diff options
author | varac <varacanero@zeromail.org> | 2017-02-23 11:42:47 +0100 |
---|---|---|
committer | varac <varacanero@zeromail.org> | 2017-03-15 19:22:50 +0100 |
commit | cce9af1fce42c29bf062cccfc46ef356d83a6328 (patch) | |
tree | b7f6a7de0f11e9381eb833a09f1cc1175dbce9ca | |
parent | bb4dd153bbf1174a95017d0046ea9e1320fd81a9 (diff) |
[8144] Remove Haproxy
We used haproxy because we had multiple bigcouch nodes but now
with a single couchdb node this is not needed anymore.
- Resolves: #8144
35 files changed, 21 insertions, 1140 deletions
diff --git a/bin/debug.sh b/bin/debug.sh index d6f37542..35bcfa3e 100755 --- a/bin/debug.sh +++ b/bin/debug.sh @@ -2,7 +2,7 @@ # debug script to be run on remote servers # called from leap_cli with the 'leap debug' cmd -apps='(leap|pixelated|stunnel|couch|soledad|haproxy)' +apps='(leap|pixelated|stunnel|couch|soledad)' facts='(apt_running |^architecture |^augeasversion |^couchdb_.* |^debian_.* |^dhcp_enabled |^domain |^facterversion |^filesystems |^fqdn |^hardwaremodel |^hostname |^interface.* |^ipaddress.* |^is_pe |^is_virtual |^kernel.* |^lib |^lsb.* |^memory.* |^mtu_.* |^netmask.* |^network_.* |^operatingsystem |^os.* |^path |^physicalprocessorcount |^processor.* |^ps |^puppetversion |^root_home |^rsyslog_version |^rubysitedir |^rubyversion |^selinux |^ssh_version |^swapfree.* |^swapsize.* |^type |^virtual)' @@ -24,6 +24,3 @@ ps aux|egrep "$apps" echo -e '\n\n' echo -e "Last deploy:\n" tail -2 /var/log/leap/deploy-summary.log - - - diff --git a/lib/leap_cli/macros/haproxy.rb b/lib/leap_cli/macros/haproxy.rb deleted file mode 100644 index 3fef24c4..00000000 --- a/lib/leap_cli/macros/haproxy.rb +++ /dev/null @@ -1,73 +0,0 @@ -# encoding: utf-8 - -## -## HAPROXY -## - -module LeapCli - module Macro - - # - # creates a hash suitable for configuring haproxy. the key is the node name of the server we are proxying to. - # - # * node_list - a hash of nodes for the haproxy servers - # * stunnel_client - contains the mappings to local ports for each server node. - # * non_stunnel_port - in case self is included in node_list, the port to connect to. - # - # 1000 weight is used for nodes in the same location. - # 100 otherwise. - # - def haproxy_servers(node_list, stunnel_clients, non_stunnel_port=nil) - default_weight = 10 - local_weight = 100 - - # record the hosts_file - hostnames(node_list) - - # create a simple map for node name -> local stunnel accept port - accept_ports = stunnel_clients.inject({}) do |hsh, stunnel_entry| - name = stunnel_entry.first.sub(/_[0-9]+$/, '') - hsh[name] = stunnel_entry.last['accept_port'] - hsh - end - - # if one the nodes in the node list is ourself, then there will not be a stunnel to it, - # but we need to include it anyway in the haproxy config. - if node_list[self.name] && non_stunnel_port - accept_ports[self.name] = non_stunnel_port - end - - # create the first pass of the servers hash - servers = node_list.values.inject(Config::ObjectList.new) do |hsh, node| - # make sure we have a port to talk to - unless accept_ports[node.name] - error "haproxy needs a local port to talk to when connecting to #{node.name}" - end - weight = default_weight - try { - weight = local_weight if self.location.name == node.location.name - } - hsh[node.name] = Config::Object[ - 'backup', false, - 'host', 'localhost', - 'port', accept_ports[node.name], - 'weight', weight - ] - if node.services.include?('couchdb') - hsh[node.name]['writable'] = node.couch.mode != 'mirror' - end - hsh - end - - # if there are some local servers, make the others backup - if servers.detect{|k,v| v.weight == local_weight} - servers.each do |k,server| - server['backup'] = server['weight'] == default_weight - end - end - - return servers - end - - end -end diff --git a/provider_base/services/mx.json b/provider_base/services/mx.json index 334e40de..17861d18 100644 --- a/provider_base/services/mx.json +++ b/provider_base/services/mx.json @@ -19,12 +19,6 @@ "couch_client": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.port)" } }, - "haproxy": { - "couch": { - "listen_port": 4096, - "servers": "= haproxy_servers(nodes_like_me[:services => :couchdb], stunnel.clients.couch_client, global.services[:couchdb].couch.port)" - } - }, "couchdb_leap_mx_user": { "username": "= global.services[:couchdb].couch.users[:leap_mx].username", "password": "= secret :couch_leap_mx_password", diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index feca9524..0fd62795 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -45,12 +45,6 @@ "couch_client": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.port)" } }, - "haproxy": { - "couch": { - "listen_port": 4096, - "servers": "= haproxy_servers(nodes_like_me[:services => :couchdb], stunnel.clients.couch_client, global.services[:couchdb].couch.port)" - } - }, "definition_files": { "provider": "= file :provider_json_template", "eip_service": "= file [:eip_service_json_template, 'v'+webapp.api_version.to_s]", diff --git a/puppet/modules/haproxy/.fixtures.yml b/puppet/modules/haproxy/.fixtures.yml deleted file mode 100644 index 8d6f22d6..00000000 --- a/puppet/modules/haproxy/.fixtures.yml +++ /dev/null @@ -1,5 +0,0 @@ -fixtures: - repositories: - concat: "git://github.com/ripienaar/puppet-concat.git" - symlinks: - haproxy: "#{source_dir}" diff --git a/puppet/modules/haproxy/.gemfile b/puppet/modules/haproxy/.gemfile deleted file mode 100644 index 9aad840c..00000000 --- a/puppet/modules/haproxy/.gemfile +++ /dev/null @@ -1,5 +0,0 @@ -source :rubygems - -puppetversion = ENV.key?