HAProxy Enterprise Documentation 2.7r1

CLI

The basic usage of the API is as follows:

$ hapee-dataplane-api [OPTIONS]
  • The options for editing and managing HAProxy Enterprise nodes are listed below.

  • You can invoke the API with the --help flag to see a list of available options.

Application options

These options control how the Data Plane API is hosted and how it should manage shutdown.

Option

Description

--scheme=

The listeners to enable. Can be repeated and defaults to the schemes in the swagger specification

--cleanup-timeout=

Grace period for which to wait before killing idle connections (default: 10s)

--graceful-timeout=

Grace period for which to wait before shutting down the server (default: 15s)

--max-header-size=

Controls the maximum number of bytes the server will read parsing the request header's keys and values, including the request line. It does not limit the size of the request body. (default: 1MiB)

--socket-path=

The Unix socket to listen on (default: /var/run/data-plane.sock)

--host=

The IP to listen on (default: localhost) [$HOST]

--port=

The port to listen on for insecure connections; defaults to a random value [$PORT]

--listen-limit=

Limits the number of outstanding requests

--keep-alive=

Sets the TCP keep-alive timeouts on accepted connections. It prunes dead TCP connections ( e.g. closing laptop mid-download) (default: 3m)

--read-timeout=

Maximum duration to wait to read the request before timing out (default: 30s)

--write-timeout=

Maximum duration to wait to write the response before timing out (default: 60s)

--tls-host=

The IP to listen on for TLS; when not specified it's the same as --host [$TLS_HOST]

--tls-port=

The port to listen on for secure connections; defaults to a random value [$TLS_PORT]

--tls-certificate=

The certificate to use for secure connections [$TLS_CERTIFICATE]

--tls-key=

The private key to use for secure connections [$TLS_PRIVATE_KEY]

--tls-ca=

The certificate authority file to use with mutual tls auth [$TLS_CA_CERTIFICATE]

--tls-listen-limit=

Limits the number of outstanding requests

--tls-keep-alive=

Sets the TCP keep-alive timeouts on accepted connections. It prunes dead TCP connections ( e.g. closing laptop mid-download)

--tls-read-timeout=

Maximum duration to wait to read the request before timing out

--tls-write-timeout=

Maximum duration to wait to write the response before timing out

HAProxy Enterprise options

These options configure the API's access and management of a running HAProxy node.

Option

Description

-c, --config-file=

Path to the HAProxy Enterprise configuration file (default: /etc/hapee-2.7/haproxy.cfg)

-u, --userlist=

Userlist in HAProxy Enterprise configuration to use for API Basic Authentication (default: controller)

-b, --haproxy-bin=

Path to the HAProxy Enterprise binary file (default: haproxy)

-d, --reload-delay=

Minimum delay between two reloads (in s) (default: 5)

-r, --reload-cmd=

Reload command

-s, --restart-cmd=

Restart command

--reload-retention=

Reload retention in days, every older reload id will be deleted (default: 1)

-t, --transaction-dir=

Path to the transaction directory (default: /tmp/haproxy)

-n, --backups-number=

Number of backup configuration files you want to keep, stored in the config dir with version number suffix (default: 0)

--backups-dir=

Path to directory in which to place backup files

-m, --master-runtime=

Path to the HAProxy Enterprise Runtime API socket

-i, --show-system-info

Show system info on info endpoint

-f

Path to the dataplane configuration file (default: /etc/hapee-2.7/dataplaneapi.hcl)

-g, git-mode=

Run dataplaneapi in git mode, without running the haproxy and ability to push to Git

--git-settings-file=

Path to the git settings file (default: /etc/hapee-2.7/git.settings)

-a, --aloha-mode

Run dataplaneapi in ALOHA mode, without running the haproxy

--aloha-hash-file=

Path to the temporary aloha hash file (default: /tmp/aloha-hash.cfg)

--userlist-file=

Path to the dataplaneapi userlist file. By default userlist is read from HAProxy conf. When specified userlist would be read from this file.

--fid=

Path to file that will dataplaneapi use to write its id (not a pid) that was given to him after joining a cluster

-p, --maps-dir=

Path to directory of map files managed by dataplane (default: /etc/hapee-2.7/maps)

--ssl-certs-dir=

Path to SSL certificates directory (default: /etc/hapee-2.7/ssl)

--update-map-files

Flag used for syncing map files with runtime maps values

--update-map-files-period=

Elapsed time in seconds between two maps syncing operations (default: 10)

--cluster-tls-dir=

Path where cluster tls certificates will be stored. Defaults to same directory as dataplane configuration file

--spoe-dir=

Path to SPOE directory. (default: /etc/hapee-2.7/spoe)

--spoe-transaction-dir=

Path to the SPOE transaction directory (default: /tmp/spoe-haproxy)

--master-worker-mode

Flag to enable helpers when running within HAProxy

--max-open-transactions=

Limit for active transaction in pending state (default: 20)

--validate-cmd=

Executes a custom command to perform the HAProxy configuration check

--disable-inotify

Disables inotify watcher watcher for the configuration file

--pam

use PAM instead of userlist file

--pid-file=

Path to file that will dataplaneapi use to write its pid

--uid=

User id value to set on start

--gid=

Group id value to set on start

Logging options

These options configure the level of logging for requests to the API.

Option

Description

--log-to=[stdout|file]

Log target, can be stdout or file (default: stdout)

--log-file=

Location of the log file (default: /var/log/dataplaneapi/dataplaneapi.log)

--log-level=[trace|debug|info|warning|error]

Logging level (default: warning)

--log-format=[text|JSON]

Logging format (default: text)

--apache-common-log-format=

Apache Common Log Format to format the access log entries (default: %h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-agent}i" %{us}T)

Syslog Options

Configuration options for syslog.

Option

Description

--syslog-address=

Syslog address (with port declaration in case of TCP type) where logs should be forwarded: accepting socket path in case of unix or unixgram

--syslog-protocol=[ tcp|tcp4|tcp6|unix|unixgram]

Syslog server protocol (default: tcp)

--syslog-tag=

String to tag the syslog messages (default: dataplaneapi)

--syslog-level=

Define the required syslog messages level, allowed values: debug|info|notice|warning|error|critical|alert|emergency (default:debug)

--syslog-facility=

Define the Syslog facility number, allowed values: kern|user|mail|daemon|auth|syslog|lpr|news|uucp|cron|authpriv|ftp|local0|local1|local2|local3|local4|local5|local6|local7 (default: local0)

Other options

These options provide additional information about the API.

Option

Description

-v, --version

Show version and build information

-h, --help

Show this help message


Next up

Usage