Refactor haproxy config (split by service) V2.0
Having all services in one giant haproxy file makes altering configuration for a service both painful and dangerous. Each service should be configured with a simple set of variables and rendered with a single unified template. Available are two new templates: * haproxy_single_service_listen.cfg.j2: close to the original style, but only one service per file * haproxy_single_service_split.cfg.j2: using the newer haproxy syntax for separated frontend and backend For now the default will be the single listen block, for ease of transition. Change-Id: I6e237438fbc0aa3c89a3c8bd706a53b74e71904b
This commit is contained in:
parent
921a6d8762
commit
f1c8136556
@ -208,6 +208,7 @@ gnocchi_api_port: "8041"
|
||||
grafana_server_port: "3000"
|
||||
|
||||
haproxy_stats_port: "1984"
|
||||
haproxy_monitor_port: "61313"
|
||||
|
||||
heat_api_port: "8004"
|
||||
heat_api_cfn_port: "8000"
|
||||
|
@ -493,6 +493,12 @@ solum
|
||||
[solum-conductor:children]
|
||||
solum
|
||||
|
||||
[solum-application-deployment:children]
|
||||
solum
|
||||
|
||||
[solum-image-builder:children]
|
||||
solum
|
||||
|
||||
# Mistral
|
||||
[mistral-api:children]
|
||||
mistral
|
||||
|
@ -509,6 +509,12 @@ solum
|
||||
[solum-conductor:children]
|
||||
solum
|
||||
|
||||
[solum-application-deployment:children]
|
||||
solum
|
||||
|
||||
[solum-image-builder:children]
|
||||
solum
|
||||
|
||||
# Mistral
|
||||
[mistral-api:children]
|
||||
mistral
|
||||
|
@ -14,6 +14,17 @@ aodh_services:
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
- "{{ kolla_dev_repos_directory ~ '/aodh/aodh:/var/lib/kolla/venv/lib/python2.7/site-packages/aodh' if aodh_dev_mode | bool else '' }}"
|
||||
dimensions: "{{ aodh_api_dimensions }}"
|
||||
haproxy:
|
||||
aodh_api:
|
||||
enabled: "{{ enable_aodh }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ aodh_api_port }}"
|
||||
aodh_api_external:
|
||||
enabled: "{{ enable_aodh }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ aodh_api_port }}"
|
||||
aodh-evaluator:
|
||||
container_name: aodh_evaluator
|
||||
group: aodh-evaluator
|
||||
|
7
ansible/roles/aodh/tasks/loadbalancer.yml
Normal file
7
ansible/roles/aodh/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ aodh_services }}"
|
||||
tags: always
|
@ -14,6 +14,17 @@ barbican_services:
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
- "{{ kolla_dev_repos_directory ~ '/barbican/barbican:/var/lib/kolla/venv/lib/python2.7/site-packages/barbican' if barbican_dev_mode | bool else '' }}"
|
||||
dimensions: "{{ barbican_api_dimensions }}"
|
||||
haproxy:
|
||||
barbican_api:
|
||||
enabled: "{{ enable_barbican }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ barbican_api_port }}"
|
||||
barbican_api_external:
|
||||
enabled: "{{ enable_barbican }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ barbican_api_port }}"
|
||||
barbican-keystone-listener:
|
||||
container_name: barbican_keystone_listener
|
||||
group: barbican-keystone-listener
|
||||
|
7
ansible/roles/barbican/tasks/loadbalancer.yml
Normal file
7
ansible/roles/barbican/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ barbican_services }}"
|
||||
tags: always
|
@ -13,6 +13,17 @@ blazar_services:
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
- "{{ kolla_dev_repos_directory ~ '/blazar/blazar:/var/lib/kolla/venv/lib/python2.7/site-packages/blazar' if blazar_dev_mode | bool else '' }}"
|
||||
dimensions: "{{ blazar_api_dimensions }}"
|
||||
haproxy:
|
||||
blazar_api:
|
||||
enabled: "{{ enable_blazar }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ blazar_api_port }}"
|
||||
blazar_api_external:
|
||||
enabled: "{{ enable_blazar }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ blazar_api_port }}"
|
||||
blazar-manager:
|
||||
container_name: blazar_manager
|
||||
group: blazar-manager
|
||||
|
7
ansible/roles/blazar/tasks/loadbalancer.yml
Normal file
7
ansible/roles/blazar/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ blazar_services }}"
|
||||
tags: always
|
@ -1,6 +1,22 @@
|
||||
---
|
||||
project_name: "ceph"
|
||||
|
||||
ceph_services:
|
||||
ceph-rgw:
|
||||
group: ceph-rgw
|
||||
enabled: "{{ enable_ceph_rgw|bool }}"
|
||||
haproxy:
|
||||
radosgw:
|
||||
enabled: "{{ enable_ceph|bool and enable_ceph_rgw|bool }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ rgw_port }}"
|
||||
radosgw_external:
|
||||
enabled: "{{ enable_ceph|bool and enable_ceph_rgw|bool }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ rgw_port }}"
|
||||
|
||||
|
||||
####################
|
||||
# Docker
|
||||
|
7
ansible/roles/ceph/tasks/loadbalancer.yml
Normal file
7
ansible/roles/ceph/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ ceph_services }}"
|
||||
tags: always
|
@ -13,6 +13,17 @@ cinder_services:
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
- "{{ kolla_dev_repos_directory ~ '/cinder/cinder:/var/lib/kolla/venv/lib/python2.7/site-packages/cinder' if cinder_dev_mode | bool else '' }}"
|
||||
dimensions: "{{ cinder_api_dimensions }}"
|
||||
haproxy:
|
||||
cinder_api:
|
||||
enabled: "{{ enable_cinder }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ cinder_api_port }}"
|
||||
cinder_api_external:
|
||||
enabled: "{{ enable_cinder }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ cinder_api_port }}"
|
||||
cinder-scheduler:
|
||||
container_name: cinder_scheduler
|
||||
group: cinder-scheduler
|
||||
|
7
ansible/roles/cinder/tasks/loadbalancer.yml
Normal file
7
ansible/roles/cinder/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ cinder_services }}"
|
||||
tags: always
|
@ -13,6 +13,17 @@ cloudkitty_services:
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
- "{{ kolla_dev_repos_directory ~ '/cloudkitty/cloudkitty:/var/lib/kolla/venv/lib/python2.7/site-packages/cloudkitty' if cloudkitty_dev_mode | bool else '' }}"
|
||||
dimensions: "{{ cloudkitty_api_dimensions }}"
|
||||
haproxy:
|
||||
cloudkitty_api:
|
||||
enabled: "{{ enable_cloudkitty }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ cloudkitty_api_port }}"
|
||||
cloudkitty_api_external:
|
||||
enabled: "{{ enable_cloudkitty }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ cloudkitty_api_port }}"
|
||||
cloudkitty-processor:
|
||||
container_name: "cloudkitty_processor"
|
||||
group: "cloudkitty-processor"
|
||||
|
7
ansible/roles/cloudkitty/tasks/loadbalancer.yml
Normal file
7
ansible/roles/cloudkitty/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ cloudkitty_services }}"
|
||||
tags: always
|
@ -13,6 +13,17 @@ congress_services:
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
- "{{ kolla_dev_repos_directory ~ '/congress/congress:/var/lib/kolla/venv/lib/python2.7/site-packages/congress' if congress_dev_mode | bool else '' }}"
|
||||
dimensions: "{{ congress_api_dimensions }}"
|
||||
haproxy:
|
||||
congress_api:
|
||||
enabled: "{{ enable_congress }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ congress_api_port }}"
|
||||
congress_api_external:
|
||||
enabled: "{{ enable_congress }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ congress_api_port }}"
|
||||
congress-policy-engine:
|
||||
container_name: congress_policy_engine
|
||||
group: congress-policy-engine
|
||||
|
7
ansible/roles/congress/tasks/loadbalancer.yml
Normal file
7
ansible/roles/congress/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ congress_services }}"
|
||||
tags: always
|
@ -13,6 +13,17 @@ designate_services:
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
- "{{ kolla_dev_repos_directory ~ '/designate/designate:/var/lib/kolla/venv/lib/python2.7/site-packages/designate' if designate_dev_mode | bool else '' }}"
|
||||
dimensions: "{{ designate_api_dimensions }}"
|
||||
haproxy:
|
||||
designate_api:
|
||||
enabled: "{{ enable_designate }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ designate_api_port }}"
|
||||
designate_api_external:
|
||||
enabled: "{{ enable_designate }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ designate_api_port }}"
|
||||
designate-backend-bind9:
|
||||
container_name: designate_backend_bind9
|
||||
group: designate-backend-bind9
|
||||
|
7
ansible/roles/designate/tasks/loadbalancer.yml
Normal file
7
ansible/roles/designate/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ designate_services }}"
|
||||
tags: always
|
@ -12,6 +12,14 @@ elasticsearch_services:
|
||||
- "/etc/localtime:/etc/localtime:ro"
|
||||
- "elasticsearch:/var/lib/elasticsearch/data"
|
||||
dimensions: "{{ elasticsearch_dimensions }}"
|
||||
haproxy:
|
||||
elasticsearch:
|
||||
enabled: "{{ enable_elasticsearch }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ elasticsearch_port }}"
|
||||
frontend_http_extra:
|
||||
- "option dontlog-normal"
|
||||
|
||||
|
||||
####################
|
||||
|
7
ansible/roles/elasticsearch/tasks/loadbalancer.yml
Normal file
7
