~dparv/charm-haproxy/add_nrpe_ssl_certificate_check : contents of config.yaml at revision 147

~dparv/charm-haproxy/add_nrpe_ssl_certificate_check : (revision 147)
options:
  global_log:
    default: "/dev/log local0, /dev/log local1 notice"
    type: string
    description: Global log line ( multiples ... comma separated list )
  global_maxconn:
    default: 4096
    type: int
    description: |
        Sets the maximum per-process number of concurrent connections to
        <number>.
  global_user:
    default: "haproxy"
    type: string
    description: User
  global_group:
    default: "haproxy"
    type: string
    description: Group
  global_debug:
    default: False
    type: boolean
    description: Debug or not
  global_quiet:
    default: False
    type: boolean
    description: Quiet
  global_spread_checks:
    default: 0
    type: int
    description: |
        Sometimes it is desirable to avoid sending health checks to servers at
        exact intervals, for instance when many logical servers are located on
        the same physical server. With the help of this parameter, it becomes 
        possible to add some randomness in the check interval between 0 and 
        +/- 50%. A value between 2 and 5 seems to show good results.
  global_stats_socket:
    default: False
    type: boolean
    description: |
        Whether to enable the stats UNIX socket.
  global_default_dh_param:
    default: 2048
    type: int
    description: |
        Sets the maximum size of the Diffie-Hellman parameters used for generating
        the ephemeral/temporary Diffie-Hellman key in case of DHE key exchange.
        Default value if 2048, higher values will increase the CPU load. Values
        greater than 1024 bits are not supported by Java 7 and earlier clients. This
        config key will be ignored if the installed haproxy package has no SSL support.
  global_default_bind_ciphers:
    default: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:!DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:!DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:!CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
    type: string
    description: |
        Sets the default string describing the list of cipher algorithms
        ("cipher suite") that are negotiated during the SSL/TLS handshake for
        all "bind" lines which do not explicitly define theirs. The format of
        the string is defined in "man 1 ciphers" from OpenSSL man pages, and
        can be for instance a string such as "AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH"
        (without quotes). Please check the "bind" keyword for more information.
        This config key will be ignored if the installed haproxy package has no SSL
        support.
  global_default_bind_options:
    default: ""
    type: string
    description: |
        Sets the default string describing the list of global SSL bind options.
        Use this to force or disable certain protocols like TLS 1.0 or SSL 3.0.
  default_log:
    default: "global"
    type: string
    description: Default log
  default_mode:
    default: "http"
    type: string
    description: Default mode
  default_options:
    default: "httplog, dontlognull"
    type: string
    description: Default options
  default_retries:
    default: 3
    type: int
    description: |
        Set the number of retries to perform on a server after a connection
        failure. It is important to understand that this value applies to the
        number of connection attempts, not full requests. When a connection 
        has effectively been established to a server, there will be no more 
        retry.
        In order to avoid immediate reconnections to a server which is 
        restarting, a turn-around timer of 1 second is applied before a retry
        occurs.
  default_timeouts:
    default: "queue 20000, client 50000, connect 5000, server 50000"
    type: string
    description: Default timeouts 
  logrotate_config:
    default: ""
    type: string
    description: |
        Override package logrotate configuration.
        .
        Warning: Setting this value back to the empty string will leave the previous config in place on disk.
        .
        Example value:
        .
        /var/log/haproxy.log {
            weekly
            rotate 52
            missingok
            notifempty
            compress
            delaycompress
            postrotate
                invoke-rc.d rsyslog rotate >/dev/null 2>&1 || true
            endscript
        }
        .
  enable_monitoring:
    default: False
    type: boolean
    description: Enable monitoring
  monitoring_port:
    default: 10000
    type: int
    description: Default monitoring port
  monitoring_allowed_cidr:
    default: "127.0.0.1/32"
    type: string
    description: |
        CIDR allowed ( multiple CIDRs separated by space ) access to the
        monitoring interface.
  monitoring_username:
    default: "haproxy"
    type: string
    description: Monitoring username
  monitoring_password:
    default: "changeme"
    type: string
    description: |
        Password to the monitoring interface ( if "changeme", a new password
        will be generated and displayed in juju-log )
  monitoring_stats_refresh:
    default: 3
    type: int
    description: Monitoring interface refresh interval (in seconds)
  package_status:
    default: "install"
    type: "string"
    description: |
        The status of service-affecting packages will be set to this value in the dpkg database.
