search

salt-formulas / salt-formula-haproxy

Other
7 stars 20 forks source link

Add 'grafana' as a type for HAProxy #12

Closed gthvn1 closed 7 years ago

gthvn1 commented 7 years ago

This patch adds the type Grafana that uses the mode 'source' to keep the same HAProxy backend for a given source. Otherwise authentication will be asked for each requests.

fpytloun commented 7 years ago

I personally don't like this approach (of using type parameter and abusing haproxy formula for hard-coding some specific setup for other services) and I consider it to be a legacy. Instead prefered way is to define all specific parameters in reclass eg. like this:

https://github.com/Mirantis/ccp-poc-salt-model/blob/master/classes/system/haproxy/proxy/artifactory.yml

parameters:
  haproxy:
    proxy:
      listen:
        artifactory:
          mode: http
          options:
            - forwardfor
            - forwardfor header X-Real-IP
            - httpchk
            - httpclose
            - httplog
          acl:
            is_docker: "path_reg ^/v[12][/.]*"
            is_artifactory_path: "path_beg /artifactory/"
          http_request:
            # Docker registry on subdomain
            - action: "set-path /artifactory/api/docker/%[req.hdr(host),lower,field(1,'.')]%[path]"
              condition: "if is_docker"
            - action: "redirect location /artifactory/webapp/"
              condition: "if !is_artifactory_path !is_docker"
            # Common proxy headers
            - action: "set-header X-Forwarded-Port %[dst_port]"
            - action: "add-header X-Forwarded-Proto https"
              condition: "if { ssl_fc }"
            - action: "add-header X-Forwarded-Proto http"
              condition: "if !{ ssl_fc }"
            - action: "set-header X-Artifactory-Override-Base-Url https://%[req.hdr(host)]/artifactory"
              condition: "if { ssl_fc }"
            - action: "set-header X-Artifactory-Override-Base-Url http://%[req.hdr(host)]/artifactory"
              condition: "if !{ ssl_fc }"
          http_response:
            - action: "del-header X-Frame-Options"
          balance: source
          timeout:
            check: 30s
          binds:
            - address: ${_param:cluster_vip_address}
              port: 8082
              ssl:
                enabled: true
                pem_file: /etc/haproxy/ssl/ci.ccp-poc.cloudlab.cz-all.pem
          servers:
            - name: ${_param:cluster_node01_name}
              host: ${_param:cluster_node01_address}
              port: 18082
              params: check
            - name: ${_param:cluster_node02_name}
              host: ${_param:cluster_node02_address}
              port: 18082
              params: backup check

As it's more powerful (as you can see from complex example above) and better readable (you just rely on metadata and don't need to open jinja templated config file to see what's happening).

elemoine commented 7 years ago

I personally don't like this approach (of using type parameter and abusing haproxy formula for hard-coding some specific setup for other services) and I consider it to be a legacy.

+1 I was going to make the same comment.

simonpasquier commented 7 years ago

Closing since @fpytloun provided the solution for the problem.