diff options
Diffstat (limited to 'config/haproxy-devel/haproxy.inc')
| -rw-r--r-- | config/haproxy-devel/haproxy.inc | 146 |
1 files changed, 116 insertions, 30 deletions
diff --git a/config/haproxy-devel/haproxy.inc b/config/haproxy-devel/haproxy.inc index a8fc1497..93c9ec0b 100644 --- a/config/haproxy-devel/haproxy.inc +++ b/config/haproxy-devel/haproxy.inc @@ -65,6 +65,39 @@ if ($haproxy_sni_ssloffloading) { 'mode' => 'https', 'syntax' => 'req_ssl_sni -i', 'advancedoptions' => "tcp-request inspect-delay 5s\n\ttcp-request content accept if { req_ssl_hello_type 1 }"); } +$a_checktypes['none'] = array('name' => 'none', 'syntax' => '', + 'descr' => 'No health checks will be performed.'); +$a_checktypes['Basic'] = array('name' => 'Basic', 'syntax' => '', + 'descr' => 'Basic socket connection check'); +$a_checktypes['HTTP'] = array('name' => 'HTTP', 'syntax' => 'httpchk', + 'descr' => 'HTTP protocol to check on the servers health, can also be used for HTTPS servers(requirs checking the SSL box for the servers).', 'parameters' => "uri,method,version"); +/* seams this was added in HAProxy1.5dev18, haproxy-devel package is currently using 1.5dev17 +$a_checktypes['Agent'] = array('name' => 'Agent', 'syntax' => 'lb-agent-chk', 'usedifferenport' => 'yes', + 'descr' => 'Use a TCP connection to read an ASCII string of the form 100%,75%,drain,down (others in haproxy manual)'); +*/ +$a_checktypes['LDAP'] = array('name' => 'LDAP', 'syntax' => 'ldap-check', + 'descr' => 'Use LDAPv3 health checks for server testing'); +$a_checktypes['MySQL'] = array('name' => 'MySQL', 'syntax' => 'mysql-check', + 'descr' => 'Use MySQL health checks for server testing', 'parameters' => 'username'); +$a_checktypes['PostgreSQL'] = array('name' => 'PostgreSQL', 'syntax' => 'pgsql-check', + 'descr' => 'Use PostgreSQL health checks for server testing', 'parameters' => 'username'); +$a_checktypes['Redis'] = array('name' => 'Redis', 'syntax' => 'redis-check', + 'descr' => 'Test that the server correctly talks REDIS protocol.'); +$a_checktypes['SMTP'] = array('name' => 'SMTP', 'syntax' => 'smtpchk HELO', + 'descr' => 'Use SMTP HELO health checks for server testing', 'parameters' => 'domain'); +$a_checktypes['ESMTP'] = array('name' => 'ESMTP', 'syntax' => 'smtpchk EHLO', + 'descr' => 'Use ESMTP EHLO health checks for server testing', 'parameters' => 'domain'); +$a_checktypes['SSL'] = array('name' => 'SSL', 'syntax' => 'ssl-hello-chk', + 'descr' => 'Use SSLv3 client hello health checks for server testing.'); + +$a_httpcheck_method['OPTIONS'] = array('name' => 'OPTIONS', 'syntax' => 'OPTIONS'); +$a_httpcheck_method['HEAD'] = array('name' => 'HEAD', 'syntax' => 'HEAD'); +$a_httpcheck_method['GET'] = array('name' => 'GET', 'syntax' => 'GET'); +$a_httpcheck_method['POST'] = array('name' => 'POST', 'syntax' => 'POST'); +$a_httpcheck_method['PUT'] = array('name' => 'PUT', 'syntax' => 'PUT'); +$a_httpcheck_method['DELETE'] = array('name' => 'DELETE', 'syntax' => 'DELETE'); +$a_httpcheck_method['TRACE'] = array('name' => 'TRACE', 'syntax' => 'TRACE'); + function haproxy_custom_php_deinstall_command() { exec("cd /var/db/pkg && pkg_delete `ls | grep haproxy`"); exec("rm /usr/local/pkg/haproxy.inc"); @@ -323,6 +356,7 @@ function haproxy_find_acl($name) { function write_backend($fd, $name, $pool, $frontend) { if(!is_array($pool['ha_servers']['item']) && !$pool['stats_enabled']=='yes') return; + global $a_checktypes; $a_servers = &$pool['ha_servers']['item']; @@ -344,27 +378,41 @@ function write_backend($fd, $name, $pool, $frontend) { // https is an alias for tcp for clarity purpouses if(strtolower($frontend['type']) == "https") { $backend_type = "tcp"; - $httpchk = "ssl-hello-chk"; } else { $backend_type = $frontend['type']; - if(strtolower($frontend['type']) == "http") - $httpchk = "httpchk"; - else - unset($httpchk); } fwrite ($fd, "\tmode\t\t\t" . $backend_type . "\n"); - + + $check_type = $pool['check_type']; + if ($check_type != 'none') + { + $optioncheck = $a_checktypes[$check_type]['syntax']; + if ($check_type == "MySQL" || $check_type == "PostgreSQL") + $optioncheck .