From 90a4827284acd3cb072cdfeef323c522802c6449 Mon Sep 17 00:00:00 2001
From: sarthurdev <965089+sarthurdev@users.noreply.github.com>
Date: Wed, 9 Oct 2024 14:55:11 +0200
Subject: haproxy: T6745: Rename `reverse-proxy` to `haproxy`

---
 .../load-balancing_haproxy.xml.in                  | 344 +++++++++++++++++++++
 1 file changed, 344 insertions(+)
 create mode 100644 interface-definitions/load-balancing_haproxy.xml.in

(limited to 'interface-definitions/load-balancing_haproxy.xml.in')

diff --git a/interface-definitions/load-balancing_haproxy.xml.in b/interface-definitions/load-balancing_haproxy.xml.in
new file mode 100644
index 000000000..742272436
--- /dev/null
+++ b/interface-definitions/load-balancing_haproxy.xml.in
@@ -0,0 +1,344 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+  <node name="load-balancing">
+    <children>
+      <node name="haproxy" owner="${vyos_conf_scripts_dir}/load-balancing_haproxy.py">
+        <properties>
+          <help>Configure haproxy</help>
+          <priority>900</priority>
+        </properties>
+        <children>
+          <tagNode name="service">
+            <properties>
+              <help>Frontend service name</help>
+              <constraint>
+                #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i>
+              </constraint>
+              <constraintErrorMessage>Server name must be alphanumeric and can contain hyphen and underscores</constraintErrorMessage>
+            </properties>
+            <children>
+              <leafNode name="backend">
+                <properties>
+                  <help>Backend member</help>
+                  <constraint>
+                    #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i>
+                  </constraint>
+                  <constraintErrorMessage>Backend name must be alphanumeric and can contain hyphen and underscores</constraintErrorMessage>
+                  <valueHelp>
+                    <format>txt</format>
+                    <description>Name of haproxy backend system</description>
+                  </valueHelp>
+                  <completionHelp>
+                    <path>load-balancing haproxy backend</path>
+                  </completionHelp>
+                  <multi/>
+                </properties>
+              </leafNode>
+              #include <include/generic-description.xml.i>
+              #include <include/listen-address.xml.i>
+              #include <include/haproxy/logging.xml.i>
+              #include <include/haproxy/mode.xml.i>
+              #include <include/port-number.xml.i>
+              #include <include/haproxy/rule-frontend.xml.i>
+              #include <include/haproxy/tcp-request.xml.i>
+              #include <include/haproxy/http-response-headers.xml.i>
+              <leafNode name="redirect-http-to-https">
+                <properties>
+                  <help>Redirect HTTP to HTTPS</help>
+                  <valueless/>
+                </properties>
+              </leafNode>
+              <node name="ssl">
+                <properties>
+                  <help>SSL Certificate, SSL Key and CA</help>
+                </properties>
+                <children>
+                  #include <include/pki/certificate-multi.xml.i>
+                </children>
+              </node>
+            </children>
+          </tagNode>
+          <tagNode name="backend">
+            <properties>
+              <help>Backend server name</help>
+              <constraint>
+                #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i>
+              </constraint>
+              <constraintErrorMessage>Backend name must be alphanumeric and can contain hyphen and underscores</constraintErrorMessage>
+            </properties>
+            <children>
+              <leafNode name="balance">
+                <properties>
+                  <help>Load-balancing algorithm</help>
+                  <completionHelp>
+                    <list>source-address round-robin least-connection</list>
+                  </completionHelp>
+                  <valueHelp>
+                    <format>source-address</format>
+                    <description>Based on hash of source IP address</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>round-robin</format>
+                    <description>Round robin</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>least-connection</format>
+                    <description>Least connection</description>
+                  </valueHelp>
+                  <constraint>
+                    <regex>(source-address|round-robin|least-connection)</regex>
+                  </constraint>
+                </properties>
+                <defaultValue>round-robin</defaultValue>
+              </leafNode>
+              #include <include/generic-description.xml.i>
+              #include <include/haproxy/logging.xml.i>
+              #include <include/haproxy/mode.xml.i>
+              #include <include/haproxy/http-response-headers.xml.i>
+              <node name="http-check">
+                <properties>
+                  <help>HTTP check configuration</help>
+                </properties>
