openstack/openstack-ansible
Code Issues Proposed changes

Update HAProxy for multi-OS support

Browse Source 
This change implements CentOS7 and Ubuntu 16.04 support for the HAProxy
role. Because RHEL does not package HATop the installation of HATop has
been moved to a source installation so that it can be used universally.

Implements: blueprint multi-platform-host
Change-Id: Ib4f33185202b694b9611cc5fd6323c30a1c8d489
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This commit is contained in:
Kevin Carter 2016-05-23 16:38:47 -05:00 committed by Jesse Pretorius (odyssey4me)
parent 0984490358
commit 8ae51276c4
18 changed files with 338 additions and 286 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
playbooks/roles/haproxy_server/defaults/main.yml
View File

@ -13,41 +13,18 @@
# See the License for the specific language governing permissions and
# limitations under the License.
# Defines that the role will be deployed on a host machine
is_metal: true
## APT Cache options
cache_timeout: 600
haproxy_apt_repo_url: "http://ppa.launchpad.net/vbernat/haproxy-1.5/ubuntu"
haproxy_apt_repo:
repo: "deb {{ haproxy_apt_repo_url }} {{ ansible_distribution_release }} main"
state: "present"
# Haproxy GPG Keys
haproxy_gpg_keys:
- key_name: 'haproxy'
keyserver: 'hkp://keyserver.ubuntu.com:80'
fallback_keyserver: 'hkp://p80.pool.sks-keyservers.net:80'
hash_id: '0xcffb779aadc995e4f350a060505d97a41c61b9cd'
haproxy_pre_apt_packages:
- python-software-properties
- software-properties-common
- debconf-utils
haproxy_apt_packages:
- haproxy
- hatop
- rsyslog # Used for local logging
- vim-haproxy
- psmisc
## Haproxy Configuration
haproxy_rise: 3
haproxy_fall: 3
haproxy_interval: 12000
## Haproxy standard API
haproxy_repo: {}
haproxy_gpg_keys: []
haproxy_pre_packages: []
haproxy_packages: []
haproxy_pinned_packages: []
## Haproxy Stats
haproxy_stats_enabled: False
haproxy_stats_bind_address: 127.0.0.1
@ -84,3 +61,5 @@ haproxy_ssl_pem: /etc/ssl/private/haproxy.pem
haproxy_ssl_ca_cert: /etc/ssl/certs/haproxy-ca.pem
haproxy_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ external_lb_vip_address }}/subjectAltName=IP.1={{ external_lb_vip_address }}"
haproxy_ssl_cipher_suite: "{{ ssl_cipher_suite }}"
haproxy_hatop_download_url: "http://hatop.googlecode.com/files/hatop-0.7.7.tar.gz"

6
playbooks/roles/haproxy_server/files/haproxy.default
View File

@ -1,8 +1,2 @@
# Set ENABLED to 1 if you want the init script to start haproxy.
ENABLED=1
# Add extra flags here.
#EXTRAOPTS="-de -m 16"
# Conf.d style configuration dir. Init script has been hacked to support this.
CONFIG_DIR=/etc/haproxy/conf.d