= " user " . $pool['monitor_username']; + if ($check_type == "SMTP" || $check_type == "ESMTP") + $optioncheck .= " " . $pool['monitor_domain']; + if ($check_type == "HTTP") + { + $uri = $pool['monitor_uri']; + if (!$uri) + $uri = "/"; + $optioncheck .= " {$pool['httpcheck_method']} {$uri} {$pool['monitor_httpversion']}"; + } + } else { + $optioncheck = "httpchk"; + } + if($pool['balance']) fwrite ($fd, "\tbalance\t\t\t" . $pool['balance'] . "\n"); if(!$pool['connection_timeout']) $pool['connection_timeout'] = 30000; - fwrite ($fd, "\tcontimeout\t\t" . $pool['connection_timeout'] . "\n"); + fwrite ($fd, "\ttimeout connect\t\t" . $pool['connection_timeout'] . "\n"); if(!$pool['server_timeout']) $pool['server_timeout'] = 30000; - fwrite ($fd, "\tsrvtimeout\t\t" . $pool['server_timeout'] . "\n"); + fwrite ($fd, "\ttimeout server\t\t" . $pool['server_timeout'] . "\n"); if(!$pool['retries']) $pool['retries'] = 3; @@ -375,10 +423,13 @@ function write_backend($fd, $name, $pool, $frontend) { if($pool['stats_uri']) fwrite ($fd, "\tstats\t\t\turi ".$pool['stats_uri']."\n"); if($pool['stats_realm']) - fwrite ($fd, "\tstats\t\t\trealm " . $pool['stats_realm'] . "\n"); + fwrite ($fd, "\tstats\t\t\trealm " . haproxy_escapestring($pool['stats_realm']) . "\n"); else fwrite ($fd, "\tstats\t\t\trealm .\n"); - fwrite ($fd, "\tstats\t\t\tauth " . $pool['stats_username'].":". $pool['stats_password']."\n"); + fwrite ($fd, "\tstats\t\t\tauth " . haproxy_escapestring($pool['stats_username']).":". haproxy_escapestring($pool['stats_password'])."\n"); + + if($pool['stats_admin']=='yes') + fwrite ($fd, "\tstats\t\t\tadmin if TRUE" . "\n"); if($pool['stats_node_enabled']=='yes') fwrite ($fd, "\tstats\t\t\tshow-node " . $pool['stats_node'] . "\n"); @@ -394,8 +445,8 @@ function write_backend($fd, $name, $pool, $frontend) { else $uri = "/"; - if ($httpchk) - fwrite ($fd, "\toption\t\t\t{$httpchk} HEAD " . $uri . " HTTP/1.0\n"); + if ($optioncheck) + fwrite ($fd, "\toption\t\t\t{$optioncheck}\n"); if ($pool['advanced_backend']) { $adv_be = explode("\n", base64_decode($pool['advanced_backend'])); @@ -407,7 +458,7 @@ function write_backend($fd, $name, $pool, $frontend) { } } - if($pool['cookie'] && strtolower($frontend['type']) == "http") + if($pool['cookie'] && strtolower($frontend['type']) == "http") $cookie = " cookie {$pool['cookie']} "; else $cookie = ""; @@ -417,12 +468,14 @@ function write_backend($fd, $name, $pool, $frontend) { } else { $advanced_txt = ""; } - if($pool['checkinter']) - $checkinter = "check inter {$pool['checkinter']}"; - else if (strtolower($frontend['type']) != "tcp") - $checkinter = "check inter 1000"; - else - $checkinter = ""; + + if ($check_type != 'none') + { + if($pool['checkinter']) + $checkinter = "check inter {$pool['checkinter']}"; + else + $checkinter = "check inter 1000"; + } if (is_array($a_servers)) { @@ -437,7 +490,11 @@ function write_backend($fd, $name, $pool, $frontend) { } else { $isbackup = ""; } - $ssl = ($backend_type == "http" && $be['ssl'] == 'yes') ? ' ssl' : ""; + $ssl = ""; + if ($be['ssl'] == 'yes') + { + $ssl = $backend_type == "http" ? ' ssl' : ' check-ssl'; + } fwrite ($fd, "\tserver\t\t\t" . $be['name'] . " " . $be['address'].":" . $be['port'] . "$ssl $cookie $checkinter $isbackup weight " . $be['weight'] . "{$advanced_txt} {$be['advanced']}\n"); } } @@ -477,8 +534,6 @@ function haproxy_writeconf() { if(is_array($a_global)) { fwrite ($fd, "global\n"); - if($a_global['advanced']) - fwrite ($fd, "\t" . base64_decode($a_global['advanced']) . "\n"); fwrite ($fd, "\tmaxconn\t\t\t".$a_global['maxconn']."