Defined Type: cloudlb::haproxy::service

Defined in:
modules/cloudlb/manifests/haproxy/service.pp

Overview

SPDX-License-Identifier: Apache-2.0

Parameters:

  • service (CloudLB::HAProxy::Service::Definition)


2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
# File 'modules/cloudlb/manifests/haproxy/service.pp', line 2

define cloudlb::haproxy::service (
    CloudLB::HAProxy::Service::Definition $service,
) {
    # shortcuts
    if $service['backend']['servers'] =~ Array[Stdlib::Fqdn] {
        $servers = $service['backend']['servers']
    } else {
        $servers = $service['backend']['servers'].map |OpenStack::ControlNode $node| {
            $node['cloud_private_fqdn']
        }
    }
    $primary_host = $service['backend']['primary_host']
    $port_backend = $service['backend']['port']
    $frontends = $service['frontends']
    $type = $service['type']
    $open_firewall = $service['open_firewall']
    $healthcheck_options = $service['healthcheck']['options']
    $healthcheck_method = $service['healthcheck']['method']
    $healthcheck_path = $service['healthcheck']['path']
    $firewall = $service['firewall']
    $http = $service['http']

    if $type == 'http' {
        file { "/etc/haproxy/conf.d/${title}.cfg":
            ensure  => present,
            owner   => 'root',
            group   => 'root',
            mode    => '0444',
            content => template('cloudlb/haproxy/conf.d/http-service.cfg.erb'),
            # restart to pick up new config files in conf.d
            notify  => Service['haproxy'],
        }
    } elsif $type == 'tcp' {
        file { "/etc/haproxy/conf.d/${title}.cfg":
            ensure  => present,
            owner   => 'root',
            group   => 'root',
            mode    => '0444',
            content => template('cloudlb/haproxy/conf.d/tcp-service.cfg.erb'),
            # restart to pick up new config files in conf.d
            notify  => Service['haproxy'],
        }
    } else {
        fail("Unknown service type ${type}")
    }

    $frontends.each | Integer $index, CloudLB::HAProxy::Service::Frontend $frontend | {
        if $firewall['restricted_to_fqdns'] {
            $srange = $firewall['restricted_to_fqdns']
            $src_sets = undef
        } elsif $firewall['open_to_cloud_private'] {
            $srange = undef
            $src_sets = ['CLOUD_PRIVATE_NETWORKS']
        } elsif $firewall['open_to_internet'] {
            $srange = undef
            $src_sets = undef
        } else {
            $srange = undef
            $src_sets = ['PRODUCTION_NETWORKS', 'LABS_NETWORKS']
        }

        $port = $frontend['port']
        $drange = $frontend['address'].then |$ip| { [$ip] }

        firewall::service { "${title}_${port}":
            ensure   => present,
            proto    => 'tcp',
            port     => $port,
            srange   => $srange,
            src_sets => $src_sets,
            drange   => $drange,
        }
    }
}