+                <children>
+                  <leafNode name="method">
+                    <properties>
+                      <help>HTTP method used for health check</help>
+                      <completionHelp>
+                        <list>options head get post put</list>
+                      </completionHelp>
+                      <valueHelp>
+                        <format>options|head|get|post|put</format>
+                        <description>HTTP method used for health checking</description>
+                      </valueHelp>
+                      <constraint>
+                        <regex>(options|head|get|post|put)</regex>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="uri">
+                    <properties>
+                      <help>URI used for HTTP health check (Example: '/' or '/health')</help>
+                      <constraint>
+                        <regex>^\/([^?#\s]*)(\?[^#\s]*)?$</regex>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                  <node name="expect">
+                    <properties>
+                      <help>Expected response for the health check to pass</help>
+                    </properties>
+                    <children>
+                      <leafNode name="status">
+                        <properties>
+                          <help>Expected response status code for the health check to pass</help>
+                          <valueHelp>
+                            <format>u32:200-399</format>
+                            <description>Expected response code</description>
+                          </valueHelp>
+                          <constraint>
+                            <validator name="numeric" argument="--range 200-399"/>
+                          </constraint>
+                          <constraintErrorMessage>Status code must be in range 200-399</constraintErrorMessage>
+                        </properties>
+                      </leafNode>
+                      <leafNode name="string">
+                        <properties>
+                          <help>Expected to be in response body for the health check to pass</help>
+                          <valueHelp>
+                            <format>txt</format>
+                            <description>A string expected to be in the response</description>
+                          </valueHelp>
+                        </properties>
+                      </leafNode>
+                    </children>
+                  </node>
+                </children>
+              </node>
+              <leafNode name="health-check">
+                <properties>
+                  <help>Non HTTP health check options</help>
+                  <completionHelp>
+                    <list>ldap mysql pgsql redis smtp</list>
+                  </completionHelp>
+                  <valueHelp>
+                    <format>ldap</format>
+                    <description>LDAP protocol check</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>mysql</format>
+                    <description>MySQL protocol check</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>pgsql</format>
+                    <description>PostgreSQL protocol check</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>redis</format>
+                    <description>Redis protocol check</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>smtp</format>
+                    <description>SMTP protocol check</description>
+                  </valueHelp>
+                  <constraint>
+                    <regex>(ldap|mysql|redis|pgsql|smtp)</regex>
+                  </constraint>
+                </properties>
+              </leafNode>
+              #include <include/haproxy/rule-backend.xml.i>
+              <tagNode name="server">
+                <properties>
+                  <help>Backend server name</help>
+                </properties>
+                <children>
+                  <leafNode name="address">
+                    <properties>
+                      <help>Backend server address</help>
+                      <valueHelp>
+                        <format>ipv4</format>
+                        <description>IPv4 unicast peer address</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>ipv6</format>
+                        <description>IPv6 unicast peer address</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="ip-address"/>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="backup">
+                    <properties>
+                      <help>Use backup server if other servers are not available</help>
+                      <valueless/>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="check">
+                    <properties>
+                      <help>Active health check backend server</help>
+                      <valueless/>
+                    </properties>
+                  </leafNode>
+                  #include <include/port-number.xml.i>
+                  <leafNode name="send-proxy">
+                    <properties>
+                      <help>Send a Proxy Protocol version 1 header (text format)</help>