171
playbooks/roles/haproxy_server/files/haproxy.sh
View File

@ -1,171 +0,0 @@
#!/bin/sh
### BEGIN INIT INFO
# Provides: haproxy
# Required-Start: $local_fs $network $remote_fs
# Required-Stop: $local_fs $remote_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: fast and reliable load balancing reverse proxy
# Description: This file should be used to start and stop haproxy.
### END INIT INFO
# Author: Arnaud Cornet <acornet@debian.org>
PATH=/sbin:/usr/sbin:/bin:/usr/bin
PIDFILE=/var/run/haproxy.pid
CONFIG=/etc/haproxy/haproxy.cfg
HAPROXY=/usr/sbin/haproxy
EXTRAOPTS=
ENABLED=0
test -x $HAPROXY || exit 0
if [ -e /etc/default/haproxy ]; then
. /etc/default/haproxy
fi
test -f "$CONFIG" || exit 0
test "$ENABLED" != "0" || exit 0
[ -f /etc/default/rcS ] && . /etc/default/rcS
. /lib/lsb/init-functions
CONFIG_DIR_FILES=""
if [ ! -z "$CONFIG_DIR" ]; then
for file in $CONFIG_DIR/*; do
CONFIG_DIR_FILES="$CONFIG_DIR_FILES -f $file"
done
fi
haproxy_start()
{
start-stop-daemon --start --pidfile "$PIDFILE" \
--exec $HAPROXY -- -f "$CONFIG" $CONFIG_DIR_FILES -D -p "$PIDFILE" \
$EXTRAOPTS || return 2
return 0
}
haproxy_stop()
{
if [ ! -f $PIDFILE ] ; then
# This is a success according to LSB
return 0
fi
for pid in $(cat $PIDFILE) ; do
/bin/kill $pid || return 4
done
rm -f $PIDFILE
return 0
}
haproxy_reload()
{
$HAPROXY -f "$CONFIG" $CONFIG_DIR_FILES -p $PIDFILE -D $EXTRAOPTS -sf $(cat $PIDFILE) \
|| return 2
return 0
}
haproxy_status()
{
if [ ! -f $PIDFILE ] ; then
# program not running
return 3
fi
for pid in $(cat $PIDFILE) ; do
if ! ps --no-headers p "$pid" | grep haproxy > /dev/null ; then
# program running, bogus pidfile
return 1
fi
done
return 0
}
case "$1" in
start)
log_daemon_msg "Starting haproxy" "haproxy"
haproxy_start
ret=$?
case "$ret" in
0)
log_end_msg 0
;;
1)
log_end_msg 1
echo "pid file '$PIDFILE' found, haproxy not started."
;;
2)
log_end_msg 1
;;
esac
exit $ret
;;
stop)
log_daemon_msg "Stopping haproxy" "haproxy"
haproxy_stop
ret=$?
case "$ret" in
0|1)
log_end_msg 0
;;
2)
log_end_msg 1
;;
esac
exit $ret
;;
reload|force-reload)
log_daemon_msg "Reloading haproxy" "haproxy"
haproxy_reload
ret=$?
case "$ret" in
0|1)
log_end_msg 0
;;
2)
log_end_msg 1
;;
esac
exit $ret
;;
restart)
log_daemon_msg "Restarting haproxy" "haproxy"
haproxy_stop
haproxy_start
ret=$?
case "$ret" in
0)
log_end_msg 0
;;
1)
log_end_msg 1
;;
2)
log_end_msg 1
;;
esac
exit $ret
;;
status)
haproxy_status
ret=$?
case "$ret" in
0)
echo "haproxy is running."
;;
1)
echo "haproxy dead, but $PIDFILE exists."
;;
*)
echo "haproxy not running."
;;
esac
exit $ret
;;
*)
echo "Usage: /etc/init.d/haproxy {start|stop|reload|restart|status}"
exit 2
;;
esac

12
playbooks/roles/haproxy_server/meta/main.yml
View File

@ -23,10 +23,20 @@ galaxy_info:
- name: Ubuntu
versions:
- trusty
- xenial
- name: EL
versions:
- 7
categories:
- cloud
- python
- development
- openstack
dependencies:
- apt_package_pinning
- role: apt_package_pinning
apt_pinned_packages: [{ package: "*", release: LP-PPA-vbernat-haproxy-1.5, priority: "1001" }]
apt_package_pinning_file_name: "haproxy_pin.pref"
when:
- ansible_pkg_mgr == 'apt'
- haproxy_ssl | bool
- ansible_distribution_version | version_compare('16.04', '<')

