networking']['ip'],
ports => 8140,
options => 'check',
}
}
The resulting HAProxy service uses storeconfigs to collect and realize balancermember servers, and automatically collects configurations from backend servers. The backend nodes export their HAProxy configurations to the Puppet Server, which then distributes them to the HAProxy server.
Set up a frontend service
This example routes traffic from port 8140 to all balancermembers added to a backend with the title 'puppet_backend00':
haproxy::frontend { 'puppet00':
ipaddress => $facts['networking']['ip'],
ports => 8140,
mode => 'tcp',
bind_options => 'accept-proxy',
options => {
'default_backend' => 'puppet_backend00',
'timeout client' => '30s',
'option' => [
'tcplog',
'accept-invalid-http-request',
],
},
}
If option order is important, pass an array of hashes to the options
parameter:
haproxy::frontend { 'puppet00':
ipaddress => $facts['networking']['ip'],
ports => [8140],
mode => 'tcp',
bind_options => 'accept-proxy',
options => [
{ 'default_backend' => 'puppet_backend00' },
{ 'timeout client' => '30s' },
{ 'option' => [
'tcplog',
'accept-invalid-http-request',
],
}
],
}
This adds the frontend options to the configuration block in the same order as they appear within your array.
Set up a backend service
haproxy::backend { 'puppet00':
options => {
'option' => [
'tcplog',
],
'balance' => 'roundrobin',
},
}
If option order is important, pass an array of hashes to the options
parameter:
haproxy::backend { 'puppet00':
options => [
{ 'option' => [
'tcplog',
]
},
{ 'balance' => 'roundrobin' },
{ 'cookie' => 'C00 insert' },
],
}
Set up a resolver
Note: This is only available on haproxy 1.6+
# Need to start with an init-addr parameter set to none and enable runtime DNS resolution.
class { 'haproxy':
...
defaults_options => {
'default-server' => 'init-addr none',
...
},
}
# Declare the resolver
haproxy::resolver { 'puppet00':
nameservers => {
'dns1' => '192.168.56.1:53',
'dns2' => '192.168.56.2:53'
},
hold => {
'nx' => '30s',
'valid' => '10s'
},
resolve_retries => 3,
timeout => {
'retry' => '1s'
},
accepted_payload_size => 512,
}
# Setup the balancermember to use the resolver for DNS resolution
haproxy::balancermember { 'haproxy':
listening_service => 'puppet00',
ports => 8140,
server_names => ['server01', 'server02'],
ipaddresses => ['server01', 'server02'],
options => 'check resolvers puppet00 resolve-prefer ipv4',
}
Set up stick-tables for a frontend (or a backend)
haproxy::backend { 'backend01':
options => [
{ 'stick-table' => 'type ip size 1 nopurge peers LB' },
{ 'stick' => 'on dst' },
],
}
This adds the backend options to the configuration block in the same order as they appear within the array.
Configure multiple haproxy instances on one machine
This is an advanced feature typically only used at large sites.
It is possible to run multiple haproxy processes ("instances") on the same machine. This has the benefit that each is a distinct failure domain, each can be restarted independently, and each can run a different binary.
In this use case, instead of using Class['haproxy']
, each process
is started using haproxy::instance{'inst'}
where inst
is the
name of the instance. It assumes there is a matching Service['inst']
that will be used to manage service. Different sites may have
different requirements for how the Service[]
is constructed.
However, haproxy::instance_service
exists as an example of one
way to do this, and may be sufficient for most sites.
In this example, two instances are created. The first uses the standard
class and uses haproxy::instance
to add an additional instance called
beta
.
include ::haproxy
haproxy::listen { 'puppet00':
instance => 'haproxy',
collect_exported => false,
ipaddress => $facts['networking']['ip'],
ports => 8800,
}
haproxy::instance { 'beta': }
->
haproxy::instance_service { 'beta':
haproxy_package => 'custom_haproxy',
haproxy_init_source => "puppet:///modules/${module_name}/haproxy-beta.init",
}
->
haproxy::listen { 'puppet00':
instance => 'beta',
collect_exported => false,
ipaddress => $facts['networking']['ip'],
ports => 9900,
}
In this example, two instances are created called group1
and group2
.
The second uses a custom package.
haproxy::instance { 'group1': }
->
haproxy::instance_service { 'group1':
haproxy_init_source => "puppet:///modules/${module_name}/haproxy-group1.init",
}
->
haproxy::listen { 'group1-puppet00':
section_name => 'puppet00',
instance => 'group1',
collect_exported => false,
ipaddress => $facts['networking']['ip'],
ports => 8800,
}
haproxy::instance { 'group2': }
->
haproxy::instance_service { 'group2':
haproxy_package => 'custom_haproxy',
haproxy_init_source => "puppet:///modules/${module_name}/haproxy-group2.init",
}
->
haproxy::listen { 'group2-puppet00':
section_name => 'puppet00',
instance => 'group2',
collect_exported => false,
ipaddress => $facts['networking']['ip'],
ports => 9900,
}
Manage a map file
haproxy::mapfile { 'domains-to-backends':
ensure => 'present',
mappings => [
{ 'app01.example.com' => 'bk_app01' },
{ 'app02.example.com' => 'bk_app02' },
{ 'app03.example.com' => 'bk_app03' },
{ 'app04.example.com' => 'bk_app04' },
'app05.example.com bk_app05',
'app06.example.com bk_app06',
],
}
This creates a file /etc/haproxy/domains-to-backends.map
containing the mappings specified in the mappings
array.
The map file can then be used in a frontend to map Host:
values to backends, implementing name-based virtual hosting:
frontend ft_allapps
[...]
use_backend %[req.hdr(host),lower,map(/etc/haproxy/domains-to-backends.map,bk_default)]
Or expressed using haproxy::frontend
:
haproxy::frontend { 'ft_allapps':
ipaddress => '0.0.0.0',
ports => ['80'],
mode => 'http',
options => {
'use_backend' => '%[req.hdr(host),lower,map(/etc/haproxy/domains-to-backends.map,bk_default)]'
}
}
Reference
For information on the classes and types, see the REFERENCE.md
Limitations
For an extensive list of supported operating systems, see metadata.json
License
This codebase is licensed under the Apache2.0 licensing, however due to the nature of the codebase the open source dependencies may also use a combination of AGPL, BSD-2, BSD-3, GPL2.0, LGPL, MIT and MPL Licensing.
Development
Acceptance tests for this module leverage puppet_litmus. To run the acceptance tests follow the instructions here. You can also find a tutorial and walkthrough of using Litmus and the PDK on YouTube.
If you run into an issue with this module, or if you would like to request a feature, please file a ticket. Every Monday the Puppet IA Content Team has office hours in the Puppet Community Slack, alternating between an EMEA friendly time (1300 UTC) and an Americas friendly time (0900 Pacific, 1700 UTC).
If you have problems getting this module up and running, please contact Support.
If you submit a change to this module, be sure to regenerate the reference documentation as follows:
puppet strings generate --format markdown --out REFERENCE.md
Reference
Table of Contents
Classes
haproxy
: A Puppet module, using storeconfigs, to model an haproxy configuration. Currently VERY limited - assumes Redhat/CentOS setup. Pull requests ahaproxy::globals
: For global configuration options used by all haproxy instances.haproxy::params
: This is a container class holding default parameters for for haproxy class.
