aab510e1fc
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_ceilometer/+/791259 Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_gnocchi/+/791254 Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_swift/+/791250 Change-Id: If1278c7cc167305c148d01b3db972acb3afa4fd1
611 lines
26 KiB
YAML
611 lines
26 KiB
YAML
---
|
|
# Copyright 2016, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
haproxy_bind_on_non_local: "{{ (groups.haproxy | length) > 1 }}"
|
|
haproxy_use_keepalived: "{{ (groups.haproxy | length) > 1 }}"
|
|
keepalived_selinux_compile_rules:
|
|
- keepalived_ping
|
|
- keepalived_haproxy_pid_file
|
|
|
|
# Ensure that the package state matches the global setting
|
|
haproxy_package_state: "{{ package_state }}"
|
|
|
|
haproxy_whitelist_networks:
|
|
- 192.168.0.0/16
|
|
- 172.16.0.0/12
|
|
- 10.0.0.0/8
|
|
|
|
haproxy_galera_whitelist_networks: "{{ haproxy_whitelist_networks }}"
|
|
haproxy_keystone_admin_whitelist_networks: "{{ haproxy_whitelist_networks }}"
|
|
haproxy_nova_metadata_whitelist_networks: "{{ haproxy_whitelist_networks }}"
|
|
haproxy_rabbitmq_management_whitelist_networks: "{{ haproxy_whitelist_networks }}"
|
|
haproxy_repo_git_whitelist_networks: "{{ haproxy_whitelist_networks }}"
|
|
haproxy_repo_cache_whitelist_networks: "{{ haproxy_whitelist_networks }}"
|
|
haproxy_opendaylight_whitelist_networks: "{{ haproxy_whitelist_networks }}"
|
|
|
|
haproxy_security_txt_acl:
|
|
keystone-security-txt-acl:
|
|
rule: "path_end /security.txt"
|
|
backend_name: keystone_service
|
|
|
|
haproxy_adjutant_api_service:
|
|
haproxy_service_name: adjutant_api
|
|
haproxy_backend_nodes: "{{ groups['adjutant_api'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
|
haproxy_port: 5050
|
|
haproxy_balance_type: http
|
|
haproxy_balance_alg: source
|
|
haproxy_backend_options:
|
|
- "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
|
|
haproxy_service_enabled: "{{ groups['adjutant_api'] is defined and groups['adjutant_api'] | length > 0 }}"
|
|
|
|
haproxy_aodh_api_service:
|
|
haproxy_service_name: aodh_api
|
|
haproxy_backend_nodes: "{{ groups['aodh_api'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
|
haproxy_port: 8042
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
|
|
haproxy_service_enabled: "{{ groups['aodh_api'] is defined and groups['aodh_api'] | length > 0 }}"
|
|
|
|
haproxy_barbican_service:
|
|
haproxy_service_name: barbican
|
|
haproxy_backend_nodes: "{{ groups['barbican_api'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
|
haproxy_port: 9311
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
|
|
haproxy_service_enabled: "{{ groups['barbican_api'] is defined and groups['barbican_api'] | length > 0 }}"
|
|
|
|
haproxy_ceph_rgw_service:
|
|
haproxy_service_name: ceph-rgw
|
|
haproxy_backend_nodes: "{{ (groups['ceph-rgw'] is defined and groups['ceph-rgw'] | length > 0) | ternary(groups['ceph-rgw'], ceph_rgws) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
|
haproxy_balance_alg: source
|
|
haproxy_port: "{{ radosgw_service_port | default(7980) }}"
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- httpchk HEAD /
|
|
haproxy_backend_httpcheck_options:
|
|
- expect rstatus 200|405
|
|
haproxy_service_enabled: "{{ (groups['ceph-rgw'] is defined and groups['ceph-rgw'] | length > 0) or (ceph_rgws | length > 0) }}"
|
|
|
|
haproxy_cinder_api_service:
|
|
haproxy_service_name: cinder_api
|
|