('PUPPET_VERSION') ? "= #{ENV['PUPPET_VERSION']}" : ['>= 2.7'] -gem 'puppet', puppetversion -gem 'puppetlabs_spec_helper', '>= 0.1.0' diff --git a/puppet/modules/haproxy/.gitrepo b/puppet/modules/haproxy/.gitrepo deleted file mode 100644 index ed92831a..00000000 --- a/puppet/modules/haproxy/.gitrepo +++ /dev/null @@ -1,11 +0,0 @@ -; DO NOT EDIT (unless you know what you are doing) -; -; This subdirectory is a git "subrepo", and this file is maintained by the -; git-subrepo command. See https://github.com/git-commands/git-subrepo#readme -; -[subrepo] - remote = https://leap.se/git/puppet_haproxy - branch = master - commit = af322a73c013f80a958ab7d5d31d0c75cf6d0523 - parent = 04279dd8d1390d61d696d2c14817199304ccd4d8 - cmdver = 0.3.0 diff --git a/puppet/modules/haproxy/.travis.yml b/puppet/modules/haproxy/.travis.yml deleted file mode 100644 index fdbc95dc..00000000 --- a/puppet/modules/haproxy/.travis.yml +++ /dev/null @@ -1,23 +0,0 @@ -language: ruby -rvm: - - 1.8.7 - - 1.9.3 -script: "rake spec" -branches: - only: - - master -env: - - PUPPET_VERSION=2.6.17 - - PUPPET_VERSION=2.7.19 - #- PUPPET_VERSION=3.0.1 # Breaks due to rodjek/rspec-puppet#58 -notifications: - email: false -gemfile: .gemfile -matrix: - exclude: - - rvm: 1.9.3 - gemfile: .gemfile - env: PUPPET_VERSION=2.6.17 - - rvm: 1.8.7 - gemfile: .gemfile - env: PUPPET_VERSION=3.0.1 diff --git a/puppet/modules/haproxy/CHANGELOG b/puppet/modules/haproxy/CHANGELOG deleted file mode 100644 index 0b6d670f..00000000 --- a/puppet/modules/haproxy/CHANGELOG +++ /dev/null @@ -1,5 +0,0 @@ -2012-10-12 - Version 0.2.0 -- Initial public release -- Backwards incompatible changes all around -- No longer needs ordering passed for more than one listener -- Accepts multiple listen ips/ports/server_names diff --git a/puppet/modules/haproxy/Modulefile b/puppet/modules/haproxy/Modulefile deleted file mode 100644 index e729739b..00000000 --- a/puppet/modules/haproxy/Modulefile +++ /dev/null @@ -1,12 +0,0 @@ -name 'puppetlabs-haproxy' -version '0.2.0' -source 'git://github.com/puppetlabs/puppetlabs-haproxy' -author 'Puppet Labs' -license 'Apache License, Version 2.0' -summary 'Haproxy Module' -description 'An Haproxy module for Redhat family OSes using Storeconfigs' -project_page 'http://github.com/puppetlabs/puppetlabs-haproxy' - -## Add dependencies, if any: -# dependency 'username/name', '>= 1.2.0' -dependency 'ripienaar/concat', '>= 0.1.0' diff --git a/puppet/modules/haproxy/README.md b/puppet/modules/haproxy/README.md deleted file mode 100644 index d209e9ab..00000000 --- a/puppet/modules/haproxy/README.md +++ /dev/null @@ -1,87 +0,0 @@ -PuppetLabs Module for haproxy -============================= - -HAProxy is an HA proxying daemon for load-balancing to clustered services. It -can proxy TCP directly, or other kinds of traffic such as HTTP. - -Dependencies ------------- - -Tested and built on Debian, Ubuntu and CentOS - -Currently requires the ripienaar/concat module on the Puppet Forge and uses storeconfigs on the Puppet Master to export/collect resources -from all balancer members. - -Basic Usage ------------ - -This haproxy uses storeconfigs to collect and realize balancer member servers -on a load balancer server. - -*To install and configure HAProxy server listening on port 8140* - -```puppet -node 'haproxy-server' { - class { 'haproxy': } - haproxy::listen { 'puppet00': - ipaddress => $::ipaddress, - ports => '8140', - } -} -``` - -*To add backend loadbalance members* - -```puppet -node 'webserver01' { - @@haproxy::balancermember { $fqdn: - listening_service => 'puppet00', - server_names => $::hostname, - ipaddresses => $::ipaddress, - ports => '8140', - options => 'check' - } -} -``` - -Configuring haproxy options ---------------------------- - -The base `haproxy` class can accept two parameters which will configure basic -behaviour of the haproxy server daemon: - -- `global_options` to configure the `global` section in `haproxy.cfg` -- `defaults_options` to configure the `defaults` section in `haproxy.cfg` - -Configuring haproxy daemon listener ------------------------------------ - -One `haproxy::listen` defined resource should be defined for each HAProxy loadbalanced set of backend servers. The title of the `haproxy::listen` resource is the key to which balancer members will be proxied to. The `ipaddress` field should be the public ip address which the loadbalancer will be contacted on. The `ports` attribute can accept an array or comma-separated list of ports which should be proxied to the `haproxy::balancermemeber` nodes. - -Configuring haproxy loadbalanced member nodes ---------------------------------------------- - -The `haproxy::balacemember` defined resource should be exported from each node -which is serving loadbalanced traffic. the `listening_service` attribute will -associate it with `haproxy::listen` directives on the haproxy node. -`ipaddresses` and `ports` will be assigned to the member to be contacted on. If an array of `ipaddresses` and `server_names` are provided then they will be added to the config in lock-step. - - -Copyright and License ---------------------- - -Copyright (C) 2012 [Puppet Labs](https://www.puppetlabs.com/) Inc - -Puppet Labs can be contacted at: info@puppetlabs.com - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/puppet/modules/haproxy/Rakefile