Defined types
Public Defined types
haproxy::backend
: This type will setup a backend service configuration block inside the haproxy.cfg file on an haproxy load balancer.haproxy::balancermember
: This type will setup a balancer member inside a listening service configuration block in /etc/haproxy/haproxy.cfg on the load balancer.haproxy::defaults
: This type will setup a additional defaults configuration block inside the haproxy.cfg file on an haproxy load balancer.haproxy::frontend
: This type will setup a frontend service configuration block inside the haproxy.cfg file on an haproxy load balancer.haproxy::instance
: Manages haproxy permitting multiple instances to run on the same machine.haproxy::instance_service
: Set up the environment for an haproxy service.haproxy::listen
: This type will setup a listening service configuration block inside the haproxy.cfg file on an haproxy load balancer.haproxy::mailer
: This type will set up a mailer entry inside the mailers configuration block in haproxy.cfg on the load balancer.haproxy::mailers
: This type will set up a mailers entry in haproxy.cfg on the load balancer.haproxy::mapfile
: Manage an HAProxy map file as documented in https://cbonte.github.io/haproxy-dconv/configuration-1.5.html#7.3.1-maphaproxy::mapfile::entry
: Manage an HAProxy map file as documented in https://cbonte.github.io/haproxy-dconv/configuration-1.5.html#7.3.1-maphaproxy::peer
: This type will set up a peer entry inside the peers configuration block in haproxy.cfg on the load balancer.haproxy::peer::collect_exported
: Private definehaproxy::peers
: This type will set up a peers entry in haproxy.cfghaproxy::resolver
: This type will setup resolvers configuration block inside the haproxy.cfg file on an haproxy load balancer.haproxy::userlist
: This type will set up a userlist configuration block inside the haproxy.cfg file on an haproxy load balancer.
Private Defined types
haproxy::balancermember::collect_exported
haproxy::config
: HAProxy configurationhaproxy::install
: Install haproxyhaproxy::mailer::collect_exported
haproxy::service
: HAProxy service
Functions
haproxy::generate_error_message
: Function created to generate error message. Any string as error message can be passed and the function can be called in epp templates.haproxy::sort_bind
haproxy::validate_ip_addr
Data types
Haproxy::Ports
: Port or list of ports for haproxy. Supports,
seperated list of ports also.
Classes
haproxy
A Puppet module, using storeconfigs, to model an haproxy configuration. Currently VERY limited - assumes Redhat/CentOS setup. Pull requests accepted!
Currently requires the puppetlabs/concat module on the Puppet Forge and uses storeconfigs on the Puppet Server to export/collect resources from all balancer members.
Examples
class { 'haproxy':
global_options => {
'log' => "${::ipaddress} local0",
'chroot' => '/var/lib/haproxy',
'pidfile' => '/var/run/haproxy.pid',
'maxconn' => '4000',
'user' => 'haproxy',
'group' => 'haproxy',
'daemon' => '',
'stats' => 'socket /var/lib/haproxy/stats'
},
defaults_options => {
'log' => 'global',
'stats' => 'enable',
'option' => 'redispatch',
'retries' => '3',
'timeout' => [
'http-request 10s',
'queue 1m',
'connect 10s',
'client 1m',
'server 1m',
'check 10s'
],
'maxconn' => '8000'
},
}
Parameters
The following parameters are available in the haproxy
class:
package_ensure
package_name
service_ensure
service_manage
service_name
service_options
chroot_dir_manage
sysconfig_options
global_options
defaults_options
merge_options
restart_command
custom_fragment
config_dir
config_file
config_validate_cmd
manage_config_dir
manage_service
enable
package_ensure
Data type: Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]]
Ensure the package is present (installed), absent or a specific version. Defaults to 'present'
Default value: 'present'
package_name
Data type: String
The package name of haproxy. Defaults to 'haproxy' NOTE: haproxy::instance has a different default.
Default value: $haproxy::params::package_name
service_ensure
Data type: Variant[Enum['running', 'stopped'], Boolean]
Chooses whether the haproxy service should be running & enabled at boot, or stopped and disabled at boot. Defaults to 'running'
Default value: 'running'
service_manage
Data type: Boolean
Chooses whether the haproxy service state should be managed by puppet at all. Defaults to true
Default value: true
service_name
Data type: String
The service name for haproxy. Defaults to 'haproxy' NOTE: haproxy::instance has a different default.
Default value: $haproxy::params::service_name
service_options
Data type: String
Contents for the /etc/defaults/haproxy
file on Debian. Defaults to "ENABLED=1\n" on Debian, and is ignored on other systems.
Default value: $haproxy::params::service_options
chroot_dir_manage
Data type: Boolean
Chooses whether the haproxy chroot directory should be managed by puppet at all. Defaults to true
Default value: true
sysconfig_options
Data type: String
Contents for the /etc/sysconfig/haproxy
file on RedHat(-based) systems.
Defaults to OPTIONS="" on RedHat(-based) systems and is ignored on others
Default value: $haproxy::params::sysconfig_options
global_options
Data type: Hash
A hash of all the haproxy global options. If you want to specify more than one option (i.e. multiple timeout or stats options), pass those options as an array and you will get a line for each of them in the resultant haproxy.cfg file.
Default value: $haproxy::params::global_options
defaults_options
Data type: Hash
A hash of all the haproxy defaults options. If you want to specify more than one option (i.e. multiple timeout or stats options), pass those options as an array and you will get a line for each of them in the resultant haproxy.cfg file.
Default value: $haproxy::params::defaults_options
merge_options
Data type: Boolean
Whether to merge the user-supplied global_options
/defaults_options
hashes with their default values set in params.pp. Merging allows to change
or add options without having to recreate the entire hash. Defaults to
false, but will default to true in future releases.
Default value: $haproxy::params::merge_options
restart_command
Data type: Optional[String]
Command to use when restarting the on config changes. Passed directly as the 'restart' parameter to the service resource. Defaults to undef i.e. whatever the service default is.
Default value: undef
custom_fragment
Data type: Optional[String]
Allows arbitrary HAProxy configuration to be passed through to support additional configuration not available via parameters, or to short-circute the defined resources such as haproxy::listen when an operater would rather just write plain configuration. Accepts a string (ie, output from the template() function). Defaults to undef
Default value: undef
config_dir
Data type: Stdlib::Absolutepath
Path to the directory in which the main configuration file haproxy.cfg
resides. Will also be used for storing any managed map files (see
haproxy::mapfile
). Default depends on platform.
Default value: $haproxy::params::config_dir
config_file
Data type: Optional[Stdlib::Absolutepath]
Optional. Path to the haproxy config file. Default depends on platform.
Default value: $haproxy::params::config_file
config_validate_cmd
Data type: Variant[Stdlib::Absolutepath, String]
Optional. Command used by concat validate_cmd to validate new config file concat is a valid haproxy config. Default /usr/sbin/haproxy -f % -c
Default value: $haproxy::params::config_validate_cmd
manage_config_dir
Data type: Boolean
Optional.
Default value: $haproxy::params::manage_config_dir
manage_service
Data type: Optional[Boolean]
Deprecated
Default value: undef
enable
Data type: Optional[Boolean]
Deprecated
Default value: undef
haproxy::globals
For global configuration options used by all haproxy instances.
Parameters
The following parameters are available in the haproxy::globals
class:
sort_options_alphabetic
Data type: Boolean
Sort options either alphabetic or custom like haproxy internal sorts them. Defaults to true.
Default value: true
haproxy::params
This is a container class holding default parameters for for haproxy class.
- Note Currently, only the Redhat family is supported, but this can be easily extended by changing package names and configuration file paths.