25
playbooks/roles/haproxy_server/tasks/haproxy_add_ppa_repo.yml
View File

@ -13,6 +13,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
# NOTE(cloudnull) This file can be removed when we drop 14.04 support
#TODO(evrardjp): Replace the next 2 tasks by a standard apt with cache
#when https://github.com/ansible/ansible-modules-core/pull/1517 is merged
#in 1.9.x or we move to 2.0 (if tested working)
@ -38,7 +40,7 @@
until: install_packages|success
retries: 5
delay: 2
with_items: haproxy_pre_apt_packages
with_items: "{{ haproxy_pre_packages }}"
tags:
- haproxy-pre-apt-packages
@ -54,7 +56,7 @@
ignore_errors: True
retries: 5
delay: 2
with_items: haproxy_gpg_keys
with_items: "{{ haproxy_gpg_keys }}"
tags:
- haproxy-apt-keys
@ -68,25 +70,18 @@
until: add_keys_fallback|success
retries: 5
delay: 2
with_items: haproxy_gpg_keys
with_items: "{{ haproxy_gpg_keys }}"
when: add_keys|failed and (item.fallback_keyserver is defined or item.fallback_url is defined)
tags:
- haproxy-apt-keys
- name: Drop haproxy repo pin
template:
src: "haproxy_pin.pref.j2"
dest: "/etc/apt/preferences.d/haproxy_pin.pref"
owner: "root"
group: "root"
mode: "0644"
tags:
- haproxy-repo-pin
- name: Add haproxy repo(s)
apt_repository:
repo: "{{ haproxy_apt_repo.repo }}"
state: "{{ haproxy_apt_repo.state }}"
repo: "{{ haproxy_repo.repo }}"
state: "{{ haproxy_repo.state }}"
when:
- haproxy_repo.repo is defined
- haproxy_repo.state is defined
register: add_repos
until: add_repos|success
retries: 5

57
playbooks/roles/haproxy_server/tasks/haproxy_install.yml
View File

@ -13,54 +13,27 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#TODO(evrardjp): Replace the next 2 tasks by a standard apt with cache
#when https://github.com/ansible/ansible-modules-core/pull/1517 is merged
#in 1.9.x or we move to 2.0 (if tested working)
- name: Check apt last update file
stat:
path: /var/cache/apt
register: apt_cache_stat
- include: haproxy_install_apt.yml
when:
- ansible_pkg_mgr == 'apt'
tags:
- haproxy-apt-packages
- install-apt
- name: Update apt if needed
apt:
update_cache: yes
when: "ansible_date_time.epoch|float - apt_cache_stat.stat.mtime > {{cache_timeout}}"
- include: haproxy_install_yum.yml
when:
- ansible_pkg_mgr == 'yum'
tags:
- haproxy-apt-packages
- install-yum
- name: Install HAProxy Packages
apt:
pkg: "{{ item }}"
state: latest
register: install_packages
until: install_packages|success
retries: 5
delay: 2
with_items: haproxy_apt_packages
tags:
- haproxy-apt-packages
- include: haproxy_install_hatop.yml
- name: Replace haproxy DEFAULT file
copy:
src: haproxy.default
dest: /etc/default/haproxy
tags:
- haproxy-config
- name: Replace haproxy init script to allow conf.d
copy:
src: haproxy.sh
dest: /etc/init.d/haproxy
mode: "0755"
tags:
- haproxy-config
- name: Create haproxy conf.d
- name: Create haproxy conf.d dir
file:
path: /etc/haproxy/conf.d
path: "{{ item.path }}"
state: directory
recurse: yes
mode: "0755"
with_items:
- { path: "/etc/haproxy" }
- { path: "/etc/haproxy/conf.d" }
tags:
- haproxy-config

59
playbooks/roles/haproxy_server/tasks/haproxy_install_apt.yml Normal file
View File

@ -0,0 +1,59 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# NOTE(cloudnull) This can be removed when we drop 14.04 support
- include: haproxy_add_ppa_repo.yml
when:
- haproxy_ssl | bool
- ansible_distribution_version | version_compare('16.04', '<')
#TODO(evrardjp): Replace the next 2 tasks by a standard apt with cache
#when https://github.com/ansible/ansible-modules-core/pull/1517 is merged
#in 1.9.x or we move to 2.0 (if tested working)
- name: Check apt last update file
stat:
path: /var/cache/apt
register: apt_cache_stat
tags:
- haproxy-apt-packages
- name: Update apt if needed
apt:
update_cache: yes
when: "ansible_date_time.epoch|float - apt_cache_stat.stat.mtime > {{cache_timeout}}"
tags:
- haproxy-apt-packages
- name: Install HAProxy Packages
apt:
pkg: "{{ item }}"
state: latest
register: install_packages
until: install_packages|success
retries: 5
delay: 2
with_items: haproxy_packages
tags:
- haproxy-apt-packages
# NOTE(cloudnull) This can be removed when we drop 14.04 support
- name: Replace haproxy DEFAULT file
copy:
src: haproxy.default
dest: /etc/default/haproxy
when:
- ansible_distribution_version | version_compare('16.04', '<')
tags:
- haproxy-config