b/puppet/modules/haproxy/Rakefile deleted file mode 100644 index cd3d3799..00000000 --- a/puppet/modules/haproxy/Rakefile +++ /dev/null @@ -1 +0,0 @@ -require 'puppetlabs_spec_helper/rake_tasks' diff --git a/puppet/modules/haproxy/manifests/balancermember.pp b/puppet/modules/haproxy/manifests/balancermember.pp deleted file mode 100644 index a0e27539..00000000 --- a/puppet/modules/haproxy/manifests/balancermember.pp +++ /dev/null @@ -1,95 +0,0 @@ -# == Define Resource Type: haproxy::balancermember -# -# This type will setup a balancer member inside a listening service -# configuration block in /etc/haproxy/haproxy.cfg on the load balancer. -# currently it only has the ability to specify the instance name, -# ip address, port, and whether or not it is a backup. More features -# can be added as needed. The best way to implement this is to export -# this resource for all haproxy balancer member servers, and then collect -# them on the main haproxy load balancer. -# -# === Requirement/Dependencies: -# -# Currently requires the ripienaar/concat module on the Puppet Forge and -# uses storeconfigs on the Puppet Master to export/collect resources -# from all balancer members. -# -# === Parameters -# -# [*name*] -# The title of the resource is arbitrary and only utilized in the concat -# fragment name. -# -# [*listening_service*] -# The haproxy service's instance name (or, the title of the -# haproxy::listen resource). This must match up with a declared -# haproxy::listen resource. -# -# [*ports*] -# An array or commas-separated list of ports for which the balancer member -# will accept connections from the load balancer. Note that cookie values -# aren't yet supported, but shouldn't be difficult to add to the -# configuration. If you use an array in server_names and ipaddresses, the -# same port is used for all balancermembers. -# -# [*server_names*] -# The name of the balancer member server as known to haproxy in the -# listening service's configuration block. This defaults to the -# hostname. Can be an array of the same length as ipaddresses, -# in which case a balancermember is created for each pair of -# server_names and ipaddresses (in lockstep). -# -# [*ipaddresses*] -# The ip address used to contact the balancer member server. -# Can be an array, see documentation to server_names. -# -# [*options*] -# An array of options to be specified after the server declaration -# in the listening service's configuration block. -# -# -# === Examples -# -# Exporting the resource for a balancer member: -# -# @@haproxy::balancermember { 'haproxy': -# listening_service => 'puppet00', -# ports => '8140', -# server_names => $::hostname, -# ipaddresses => $::ipaddress, -# options => 'check', -# } -# -# -# Collecting the resource on a load balancer -# -# Haproxy::Balancermember <<| listening_service == 'puppet00' |>> -# -# Creating the resource for multiple balancer members at once -# (for single-pass installation of haproxy without requiring a first -# pass to export the resources if you know the members in advance): -# -# haproxy::balancermember { 'haproxy': -# listening_service => 'puppet00', -# ports => '8140', -# server_names => ['server01', 'server02'], -# ipaddresses => ['192.168.56.200', '192.168.56.201'], -# options => 'check', -# } -# -# (this resource can be declared anywhere) -# -define haproxy::balancermember ( - $listening_service, - $ports, - $server_names = $::hostname, - $ipaddresses = $::ipaddress, - $options = '' -) { - # Template uses $ipaddresses, $server_name, $ports, $option - concat::fragment { "${listening_service}_balancermember_${name}": - order => "20-${listening_service}-${name}", - target => '/etc/haproxy/haproxy.cfg', - content => template('haproxy/haproxy_balancermember.erb'), - } -} diff --git a/puppet/modules/haproxy/manifests/init.pp b/puppet/modules/haproxy/manifests/init.pp deleted file mode 100644 index b91591a3..00000000 --- a/puppet/modules/haproxy/manifests/init.pp +++ /dev/null @@ -1,149 +0,0 @@ -# == Class: haproxy -# -# A Puppet module, using storeconfigs, to model an haproxy configuration. -# Currently VERY limited - Pull requests accepted! -# -# === Requirement/Dependencies: -# -# Currently requires the ripienaar/concat module on the Puppet Forge and -# uses storeconfigs on the Puppet Master to export/collect resources -# from all balancer members. -# -# === Parameters -# -# [*enable*] -# Chooses whether haproxy should be installed or ensured absent. -# Currently ONLY accepts valid boolean true/false values. -# -# [*version*] -# Allows you to specify what version of the package to install. -# Default is simply 'present' -# -# [*global_options*] -# A hash of all the haproxy global options. If you want to specify more -# than one option (i.e. multiple timeout or stats options), pass those -# options as an array and you will get a line for each of them in the -# resultant haproxy.cfg file. -# -# [*defaults_options*] -# A hash of all the haproxy defaults options. If you want to specify more -# than one option (i.e. multiple timeout or stats options), pass those -# options as an array and you will get a line for each of them in the -# resultant haproxy.cfg file. -# -# -# === Examples -# -# class { 'haproxy': -# enable => true, -# global_options => { -# 'log' => "${::ipaddress} local0", -# 'chroot' => '/var/lib/haproxy', -# 'pidfile' => '/var/run/haproxy.pid', -# 'maxconn' => '4000', -# 'user' => 'haproxy', -# 'group' => 'haproxy', -# 