ansible/roles/elasticsearch/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ elasticsearch_services }}"
|
||||
tags: always
|
@ -14,6 +14,17 @@ freezer_services:
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
- "{{ kolla_dev_repos_directory ~ '/freezer-api/freezer_api:/var/lib/kolla/venv/lib/python2.7/site-packages/freezer_api' if freezer_dev_mode | bool else '' }}"
|
||||
dimensions: "{{ freezer_api_dimensions }}"
|
||||
haproxy:
|
||||
freezer_api:
|
||||
enabled: "{{ enable_freezer }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ freezer_api_port }}"
|
||||
freezer_api_external:
|
||||
enabled: "{{ enable_freezer }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ freezer_api_port }}"
|
||||
freezer-scheduler:
|
||||
container_name: freezer_scheduler
|
||||
group: freezer-scheduler
|
||||
|
7
ansible/roles/freezer/tasks/loadbalancer.yml
Normal file
7
ansible/roles/freezer/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ freezer_services }}"
|
||||
tags: always
|
@ -15,6 +15,27 @@ glance_services:
|
||||
- "{{ kolla_dev_repos_directory ~ '/glance/glance:/var/lib/kolla/venv/lib/python2.7/site-packages/glance' if glance_dev_mode | bool else '' }}"
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
dimensions: "{{ glance_api_dimensions }}"
|
||||
haproxy:
|
||||
glance_api:
|
||||
enabled: "{{ enable_glance }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ glance_api_port }}"
|
||||
frontend_http_extra:
|
||||
- "timeout client {{ haproxy_glance_api_client_timeout }}"
|
||||
backend_http_extra:
|
||||
- "timeout server {{ haproxy_glance_api_server_timeout }}"
|
||||
custom_member_list: "{{ haproxy_members.split(';') }}"
|
||||
glance_api_external:
|
||||
enabled: "{{ enable_glance }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ glance_api_port }}"
|
||||
frontend_http_extra:
|
||||
- "timeout client {{ haproxy_glance_api_client_timeout }}"
|
||||
backend_http_extra:
|
||||
- "timeout server {{ haproxy_glance_api_server_timeout }}"
|
||||
custom_member_list: "{{ haproxy_members.split(';') }}"
|
||||
glance-registry:
|
||||
container_name: glance_registry
|
||||
group: glance-registry
|
||||
@ -27,6 +48,11 @@ glance_services:
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
dimensions: "{{ glance_registry_dimensions }}"
|
||||
|
||||
####################
|
||||
# HAProxy
|
||||
####################
|
||||
haproxy_members: "{% for host in glance_api_hosts %}server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ glance_api_port }} check inter 2000 rise 2 fall 5;{% endfor %}"
|
||||
|
||||
####################
|
||||
# Notification
|
||||
####################
|
||||
@ -66,6 +92,13 @@ glance_database_user: "{% if use_preconfigured_databases | bool and use_common_m
|
||||
glance_database_address: "{{ database_address }}:{{ database_port }}"
|
||||
|
||||
|
||||
####################
|
||||
# HAProxy
|
||||
####################
|
||||
haproxy_glance_api_client_timeout: "6h"
|
||||
haproxy_glance_api_server_timeout: "6h"
|
||||
|
||||
|
||||
####################
|
||||
# Docker
|
||||
####################
|
||||
|
7
ansible/roles/glance/tasks/loadbalancer.yml
Normal file
7
ansible/roles/glance/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ glance_services }}"
|
||||
tags: always
|
@ -13,6 +13,17 @@ gnocchi_services:
|
||||
- "gnocchi:/var/lib/gnocchi/"
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
dimensions: "{{ gnocchi_api_dimensions }}"
|
||||
haproxy:
|
||||
gnocchi_api:
|
||||
enabled: "{{ enable_gnocchi }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ gnocchi_api_port }}"
|
||||
gnocchi_api_external:
|
||||
enabled: "{{ enable_gnocchi }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ gnocchi_api_port }}"
|
||||
gnocchi-metricd:
|
||||
container_name: gnocchi_metricd
|
||||
group: gnocchi-metricd
|
||||
|
7
ansible/roles/gnocchi/tasks/loadbalancer.yml
Normal file
7
ansible/roles/gnocchi/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ gnocchi_services }}"
|
||||
tags: always
|
@ -13,6 +13,17 @@ grafana_services:
|
||||
- "grafana:/var/lib/grafana/"
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
dimensions: "{{ grafana_dimensions }}"
|
||||
haproxy:
|
||||
grafana_server:
|
||||
enabled: "{{ enable_grafana }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ grafana_server_port }}"
|
||||
grafana_server_external:
|
||||
enabled: "{{ enable_grafana }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ grafana_server_port }}"
|
||||
|
||||
####################
|
||||
# Database
|
||||
|
7
ansible/roles/grafana/tasks/loadbalancer.yml
Normal file
7
ansible/roles/grafana/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ grafana_services }}"
|
||||
tags: always
|
13
ansible/roles/haproxy-config/defaults/main.yml
Normal file
13
ansible/roles/haproxy-config/defaults/main.yml
Normal file
@ -0,0 +1,13 @@
|
||||
---
|
||||
haproxy_service_template: "haproxy_single_service_listen.cfg.j2"
|
||||
|
||||
# Extra frontend/backend options (additive with locally defined options)
|
||||
haproxy_frontend_http_extra:
|
||||
- "option httplog"
|
||||
- "option forwardfor"
|
||||
haproxy_frontend_tcp_extra:
|
||||
- "option tcplog"
|
||||
haproxy_backend_http_extra: []
|
||||
haproxy_backend_tcp_extra: []
|
||||
|
||||
haproxy_health_check: "check inter 2000 rise 2 fall 5"
|
17
ansible/roles/haproxy-config/handlers/main.yml
Normal file
17
ansible/roles/haproxy-config/handlers/main.yml
Normal file
@ -0,0 +1,17 @@
|
||||
---
|
||||
- name: Restart haproxy container
|
||||
become: true
|
||||
kolla_docker:
|
||||
action: "restart_container"
|
||||
name: haproxy
|
||||
when:
|
||||
- kolla_action != "config"
|
||||
- inventory_hostname in groups['haproxy']
|
||||
- enable_haproxy | bool
|
||||
notify:
|
||||
- Waiting for haproxy to start
|
||||
|
||||
- name: Waiting for haproxy to start
|
||||
wait_for:
|
||||
host: "{{ api_interface_address }}"
|
||||
port: "{{ haproxy_stats_port }}"
|
21
ansible/roles/haproxy-config/tasks/main.yml
Normal file
21
ansible/roles/haproxy-config/tasks/main.yml
Normal file
@ -0,0 +1,21 @@
|
||||
---
|
||||
- name: "Copying over {{ project_name }} haproxy config"
|
||||
vars:
|
||||
service: "{{ item.value }}"
|
||||
haproxy_templates:
|
||||
- "{{ node_custom_config }}/haproxy-config/{{ inventory_hostname }}/{{ haproxy_service_template }}"
|
||||
- "{{ node_custom_config }}/haproxy-config/{{ haproxy_service_template }}"
|
||||
- "templates/{{ haproxy_service_template }}"
|
||||
template_file: "{{ query('first_found', haproxy_templates) | first }}"
|
||||
template:
|
||||
src: "{{ template_file }}"
|
||||
dest: "{{ node_config_directory }}/haproxy/services.d/{{ item.key }}.cfg"
|
||||
mode: "0660"
|
||||
become: true
|
||||
when:
|
||||
- service.enabled | bool
|
||||
- service.haproxy is defined
|
||||
- enable_haproxy | bool
|
||||
with_dict: "{{ project_services }}"
|
||||
notify:
|
||||
- Restart haproxy container
|
@ -0,0 +1,91 @@
|
||||
#jinja2: lstrip_blocks: True
|
||||
{%- set tls_bind_info = 'ssl crt /etc/haproxy/haproxy.pem' if kolla_enable_tls_external|bool else '' %}
|
||||
|
||||
{%- macro userlist_macro(service_name, auth_user, auth_pass) %}
|
||||
userlist {{ service_name }}-user
|
||||
user {{ auth_user }} insecure-password {{ auth_pass }}
|
||||
{% endmacro %}
|
||||
|
||||
{%- macro listen_macro(service_name, service_port, service_mode, external,
|
||||
haproxy_http_extra, haproxy_tcp_extra, host_group,
|
||||
custom_member_list, auth_user, auth_pass) %}
|
||||
listen {{ service_name }}
|
||||
{% if service_mode == 'redirect' %}
|
||||
mode http
|
||||
{% else %}
|
||||
mode {{ service_mode }}
|
||||
{% endif %}
|
||||
{% if service_mode == 'http' %}
|
||||
{# Set up auth if required #}
|
||||
{% if auth_user and auth_pass %}
|
||||
acl auth_acl http_auth({{ service_name }}-user)
|
||||
http-request auth realm basicauth unless auth_acl
|
||||
{% endif %}
|
||||
{# Delete any pre-populated XFP header #}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
{% for http_option in haproxy_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
{% elif service_mode == 'tcp' %}
|
||||
{% for tcp_option in haproxy_tcp_extra %}
|
||||
{{ tcp_option }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% set tls_option = '' %}
|
||||
{% if external|bool %}
|
||||
{% set vip_address = kolla_external_vip_address %}
|
||||
{% if service_mode == 'http' %}
|
||||
{% set tls_option = tls_bind_info %}
|
||||
{# Replace the XFP header for external https requests #}
|
||||
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||||
{% endif %}
|
||||
{% else %}
|
||||
{% set vip_address = kolla_internal_vip_address %}
|
||||
{% endif %}
|
||||
{{ "bind %s:%s %s"|e|format(vip_address, service_port, tls_option)|trim() }}
|
||||
{# Redirect mode sets a redirect scheme instead of members #}
|
||||
{% if service_mode == 'redirect' %}
|
||||
redirect scheme https code 301 if !{ ssl_fc }
