openstack/openstack-ansible-haproxy_server
Code Issues Proposed changes
openstack-ansible-haproxy_s.../templates/service-redirect.j2
Dmitriy Rabotyagov 9a1c483381 Imporove Jinja indentation for service templates 
At the moment service templates are hardly readable, partially due to
complex logic, but incosistent presence of indetnation makes things
way worse, as there's no way to know if you're under some cycle
or condition for sure.

This patch aims to make indents correct which should improve template
readability overall.

Change-Id: Ie60ca87c044281104fbc8334d7254ac351d3d912
2024-03-21 20:05:08 +01:00

100 lines
5.0 KiB
Django/Jinja
Raw Blame History

{% set haproxy_http_front_port = (haproxy_backend_port | int) + 10000 %}
{% set haproxy_https_front_port = (haproxy_backend_port | int) + 20000 %}
# Redirect request to HTTP or HTTPS frontend based on used protocol
frontend {{ service.haproxy_service_name }}-tcp-redirect-front-{{ loop.index }}
mode tcp
bind {{ vip_address }}:{{ service.haproxy_port }}{{ (vip_interface is truthy) | ternary(' interface ' ~ vip_interface, '') }}
tcp-request inspect-delay 2s
tcp-request content accept if HTTP
tcp-request content accept if { req.ssl_hello_type 1 }
use_backend {{ value.backend_name | default(service.haproxy_service_name) }}-redirect-http-back-{{ loop.index }} if HTTP
default_backend {{ value.backend_name | default(service.haproxy_service_name) }}-redirect-https-back-{{ loop.index }}
backend {{ value.backend_name | default(service.haproxy_service_name) }}-redirect-http-back-{{ loop.index }}
mode tcp
server {{ value.backend_name | default(service.haproxy_service_name) }}-http {{ vip_address }}:{{ haproxy_http_front_port }}
backend {{ value.backend_name | default(service.haproxy_service_name) }}-redirect-https-back-{{ loop.index }}
mode tcp
server {{ value.backend_name | default(service.haproxy_service_name) }}-https {{ vip_address }}:{{ haproxy_https_front_port }}
frontend {{ service.haproxy_service_name }}-http-front-{{ loop.index }}
bind {{ vip_address }}:{{ haproxy_http_front_port }}{{ (vip_interface is truthy) | ternary(' interface ' ~ vip_interface, '') }}
{% if request_option == "http" %}
option httplog
option forwardfor except 127.0.0.0/8
{% if service.haproxy_http_keepalive_mode is defined %}
option {{ service.haproxy_http_keepalive_mode }}
{% endif %}
{% elif request_option == "tcp" %}
option tcplog
{% endif %}
{% if service.haproxy_timeout_client is defined %}
timeout client {{ service.haproxy_timeout_client }}
{% endif %}
{% if service.haproxy_allowlist_networks is defined %}
acl allow_list src 127.0.0.1/8 {{ service.haproxy_allowlist_networks | join(' ') }}
tcp-request content accept if allow_list
tcp-request content reject
{% endif %}
{% if service.haproxy_acls is defined %}
{% for key, value in service.haproxy_acls.items() %}
acl {{ key }} {{ value.rule }}
{% if not service.haproxy_frontend_only | default(false) %}
use_backend {{ value.backend_name | default(service.haproxy_service_name) }}-back if {{ key }}
{% endif %}
{% endfor %}
{% endif %}
{% for entry in service.haproxy_maps | default([]) %}
{{ entry }}
{% endfor %}
mode {{ service.haproxy_balance_type }}
{% if (not service.haproxy_frontend_only | default(false)) or ((service.haproxy_default_backend is defined) and (service.haproxy_default_backend | length > 0)) %}
default_backend {{ service.haproxy_default_backend | default(service.haproxy_service_name) }}-back
{% endif %}
{% for entry in (service.haproxy_frontend_raw|default([])) + haproxy_frontend_extra_raw %}
{{ entry }}
{% endfor %}
frontend {{ service.haproxy_service_name }}-https-front-{{ loop.index }}
bind {{ vip_address }}:{{ haproxy_https_front_port }}{{ (vip_interface is truthy) | ternary(' interface ' ~ vip_interface, '') }} ssl crt {{ haproxy_ssl_cert_path }}/haproxy_{{ ansible_facts['hostname'] }}-{{ vip_address }}.pem
{% if request_option == "http" %}
option httplog
option forwardfor except 127.0.0.0/8
{% if service.haproxy_http_keepalive_mode is defined %}
option {{ service.haproxy_http_keepalive_mode }}
{% endif %}
{% elif request_option == "tcp" %}
option tcplog
{% endif %}
{% if service.haproxy_timeout_client is defined %}
timeout client {{ service.haproxy_timeout_client }}
{% endif %}
{% if service.haproxy_allowlist_networks is defined %}
acl allow_list src 127.0.0.1/8 {{ service.haproxy_allowlist_networks | join(' ') }}
tcp-request content accept if allow_list
tcp-request content reject
{% endif %}
{% if service.haproxy_acls is defined %}
{% for key, value in service.haproxy_acls.items() %}
acl {{ key }} {{ value.rule }}
{% if not service.haproxy_frontend_only | default(false) %}
use_backend {{ value.backend_name | default(service.haproxy_service_name) }}-back if {{ key }}
{% endif %}
{% endfor %}
{% endif %}
{% for entry in service.haproxy_maps | default([]) %}
{{ entry }}
{% endfor %}
{% if (service.haproxy_ssl | default(false) | bool) and request_option == 'http' and (loop.index == 1 or vip_address in extra_lb_tls_vip_addresses or (service.haproxy_ssl_all_vips | default(false) | bool and vip_address not in extra_lb_vip_addresses)) %}
http-request add-header X-Forwarded-Proto https
{% endif %}
mode {{ service.haproxy_balance_type }}
{% if (not service.haproxy_frontend_only | default(false)) or ((service.haproxy_default_backend is defined) and (service.haproxy_default_backend | length > 0)) %}
default_backend {{ service.haproxy_default_backend | default(service.haproxy_service_name) }}-back
{% endif %}
{% for entry in (service.haproxy_frontend_raw|default([])) + haproxy_frontend_extra_raw %}
{{ entry }}
{% endfor %}
View Git Blame Copy Permalink