Skip to content

Commit

Permalink
net/haproxy: allow backends without servers, closes opnsense#1304
Browse files Browse the repository at this point in the history
  • Loading branch information
@fraenki
fraenki committed Jul 14, 2019
1 parent 94a1dbc commit 99f205e
Showing 1 changed file with 108 additions and 102 deletions.
210 changes: 108 additions & 102 deletions net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1131,10 +1131,13 @@ frontend {{frontend.name}}

{%- if helpers.exists('OPNsense.HAProxy.backends') %}
{% for backend in helpers.toList('OPNsense.HAProxy.backends.backend') %}
{# # ignore disabled backends and those without a server #}
{% if backend.enabled == '1' and backend.linkedServers|default("") != "" %}
{# # ignore disabled backends #}
{% if backend.enabled == '1' %}
# Backend: {{backend.name}} ({{backend.description}})
backend {{backend.name}}
{% if backend.linkedServers|default("") == "" %}
# HINT: no servers configured for this backend.
{% endif %}
{# # store additional parameters for the "server" entries #}
{% set healthcheck_additions = [] %}
{% if backend.healthCheck|default("") != "" and backend.healthCheckEnabled == '1' %}
Expand Down Expand Up @@ -1283,116 +1286,119 @@ backend {{backend.name}}
{% if backend.tuning_defaultserver|default("") != "" %}
default-server {{backend.tuning_defaultserver}}
{% endif %}
{% for server in backend.linkedServers.split(",") %}
{% set server_data = helpers.getUUID(server) %}
{# # check if this server can be found in configuration #}
{% if server_data == {} %}
{# # check if this backend has any servers configured #}
{% if backend.linkedServers|default("") != "" %}
{% for server in backend.linkedServers.split(",") %}
{% set server_data = helpers.getUUID(server) %}
{# # check if this server can be found in configuration #}
{% if server_data == {} %}
# ERROR: server data not found ({{server}})
{% else %}
{# # collect optional server parameters #}
{% set server_options = [] %}
{# # check if health check is enabled #}
{% if healthcheck_enabled == '1' %}
{% do server_options.append('check') %}
{# # This can be configured in multiple places. #}
{# # Priority for which value is used: backend > server > health check #}
{% if backend.checkInterval|default("") != "" %}
{% do server_options.append('inter ' ~ backend.checkInterval) %}
{% elif server_data.checkInterval|default("") != "" %}
{% do server_options.append('inter ' ~ server_data.checkInterval) %}
{% elif healthcheck_data.interval|default("") != "" %}
{% do server_options.append('inter ' ~ healthcheck_data.interval) %}
{% else %}
{# # collect optional server parameters #}
{% set server_options = [] %}
{# # check if health check is enabled #}
{% if healthcheck_enabled == '1' %}
{% do server_options.append('check') %}
{# # This can be configured in multiple places. #}
{# # Priority for which value is used: backend > server > health check #}
{% if backend.checkInterval|default("") != "" %}
{% do server_options.append('inter ' ~ backend.checkInterval) %}
{% elif server_data.checkInterval|default("") != "" %}
{% do server_options.append('inter ' ~ server_data.checkInterval) %}
{% elif healthcheck_data.interval|default("") != "" %}
{% do server_options.append('inter ' ~ healthcheck_data.interval) %}
{% endif %}
{# # use a different interval when server is in DOWN state #}
{% if backend.checkDownInterval|default("") != "" %}
{% do server_options.append('downinter ' ~ backend.checkDownInterval) %}
{% elif server_data.checkDownInterval|default("") != "" %}
{% do server_options.append('downinter ' ~ server_data.checkDownInterval) %}
{% endif %}
{# # unhealthy threshold #}
{% if backend.healthCheckFall|default("") != "" %}
{% do server_options.append('fall ' ~ backend.healthCheckFall) %}