|
||||
{% else %}
|
||||
{% if custom_member_list is not none %}
|
||||
{% for custom_member in custom_member_list %}
|
||||
{{ custom_member }}
|
||||
{% endfor %}
|
||||
{% else %}
|
||||
{% for host in groups[host_group] %}
|
||||
{% set api_interface = "ansible_%s"|format(hostvars[host]['api_interface']) %}
|
||||
{% set host_name = hostvars[host]['ansible_hostname'] %}
|
||||
{% set host_ip = hostvars[host][api_interface]['ipv4']['address'] %}
|
||||
server {{ host_name }} {{ host_ip }}:{{ service_port }} {{ haproxy_health_check }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% endmacro %}
|
||||
|
||||
{%- set haproxy = service.haproxy|default({}) %}
|
||||
{%- for haproxy_name, haproxy_service in haproxy.items() %}
|
||||
{# External defaults to false #}
|
||||
{% set external = haproxy_service.external|default(false)|bool %}
|
||||
{# Skip anything that is external when the external vip is not enabled #}
|
||||
{% if haproxy_service.enabled|bool and (not external or haproxy_enable_external_vip|bool)%}
|
||||
{# Here we define variables and their defaults #}
|
||||
{# Custom member list can use jinja to generate a semicolon separated list #}
|
||||
{% set custom_member_list = haproxy_service.custom_member_list|default(none) %}
|
||||
{# Mode defaults to http #}
|
||||
{% set mode = haproxy_service.mode|default('http') %}
|
||||
{# Use the parent host group but allow it to be overridden #}
|
||||
{% set host_group = haproxy_service.host_group|default(service.group) %}
|
||||
{# Additional options can be defined in config, and are additive to the global extras #}
|
||||
{% set haproxy_tcp_extra = haproxy_service.frontend_tcp_extra|default([]) + haproxy_service.backend_tcp_extra|default([]) + haproxy_frontend_tcp_extra + haproxy_backend_tcp_extra %}
|
||||
{% set haproxy_http_extra = haproxy_service.frontend_http_extra|default([]) + haproxy_service.backend_http_extra|default([]) + haproxy_frontend_http_extra + haproxy_backend_http_extra %}
|
||||
{# Allow for basic auth #}
|
||||
{% set auth_user = haproxy_service.auth_user|default() %}
|
||||
{% set auth_pass = haproxy_service.auth_pass|default() %}
|
||||
{% if auth_user and auth_pass %}
|
||||
{{ userlist_macro(haproxy_name, auth_user, auth_pass) }}
|
||||
{% endif %}
|
||||
{{ listen_macro(haproxy_name, haproxy_service.port, mode, external,
|
||||
haproxy_http_extra, haproxy_tcp_extra, host_group,
|
||||
custom_member_list, auth_user, auth_pass) }}
|
||||
{% endif %}
|
||||
{%- endfor -%}
|
@ -0,0 +1,118 @@
|
||||
#jinja2: lstrip_blocks: True
|
||||
{%- set tls_bind_info = 'ssl crt /etc/haproxy/haproxy.pem' if kolla_enable_tls_external|bool else '' %}
|
||||
|
||||
{%- macro userlist_macro(service_name, auth_user, auth_pass) %}
|
||||
userlist {{ service_name }}-user
|
||||
user {{ auth_user }} insecure-password {{ auth_pass }}
|
||||
{% endmacro %}
|
||||
|
||||
{%- macro frontend_macro(service_name, service_port, service_mode, external,
|
||||
frontend_http_extra, frontend_tcp_extra) %}
|
||||
frontend {{ service_name }}_front
|
||||
{% if service_mode == 'redirect' %}
|
||||
mode http
|
||||
{% else %}
|
||||
mode {{ service_mode }}
|
||||
{% endif %}
|
||||
{% if service_mode == 'http' %}
|
||||
{# Delete any pre-populated XFP header #}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
{% for http_option in frontend_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
{% elif service_mode == 'tcp' %}
|
||||
{% for tcp_option in frontend_tcp_extra %}
|
||||
{{ tcp_option }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% set tls_option = '' %}
|
||||
{% if external|bool %}
|
||||
{% set vip_address = kolla_external_vip_address %}
|
||||
{% if service_mode == 'http' %}
|
||||
{% set tls_option = tls_bind_info %}
|
||||
{# Replace the XFP header for external https requests #}
|
||||
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||||
{% endif %}
|
||||
{% else %}
|
||||
{% set vip_address = kolla_internal_vip_address %}
|
||||
{% endif %}
|
||||
{{ "bind %s:%s %s"|e|format(vip_address, service_port, tls_option)|trim() }}
|
||||
{# Redirect mode sets a redirect scheme instead of a backend #}
|
||||
{% if service_mode == 'redirect' %}
|
||||
redirect scheme https code 301 if !{ ssl_fc }
|
||||
{% else %}
|
||||
default_backend {{ service_name }}_back
|
||||
{% endif %}
|
||||
{% endmacro %}
|
||||
|
||||
{%- macro backend_macro(service_name, service_port, service_mode, host_group,
|
||||
custom_member_list, backend_http_extra,
|
||||
backend_tcp_extra, auth_user, auth_pass) %}
|
||||
backend {{ service_name }}_back
|
||||
{% if service_mode == 'redirect' %}
|
||||
mode http
|
||||
{% else %}
|
||||
mode {{ service_mode }}
|
||||
{% endif %}
|
||||
{% if service_mode == 'http' %}
|
||||
{# Set up auth if required #}
|
||||
{% if auth_user and auth_pass %}
|
||||
acl auth_acl http_auth({{ service_name }}-user)
|
||||
http-request auth realm basicauth unless auth_acl
|
||||
{% endif %}
|
||||
{% for http_option in backend_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
{% elif service_mode == 'tcp' %}
|
||||
{% for tcp_option in backend_tcp_extra %}
|
||||
{{ tcp_option }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if custom_member_list is not none %}
|
||||
{% for custom_member in custom_member_list %}
|
||||
{{ custom_member }}
|
||||
{% endfor %}
|
||||
{% else %}
|
||||
{% for host in groups[host_group] %}
|
||||
{% set api_interface = "ansible_%s"|format(hostvars[host]['api_interface']) %}
|
||||
{% set host_name = hostvars[host]['ansible_hostname'] %}
|
||||
{% set host_ip = hostvars[host][api_interface]['ipv4']['address'] %}
|
||||
server {{ host_name }} {{ host_ip }}:{{ service_port }} {{ haproxy_health_check }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% endmacro %}
|
||||
|
||||
{%- set haproxy = service.haproxy|default({}) %}
|
||||
{%- for haproxy_name, haproxy_service in haproxy.items() %}
|
||||
{# External defaults to false #}
|
||||
{% set external = haproxy_service.external|default(false)|bool %}
|
||||
{# Skip anything that is external when the external vip is not enabled #}
|
||||
{% if haproxy_service.enabled|bool and (not external or haproxy_enable_external_vip|bool)%}
|
||||
{# Here we define variables and their defaults #}
|
||||
{# Custom member list can use jinja to generate a semicolon separated list #}
|
||||
{% set custom_member_list = haproxy_service.custom_member_list|default() %}
|
||||
{# Mode defaults to http #}
|
||||
{% set mode = haproxy_service.mode|default('http') %}
|
||||
{# Use the parent host group but allow it to be overridden #}
|
||||
{% set host_group = haproxy_service.host_group|default(service.group) %}
|
||||
{# Additional options can be defined in config, and are additive to the global extras #}
|
||||
{% set frontend_tcp_extra = haproxy_service.frontend_tcp_extra|default([]) + haproxy_frontend_tcp_extra %}
|
||||
{% set backend_tcp_extra = haproxy_service.backend_tcp_extra|default([]) %}
|
||||
{% set frontend_http_extra = haproxy_service.frontend_http_extra|default([]) + haproxy_frontend_http_extra %}
|
||||
{% set backend_http_extra = haproxy_service.backend_http_extra|default([]) %}
|
||||
{# Allow for basic auth #}
|
||||
{% set auth_user = haproxy_service.auth_user|default() %}
|
||||
{% set auth_pass = haproxy_service.auth_pass|default() %}
|
||||
{% if auth_user and auth_pass %}
|
||||
{{ userlist_macro(haproxy_name, auth_user, auth_pass) }}
|
||||
{% endif %}
|
||||
{{ frontend_macro(haproxy_name, haproxy_service.port, mode, external,
|
||||
frontend_http_extra, frontend_tcp_extra) }}
|
||||
{# Redirect (to https) is a special case, as it does not include a backend #}
|
||||
{% if haproxy_service.mode != 'redirect' %}
|
||||
{{ backend_macro(haproxy_name, haproxy_service.port, mode, host_group,
|
||||
custom_member_list, backend_http_extra, backend_tcp_extra,
|
||||
auth_user, auth_pass) }}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{%- endfor -%}
|
@ -38,27 +38,12 @@ haproxy_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_
|
||||
haproxy_tag: "{{ openstack_release }}"
|
||||
haproxy_image_full: "{{ haproxy_image }}:{{ haproxy_tag }}"
|
||||
|
||||
haproxy_client_timeout: "1m"
|
||||
haproxy_server_timeout: "1m"
|
||||
|
||||
# Check http://www.haproxy.org/download/1.5/doc/configuration.txt for available options
|
||||
haproxy_defaults_balance: "roundrobin"
|
||||
|
||||
haproxy_glance_api_client_timeout: "6h"
|
||||
haproxy_glance_api_server_timeout: "6h"
|
||||
|
||||
haproxy_outward_rabbitmq_client_timeout: "1h"
|
||||
haproxy_outward_rabbitmq_server_timeout: "1h"
|
||||
|
||||
syslog_server: "{{ api_interface_address }}"
|
||||
syslog_haproxy_facility: "local1"
|
||||
|
||||
# Traffic mode. Valid options are [ multicast, unicast ]
|
||||
keepalived_traffic_mode: "multicast"
|
||||
|
||||
haproxy_listen_tcp_extra: []
|
||||
haproxy_listen_http_extra: []
