Puppet Class: profile::mariadb::proxy

Defined in:
modules/profile/manifests/mariadb/proxy.pp

Overview

base profile to have a manually-managed haproxy installation, pointing to to nowere by default. Check ::profile::mariadb::proxy::master,replica for it to do something useful (failover or load balancing)

  • pid: full path of the pid passed to haproxy to control running process

  • socket: full path of the socket passed to haproxy to connect without tcp

  • firewall: controls the firewall, the options are:

    • 'disabled': no firewall is setup

    • 'cloud': firewall with holes to cloud network for cloud production services

    • 'misc': firewall with holes to misc services: rt, librenms, gerrit

    • 'internal': firewall only to the internal network (10.x hosts)

Parameters:

  • pid (Any) (defaults to: lookup('profile::mariadb::proxy::pid', {'default_value' => '/run/haproxy/haproxy.pid'}))
  • socket (Any) (defaults to: lookup('profile::mariadb::proxy::socket', {'default_value' => '/run/haproxy/haproxy.sock'}))
  • firewall (Any) (defaults to: lookup('profile::mariadb::proxy::firewall', {'default_value' => 'internal'}))


11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
# File 'modules/profile/manifests/mariadb/proxy.pp', line 11

class profile::mariadb::proxy (
    $pid      = lookup('profile::mariadb::proxy::pid', {'default_value' => '/run/haproxy/haproxy.pid'}),
    $socket   = lookup('profile::mariadb::proxy::socket', {'default_value' => '/run/haproxy/haproxy.sock'}),
    $firewall = lookup('profile::mariadb::proxy::firewall', {'default_value' => 'internal'})
    ){

    class { 'haproxy':
        template => 'profile/mariadb/proxy/db.cfg.erb',
        pid      => $pid,
        socket   => $socket,
    }

    if $firewall == 'internal' {
        include ::profile::base::firewall
        ::profile::mariadb::ferm { 'dbproxy': }
    } elsif $firewall == 'misc' {
        include ::profile::base::firewall
        ::profile::mariadb::ferm { 'dbproxy': }
        include ::profile::mariadb::ferm_misc
    } elsif $firewall == 'cloud' {
        include ::profile::base::firewall
        ::profile::mariadb::ferm { 'dbproxy': }
        include ::profile::mariadb::ferm_wmcs
    } elsif $firewall == 'cloud+lists' {
        include ::profile::base::firewall
        ::profile::mariadb::ferm { 'dbproxy': }
        include ::profile::mariadb::ferm_wmcs
        include ::profile::mariadb::ferm_lists
    } elsif $firewall == 'public' {
        include ::profile::base::firewall
        ::profile::mariadb::ferm_public { 'dbproxy': }
    } elsif $firewall != 'disabled' {
        fail('profile::mariadb::proxy::firewall can only be internal, public, misc, cloud, cloud+lists or disabled.')
    }
}