From 72987f8262f1d4676e5a73c4e056aeafc9e2b001 Mon Sep 17 00:00:00 2001 From: Michael Weinrich Date: Tue, 24 May 2016 12:28:18 +0200 Subject: [PATCH 1/3] Add ability to add http-response statements to `listen`, `frontend` and `backend` --- README.md | 12 ++++++++++++ templates/etc/haproxy/backend.cfg.j2 | 5 +++++ templates/etc/haproxy/frontend.cfg.j2 | 5 +++++ templates/etc/haproxy/listen.cfg.j2 | 5 +++++ 4 files changed, 27 insertions(+) diff --git a/README.md b/README.md index 29ea1a88..55814430 100644 --- a/README.md +++ b/README.md @@ -76,6 +76,10 @@ Set up (the latest version of) [HAProxy](http://www.haproxy.org/) in Ubuntu syst * `haproxy_listen.{n}.http_request.{n}.action`: [required]: The rules action (e.g. `add-header`) * `haproxy_listen.{n}.http_request.{n}.param`: [optional]: The complete line to be added (e.g. `X-Forwarded-Proto https`) * `haproxy_listen.{n}.http_request.{n}.cond`: [optional]: A matching condition built from ACLs (e.g. `if { ssl_fc }`) +* `haproxy_listen.{n}.http_response`: [optional]: Access control for Layer 7 responses +* `haproxy_listen.{n}.http_response.{n}.action`: [required]: The rules action (e.g. `del-header`) +* `haproxy_listen.{n}.http_response.{n}.param`: [optional]: The complete line to be added (e.g. `X-Varnish`) +* `haproxy_listen.{n}.http_response.{n}.cond`: [optional]: A matching condition built from ACLs (e.g. `if { ssl_fc }`) * `haproxy_listen.{n}.stats`: [optional]: Stats declarations * `haproxy_listen.{n}.stats.enable`: [required]: Enables statistics reporting with default settings * `haproxy_listen.{n}.stats.uri`: [optional, default `/`]: Define the URI prefix to access statistics @@ -113,6 +117,10 @@ Set up (the latest version of) [HAProxy](http://www.haproxy.org/) in Ubuntu syst * `haproxy_frontend.{n}.http_request.{n}.action`: [required]: The rules action (e.g. `add-header`) * `haproxy_frontend.{n}.http_request.{n}.param`: [optional]: The complete line to be added (e.g. `X-Forwarded-Proto https`) * `haproxy_frontend.{n}.http_request.{n}.cond`: [optional]: A matching condition built from ACLs (e.g. `if { ssl_fc }`) +* `haproxy_frontend.{n}.http_response`: [optional]: Access control for Layer 7 responses +* `haproxy_frontend.{n}.http_response.{n}.action`: [required]: The rules action (e.g. `del-header`) +* `haproxy_frontend.{n}.http_response.{n}.param`: [optional]: The complete line to be added (e.g. `X-Varnish`) +* `haproxy_frontend.{n}.http_response.{n}.cond`: [optional]: A matching condition built from ACLs (e.g. `if { ssl_fc }`) * `haproxy_frontend.{n}.default_backend`: [required]: The backend to use when no `"use_backend"` rule has been matched (e.g. `webservers`) * `haproxy_frontend.{n}.rspadd`: [optional]: Adds headers at the end of the HTTP response * `haproxy_frontend.{n}.rspadd.{n}.string`: [required]: The complete line to be added. Any space or known delimiter must be escaped using a backslash (`'\'`) (in version < 1.6) @@ -137,6 +145,10 @@ Set up (the latest version of) [HAProxy](http://www.haproxy.org/) in Ubuntu syst * `haproxy_backend.{n}.http_request.{n}.action`: [required]: The rules action (e.g. `add-header`) * `haproxy_backend.{n}.http_request.{n}.param`: [optional]: The complete line to be added (e.g. `X-Forwarded-Proto https`) * `haproxy_backend.{n}.http_request.{n}.cond`: [optional]: A matching condition built from ACLs (e.g. `if { ssl_fc }`) +* `haproxy_backend.