Defined Type: cloudlb::haproxy::service
- Defined in:
- modules/cloudlb/manifests/haproxy/service.pp
Overview
SPDX-License-Identifier: Apache-2.0
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 |
# File 'modules/cloudlb/manifests/haproxy/service.pp', line 2
define cloudlb::haproxy::service (
CloudLB::HAProxy::Service::Definition $service,
) {
# shortcuts
if $service['backend']['servers'] =~ Array[Stdlib::Fqdn] {
$servers = $service['backend']['servers']
} else {
$servers = $service['backend']['servers'].map |OpenStack::ControlNode $node| {
$node['cloud_private_fqdn']
}
}
$primary_host = $service['backend']['primary_host']
$port_backend = $service['backend']['port']
$frontends = $service['frontends']
$type = $service['type']
$open_firewall = $service['open_firewall']
$healthcheck_options = $service['healthcheck']['options']
$healthcheck_method = $service['healthcheck']['method']
$healthcheck_path = $service['healthcheck']['path']
$firewall = $service['firewall']
$http = $service['http']
if $type == 'http' {
file { "/etc/haproxy/conf.d/${title}.cfg":
ensure => present,
owner => 'root',
group => 'root',
mode => '0444',
content => template('cloudlb/haproxy/conf.d/http-service.cfg.erb'),
# restart to pick up new config files in conf.d
notify => Service['haproxy'],
}
} elsif $type == 'tcp' {
file { "/etc/haproxy/conf.d/${title}.cfg":
ensure => present,
owner => 'root',
group => 'root',
mode => '0444',
content => template('cloudlb/haproxy/conf.d/tcp-service.cfg.erb'),
# restart to pick up new config files in conf.d
notify => Service['haproxy'],
}
} else {
fail("Unknown service type ${type}")
}
$frontends.each | Integer $index, CloudLB::HAProxy::Service::Frontend $frontend | {
if $firewall['restricted_to_fqdns'] {
$srange = $firewall['restricted_to_fqdns']
$src_sets = undef
} elsif $firewall['open_to_cloud_private'] {
$srange = undef
$src_sets = ['CLOUD_PRIVATE_NETWORKS']
} elsif $firewall['open_to_internet'] {
$srange = undef
$src_sets = undef
} else {
$srange = undef
$src_sets = ['PRODUCTION_NETWORKS', 'LABS_NETWORKS']
}
$port = $frontend['port']
$drange = $frontend['address'].then |$ip| { [$ip] }
firewall::service { "${title}_${port}":
ensure => present,
proto => 'tcp',
port => $port,
srange => $srange,
src_sets => $src_sets,
drange => $drange,
}
}
}
|