haproxy_backend_nodes: "{{ groups['cinder_api'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
|
haproxy_port: 8776
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
|
|
haproxy_service_enabled: "{{ groups['cinder_api'] is defined and groups['cinder_api'] | length > 0 }}"
|
|
|
|
haproxy_cloudkitty_api_service:
|
|
haproxy_service_name: cloudkitty_api
|
|
haproxy_backend_nodes: "{{ groups['cloudkitty_api'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
|
haproxy_port: 8089
|
|
haproxy_balance_type: http
|
|
haproxy_balance_alg: source
|
|
haproxy_backend_options:
|
|
- "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
|
|
haproxy_service_enabled: "{{ groups['cloudkitty_api'] is defined and groups['cloudkitty_api'] | length > 0 }}"
|
|
|
|
haproxy_designate_api_service:
|
|
haproxy_service_name: designate_api
|
|
haproxy_backend_nodes: "{{ groups['designate_api'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
|
haproxy_port: 9001
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "forwardfor"
|
|
- "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
|
|
- "httplog"
|
|
haproxy_service_enabled: "{{ groups['designate_api'] is defined and groups['designate_api'] | length > 0 }}"
|
|
|
|
haproxy_galera_service:
|
|
haproxy_service_name: galera
|
|
haproxy_backend_nodes: "{{ (groups['galera_all'] | default([]))[:1] }}" # list expected
|
|
haproxy_backup_nodes: "{{ (groups['galera_all'] | default([]))[1:] }}"
|
|
haproxy_bind: "{{ [internal_lb_vip_address] }}"
|
|
haproxy_port: 3306
|
|
haproxy_check_port: 9200
|
|
haproxy_balance_type: tcp
|
|
haproxy_timeout_client: 5000s
|
|
haproxy_timeout_server: 5000s
|
|
haproxy_backend_options:
|
|
- "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
|
|
haproxy_whitelist_networks: "{{ haproxy_galera_whitelist_networks }}"
|
|
haproxy_service_enabled: "{{ groups['galera_all'] is defined and groups['galera_all'] | length > 0 }}"
|
|
|
|
haproxy_glance_api_service:
|
|
haproxy_service_name: glance_api
|
|
haproxy_backend_nodes: "{{ groups['glance_api'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
|
haproxy_port: 9292
|
|
haproxy_balance_type: http
|
|
haproxy_balance_alg: source
|
|
haproxy_backend_options:
|
|
- "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
|
|
haproxy_service_enabled: "{{ groups['glance_api'] is defined and groups['glance_api'] | length > 0 }}"
|
|
|
|
haproxy_gnocchi_service:
|
|
haproxy_service_name: gnocchi
|
|
haproxy_backend_nodes: "{{ groups['gnocchi_all'] | default([]) }}"
|
|
haproxy_port: 8041
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk GET /healthcheck HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
|
|
haproxy_service_enabled: "{{ groups['gnocchi_all'] is defined and groups['gnocchi_all'] | length > 0 }}"
|
|
|
|
haproxy_heat_api_cfn_service:
|
|
haproxy_service_name: heat_api_cfn
|
|
haproxy_backend_nodes: "{{ groups['heat_api_cfn'] | default([]) }}"
|
|
haproxy_port: 8000
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
|
|
haproxy_service_enabled: "{{ groups['heat_api_cfn'] is defined and groups['heat_api_cfn'] | length > 0 }}"
|
|
|
|
haproxy_heat_api_service:
|
|
haproxy_service_name: heat_api
|
|
haproxy_backend_nodes: "{{ groups['heat_api'] | default([]) }}"
|
|
haproxy_port: 8004
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
|
|
haproxy_service_enabled: "{{ groups['heat_api'] is defined and groups['heat_api'] | length > 0 }}"
|
|
|
|
haproxy_horizon_service:
|
|