'daemon' => '', -# 'stats' => 'socket /var/lib/haproxy/stats' -# }, -# defaults_options => { -# 'log' => 'global', -# 'stats' => 'enable', -# 'option' => 'redispatch', -# 'retries' => '3', -# 'timeout' => [ -# 'http-request 10s', -# 'queue 1m', -# 'connect 10s', -# 'client 1m', -# 'server 1m', -# 'check 10s' -# ], -# 'maxconn' => '8000' -# }, -# } -# -class haproxy ( - $manage_service = true, - $enable = true, - $version = 'present', - $global_options = $haproxy::params::global_options, - $defaults_options = $haproxy::params::defaults_options -) inherits haproxy::params { - include concat::setup - - package { 'haproxy': - ensure => $enable ? { - true => $version, - false => absent, - }, - name => 'haproxy', - } - - if $enable { - concat { '/etc/haproxy/haproxy.cfg': - owner => '0', - group => '0', - mode => '0644', - require => Package['haproxy'], - notify => $manage_service ? { - true => Service['haproxy'], - false => undef, - }, - } - - # Simple Header - concat::fragment { '00-header': - target => '/etc/haproxy/haproxy.cfg', - order => '01', - content => "# This file managed by Puppet\n", - } - - # Template uses $global_options, $defaults_options - concat::fragment { 'haproxy-base': - target => '/etc/haproxy/haproxy.cfg', - order => '10', - content => template('haproxy/haproxy-base.cfg.erb'), - } - - if ($::osfamily == 'Debian') { - file { '/etc/default/haproxy': - content => 'ENABLED=1', - require => Package['haproxy'], - before => $manage_service ? { - true => Service['haproxy'], - false => undef, - }, - } - } - - file { $global_options['chroot']: - ensure => directory, - owner => $global_options['user'], - group => $global_options['group'], - mode => '0550', - require => Package['haproxy'] - } - - } - - if $manage_service { - service { 'haproxy': - ensure => $enable ? { - true => running, - false => stopped, - }, - enable => $enable ? { - true => true, - false => false, - }, - name => 'haproxy', - hasrestart => true, - hasstatus => true, - require => [ - Concat['/etc/haproxy/haproxy.cfg'], - File[$global_options['chroot']], - ], - } - } -} diff --git a/puppet/modules/haproxy/manifests/listen.pp b/puppet/modules/haproxy/manifests/listen.pp deleted file mode 100644 index 00636e3d..00000000 --- a/puppet/modules/haproxy/manifests/listen.pp +++ /dev/null @@ -1,95 +0,0 @@ -# == Define Resource Type: haproxy::listen -# -# This type will setup a listening service configuration block inside -# the haproxy.cfg file on an haproxy load balancer. Each listening service -# configuration needs one or more load balancer member server (that can be -# declared with the haproxy::balancermember defined resource type). Using -# storeconfigs, you can export the haproxy::balancermember resources on all -# load balancer member servers, and then collect them on a single haproxy -# load balancer server. -# -# === Requirement/Dependencies: -# -# Currently requires the ripienaar/concat module on the Puppet Forge and -# uses storeconfigs on the Puppet Master to export/collect resources -# from all balancer members. -# -# === Parameters -# -# [*name*] -# The namevar of the defined resource type is the listening service's name. -# This name goes right after the 'listen' statement in haproxy.cfg -# -# [*ports*] -# Ports on which the proxy will listen for connections on the ip address -# specified in the virtual_ip parameter. Accepts either a single -# comma-separated string or an array of strings which may be ports or -# hyphenated port ranges. -# -# [*ipaddress*] -# The ip address the proxy binds to. Empty addresses, '*', and '0.0.0.0' -# mean that the proxy listens to all valid addresses on the system. -# -# [*mode*] -# The mode of operation for the listening service. Valid values are 'tcp', -# HTTP', and 'health'. -# -# [*options*] -# A hash of options that are inserted into the listening service -# configuration block. -# -# [*collect_exported*] -# Boolean, default 'true'. True means 'collect exported @@balancermember resources' -# (for the case when every balancermember node exports itself), false means -# 'rely on the existing declared balancermember resources' (for the case when you -# know the full set of balancermembers in advance and use haproxy::balancermember -# with array arguments, which allows you to deploy everything in 1 run) -# -# -# === Examples -# -# Exporting the resource for a balancer member: -# -# haproxy::listen { 'puppet00': -# ipaddress => $::ipaddress, -# ports => '18140', -# mode => 'tcp', -# options => { -# 'option' => [ -# 'tcplog', -# 'ssl-hello-chk' -# ], -# 'balance' => 'roundrobin' -# }, -# } -# -# === Authors -# -# Gary Larizza <gary@puppetlabs.com> -# -define haproxy::listen ( - $ports, - $ipaddress = [$::ipaddress], - $mode = 'tcp', - $collect_exported = true, - $options = { - 'option' => [ - 'tcplog', - 'ssl-hello-chk' - ], - 'balance' => 'roundrobin' - } -) { - # Template uses: $name, $ipaddress, $ports, $options - concat::fragment { "${name}_listen_block": - order => "20-${name}-00", - target => '/etc/haproxy/haproxy.cfg', - content => template('haproxy/haproxy_listen_block.erb'), - } - - if $collect_exported { - Haproxy::Balancermember <<| listening_service == $name |>> - } - # else: the resources have been created and they introduced their - # concat fragments. We don't have to do anything about them. -} diff --git a/puppet/modules/haproxy/manifests/params.pp b/puppet/modules/haproxy/manifests/params.pp deleted file mode 100644 