|
||||
|
||||
# Extended global configuration, optimization options.
|
||||
haproxy_max_connections: 4000
|
||||
haproxy_processes: 1
|
||||
@ -66,3 +51,14 @@ haproxy_process_cpu_map: "no"
|
||||
|
||||
haproxy_dimensions: "{{ default_container_dimensions }}"
|
||||
keepalived_dimensions: "{{ default_container_dimensions }}"
|
||||
|
||||
# Default timeout values
|
||||
haproxy_http_request_timeout: "10s"
|
||||
haproxy_queue_timeout: "1m"
|
||||
haproxy_connect_timeout: "10s"
|
||||
haproxy_client_timeout: "1m"
|
||||
haproxy_server_timeout: "1m"
|
||||
haproxy_check_timeout: "10s"
|
||||
|
||||
# Check http://www.haproxy.org/download/1.5/doc/configuration.txt for available options
|
||||
haproxy_defaults_balance: "roundrobin"
|
||||
|
@ -3,8 +3,6 @@
|
||||
vars:
|
||||
service_name: "haproxy"
|
||||
service: "{{ haproxy_services[service_name] }}"
|
||||
config_json: "{{ haproxy_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
haproxy_container: "{{ check_haproxy_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
become: true
|
||||
kolla_docker:
|
||||
action: "recreate_or_restart_container"
|
||||
@ -18,19 +16,13 @@
|
||||
- kolla_action != "config"
|
||||
- inventory_hostname in groups[service.group]
|
||||
- service.enabled | bool
|
||||
- config_json.changed | bool
|
||||
or haproxy_cfg.changed | bool
|
||||
or haproxy_pem.changed | bool
|
||||
or haproxy_container.changed | bool
|
||||
notify:
|
||||
- Waiting for virtual IP to appear
|
||||
- Waiting for haproxy to start
|
||||
|
||||
- name: Restart keepalived container
|
||||
vars:
|
||||
service_name: "keepalived"
|
||||
service: "{{ haproxy_services[service_name] }}"
|
||||
config_json: "{{ haproxy_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
keepalived_container: "{{ check_haproxy_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
become: true
|
||||
kolla_docker:
|
||||
action: "recreate_or_restart_container"
|
||||
@ -44,26 +36,15 @@
|
||||
- kolla_action != "config"
|
||||
- inventory_hostname in groups[service.group]
|
||||
- service.enabled | bool
|
||||
- config_json.changed | bool
|
||||
or keepalived_conf.changed | bool
|
||||
or keepalived_container.changed | bool
|
||||
notify:
|
||||
- Waiting for virtual IP to appear
|
||||
|
||||
- name: Ensuring latest haproxy config is used
|
||||
command: docker exec haproxy /usr/local/bin/kolla_ensure_haproxy_latest_config
|
||||
register: status
|
||||
changed_when: status.stdout.find('changed') != -1
|
||||
when:
|
||||
- kolla_action != "config"
|
||||
- haproxy_config_jsons.changed | bool
|
||||
or haproxy_cfg.changed | bool
|
||||
or haproxy_pem.changed | bool
|
||||
- name: Waiting for haproxy to start
|
||||
wait_for:
|
||||
host: "{{ api_interface_address }}"
|
||||
port: "{{ haproxy_monitor_port }}"
|
||||
|
||||
- name: Waiting for virtual IP to appear
|
||||
wait_for:
|
||||
host: "{{ kolla_internal_vip_address }}"
|
||||
port: "{{ database_port }}"
|
||||
when:
|
||||
- enable_mariadb | bool
|
||||
or enable_external_mariadb_load_balancer | bool
|
||||
port: "{{ haproxy_monitor_port }}"
|
||||
|
@ -20,20 +20,32 @@
|
||||
- item.value.enabled | bool
|
||||
with_dict: "{{ haproxy_services }}"
|
||||
|
||||
- name: Ensuring service config subdir exists
|
||||
vars:
|
||||
service: "{{ haproxy_services['haproxy'] }}"
|
||||
file:
|
||||
path: "{{ node_config_directory }}/haproxy/services.d"
|
||||
state: "directory"
|
||||
owner: "{{ config_owner_user }}"
|
||||
group: "{{ config_owner_group }}"
|
||||
mode: "0770"
|
||||
become: true
|
||||
when:
|
||||
- inventory_hostname in groups[service.group]
|
||||
- service.enabled | bool
|
||||
|
||||
- name: Copying over config.json files for services
|
||||
template:
|
||||
src: "{{ item.key }}.json.j2"
|
||||
dest: "{{ node_config_directory }}/{{ item.key }}/config.json"
|
||||
mode: "0660"
|
||||
become: true
|
||||
register: haproxy_config_jsons
|
||||
when:
|
||||
- inventory_hostname in groups[item.value.group]
|
||||
- item.value.enabled | bool
|
||||
with_dict: "{{ haproxy_services }}"
|
||||
notify:
|
||||
- "Restart {{ item.key }} container"
|
||||
- Ensuring latest haproxy config is used
|
||||
|
||||
- name: Copying over haproxy.cfg
|
||||
vars:
|
||||
@ -43,17 +55,15 @@
|
||||
dest: "{{ node_config_directory }}/haproxy/haproxy.cfg"
|
||||
mode: "0660"
|
||||
become: true
|
||||
register: haproxy_cfg
|
||||
when:
|
||||
- inventory_hostname in groups[service.group]
|
||||
- service.enabled | bool
|
||||
with_first_found:
|
||||
- "{{ node_custom_config }}/haproxy/{{ inventory_hostname }}/haproxy.cfg"
|
||||
- "{{ node_custom_config }}/haproxy/haproxy.cfg"
|
||||
- "haproxy.cfg.j2"
|
||||
- "{{ node_custom_config }}/haproxy/{{ inventory_hostname }}/haproxy_main.cfg"
|
||||
- "{{ node_custom_config }}/haproxy/haproxy_main.cfg"
|
||||
- "haproxy_main.cfg.j2"
|
||||
notify:
|
||||
- Restart haproxy container
|
||||
- Ensuring latest haproxy config is used
|
||||
|
||||
- name: Copying over keepalived.conf
|
||||
vars:
|
||||
@ -63,7 +73,6 @@
|
||||
dest: "{{ node_config_directory }}/keepalived/keepalived.conf"
|
||||
mode: "0660"
|
||||
become: true
|
||||
register: keepalived_conf
|
||||
when:
|
||||
- inventory_hostname in groups[service.group]
|
||||
- service.enabled | bool
|
||||
@ -82,7 +91,6 @@
|
||||
dest: "{{ node_config_directory }}/haproxy/{{ item }}"
|
||||
mode: "0660"
|
||||
become: true
|
||||
register: haproxy_pem
|
||||
when:
|
||||
- kolla_enable_tls_external | bool
|
||||
- inventory_hostname in groups[service.group]
|
||||
@ -91,7 +99,24 @@
|
||||
- "haproxy.pem"
|
||||
notify:
|
||||
- Restart haproxy container
|
||||
- Ensuring latest haproxy config is used
|
||||
|
||||
- name: Copying over haproxy start script
|
||||
vars:
|
||||
service: "{{ haproxy_services['haproxy'] }}"
|
||||
template:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ node_config_directory }}/haproxy/haproxy_run.sh"
|
||||
mode: "0770"
|
||||
become: true
|
||||
when:
|
||||
- inventory_hostname in groups[service.group]
|
||||
- service.enabled | bool
|
||||
with_first_found:
|
||||
- "{{ node_custom_config }}/haproxy/{{ inventory_hostname }}/haproxy_run.sh"
|
||||
- "{{ node_custom_config }}/haproxy/haproxy_run.sh"
|
||||
- "haproxy_run.sh.j2"
|
||||
notify:
|
||||
- Restart haproxy container
|
||||
|
||||
- name: Check haproxy containers
|
||||
become: true
|
||||
@ -103,7 +128,6 @@
|
||||
volumes: "{{ item.value.volumes }}"
|
||||
dimensions: "{{ item.value.dimensions }}"
|
||||
privileged: "{{ item.value.privileged | default(False) }}"
|
||||
register: check_haproxy_containers
|
||||
when:
|
||||
- kolla_action != "config"
|
||||
- inventory_hostname in groups[item.value.group]
|
||||
|
@ -108,7 +108,7 @@
|
||||
|
||||
- name: Checking free port for HAProxy stats
|
||||
wait_for:
|
||||
host: "{{ kolla_internal_vip_address }}"
|
||||
host: "{{ api_interface_address }}"
|
||||
port: "{{ haproxy_stats_port }}"
|
||||
connect_timeout: 1
|
||||
timeout: 1
|
||||
@ -118,6 +118,31 @@
|
||||
- container_facts['haproxy'] is not defined
|
||||
- inventory_hostname in groups['haproxy']
|
||||
|
||||
- name: Checking free port for HAProxy monitor (api interface)
|
||||
wait_for:
|
||||
host: "{{ api_interface_address }}"
|
||||
port: "{{ haproxy_monitor_port }}"
|
||||
connect_timeout: 1
|
||||
timeout: 1
|
||||
state: stopped
|
||||
when:
|
||||
- enable_haproxy | bool
|
||||
- container_facts['haproxy'] is not defined
|
||||
- inventory_hostname in groups['haproxy']
|
||||
|
||||
- name: Checking free port for HAProxy monitor (vip interface)
|
||||
wait_for:
|
||||
host: "{{ kolla_internal_vip_address }}"
|
||||
port: "{{ haproxy_monitor_port }}"
|
||||
connect_timeout: 1
|
||||
timeout: 1
|
||||
state: stopped
|
||||
when:
|
||||
- enable_haproxy | bool
|
||||
- container_facts['haproxy'] is not defined
|
||||
- inventory_hostname in groups['haproxy']
|
||||
- api_interface_address != kolla_internal_vip_address
|
||||
|
||||
- name: Checking if kolla_internal_vip_address is in the same network as api_interface on all nodes
|
||||
command: ip -4 -o addr show dev {{ api_interface }}
|
||||
register: ip_addr_output
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -1,13 +1,24 @@
|
||||
{% set haproxy_cmd='/usr/sbin/haproxy -W -db' if kolla_base_distro in ['ubuntu'] else '/usr/sbin/haproxy-systemd-wrapper' %}
|
||||
{
|
||||
"command": "{{ haproxy_cmd }} -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid",
|
||||
"command": "/etc/haproxy/haproxy_run.sh",
|
||||
"config_files": [
|
||||
{
|
||||
"source": "{{ container_config_directory }}/haproxy_run.sh",
|
||||
"dest": "/etc/haproxy/haproxy_run.sh",
|
||||
"owner": "root",
|
||||
"perm": "0700"
|
||||
},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/haproxy.cfg",
|
||||
"dest": "/etc/haproxy/haproxy.cfg",
|
||||
"owner": "root",
|
||||
"perm": "0600"
|
||||
},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/services.d/",
|
||||
"dest": "/etc/haproxy/services.d",
|
||||
"owner": "root",
|
||||
"perm": "0700"
