Puppet Class: varnish::hitch

Defined in:
manifests/hitch.pp

Summary

Installs Hitch the SSL Offloading Proxy of Varnish Enterprise

Overview

Examples:

include varnish::hitch

Parameters:

  • package_name (String[1]) (defaults to: 'varnish-plus-addon-ssl')

    Define used package name

  • package_ensure (String[1]) (defaults to: 'present')

    Ensure package

  • service_ensure (Stdlib::Ensure::Service) (defaults to: 'running')

    Ensure Service status

  • service_name (String[1]) (defaults to: 'hitch')

    Service name for hitch (must match installed)

  • config_path (Stdlib::Absolutepath) (defaults to: '/etc/hitch/hitch.conf')

    Path for hitch config

  • config_template (String[1]) (defaults to: 'varnish/hitch.conf.epp')

    Used EPP Config template

  • frontends (Array[Struct[{ host => String[1],port => Stdlib::Port }],1]) (defaults to: [{ 'host'=> '*', 'port'=> 443, }])

    Define Frontends for hitch

  • backend (String[1]) (defaults to: '[127.0.0.1]:8443')

    Define Backend

  • pem_files (Array[Stdlib::Absolutepath,1])

    PEM Files that will be loaded

  • ssl_engine (Optional[String[1]]) (defaults to: undef)

    Set the ssl-engine

  • tls_protos (String[1]) (defaults to: 'TLSv1.2 TLSv1.3')

    allowed TLS Protos

  • ciphers (String[1]) (defaults to: 'EECDH+AESGCM:EDH+AESGCM')

    allowed ciphers

  • ciphersuites (String[1]) (defaults to: 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256')

    allowd cipersuites for TLS1.3+

  • workers (Variant[Enum['auto'],Integer[1,1024]]) (defaults to: 'auto')

    number of workers

  • backlog (Integer[1]) (defaults to: 200)

    Listen backlog size

  • keepalive (Integer[1]) (defaults to: 3600)

    Number of seconds a TCP socket is kept alive

  • chroot (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    Chroot directory

  • user (String[1]) (defaults to: 'hitch')

    User to run as. If Hitch is started as root, it will insist on changing to a user with lower rights after binding to sockets.

  • group (String[1]) (defaults to: 'hitch')

    If given, Hitch will change to this group after binding to listen sockets.

  • log_level (Integer[0,2]) (defaults to: 1)

    Log chattiness. 0=silence, 1=errors, 2=info/debug. This setting can also be changed at run-time by editing the configuration file followed by a reload (SIGHUP).

  • syslog (Boolean) (defaults to: true)

    Send messages to syslog.

  • syslog_facility (Stdlib::Syslogfacility) (defaults to: 'daemon')

    Set the syslog facility.

  • daemon (Boolean) (defaults to: true)

    Run as daemon

  • write_proxy (Enum['ip','v1','v2','proxy']) (defaults to: 'v2')

    Which Proxy mode is used

  • sni_nomatch_abort (Boolean) (defaults to: false)

    Abort handshake when the client submits an unrecognized SNI server name.

  • tcp_fastopen (Boolean) (defaults to: false)

    Enable TCP Fast Open.

  • alpn_protos (String[1]) (defaults to: 'h2,http/1.1')

    Comma separated list of protocols supported by the backend

  • additional_parameters (Hash[String[1],Variant[String[1],Integer[1]]]) (defaults to: {})

    Add parameters additional as needed

See Also:



64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
 
# File 'manifests/hitch.pp', line 64

class varnish::hitch (
  Array[Stdlib::Absolutepath,1] $pem_files,
  String[1] $package_name = 'varnish-plus-addon-ssl',
  String[1] $package_ensure = 'present',
  Stdlib::Ensure::Service $service_ensure = 'running',
  String[1] $service_name = 'hitch',
  Stdlib::Absolutepath $config_path = '/etc/hitch/hitch.conf',
  String[1] $config_template = 'varnish/hitch.conf.epp',
  Array[Struct[{ host => String[1],port => Stdlib::Port }],1] $frontends = [{ 'host'=> '*', 'port'=> 443, }],
  String[1] $backend = '[127.0.0.1]:8443',
  Optional[String[1]] $ssl_engine = undef,
  String[1] $tls_protos = 'TLSv1.2 TLSv1.3',
  String[1] $ciphers = 'EECDH+AESGCM:EDH+AESGCM',
  String[1] $ciphersuites = 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256',
  Variant[Enum['auto'],Integer[1,1024]] $workers = 'auto',
  Integer[1] $backlog = 200,
  Integer[1] $keepalive = 3600,
  Optional[Stdlib::Absolutepath] $chroot = undef,
  String[1] $user = 'hitch',
  String[1] $group = 'hitch',
  Integer[0,2] $log_level = 1,
  Boolean $syslog = true,
  Stdlib::Syslogfacility $syslog_facility = 'daemon',
  Boolean $daemon = true,
  Enum['ip','v1','v2','proxy'] $write_proxy = 'v2',
  Boolean $sni_nomatch_abort = false,
  Boolean $tcp_fastopen = false,
  String[1] $alpn_protos = 'h2,http/1.1',
  Hash[String[1],Variant[String[1],Integer[1]]] $additional_parameters = {},
) {
  package { 'hitch':
    ensure => $package_ensure,
    name   => $package_name,
  }
  service { 'hitch':
    ensure  => $service_ensure,
    name    => $service_name,
    require => Package['hitch'],
  }
  file { 'hitch-conf':
    ensure  => file,
    path    => $config_path,
    owner   => 'root',
    group   => 'root',
    mode    => '0644',
    content => epp($config_template),
    require => Package['hitch'],
    notify  => Service['hitch'],
  }
}