{% endif %}
{# # healthy threshold #}
{% if backend.healthCheckRise|default("") != "" %}
{% do server_options.append('rise ' ~ backend.healthCheckRise) %}
{% endif %}
{# # use a different port for health check #}
{% if healthcheck_data.checkport|default("") != "" %}
{# # prefer port from health check template #}
{% do server_options.append('port ' ~ healthcheck_data.checkport) %}
{% elif server_data.checkport|default("") != "" %}
{% do server_options.append('port ' ~ server_data.checkport) %}
{% endif %}
{# # add all additions from healthchecks here #}
{% do server_options.append(healthcheck_additions|join(' ')) if healthcheck_additions.length != '0' %}
{% endif %}
{# # use a different interval when server is in DOWN state #}
{% if backend.checkDownInterval|default("") != "" %}
{% do server_options.append('downinter ' ~ backend.checkDownInterval) %}
{% elif server_data.checkDownInterval|default("") != "" %}
{% do server_options.append('downinter ' ~ server_data.checkDownInterval) %}
{# # server weight #}
{% do server_options.append('weight ' ~ server_data.weight) if server_data.weight|default("") != "" %}
{# # server role/mode #}
{% if server_data.mode|default("") != 'active' %}
{% do server_options.append(server_data.mode) %}
{% endif %}
{# # unhealthy threshold #}
{% if backend.healthCheckFall|default("") != "" %}
{% do server_options.append('fall ' ~ backend.healthCheckFall) %}
{# # server ssl communication #}
{% if server_data.ssl|default("") == '1' %}
{% do server_options.append('ssl') %}
{# # get status of ssl verification #}
{% set ssl_verify_enabled = '0' %}
{% if helpers.exists('OPNsense.HAProxy.general.tuning.sslServerVerify') and OPNsense.HAProxy.general.tuning.sslServerVerify|default("") != 'ignore' %}
{# # NOTE: Global parameter overrides per-server configuration. #}
{% set ssl_verify_enabled = '1' if OPNsense.HAProxy.general.tuning.sslServerVerify|default("") == 'required' %}
{% elif server_data.sslVerify|default("") == '1' %}
{% set ssl_verify_enabled = '1' %}
{% endif %}
{# # configure ssl verification #}
{% if ssl_verify_enabled == '1' %}
{# # enable SSL verification #}
{% do server_options.append('verify required') %}
{# # check for SSL CA #}
{% if server_data.sslCA|default("") != "" %}
{% do server_options.append('ca-file /tmp/haproxy/ssl/' ~ server_data.id ~ '.calist') %}
{% endif %}
{# # check for SSL CRL #}
{% if server_data.sslCRL|default("") != "" %}
{% do server_options.append('crl-file /tmp/haproxy/ssl/' ~ server_data.sslCRL ~ '.pem') %}
{% endif %}
{# # check for SSL client cert #}
{% if server_data.sslClientCertificate|default("") != "" %}
{% do server_options.append('crt /tmp/haproxy/ssl/' ~ server_data.sslClientCertificate ~ '.pem') %}
{% endif %}
{% else %}
{% do server_options.append('verify none') %}
{% endif %}
{% endif %}
{# # healthy threshold #}
{% if backend.healthCheckRise|default("") != "" %}
{% do server_options.append('rise ' ~ backend.healthCheckRise) %}
{# # source address #}
{% if backend.source|default("") != "" %}
{# # prefer backend configuration #}
{% do server_options.append('source ' ~ backend.source) %}
{% elif server_data.source|default("") != "" %}
{% do server_options.append('source ' ~ server_data.source) %}
{% endif %}
{# # use a different port for health check #}
{% if healthcheck_data.checkport|default("") != "" %}
{# # prefer port from health check template #}
{% do server_options.append('port ' ~ healthcheck_data.checkport) %}
{% elif server_data.checkport|default("") != "" %}
{% do server_options.append('port ' ~ server_data.checkport) %}
{# # PROXY protocol #}
{% if backend.proxyProtocol|default("") == "v1" %}
{% do server_options.append('send-proxy') %}
{% do server_options.append('check-send-proxy') %}