|
||||
},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/haproxy.pem",
|
||||
"dest": "/etc/haproxy/haproxy.pem",
|
||||
|
49
ansible/roles/haproxy/templates/haproxy_main.cfg.j2
Normal file
49
ansible/roles/haproxy/templates/haproxy_main.cfg.j2
Normal file
@ -0,0 +1,49 @@
|
||||
#jinja2: lstrip_blocks: True
|
||||
global
|
||||
chroot /var/lib/haproxy
|
||||
user haproxy
|
||||
group haproxy
|
||||
daemon
|
||||
log {{ syslog_server }}:{{ syslog_udp_port }} {{ syslog_haproxy_facility }}
|
||||
maxconn {{ haproxy_max_connections }}
|
||||
nbproc {{ haproxy_processes }}
|
||||
{% if haproxy_processes > 1 and haproxy_process_cpu_map | bool %}
|
||||
{% for cpu_idx in range(0, haproxy_processes) %}
|
||||
cpu-map {{ cpu_idx + 1 }} {{ cpu_idx }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
stats socket /var/lib/kolla/haproxy/haproxy.sock group kolla mode 660
|
||||
{% if kolla_enable_tls_external | bool %}
|
||||
ssl-default-bind-ciphers DEFAULT:!MEDIUM:!3DES
|
||||
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11
|
||||
tune.ssl.default-dh-param 4096
|
||||
{% endif %}
|
||||
|
||||
defaults
|
||||
log global
|
||||
option redispatch
|
||||
retries 3
|
||||
timeout http-request {{ haproxy_http_request_timeout }}
|
||||
timeout queue {{ haproxy_queue_timeout }}
|
||||
timeout connect {{ haproxy_connect_timeout }}
|
||||
timeout client {{ haproxy_client_timeout }}
|
||||
timeout server {{ haproxy_server_timeout }}
|
||||
timeout check {{ haproxy_check_timeout }}
|
||||
balance {{ haproxy_defaults_balance }}
|
||||
|
||||
listen stats
|
||||
bind {{ api_interface_address }}:{{ haproxy_stats_port }}
|
||||
mode http
|
||||
stats enable
|
||||
stats uri /
|
||||
stats refresh 15s
|
||||
stats realm Haproxy\ Stats
|
||||
stats auth {{ haproxy_user }}:{{ haproxy_password }}
|
||||
|
||||
frontend status
|
||||
bind {{ api_interface_address }}:{{ haproxy_monitor_port }}
|
||||
{% if api_interface_address != kolla_internal_vip_address %}
|
||||
bind {{ kolla_internal_vip_address }}:{{ haproxy_monitor_port }}
|
||||
{% endif %}
|
||||
mode http
|
||||
monitor-uri /
|
10
ansible/roles/haproxy/templates/haproxy_run.sh.j2
Normal file
10
ansible/roles/haproxy/templates/haproxy_run.sh.j2
Normal file
@ -0,0 +1,10 @@
|
||||
#!/bin/bash -x
|
||||
{% set haproxy_cmd='/usr/sbin/haproxy -W -db' if kolla_base_distro in ['ubuntu'] else '/usr/sbin/haproxy-systemd-wrapper' %}
|
||||
|
||||
# We need to run haproxy with one `-f` for each service, because including an
|
||||
# entire config directory was not a feature until version 1.7 of HAProxy.
|
||||
# So, append "-f $cfg" to the haproxy command for each service file.
|
||||
# This will run haproxy_cmd *exactly once*.
|
||||
find /etc/haproxy/services.d/ -mindepth 1 -print0 | \
|
||||
xargs -0 -Icfg echo -f cfg | \
|
||||
xargs {{ haproxy_cmd }} -p /run/haproxy.pid -f /etc/haproxy/haproxy.cfg
|
@ -13,6 +13,17 @@ heat_services:
|
||||
- "{{ kolla_dev_repos_directory ~ '/heat/heat:/var/lib/kolla/venv/lib/python2.7/site-packages/heat' if heat_dev_mode | bool else '' }}"
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
dimensions: "{{ heat_api_dimensions }}"
|
||||
haproxy:
|
||||
heat_api:
|
||||
enabled: "{{ enable_heat }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ heat_api_port }}"
|
||||
heat_api_external:
|
||||
enabled: "{{ enable_heat }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ heat_api_port }}"
|
||||
heat-api-cfn:
|
||||
container_name: heat_api_cfn
|
||||
group: heat-api-cfn
|
||||
@ -24,6 +35,17 @@ heat_services:
|
||||
- "{{ kolla_dev_repos_directory ~ '/heat/heat:/var/lib/kolla/venv/lib/python2.7/site-packages/heat' if heat_dev_mode | bool else '' }}"
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
dimensions: "{{ heat_api_cfn_dimensions }}"
|
||||
haproxy:
|
||||
heat_api_cfn:
|
||||
enabled: "{{ enable_heat }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ heat_api_cfn_port }}"
|
||||
heat_api_cfn_external:
|
||||
enabled: "{{ enable_heat }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ heat_api_cfn_port }}"
|
||||
heat-engine:
|
||||
container_name: heat_engine
|
||||
group: heat-engine
|
||||
|
7
ansible/roles/heat/tasks/loadbalancer.yml
Normal file
7
ansible/roles/heat/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ heat_services }}"
|
||||
tags: always
|
@ -43,6 +43,26 @@ horizon_services:
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
- "/tmp:/tmp"
|
||||
dimensions: "{{ horizon_dimensions }}"
|
||||
haproxy:
|
||||
horizon:
|
||||
enabled: "{{ enable_horizon }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ horizon_port }}"
|
||||
frontend_http_extra:
|
||||
- "balance source"
|
||||
horizon_external:
|
||||
enabled: "{{ enable_horizon }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{% if kolla_enable_tls_external|bool %}443{% else %}{{ horizon_port }}{% endif %}"
|
||||
frontend_http_extra:
|
||||
- "balance source"
|
||||
horizon_external_redirect:
|
||||
enabled: "{{ enable_horizon|bool and kolla_enable_tls_external|bool }}"
|
||||
mode: "redirect"
|
||||
external: true
|
||||
port: "{{ horizon_port }}"
|
||||
horizon_keystone_domain_choices:
|
||||
Default: default
|
||||
|
||||
|
7
ansible/roles/horizon/tasks/loadbalancer.yml
Normal file
7
ansible/roles/horizon/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ horizon_services }}"
|
||||
tags: always
|
@ -13,6 +13,17 @@ influxdb_services:
|
||||
- "influxdb:/var/lib/influxdb"
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
dimensions: "{{ influxdb_dimensions }}"
|
||||
haproxy:
|
||||
influxdb_admin:
|
||||
enabled: "{{ enable_influxdb }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ influxdb_admin_port }}"
|
||||
influxdb_http:
|
||||
enabled: "{{ enable_influxdb }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ influxdb_http_port }}"
|
||||
|
||||
|
||||
####################
|
||||
|
7
ansible/roles/influxdb/tasks/loadbalancer.yml
Normal file
7
ansible/roles/influxdb/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ influxdb_services }}"
|
||||
tags: always
|
@ -13,6 +13,17 @@ ironic_services:
|
||||
- "kolla_logs:/var/log/kolla"
|
||||
- "{{ kolla_dev_repos_directory ~ '/ironic/ironic:/var/lib/kolla/venv/lib/python2.7/site-packages/ironic' if ironic_dev_mode | bool else '' }}"
|
||||
dimensions: "{{ ironic_api_dimensions }}"
|
||||
haproxy:
|
||||
ironic_api:
|
||||
enabled: "{{ enable_ironic }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ ironic_api_port }}"
|
||||
ironic_api_external:
|
||||
enabled: "{{ enable_ironic }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ ironic_api_port }}"
|
||||
ironic-conductor:
|
||||
container_name: ironic_conductor
|
||||
group: ironic-conductor
|
||||
@ -44,6 +55,17 @@ ironic_services:
|
||||
- "kolla_logs:/var/log/kolla"
|
||||
- "{{ kolla_dev_repos_directory ~ '/ironic-inspector/ironic_inspector:/var/lib/kolla/venv/lib/python2.7/site-packages/ironic_inspector' if ironic_dev_mode | bool else '' }}"
|
||||
dimensions: "{{ ironic_inspector_dimensions }}"
|
||||
haproxy:
|
||||
ironic_inspector:
|
||||
enabled: "{{ enable_ironic }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ ironic_inspector_port }}"
|
||||
ironic_inspector_external:
|
||||
enabled: "{{ enable_ironic }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ ironic_inspector_port }}"
|
||||
ironic-pxe:
|
||||
container_name: ironic_pxe
|
||||
group: ironic-pxe
|
||||
|
7
ansible/roles/ironic/tasks/loadbalancer.yml
Normal file
7
ansible/roles/ironic/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ ironic_services }}"
|
||||
tags: always
|
@ -12,6 +12,17 @@ karbor_services:
|
||||
- "/etc/localtime:/etc/localtime:ro"
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
dimensions: "{{ karbor_api_dimensions }}"
|
||||
haproxy:
|
||||
karbor_api:
|
||||
enabled: "{{ enable_karbor }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ karbor_api_port }}"
|
||||
karbor_api_external:
|
||||
enabled: "{{ enable_karbor }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ karbor_api_port }}"
|
||||
karbor-protection:
|
||||
container_name: karbor_protection
|
||||
group: karbor-protection
|
||||
|
7
ansible/roles/karbor/tasks/loadbalancer.yml
Normal file
7
ansible/roles/karbor/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ karbor_services }}"
|
||||
tags: always
|
@ -14,6 +14,22 @@ keystone_services:
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
- "{% if keystone_token_provider == 'fernet' %}keystone_fernet_tokens:/etc/keystone/fernet-keys{% endif %}"
|
||||
dimensions: "{{ keystone_dimensions }}"
|
||||
haproxy:
|
||||
keystone_internal:
|
||||
enabled: "{{ enable_keystone }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ keystone_public_port }}"
|
||||
keystone_external:
|
||||
enabled: "{{ enable_keystone }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ keystone_public_port }}"
|
||||
keystone_admin:
|
||||
enabled: "{{ enable_keystone }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ keystone_admin_port }}"
