feat(stats): support multiple sockets

This is useful to implement sockets with different access levels. The existing stats pillar is left in tact. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
saltstack-formulas · Feb 6, 2024 · 2f0d729 · 2f0d729
1 parent 42b603b
commit 2f0d729
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 0 deletions.
diff --git a/haproxy/templates/haproxy.jinja b/haproxy/templates/haproxy.jinja
@@ -45,6 +45,9 @@ global
 {%- if salt['pillar.get']('haproxy:global:daemon', 'no') == True %}
     daemon
 {%- endif %}
+{%- for socket, socket_config in salt['pillar.get']('haproxy:global:stats_sockets', {}).items() %}
+    stats socket {{ socket }} mode {{ socket_config.get('mode', '0600') }} level {{ socket_config.get('level', 'user') }} user {{ socket_config.get('user', 'haproxy') }} group {{ socket_config.get('group', 'haproxy') }}
+{%- endfor %}
 {%- if salt['pillar.get']('haproxy:global:stats:enable', 'no') == True %}
   {%- set socketpath = salt['pillar.get']('haproxy:global:stats:socketpath', '/tmp/ha_stats.sock') %}
   {%- set mode = salt['pillar.get']('haproxy:global:stats:mode', '660') %}

diff --git a/pillar.example b/pillar.example
@@ -32,6 +32,19 @@ haproxy:
       # yamllint disable-line rule:line-length
       # Optional extra bind parameter, for example to set the owner/group on the socket file
       extra: user haproxy group haproxy
+    # alternative way of defining stats sockets, useful if multiple are are desired
+    stats_sockets:
+      /run/haproxy/stats-ro:
+        # the defaults
+        level: user
+        mode: 600
+        user: haproxy
+        group: haproxy
+      /run/haproxy/stats-rw:
+        # custom example
+        level: admin
+        mode: 660
+        group: sysadmins
     # yamllint disable-line rule:line-length
     ssl-default-bind-ciphers: "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384"
     ssl-default-bind-options: "no-sslv3 no-tlsv10 no-tlsv11"

diff --git a/test/salt/pillar/default.sls b/test/salt/pillar/default.sls
@@ -29,6 +29,14 @@ haproxy:
       # yamllint disable-line rule:line-length
       # Optional extra bind parameter, for example to set the owner/group on the socket file
       extra: user haproxy group haproxy
+    stats_sockets:
+      /run/haproxy/stats-operator:
+        level: operator
+        mode: 660
+        group: wheel
+      /run/haproxy/stats-admin:
+        level: admin
+        mode: 600
     # yamllint disable-line rule:line-length
     ssl-default-bind-ciphers: "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384"
     ssl-default-bind-options: "no-sslv3 no-tlsv10 no-tlsv11"