Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status

The haproxy-ng cookbook has been deprecated

Author provided reason for deprecation:

The haproxy-ng cookbook has been deprecated and is no longer being maintained by its authors. Use of the haproxy-ng cookbook is no longer recommended.

You may find that the haproxy cookbook is a suitable alternative.

RSS

haproxy-ng (36) Versions 1.1.1

modern, resource-driven cookbook for managing haproxy

Policyfile
Berkshelf
Knife
cookbook 'haproxy-ng', '= 1.1.1', :supermarket
cookbook 'haproxy-ng', '= 1.1.1'
knife supermarket install haproxy-ng
knife supermarket download haproxy-ng
README
Dependencies
Changelog
Quality 100%

haproxy-ng cookbook Build Status

A resource-driven cookbook for configuring HAProxy.

Cookbook builds on 2 core resources:

  • haproxy_instance: the "parent" resource, which maps to a complete configuration and (probably) a running haproxy daemon
  • haproxy_proxy: the "core" proxy resource, which maps to a specific proxy

Additional resources haproxy_peers, haproxy_userlist, haproxy_frontend,
haproxy_backend, haproxy_defaults, and haproxy_listen extend the haproxy_proxy
resource with additional validation for common configuration keywords for their respective
proxy types.

Suggested background reading:

  • The Fine Manual
  • This README, the modules in libraries/haproxy*.rb, and the individual resources/providers (libraries/chef_haproxy*.rb)
  • the test target and example wrapper cookbook: 'test/fixtures/cookbooks/my-lb'
  • the consul-template powered example wrapper cookbook: 'test/fixtures/cookbooks/my-consul-lb'

Recipes

haproxy-ng::default

Configures a default instance, 'haproxy_instance[haproxy]', and corresponding
'haproxy' service via the config, tuning, and proxies cookbook attributes
(which are mapped onto the corresponding resource attributes).

This recipe also provides a useful example of using the provided helper,
Haproxy::Helpers#proxy, to map a list of proxies to their corresponding
resources in the resource collection.

See wrapper cookbook example at 'test/fixtures/cookbooks/my-lb'.

haproxy-ng::install

Installs haproxy via the node['haproxy']['install_method'] method.
Supports 'package', 'source', and 'ppa'.

haproxy-ng::service

Configures a default-named ("haproxy") service resource.

Useful for typical installs running a single haproxy daemon under the default
'haproxy' service name. Service providers, or those running multiple haproxy
daemons on a single host will most likely want to configure a service instance
per haproxy_instance.

Attributes

Attribute Description Default
install_method One of: 'package', 'source', 'ppa' package
proxies Array of proxy names for the default haproxy_instance[haproxy] []
config global config of resource haproxy_instance[haproxy] See attributes/default.rb
tuning global tuning of resource haproxy_instance[haproxy] See attributes/default.rb

And more! (see attributes/*.rb)

Resources

haproxy_instance

The "parent" resource. Maps 1-to-1 with a generated haproxy config file,
and most likely to a running service.

Attribute Description Default
verify whether to perform resource whitelist validation true
config global keywords for process mgmt ['daemon']
tuning global keywords for performance ['maxconn 256']
debug global keyword for debugging ('debug', 'quiet') nil
proxies array of proxies, see default recipe for example []

haproxy_proxy

The simplest proxy representation and base class for the other
proxy resources (peers, userlist, defaults, frontend, backend, listen).

Attribute Description Default
verify whether to perform resource whitelist validation true
type String denoting proxy type. (defaults, frontend, backend, listen, peers, userlist) nil
config array of keywords, validated against specified type []

haproxy_peers

Maps to a peers block in haproxy configuration. Not actually a proxy,
but treating it like one is useful for code reusability. Don't judge me.