Defined types
haproxy::backend
=== Authors
Gary Larizza gary@puppetlabs.com Jeremy Kitchen jeremy@nationbuilder.com
- Note Each backend service needs one or more backend member servers (that can be declared with the haproxy::balancermember defined resource type). Using storeconfigs, you can export the haproxy::balancermember resources on all load balancer member servers and then collect them on a single haproxy load balancer server.
Examples
haproxy::backend { 'puppet00':
options => {
'option' => [
'tcplog',
'ssl-hello-chk'
],
'balance' => 'roundrobin'
},
}
Parameters
The following parameters are available in the haproxy::backend
defined type:
section_name
mode
description
options
collect_exported
config_file
sort_options_alphabetic
defaults
instance
section_name
Data type: String[1]
This name goes right after the 'backend' statement in haproxy.cfg Default: $name (the namevar of the resource).
Default value: $name
mode
Data type: Optional[Enum['tcp', 'http', 'health']]
The mode of operation for the backend service. Valid values are undef, 'tcp', 'http', and 'health'.
Default value: undef
description
Data type: Optional[String]
Allows to add a sentence to describe the related object in the HAProxy HTML stats page. The description will be printed on the right of the object name it describes. Usefull in huge environments
Default value: undef
options
Data type: Variant[Hash, Array[Hash]]
A hash of options that are inserted into the backend configuration block.
Default value:
{
'balance' => 'roundrobin',
}
collect_exported
Data type: Boolean
Boolean, default 'true'. True means 'collect exported @@balancermember resources' (for the case when every balancermember node exports itself), false means 'rely on the existing declared balancermember resources' (for the case when you know the full set of balancermember in advance and use haproxy::balancermember with array arguments, which allows you to deploy everything in 1 run)
Default value: true
config_file
Data type: Optional[Stdlib::Absolutepath]
Optional. Path of the config file where this entry will be added. Assumes that the parent directory exists. Default: $haproxy::params::config_file
Default value: undef
sort_options_alphabetic
Data type: Boolean
Sort options either alphabetic or custom like haproxy internal sorts them. Defaults to true.
Default value: true
defaults
Data type: Optional[String]
Name of the defaults section this backend will use. Defaults to undef which means the global defaults section will be used.
Default value: undef
instance
Data type: String
Optional. Defaults to 'haproxy'
Default value: 'haproxy'
haproxy::balancermember
This type will setup a balancer member inside a listening service configuration block in /etc/haproxy/haproxy.cfg on the load balancer.
- Note Currently it only has the ability to specify the instance name, ip address, port, and whether or not it is a backup. More features can be added as needed. The best way to implement this is to export this resource for all haproxy balancer member servers, and then collect them on the main haproxy load balancer.
Examples
Exporting the resource for a balancer member:
@@haproxy::balancermember { 'haproxy':
listening_service => 'puppet00',
ports => [8140],
server_names => $::hostname,
ipaddresses => $::ipaddress,
options => 'check',
}
Collecting the resource on a load balancer
Haproxy::Balancermember <<| listening_service == 'puppet00' |>>
Creating the resource for multiple balancer members at once
(for single-pass installation of haproxy without requiring a first
pass to export the resources if you know the members in advance):
haproxy::balancermember { 'haproxy':
listening_service => 'puppet00',
ports => 8140,
server_names => ['server01', 'server02'],
ipaddresses => ['192.168.56.200', '192.168.56.201'],
options => 'check',
}
Implemented in HAPROXY 1.8:
Set a template to initialize servers with shared parameters.
The names of these servers are built from <prefix> and <amount> parameters.
Initializes 5 servers with srv1, srv2, srv3, srv4 and srv5 as names,
myserver.example.com as FQDN, 8140 as port, and health-check enabled.
haproxy::balancermember { 'haproxy':
listening_service => 'puppet00',
type => 'server-template'
port => '8140',
prefix => 'srv',
amount => '1-5',
fqdn => 'myserver.example.com',
options => 'check',
}
(this resource can be declared anywhere)
Parameters
The following parameters are available in the haproxy::balancermember
defined type:
listening_service
ports
port
server_names
ipaddresses
prefix
amount
fqdn
options
define_cookies
defaults
config_file
verifyhost
weight
instance
type
listening_service
Data type: String
The haproxy service's instance name (or, the title of the haproxy::listen resource). This must match up with a declared haproxy::listen resource.
ports
Data type: Optional[Haproxy::Ports]
An array or commas-separated list of ports for which the balancer member will accept connections from the load balancer. Note that cookie values aren't yet supported, but shouldn't be difficult to add to the configuration. If you use an array in server_names and ipaddresses, the same port is used for all balancermembers.
Default value: undef
port
Data type: Optional[Variant[String, Stdlib::Port]]
A port for server-template. It is an optional specification.
Default value: undef
server_names
Data type: Variant[String[1], Array]
The name of the balancer member server as known to haproxy in the listening service's configuration block. This defaults to the hostname. Can be an array of the same length as ipaddresses, in which case a balancermember is created for each pair of server_names and ipaddresses (in lockstep).
Default value: $facts['networking']['hostname']
ipaddresses
Data type: Variant[String, Array]
The ip address used to contact the balancer member server. Can be an array, see documentation to server_names.
Default value: $facts['networking']['ip']
prefix
Data type: String
A prefix for the server-template for the server names to be built.
Default value: 'server'
amount
Data type: String
If "amount" is provided, the server-template initializes servers with 1 up to as server name suffixes. A range of numbers <num_low>-<num_high> may also be used to use <num_low> up to <num_high> as server name suffixes.
Default value: '1'
fqdn
Data type: Optional[String]
A FQDN for all the servers the server-template initializes.
Default value: undef
options
Data type: Optional[Variant[String, Array]]
An array of options to be specified after the server declaration in the listening service's configuration block.
Default value: undef
define_cookies
Data type: Boolean
If true, then add "cookie SERVERID" stickiness options. Default false.
Default value: false
defaults
Data type: Optional[String]
Name of the defaults section the backend or listener use. Defaults to undef.
Default value: undef
config_file
Data type: Optional[Stdlib::Absolutepath]
Optional. Path of the config file where this entry will be added. Assumes that the parent directory exists. Default: $haproxy::params::config_file
Default value: undef
verifyhost
Data type: Boolean
Optional. Will add the verifyhost option to the server line, using the specific host from server_names as an argument. Default: false
Default value: false
weight
Data type: Optional[Variant[String, Integer]]
Optional. Will add the weight option to the server line Default: undef
Default value: undef
instance
Data type: String
Optional. Defaults to 'haproxy'
Default value: 'haproxy'
type
Data type: Enum['server', 'default-server', 'server-template']
Optional. Defaults to 'server'
Default value: 'server'
haproxy::defaults
This type will setup a additional defaults configuration block inside the haproxy.cfg file on an haproxy load balancer.
- Note A new default configuration block resets all defaults of prior defaults configuration blocks. Listener, Backends, Frontends and Balancermember can be configured behind a default configuration block by setting the defaults parameter to the corresponding defaults name.
Parameters
The following parameters are available in the haproxy::defaults
defined type:
options
Data type: Hash
A hash of options that are inserted into the defaults configuration block.
Default value: {}
sort_options_alphabetic
Data type: Boolean
Sort options either alphabetic or custom like haproxy internal sorts them. Defaults to true.
Default value: true
merge_options
Data type: Boolean
Whether to merge the user-supplied options
hash with the
default_options
values set in params.pp. Merging allows to change
or add options without having to recreate the entire hash.
Default value: $haproxy::params::merge_options
instance
Data type: String
Optional. Defaults to 'haproxy'.
