Skip to content

pfsense_haproxy_backend_server

Orion Poplawski edited this page Jan 13, 2023 · 5 revisions

pfsensible.core.pfsense_haproxy_backend_server


        Manage pfSense haproxy servers

ADDED IN: version 0.1.0 of pfsensible.core

OPTIONS (= is mandatory):

- address
        IP or hostname of the backend (only resolved on start-up.)
        default: null
        type: str

- advanced
        Allows for adding custom HAProxy settings to the server. These
        are passed as written, use escaping where needed.
        default: null
        type: str

= backend
        The backend name.
        type: str

- ca
        SSL servers only, set the CA authority to check the server
        certificate against.
        default: null
        type: str

- checkssl
        This can be used with for example a LDAPS health-checks where
        LDAPS is passed along with mode TCP
        default: null
        type: bool

- clientcert
        SSL servers only, This certificate will be sent if the server
        send a client certificate request.
        default: null
        type: str

- cookie
        Persistence only, Used to identify server when cookie
        persistence is configured for the backend.
        default: null
        type: str

- crl
        SSL servers only, set the CRL to check revoked certificates.
        default: null
        type: str

- forwardto
        The name of the frontend to forward. When None, forwards to
        address and port
        default: null
        type: str

- istemplate
        If set, configures this server item as a template to provision
        servers from dns/srv responses.
        default: null
        type: str

- maxconn
        Tuning, If the number of incoming concurrent requests goes
        higher than this value, they will be queued
        default: null
        type: int

- mode
        How to use the server.
        choices: [active, backup, disabled, inactive]
        default: active
        type: str

= name
        The server name.
        type: str

- port
        The port of the backend.
        default: null
        type: int

- ssl
        Should haproxy encrypt the traffic to the backend with SSL
        (commonly used with mode http on frontend and a port 443 on
        backend).
        default: null
        type: bool

- sslserververify
        SSL servers only, The server certificate will be verified
        against the CA and CRL certificate configured below.
        default: null
        type: bool

- state
        State in which to leave the backend server
        choices: [present, absent]
        default: present
        type: str

- verifyhost
        SSL servers only, when set, must match the hostnames in the
        subject and subjectAlternateNames of the certificate provided
        by the server.
        default: null
        type: str

- weight
        A weight between 0 and 256, this setting can be used when
        multiple servers on different hardware need to be balanced
        with a different part the traffic. A server with weight 0 wont
        get new traffic. Default if empty: 1
        default: null
        type: int


AUTHOR: Frederic Bor (@f-bor)

METADATA:
  metadata_version: '1.1'
  status:
  - preview
  supported_by: community

EXAMPLES:

- name: Add backend server
  pfsense_haproxy_backend_server:
    backend: exchange
    name: exchange.acme.org
    address: exchange.acme.org
    port: 443
    state: present

- name: Remove backend server
  pfsense_haproxy_backend_server:
    backend: exchange
    name: exchange.acme.org
    state: absent


RETURN VALUES:
- commands
        the set of commands that would be pushed to the remote device
        (if pfSense had a CLI)
        returned: always
        sample: ['create haproxy_backend_server ''exchange.acme.org'' on ''exchange'', status=''active'',
            address=''exchange.acme.org'', port=443', delete haproxy_backend_server 'exchange.acme.org'
            on 'exchange']
        type: list