Attribute Description Default
verify whether to perform resource whitelist validation true
peers array of hashes. each hash requires 'name', 'config' keys []
config array of peers keywords. validated against whitelist []

For example, this resource:

haproxy_peers 'lb' do
  peers [
    {
      'name' => 'lb01',
      'address' => '12.4.56.78',
      'port' => 1_024
    },
    {
      'name' => 'lb02',
      'address' => '12.34.56.8',
      'port' => 1_024
    },
  ]
end

will render this configuration:

peers lb
  peer lb01 12.4.56.78:1024
  peer lb02 12.34.56.8:1024

haproxy_userlist

Maps to a userlist block in haproxy configuration. Also not actually a proxy,
as such.

Attribute Description Default
verify whether to perform resource whitelist validation true
groups array of hashes. hashes require 'name', 'config' keys []
users array of hashes. hashes require 'name', 'config' keys []
config array of userlist keywords, validated against whitelist []

For example, this resource:

haproxy_userlist 'L1' do
  groups [
    { 'name' => 'G1', 'config' => 'users tiger,scott' },
    { 'name' => 'G2', 'config' => 'users xdb,scott' }
  ]
  users [
    { 'name' => 'tiger', 'config' => 'insecure-password password123' },
    { 'name' => 'scott', 'config' => 'insecure-password pa55word123' },
    { 'name' => 'xdb', 'config' => 'insecure-password hello' }
  ]
end

will render this configuration:

userlist L1
  group G1 users tiger,scott
  group G2 users xdb,scott
  user tiger insecure-password password123
  user scott insecure-password pa55word123
  user xdb insecure-password hello

haproxy_defaults

Maps to a 'defaults' block in haproxy configuration. Convention
suggests that resource names be capitalized (e.g. haproxy_defaults[HTTP]).

Attribute Description Default
verify whether to perform resource whitelist validation true
mode specifies listener mode (http, tcp, health) nil
default_backend argument to default_backend keyword nil
balance desired balancing algo (see docs for permitted values) nil
source argument to source keyword nil
config array of defaults keywords, validated against whitelist []

For example, this resource:

haproxy_defaults 'TCP' do
  mode 'tcp'
  balance 'leastconn'
  source node['ipaddress']
  config [
    'option clitcpka',
    'option srvtcpka',
    'timeout connect 5s',
    'timeout client 300s',
    'timeout server 300s'
  ]
end

will render this configuration:

defaults TCP
  balance leastconn
  mode tcp
  option clitcpka
  option srvtcpka
  timeout connect 5s
  timeout client 300s
  timeout server 300s
  source 10.0.2.15

haproxy_frontend

Maps to a frontend block in the instance configuration,
and typically to one or more listening ports or sockets.

Attribute Description Default
verify whether to perform resource whitelist validation true
mode specifies listener mode (http, tcp, health) nil
acls array of hashes, each requiring 'name', 'criterion' keys []
description string describing proxy nil
bind args to bind keyword nil
default_backend argument to default_backend keyword nil
use_backends array of hashes, each requiring 'backend', 'condition', keys []
config array of frontend keywords, validated against whitelist []
config_tail same as 'config' only appended after acls []

For example, this resource:

haproxy_frontend 'www' do
  mode 'http'
  acls [
    {
      'name' => 'inside',
      'criterion' => 'src 10.0.0.0/8'
    }
  ]
  description 'http frontend'
  bind '*:80'
  default_backend 'app'
  use_backends [
    {
      'backend' => 'app',
      'condition' => 'if inside'
    }
  ]
  config [
    'option clitcpka'
  ]
  config_tail [
    'http-request allow if inside'
  ]
end

will render this configuration:

frontend www
  bind *:80
  mode http
  option clitcpka
  description http frontend
  acl inside src 10.0.0.0/8
  http-request allow if inside
  default_backend app
  use_backend app if inside

haproxy_backend

Maps to a backend configuration block in haproxy configuration.