Default value: 'haproxy'
haproxy::frontend
=== Authors
Gary Larizza gary@puppetlabs.com
- Note Currently requires the puppetlabs/concat module on the Puppet Forge and uses storeconfigs on the Puppet Server to export/collect resources from all balancer members.
Examples
Exporting the resource for a balancer member:
haproxy::frontend { 'puppet00':
ipaddress => $::ipaddress,
ports => [18140],
mode => 'tcp',
bind_options => 'accept-proxy',
options => {
'option' => [
'tcplog',
'accept-invalid-http-request',
],
'timeout client' => '30s',
'balance' => 'roundrobin'
},
}
Parameters
The following parameters are available in the haproxy::frontend
defined type:
section_name
ports
bind
ipaddress
mode
description
bind_options
options
sort_options_alphabetic
defaults
defaults_use_backend
config_file
collect_exported
instance
section_name
Data type: String[1]
This name goes right after the 'frontend' statement in haproxy.cfg Default: $name (the namevar of the resource).
Default value: $name
ports
Data type: Optional[Haproxy::Ports]
Ports on which the proxy will listen for connections on the ip address specified in the ipaddress parameter. Accepts either a single comma-separated string or an array of strings which may be ports or hyphenated port ranges.
Default value: undef
bind
Data type: Optional[Hash]
Set of ip addresses, port and bind options $bind = { '10.0.0.1:80' => ['ssl', 'crt', '/path/to/my/crt.pem'] }
Default value: undef
ipaddress
Data type: Optional[Variant[String, Array]]
The ip address the proxy binds to. Empty addresses, '*', and '0.0.0.0' mean that the proxy listens to all valid addresses on the system.
Default value: undef
mode
Data type: Optional[Enum['tcp', 'http', 'health']]
The mode of operation for the frontend service. Valid values are undef, 'tcp', 'http', and 'health'.
Default value: undef
description
Data type: Optional[String]
Allows to add a sentence to describe the related object in the HAProxy HTML stats page. The description will be printed on the right of the object name it describes. Usefull in huge environments
Default value: undef
bind_options
Data type: Optional[Array]
(Deprecated) An array of options to be specified after the bind declaration in the listening serivce's configuration block.
Default value: undef
options
Data type: Variant[Hash, Array[Hash]]
A hash of options that are inserted into the frontend service configuration block.
Default value:
{
'option' => [
'tcplog',
],
}
sort_options_alphabetic
Data type: Boolean
Sort options either alphabetic or custom like haproxy internal sorts them. Defaults to true.
Default value: true
defaults
Data type: Optional[String]
Name of the defaults section this backend will use. Defaults to undef which means the global defaults section will be used.
Default value: undef
defaults_use_backend
Data type: Boolean
If defaults are used and a default backend is configured use the backend name for ordering. This means that the frontend is placed in the configuration file before the backend configuration. Defaults to true.
Default value: true
config_file
Data type: Optional[Stdlib::Absolutepath]
Optional. Path of the config file where this entry will be added. Assumes that the parent directory exists. Default: $haproxy::params::config_file
Default value: undef
collect_exported
Data type: Boolean
Boolean. Default true
Default value: true
instance
Data type: String
Optional. Defaults to 'haproxy'
Default value: 'haproxy'
haproxy::instance
template() function). Defaults to undef
- Note Normally users use the Class['haproxy'], which runs a single haproxy daemon on a machine.
Examples
A single instance of haproxy with all defaults
i.e. emulate Class['haproxy']
package{ 'haproxy': ensure => present }->haproxy::instance { 'haproxy': }->
haproxy::listen { 'puppet00':
instance => 'haproxy',
collect_exported => false,
ipaddress => $::ipaddress,
ports => '8140',
}
Multiple instances of haproxy:
haproxy::instance { 'group1': }
haproxy::instance_service { 'group1':
haproxy_init_source => "puppet:///modules/${module_name}/haproxy-group1.init",
}
haproxy::listen { 'puppet00':
instance => 'group1',
collect_exported => false,
ipaddress => $::ipaddress,
ports => '8800',
requires => Package['haproxy'],
}
haproxy::instance { 'group2': }
haproxy::instance_service { 'group2':
haproxy_init_source => "puppet:///modules/${module_name}/haproxy-group1.init",
}
haproxy::listen { 'puppet00':
instance => 'group2',
collect_exported => false,
ipaddress => $::ipaddress,
ports => '9900',
requires => Package['haproxy'],
}
Multiple instances of haproxy, one with a custom haproxy package:
haproxy::instance { 'group1': }
haproxy::instance_service { 'group1':
haproxy_init_source => "puppet:///modules/${module_name}/haproxy-group1.init",
}
haproxy::listen { 'puppet00':
instance => 'group1',
collect_exported => false,
ipaddress => $::ipaddress,
ports => '8800',
requires => Package['haproxy'],
}
haproxy::instance { 'group2': }
haproxy::instance_service { 'group2':
haproxy_package => 'custom_haproxy',
haproxy_init_source => "puppet:///modules/${module_name}/haproxy-group2.init",
}
haproxy::listen { 'puppet00':
instance => 'group2',
collect_exported => false,
ipaddress => $::ipaddress,
ports => '9900',
requires => Package['haproxy'],
}
Parameters
The following parameters are available in the haproxy::instance
defined type:
package_ensure
package_name
service_ensure
service_manage
chroot_dir_manage
service_name
global_options
defaults_options
restart_command
custom_fragment
config_file
config_validate_cmd
config_dir
merge_options
service_options
sysconfig_options
package_ensure
Data type: Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]]
Ensure the package is present (installed), absent or a specific version. Defaults to 'present'
Default value: 'present'
package_name
Data type: Optional[String]
The package name of haproxy. Defaults to undef, and no package is installed. NOTE: Class['haproxy'] has a different default.
Default value: undef
service_ensure
Data type: Variant[Enum['running', 'stopped'], Boolean]
Chooses whether the haproxy service should be running & enabled at boot, or stopped and disabled at boot. Defaults to 'running'
Default value: 'running'
service_manage
Data type: Boolean
Chooses whether the haproxy service state should be managed by puppet at all. Defaults to true
Default value: true
chroot_dir_manage
Data type: Boolean
Chooses whether the haproxy chroot directory should be managed by puppet at all. Defaults to true
Default value: true
service_name
Data type: Optional[String]
The service name for haproxy. Defaults to undef. If no name is given then the value computed for $instance_name will be used. NOTE: Class['haproxy'] has a different default.
Default value: undef
global_options
Data type: Optional[Hash]
A hash of all the haproxy global options. If you want to specify more than one option (i.e. multiple timeout or stats options), pass those options as an array and you will get a line for each of them in the resultant haproxy.cfg file.
Default value: undef
defaults_options
Data type: Optional[Hash]
A hash of all the haproxy defaults options. If you want to specify more than one option (i.e. multiple timeout or stats options), pass those options as an array and you will get a line for each of them in the resultant haproxy.cfg file.
Default value: undef
restart_command
Data type: Optional[String]
Command to use when restarting the on config changes. Passed directly as the 'restart' parameter to the service resource. # Defaults to undef i.e. whatever the service default is.