haproxy_service_name: horizon
|
|
haproxy_backend_nodes: "{{ groups['horizon_all'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_ssl_all_vips: true
|
|
haproxy_port: "{{ haproxy_ssl | ternary(443,80) }}"
|
|
haproxy_backend_port: 80
|
|
haproxy_redirect_http_port: 80
|
|
haproxy_balance_type: http
|
|
haproxy_balance_alg: source
|
|
haproxy_backend_options:
|
|
- "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
|
|
haproxy_service_enabled: "{{ groups['horizon_all'] is defined and groups['horizon_all'] | length > 0 }}"
|
|
haproxy_redirect_scheme: "{{ (haproxy_ssl_letsencrypt_enable | bool and haproxy_ssl | bool) | ternary('https if !{ ssl_fc } !{ path_beg /.well-known/acme-challenge/ }', 'https if !{ ssl_fc }') }}"
|
|
haproxy_frontend_acls: "{{ (haproxy_ssl_letsencrypt_enable | bool and haproxy_ssl | bool) | ternary(haproxy_ssl_letsencrypt_acl, {}) }}"
|
|
haproxy_acls: "{{ keystone_security_txt_content is defined | ternary(haproxy_security_txt_acl, {}) }}"
|
|
|
|
haproxy_ironic_api_service:
|
|
haproxy_service_name: ironic_api
|
|
haproxy_backend_nodes: "{{ groups['ironic_api'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
|
haproxy_port: 6385
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
|
|
haproxy_service_enabled: "{{ groups['ironic_api'] is defined and groups['ironic_api'] | length > 0 }}"
|
|
|
|
haproxy_ironic_inspector_service:
|
|
haproxy_service_name: ironic_inspector
|
|
haproxy_backend_nodes: "{{ groups['ironic_inspector'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
|
haproxy_port: 5050
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
|
|
haproxy_service_enabled: "{{ groups['ironic_inspector'] is defined and groups['ironic_inspector'] | length > 0 }}"
|
|
|
|
haproxy_keystone_service:
|
|
haproxy_service_name: keystone_service
|
|
haproxy_backend_nodes: "{{ groups['keystone_all'] | default([]) }}"
|
|
haproxy_port: 5000
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
|
haproxy_balance_type: "http"
|
|
haproxy_backend_options:
|
|
- "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
|
|
haproxy_service_enabled: "{{ groups['keystone_all'] is defined and groups['keystone_all'] | length > 0 }}"
|
|
|
|
haproxy_letsencrypt_service:
|
|
haproxy_service_name: letsencrypt
|
|
haproxy_backend_nodes: "{{ groups['haproxy_all'] }}"
|
|
backend_rise: 1
|
|
backend_fall: 5
|
|
haproxy_bind:
|
|
- 127.0.0.1
|
|
haproxy_port: "{{ haproxy_ssl_letsencrypt_certbot_backend_port }}"
|
|
haproxy_balance_type: http
|
|
haproxy_service_enabled: "{{ (haproxy_ssl_letsencrypt_enable | bool and haproxy_ssl | bool) }}"
|
|
|
|
haproxy_magnum_service:
|
|
haproxy_service_name: magnum
|
|
haproxy_backend_nodes: "{{ groups['magnum_all'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
|
haproxy_port: 9511
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
|
|
haproxy_service_enabled: "{{ groups['magnum_all'] is defined and groups['magnum_all'] | length > 0 }}"
|
|
|
|
haproxy_manila_service:
|
|
haproxy_service_name: manila
|
|
haproxy_backend_nodes: "{{ groups['manila_api'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
|
haproxy_port: 8786
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
|
|
haproxy_service_enabled: "{{ groups['manila_api'] is defined and groups['manila_api'] | length > 0 }}"
|
|
|
|
haproxy_masakari_api_service:
|
|
haproxy_service_name: masakari_api
|
|
haproxy_backend_nodes: "{{ groups['masakari_api'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