+                      <valueless/>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="send-proxy-v2">
+                    <properties>
+                      <help>Send a Proxy Protocol version 2 header (binary format)</help>
+                      <valueless/>
+                    </properties>
+                  </leafNode>
+                </children>
+              </tagNode>
+              <node name="ssl">
+                <properties>
+                  <help>SSL Certificate, SSL Key and CA</help>
+                </properties>
+                <children>
+                  #include <include/pki/ca-certificate.xml.i>
+                  <leafNode name="no-verify">
+                    <properties>
+                      <help>Do not attempt to verify SSL certificates for backend servers</help>
+                      <valueless/>
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
+              #include <include/haproxy/timeout.xml.i>
+            </children>
+          </tagNode>
+          <node name="global-parameters">
+            <properties>
+              <help>Global perfomance parameters and limits</help>
+            </properties>
+            <children>
+              #include <include/haproxy/logging.xml.i>
+              <leafNode name="max-connections">
+                <properties>
+                  <help>Maximum allowed connections</help>
+                  <valueHelp>
+                    <format>u32:1-2000000</format>
+                    <description>Maximum allowed connections</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="numeric" argument="--range 1-2000000"/>
+                  </constraint>
+                </properties>
+              </leafNode>
+              <leafNode name="ssl-bind-ciphers">
+                <properties>
+                  <help>Cipher algorithms ("cipher suite") used during SSL/TLS handshake for all frontend servers</help>
+                  <completionHelp>
+                    <list>ecdhe-ecdsa-aes128-gcm-sha256 ecdhe-rsa-aes128-gcm-sha256 ecdhe-ecdsa-aes256-gcm-sha384 ecdhe-rsa-aes256-gcm-sha384 ecdhe-ecdsa-chacha20-poly1305 ecdhe-rsa-chacha20-poly1305 dhe-rsa-aes128-gcm-sha256 dhe-rsa-aes256-gcm-sha384</list>
+                  </completionHelp>
+                  <valueHelp>
+                    <format>ecdhe-ecdsa-aes128-gcm-sha256</format>
+                    <description>ecdhe-ecdsa-aes128-gcm-sha256</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>ecdhe-rsa-aes128-gcm-sha256</format>
+                    <description>ecdhe-rsa-aes128-gcm-sha256</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>ecdhe-ecdsa-aes256-gcm-sha384</format>
+                    <description>ecdhe-ecdsa-aes256-gcm-sha384</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>ecdhe-rsa-aes256-gcm-sha384</format>
+                    <description>ecdhe-rsa-aes256-gcm-sha384</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>ecdhe-ecdsa-chacha20-poly1305</format>
+                    <description>ecdhe-ecdsa-chacha20-poly1305</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>ecdhe-rsa-chacha20-poly1305</format>
+                    <description>ecdhe-rsa-chacha20-poly1305</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>dhe-rsa-aes128-gcm-sha256</format>
+                    <description>dhe-rsa-aes128-gcm-sha256</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>dhe-rsa-aes256-gcm-sha384</format>
+                    <description>dhe-rsa-aes256-gcm-sha384</description>
+                  </valueHelp>
+                  <constraint>
+                    <regex>(ecdhe-ecdsa-aes128-gcm-sha256|ecdhe-rsa-aes128-gcm-sha256|ecdhe-ecdsa-aes256-gcm-sha384|ecdhe-rsa-aes256-gcm-sha384|ecdhe-ecdsa-chacha20-poly1305|ecdhe-rsa-chacha20-poly1305|dhe-rsa-aes128-gcm-sha256|dhe-rsa-aes256-gcm-sha384)</regex>
+                  </constraint>
+                  <multi/>
+                </properties>
+                <defaultValue>ecdhe-ecdsa-aes128-gcm-sha256 ecdhe-rsa-aes128-gcm-sha256 ecdhe-ecdsa-aes256-gcm-sha384 ecdhe-rsa-aes256-gcm-sha384 ecdhe-ecdsa-chacha20-poly1305 ecdhe-rsa-chacha20-poly1305 dhe-rsa-aes128-gcm-sha256 dhe-rsa-aes256-gcm-sha384</defaultValue>
+              </leafNode>
+              <leafNode name="tls-version-min">
+                <properties>
+                  <help>Specify the minimum required TLS version</help>
+                  <completionHelp>
+                    <list>1.2 1.3</list>
+                  </completionHelp>
+                  <valueHelp>
+                    <format>1.2</format>
+                    <description>TLS v1.2</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>1.3</format>
+                    <description>TLS v1.3</description>
+                  </valueHelp>
+                  <constraint>
+                    <regex>(1.2|1.3)</regex>
+                  </constraint>
+                </properties>
+                <defaultValue>1.3</defaultValue>
+              </leafNode>
+            </children>
+          </node>
+          #include <include/interface/vrf.xml.i>
+        </children>
+      </node>
+    </children>
+  </node>
+</interfaceDefinition>
-- 
cgit v1.2.3