Default value: undef
custom_fragment
Data type: Optional[String]
Allows arbitrary HAProxy configuration to be passed through to support additional configuration not available via parameters, or to short-circuit the defined resources such as haproxy::listen when an operater would rather just write plain configuration. Accepts a string (ie, output from the
Default value: undef
config_file
Data type: Optional[Stdlib::Absolutepath]
Allows arbitrary config filename to be specified. If this is used, it is assumed that the directory path to the file exists and has owner/group/permissions as desired. If set to undef, the name will be generated as follows: If $title is 'haproxy', the operating system default will be used. Otherwise, /etc/haproxy-$title/haproxy-$title.conf (Linux), or /usr/local/etc/haproxy-$title/haproxy-$title.conf (FreeBSD) The parent directory will be created automatically. Defaults to undef.
Default value: undef
config_validate_cmd
Data type: Variant[Stdlib::Absolutepath, String]
Command used by concat validate_cmd to validate new config file concat is a valid haproxy config. Default /usr/sbin/haproxy -f % -c
Default value: $haproxy::params::config_validate_cmd
config_dir
Data type: Optional[Stdlib::Absolutepath]
Optional. Default undef.
Default value: undef
merge_options
Data type: Boolean
Default value: $haproxy::params::merge_options
service_options
Data type: String
Default value: $haproxy::params::service_options
sysconfig_options
Data type: String
Default value: $haproxy::params::sysconfig_options
haproxy::instance_service
Set up the environment for an haproxy service.
- Note * Associate an haproxy instance with the haproxy package it should use.
- Create the start/restart/stop functions needed by Service[]. In other words: sets things up so that Service[$instance_name] will work.
In particular:
- Create a link to the binary an instance will be using. This way each instance can link to a different binary. If you have an instance called "foo", you know "haproxy-foo" is a link to the binary it should be using.
- Create an init.d file named after the instance. This way Service[$instance] can start/restart the service.
Parameters
The following parameters are available in the haproxy::instance_service
defined type:
haproxy_package
Data type: String
The name of the package to be installed. This is useful if you package your own custom version of haproxy. Defaults to 'haproxy'
Default value: 'haproxy'
bindir
Data type: Stdlib::Absolutepath
Where to put symlinks to the binary used for each instance. Defaults to '/opt/haproxy'
Default value: '/opt/haproxy/bin'
haproxy_init_source
Data type: Optional[String]
The init.d script that will start/restart/reload this instance.
Default value: undef
haproxy_unit_template
Data type: String
The template that will be used to create an unit file.
Default value: 'haproxy/instance_service_unit.epp'
haproxy::listen
=== Authors
Gary Larizza gary@puppetlabs.com
- Note Each listening service configuration needs one or more load balancer member server (that can be declared with the haproxy::balancermember defined resource type). Using storeconfigs, you can export the haproxy::balancermember resources on all load balancer member servers, and then collect them on a single haproxy load balancer server.
Examples
haproxy::listen { 'puppet00':
ipaddress => $::ipaddress,
ports => [18140],
mode => 'tcp',
options => {
'option' => [
'tcplog',
'ssl-hello-chk'
],
'balance' => 'roundrobin'
},
}
Parameters
The following parameters are available in the haproxy::listen
defined type:
section_name
ports
ipaddress
bind
mode
description
options
bind_options
collect_exported
sort_options_alphabetic
defaults
config_file
instance
section_name
Data type: String[1]
This name goes right after the 'listen' statement in haproxy.cfg Default: $name (the namevar of the resource).
Default value: $name
ports
Data type: Optional[Haproxy::Ports]
Ports on which the proxy will listen for connections on the ip address specified in the ipaddress parameter. Accepts either a single comma-separated string or an array of strings which may be ports or hyphenated port ranges.
Default value: undef
ipaddress
Data type: Optional[Variant[String, Array]]
The ip address the proxy binds to. Empty addresses, '*', and '0.0.0.0' mean that the proxy listens to all valid addresses on the system.
Default value: undef
bind
Data type: Optional[Hash]
Set of ip addresses, port and bind options $bind = { '10.0.0.1:80' => ['ssl', 'crt', '/path/to/my/crt.pem'] }
Default value: undef
mode
Data type: Optional[Enum['tcp', 'http', 'health']]
The mode of operation for the listening service. Valid values are undef, 'tcp', 'http', and 'health'.
Default value: undef
description
Data type: Optional[String]
Allows to add a sentence to describe the related object in the HAProxy HTML stats page. The description will be printed on the right of the object name it describes. Usefull in huge environments
Default value: undef
options
Data type: Variant[Hash, Array[Hash]]
A hash of options that are inserted into the listening service configuration block.
Default value:
{
'option' => [
'tcplog',
],
'balance' => 'roundrobin',
}
bind_options
Data type: Optional[Array]
(Deprecated) An array of options to be specified after the bind declaration in the listening serivce's configuration block.
Default value: undef
collect_exported
Data type: Boolean
Boolean, default 'true'. True means 'collect exported @@balancermember resources' (for the case when every balancermember node exports itself), false means 'rely on the existing declared balancermember resources' (for the case when you know the full set of balancermembers in advance and use haproxy::balancermember with array arguments, which allows you to deploy everything in 1 run)
Default value: true
sort_options_alphabetic
Data type: Boolean
Sort options either alphabetic or custom like haproxy internal sorts them. Defaults to true.
Default value: true
defaults
Data type: Optional[String]
Name of the defaults section this backend will use. Defaults to undef which means the global defaults section will be used.
Default value: undef
config_file
Data type: Optional[Stdlib::Absolutepath]
Optional. Path of the config file where this entry will be added. Assumes that the parent directory exists. Default: $haproxy::params::config_file
Default value: undef
instance
Data type: String
Optional. Defaults to 'haproxy'
Default value: 'haproxy'
haproxy::mailer
This type will set up a mailer entry inside the mailers configuration block in haproxy.cfg on the load balancer.
- Note Currently, it has the ability to specify the instance name, ip address, ports and server_names. Automatic discovery of mailer nodes may be implemented by exporting the mailer resource for all HAProxy balancer servers that are configured in the same HA block and then collecting them on all load balancers.
Parameters
The following parameters are available in the haproxy::mailer
defined type:
mailers_name
Data type: String
Specifies the mailer in which this load balancer needs to be added.
server_names
Data type: Variant[String[1], Array]
Sets the name of the mailer server in the mailers configuration block. Defaults to the hostname. Can be an array. If this parameter is specified as an array, it must be the same length as the ipaddresses parameter's array. A mailer is created for each pair of server_names and ipaddresses in the array.
Default value: $facts['networking']['hostname']
ipaddresses
Data type: Variant[String, Array]
Specifies the IP address used to contact the mailer member server. Can be an array. If this parameter is specified as an array it must be the same length as the server_names parameter's array. A mailer is created for each pair of address and server_name.
Default value: $facts['networking']['ip']
port
Data type: Variant[String, Stdlib::Port]
Sets the port on which the mailer is going to share the state.
instance
Data type: String
The instance name of the mailer entry. Default value: 'haproxy'.
Default value: 'haproxy'
haproxy::mailers
This type will set up a mailers entry in haproxy.cfg on the load balancer.
- Note This setting makes it possible to send emails during state changes.
Parameters
The following parameters are available in the haproxy::mailers
defined type:
instance
Data type: String
Optional. Defaults to 'haproxy'.
Default value: 'haproxy'
collect_exported
Data type: Boolean
Boolean. Defaults to true.
Default value: true
haproxy::mapfile
Manage an HAProxy map file as documented in https://cbonte.github.io/haproxy-dconv/configuration-1.5.html#7.3.1-map
- Note A map file contains one key + value per line. These key-value pairs are
specified in the
mappings
array or by additionalhaproxy::mapfile::entry
definitions.
