The Reliable, High Performance TCP/HTTP Load Balancer.
Simple admin listener
.. code-block:: yaml
haproxy:
proxy:
enabled: True
listen:
admin_page:
type: admin
binds:
- address: 0.0.0.0
port: 8801
user: fsdfdsfds
password: dsfdsf
Simple stats listener
.. code-block:: yaml
haproxy:
proxy:
enabled: True
listen:
admin_page:
type: stats
binds:
- address: 0.0.0.0
port: 8801
Sample pillar with admin
.. code-block:: yaml
haproxy:
proxy:
enabled: True
mode: http/tcp
logging: syslog
maxconn: 1024
timeout:
connect: 5000
client: 50000
server: 50000
listen:
https-in:
binds:
- address: 0.0.0.0
port: 443
servers:
- name: server1
host: 10.0.0.1
port: 8443
- name: server2
host: 10.0.0.2
port: 8443
params: 'maxconn 256'
Sample pillar with custom logging
.. code-block:: yaml
haproxy:
proxy:
enabled: True
mode: http/tcp
logging: syslog
maxconn: 1024
timeout:
connect: 5000
client: 50000
server: 50000
listen:
https-in:
binds:
- address: 0.0.0.0
port: 443
servers:
- name: server1
host: 10.0.0.1
port: 8443
- name: server2
host: 10.0.0.2
port: 8443
params: 'maxconn 256'
.. code-block:: yaml
haproxy:
proxy:
enabled: true
mode: tcp
logging: syslog
max_connections: 1024
listen:
mysql:
type: mysql
binds:
- address: 10.0.88.70
port: 3306
servers:
- name: node1
host: 10.0.88.13
port: 3306
params: check inter 15s fastinter 2s downinter 1s rise 5 fall 3
- name: node2
host: 10.0.88.14
port: 3306
params: check inter 15s fastinter 2s downinter 1s rise 5 fall 3 backup
- name: node3
host: 10.0.88.15
port: 3306
params: check inter 15s fastinter 2s downinter 1s rise 5 fall 3 backup
rabbitmq:
type: rabbitmq
binds:
- address: 10.0.88.70
port: 5672
servers:
- name: node1
host: 10.0.88.13
port: 5673
params: check inter 5000 rise 2 fall 3
- name: node2
host: 10.0.88.14
port: 5673
params: check inter 5000 rise 2 fall 3 backup
- name: node3
host: 10.0.88.15
port: 5673
params: check inter 5000 rise 2 fall 3 backup
keystone-1:
type: general-service
binds:
- address: 10.0.106.170
port: 5000
servers:
- name: node1
host: 10.0.88.13
port: 5000
params: check
.. code-block:: yaml
haproxy:
proxy:
enabled: true
mode: tcp
logging: syslog
max_connections: 1024
listen:
mysql:
type: mysql
binds:
- address: 10.0.88.70
port: 3306
servers:
- name: node1
host: 10.0.88.13
port: 3306
params: check inter 15s fastinter 2s downinter 1s rise 5 fall 3
- name: node2
host: 10.0.88.14
port: 3306
params: check inter 15s fastinter 2s downinter 1s rise 5 fall 3 backup
- name: node3
host: 10.0.88.15
port: 3306
params: check inter 15s fastinter 2s downinter 1s rise 5 fall 3 backup
rabbitmq:
type: rabbitmq
binds:
- address: 10.0.88.70
port: 5672
servers:
- name: node1
host: 10.0.88.13
port: 5673
params: check inter 5000 rise 2 fall 3
- name: node2
host: 10.0.88.14
port: 5673
params: check inter 5000 rise 2 fall 3 backup
- name: node3
host: 10.0.88.15
port: 5673
params: check inter 5000 rise 2 fall 3 backup
keystone-1:
type: general-service
binds:
- address: 10.0.106.170
port: 5000
servers:
- name: node1
host: 10.0.88.13
port: 5000
params: check
Sample pillar with port range and port offset
This is usefull in listen blocks for definition of multiple servers that differs only by port number in port range block. This situation can be result of multiple single-thread servers deployed in multi-core environment to better utilize the available cores.
For example, five contrail-api workers occupy ports 9100-9104
.
This can be achieved by using port_range_length
in the pillar,
port_range_length: 5
in this case.
For skipping first worker (worker_id 0
), because it has other
responsibilities and to avoid overloading it by http requests
use the port_range_start_offset
in the pillar,
port_range_start_offset: 1
in this case, it will only use ports
9101-9104 (skipping 9100).
port_range_length
parameter is used to calculate port range endport_range_start_offset
will skip first n ports in port rangeFor backward compatibility, the name of the first server in port range
has no pN
suffix.