        Useful valid values are "install" and "hold".
  services:
    default: |
              - service_name: haproxy_service
                service_host: "0.0.0.0"
                service_port: 80
                service_options: [balance leastconn, cookie SRVNAME insert]
                server_options: maxconn 100 cookie S{i} check
    type: string
    description: |
        Services definition(s). Although the variable type is a string, this is
        interpreted in the charm as yaml. To use multiple services within the
        same haproxy instance, specify all of the variables (service_name,
        service_host, service_port, service_options, server_options) with a "-"
        before the first variable, service_name, as above. Service options is a
        comma separated list, server options will be appended as a string to
        the individual server lines for a given listen stanza.

        If your web application serves dynamic content based on users' login
        sessions, a visitor will experience unexpected behaviour if each request
        is proxied to a different backend web server. Session stickiness ensures
        that a visitor 'sticks' to the backend web server which served their
        first request. This is made possible by tagging each backend server
        with a cookie. Session are sticky by default. To turn off sticky sessions,
        remove the 'cookie SRVNAME insert' and 'cookie S{i}' stanzas from
        `service_options` and `server_options`.
  userlists:
    default: ""
    type: string
    description: |
        Userlists control access to services or stats by allowing
        only authenticated users.
        .
        For example
        .
        - list1:
            groups:
                - G1 users tiger,scott
                - G2 users xdb,scott
            users:
                - tiger password $6$k6y3o.eP$JlKBx9z...
                - scott insecure-password elgato
                - xdb insecure-password hello
        - list2:
            groups:
                - group1
            users:
                - alice insecure-password foo groups group1
                - bob insecure-password bar groups group1
        .
        See http://cbonte.github.io/haproxy-dconv/1.6/configuration.html#3.4
  nagios_servicegroups:
    default: ""
    type: string
    description: |
        A comma-separated list of nagios servicegroups.
        If left empty, the nagios_context will be used as the servicegroup.
  ssl_cert:
    type: string
    description: |
        base64 encoded default SSL certificate. If the keyword 'SELFSIGNED'
        is used, the certificate and key will be autogenerated as
        self-signed. This is the certificate used by services configured
        using keyword 'DEFAULT' as SSL certificate. This config key will be
        ignored if the installed haproxy package has no SSL support.
    default: ""
  ssl_key:
    type: string
    description: |
        base64 encoded private key for the default SSL certificate. If ssl_cert
        is specified as SELFSIGNED or the installed haproxy package has no SSL
        support, this will be ignored.
    default: ""
  sysctl:
    default: ""
    type: string
    description: >
      YAML-formatted list of sysctl values, e.g.:
      '{ net.ipv4.tcp_max_syn_backlog : 65536 }'
  nagios_context:
    default: "juju"
    type: string
    description: |
        Used by the nrpe-external-master subordinate charm.
        A string that will be prepended to instance name to set the host name
        in nagios. So for instance the hostname would be something like:
            juju-postgresql-0
        If you're running multiple environments with the same services in them
        this allows you to differentiate between them.
  metrics_target:
    default: ""
    type: string
    description: |
        Destination for statsd-format metrics, format "host:port". If
        not present and valid, metrics disabled. Requires "enable_monitoring"
        to be set to true to work.
  metrics_prefix:
    default: "dev.$UNIT.haproxy"
    type: string
    description: |
        Prefix for metrics. Special value $UNIT can be used to include the
        name of the unit in the prefix.
  metrics_sample_interval:
    default: 5
    type: int
    description: Period for metrics cron job to run in minutes
  source:
    default: ""
    type: string
    description: |
        Optional configuration to support use of additional sources such as:
        .
        - ppa:myteam/ppa
        - cloud:precise-proposed/folsom
        - http://my.archive.com/ubuntu main
        .
        The last option should be used in conjunction with the key configuration
        option.
  key:
    default: ""
    type: string
    description: |
        Key ID to import to the apt keyring to support use with arbitary source
        configuration from outside of Launchpad archives or PPA's.
  peering_mode:
    default: "active-passive"
    type: string
    description: |
        Possible values : "active-passive", "active-active". This is only used
        if several units are spawned.  In "active-passive" mode, all the units will
        forward traffic to the first working haproxy unit, which will then forward it
        to configured backends. In "active-active" mode, each unit will proxy the
        traffic directly to the backends. The "active-passive" mode gives a better
        control of the maximum connection that will be opened to a backend server.