From 6336b3fe5d07a67d524a618df1f6e19aee2e3b6e Mon Sep 17 00:00:00 2001 From: Georg Pfuetzenreuter Date: Sun, 4 Feb 2024 21:07:44 +0100 Subject: [PATCH] feat(stats): refactor global stats sockets This allows for multiple sockets to be defined, which is useful if multiple sockets with different access levels are desired. BREAKING CHANGE: The `haproxy:global:stats` pillar structure changed. Signed-off-by: Georg Pfuetzenreuter --- haproxy/templates/haproxy.jinja | 9 +++------ pillar.example | 19 ++++++++++++------- test/salt/pillar/default.sls | 15 +++++++-------- 3 files changed, 22 insertions(+), 21 deletions(-) diff --git a/haproxy/templates/haproxy.jinja b/haproxy/templates/haproxy.jinja index 0f014cc..9ad1544 100644 --- a/haproxy/templates/haproxy.jinja +++ b/haproxy/templates/haproxy.jinja @@ -45,12 +45,9 @@ global {%- if salt['pillar.get']('haproxy:global:daemon', 'no') == True %} daemon {%- endif %} -{%- if salt['pillar.get']('haproxy:global:stats:enable', 'no') == True %} - {%- set socketpath = salt['pillar.get']('haproxy:global:stats:socketpath', '/tmp/ha_stats.sock') %} - {%- set mode = salt['pillar.get']('haproxy:global:stats:mode', '660') %} - {%- set level = salt['pillar.get']('haproxy:global:stats:level', 'operator') %} - stats socket {{ socketpath }} mode {{ mode }} level {{ level }}{% if 'extra' in salt['pillar.get']('haproxy:global:stats', {}) %} {{ salt['pillar.get']('haproxy:global:stats:extra') }}{% endif %} -{%- endif %} +{%- for socket, socket_config in salt['pillar.get']('haproxy:global:stats', {}).items() %} + stats socket {{ socket }} mode {{ socket_config.get('mode', '0600') }} level {{ socket_config.get('level', 'user') }} user {{ socket_config.get('user', 'haproxy') }} group {{ socket_config.get('group', 'haproxy') }} +{%- endfor %} {%- if 'maxconn' in salt['pillar.get']('haproxy:global', {}) %} maxconn {{ salt['pillar.get']('haproxy:global:maxconn') }} {%- endif %} diff --git a/pillar.example b/pillar.example index 1daeab4..3a05a85 100644 --- a/pillar.example +++ b/pillar.example @@ -24,14 +24,19 @@ haproxy: log-tag: haproxy # Optional log-send-hostname parameter, sets the hostname field in the syslog header log-send-hostname: localhost + # stats sockets stats: - enable: true - socketpath: /var/lib/haproxy/stats - mode: 660 - level: admin - # yamllint disable-line rule:line-length - # Optional extra bind parameter, for example to set the owner/group on the socket file - extra: user haproxy group haproxy + /run/haproxy/stats-ro: + # the defaults + level: user + mode: 600 + user: haproxy + group: haproxy + /run/haproxy/stats-rw: + # custom example + level: admin + mode: 660 + group: sysadmins # yamllint disable-line rule:line-length ssl-default-bind-ciphers: "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384" ssl-default-bind-options: "no-sslv3 no-tlsv10 no-tlsv11" diff --git a/test/salt/pillar/default.sls b/test/salt/pillar/default.sls index 47b33a7..2bd03ac 100644 --- a/test/salt/pillar/default.sls +++ b/test/salt/pillar/default.sls @@ -21,14 +21,13 @@ haproxy: # Optional log-send-hostname parameter, sets the hostname field in the syslog header log-send-hostname: localhost stats: - enable: true - # Using the `haproxy:global:chroot:path` - socketpath: /var/lib/haproxy/stats - mode: 660 - level: admin - # yamllint disable-line rule:line-length - # Optional extra bind parameter, for example to set the owner/group on the socket file - extra: user haproxy group haproxy + /run/haproxy/stats-operator: + level: operator + mode: 660 + group: users + /run/haproxy/stats-admin: + level: admin + mode: 600 # yamllint disable-line rule:line-length ssl-default-bind-ciphers: "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384" ssl-default-bind-options: "no-sslv3 no-tlsv10 no-tlsv11"