36
playbooks/roles/haproxy_server/tasks/haproxy_install_hatop.yml Normal file
View File

@ -0,0 +1,36 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Download HATop
get_url:
url: "{{ haproxy_hatop_download_url }}"
dest: "/var/cache/{{ haproxy_hatop_download_url | basename }}"
force: yes
- name: Create HATop directory
file:
path: "/opt/{{ haproxy_hatop_download_url | basename | replace('.tar.gz', '') }}"
state: directory
- name: Unarchive HATop
unarchive:
src: "/var/cache/{{ haproxy_hatop_download_url | basename }}"
dest: "/opt"
copy: "no"
- name: Install HATop
command: "install -m 755 bin/hatop /usr/local/bin"
args:
chdir: "/opt/{{ haproxy_hatop_download_url | basename | replace('.tar.gz', '') }}"

26
playbooks/roles/haproxy_server/tasks/haproxy_install_yum.yml Normal file
View File

@ -0,0 +1,26 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Install yum packages
yum:
pkg: "{{ item }}"
state: present
register: install_packages
until: install_packages|success
retries: 5
delay: 2
with_items: haproxy_packages
tags:
- haproxy-yum-packages

31
playbooks/roles/haproxy_server/tasks/haproxy_post_install.yml
View File

@ -20,25 +20,42 @@
sysctl_set: yes
state: present
when: haproxy_bind_on_non_local | bool
tags:
- haproxy-base-config
- haproxy-config
- name: Drop base haproxy config
template:
src: "{{ item }}"
dest: "/etc/haproxy/haproxy.cfg"
with_items:
- haproxy.cfg.j2
src: "haproxy.cfg.j2"
dest: "/etc/haproxy/conf.d/00-haproxy"
notify: Restart haproxy
tags:
- haproxy-base-config
- haproxy-config
- name: Drop haproxy logging config
copy:
src: "{{ item }}"
src: "haproxy-logging.cfg"
dest: "/etc/rsyslog.d/99-haproxy-local-logging.conf"
with_items:
- haproxy-logging.cfg
notify: Restart rsyslog
tags:
- haproxy-base-config
- haproxy-config
- include: haproxy_service_config.yml
- name: Regenerate haproxy configuration
assemble:
src: "/etc/haproxy/conf.d"
dest: "/etc/haproxy/haproxy.cfg"
notify: Restart haproxy
tags:
- haproxy-base-config
- haproxy-config
- name: Enable haproxy services
service:
name: "haproxy"
enabled: "yes"
tags:
- haproxy-config

40
playbooks/roles/haproxy_server/tasks/haproxy_pre_install.yml
View File

@ -13,11 +13,41 @@
# See the License for the specific language governing permissions and
# limitations under the License.
# NOTE(cloudnull):
# While the haproxy distro packages provide for an haproxy
# group this group is being created upfront to support
# log aggregation links as well as ensure common user
# functionality across various distros that we support.
- name: Create the haproxy system group
group:
name: "haproxy"
state: "present"
system: "yes"
tags:
- haproxy-group
# NOTE(cloudnull):
# While the haproxy distro packages provide for an haproxy
# user this user is being created upfront to support
# log aggregation links as well as ensure common user
# functionality across various distros that we support.
- name: Create the haproxy system user
user:
name: "haproxy"
group: "haproxy"
comment: "haproxy user"
shell: "/bin/false"
system: "yes"
createhome: "yes"
home: "/var/lib/haproxy"
tags:
- haproxy-user
- name: Test for log directory or link
shell: |
if [ -h "/var/log/haproxy" ]; then
chown -h syslog:adm "/var/log/haproxy"
chown -R syslog:adm "$(readlink /var/log/haproxy)"
chown -h haproxy:adm "/var/log/haproxy"
chown -R haproxy:adm "$(readlink /var/log/haproxy)"
else
exit 1
fi
@ -30,11 +60,9 @@
- name: Create haproxy log dir
file:
path: "{{ item.path }}"
path: "/var/log/haproxy"
state: directory
mode: "{{ item.mode|default('0755') }}"
with_items:
- { path: "/var/log/haproxy" }
mode: "0755"
when: log_dir | changed
tags:
- haproxy-dirs