Attribute Description Default
verify whether to perform resource whitelist validation true
mode specifies listener mode (http, tcp, health) nil
acls array of hashes, each requiring 'name', 'criterion' keys []
description string describing proxy nil
balance desired balancing algo (see docs for permitted values) nil
source string specifying args to source keyword nil
servers array of hashes, each requiring 'name', 'address', 'port' keys. 'config' key optional []
config array of backend keywords, validated against whitelist []
config_tail same as 'config' only appended after acls []

For example, this resource:

haproxy_backend 'app' do
  mode 'http'
  acls [
    {
      'name' => 'inside',
      'criterion' => 'src 10.0.0.0/8'
    }
  ]
  description 'app pool'
  balance 'roundrobin'
  source node['ipaddress']
  servers [
    {
      'name' => 'app01',
      'address' => '12.34.56.78',
      'port' => 80,
      'config' => 'check inter 5000 rise 2 fall 5'
    },
    {
      'name' => 'app02',
      'address' => '12.4.56.78',
      'port' => 80,
      'config' => 'check inter 5000 rise 2 fall 5'
    },
  ]
  config [
    'option httpchk GET /health_check HTTP/1.1\r\nHost:\ localhost'
  ]
  config_tail [
    'http-request allow if inside'
  ]
end

will render this configuration:

backend app
  balance roundrobin
  mode http
  option httpchk GET /health_check HTTP/1.1\r\nHost:\ localhost
  description app pool
  acl inside src 10.0.0.0/8
  http-request allow if inside
  source 10.0.2.15
  server app01 12.34.56.78:80 check inter 5000 rise 2 fall 5
  server app02 22.4.56.78:80 check inter 5000 rise 2 fall 5

haproxy_listen

Maps to a listen configuration block, combines frontend and backend config
blocks into a single proxy. Less flexible, but more concise. Typically used
for tcp-mode proxies with a 1:1 frontend:backend mapping.

Attribute Description Default
verify whether to perform resource whitelist validation true
mode specifies listener mode (http, tcp, health) nil
acls array of hashes, each requiring 'name', 'criterion' keys []
description string describing proxy nil
balance desired balancing algo (see docs for permitted values) nil
source string specifying args to source keyword nil
servers array of hashes, each requiring 'name', 'address', 'port' keys. 'config' key optional []
bind args to bind keyword nil
default_backend argument to default_backend keyword nil
use_backends array of hashes, each requiring 'backend', 'condition', keys []
config array of listen keywords, validated against whitelist []
config_tail same as 'config' only appended after acls []

For example, this resource:

haproxy_listen 'mysql' do
  mode 'tcp'
  acls [
    {
      'name' => 'inside',
      'criterion' => 'src 10.0.0.0/8'
    }
  ]
  description 'mysql pool'
  balance 'leastconn'
  source node['ipaddress']
  bind '0.0.0.0:3306'
  servers [
    {
      'name' => 'mysql01',
      'address' => '12.34.56.89',
      'port' => 3_306,
      'config' => 'maxconn 500 check port 3306 inter 2s backup'
    },
    {
      'name' => 'mysql02',
      'address' => '12.34.56.90',
      'port' => 3_306,
      'config' => 'maxconn 500 check port 3306 inter 2s backup'
    },
  ]
  config [
    'option mysql-check'
  ]
  config_tail [
    'http-request allow if inside'
  ]
end

will generate this configuration:

listen mysql
  bind 0.0.0.0:3306
  balance leastconn
  mode tcp
  option mysql-check
  description mysql pool
  acl inside src 10.0.0.0/8
  http-request allow if inside
  source 10.0.2.15
  server mysql01 12.34.56.89:3306 maxconn 500 check port 3306 inter 2s backup
  server mysql02 12.34.56.90:3306 maxconn 500 check port 3306 inter 2s backup

1.1.1 / 2015-11-11

  • add config_tail option for adding config after acls (thanks @balexx!)

