-
Notifications
You must be signed in to change notification settings - Fork 268
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow greater flexibility in listen directive. #119
Conversation
What do you think about using the existing parameters in a different way to accomplish the same thing? Perhaps if the haproxy::listen {'apache00' :
ipaddress => [
'192.168.2.1',
'10.0.0.1',
'178.35.67.12',
],
ports => '80',
bind_options => [
['ssl', 'crt', 'public.puppetlabs.com.crt'],
['ssl', 'crt', 'private.puppetlabs.com.crt'],
[],
],
} Or even have the haproxy::listen {'apache00' :
ports => '80',
ipaddress => {
'192.168.2.1' => ['ssl', 'crt', 'public.puppetlabs.com.crt'],
'10.0.0.1' => ['ssl', 'crt', 'private.puppetlabs.com.crt'],
'178.35.67.12' => [],
},
} |
I like @hunner's second proposal, Alot. The first one is problematic because it needs specific ordering. |
I agree with @hunner second idea but that would break backward compatibility if that is an issue. Should we add a warning if is_array is true and mutate the array to an hash with empty values? |
👍 |
Sorry for the delay was out for holidays, please let me know if this new version seems better |
@esbjerg raises a valid point in #122. Seems like we should be able to specify arbitrary bind options independently for IP addresses and ports, and valid combinations of IP addresses and ports. Would something like this work? haproxy::listen { 'apache00' :
bind => {
'192.168.2.1:80' => [],
'10.0.0.1:8080' => [],
'178.35.67.12:443' => [ 'ssl', 'crt', 'foo.example.com.crt.pem', ],
},
} This could be translated more or less easily and directly to a |
I like antaflos' solution. It provides the felixibility I need. |
I agree with antaflos solution - it's actually even more flexible - and would mean I could go back to using upstream module (now that it supports haproxy 1.5 as well :) |
c168722
to
e35c8c6
Compare
Taking @antaflos remark in account this is how this new patch works : To remain backward compatible, So taking the example : haproxy::listen { 'apache00' :
ipaddress => {
'192.168.2.1' => [],
'10.0.0.1:8080' => [],
'178.35.67.12:443' => [ 'ssl', 'crt', 'foo.example.com.crt.pem', ],
},
ports => ['80','82'],
} This would generate the following piece of haproxy configuration :
Hope this meet everyone's needs. Any feedback is welcome |
}, | ||
ipaddress => { '10.0.0.1' => ['ssl', 'crt', 'puppetlabs.com'], | ||
'168.12.12.12:80' => [], | ||
'192.168.122.42' => []}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could the indentation of this look more like the rest? (Newline after {
, two space indent, }
on it's own line after, and trailing commas on all hash pairs.)
4b9ca3b
to
404ee61
Compare
Up |
}, | ||
bind => { | ||
'10.0.0.1:443' => ['ssl', 'crt', 'puppetlabs.com'], | ||
'168.12.12.12:80' => [], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you line this up?
404ee61
to
5e2eab3
Compare
} | ||
end | ||
|
||
it { should contain_concat__fragment('apache_listen_block').with( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This has failures: https://travis-ci.org/puppetlabs/puppetlabs-haproxy/jobs/34728895
Currently the module does not allow to specify specific bind options per IP we are binding haproxy onto. Hence, if a user has a service available across several network, but with different haproxy bind option according to the network, s/he can't configure haproxy with the current state of this module. It aims to make it possible to have configuration as the following: bind 192.168.2.1:80 ssl crt public.puppetlabs.com.crt bind 10.0.0.1:80 ssl crt private.puppetlabs.com.crt bind 178.35.67.12:80
5e2eab3
to
5f07d77
Compare
Allow greater flexibility in listen directive.
Allow greater flexibility in listen directive.
Currently the module does not allow to specify specific bind options
per IP we are binding haproxy onto.
Hence, if a user has a service available across several network, but
with different haproxy bind option according to the network, s/he can't
configure haproxy with the current state of this module.
It aims to make it possible to have configuration as the following:
by doing