7
playbooks/roles/haproxy_server/tasks/haproxy_ssl_configuration.yml
View File

@ -42,6 +42,13 @@
tags:
- haproxy-ssl
- name: Ensure the private ssl directory exists
file:
dest: "/etc/ssl/private"
state: "directory"
tags:
- haproxy-ssl
- name: Remove signed certs and keys for regen
file:
dest: "{{ haproxy_ssl_cert }}"

13
playbooks/roles/haproxy_server/tasks/main.yml
View File

@ -13,10 +13,17 @@
# See the License for the specific language governing permissions and
# limitations under the License.
- include: haproxy_pre_install.yml
- name: Gather variables for each operating system
include_vars: "{{ item }}"
with_first_found:
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml"
- "{{ ansible_distribution | lower }}.yml"
- "{{ ansible_os_family | lower }}-{{ ansible_distribution_version.split('.')[0] }}.yml"
- "{{ ansible_os_family | lower }}.yml"
tags:
- always
- include: haproxy_add_ppa_repo.yml
when: haproxy_ssl | bool
- include: haproxy_pre_install.yml
- include: haproxy_install.yml

5
playbooks/roles/haproxy_server/templates/haproxy_pin.pref.j2
View File

@ -1,5 +0,0 @@
# {{ ansible_managed }}
Package: *
Pin: release o=LP-PPA-vbernat-haproxy-1.5
Pin-Priority: 1001

18
playbooks/roles/haproxy_server/vars/redhat-7.yml Normal file
View File

@ -0,0 +1,18 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
haproxy_packages:
- haproxy
- rsyslog # Used for local logging

40
playbooks/roles/haproxy_server/vars/ubuntu-14.04.yml Normal file
View File

@ -0,0 +1,40 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
## APT Cache options
cache_timeout: 600
haproxy_apt_repo_url: "http://ppa.launchpad.net/vbernat/haproxy-1.5/ubuntu"
haproxy_repo:
repo: "deb {{ haproxy_apt_repo_url }} {{ ansible_distribution_release }} main"
state: "present"
# Haproxy GPG Keys
haproxy_gpg_keys:
- key_name: 'haproxy'
keyserver: 'hkp://keyserver.ubuntu.com:80'
fallback_keyserver: 'hkp://p80.pool.sks-keyservers.net:80'
hash_id: '0xcffb779aadc995e4f350a060505d97a41c61b9cd'
haproxy_pre_packages:
- python-software-properties
- software-properties-common
- debconf-utils
haproxy_packages:
- haproxy
- rsyslog # Used for local logging
- vim-haproxy
- psmisc

28
playbooks/roles/haproxy_server/vars/ubuntu-16.04.yml Normal file
View File

@ -0,0 +1,28 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
## APT Cache options
cache_timeout: 600
haproxy_pre_packages:
- python-software-properties
- software-properties-common
- debconf-utils
haproxy_packages:
- haproxy
- rsyslog # Used for local logging
- vim-haproxy
- psmisc

11
releasenotes/notes/haproxy-centos-support-de39c19d6a89b6a5.yaml Normal file
View File

@ -0,0 +1,11 @@
---
features:
- CentOS 7 and Ubuntu 16.04 support have been added to the ``haproxy`` role.
- The ``haproxy`` role installs *hatop* from source to ensure that the same operator
tooling is available across all supported distributions. The download URL for
the source can be set using the variable ``haproxy_hatop_download_url``.
upgrade:
- Within the ``haproxy`` role *hatop* has been changed from a package installation
to a source-based installation. This has been done to ensure that the same operator
tooling is available across all supported distributions. The download URL for
the source can be set using the variable ``haproxy_hatop_download_url``.