#jinja2: lstrip_blocks: True
global
    chroot /var/lib/haproxy
    user neutron
    group neutron
    daemon
    log {{ syslog_server }}:{{ syslog_udp_port }} {{ syslog_neutron_tls_proxy_facility }}
    maxconn {{ neutron_tls_proxy_max_connections }}
    nbthread {{ neutron_tls_proxy_threads }}
    {% if (neutron_tls_proxy_threads | int > 1) and (neutron_tls_proxy_thread_cpu_map | bool) %}
    cpu-map auto:1/all 0-63
    {% endif %}
    {% if kolla_enable_tls_external | bool or kolla_enable_tls_internal | bool %}
    {% for line in haproxy_ssl_settings.split('\n') %}
    {{ line }}
    {% endfor %}
    tune.ssl.default-dh-param 4096
    ca-base {{ haproxy_backend_cacert_dir }}
    {% endif %}

defaults
    log global
    option redispatch
    retries 3
    timeout http-request {{ neutron_tls_proxy_http_request_timeout }}
    timeout http-keep-alive {{ neutron_tls_proxy_http_keep_alive_timeout }}
    timeout queue {{ neutron_tls_proxy_queue_timeout }}
    timeout connect {{ neutron_tls_proxy_connect_timeout }}
    timeout client {{ neutron_tls_proxy_client_timeout }}
    timeout server {{ neutron_tls_proxy_server_timeout }}
    timeout check {{ neutron_tls_proxy_check_timeout }}
    balance {{ neutron_tls_proxy_defaults_balance }}
    maxconn {{ neutron_tls_proxy_defaults_max_connections }}

listen stats
   bind {{ api_interface_address }}:{{ neutron_tls_proxy_stats_port }}
   mode http
   stats enable
   stats uri /
   stats refresh 15s
   stats realm Haproxy\ Stats
   stats auth {{ haproxy_user }}:{{ haproxy_password }}

frontend neutron_backend_tls
    bind {{ api_interface_address }}:{{ neutron_server_listen_port }} ssl crt /etc/neutron/certs/neutron-cert-and-key.pem
    default_backend neutron_server

backend neutron_server
    server neutron-server 127.0.0.1:{{ neutron_server_listen_port }} check