From 3916c156be9e06605ce7ee16c009751f5e4c1143 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rados=C5=82aw=20Piliszek?= <radoslaw.piliszek@gmail.com>
Date: Tue, 22 Sep 2020 17:25:23 +0200
Subject: [PATCH] Add support for with_frontend and with_backend

This allows for more config flexibility - e.g. running multiple
backends with a common frontend.

Note this is a building block for future work on letsencrypt
validator (which should offer backend and share frontend with
any service running off 80/443 - which would be only horizon
in the current default config), as well as any work towards
single port (that is single frontend) and multiple services
anchored at paths of it (which is the new recommended default).

Change-Id: Ie088fcf575e4b5e8775f1f89dd705a275725e26d
Partially-Implements: blueprint letsencrypt-https
---
 .../templates/haproxy_single_service_split.cfg.j2        | 8 +++++++-
 .../notes/haproxy-not-all-ends-ea1b2961f039abe7.yaml     | 9 +++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)
 create mode 100644 releasenotes/notes/haproxy-not-all-ends-ea1b2961f039abe7.yaml

diff --git a/ansible/roles/haproxy-config/templates/haproxy_single_service_split.cfg.j2 b/ansible/roles/haproxy-config/templates/haproxy_single_service_split.cfg.j2
index 3712da9c0..f5e2fa9f7 100644
--- a/ansible/roles/haproxy-config/templates/haproxy_single_service_split.cfg.j2
+++ b/ansible/roles/haproxy-config/templates/haproxy_single_service_split.cfg.j2
@@ -111,6 +111,10 @@ backend {{ service_name }}_back
         {% set custom_member_list = haproxy_service.custom_member_list|default(none) %}
         {# Mode defaults to http #}
         {% set mode = haproxy_service.mode|default('http') %}
+        {# By default each service has its own frontend (hence with_frontend is true by default) #}
+        {% set with_frontend = haproxy_service.with_frontend|default(true)|bool %}
+        {# By default each service has its own backend (hence with_backend is true by default) #}
+        {% set with_backend = haproxy_service.with_backend|default(true)|bool %}
         {# Use the parent host group but allow it to be overridden #}
         {% set host_group = haproxy_service.host_group|default(service.group) %}
         {# Additional options can be defined in config, and are additive to the global extras #}
@@ -125,10 +129,12 @@ backend {{ service_name }}_back
         {% if auth_user and auth_pass %}
 {{ userlist_macro(haproxy_name, auth_user, auth_pass) }}
         {% endif %}
+        {% if with_frontend %}
 {{ frontend_macro(haproxy_name, haproxy_service.port, mode, external,
                   frontend_http_extra, frontend_tcp_extra) }}
+        {% endif %}
         {# Redirect (to https) is a special case, as it does not include a backend #}
-        {% if mode != 'redirect' %}
+        {% if with_backend and mode != 'redirect' %}
 {{ backend_macro(haproxy_name, listen_port, mode, host_group,
                  custom_member_list, backend_http_extra, backend_tcp_extra,
                  auth_user, auth_pass, tls_backend) }}
diff --git a/releasenotes/notes/haproxy-not-all-ends-ea1b2961f039abe7.yaml b/releasenotes/notes/haproxy-not-all-ends-ea1b2961f039abe7.yaml
new file mode 100644
index 000000000..6b0b5191a
--- /dev/null
+++ b/releasenotes/notes/haproxy-not-all-ends-ea1b2961f039abe7.yaml
@@ -0,0 +1,9 @@
+---
+features:
+  - |
+    (internal/advanced) Adds support for ``with_frontend`` and ``with_backend``
+    to haproxy service definitions. These new fields preserve the old logic
+    by defaulting to ``true`` but can be set to ``false`` to make the selected
+    service not configure the respective "end".
+    This requires ``haproxy_service_template`` to be set to
+    ``haproxy_single_service_split.cfg.j2`` which is the new default.
-- 
GitLab