|
haproxy_port: 15868
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
|
|
haproxy_service_enabled: "{{ groups['masakari_api'] is defined and groups['masakari_api'] | length > 0 }}"
|
|
|
|
haproxy_mistral_service:
|
|
haproxy_service_name: mistral
|
|
haproxy_backend_nodes: "{{ groups['mistral_all'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
|
haproxy_port: 8989
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
|
|
haproxy_service_enabled: "{{ groups['mistral_all'] is defined and groups['mistral_all'] | length > 0 }}"
|
|
|
|
haproxy_murano_service:
|
|
haproxy_service_name: murano
|
|
haproxy_backend_nodes: "{{ groups['murano_all'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
|
haproxy_port: 8082
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk GET /v1 HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
|
|
haproxy_backend_httpcheck_options:
|
|
- "expect status 401"
|
|
haproxy_service_enabled: "{{ groups['murano_all'] is defined and groups['murano_all'] | length > 0 }}"
|
|
|
|
haproxy_neutron_server_service:
|
|
haproxy_service_name: neutron_server
|
|
haproxy_backend_nodes: "{{ groups['neutron_server'] | default([]) }}"
|
|
haproxy_port: 9696
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
|
|
haproxy_service_enabled: "{{ groups['neutron_server'] is defined and groups['neutron_server'] | length > 0 }}"
|
|
|
|
haproxy_nova_api_metadata_service:
|
|
haproxy_service_name: nova_api_metadata
|
|
haproxy_backend_nodes: "{{ groups['nova_api_metadata'] | default([]) }}"
|
|
haproxy_bind: "{{ [internal_lb_vip_address] }}"
|
|
haproxy_port: 8775
|
|
haproxy_ssl: "{{ haproxy_ssl_all_vips }}"
|
|
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
|
|
haproxy_whitelist_networks: "{{ haproxy_nova_metadata_whitelist_networks }}"
|
|
haproxy_service_enabled: "{{ groups['nova_api_metadata'] is defined and groups['nova_api_metadata'] | length > 0 }}"
|
|
|
|
haproxy_nova_api_compute_service:
|
|
haproxy_service_name: nova_api_os_compute
|
|
haproxy_backend_nodes: "{{ groups['nova_api_os_compute'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
|
haproxy_port: 8774
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
|
|
haproxy_service_enabled: "{{ groups['nova_api_os_compute'] is defined and groups['nova_api_os_compute'] | length > 0 }}"
|
|
|
|
# By default the nova console service on HAProxy is configured in HTTP mode to
|
|
# allow for more fine grained control. But if the SSL connection is terminated
|
|
# on the nova console container it has to be run in TCP mode.
|
|
haproxy_nova_console_http_mode: "{{ not (nova_console_user_ssl_cert is defined
|
|
and nova_console_user_ssl_key is defined) }}"
|
|
haproxy_nova_console_service:
|
|
haproxy_service_name: nova_console
|
|
haproxy_backend_nodes: "{{ groups['nova_console'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
|
haproxy_port: "{{ nova_console_port }}"
|
|
haproxy_balance_type: "{{ haproxy_nova_console_http_mode | ternary('http', 'tcp') }}"
|
|
haproxy_timeout_client: 60m
|
|
haproxy_timeout_server: 60m
|
|
haproxy_balance_alg: source
|
|
haproxy_backend_options: "{{ haproxy_nova_console_http_mode | ternary(['httpchk HEAD ' + nova_console_path + ' HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck'], []) }}"
|
|
haproxy_backend_httpcheck_options: "{{ haproxy_nova_console_http_mode | ternary(['expect status 200'], []) }}"
|
|