\n"); if($a_global['remotesyslog']) fwrite ($fd, "\tlog\t\t\t{$a_global['remotesyslog']}\t{$a_global['logfacility']}\t{$a_global['loglevel']}\n"); @@ -488,10 +543,18 @@ function haproxy_writeconf() { if($a_global['nbproc']) $numprocs = $a_global['nbproc']; else - $numprocs = trim(`/sbin/sysctl kern.smp.cpus | cut -d" " -f2`); + $numprocs ="1"; fwrite ($fd, "\tnbproc\t\t\t$numprocs\n"); fwrite ($fd, "\tchroot\t\t\t/var/empty\n"); fwrite ($fd, "\tdaemon\n"); + + // Keep the advanced options on the bottom of the global settings, to allow additional sections to be easely added + if($a_global['advanced']) { + $adv = explode("\n", base64_decode($a_global['advanced'])); + foreach($adv as $adv_line) { + fwrite($fd, "\t" . $adv_line . "\n"); + } + } fwrite ($fd, "\n"); } @@ -515,7 +578,7 @@ function haproxy_writeconf() { //ssl crt ./server.pem ca-file ./ca.crt verify optional crt-ignore-err all crl-file ./ca_crl.pem $ssl_crt=" crt /var/etc/{$backend['name']}.{$backend['port']}.crt"; $cert = lookup_cert($backend['ssloffloadcert']); - $certcontent = base64_decode($cert['crt']).base64_decode($cert['prv']); + $certcontent = base64_decode($cert['crt'])."\r\n".base64_decode($cert['prv']); file_put_contents("/var/etc/{$backend['name']}.{$backend['port']}.crt", $certcontent); unset($certcontent); }else{ @@ -548,6 +611,7 @@ function haproxy_writeconf() { $b['client_timeout'] = $backend['client_timeout']; $b['advanced'] = $backend['advanced']; $b['ssloffload'] = $backend['ssloffload']; + $b['advanced_bind'] = $backend['advanced_bind']; } if ($ssl_crt != "") { @@ -577,6 +641,7 @@ function haproxy_writeconf() { $portss = "{$bind['port']},"; $ports = split(",", $portss); $ssl_info = $bind['ssl_info']; + $advanced_bind = $bind['advanced_bind']; // Initialize variable $listenip = ""; @@ -584,11 +649,11 @@ function haproxy_writeconf() { foreach($ports as $port) { if($port) { if($bind['extaddr'] == "any") - $listenip .= "\tbind\t\t\t0.0.0.0:{$port} {$ssl_info}\n"; + $listenip .= "\tbind\t\t\t0.0.0.0:{$port} {$ssl_info} {$advanced_bind}\n"; elseif($bind['extaddr']) - $listenip .= "\tbind\t\t\t{$bind['extaddr']}:{$port} {$ssl_info}\n"; + $listenip .= "\tbind\t\t\t{$bind['extaddr']}:{$port} {$ssl_info} {$advanced_bind}\n"; else - $listenip .= "\tbind\t\t\t" . get_current_wan_address('wan') . ":{$port} {$ssl_info}\n"; + $listenip .= "\tbind\t\t\t" . get_current_wan_address('wan') . ":{$port} {$ssl_info} {$advanced_bind}\n"; } } @@ -632,7 +697,7 @@ function haproxy_writeconf() { if(!$bind['client_timeout']) $bind['client_timeout'] = 30000; - fwrite ($fd, "\tclitimeout\t\t" . $bind['client_timeout'] . "\n"); + fwrite ($fd, "\ttimeout client\t\t" . $bind['client_timeout'] . "\n"); // Combine the rest of the listener configs @@ -1026,9 +1091,30 @@ function phparray_to_javascriptarray_recursive($nestID, $path, $items, $nodeName } } -function phparray_to_javascriptarray($items, $javaMapName, $includeitems) -{ +function phparray_to_javascriptarray($items, $javaMapName, $includeitems) { phparray_to_javascriptarray_recursive(1,'',$items, $javaMapName, $includeitems); } +function haproxy_escapestring($configurationsting) { + $result = str_replace('\\', '\\\\', $configurationsting); + $result = str_replace(' ', '\\ ', $result); + return str_replace('#', '\\#', $result); +} + +function echo_html_select($name, $keyvaluelist, $selected, $listEmptyMessage="", $onchangeEvent="") +{ + if (count($keyvaluelist)>0){ + if ($onchangeEvent != "") + $onchangeEvent .= " onchange=$onchangeEvent"; + echo "<select name=\"$name\" id=\"$name\" class=\"formselect\"$onchangeEvent>"; + foreach($keyvaluelist as $key => $desc){ + $selectedhtml = $key == $selected ? "selected" : ""; + echo "<option value=\"{$key}\" {$selectedhtml}>{$desc['name']}</option>"; + } + echo "</select>"; + } else { + echo $listEmptyMessage; + } +} + ?> |