index 53442ddc..00000000 --- a/puppet/modules/haproxy/manifests/params.pp +++ /dev/null @@ -1,65 +0,0 @@ -# == Class: haproxy::params -# -# This is a container class holding default parameters for for haproxy class. -# currently, only the Redhat family is supported, but this can be easily -# extended by changing package names and configuration file paths. -# -class haproxy::params { - case $osfamily { - Redhat: { - $global_options = { - 'log' => "${::ipaddress} local0", - 'chroot' => '/var/lib/haproxy', - 'pidfile' => '/var/run/haproxy.pid', - 'maxconn' => '4000', - 'user' => 'haproxy', - 'group' => 'haproxy', - 'daemon' => '', - 'stats' => 'socket /var/lib/haproxy/stats' - } - $defaults_options = { - 'log' => 'global', - 'stats' => 'enable', - 'option' => 'redispatch', - 'retries' => '3', - 'timeout' => [ - 'http-request 10s', - 'queue 1m', - 'connect 10s', - 'client 1m', - 'server 1m', - 'check 10s', - ], - 'maxconn' => '8000' - } - } - Debian: { - $global_options = { - 'log' => "${::ipaddress} local0", - 'chroot' => '/var/lib/haproxy', - 'pidfile' => '/var/run/haproxy.pid', - 'maxconn' => '4000', - 'user' => 'haproxy', - 'group' => 'haproxy', - 'daemon' => '', - 'stats' => 'socket /var/lib/haproxy/stats' - } - $defaults_options = { - 'log' => 'global', - 'stats' => 'enable', - 'option' => 'redispatch', - 'retries' => '3', - 'timeout' => [ - 'http-request 10s', - 'queue 1m', - 'connect 10s', - 'client 1m', - 'server 1m', - 'check 10s', - ], - 'maxconn' => '8000' - } - } - default: { fail("The $::osfamily operating system is not supported with the haproxy module") } - } -} diff --git a/puppet/modules/haproxy/spec/classes/haproxy_spec.rb b/puppet/modules/haproxy/spec/classes/haproxy_spec.rb deleted file mode 100644 index 4b5902ce..00000000 --- a/puppet/modules/haproxy/spec/classes/haproxy_spec.rb +++ /dev/null @@ -1,138 +0,0 @@ -require 'spec_helper' - -describe 'haproxy', :type => :class do - let(:default_facts) do - { - :concat_basedir => '/dne', - :ipaddress => '10.10.10.10' - } - end - context 'on supported platforms' do - describe 'for OS-agnostic configuration' do - ['Debian', 'RedHat'].each do |osfamily| - context "on #{osfamily} family operatingsystems" do - let(:facts) do - { :osfamily => osfamily }.merge default_facts - end - let(:params) do - {'enable' => true} - end - it { should include_class('concat::setup') } - it 'should install the haproxy package' do - subject.should contain_package('haproxy').with( - 'ensure' => 'present' - ) - end - it 'should install the haproxy service' do - subject.should contain_service('haproxy').with( - 'ensure' => 'running', - 'enable' => 'true', - 'hasrestart' => 'true', - 'hasstatus' => 'true', - 'require' => [ - 'Concat[/etc/haproxy/haproxy.cfg]', - 'File[/var/lib/haproxy]' - ] - ) - end - it 'should set up /etc/haproxy/haproxy.cfg as a concat resource' do - subject.should contain_concat('/etc/haproxy/haproxy.cfg').with( - 'owner' => '0', - 'group' => '0', - 'mode' => '0644' - ) - end - it 'should manage the chroot directory' do - subject.should contain_file('/var/lib/haproxy').with( - 'ensure' => 'directory' - ) - end - it 'should contain a header concat fragment' do - subject.should contain_concat__fragment('00-header').with( - 'target' => '/etc/haproxy/haproxy.cfg', - 'order' => '01', - 'content' => "# This file managed by Puppet\n" - ) - end - it 'should contain a haproxy-base concat fragment' do - subject.should contain_concat__fragment('haproxy-base').with( - 'target' => '/etc/haproxy/haproxy.cfg', - 'order' => '10' - ) - end - describe 'Base concat fragment contents' do - let(:contents) { param_value(subject, 'concat::fragment', 'haproxy-base', 'content').split("\n") } - it 'should contain global and defaults sections' do - contents.should include('global') - contents.should include('defaults') - end - it 'should log to an ip address for local0' do - contents.should be_any { |match| match =~ / log \d+(\.\d+){3} local0/ } - end - it 'should specify the default chroot' do - contents.should include(' chroot /var/lib/haproxy') - end - it 'should specify the correct user' do - contents.should include(' user haproxy') - end - it 'should specify the correct group' do - contents.should include(' group haproxy') - end - it 'should specify the correct pidfile' do - contents.should include(' pidfile /var/run/haproxy.pid') - end - end - end - context "on #{osfamily} family operatingsystems without managing the service" do - let(:facts) do - { :osfamily => osfamily }.merge default_facts - end - let(:params) do - { - 'enable' => true, - 'manage_service' => false, - } - end - it { should include_class('concat::setup') } - it 'should install the haproxy package' do - subject.should contain_package('haproxy').with( - 'ensure' => 'present' - ) - end - it 'should install the haproxy service' do - subject.should_not contain_service('haproxy') - end - end - end - end - describe 'for OS-specific configuration' do - context 'only on Debian family operatingsystems' do - let(:facts) do - { :osfamily => 'Debian' }.merge default_facts - end - it 'should manage haproxy service defaults' do - subject.should contain_file('/etc/default/haproxy').with( - 'before' => 'Service[haproxy]', - 'require' => 'Package[haproxy]' - ) - verify_contents(subject, '/etc/default/haproxy', ['ENABLED=1']) - end - end - context 'only on RedHat family operatingsystems' do - let(:facts) do - { :osfamily => 'RedHat' }.merge default_facts - end - end - end - end - context 'on unsupported operatingsystems' do - let(:facts) do - { :osfamily => 'RainbowUnicorn' }.merge default_facts - end - it do - expect { - should contain_service('haproxy') - }.to raise_error(Puppet::Error, /operating system is not supported with the haproxy module/) - end - end -end diff --git a/puppet/modules/haproxy/spec/defines/balancermember_spec.rb b/puppet/modules/haproxy/spec/defines/balancermember_spec.rb deleted file mode 100644 index 74bc7a8b..00000000 --- a/puppet/modules/haproxy/spec/defines/balancermember_spec.rb +++ /dev/null @@ -1,82 +0,0 @@ -require 'spec_helper' - -describe 'haproxy::balancermember' do - let(:title) { 'tyler' } - let(:facts) do - { - :ipaddress => '1.1.1.1', - :hostname => 'dero' - } - end - - context 'with a single balancermember option' do - let(:params) do - { - :name => 'tyler', - :listening_service => 'croy', - :ports => '18140', - :options => 'check' - } - end - - it { should contain_concat__fragment('croy_balancermember_tyler').with( - 'order' => '20-croy-tyler', - 'target' => '/etc/haproxy/haproxy.cfg', - 'content' => " server dero 1.1.1.1:18140 check\n\n" - ) } - end - - context 'with multiple balancermember options' do - let(:params) do - { - :name => 'tyler', - :listening_service => 'croy', - :ports => '18140', - :options => ['check', 'close'] - } - end - - it { should contain_concat__fragment('croy_balancermember_tyler').with( - 'order' => '20-croy-tyler', - 'target' => '/etc/haproxy/haproxy.cfg', - 'content' => " server dero 1.1.1.1:18140 check close\n\n" - ) } - end - - context 'with multiple servers' do - let(:params) do - { - :name => 'tyler', - :listening_service => 'croy', - :ports => '18140', - :server_names => ['server01', 'server02'], - :ipaddresses => ['192.168.56.200', '192.168.56.201'], - :options => ['check'] - } - end - - it { should contain_concat__fragment('croy_balancermember_tyler').with( - 'order' => '20-croy-tyler', - 'target' => '/etc/haproxy/haproxy.cfg', - 'content' => " server server01 192.168.56.200:18140 check\n server server02 192.168.56.201:18140 check\n\n" - ) } - end - context 'with multiple servers and multiple ports' do - let(:params) do - { - :name => 'tyler', - :listening_service => 'croy', - :ports => ['18140','18150'], - :server_names => ['server01', 'server02'], - :ipaddresses => ['192.168.56.200', '192.168.56.201'], - :options => ['check'] - } - end - - it { should contain_concat__fragment('croy_balancermember_tyler').with( - 'order' => '20-croy-tyler', - 'target' => '/etc/haproxy/haproxy.cfg', - 'content' => " server server01 192.168.56.200:18140,192.168.56.200:18150 check\n server server02 192.168.56.201:18140,192.168.56.201:18150 check\n\n" - ) } - end -end diff --git a/puppet/modules/haproxy/spec/defines/listen_spec.rb b/puppet/modules/haproxy/spec/defines/listen_spec.rb deleted file mode 100644 index 31dd4c85..00000000 --- a/puppet/modules/haproxy/spec/defines/listen_spec.rb +++ /dev/null @@ -1,53 +0,0 @@ -require 'spec_helper' - -describe 'haproxy::listen' do - let(:title) { 'tyler' } - let(:facts) {{ :ipaddress => '1.1.1.1' }} - context "when only one port is provided" do - let(:params) do - { - :name => 'croy', - :ports => '18140' - } - end - - it { should contain_concat__fragment('croy_listen_block').with( - 'order' => '20-croy-00', - 'target' => '/etc/haproxy/haproxy.cfg', - 'content' => "listen croy\n\n bind 1.1.1.1:18140\n\n balance roundrobin\n option tcplog\n option ssl-hello-chk\n" - ) } - end - context "when an array of ports is provided" do - let(:params) do - { - :name => 'apache', - :ipaddress => '23.23.23.23', - :ports => [ - '80', - '443', - ] - } - end - - it { should contain_concat__fragment('apache_listen_block').with( - 'order' => '20-apache-00', - 'target' => '/etc/haproxy/haproxy.cfg', - 'content' => "listen apache\n\n bind 23.23.23.23:80\n\n bind 23.23.23.23:443\n\n balance roundrobin\n option tcplog\n option ssl-hello-chk\n" - ) } - end - context "when a comma-separated list of ports is provided" do - let(:params) do - { - :name => 'apache', - :ipaddress => '23.23.23.23', - :ports => '80,443' - } - end - - it { should contain_concat__fragment('apache_listen_block').with( - 'order' => '20-apache-00', - 'target' => '/etc/haproxy/haproxy.cfg', - 'content' => "listen apache\n\n bind 23.23.23.23:80\n\n bind 23.23.23.23:443\n\n balance roundrobin\n option tcplog\n option ssl-hello-chk\n" - ) } - end -end diff --git a/puppet/modules/haproxy/spec/spec.opts b/puppet/modules/haproxy/spec/spec.opts deleted file mode 100644 index 91cd6427..00000000 --- a/puppet/modules/haproxy/spec/spec.opts +++ /dev/null @@ -1,6 +0,0 @@ ---format -s ---colour ---loadby -mtime ---backtrace diff --git a/puppet/modules/haproxy/spec/spec_helper.rb b/puppet/modules/haproxy/spec/spec_helper.rb deleted file mode 100644 index 2c6f5664..00000000 --- a/puppet/modules/haproxy/spec/spec_helper.rb +++ /dev/null @@ -1 +0,0 @@ -require 'puppetlabs_spec_helper/module_spec_helper' diff --git a/puppet/modules/haproxy/templates/haproxy-base.cfg.erb b/puppet/modules/haproxy/templates/haproxy-base.cfg.erb deleted file mode 100644 index f25d5c34..00000000 --- a/puppet/modules/haproxy/templates/haproxy-base.cfg.erb +++ /dev/null @@ -1,21 +0,0 @@ -global -<% @global_options.sort.each do |key,val| -%> -<% if val.is_a?(Array) -%> -<% val.each do |item| -%> - <%= key %> <%= item %> -<% end -%> -<% else -%> - <%= key %> <%= val %> -<% end -%> -<% end -%> - -defaults -<% @defaults_options.sort.each do |key,val| -%> -<% if val.is_a?