Make haproxy stats listen on lo and mgmt VIP

This commit makes haproxy stats service listen only on loopback and management VIP Change-Id: Ifc6d6f3a3031bebeff8d96cf0ed0ae4923ef2b67 Closes-bug: #1465271
2015-06-16 01:41:42 +03:00 · 2015-06-16 01:41:42 +03:00 · 26b80a4515
parent 3528dddbd0
commit 26b80a4515
7 changed files with 21 additions and 5 deletions
--- a/deployment/puppet/cluster/manifests/haproxy.pp
+++ b/deployment/puppet/cluster/manifests/haproxy.pp
@ -9,6 +9,7 @@ class cluster::haproxy (
  $primary_controller = false,
  $debug              = false,
  $other_networks     = false,
+  $stats_ipaddresses  = ['127.0.0.1']
 ) {
  include ::concat::setup
  include ::haproxy::params
@ -52,9 +53,10 @@ class cluster::haproxy (
  }

  class { 'haproxy::base':
-    global_options   => $global_options,
-    defaults_options => $defaults_options,
-    use_include      => true,
+    global_options    => $global_options,
+    defaults_options  => $defaults_options,
+    stats_ipaddresses => $stats_ipaddresses,
+    use_include       => true,
  }

  class { 'cluster::haproxy_ocf':
--- a/deployment/puppet/haproxy/Gemfile
+++ b/deployment/puppet/haproxy/Gemfile
@ -8,7 +8,6 @@ group :development, :test do
  gem 'rspec-system-puppet',     :require => false
  gem 'rspec-system-serverspec', :require => false
  gem 'serverspec',              :require => false
-  gem 'puppet-lint',             :require => false
  gem 'pry',                     :require => false
  gem 'simplecov',               :require => false
 end
--- a/deployment/puppet/haproxy/manifests/base.pp
+++ b/deployment/puppet/haproxy/manifests/base.pp
@ -28,6 +28,7 @@ class haproxy::base (
  $use_include      = $haproxy::params::use_include,
  $use_stats        = $haproxy::params::use_stats,
  $stats_port       = $haproxy::params::stats_port,
+  $stats_ipaddresses       = $haproxy::params::stats_ipaddresses
 ) inherits haproxy::params {
  include concat::setup

--- a/deployment/puppet/haproxy/manifests/params.pp
+++ b/deployment/puppet/haproxy/manifests/params.pp
@ -68,4 +68,5 @@ class haproxy::params {
  }
  $use_stats = true
  $stats_port = '10000'
+  $stats_ipaddresses = ['127.0.0.1']
 }
--- a/deployment/puppet/haproxy/templates/haproxy-stats.cfg.erb
+++ b/deployment/puppet/haproxy/templates/haproxy-stats.cfg.erb
@ -1,5 +1,8 @@

-listen Stats *:<%= @stats_port %>
+listen Stats
+<% Array(@stats_ipaddresses).uniq.each do |ip| -%>
+  bind <%= ip %>:<%= @stats_port %>
+<% end -%>
  mode http
  stats enable
  stats uri /
--- a/deployment/puppet/osnailyfacter/modular/cluster-haproxy/cluster-haproxy.pp
+++ b/deployment/puppet/osnailyfacter/modular/cluster-haproxy/cluster-haproxy.pp
@ -8,4 +8,5 @@ class { 'cluster::haproxy':
  primary_controller => hiera('primary_controller'),
  debug              => hiera('debug', false),
  other_networks     => direct_networks($network_scheme['endpoints']),
+  stats_ipaddresses  => [hiera('management_vip'),'127.0.0.1']
 }
--- a/tests/noop/spec/hosts/cluster-haproxy/cluster-haproxy_spec.rb
+++ b/tests/noop/spec/hosts/cluster-haproxy/cluster-haproxy_spec.rb
@ -7,6 +7,7 @@ describe manifest do

    networks = []
    endpoints = Noop.hiera_structure 'network_scheme/endpoints'
+    management_vip = Noop.hiera 'management_vip'
    endpoints.each{ |k,v|
      if v['IP'].is_a?(Array)
        v['IP'].each { |ip|
@ -25,6 +26,14 @@ describe manifest do
        'other_networks' => networks.join(' '),
      )
    end
+    it "should contain stats fragment and listen only on lo and #{management_vip}" do
+        should contain_concat__fragment('haproxy-stats').with_content(
+            %r{\n\s*bind\s+127\.0\.0\.1:10000\s*$\n}
+        )
+        should contain_concat__fragment('haproxy-stats').with_content(
+            %r{\n\s*bind\s+#{management_vip}:10000\s*\n}
+        )
+    end

  end