|
||||
keystone-ssh:
|
||||
container_name: "keystone_ssh"
|
||||
group: "keystone"
|
||||
|
7
ansible/roles/keystone/tasks/loadbalancer.yml
Normal file
7
ansible/roles/keystone/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ keystone_services }}"
|
||||
tags: always
|
@ -12,6 +12,21 @@ kibana_services:
|
||||
- "/etc/localtime:/etc/localtime:ro"
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
dimensions: "{{ kibana_dimensions }}"
|
||||
haproxy:
|
||||
kibana:
|
||||
enabled: "{{ enable_kibana }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ kibana_server_port }}"
|
||||
auth_user: "{{ kibana_user }}"
|
||||
auth_pass: "{{ kibana_password }}"
|
||||
kibana_external:
|
||||
enabled: "{{ enable_kibana }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ kibana_server_port }}"
|
||||
auth_user: "{{ kibana_user }}"
|
||||
auth_pass: "{{ kibana_password }}"
|
||||
|
||||
|
||||
####################
|
||||
|
7
ansible/roles/kibana/tasks/loadbalancer.yml
Normal file
7
ansible/roles/kibana/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ kibana_services }}"
|
||||
tags: always
|
@ -15,6 +15,17 @@ magnum_services:
|
||||
- "{{ kolla_dev_repos_directory ~ '/magnum/magnum:/var/lib/kolla/venv/lib/python2.7/site-packages/magnum' if magnum_dev_mode | bool else '' }}"
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
dimensions: "{{ magnum_api_dimensions }}"
|
||||
haproxy:
|
||||
magnum_api:
|
||||
enabled: "{{ enable_magnum }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ magnum_api_port }}"
|
||||
magnum_api_external:
|
||||
enabled: "{{ enable_magnum }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ magnum_api_port }}"
|
||||
magnum-conductor:
|
||||
container_name: magnum_conductor
|
||||
group: magnum-conductor
|
||||
|
7
ansible/roles/magnum/tasks/loadbalancer.yml
Normal file
7
ansible/roles/magnum/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ magnum_services }}"
|
||||
tags: always
|
@ -13,6 +13,17 @@ manila_services:
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
- "{{ kolla_dev_repos_directory ~ '/manila/manila:/var/lib/kolla/venv/lib/python2.7/site-packages/manila' if manila_dev_mode | bool else '' }}"
|
||||
dimensions: "{{ manila_api_dimensions }}"
|
||||
haproxy:
|
||||
manila_api:
|
||||
enabled: "{{ enable_manila }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ manila_api_port }}"
|
||||
manila_api_external:
|
||||
enabled: "{{ enable_manila }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ manila_api_port }}"
|
||||
manila-scheduler:
|
||||
container_name: "manila_scheduler"
|
||||
group: "manila-scheduler"
|
||||
|
7
ansible/roles/manila/tasks/loadbalancer.yml
Normal file
7
ansible/roles/manila/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ manila_services }}"
|
||||
tags: always
|
@ -13,7 +13,30 @@ mariadb_services:
|
||||
- "mariadb:/var/lib/mysql"
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
dimensions: "{{ mariadb_dimensions }}"
|
||||
|
||||
haproxy:
|
||||
mariadb:
|
||||
enabled: "{{ enable_mariadb|bool and not enable_external_mariadb_load_balancer|bool }}"
|
||||
mode: "tcp"
|
||||
port: "{{ mariadb_port }}"
|
||||
frontend_tcp_extra:
|
||||
- "option clitcpka"
|
||||
- "timeout client 3600s"
|
||||
backend_tcp_extra:
|
||||
- "option srvtcpka"
|
||||
- "timeout server 3600s"
|
||||
- "option mysql-check user haproxy post-41"
|
||||
custom_member_list: "{{ internal_haproxy_members.split(';') }}"
|
||||
mariadb_external_lb:
|
||||
enabled: "{{ enable_mariadb|bool and enable_external_mariadb_load_balancer|bool }}"
|
||||
mode: "tcp"
|
||||
port: "{{ mariadb_port }}"
|
||||
frontend_tcp_extra:
|
||||
- "option clitcpka"
|
||||
- "timeout client 3600s"
|
||||
backend_tcp_extra:
|
||||
- "option srvtcpka"
|
||||
- "timeout server 3600s"
|
||||
custom_member_list: "{{ external_haproxy_members.split(';') }}"
|
||||
|
||||
####################
|
||||
# Database
|
||||
@ -21,6 +44,12 @@ mariadb_services:
|
||||
database_cluster_name: "openstack"
|
||||
database_max_timeout: 120
|
||||
|
||||
####################
|
||||
# HAProxy
|
||||
####################
|
||||
internal_haproxy_members: "{% for host in groups['mariadb'] %}server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ mariadb_port }} check inter 2000 rise 2 fall 5{% if not loop.first %} backup{% endif %};{% endfor %}"
|
||||
external_haproxy_members: "{% for host in groups['mariadb'] %}server {{ host }} {{ host }}:{{ mariadb_port }} check inter 2000 rise 2 fall 5{% if not loop.first %} backup{% endif %};{% endfor %}"
|
||||
|
||||
####################
|
||||
# Docker
|
||||
####################
|
||||
|
7
ansible/roles/mariadb/tasks/loadbalancer.yml
Normal file
7
ansible/roles/mariadb/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ mariadb_services }}"
|
||||
tags: always
|
@ -11,7 +11,23 @@ memcached_services:
|
||||
- "{{ node_config_directory }}/memcached/:{{ container_config_directory }}/:ro"
|
||||
- "/etc/localtime:/etc/localtime:ro"
|
||||
dimensions: "{{ memcached_dimensions }}"
|
||||
haproxy:
|
||||
memcached:
|
||||
enabled: "{{ enable_memcached|bool and enable_haproxy_memcached|bool }}"
|
||||
mode: "tcp"
|
||||
port: "{{ memcached_port }}"
|
||||
frontend_tcp_extra:
|
||||
- "option clitcpka"
|
||||
- "timeout client 3600s"
|
||||
backend_tcp_extra:
|
||||
- "option srvtcpka"
|
||||
- "timeout server 3600s"
|
||||
custom_member_list: "{{ haproxy_members.split(';') }}"
|
||||
|
||||
####################
|
||||
# HAProxy
|
||||
####################
|
||||
haproxy_members: "{% for host in groups['memcached'] %}server {{ host }} {{ host }}:{{ memcached_port }} check inter 2000 rise 2 fall 5{% if not loop.first %} backup{% endif %};{% endfor %}"
|
||||
|
||||
####################
|
||||
# Docker
|
||||
|
7
ansible/roles/memcached/tasks/loadbalancer.yml
Normal file
7
ansible/roles/memcached/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ memcached_services }}"
|
||||
tags: always
|
@ -13,6 +13,17 @@ mistral_services:
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
- "{{ kolla_dev_repos_directory ~ '/mistral/mistral:/var/lib/kolla/venv/lib/python2.7/site-packages/mistral' if mistral_dev_mode | bool else '' }}"
|
||||
dimensions: "{{ mistral_api_dimensions }}"
|
||||
haproxy:
|
||||
mistral_api:
|
||||
enabled: "{{ enable_mistral }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ mistral_api_port }}"
|
||||
mistral_api_external:
|
||||
enabled: "{{ enable_mistral }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ mistral_api_port }}"
|
||||
mistral-engine:
|
||||
container_name: mistral_engine
|
||||
group: mistral-engine
|
||||
|
7
ansible/roles/mistral/tasks/loadbalancer.yml
Normal file
7
ansible/roles/mistral/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ mistral_services }}"
|
||||
tags: always
|
@ -10,6 +10,17 @@ monasca_services:
|
||||
- "/etc/localtime:/etc/localtime:ro"
|
||||
- "kolla_logs:/var/log/kolla"
|
||||
dimensions: "{{ monasca_api_dimensions }}"
|
||||
haproxy:
|
||||
monasca_api:
|
||||
enabled: "{{ enable_monasca }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ monasca_api_port }}"
|
||||
monasca_api_external:
|
||||
enabled: "{{ enable_monasca }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ monasca_api_port }}"
|
||||
monasca-log-api:
|
||||
container_name: monasca_log_api
|
||||
group: monasca-log-api
|
||||
@ -20,6 +31,17 @@ monasca_services:
|
||||
- "/etc/localtime:/etc/localtime:ro"
|
||||
- "kolla_logs:/var/log/kolla"
|
||||
dimensions: "{{ monasca_log_api_dimensions }}"
|
||||
haproxy:
|
||||
monasca_log_api:
|
||||
enabled: "{{ enable_monasca }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ monasca_log_api_port }}"
|
||||
monasca_log_api_external:
|
||||
enabled: "{{ enable_monasca }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ monasca_log_api_port }}"
|
||||
monasca-log-transformer:
|
||||
container_name: monasca_log_transformer
|
||||
group: monasca-log-transformer
|
||||
|
7
ansible/roles/monasca/tasks/loadbalancer.yml
Normal file
7
ansible/roles/monasca/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ monasca_services }}"
|
||||
tags: always
|
@ -14,6 +14,12 @@ mongodb_services:
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
- "mongodb:/var/lib/mongodb"
|
||||
dimensions: "{{ mongodb_dimensions }}"
|
||||
haproxy:
|
||||
mongodb:
|
||||
enabled: "{{ enable_mongodb }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ mongodb_port }}"
|
||||
|
||||
|
||||
####################
|
||||
|
7
ansible/roles/mongodb/tasks/loadbalancer.yml
Normal file
7
ansible/roles/mongodb/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ mongodb_services }}"
|
||||
tags: always
|
@ -13,6 +13,17 @@ murano_services:
|
||||
- "/etc/localtime:/etc/localtime:ro"
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
dimensions: "{{ murano_api_dimensions }}"
|
||||
haproxy:
|
||||
murano_api:
|
||||
enabled: "{{ enable_murano }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ murano_api_port }}"
|
||||