(Array) -%> -<% val.each do |item| -%> - <%= key %> <%= item %> -<% end -%> -<% else -%> - <%= key %> <%= val %> -<% end -%> -<% end -%> diff --git a/puppet/modules/haproxy/templates/haproxy_balancermember.erb b/puppet/modules/haproxy/templates/haproxy_balancermember.erb deleted file mode 100644 index 1d03f565..00000000 --- a/puppet/modules/haproxy/templates/haproxy_balancermember.erb +++ /dev/null @@ -1,3 +0,0 @@ -<% Array(ipaddresses).zip(Array(server_names)).each do |ipaddress,host| -%> - server <%= host %> <%= ipaddress %>:<%= Array(ports).collect {|x|x.split(',')}.flatten.join(",#{ipaddress}:") %> <%= Array(options).join(" ") %> -<% end %> diff --git a/puppet/modules/haproxy/templates/haproxy_listen_block.erb b/puppet/modules/haproxy/templates/haproxy_listen_block.erb deleted file mode 100644 index 129313f1..00000000 --- a/puppet/modules/haproxy/templates/haproxy_listen_block.erb +++ /dev/null @@ -1,10 +0,0 @@ -listen <%= name %> - mode <%= mode %> -<% Array(ipaddress).uniq.each do |virtual_ip| (ports.is_a?(Array) ? ports : Array(ports.split(","))).each do |port| %> - bind <%= virtual_ip %>:<%= port %> -<% end end %> -<% options.sort.each do |key, val| -%> -<% Array(val).each do |item| -%> - <%= key %> <%= item %> -<% end -%> -<% end -%> diff --git a/puppet/modules/haproxy/tests/init.pp b/puppet/modules/haproxy/tests/init.pp deleted file mode 100644 index 77590ac8..00000000 --- a/puppet/modules/haproxy/tests/init.pp +++ /dev/null @@ -1,69 +0,0 @@ -# Declare haproxy base class with configuration options -class { 'haproxy': - enable => true, - global_options => { - 'log' => "${::ipaddress} local0", - 'chroot' => '/var/lib/haproxy', - 'pidfile' => '/var/run/haproxy.pid', - 'maxconn' => '4000', - 'user' => 'haproxy', - 'group' => 'haproxy', - 'daemon' => '', - 'stats' => 'socket /var/lib/haproxy/stats', - }, - defaults_options => { - 'log' => 'global', - 'stats' => 'enable', - 'option' => 'redispatch', - 'retries' => '3', - 'timeout' => [ - 'http-request 10s', - 'queue 1m', - 'connect 10s', - 'client 1m', - 'server 1m', - 'check 10s', - ], - 'maxconn' => '8000', - }, -} - -# Export a balancermember server, note that the listening_service parameter -# will/must correlate with an haproxy::listen defined resource type. -@@haproxy::balancermember { $fqdn: - order => '21', - listening_service => 'puppet00', - server_name => $::hostname, - balancer_ip => $::ipaddress, - balancer_port => '8140', - balancermember_options => 'check' -} - -# Declare a couple of Listening Services for haproxy.cfg -# Note that the balancermember server resources are being collected in -# the haproxy::config defined resource type with the following line: -# Haproxy::Balancermember <<| listening_service == $name |>> -haproxy::listen { 'puppet00': - order => '20', - ipaddress => $::ipaddress, - ports => '18140', - options => { - 'option' => [ - 'tcplog', - 'ssl-hello-chk', - ], - 'balance' => 'roundrobin', - }, -} -haproxy::listen { 'stats': - order => '30', - ipaddress => '', - ports => '9090', - options => { - 'mode' => 'http', - 'stats' => [ - 'uri /', - 'auth puppet:puppet' - ], - }, -} diff --git a/puppet/modules/site_check_mk/manifests/agent/haproxy.pp b/puppet/modules/site_check_mk/manifests/agent/haproxy.pp deleted file mode 100644 index 6d52efba..00000000 --- a/puppet/modules/site_check_mk/manifests/agent/haproxy.pp +++ /dev/null @@ -1,15 +0,0 @@ -class site_check_mk::agent::haproxy { - - include site_check_mk::agent::package::nagios_plugins_contrib - - # local nagios plugin checks via mrpe - augeas { 'haproxy': - incl => '/etc/check_mk/mrpe.cfg', - lens => 'Spacevars.lns', - changes => [ - 'rm /files/etc/check_mk/mrpe.cfg/Haproxy', - 'set Haproxy \'/usr/lib/nagios/plugins/check_haproxy -u "http://localhost:8000/haproxy;csv"\'' ], - require => File['/etc/check_mk/mrpe.cfg']; - } - -} diff --git a/puppet/modules/site_config/manifests/remove/webapp.pp b/puppet/modules/site_config/manifests/remove/webapp.pp index 58f59815..963eb705 100644 --- a/puppet/modules/site_config/manifests/remove/webapp.pp +++ b/puppet/modules/site_config/manifests/remove/webapp.pp @@ -4,4 +4,16 @@ class site_config::remove::webapp { '/etc/apache/sites-enabled/leap_webapp.conf': notify => Service['apache']; } + + # Ensure haproxy is removed + package { 'haproxy': + ensure => purged, + } + augeas { 'haproxy': + incl => '/etc/check_mk/mrpe.cfg', + lens => 'Spacevars.lns', + changes => [ 'rm /files/etc/check_mk/mrpe.cfg/Haproxy' ], + require => File['/etc/check_mk/mrpe.cfg']; + } + } diff --git a/puppet/modules/site_haproxy/files/haproxy-stats.cfg b/puppet/modules/site_haproxy/files/haproxy-stats.cfg deleted file mode 100644 index e6335ba2..00000000 --- a/puppet/modules/site_haproxy/files/haproxy-stats.cfg +++ /dev/null @@ -1,6 +0,0 @@ -# provide access to stats for the nagios plugin -listen stats 127.0.0.1:8000 - mode http - stats enable - stats uri /haproxy - diff --git a/puppet/modules/site_haproxy/manifests/init.pp b/puppet/modules/site_haproxy/manifests/init.pp deleted file mode 100644 index b28ce80e..00000000 --- a/puppet/modules/site_haproxy/manifests/init.pp +++ /dev/null @@ -1,41 +0,0 @@ -class site_haproxy { - $haproxy = hiera('haproxy') - - class { 'haproxy': - enable => true, - manage_service => true, - global_options => { - 'log' => '127.0.0.1 local0', - 'maxconn' => '4096', - 'stats' => 'socket /var/run/haproxy.sock