{n}.http_response`: [optional]: Access control for Layer 7 responses +* `haproxy_backend.{n}.http_response.{n}.action`: [required]: The rules action (e.g. `del-header`) +* `haproxy_backend.{n}.http_response.{n}.param`: [optional]: The complete line to be added (e.g. `X-Varnish`) +* `haproxy_backend.{n}.http_response.{n}.cond`: [optional]: A matching condition built from ACLs (e.g. `if { ssl_fc }`) * `haproxy_backend.{n}.server`: [optional]: Server declarations * `haproxy_backend.{n}.server.{n}.name`: [required]: The internal name assigned to this server * `haproxy_backend.{n}.server.{n}.listen`: [required]: Defines a listening address and/or ports diff --git a/templates/etc/haproxy/backend.cfg.j2 b/templates/etc/haproxy/backend.cfg.j2 index bca94355..8db24dc9 100644 --- a/templates/etc/haproxy/backend.cfg.j2 +++ b/templates/etc/haproxy/backend.cfg.j2 @@ -33,6 +33,11 @@ backend {{ backend.name }} {% endfor %} +{% for http_response in backend.http_response | default([]) %} + http-response {{ http_response.action }}{% if http_response.param is defined %} {{ http_response.param }}{% endif %}{% if http_response.cond is defined %} {{ http_response.cond }}{% endif %} + +{% endfor %} + {% for server in backend.server | default([]) %} server {{ server.name }} {{ server.listen }}{% for param in server.param | default([]) %} {{ param }}{% endfor %} diff --git a/templates/etc/haproxy/frontend.cfg.j2 b/templates/etc/haproxy/frontend.cfg.j2 index 9d0dfc7a..3ac6785b 100644 --- a/templates/etc/haproxy/frontend.cfg.j2 +++ b/templates/etc/haproxy/frontend.cfg.j2 @@ -36,6 +36,11 @@ frontend {{ frontend.name }} {% endfor %} +{% for http_response in frontend.http_response | default([]) %} + http-response {{ http_response.action }}{% if http_response.param is defined %} {{ http_response.param }}{% endif %}{% if http_response.cond is defined %} {{ http_response.cond }}{% endif %} + +{% endfor %} + {% for rspadd in frontend.rspadd | default([]) %} rspadd {{ rspadd.string }}{% if rspadd.cond is defined %} {{ rspadd.cond }}{% endif %} diff --git a/templates/etc/haproxy/listen.cfg.j2 b/templates/etc/haproxy/listen.cfg.j2 index 8650725f..517544ef 100644 --- a/templates/etc/haproxy/listen.cfg.j2 +++ b/templates/etc/haproxy/listen.cfg.j2 @@ -61,6 +61,11 @@ listen {{ listen.name }} {% endfor %} +{% for http_response in listen.http_response | default([]) %} + http-response {{ http_response.action }}{% if http_response.param is defined %} {{ http_response.param }}{% endif %}{% if http_response.cond is defined %} {{ http_response.cond }}{% endif %} + +{% endfor %} + {% for rspadd in listen.rspadd | default([]) %} rspadd {{ rspadd.string }}{% if rspadd.cond is defined %} {{ rspadd.cond }}{% endif %} From 3acc220289eede9b1a683a4a2fce40474cfe202b Mon Sep 17 00:00:00 2001 From: Mischa ter Smitten Date: Thu, 26 May 2016 21:40:59 +0200 Subject: [PATCH 2/3] Improved documentation --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 55814430..d123da33 100644 --- a/README.md +++ b/README.md @@ -79,7 +79,7 @@ Set up (the latest version of) [HAProxy](http://www.haproxy.org/) in Ubuntu syst * `haproxy_listen.{n}.http_response`: [optional]: Access control for Layer 7 responses * `haproxy_listen.{n}.http_response.{n}.action`: [required]: The rules action (e.g. `del-header`) * `haproxy_listen.{n}.http_response.