• Stars
    star
    296
  • Rank 140,464 (Top 3 %)
  • Language
    Go
  • License
    Apache License 2.0
  • Created over 5 years ago
  • Updated 7 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

HAProxy Data Plane API

HAProxy

HAProxy Data Plane API

Contributors License

Data Plane API is a sidecar process that runs next to HAProxy and provides API endpoints for managing HAProxy. It requires HAProxy version 1.9.0 or higher.

Building the Data Plane API

In order to build the Data Plane API you need Go installed on your system with go modules support enabled, and execute the following steps:

1. Clone dataplaneapi repository

git clone https://github.com/haproxytech/dataplaneapi.git

2. Run make build:

make build

3. You can find the built binary in /build directory. TEST

Running the Data Plane API

Basic usage:

Usage:
  dataplaneapi [OPTIONS]

API for editing and managing haproxy instances

Application Options:
      --scheme=                                       the listeners to enable, this can be repeated and defaults to the schemes in the swagger spec
      --cleanup-timeout=                              grace period for which to wait before killing idle connections (default: 10s)
      --graceful-timeout=                             grace period for which to wait before shutting down the server (default: 15s)
      --max-header-size=                              controls the maximum number of bytes the server will read parsing the request header's keys and values, including the request line. It does not limit the size of the request
                                                      body. (default: 1MiB)
      --socket-path=                                  the unix socket to listen on (default: /var/run/data-plane.sock)
      --host=                                         the IP to listen on (default: localhost) [$HOST]
      --port=                                         the port to listen on for insecure connections, defaults to a random value [$PORT]
      --listen-limit=                                 limit the number of outstanding requests
      --keep-alive=                                   sets the TCP keep-alive timeouts on accepted connections. It prunes dead TCP connections ( e.g. closing laptop mid-download) (default: 3m)
      --read-timeout=                                 maximum duration before timing out read of the request (default: 30s)
      --write-timeout=                                maximum duration before timing out write of the response (default: 60s)
      --tls-host=                                     the IP to listen on for tls, when not specified it's the same as --host [$TLS_HOST]
      --tls-port=                                     the port to listen on for secure connections, defaults to a random value [$TLS_PORT]
      --tls-certificate=                              the certificate to use for secure connections [$TLS_CERTIFICATE]
      --tls-key=                                      the private key to use for secure connections [$TLS_PRIVATE_KEY]
      --tls-ca=                                       the certificate authority file to be used with mutual tls auth [$TLS_CA_CERTIFICATE]
      --tls-listen-limit=                             limit the number of outstanding requests
      --tls-keep-alive=                               sets the TCP keep-alive timeouts on accepted connections. It prunes dead TCP connections ( e.g. closing laptop mid-download)
      --tls-read-timeout=                             maximum duration before timing out read of the request
      --tls-write-timeout=                            maximum duration before timing out write of the response
      --uid                                           user id value to set on start
      --gid                                           group id value to set on start

HAProxy options:
  -c, --config-file=                                  Path to the haproxy configuration file (default: /etc/haproxy/haproxy.cfg)
  -u, --userlist=                                     Userlist in HAProxy configuration to use for API Basic Authentication (default: controller)
  -b, --haproxy-bin=                                  Path to the haproxy binary file (default: haproxy)
  -d, --reload-delay=                                 Minimum delay between two reloads (in s) (default: 5)
  -r, --reload-cmd=                                   Reload command
  -s, --restart-cmd=                                  Restart command
      --reload-retention=                             Reload retention in days, every older reload id will be deleted (default: 1)
  -t, --transaction-dir=                              Path to the transaction directory (default: /tmp/haproxy)
  -n, --backups-number=                               Number of backup configuration files you want to keep, stored in the config dir with version number suffix (default: 0)
      --backups-dir=                                  Path to directory in which to place backup files
  -m, --master-runtime=                               Path to the master Runtime API socket
  -i, --show-system-info                              Show system info on info endpoint
  -f=                                                 Path to the dataplane configuration file (default: /etc/haproxy/dataplaneapi.yaml)
      --userlist-file=                                Path to the dataplaneapi userlist file. By default userlist is read from HAProxy conf. When specified userlist would be read from this file
      --fid=                                          Path to file that will dataplaneapi use to write its id (not a pid) that was given to him after joining a cluster
  -p, --maps-dir=                                     Path to directory of map files managed by dataplane (default: /etc/haproxy/maps)
      --ssl-certs-dir=                                Path to SSL certificates directory (default: /etc/haproxy/ssl)
      --update-map-files                              Flag used for syncing map files with runtime maps values
      --update-map-files-period=                      Elapsed time in seconds between two maps syncing operations (default: 10)
      --cluster-tls-dir=                              Path where cluster tls certificates will be stored. Defaults to same directory as dataplane configuration file
      --spoe-dir=                                     Path to SPOE directory. (default: /etc/haproxy/spoe)
      --spoe-transaction-dir=                         Path to the SPOE transaction directory (default: /tmp/spoe-haproxy)
      --master-worker-mode                            Flag to enable helpers when running within HAProxy
      --max-open-transactions=                        Limit for active transaction in pending state (default: 20)
      --validate-cmd=                                 Executes a custom command to perform the HAProxy configuration check
      --disable-inotify                               Disables inotify watcher watcher for the configuration file
      --pid-file=                                     Path to file that will dataplaneapi use to write its pid
      --debug-socket-path=                            Unix socket path for the debugging command socket
Logging options:
      --log-to=[stdout|file|syslog]                   Log target, can be stdout, file, or syslog (default: stdout)
      --log-file=                                     Location of the log file (default: /var/log/dataplaneapi/dataplaneapi.log)
      --log-level=[trace|debug|info|warning|error]    Logging level (default: warning)
      --log-format=[text|JSON]                        Logging format (default: text)
      --apache-common-log-format=                     Apache Common Log Format to format the access log entries (default: %h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-agent}i" %{us}T)