The following sample will result in
.. code-block:: text
listen contrail_api
bind 172.16.10.252:8082
option nolinger
balance leastconn
server ntw01p1 172.16.10.95:9101 check inter 2000 rise 2 fall 3
server ntw01p2 172.16.10.95:9102 check inter 2000 rise 2 fall 3
server ntw01p3 172.16.10.95:9103 check inter 2000 rise 2 fall 3
server ntw01p4 172.16.10.95:9104 check inter 2000 rise 2 fall 3
server ntw02 172.16.10.96:9100 check inter 2000 rise 2 fall 3
server ntw02p1 172.16.10.96:9101 check inter 2000 rise 2 fall 3
server ntw02p2 172.16.10.96:9102 check inter 2000 rise 2 fall 3
server ntw02p3 172.16.10.96:9103 check inter 2000 rise 2 fall 3
server ntw02p4 172.16.10.96:9104 check inter 2000 rise 2 fall 3
server ntw03 172.16.10.94:9100 check inter 2000 rise 2 fall 3
server ntw03p1 172.16.10.94:9101 check inter 2000 rise 2 fall 3
server ntw03p2 172.16.10.94:9102 check inter 2000 rise 2 fall 3
server ntw03p3 172.16.10.94:9103 check inter 2000 rise 2 fall 3
server ntw03p4 172.16.10.94:9104 check inter 2000 rise 2 fall 3
.. code-block:: yaml
haproxy:
proxy:
listen:
contrail_api:
type: contrail-api
service_name: contrail
balance: leastconn
binds:
- address: 10.10.10.10
port: 8082
servers:
- name: ntw01
host: 10.10.10.11
port: 9100
port_range_length: 5
port_range_start_offset: 1
params: check inter 2000 rise 2 fall 3
- name: ntw02
host: 10.10.10.12
port: 9100
port_range_length: 5
port_range_start_offset: 0
params: check inter 2000 rise 2 fall 3
- name: ntw03
host: 10.10.10.13
port: 9100
port_range_length: 5
params: check inter 2000 rise 2 fall 3
Custom more complex listener (for Artifactory and subdomains for docker registries)
.. code-block:: yaml
haproxy:
proxy:
listen:
artifactory:
mode: http
options:
- forwardfor
- forwardfor header X-Real-IP
- httpchk
- httpclose
- httplog
sticks:
- stick on src
- stick-table type ip size 200k expire 2m
acl:
is_docker: "path_reg ^/v[12][/.]*"
http_request:
- action: "set-path /artifactory/api/docker/%[req.hdr(host),lower,field(1,'.')]%[path]"
condition: "if is_docker"
balance: source
binds:
- address: ${_param:cluster_vip_address}
port: 8082
ssl:
enabled: true
# This PEM file needs to contain key, cert, CA and possibly
# intermediate certificates
pem_file: /etc/haproxy/ssl/server.pem
servers:
- name: ${_param:cluster_node01_name}
host: ${_param:cluster_node01_address}
port: 8082
params: check
- name: ${_param:cluster_node02_name}
host: ${_param:cluster_node02_address}
port: 8082
params: backup check
It's also possible to use multiple certificates for one listener (eg. when it's bind on multiple interfaces):
.. code-block:: yaml
haproxy:
proxy:
listen:
dummy_site:
mode: http
binds:
- address: 127.0.0.1
port: 8080
ssl:
enabled: true
key: |
my super secret key follows
cert: |
certificate
chain: |
CA chain (if any)
- address: 127.0.1.1
port: 8081
ssl:
enabled: true
key: |
my super secret key follows
cert: |
certificate
chain: |
CA chain (if any)
Definition above will result in creation of /etc/haproxy/ssl/dummy_site
directory with files 1-all.pem
and 2-all.pem
(per binds).
Custom listener with http-check options specified
.. code-block:: yaml
haproxy: proxy: enabled: true forwardfor: enabled: true except: 127.0.0.1 header: X-Forwarded-For if-none: false listen: glance_api: binds:
Custom listener with tcp-check options specified (for Redis cluster with Sentinel)
.. code-block:: yaml
haproxy: proxy: listen: redis_cluster: service_name: redis health-check: tcp: enabled: True options:
Frontend for routing between exists listeners via URL with SSL an redirects. You can use one backend for several URLs.
.. code-block:: yaml
haproxy: proxy: listen: service_proxy: mode: http balance: source format: end binds:
Enable customisable forwardfor
option in defaults
section.
.. code-block:: yaml
haproxy: proxy: enabled: true mode: tcp logging: syslog max_connections: 1024 forwardfor: enabled: true except: header: if-none: false
.. code-block:: yaml
haproxy: proxy: enabled: true mode: tcp logging: syslog max_connections: 1024 forwardfor: enabled: true except: 127.0.0.1 header: X-Real-IP if-none: false
Sample pillar with multiprocess multicore configuration
.. code-block:: yaml
haproxy: proxy: enabled: True nbproc: 4 cpu_map: 1: 0 2: 1 3: 2 4: 3 stats_bind_process: "1 2" mode: http/tcp logging: syslog maxconn: 1024 timeout: connect: 5000 client: 50000 server: 50000 listen: https-in: bind_process: "1 2 3 4" binds:
Implement rate limiting, to prevent excessive requests This feature only works if using 'format: end'
.. code-block:: yaml
haproxy: proxy: ... listen: nova_metadata_api: ... format: end options:
http://salt-formulas.readthedocs.io/ Learn how to install and update salt-formulas
https://github.com/salt-formulas/salt-formula-haproxy/issues In the unfortunate event that bugs are discovered, report the issue to the appropriate issue tracker. Use the Github issue tracker for a specific salt formula
https://launchpad.net/salt-formulas For feature requests, bug reports, or blueprints affecting the entire ecosystem, use the Launchpad salt-formulas project
https://launchpad.net/~salt-formulas-users Join the salt-formulas-users team and subscribe to mailing list if required
https://github.com/salt-formulas/salt-formula-haproxy Develop the salt-formulas projects in the master branch and then submit pull requests against a specific formula
Use this IRC channel in case of any questions or feedback which is always welcome