murano_api_external:
|
||||
enabled: "{{ enable_murano }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ murano_api_port }}"
|
||||
murano-engine:
|
||||
container_name: murano_engine
|
||||
group: murano-engine
|
||||
|
7
ansible/roles/murano/tasks/loadbalancer.yml
Normal file
7
ansible/roles/murano/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ murano_services }}"
|
||||
tags: always
|
@ -13,6 +13,19 @@ neutron_services:
|
||||
- "/etc/localtime:/etc/localtime:ro"
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
dimensions: "{{ neutron_server_dimensions }}"
|
||||
haproxy:
|
||||
neutron_server:
|
||||
enabled: "{{ enable_neutron }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ neutron_server_port }}"
|
||||
frontend_http_extra:
|
||||
- "option http-tunnel"
|
||||
neutron_server_external:
|
||||
enabled: "{{ enable_neutron }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ neutron_server_port }}"
|
||||
neutron-openvswitch-agent:
|
||||
container_name: "neutron_openvswitch_agent"
|
||||
image: "{{ neutron_openvswitch_agent_image_full }}"
|
||||
|
7
ansible/roles/neutron/tasks/loadbalancer.yml
Normal file
7
ansible/roles/neutron/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ neutron_services }}"
|
||||
tags: always
|
@ -47,6 +47,17 @@ nova_services:
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
- "{{ kolla_dev_repos_directory ~ '/nova/nova:/var/lib/kolla/venv/lib/python2.7/site-packages/nova' if nova_dev_mode | bool else '' }}"
|
||||
dimensions: "{{ placement_api_dimensions }}"
|
||||
haproxy:
|
||||
placement_api:
|
||||
enabled: "{{ enable_nova }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ placement_api_port }}"
|
||||
placement_api_external:
|
||||
enabled: "{{ enable_nova }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ placement_api_port }}"
|
||||
nova-api:
|
||||
container_name: "nova_api"
|
||||
group: "nova-api"
|
||||
@ -60,6 +71,33 @@ nova_services:
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
- "{{ kolla_dev_repos_directory ~ '/nova/nova:/var/lib/kolla/venv/lib/python2.7/site-packages/nova' if nova_dev_mode | bool else '' }}"
|
||||
dimensions: "{{ nova_api_dimensions }}"
|
||||
haproxy:
|
||||
nova_api:
|
||||
enabled: "{{ enable_nova }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ nova_api_port }}"
|
||||
nova_api_external:
|
||||
enabled: "{{ enable_nova }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ nova_api_port }}"
|
||||
nova_metadata:
|
||||
enabled: "{{ enable_nova }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ nova_metadata_port }}"
|
||||
nova_metadata_external:
|
||||
enabled: "{{ enable_nova }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ nova_metadata_port }}"
|
||||
nova_rdp:
|
||||
enabled: "{{ enable_nova|bool and nova_console == 'rdp' }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ rdp_port }}"
|
||||
host_group: "hyperv"
|
||||
nova-consoleauth:
|
||||
container_name: "nova_consoleauth"
|
||||
group: "nova-consoleauth"
|
||||
@ -82,6 +120,19 @@ nova_services:
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
- "{{ kolla_dev_repos_directory ~ '/nova/nova:/var/lib/kolla/venv/lib/python2.7/site-packages/nova' if nova_dev_mode | bool else '' }}"
|
||||
dimensions: "{{ nova_novncproxy_dimensions }}"
|
||||
haproxy:
|
||||
nova_novncproxy:
|
||||
enabled: "{{ enable_nova|bool and nova_console == 'novnc' }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ nova_novncproxy_port }}"
|
||||
backend_http_extra:
|
||||
- "timeout tunnel 1h"
|
||||
nova_novncproxy_external:
|
||||
enabled: "{{ enable_nova|bool and nova_console == 'novnc' }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ nova_novncproxy_port }}"
|
||||
nova-scheduler:
|
||||
container_name: "nova_scheduler"
|
||||
group: "nova-scheduler"
|
||||
@ -104,6 +155,17 @@ nova_services:
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
- "{{ kolla_dev_repos_directory ~ '/nova/nova:/var/lib/kolla/venv/lib/python2.7/site-packages/nova' if nova_dev_mode | bool else '' }}"
|
||||
dimensions: "{{ nova_spicehtml5proxy_dimensions }}"
|
||||
haproxy:
|
||||
nova_spicehtml5proxy:
|
||||
enabled: "{{ enable_nova|bool and nova_console == 'spice' }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ nova_spicehtml5proxy_port }}"
|
||||
nova_spicehtml5proxy_external:
|
||||
enabled: "{{ enable_nova|bool and nova_console == 'spice' }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ nova_spicehtml5proxy_port }}"
|
||||
nova-serialproxy:
|
||||
container_name: "nova_serialproxy"
|
||||
group: "nova-serialproxy"
|
||||
@ -115,6 +177,17 @@ nova_services:
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
- "{{ kolla_dev_repos_directory ~ '/nova/nova:/var/lib/kolla/venv/lib/python2.7/site-packages/nova' if nova_dev_mode | bool else '' }}"
|
||||
dimensions: "{{ nova_serialproxy_dimensions }}"
|
||||
haproxy:
|
||||
nova_serialconsole_proxy:
|
||||
enabled: "{{ enable_nova|bool and enable_nova_serialconsole_proxy|bool }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ nova_serialproxy_port }}"
|
||||
nova_serialconsole_proxy_external:
|
||||
enabled: "{{ enable_nova|bool and enable_nova_serialconsole_proxy|bool }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ nova_serialproxy_port }}"
|
||||
nova-conductor:
|
||||
container_name: "nova_conductor"
|
||||
group: "nova-conductor"
|
||||
|
7
ansible/roles/nova/tasks/loadbalancer.yml
Normal file
7
ansible/roles/nova/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ nova_services }}"
|
||||
tags: always
|
@ -12,6 +12,17 @@ octavia_services:
|
||||
- "/etc/localtime:/etc/localtime:ro"
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
dimensions: "{{ octavia_api_dimensions }}"
|
||||
haproxy:
|
||||
octavia_api:
|
||||
enabled: "{{ enable_octavia }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ octavia_api_port }}"
|
||||
octavia_api_external:
|
||||
enabled: "{{ enable_octavia }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ octavia_api_port }}"
|
||||
octavia-health-manager:
|
||||
container_name: octavia_health_manager
|
||||
group: octavia-health-manager
|
||||
|
7
ansible/roles/octavia/tasks/loadbalancer.yml
Normal file
7
ansible/roles/octavia/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ octavia_services }}"
|
||||
tags: always
|
@ -14,6 +14,33 @@ opendaylight_services:
|
||||
- "/etc/localtime:/etc/localtime:ro"
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
dimensions: "{{ opendaylight_dimensions }}"
|
||||
haproxy:
|
||||
opendaylight_api:
|
||||
enabled: "{{ enable_opendaylight }}"
|
||||
mode: "http"
|
||||
port: "{{ opendaylight_haproxy_restconf_port }}"
|
||||
backend_http_extra:
|
||||
- "balance source"
|
||||
custom_member_list: "{{ api_haproxy_members.split(';') }}"
|
||||
opendaylight_api_backup:
|
||||
enabled: "{{ enable_opendaylight }}"
|
||||
mode: "http"
|
||||
port: "{{ opendaylight_haproxy_restconf_port_backup }}"
|
||||
backend_http_extra:
|
||||
- "balance source"
|
||||
custom_member_list: "{{ backup_api_haproxy_members.split(';') }}"
|
||||
opendaylight_websocket:
|
||||
enabled: "{{ enable_opendaylight }}"
|
||||
mode: "http"
|
||||
port: "{{ opendaylight_websocket_port }}"
|
||||
backend_http_extra:
|
||||
- "balance source"
|
||||
|
||||
####################
|
||||
# HAProxy
|
||||
####################
|
||||
api_haproxy_members: "{% for host in groups['opendaylight'] %}server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ opendaylight_restconf_port }} check inter 2000 rise 2 fall 5;{% endfor %}"
|
||||
backup_api_haproxy_members: "{% for host in groups['opendaylight'] %}server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ opendaylight_restconf_port_backup }} check inter 2000 rise 2 fall 5;{% endfor %}"
|
||||
|
||||
####################
|
||||
# Docker
|
||||
|
7
ansible/roles/opendaylight/tasks/loadbalancer.yml
Normal file
7
ansible/roles/opendaylight/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ opendaylight_services }}"
|
||||
tags: always
|
@ -12,6 +12,17 @@ panko_services:
|
||||
- "/etc/localtime:/etc/localtime:ro"
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
dimensions: "{{ panko_api_dimensions }}"
|
||||
haproxy:
|
||||
panko_api:
|
||||
enabled: "{{ enable_panko }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ panko_api_port }}"
|
||||
panko_api_external:
|
||||
enabled: "{{ enable_panko }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ panko_api_port }}"
|
||||
|
||||
|
||||
####################
|
||||
|
7
ansible/roles/panko/tasks/loadbalancer.yml
Normal file
7
ansible/roles/panko/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ panko_services }}"
|
||||
tags: always
|
@ -13,6 +13,12 @@ prometheus_services:
|
||||
- "prometheus:/var/lib/prometheus"
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
dimensions: "{{ prometheus_server_dimensions }}"
|
||||
haproxy:
|
||||
prometheus_server:
|
||||
enabled: "{{ enable_prometheus }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ prometheus_port }}"
