From ca2c011cf23a4bcdf469b6c9d07f6956204448dd Mon Sep 17 00:00:00 2001
From: Marc Gariepy <gariepy.marc@gmail.com>
Date: Thu, 10 Dec 2020 11:16:06 -0500
Subject: [PATCH] Add haproxy_frontend_only and haproxy_raw feature.

you can add prometheus metric exposed directly via haproxy if your
version is recent enough.
https://www.haproxy.com/blog/haproxy-exposes-a-prometheus-metrics-endpoint/

Change-Id: I10e7220071290301a85409a1f74fcbad2743d19d
---
 defaults/main.yml                             | 12 ++++++++++
 doc/source/configure-haproxy.rst              | 22 +++++++++++++++++++
 ...end-only-haproxy_raw-d55ad3baa8d006f3.yaml |  8 +++++++
 tasks/haproxy_service_config.yml              |  3 ++-
 templates/service.j2                          |  9 ++++++++
 5 files changed, 53 insertions(+), 1 deletion(-)
 create mode 100644 releasenotes/notes/haproxy-frontend-only-haproxy_raw-d55ad3baa8d006f3.yaml

diff --git a/defaults/main.yml b/defaults/main.yml
index 5f334ca..befdfdc 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -61,6 +61,18 @@ haproxy_service_configs: []
 #         letsencrypt-acl:
 #           rule: "path_beg /.well-known/acme-challenge/"
 #           backend_name: letsencrypt
+#   - service:
+#       # https://www.haproxy.com/blog/haproxy-exposes-a-prometheus-metrics-endpoint/
+#       haproxy_service_name: prometheus-metrics
+#       haproxy_port: 8404
+#       haproxy_bind:
+#         - '127.0.0.1'
+#       haproxy_whitelist_networks: "{{ haproxy_whitelist_networks }}"
+#       haproxy_frontend_only: True
+#       haproxy_balance_type: "http"
+#       haproxy_frontend_raw:
+#         - 'http-request use-service prometheus-exporter if { path /metrics }'
+#       haproxy_service_enabled: True
 
 galera_monitoring_user: monitoring
 haproxy_bind_on_non_local: False
diff --git a/doc/source/configure-haproxy.rst b/doc/source/configure-haproxy.rst
index 5247b33..d39efe7 100644
--- a/doc/source/configure-haproxy.rst
+++ b/doc/source/configure-haproxy.rst
@@ -369,3 +369,25 @@ backend service does not require its own corresponding front-end, the
         haproxy_backend_nodes:
           - name: influxdb-service
             ip_addr: 10.100.10.10
+
+Adding prometheus metrics to haproxy
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Since haproxy 2.0 it's possible to exposes prometheus metrics.
+https://www.haproxy.com/blog/haproxy-exposes-a-prometheus-metrics-endpoint/
+if you need to create a frontend for it you can use the `haproxy_frontend_only`
+option:
+
+.. code-block:: yaml
+
+  - service:
+      haproxy_service_name: prometheus-metrics
+      haproxy_port: 8404
+      haproxy_bind:
+        - '127.0.0.1'
+      haproxy_whitelist_networks: "{{ haproxy_whitelist_networks }}"
+      haproxy_frontend_only: True
+      haproxy_frontend_raw:
+        - 'http-request use-service prometheus-exporter if { path /metrics }'
+      haproxy_service_enabled: True
+      haproxy_balance_type: 'http'
diff --git a/releasenotes/notes/haproxy-frontend-only-haproxy_raw-d55ad3baa8d006f3.yaml b/releasenotes/notes/haproxy-frontend-only-haproxy_raw-d55ad3baa8d006f3.yaml
new file mode 100644
index 0000000..34cb23a
--- /dev/null
+++ b/releasenotes/notes/haproxy-frontend-only-haproxy_raw-d55ad3baa8d006f3.yaml
@@ -0,0 +1,8 @@
+---
+features:
+  - It is now possible to have a service which only have a frontend.
+    by using `haproxy_frontend_only` inside your service.
+  - Add the possibility to have a haproxy_frontend_raw entry to control
+    haproxy config for the frontend, the entry will be literally copied in
+    to the service. You can set a list under the key `haproxy_frontend_raw`
+
diff --git a/tasks/haproxy_service_config.yml b/tasks/haproxy_service_config.yml
index 4c558c0..01abe8f 100644
--- a/tasks/haproxy_service_config.yml
+++ b/tasks/haproxy_service_config.yml
@@ -22,7 +22,8 @@
     - (item.service.haproxy_backend_nodes is defined and
       item.service.haproxy_backend_nodes | length > 0) or
       (item.service.haproxy_backup_nodes is defined and
-      item.service.haproxy_backup_nodes | length > 0)
+      item.service.haproxy_backup_nodes | length > 0) or
+      item.service.haproxy_frontend_only | default('False')
     - (item.service.haproxy_service_enabled | default('True')) | bool
     - (item.service.state is not defined or item.service.state != 'absent')
   notify: Regenerate haproxy configuration
diff --git a/templates/service.j2 b/templates/service.j2
index 597c296..841356c 100644
--- a/templates/service.j2
+++ b/templates/service.j2
@@ -70,17 +70,25 @@ frontend {{ item.service.haproxy_service_name }}-front-{{ loop.index }}
 {% if item.service.haproxy_acls is defined %}
 {%   for key, value in item.service.haproxy_acls.items() %}
     acl {{ key }} {{ value.rule }}
+{%     if not item.service.haproxy_frontend_only | default(false) %}
     use_backend {{ value.backend_name | default(item.service.haproxy_service_name) }}-back if {{ key }}
+{%     endif %}
 {%   endfor %}
 {% endif %}
 {% if (item.service.haproxy_ssl | default(false) | bool) and request_option == 'http' and (loop.index == 1 or vip_bind in extra_lb_tls_vip_addresses or item.service.haproxy_ssl_all_vips | default(false) | bool) %}
     reqadd X-Forwarded-Proto:\ https
 {% endif %}
     mode {{ item.service.haproxy_balance_type }}
+{% if not item.service.haproxy_frontend_only | default(false) %}
     default_backend {{ item.service.haproxy_service_name }}-back
+{% endif %}
+{% for entry in item.service.haproxy_raw|default([]) %}
+    {{ entry }}
+{% endfor %}
 {% endfor %}
 {% endif %}
 
+{% if not item.service.haproxy_frontend_only | default(false) %}
 {% set backend_options = item.service.haproxy_backend_options|default([]) %}
 {% set backend_arguments = item.service.haproxy_backend_arguments|default([]) %}
 
@@ -184,3 +192,4 @@ backend {{ item.service.haproxy_service_name }}-back
 {% endfor %}
     {{ entry | join(' ') }}
 {% endfor %}
+{% endif %}