r/haproxy: Enable Prometheus metrics

HAProxy can export stats in Prometheus format, but this requires special configuration of a dedicated front-end. To support this, the _haproxy_ Ansible role now has a pair of variables, `haproxy_enable_stats` and `haproxy_stats_port`, which control whether or not the stats front-end is enabled, and if so, what port it listens on. Note that on Fedora with the default SELinux policy, the port must be labelled either `http_port_t` or `http_cache_port_t`.
2024-11-05 06:23:49 -06:00
parent 9f30998fbf
commit 3ca94d2bf4
3 changed files with 35 additions and 0 deletions
--- a/roles/haproxy/tasks/main.yml
+++ b/roles/haproxy/tasks/main.yml
@@ -29,6 +29,15 @@
    dest: /etc/haproxy/conf.d/20-defaults.cfg
    mode: u=rw,go=r
  notify: restart haproxy
+- name: ensure haproxy stats frontend is configured
+  template:
+    src: stats.cfg.j2
+    dest: /etc/haproxy/conf.d/30-stats.cfg
+    mode: u=rw,go=r
+  notify: reload haproxy
+  tags:
+  - config
+  - stats

 - name: ensure haproxy starts at boot
  service:
@@ -43,3 +52,17 @@
    state: started
  tags:
  - service
+
+- name: ensure firewall is configured for haproxy stats
+  firewalld:
+    port: '{{ haproxy_stats_port }}/tcp'
+    immediate: '{{ item == "immediate" }}'
+    permanent: '{{ item == "permanent" }}'
+    state: enabled
+  loop:
+  - immediate
+  - permanent
+  when: host_uses_firewalld|d(true) and haproxy_enable_stats
+  tags:
+  - firewalld
+  - stats