Parameters
The following parameters are available in the haproxy::mapfile
defined type:
name
The namevar of the defined resource type is the filename of the map file
(without any extension), relative to the haproxy::config_dir
directory.
A '.map' extension will be added automatically.
mappings
Data type: Array[Variant[String, Hash]]
An array of mappings for this map file. Array elements may be Hashes with a
single key-value pair each (preferably) or simple Strings. Default: []
Default value: []
ensure
Data type: Enum['present', 'absent']
The state of the underlying file resource, either 'present' or 'absent'. Default: 'present'
Default value: 'present'
owner
Data type: String
The owner of the underlying file resource. Defaut: 'root'
Default value: 'root'
group
Data type: String
The group of the underlying file resource. Defaut: 'root'
Default value: 'root'
mode
Data type: String
The mode of the underlying file resource. Defaut: '0644'
Default value: '0644'
instances
Data type: Array
Array of managed HAproxy instance names to notify (restart/reload) when the
map file is updated. This is so that the same map file can be used with
multiple HAproxy instances. Default: [ 'haproxy' ]
Default value: ['haproxy']
haproxy::mapfile::entry
Manage an HAProxy map file as documented in https://cbonte.github.io/haproxy-dconv/configuration-1.5.html#7.3.1-map
- Note A map file contains one key + value per line. These key-value pairs are
specified in the
mappings
array.
Parameters
The following parameters are available in the haproxy::mapfile::entry
defined type:
name
The namevar of the defined resource type is the filename of the map file
(without any extension), relative to the haproxy::config_dir
directory.
A '.map' extension will be added automatically.
mappings
Data type: Array[Variant[String, Hash]]
An array of mappings for this map file. Array elements may be Hashes with a
single key-value pair each (preferably) or simple Strings. Default: []
Default value: [$title]
mapfile
Data type: String
A string that specifies the name of the mapfile. Default value: ''.
order
Data type: Variant[String, Integer]
Defines the order for the mapfile. Accepts Integer or Strings. Default value: '10'.
Default value: '10'
haproxy::peer
This type will set up a peer entry inside the peers configuration block in haproxy.cfg on the load balancer.
- Note Currently, it has the ability to specify the instance name, ip address, ports and server_names.
Parameters
The following parameters are available in the haproxy::peer
defined type:
peers_name
Data type: String
Specifies the peer in which this load balancer needs to be added.
server_names
Data type: Variant[String[1], Array]
Sets the name of the peer server in the peers configuration block. Defaults to the hostname. Can be an array. If this parameter is specified as an array, it must be the same length as the ipaddresses parameter's array. A peer is created for each pair of server_names and ipaddresses in the array.
Default value: $facts['networking']['hostname']
ipaddresses
Data type: Variant[String, Array]
Specifies the IP address used to contact the peer member server. Can be an array. If this parameter is specified as an array it must be the same length as the server_names parameter's array. A peer is created for each pair of address and server_name.
Default value: $facts['networking']['ip']
port
Data type: Variant[String, Stdlib::Port]
Sets the port on which the peer is going to share the state.
config_file
Data type: Optional[Stdlib::Absolutepath]
Optional. Path of the config file where this entry will be added. Assumes that the parent directory exists. Default: $haproxy::params::config_file
Default value: undef
instance
Data type: String
The instance name of the mailer entry. Default value: 'haproxy'.
Default value: 'haproxy'
haproxy::peer::collect_exported
Private define
haproxy::peers
on the load balancer. This setting is required to share the current state of HAproxy with other HAproxy in High available configurations.
Parameters
The following parameters are available in the haproxy::peers
defined type:
name
Sets the peers' name. Generally it will be the namevar of the defined resource type. This value appears right after the 'peers' statement in haproxy.cfg
config_file
Data type: Optional[Stdlib::Absolutepath]
Optional. Path of the config file where this entry will be added. Assumes that the parent directory exists. Default: $haproxy::params::config_file
Default value: undef
instance
Data type: String
Optional. Defaults to 'haproxy'
Default value: 'haproxy'
collect_exported
Data type: Boolean
Boolean. Defaults to true
Default value: true
haproxy::resolver
=== Authors
Gary Larizza gary@puppetlabs.com Ricardo Rosales missingcharacter@gmail.com
- Note Currently requires the puppetlabs/concat module on the Puppet Forge and uses storeconfigs on the Puppet Server to export/collect resources from all balancer members.
Examples
Exporting the resource for a balancer member:
haproxy::resolver { 'puppet00':
nameservers => {
'dns1' => '10.0.0.1:53',
'dns2' => '10.0.0.2:53'
},
hold => {
'nx' => '30s',
'valid' => '10s'
},
resolve_retries => 3,
timeout => {
'retry' => '1s'
},
accepted_payload_size => 512,
}
Parameters
The following parameters are available in the haproxy::resolver
defined type:
section_name
nameservers
parse_resolv_conf
hold
resolve_retries
timeout
accepted_payload_size
collect_exported
config_file
sort_options_alphabetic
defaults
instance
section_name
Data type: String[1]
This name goes right after the 'resolvers' statement in haproxy.cfg Default: $name (the namevar of the resource).
Default value: $name
nameservers
Data type: Hash
Set of id, ip addresses and port options. $nameservers = { 'dns1' => '10.0.0.1:53', 'dns2' => '10.0.0.2:53' } Either the 'nameservers' or the 'parse_resolv_conf' parameter must be specified in order for the resolver to work. Default: none specified.
Default value: {}
parse_resolv_conf
Data type: Boolean
If true, parse resolv.conf to retrieve an ordered set of nameservers. This can be used instead of (or in addition to) the 'nameservers' parameter. Default: false
Default value: false
hold
Data type: Optional[Hash]
Defines during which the last name resolution should be kept based on last valid resolution status. $hold = { 'nx' => '30s', 'valid' => '10s' }
Default value: undef
resolve_retries
Data type: Optional[Integer]
Defines the number of queries to send to resolve a server name before giving up. $resolve_retries = 3
Default value: undef
timeout
Data type: Optional[Hash]
Defines timeouts related to name resolution in the listening serivce's configuration block. $timeout = { 'retry' => '1s' }
Default value: undef
accepted_payload_size
Data type: Optional[Integer[512, 8192]]
Defines the maximum payload size accepted by HAProxy and announced to all the name servers configured in this resolvers section. is in bytes. If not set, HAProxy announces 512. (minimal value defined by RFC 6891) Note: the maximum allowed value is 8192.
Default value: undef
collect_exported
Data type: Boolean
Boolean, default 'true'. True means 'collect exported @@balancermember resources' (for the case when every balancermember node exports itself), false means 'rely on the existing declared balancermember resources' (for the case when you know the full set of balancermember in advance and use haproxy::balancermember with array arguments, which allows you to deploy everything in 1 run)
Default value: true
config_file
Data type: Optional[Stdlib::Absolutepath]
Optional. Path of the config file where this entry will be added. Assumes that the parent directory exists. Default: $haproxy::params::config_file
Default value: undef
sort_options_alphabetic
Data type: Boolean
Sort options either alphabetic or custom like haproxy internal sorts them. Defaults to true.
Default value: true
defaults
Data type: Optional[String]
Name of the defaults section this backend will use. Defaults to undef which means the global defaults section will be used.
Default value: undef
instance
Data type: String
Optional. Defaults to 'haproxy'
Default value: 'haproxy'
haproxy::userlist
=== Authors
Jeremy Kitchen jeremy@nationbuilder.com
- Note See http://cbonte.github.io/haproxy-dconv/configuration-1.4.html#3.4 for more info
Parameters
The following parameters are available in the haproxy::userlist
defined type:
section_name
Data type: String[1]
This name goes right after the 'userlist' statement in haproxy.cfg Default: $name (the namevar of the resource).