{% elif backend.proxyProtocol|default("") == "v2" %}
{% do server_options.append('send-proxy-v2') %}
{% do server_options.append('check-send-proxy') %}
{% endif %}
{# # add all additions from healthchecks here #}
{% do server_options.append(healthcheck_additions|join(' ')) if healthcheck_additions.length != '0' %}
{% endif %}
{# # server weight #}
{% do server_options.append('weight ' ~ server_data.weight) if server_data.weight|default("") != "" %}
{# # server role/mode #}
{% if server_data.mode|default("") != 'active' %}
{% do server_options.append(server_data.mode) %}
{% endif %}
{# # server ssl communication #}
{% if server_data.ssl|default("") == '1' %}
{% do server_options.append('ssl') %}
{# # get status of ssl verification #}
{% set ssl_verify_enabled = '0' %}
{% if helpers.exists('OPNsense.HAProxy.general.tuning.sslServerVerify') and OPNsense.HAProxy.general.tuning.sslServerVerify|default("") != 'ignore' %}
{# # NOTE: Global parameter overrides per-server configuration. #}
{% set ssl_verify_enabled = '1' if OPNsense.HAProxy.general.tuning.sslServerVerify|default("") == 'required' %}
{% elif server_data.sslVerify|default("") == '1' %}
{% set ssl_verify_enabled = '1' %}
{# # cookie-based persistence #}
{% if backend.persistence|default("") == "cookie" %}
{% do server_options.append('cookie ' ~ server_data.id|replace(".", "")) %}
{% endif %}
{# # configure ssl verification #}
{% if ssl_verify_enabled == '1' %}
{# # enable SSL verification #}
{% do server_options.append('verify required') %}
{# # check for SSL CA #}
{% if server_data.sslCA|default("") != "" %}
{% do server_options.append('ca-file /tmp/haproxy/ssl/' ~ server_data.id ~ '.calist') %}
{% endif %}
{# # check for SSL CRL #}
{% if server_data.sslCRL|default("") != "" %}
{% do server_options.append('crl-file /tmp/haproxy/ssl/' ~ server_data.sslCRL ~ '.pem') %}
{% endif %}
{# # check for SSL client cert #}
{% if server_data.sslClientCertificate|default("") != "" %}
{% do server_options.append('crt /tmp/haproxy/ssl/' ~ server_data.sslClientCertificate ~ '.pem') %}
{% endif %}
{% else %}
{% do server_options.append('verify none') %}
{# # server advanced options #}
{% if server_data.advanced|default("") != "" %}
{% do server_options.append(server_data.advanced) %}
{% endif %}
{% endif %}
{# # source address #}
{% if backend.source|default("") != "" %}
{# # prefer backend configuration #}
{% do server_options.append('source ' ~ backend.source) %}
{% elif server_data.source|default("") != "" %}
{% do server_options.append('source ' ~ server_data.source) %}
{% endif %}
{# # PROXY protocol #}
{% if backend.proxyProtocol|default("") == "v1" %}
{% do server_options.append('send-proxy') %}
{% do server_options.append('check-send-proxy') %}
{% elif backend.proxyProtocol|default("") == "v2" %}
{% do server_options.append('send-proxy-v2') %}
{% do server_options.append('check-send-proxy') %}
{% endif %}
{# # cookie-based persistence #}
{% if backend.persistence|default("") == "cookie" %}
{% do server_options.append('cookie ' ~ server_data.id|replace(".", "")) %}
{% endif %}
{# # server advanced options #}
{% if server_data.advanced|default("") != "" %}
{% do server_options.append(server_data.advanced) %}
{% endif %}
{# # server enabled? #}
{% if server_data.enabled == '1' %}
{# # server enabled? #}
{% if server_data.enabled == '1' %}
server {{server_data.name}} {{server_data.address}}:{% if backend.tuning_noport != '1' %}{% if server_data.port|default("") != "" %}{{server_data.port}}{% endif %}{% endif %} {{server_options|join(' ')}}
{% endif %}
{% endif %}
{% endif %}
{% endfor %}
{% endfor %}
{% endif %}

{% else %}
# Backend (DISABLED): {{backend.name}} ({{backend.description}})
Expand Down

0 comments on commit 99f205e

Please sign in to comment.