{n}.param`: [optional]: The complete line to be added (e.g. `X-Varnish`) -* `haproxy_listen.{n}.http_response.{n}.cond`: [optional]: A matching condition built from ACLs (e.g. `if { ssl_fc }`) +* `haproxy_listen.{n}.http_response.{n}.cond`: [optional]: A matching condition built from ACLs * `haproxy_listen.{n}.stats`: [optional]: Stats declarations * `haproxy_listen.{n}.stats.enable`: [required]: Enables statistics reporting with default settings * `haproxy_listen.{n}.stats.uri`: [optional, default `/`]: Define the URI prefix to access statistics @@ -120,7 +120,7 @@ Set up (the latest version of) [HAProxy](http://www.haproxy.org/) in Ubuntu syst * `haproxy_frontend.{n}.http_response`: [optional]: Access control for Layer 7 responses * `haproxy_frontend.{n}.http_response.{n}.action`: [required]: The rules action (e.g. `del-header`) * `haproxy_frontend.{n}.http_response.{n}.param`: [optional]: The complete line to be added (e.g. `X-Varnish`) -* `haproxy_frontend.{n}.http_response.{n}.cond`: [optional]: A matching condition built from ACLs (e.g. `if { ssl_fc }`) +* `haproxy_frontend.{n}.http_response.{n}.cond`: [optional]: A matching condition built from ACLs * `haproxy_frontend.{n}.default_backend`: [required]: The backend to use when no `"use_backend"` rule has been matched (e.g. `webservers`) * `haproxy_frontend.{n}.rspadd`: [optional]: Adds headers at the end of the HTTP response * `haproxy_frontend.{n}.rspadd.{n}.string`: [required]: The complete line to be added. Any space or known delimiter must be escaped using a backslash (`'\'`) (in version < 1.6) @@ -148,7 +148,7 @@ Set up (the latest version of) [HAProxy](http://www.haproxy.org/) in Ubuntu syst * `haproxy_backend.{n}.http_response`: [optional]: Access control for Layer 7 responses * `haproxy_backend.{n}.http_response.{n}.action`: [required]: The rules action (e.g. `del-header`) * `haproxy_backend.{n}.http_response.{n}.param`: [optional]: The complete line to be added (e.g. `X-Varnish`) -* `haproxy_backend.{n}.http_response.{n}.cond`: [optional]: A matching condition built from ACLs (e.g. `if { ssl_fc }`) +* `haproxy_backend.{n}.http_response.{n}.cond`: [optional]: A matching condition built from ACLs * `haproxy_backend.{n}.server`: [optional]: Server declarations * `haproxy_backend.{n}.server.{n}.name`: [required]: The internal name assigned to this server * `haproxy_backend.{n}.server.{n}.listen`: [required]: Defines a listening address and/or ports From aa51f4240d4d9377ddc332112fc24c96bd357ed6 Mon Sep 17 00:00:00 2001 From: Mischa ter Smitten Date: Thu, 26 May 2016 21:41:10 +0200 Subject: [PATCH 3/3] Added support for Ubuntu 16.04 --- Vagrantfile | 8 ++++++++ meta/main.yml | 1 + 2 files changed, 9 insertions(+) diff --git a/Vagrantfile b/Vagrantfile index 2086048a..a4c060b9 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -20,6 +20,14 @@ boxes = [ :cpu => "50", :ram => "256" }, + { + :name => "ubuntu-1604", + :box => "opscode-ubuntu-16.04", + :url => "http://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_ubuntu-16.04_chef-provisionerless.box", + :ip => '10.0.0.13', + :cpu => "50", + :ram => "256" + }, ] Vagrant.configure("2") do |config| diff --git a/meta/main.yml b/meta/main.yml index 4aee67cd..1498b341 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -11,6 +11,7 @@ galaxy_info: versions: - precise - trusty + - xenial galaxy_tags: - system - clustering