Default value: $name
users
Data type: Optional[Array[Variant[String, Sensitive[String]]]]
An array of users in the userlist. See http://cbonte.github.io/haproxy-dconv/configuration-1.4.html#3.4-user
Default value: undef
groups
Data type: Optional[Array[String]]
An array of groups in the userlist. See http://cbonte.github.io/haproxy-dconv/configuration-1.4.html#3.4-group
Default value: undef
config_file
Data type: Optional[Stdlib::Absolutepath]
Optional. Path of the config file where this entry will be added. Assumes that the parent directory exists. Default: $haproxy::params::config_file
Default value: undef
instance
Data type: String
Optional. Defaults to 'haproxy'
Default value: 'haproxy'
Functions
haproxy::generate_error_message
Type: Ruby 4.x API
Function created to generate error message. Any string as error message can be passed and the function can be called in epp templates.
haproxy::generate_error_message(String $error_message)
Function created to generate error message. Any string as error message can be passed and the function can be called in epp templates.
Returns: Any
error_message
Data type: String
haproxy::sort_bind
Type: Ruby 4.x API
The haproxy::sort_bind function.
haproxy::sort_bind(Hash $bind)
The haproxy::sort_bind function.
Returns: Array
bind
Data type: Hash
haproxy::validate_ip_addr
Type: Ruby 4.x API
The haproxy::validate_ip_addr function.
haproxy::validate_ip_addr(String $virtual_ip)
The haproxy::validate_ip_addr function.
Returns: Boolean
virtual_ip
Data type: String
Data types
Haproxy::Ports
Port or list of ports for haproxy. Supports ,
seperated list of ports also.
Alias of Variant[Array[Variant[Pattern[/^[0-9]+$/],Stdlib::Port],0], Pattern[/^[0-9,]+$/], Stdlib::Port]
Changelog
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
v8.1.0 - 2024-12-16
Added
- (CAT-2101) Add support for Debian-12 #619 (skyamgarp)
- Allow ports parameters as Stdlib::Ports #610 (traylenator)
Fixed
- (CAT-2158) Upgrade rexml to address CVE-2024-49761 #621 (amitkarsale)
v8.0.0 - 2023-11-22
Changed
- merge_options: Switch default false->true #592 (bastelfreak)
Added
Other
- Add bastelfreak to codeowners #594 (bastelfreak)
v7.2.1 - 2023-09-26
Fixed
- Replace merge() with native puppet code #579 (hawkeye-7)
- haproxy::backend: Always set $_sort_options_alphabetic #576 (bastelfreak)
v7.2.0 - 2023-08-11
Added
Fixed
- (CAT-1314) Fix for template bug with maxconn since PR#564 #569 (praj1001)
- Correct warnings about deprecated parameter #557 (hawkeye-7)
v7.1.0 - 2023-07-24
Added
- pdksync - (MAINT) - Allow Stdlib 9.x #556 (LukasAud)
- (CONT-880) Update concat dependency #549 (LukasAud)
Fixed
- (CONT-966) Replace replace
.is_hash
with.is_a(Hash)
#551 (david22swan)
v7.0.0 - 2023-04-03
Changed
- (Cont 779) Add Support for Puppet 8 / Drop Support for Puppet 6 #544 (david22swan)
v6.5.0 - 2023-03-31
Added
Fixed
- (CONT-651) Adjusting datatypes #540 (LukasAud)
- (CONT-560) Fix facter typos after syntax update #539 (LukasAud)
- (CONT-173) - Updating deprecated facter instances #534 (jordanbreen28)
- pdksync - (CONT-189) Remove support for RedHat6 / Scientific6 #533 (david22swan)
- pdksync - (CONT-130) - Dropping Support for Debian 9 #530 (jordanbreen28)
- update resolver parameters #526 (bugfood)
v6.4.0 - 2022-10-03
Added
- (MAINT) Add support for Ubuntu 22.04 #528 (jordanbreen28)
v6.3.0 - 2022-06-13
Added
- pdksync - (GH-cat-12) Add Support for Redhat 9 #519 (david22swan)
- Allow specifying mapfile entries to be collected later #508 (yakatz)
- Added possibility filling description field #504 (michaelkoettenstorfer)
- pdksync - (IAC-1753) - Add Support for AlmaLinux 8 #502 (david22swan)
- pdksync - (IAC-1751) - Add Support for Rocky 8 #501 (david22swan)
- Adding chroot_dir_manage parameter. #498 (Tamerz)
Fixed
- pdksync - (GH-iac-334) Remove Support for Ubuntu 14.04/16.04 #511 (david22swan)
- pdksync - (IAC-1787) Remove Support for CentOS 6 #507 (david22swan)
- [MODULES-11274] Allow usage of parameter manage_config_dir #506 (tuxmea)
- haproxy_userlist: fix empty users/groups handling. #505 (bzed)
- pdksync - (IAC-1598) - Remove Support for Debian 8 #500 (david22swan)
v6.2.1 - 2021-08-26
Fixed
- (IAC-1741) Allow stdlib v8.0.0 #495 (david22swan)
v6.2.0 - 2021-08-23
Added
- pdksync - (IAC-1709) - Add Support for Debian 11 #493 (david22swan)
v6.1.0 - 2021-07-06
Added
- allow type 'default-server' for balancermember #489 (trefzer)
- Use Puppet-Datatype Sensitive #487 (cocker-cc)
v6.0.2 - 2021-06-21
Fixed
v6.0.1 - 2021-05-24
Fixed
v6.0.0 - 2021-03-29
v5.0.0 - 2021-03-01
Changed
- pdksync - Remove Puppet 5 from testing and bump minimal version to 6.0.0 #465 (carabasdaniel)
v4.5.0 - 2020-12-14
Added
- pdksync - (feat) Add support for Puppet 7 #456 (daianamezdrea)
v4.4.0 - 2020-11-23
Added
Fixed
- (bugfix) backend: dont log warnings if not necessary #449 (bastelfreak)
- frontend options: order default_backend after specific backends & test #447 (MajorFlamingo)
v4.3.0 - 2020-09-18
Added
- pdksync - (IAC-973) - Update travis/appveyor to run on new default branch main #437 (david22swan)
- (IAC-746) - Add ubuntu 20.04 support #430 (david22swan)
Fixed
- (IAC-988) - Removal of inappropriate terminology #443 (david22swan)
v4.2.1 - 2020-05-19
Fixed
- Ensure multiple instances may be created with the default package. #348 (surprisingb)
v4.2.0 - 2019-12-09
Added
- (FM-8674) - Support added for CentOS 8 #397 (david22swan)
v4.1.0 - 2019-09-27
Added
- pdksync - Add support on Debian10 #380 (lionce)
- FM-8140 Add redhat8 support #374 (sheenaajay)
- (FM-8220) convert to use litmus #373 (tphoney)
Fixed
- MODULES-9783 - Removed option tcplog #376 (uberjew666)
- Add check of OS for the systemd unitfile #347 (surprisingb)
v4.0.0 - 2019-05-17
Changed
- pdksync - (MODULES-8444) - Raise lower Puppet bound #362 (david22swan)
Added
- [FM-7934] - Puppet Strings #365 (carabasdaniel)
Fixed
- (MODULES-8930) Fix stahnma/epel dependency failures #364 (eimlav)
- Remove execute bit on systemd unit file #354 (shanemadden)
3.0.1 - 2019-02-20
3.0.0 - 2019-02-12
Changed
- (FM-7675) - Support has been removed for RHEL 6 #345 (david22swan)
Added
- (MODULES-8539) Added 'accepted_payload_size' to resolver #346 (genebean)
- Sergey leskov/servertemplatekwimp #337 (LeskovSergey)
Fixed
- (MODULES-8566) Only create entries for defined settings #350 (genebean)