|
||||
prometheus-node-exporter:
|
||||
container_name: prometheus_node_exporter
|
||||
group: prometheus-node-exporter
|
||||
@ -83,6 +89,21 @@ prometheus_services:
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
- "prometheus:/var/lib/prometheus"
|
||||
dimensions: "{{ prometheus_alertmanager_dimensions }}"
|
||||
haproxy:
|
||||
prometheus_alertmanager:
|
||||
enabled: "{{ enable_prometheus_alertmanager }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ prometheus_alertmanager_port }}"
|
||||
auth_user: "{{ prometheus_alertmanager_user }}"
|
||||
auth_pass: "{{ prometheus_alertmanager_password }}"
|
||||
prometheus_alertmanager_external:
|
||||
enabled: "{{ enable_prometheus_alertmanager }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ prometheus_alertmanager_port }}"
|
||||
auth_user: "{{ prometheus_alertmanager_user }}"
|
||||
auth_pass: "{{ prometheus_alertmanager_password }}"
|
||||
|
||||
####################
|
||||
# Database
|
||||
|
7
ansible/roles/prometheus/tasks/loadbalancer.yml
Normal file
7
ansible/roles/prometheus/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ prometheus_services }}"
|
||||
tags: always
|
@ -22,6 +22,34 @@ rabbitmq_services:
|
||||
- "{{ project_name }}:/var/lib/rabbitmq/"
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
dimensions: "{{ rabbitmq_dimensions }}"
|
||||
haproxy:
|
||||
rabbitmq_management:
|
||||
enabled: "{{ enable_rabbitmq }}"
|
||||
mode: "http"
|
||||
port: "{{ rabbitmq_management_port }}"
|
||||
host_group: "rabbitmq"
|
||||
rabbitmq_outward_management:
|
||||
enabled: "{{ enable_outward_rabbitmq }}"
|
||||
mode: "http"
|
||||
port: "{{ outward_rabbitmq_management_port }}"
|
||||
host_group: "outward-rabbitmq"
|
||||
rabbitmq_outward_external:
|
||||
enabled: "{{ enable_outward_rabbitmq }}"
|
||||
mode: "tcp"
|
||||
external: true
|
||||
port: "{{ outward_rabbitmq_port }}"
|
||||
host_group: "outward-rabbitmq"
|
||||
frontend_tcp_extra:
|
||||
- "timeout client {{ haproxy_outward_rabbitmq_client_timeout }}"
|
||||
backend_tcp_extra:
|
||||
- "timeout server {{ haproxy_outward_rabbitmq_server_timeout }}"
|
||||
|
||||
|
||||
####################
|
||||
# HAProxy
|
||||
####################
|
||||
haproxy_outward_rabbitmq_client_timeout: "1h"
|
||||
haproxy_outward_rabbitmq_server_timeout: "1h"
|
||||
|
||||
|
||||
####################
|
||||
|
7
ansible/roles/rabbitmq/tasks/loadbalancer.yml
Normal file
7
ansible/roles/rabbitmq/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ rabbitmq_services }}"
|
||||
tags: always
|
@ -14,6 +14,17 @@ sahara_services:
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
- "{{ kolla_dev_repos_directory ~ '/sahara/sahara:/var/lib/kolla/venv/lib/python2.7/site-packages/sahara' if sahara_dev_mode | bool else '' }}"
|
||||
dimensions: "{{ sahara_api_dimensions }}"
|
||||
haproxy:
|
||||
sahara_api:
|
||||
enabled: "{{ enable_sahara }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ sahara_api_port }}"
|
||||
sahara_api_external:
|
||||
enabled: "{{ enable_sahara }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ sahara_api_port }}"
|
||||
sahara-engine:
|
||||
container_name: sahara_engine
|
||||
group: sahara-engine
|
||||
|
7
ansible/roles/sahara/tasks/loadbalancer.yml
Normal file
7
ansible/roles/sahara/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ sahara_services }}"
|
||||
tags: always
|
@ -12,6 +12,17 @@ searchlight_services:
|
||||
- "/etc/localtime:/etc/localtime:ro"
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
dimensions: "{{ searchlight_api_dimensions }}"
|
||||
haproxy:
|
||||
searchlight_api:
|
||||
enabled: "{{ enable_searchlight }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ searchlight_api_port }}"
|
||||
searchlight_api_external:
|
||||
enabled: "{{ enable_searchlight }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ searchlight_api_port }}"
|
||||
searchlight-listener:
|
||||
container_name: searchlight_listener
|
||||
group: searchlight-listener
|
||||
|
7
ansible/roles/searchlight/tasks/loadbalancer.yml
Normal file
7
ansible/roles/searchlight/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ searchlight_services }}"
|
||||
tags: always
|
@ -13,6 +13,17 @@ senlin_services:
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
- "{{ kolla_dev_repos_directory ~ '/senlin/senlin:/var/lib/kolla/venv/lib/python2.7/site-packages/senlin' if senlin_dev_mode | bool else '' }}"
|
||||
dimensions: "{{ senlin_api_dimensions }}"
|
||||
haproxy:
|
||||
senlin_api:
|
||||
enabled: "{{ enable_senlin }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ senlin_api_port }}"
|
||||
senlin_api_external:
|
||||
enabled: "{{ enable_senlin }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ senlin_api_port }}"
|
||||
senlin-engine:
|
||||
container_name: senlin_engine
|
||||
group: senlin-engine
|
||||
|
7
ansible/roles/senlin/tasks/loadbalancer.yml
Normal file
7
ansible/roles/senlin/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ senlin_services }}"
|
||||
tags: always
|
@ -12,6 +12,17 @@ skydive_services:
|
||||
- "/etc/localtime:/etc/localtime:ro"
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
dimensions: "{{ skydive_analyzer_dimensions }}"
|
||||
haproxy:
|
||||
skydive_server:
|
||||
enabled: "{{ enable_skydive }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ skydive_analyzer_port }}"
|
||||
skydive_server_external:
|
||||
enabled: "{{ enable_skydive }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ skydive_analyzer_port }}"
|
||||
skydive-agent:
|
||||
container_name: skydive_agent
|
||||
group: skydive-agent
|
||||
|
7
ansible/roles/skydive/tasks/loadbalancer.yml
Normal file
7
ansible/roles/skydive/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ skydive_services }}"
|
||||
tags: always
|
@ -35,6 +35,31 @@ solum_services:
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
- "{{ kolla_dev_repos_directory ~ '/solum/solum:/var/lib/kolla/venv/lib/python2.7/site-packages/solum' if solum_dev_mode | bool else '' }}"
|
||||
dimensions: "{{ solum_deployer_dimensions }}"
|
||||
haproxy:
|
||||
solum_application_deployment:
|
||||
enabled: "{{ enable_solum }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ solum_application_deployment_port }}"
|
||||
host_group: "solum-application-deployment"
|
||||
solum_application_deployment_external:
|
||||
enabled: "{{ enable_solum }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ solum_application_deployment_port }}"
|
||||
host_group: "solum-application-deployment"
|
||||
solum_image_builder:
|
||||
enabled: "{{ enable_solum }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ solum_image_builder_port }}"
|
||||
host_group: "solum-image-builder"
|
||||
solum_image_builder_external:
|
||||
enabled: "{{ enable_solum }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ solum_image_builder_port }}"
|
||||
host_group: "solum-image-builder"
|
||||
solum-conductor:
|
||||
container_name: solum_conductor
|
||||
group: solum-conductor
|
||||
@ -47,7 +72,6 @@ solum_services:
|
||||
- "{{ kolla_dev_repos_directory ~ '/solum/solum:/var/lib/kolla/venv/lib/python2.7/site-packages/solum' if solum_dev_mode | bool else '' }}"
|
||||
dimensions: "{{ solum_conductor_dimensions }}"
|
||||
|
||||
|
||||
####################
|
||||
# Database
|
||||
####################
|
||||
|
7
ansible/roles/solum/tasks/loadbalancer.yml
Normal file
7
ansible/roles/solum/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ solum_services }}"
|
||||
tags: always
|
@ -1,6 +1,22 @@
|
||||
---
|
||||
project_name: "swift"
|
||||
|
||||
swift_services:
|
||||
swift-api:
|
||||
group: swift-proxy-server
|
||||
enabled: true
|
||||
haproxy:
|
||||
swift_api:
|
||||
enabled: "{{ enable_swift }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ swift_proxy_server_port }}"
|
||||
swift_api_external:
|
||||
enabled: "{{ enable_swift }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ swift_proxy_server_port }}"
|
||||
|
||||
####################
|
||||
# Docker
|
||||
####################
|
||||
|
7
ansible/roles/swift/tasks/loadbalancer.yml
Normal file
7
ansible/roles/swift/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ swift_services }}"
|
||||
tags: always
|
@ -13,6 +13,17 @@ tacker_services:
|
||||
- "/etc/localtime:/etc/localtime:ro"
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
dimensions: "{{ tacker_server_dimensions }}"
|
||||
haproxy:
|
||||
tacker_server:
|
||||
enabled: "{{ enable_tacker }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ tacker_server_port }}"
|
||||
tacker_server_external:
|
||||
enabled: "{{ enable_tacker }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ tacker_server_port }}"
|
||||
tacker-conductor:
|
||||
container_name: "tacker_conductor"
|
||||
group: "tacker-conductor"
|
||||
|
7
ansible/roles/tacker/tasks/loadbalancer.yml
Normal file
7
ansible/roles/tacker/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ tacker_services }}"
|
||||
tags: always
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user