user haproxy group haproxy', - 'chroot' => '/usr/share/haproxy', - 'user' => 'haproxy', - 'group' => 'haproxy', - 'daemon' => '' - }, - defaults_options => { - 'log' => 'global', - 'retries' => '3', - 'option' => 'redispatch', - 'timeout connect' => '4000', - 'timeout client' => '20000', - 'timeout server' => '20000' - } - } - - # monitor haproxy - concat::fragment { 'stats': - target => '/etc/haproxy/haproxy.cfg', - order => '90', - source => 'puppet:///modules/site_haproxy/haproxy-stats.cfg'; - } - - # Template uses $haproxy - concat::fragment { 'leap_haproxy_webapp_couchdb': - target => '/etc/haproxy/haproxy.cfg', - order => '20', - content => template('site_haproxy/haproxy.cfg.erb'), - } - - include site_check_mk::agent::haproxy -} diff --git a/puppet/modules/site_haproxy/templates/couch.erb b/puppet/modules/site_haproxy/templates/couch.erb deleted file mode 100644 index f42e8368..00000000 --- a/puppet/modules/site_haproxy/templates/couch.erb +++ /dev/null @@ -1,32 +0,0 @@ -frontend couch - bind localhost:<%= @listen_port %> - mode http - option httplog - option dontlognull - option http-server-close # use client keep-alive, but close server connection. - use_backend couch_read if METH_GET - default_backend couch_write - -backend couch_write - mode http - balance roundrobin - option httpchk GET / # health check using simple get to root - option allbackups # balance among all backups, not just one. - default-server inter 3000 fastinter 1000 downinter 1000 rise 2 fall 1 -<%- @servers.sort.each do |name,server| -%> -<%- next unless server['writable'] -%> - # <%=name%> - server couchdb_<%=server['port']%> <%=server['host']%>:<%=server['port']%> <%='backup' if server['backup']%> weight <%=server['weight']%> check -<%- end -%> - -backend couch_read - mode http - balance roundrobin - option httpchk GET / # health check using simple get to root - option allbackups # balance among all backups, not just one. - default-server inter 3000 fastinter 1000 downinter 1000 rise 2 fall 1 -<%- @servers.sort.each do |name,server| -%> - # <%=name%> - server couchdb_<%=server['port']%> <%=server['host']%>:<%=server['port']%> <%='backup' if server['backup']%> weight <%=server['weight']%> check -<%- end -%> - diff --git a/puppet/modules/site_haproxy/templates/haproxy.cfg.erb b/puppet/modules/site_haproxy/templates/haproxy.cfg.erb deleted file mode 100644 index 8311b1a5..00000000 --- a/puppet/modules/site_haproxy/templates/haproxy.cfg.erb +++ /dev/null @@ -1,11 +0,0 @@ -<%- @haproxy.each do |frontend, options| -%> -<%- if options['servers'] -%> - -## -## <%= frontend %> -## - -<%= scope.function_templatewlv(["site_haproxy/#{frontend}.erb", options]) %> -<%- end -%> -<%- end -%> - diff --git a/puppet/modules/site_mx/manifests/init.pp b/puppet/modules/site_mx/manifests/init.pp index c910a45a..5876e555 100644 --- a/puppet/modules/site_mx/manifests/init.pp +++ b/puppet/modules/site_mx/manifests/init.pp @@ -13,7 +13,6 @@ class site_mx { include ::site_stunnel include ::site_postfix::mx - include ::site_haproxy include ::site_shorewall::mx include ::site_shorewall::service::smtp include ::leap_mx diff --git a/puppet/modules/site_nickserver/manifests/init.pp b/puppet/modules/site_nickserver/manifests/init.pp index 8ef47b07..cab13522 100644 --- a/puppet/modules/site_nickserver/manifests/init.pp +++ b/puppet/modules/site_nickserver/manifests/init.pp @@ -1,9 +1,8 @@ # -# TODO: currently, this is dependent on some things that are set up in +# TODO: currently, this is dependent on one thing that is set up in # site_webapp # -# (1) HAProxy -> couchdb -# (2) Apache +# (1) Apache # # It would be good in the future to make nickserver installable independently of # site_webapp. @@ -29,10 +28,9 @@ class site_nickserver { # the port that nickserver is actually running on $nickserver_local_port = '64250' - # couchdb is available on localhost via haproxy, which is bound to 4096. + # couchdb is available on localhost via stunnel, which is bound to 4000. $couchdb_host = 'localhost' - # See site_webapp/templates/haproxy_couchdb.cfg.erg - $couchdb_port = '4096' + $couchdb_port = '4000' $sources = hiera('sources') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 175255af..ffe364c6 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -2,9 +2,9 @@ class site_webapp::couchdb { $webapp = hiera('webapp') - # haproxy listener on port localhost:4096, see site_webapp::haproxy + # stunnel endpoint on port localhost:4000 $couchdb_host = 'localhost' - $couchdb_port = '4096' + $couchdb_port = '4000' $couchdb_webapp_user = $webapp['couchdb_webapp_user']['username'] $couchdb_webapp_password = $webapp['couchdb_webapp_user']['password'] $couchdb_admin_user = $webapp['couchdb_admin_user']['username'] diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 83cf99a9..1ae80012 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -19,7 +19,6 @@ class site_webapp { include ::site_config::ruby::dev include ::site_webapp::apache include ::site_webapp::couchdb - include ::site_haproxy include ::site_webapp::cron include ::site_config::default include ::site_config::x509::cert @@ -106,7 +105,9 @@ class site_webapp { '/srv/leap/webapp/public/ca.crt': ensure => link, require => Vcsrepo['/srv/leap/webapp'], + # lint:ignore:variable_is_lowercase target => "${x509::variables::local_CAs}/${site_config::params::ca_name}.crt"; + # lint:endignore "/srv/leap/webapp/public/${api_version}": ensure => directory, |