1.1.0 / 2015-09-25

  • continuation of config merge fix to handle attributes (thanks @kwilczynski!)
  • updated init system handling (added systemd cookbook dependency)

1.0.2 / 2015-08-25

  • fix config merge when passing an attribute instead of an array (thanks @kwilczynski and @andrewdutton!)

1.0.1 / 2015-07-04

  • update to haproxy 1.5.14

1.0.0 / 2015-06-26

  • remove world-readability from config templates
  • update to latest source release

0.5.2 / 2015-06-24

  • add missing requires to libraries
  • fix service provider for upstart service with package-install
  • update version matching for ark resource

0.5.1 / 2015-06-24

  • fix compile-time constant initialization warnings
  • fix upstart service on EL6

0.5.0 / 2015-05-28

  • break up the hwrp-supporting modules into smaller pieces
  • update source installation to use the ark cookbook

0.4.1 / 2015-05-22

  • doc updates related to 0.4.0
  • fix disabling verification for proxy sub-resources
  • demo using consul-template with haproxy-ng

0.4.0 / 2015-05-17

  • rename validate_at_compile option to 'verify' to adhere to chef norms
  • skip instance config verification if 'verify' attribute is false

0.3.0 / 2015-05-15

  • add ability to disable compile-time validation of proxy/instance resources with the "validate_at_compile" resource attribute
  • add new verify attribute to instance template when chef > 12; replaces validating execute resource
  • updated testing/documentation

0.2.12 / 2015-05-09

  • add extra keyword

0.2.11 / 2015-05-07

  • explicitly list supported service actions (thanks @alefend)

0.2.10 / 2015-05-06

  • fix cops
  • bump to latest stable haproxy for source build

0.2.9 / 2015-04-03

  • misc. doc updates
  • misc. testing improvements
  • backport upstream improvements to systemd service file
  • sort servers by name to reduce unnecessary restart/reload

0.2.8 / 2015-02-27

  • doc updates

0.2.7 / 2015-02-27

  • unit testing improvements
  • fix bind keyword matrix entry

0.2.6 / 2015-02-25

  • add ppa install method (thanks @elementai!)

0.2.5 / 2015-02-25

  • fix service setup on fedora when doing source install

0.2.4 / 2015-02-23

  • fix stick-table entry

0.2.3 / 2015-02-19

  • add peers resource
  • add userlist resource

0.2.2 / 2015-02-17

  • enable source install
  • docs and testing updates

0.2.1 / 2015-02-13

  • permit abuse of proxy resource for configuration of peers, userlists
  • various testing improvements

0.2.0 / 2015-02-11

  • set type as required attribute for haproxy_proxy resource
  • remove default proxy list, proxies recipe
  • various and sundry documentation and testing improvements
  • add negated keyword equivalents where appropriate

0.1.22 / 2015-02-10

  • fix Haproxy::Proxy::NonDefaults.merged_config source merge

0.1.20 / 2015-02-10

  • instance resource filters on actionable proxies
  • remove peer/usergroups attrs from instance resource pending actual build-out
  • extract default instance config into attributes to make it easier to consume default recipe

0.1.18 / 2015-02-09

  • add timeout options to redis listen proxy
  • move mode attr back into modules

0.1.16 / 2015-02-09

  • fix balance keyword for DefaultsBackend

0.1.14 / 2015-02-09

  • add listen resource to default recipe for testing
  • move mode attribute under general proxy resource

0.1.12 / 2015-02-09

  • fix listen provider
  • add dummy listen resource to default recipe

0.1.10 / 2015-02-09

  • use strings as keys

0.1.8 / 2015-02-09

  • fix option typo

0.1.6 / 2015-02-09

  • fix type for listen resource

0.1.4 / 2015-02-06

  • use the correct resource provider for the listener resource

0.1.2 / 2015-02-05

  • more build-out, consolidation of attributes common to multiple resources

0.1.0 / 2015-02-03

  • initial release

Foodcritic Metric
            

1.1.1 passed this metric