haproxy_service_enabled: "{{ groups['nova_console'] is defined and groups['nova_console'] | length > 0 }}"
|
|
|
|
haproxy_octavia_service:
|
|
haproxy_service_name: octavia
|
|
haproxy_backend_nodes: "{{ groups['octavia_all'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
|
haproxy_port: 9876
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
|
|
haproxy_service_enabled: "{{ groups['octavia_all'] is defined and groups['octavia_all'] | length > 0 }}"
|
|
|
|
haproxy_opendaylight_neutron_service:
|
|
haproxy_service_name: opendaylight-neutron
|
|
haproxy_backend_nodes: "{{ groups['neutron_server'] | default([]) }}"
|
|
haproxy_bind: "{{ [internal_lb_vip_address] }}"
|
|
haproxy_port: 8180
|
|
haproxy_balance_type: tcp
|
|
haproxy_timeout_client: 5000s
|
|
haproxy_timeout_server: 5000s
|
|
haproxy_whitelist_networks: "{{ haproxy_opendaylight_whitelist_networks }}"
|
|
haproxy_service_enabled: "{{ neutron_plugin_type == 'ml2.opendaylight' }}"
|
|
|
|
haproxy_opendaylight_websocket_service:
|
|
haproxy_service_name: opendaylight-websocket
|
|
haproxy_backend_nodes: "{{ groups['neutron_server'] | default([]) }}"
|
|
haproxy_bind: "{{ [internal_lb_vip_address] }}"
|
|
haproxy_port: 8185
|
|
haproxy_balance_type: tcp
|
|
haproxy_timeout_client: 5000s
|
|
haproxy_timeout_server: 5000s
|
|
haproxy_whitelist_networks: "{{ haproxy_opendaylight_whitelist_networks }}"
|
|
haproxy_service_enabled: "{{ neutron_plugin_type == 'ml2.opendaylight' }}"
|
|
|
|
haproxy_ovn_northbound_service:
|
|
haproxy_service_name: neutron_ovn_northd_northbound
|
|
haproxy_backend_nodes: "{{ (groups['neutron_ovn_northd'] | default([]))[:1] }}" # list expected
|
|
haproxy_backup_nodes: "{{ (groups['neutron_ovn_northd'] | default([]))[1:] }}"
|
|
haproxy_port: 6641
|
|
haproxy_bind: "{{ [internal_lb_vip_address] }}"
|
|
haproxy_balance_type: tcp
|
|
haproxy_timeout_client: 90m
|
|
haproxy_timeout_server: 90m
|
|
haproxy_backend_options:
|
|
- tcpka
|
|
haproxy_service_enabled: "{{ (neutron_plugin_type == 'ml2.ovn') and (groups['neutron_ovn_northd'] is defined and groups['neutron_ovn_northd'] | length > 0) }}"
|
|
|
|
haproxy_ovn_southbound_service:
|
|
haproxy_service_name: neutron_ovn_northd_southbound
|
|
haproxy_backend_nodes: "{{ (groups['neutron_ovn_northd'] | default([]))[:1] }}"
|
|
haproxy_backup_nodes: "{{ (groups['neutron_ovn_northd'] | default([]))[1:] }}"
|
|
haproxy_port: 6642
|
|
haproxy_bind: "{{ [internal_lb_vip_address] }}"
|
|
haproxy_balance_type: tcp
|
|
haproxy_timeout_client: 90m
|
|
haproxy_timeout_server: 90m
|
|
haproxy_backend_options:
|
|
- tcpka
|
|
haproxy_service_enabled: "{{ (neutron_plugin_type == 'ml2.ovn') and (groups['neutron_ovn_northd'] is defined and groups['neutron_ovn_northd'] | length > 0) }}"
|
|
|
|
haproxy_ovn_ovsdb_service:
|
|
haproxy_service_name: neutron_ovn_ovsdb_server
|
|
haproxy_backend_nodes: "{{ (groups['neutron_ovn_northd'] | default([]))[:1] }}"
|
|
haproxy_backup_nodes: "{{ (groups['neutron_ovn_northd'] | default([]))[1:] }}"
|
|
haproxy_port: 6640
|
|
haproxy_bind: "{{ [internal_lb_vip_address] }}"
|
|
haproxy_balance_type: tcp
|
|
haproxy_timeout_client: 90m
|
|
haproxy_timeout_server: 90m
|
|
haproxy_backend_options:
|
|
- tcpka
|
|
haproxy_service_enabled: "{{ (neutron_plugin_type == 'ml2.ovn') and (groups['neutron_ovn_northd'] is defined and groups['neutron_ovn_northd'] | length > 0) }}"
|
|
|
|
haproxy_panko_api_service:
|
|
haproxy_service_name: panko_api
|
|
