10. Tricks for easier configuration management

  1. It is very common that two HAProxy nodes constituting a cluster share exactly
  2. the same configuration modulo a few addresses. Instead of having to maintain a
  3. duplicate configuration for each node, which will inevitably diverge, it is
  4. possible to include environment variables in the configuration. Thus multiple
  5. configuration may share the exact same file with only a few different system
  6. wide environment variables. This started in version 1.5 where only addresses
  7. were allowed to include environment variables, and 1.6 goes further by
  8. supporting environment variables everywhere. The syntax is the same as in the
  9. UNIX shell, a variable starts with a dollar sign ('$'), followed by an opening
  10. curly brace ('{'), then the variable name followed by the closing brace ('}').
  11. Except for addresses, environment variables are only interpreted in arguments
  12. surrounded with double quotes (this was necessary not to break existing setups
  13. using regular expressions involving the dollar symbol).
  14.  
  15. Environment variables also make it convenient to write configurations which are
  16. expected to work on various sites where only the address changes. It can also
  17. permit to remove passwords from some configs. Example below where the the file
  18. "site1.env" file is sourced by the init script upon startup :
  19.  
  20.   $ cat site1.env
  21.   LISTEN=192.168.1.1
  22.   CACHE_PFX=192.168.11
  23.   SERVER_PFX=192.168.22
  24.   LOGGER=192.168.33.1
  25.   STATSLP=admin:pa$$w0rd
  26.   ABUSERS=/etc/haproxy/abuse.lst
  27.   TIMEOUT=10s
  28.  
  29.   $ cat haproxy.cfg
  30.   global
  31.       log "${LOGGER}:514" local0
  32.  
  33.   defaults
  34.       mode http
  35.       timeout client "${TIMEOUT}"
  36.       timeout server "${TIMEOUT}"
  37.       timeout connect 5s
  38.  
  39.   frontend public
  40.       bind "${LISTEN}:80"
  41.       http-request reject if { src -f "${ABUSERS}" }
  42.       stats uri /stats
  43.       stats auth "${STATSLP}"
  44.       use_backend cache if { path_end .jpg .css .ico }
  45.       default_backend server
  46.  
  47.   backend cache
  48.       server cache1 "${CACHE_PFX}.1:18080" check
  49.       server cache2 "${CACHE_PFX}.2:18080" check
  50.  
  51.   backend server
  52.       server cache1 "${SERVER_PFX}.1:8080" check
  53.       server cache2 "${SERVER_PFX}.2:8080" check