Syslog options:
      --syslog-address=                               Syslog address (with port declaration in case of TCP type) where logs should be forwarded: accepting socket path in case of unix or unixgram
      --syslog-protocol=[tcp|tcp4|tcp6|unix|unixgram] Syslog server protocol (default: tcp)
      --syslog-tag=                                   String to tag the syslog messages (default: dataplaneapi)
      --syslog-level=                                 Define the required syslog messages level, allowed values: debug|info|notice|warning|error|critical|alert|emergency  (default: debug)
      --syslog-facility=                              Define the Syslog facility number, allowed values: kern|user|mail|daemon|auth|syslog|lpr|news|uucp|cron|authpriv|ftp|local0|local1|local2|local3|local4|local5|local6|local7
                                                      (default: local0)

Show version:
  -v, --version                                       Version and build information

Help Options:
  -h, --help                                          Show this help message

Beside those options, everything can be defined in side of configuration file. See configuration file

Example

You can test it by simply running:

./dataplaneapi --port 5555 -b /usr/sbin/haproxy -c /etc/haproxy/haproxy.cfg  -d 5 -r "service haproxy reload" -s "service haproxy restart" -u dataplaneapi -t /tmp/haproxy

Dataplaneapi will require write permissions to the haproxy configuration file and the directories containing additional managed files (maps, ssl, spoe). The default locations can be overriden with command-line options. Test it out with curl, note that you need user/pass combination setup in HAProxy userlist in haproxy configuration (in above example: /etc/haproxy/haproxy.cfg, userlist controller):

curl -u <user>:<pass> -H "Content-Type: application/json" "http://127.0.0.1:5555/v2/"

If you are using secure passwords, supported algorithms are: md5, sha-256 and sha-512.

Using the Data Plane API

For more docs how to use the Data Plane API check our documentation

Alternatively, dataplaneapi serves its own interactive documentation relevant for the current build on the /v2/docs uri. Just point your browser to the host/port dataplane was started with (i.e. http://localhost:5555/v2/docs)

Service Discovery

Check the documentation in the README.

Command socket for debugging purpose

Check the documentation in the README.

Contributing

If you wish to contribute to this project please check Contributing Guide

More Repositories

1

kubernetes-ingress

HAProxy Kubernetes Ingress Controller
Go
712
star
2

helm-charts

Helm chart for HAProxy Kubernetes Ingress Controller
Mustache
138
star
3

haproxy

HAProxy related stuff: scripts, configs, etc...
Shell
119
star
4

client-native

Go client for HAProxy configuration and runtime API
Go
113
star
5

haproxy-lua-acme

Lua
104
star
6

haproxy-lua-oauth

JWT Validation implementation for HAProxy Lua host
Lua
103
star
7

haproxy-consul-connect

HaProxy Connector for Consul Connect. Enables Service Mesh with Consul and HaProxy using TLS and Consul Discovery
Go
93
star
8

config-parser

HAProxy configuration parser
Go
82
star
9

haproxy-lua-http

Simple Lua HTTP helper && client for use with HAProxy.
Lua
54
star
10

vmware-haproxy

Python
52
star
11

haproxy-lua-cors

Lua library for enabling CORS in HAProxy
Lua
43
star
12

spoa-mirror

Mirror HTTP requests using the HAProxy SPOP
C
40
star
13

haproxy-docker-ubuntu

HAProxy CE Docker Ubuntu image
Dockerfile
38
star
14

ingress-controller-benchmarks

Shell
34
star
15

haproxy-docker-alpine

HAProxy CE Docker Alpine image
Dockerfile
29
star
16

cloud-blueprints

Cloud HAPEE integration blueprints
Python
29
star
17

ultimate-configs

23
star
18

spoa-opentracing

C
20
star
19

haproxy-spoa-dotnet

HAProxy Stream Processing Offload Agent (SPOA) library for .NET Core.
C#
15
star
20

haproxy-docker-alpine-quic

HAProxy CE Docker Alpine image with QUIC (quictls)
Dockerfile
12
star
21

haproxy-docker-debian

HAProxy CE Docker Debian image
Dockerfile
11
star
22

models

HAProxy Go structs for API
10
star
23

openshift-haproxy

HAProxy OpenShift Docker image
Makefile
9
star
24

dataplaneapi-specification

HAProxy Data Plane API specification
Go
9
star
25

opentracing-c-wrapper

C
6
star
26

haproxy-dev-lua-filters

Lua filters support for HAProxy (based on the internal filters API)
C
5
star
27

github-actions

HAProxy Github Actions
Go
4
star
28

quic-dev

QUIC support for HAProxy.
C
4
star
29

haproxy-dev-dns

dns loadbalancing and dns over TCP support
C
3
star
30

go-logger

Go package that provides interface for logging
Go
3
star
31

haproxy-consul-connect-docker

Docker repository for HAProxy Connect, service mesh with Consul Connect and HAProxy
Shell
3
star
32

haproxy-qns

Dockerfile
1
star
33

bench-algo-p2c

Benchmark code for the Power-of-two-choices (p2c) algorithm
Python
1
star
34

go-linter

Linter for Go projects
Dockerfile
1
star
35

haproxy-pygments-lexer

Python
1
star
36

spoa-mod_defender

Example of a simple wrapper around the mod_defender WAF for use with HAProxy's SPOE filtering
C
1
star
37

haproxy-docker-debian-quic

HAProxy CE Docker Debian image with QUIC (quictls)
Dockerfile
1
star
38

hcl-converter

Go
1
star