Merge pull request #72 from Oefenweb/add-support-for-18

Add support for HAproxy 1.8
Oefenweb · Dec 1, 2017 · 135f1ea · 135f1ea
2 parents 2b6bfc3 + d08e606
commit 135f1ea
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 1 deletion.
diff --git a/.travis.yml b/.travis.yml
@@ -7,6 +7,7 @@ python: "2.7"
 
 env:
   - ANSIBLE_VERSION=latest
+  - ANSIBLE_VERSION=2.4.2.0
   - ANSIBLE_VERSION=2.4.1.0
   - ANSIBLE_VERSION=2.4.0.0
   - ANSIBLE_VERSION=2.3.2.0

diff --git a/README.md b/README.md
@@ -10,7 +10,7 @@ Set up (the latest version of) [HAProxy](http://www.haproxy.org/) in Ubuntu syst
 
 #### Variables
 
-* `haproxy_version`: [default: `1.6`]: Version to install (e.g. `1.5`, `1.6`, `1.7`)
+* `haproxy_version`: [default: `1.6`]: Version to install (e.g. `1.5`, `1.6`, `1.7`, `1.8`)
 
 * `haproxy_install`: [default: `[]`]: Additional packages to install (e.g. `socat`)
 
@@ -29,14 +29,20 @@ Set up (the latest version of) [HAProxy](http://www.haproxy.org/) in Ubuntu syst
 * `haproxy_global_user`: [default: `haproxy`]: Similar to `"uid"` but uses the UID of user name `<user name>` from `/etc/passwd`
 * `haproxy_global_group`: [default: `haproxy`]: Similar to `"gid"` but uses the GID of group name `<group name>` from `/etc/group`.
 * `haproxy_global_daemon`: [default: `true`]: Makes the process fork into background. This is the recommended mode of operation
+* `haproxy_global_master_worker`: [optional, default: `false`]: Whether or not to use master/worker mode (`>= 1.8.0` only)
 * `haproxy_global_maxconn`: [optional]: Sets the maximum per-process number of concurrent connections
 * `haproxy_global_ca_base`: [default: `/etc/ssl/certs`]: Assigns a default directory to fetch SSL CA certificates and CRLs from when a relative path is used with `"ca-file"` or `"crl-file"` directives
 * `haproxy_global_crt_base`: [default: `/etc/ssl/private`]: Assigns a default directory to fetch SSL certificates from when a relative path is used with `"crtfile"` directives
 * `haproxy_global_ssl_default_bind_ciphers`: [default: `kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL`]: This setting is only available when support for OpenSSL was built in. It sets the default string describing the list of cipher algorithms ("cipher suite") that are negotiated during the SSL/TLS handshake for all `"bind"` lines which do not explicitly define theirs
 * `haproxy_global_ssl_default_bind_options`: [default: `no-sslv3`]: This setting is only available when support for OpenSSL was built in. It sets default ssl-options to force on all `"bind"` lines
 * `haproxy_global_ssl_default_server_ciphers`: [default: `kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL`]: This setting is only available when support for OpenSSL was built in. It sets the default string describing the list of cipher algorithms that are negotiated during the SSL/TLS handshake with the server, for all `"server"` lines which do not explicitly define theirs
 * `haproxy_global_ssl_default_server_options`: [default: `no-sslv3`]: This setting is only available when support for OpenSSL was built in. It sets default ssl-options to force on all `"server"` lines
+* `haproxy_global_ssl_engines`: [optional, default `[]`]: OpenSSL engine declarations (`>= 1.8.0` only)
+* `haproxy_global_ssl_engines.{n}.name`: [required]: Sets the OpenSSL engine to use (e.g. `rdrand`)
+* `haproxy_global_ssl_engines.{n}.algos`: [optional]: Sets the OpenSSL algorithms to use (e.g. `['RSA']`)
+* `haproxy_global_ssl_mode_async`: [optional: default `false`]: Enables asynchronous TLS I/O operations if asynchronous capable SSL engines are used (`>= 1.8.0` only)
 * `haproxy_global_nbproc`: [default: `1`]: Number of processes to create when going daemon. This requires the `daemon` mode. By default, only one process is created, which is the recommended mode of operation
+* `haproxy_global_nbthread`: [optional]: This setting is only available when support for threads was built in. It creates `<number>` threads for each created processes (`>= 1.8.0` only)
 * `haproxy_global_tune`: [default: `[]`]: (Performance) tuning declarations
 * `haproxy_global_tune.{n}.key`: [required]: Setting name (e.g. `ssl.cachesize`)
 * `haproxy_global_tune.{n}.value`: [required]: Setting value (e.g. `50000`)

diff --git a/templates/etc/haproxy/global.cfg.j2 b/templates/etc/haproxy/global.cfg.j2
@@ -31,6 +31,10 @@
   daemon
 {% endif %}
 
+{% if haproxy_global_master_worker | default(false) | bool %}
+  master-worker
+{% endif %}
+
 {% if haproxy_global_maxconn is defined %}
   maxconn {{ haproxy_global_maxconn }}
 {% endif %}
@@ -66,8 +70,20 @@
   ssl-default-server-options {{ haproxy_global_ssl_default_server_options }}
 {% endif %}
 
+{% for ssl_engine in haproxy_global_ssl_engines | default([]) %}
+  ssl-engine {{ ssl_engine.name }}{% if ssl_engine.algos | default([]) | length %} algo {{ ssl_engine.algos | join(', ') }}{% endif %}
+{% endfor %}
+
+{% if haproxy_global_ssl_mode_async | default(false) | bool %}
+  ssl-mode-async
+{% endif %}
+
   nbproc {{ haproxy_global_nbproc }}
 
+{% if haproxy_global_nbthread is defined %}
+  nbthread {{ haproxy_global_nbthread }}
+{% endif %}
+
 {% for tune in haproxy_global_tune | default([]) %}
   tune.{{ tune.key }} {{ tune.value }}
 {% endfor %}

diff --git a/vars/main.yml b/vars/main.yml
@@ -4,5 +4,6 @@ haproxy_versions_supported:
   - 1.5
   - 1.6
   - 1.7
+  - 1.8
 
 haproxy_ppa: "ppa:vbernat/haproxy-{{ haproxy_version }}"
-Original file line number
+Diff line change
@@ Expand Up / @@ -4,5 +4,6 @@ haproxy_versions_supported: @@
       - 1.5
       - 1.6
       - 1.7
+      - 1.8
     haproxy_ppa: "ppa:vbernat/haproxy-{{ haproxy_version }}"