Make haproxy stats listen on lo and mgmt VIP

This commit makes haproxy stats service
listen only on loopback and management VIP

Change-Id: Ifc6d6f3a3031bebeff8d96cf0ed0ae4923ef2b67
Closes-bug: #1465271

deployment/puppet/cluster/manifests/haproxy.pp

@@ -9,6 +9,7 @@ class cluster::haproxy (
   $primary_controller = false,
   $debug              = false,
   $other_networks     = false,
+  $stats_ipaddresses  = ['127.0.0.1']
 ) {
   include ::concat::setup
   include ::haproxy::params
@@ -52,9 +53,10 @@ class cluster::haproxy (
   }
 
   class { 'haproxy::base':
-    global_options   => $global_options,
+    global_options    => $global_options,
-    defaults_options => $defaults_options,
+    defaults_options  => $defaults_options,
-    use_include      => true,
+    stats_ipaddresses => $stats_ipaddresses,
+    use_include       => true,
   }
 
   class { 'cluster::haproxy_ocf':

deployment/puppet/haproxy/Gemfile

@@ -8,7 +8,6 @@ group :development, :test do
   gem 'rspec-system-puppet',     :require => false
   gem 'rspec-system-serverspec', :require => false
   gem 'serverspec',              :require => false
-  gem 'puppet-lint',             :require => false
   gem 'pry',                     :require => false
   gem 'simplecov',               :require => false
 end

deployment/puppet/haproxy/manifests/base.pp

@@ -28,6 +28,7 @@ class haproxy::base (
   $use_include      = $haproxy::params::use_include,
   $use_stats        = $haproxy::params::use_stats,
   $stats_port       = $haproxy::params::stats_port,
+  $stats_ipaddresses       = $haproxy::params::stats_ipaddresses
 ) inherits haproxy::params {
   include concat::setup
 

deployment/puppet/haproxy/manifests/params.pp

@@ -68,4 +68,5 @@ class haproxy::params {
   }
   $use_stats = true
   $stats_port = '10000'
+  $stats_ipaddresses = ['127.0.0.1']
 }

deployment/puppet/haproxy/templates/haproxy-stats.cfg.erb

@@ -1,5 +1,8 @@
 
-listen Stats *:<%= @stats_port %>
+listen Stats
+<% Array(@stats_ipaddresses).uniq.each do |ip| -%>
+  bind <%= ip %>:<%= @stats_port %>
+<% end -%>
   mode http
   stats enable
   stats uri /

deployment/puppet/osnailyfacter/modular/cluster-haproxy/cluster-haproxy.pp

@@ -8,4 +8,5 @@ class { 'cluster::haproxy':
   primary_controller => hiera('primary_controller'),
   debug              => hiera('debug', false),
   other_networks     => direct_networks($network_scheme['endpoints']),
+  stats_ipaddresses  => [hiera('management_vip'),'127.0.0.1']
 }

tests/noop/spec/hosts/cluster-haproxy/cluster-haproxy_spec.rb

@@ -7,6 +7,7 @@ describe manifest do
 
     networks = []
     endpoints = Noop.hiera_structure 'network_scheme/endpoints'
+    management_vip = Noop.hiera 'management_vip'
     endpoints.each{ |k,v|
       if v['IP'].is_a?(Array)
         v['IP'].each { |ip|
@@ -25,6 +26,14 @@ describe manifest do
         'other_networks' => networks.join(' '),
       )
     end
+    it "should contain stats fragment and listen only on lo and #{management_vip}" do
+        should contain_concat__fragment('haproxy-stats').with_content(
+            %r{\n\s*bind\s+127\.0\.0\.1:10000\s*$\n}
+        )
+        should contain_concat__fragment('haproxy-stats').with_content(
+            %r{\n\s*bind\s+#{management_vip}:10000\s*\n}
+        )
+    end
 
   end