- (MODULES-8407) Add option to set the service's name #342 (genebean)
- pdksync - (FM-7655) Fix rubygems-update for ruby < 2.3 #341 (tphoney)
2.2.0 - 2018-09-27
Added
- pdksync - (MODULES-6805) metadata.json shows support for puppet 6 #333 (tphoney)
- pdksync - (MODULES-7658) use beaker4 in puppet-module-gems #330 (tphoney)
- (MODULES-7562) - Addition of support for Ubuntu 18.04 to haproxy #324 (david22swan)
- (MODULES-5992) Add debian 9 compatibility #321 (hunner)
Fixed
- pdksync - (MODULES-7658) use beaker3 in puppet-module-gems #327 (tphoney)
- (MODULES-7630) - Update README Limitations section #325 (eimlav)
- [FM-6964] Removal of unsupported OS from haproxy #323 (david22swan)
- (maint) Add netstat for debian9 testing #322 (hunner)
- Change bind_options default value #313 (bdandoy)
2.1.0 - 2018-01-25
Fixed
2.0.1 - 2017-12-13
Added
- bump allowed concat module version to 5.0.0 #302 (mateusz-gozdek-sociomantic)
2.0.0 - 2017-12-12
Changed
- (WIP) Puppet4 update #285 (HelenCampbell)
Added
- Add haproxy::resolver supported only by haproxy version 1.6+ #291 (missingcharacter)
Fixed
- on freebsd haproxy lives on /usr/local/sbin #292 (rmdir)
- Fixed example ports listenning value 18140->8140 #289 (tux-o-matic)
list - 2017-07-18
Added
- Add support for balancermember weights #280 (johanek)
- harden chmod of haproxy config file #272 (tphoney)
- Add verifyhost parameter to balancermember resource #268 (JAORMX)
- (MODULES-3547) Added listen check, fix tests #252 (hunner)
Fixed
- Change if $bind_options to if $bind_options != '' #283 (jnieuwen)
- workaround usage of 'which' in Ubuntu 12.04 (puppet 2.7.11) #267 (eumel8)
- Drop :undef values from haproxy config template #262 (mks-m)
1.5.0 - 2016-06-14
Added
- Add /etc/sysconfig/haproxy(instance_name) support #242 (sjoeboo)
- (MODULES-3258) Validate the config before adding it #236 (hunner)
- add option to use multiple defaults sections #232 (vicinus)
- (MODULES-3055) Add mailers #231 (hunner)
- Socat is way better than netcat #229 (hunner)
- improve ordering of options #224 (vicinus)
Fixed
- (MODULES-3366) Add missing check flag #243 (hunner)
- (MODULES-3412) Use haproxy::config_file instead of default config_file #239 (ctiml)
- bugfix: correct class for sort_options_alphabetic acceptance test #228 (vicinus)
- No longer add $ensure to balancermember concat fragments #226 (jyaworski)
- Fix markup around section "Manage a map file" #222 (antaflos)
- Only create config_dir in specific cases. #210 (pmlee)
1.4.0 - 2016-01-11
Added
- Adding mode to backend class #211 (DavidS)
- Validate global_options and defaults_options. #207 (tlimoncelli)
Fixed
- Fix port parameter name on haproxy::peer defined type #208 (tomashejatko)
1.3.1 - 2015-12-07
Added
- (MODULES-2704) Consistent use of ::haproxy::config_file #201 (traylenator)
Fixed
1.3.0 - 2015-07-23
Added
Fixed
- ignore the log directory #183 (tphoney)
- Implement
options
as array of hashes so order is preserved #173 (antaflos)
1.2.0 - 2015-03-10
Added
- Make
bind
parameter processing more flexible #154 (antaflos) - adding a default option into nodesets #150 (tphoney)
- Set ipaddress default value to undef #146 (sergakaibis)
- MODULES-1619 Add haproxy version fact #144 (petems)
- Peers feature #125 (josecastroleon)
- Add support for loadbalancer member without ports #120 (ericlaflamme)
Fixed
- Missing ensure for peer #156 (underscorgan)
- Corrected namespaces on variables #145 (t0mmyt)
- Fixed RedHat name for osfamily case #137 (gildub)
1.1.0 - 2014-11-04
Added
Fixed
- Remove deprecated concat::setup class #129 (blkperl)
- Fix issue with puppet_module_install, removed and using updated method f... #126 (cyberious)
1.0.0 - 2014-07-22
Added
- CentOS 5 gets haproxy from epel #117 (hunner)
- Add bind_options for frontends #94 (hunner)
- Define each server/port combination on its own line #93 (hunner)
- Avoid mixing up backend servers #92 (hunner)
- Add custom_fragment parameter #89 (hunner)
- Add chroot ownership #87 (hunner)
- haproxy::userlist resource #85 (kitchen)
Fixed
- OSX not compatible, and windows doesn't have hieraconf #110 (hunner)
- Add checks for passive failover and PE module paths #107 (hunner)
- Correctly privetize define #95 (hunner)
- Reduce template code duplication #91 (hunner)
- Fix the mkdir for moduledir #88 (hunner)
- Remove warnings when storeconfigs is not being used #81 (yasn77)
- Fix ordering of options changing #69 (lboynton)
0.5.0 - 2014-05-28
Added
- Add haproxy::listen bind_options parameter for setting arbitrary 'bind' options #82 (misterdorm)
- Archlinux Support added. #70 (aboe76)
- Support minus in service names #60 (ymc-dabe)
Fixed
- Rewrite with install/config/service classes, and correct parameter naming. #80 (hunner)
- Remove redundant params section #79 (kurthuwig)
- Moved from
#include_class
to#contain_class
#67 (retr0h) - Allow user-defined service restart parameter. #57 (bleach)
0.4.1 - 2013-10-08
Fixed
0.4.0 - 2013-10-03
Added
- Add an ensure parameter to balancermember. #43 (bleach)
- Add parameter to specify an alternate package name to install #42 (rharrison10)
- adds backend and frontend config sections #37 (kitchen)
Fixed
0.3.0 - 2013-05-29
Dependencies
- puppetlabs/stdlib (>= 4.13.1 < 10.0.0)
- puppetlabs/concat (>= 1.2.3 < 10.0.0)
Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Quality checks
We run a couple of automated scans to help you assess a module’s quality. Each module is given a score based on how well the author has formatted their code and documentation and select modules are also checked for malware using VirusTotal.
Please note, the information below is for guidance only and neither of these methods should be considered an endorsement by Puppet.
Malware scan results
The malware detection service on Puppet Forge is an automated process that identifies known malware in module releases before they’re published. It is not intended to replace your own virus scanning solution.
Learn more about malware scans- Module name:
- puppetlabs-haproxy
- Module version:
- 8.1.0
- Scan initiated:
- December 18th 2024, 4:27:13
- Detections:
- 0 / 61
- Scan stats:
- 61 undetected
- 0 harmless
- 0 failures
- 0 timeouts
- 0 malicious
- 0 suspicious
- 15 unsupported
- Scan report:
- View the detailed scan report