haproxy_backend_nodes: "{{ groups['panko_api'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
|
haproxy_port: 8777
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "forwardfor"
|
|
- "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
|
|
- "httplog"
|
|
haproxy_service_enabled: "{{ groups['panko_all'] is defined and groups['panko_all'] | length > 0 }}"
|
|
|
|
haproxy_placement_service:
|
|
haproxy_service_name: placement
|
|
haproxy_backend_nodes: "{{ groups['placement_all'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
|
haproxy_port: 8780
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
|
|
haproxy_service_enabled: "{{ groups['placement_all'] is defined and groups['placement_all'] | length > 0 }}"
|
|
|
|
haproxy_rabbitmq_service:
|
|
haproxy_service_name: rabbitmq_mgmt
|
|
haproxy_backend_nodes: "{{ groups['rabbitmq'] | default([]) }}"
|
|
haproxy_ssl: False
|
|
haproxy_bind: "{{ [internal_lb_vip_address] }}"
|
|
haproxy_port: 15672
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
|
|
haproxy_whitelist_networks: "{{ haproxy_rabbitmq_management_whitelist_networks }}"
|
|
haproxy_service_enabled: "{{ groups['rabbitmq'] is defined and groups['rabbitmq'] | length > 0 }}"
|
|
|
|
haproxy_repo_service:
|
|
haproxy_service_name: repo_all
|
|
haproxy_backend_nodes: "{{ groups['repo_all'] | default([]) }}"
|
|
haproxy_bind: "{{ [internal_lb_vip_address] }}"
|
|
haproxy_port: 8181
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk GET /repo_sync_complete HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
|
|
haproxy_backend_httpcheck_options:
|
|
- "expect status 200"
|
|
haproxy_service_enabled: "{{ groups['repo_all'] is defined and groups['repo_all'] | length > 0 }}"
|
|
|
|
haproxy_sahara_api_service:
|
|
haproxy_service_name: sahara_api
|
|
haproxy_backend_nodes: "{{ groups['sahara_api'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
|
haproxy_balance_alg: source
|
|
haproxy_port: 8386
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
|
|
haproxy_backend_httpcheck_options:
|
|
- "expect rstatus 300|200"
|
|
haproxy_service_enabled: "{{ groups['sahara_api'] is defined and groups['sahara_api'] | length > 0 }}"
|
|
|
|
haproxy_senlin_api_service:
|
|
haproxy_service_name: senlin_api
|
|
haproxy_backend_nodes: "{{ groups['senlin_api'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
|
haproxy_port: 8778
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
|
|
haproxy_service_enabled: "{{ groups['senlin_api'] is defined and groups['senlin_api'] | length > 0 }}"
|
|
|
|
haproxy_swift_proxy_service:
|
|
haproxy_service_name: swift_proxy
|
|
haproxy_backend_nodes: "{{ groups['swift_proxy'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
|
haproxy_balance_alg: source
|
|
haproxy_port: 8080
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk GET /healthcheck HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
|
|
haproxy_service_enabled: "{{ groups['swift_proxy'] is defined and groups['swift_proxy'] | length > 0 }}"
|
|
|
|
haproxy_tacker_service:
|
|
haproxy_service_name: tacker
|
|
haproxy_backend_nodes: "{{ groups['tacker_all'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
|
haproxy_port: 9890
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "forwardfor"
|
|
- "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
|
|
- "httplog"
|
|
haproxy_service_enabled: "{{ groups['tacker_all'] is defined and groups['tacker_all'] | length > 0 }}"
|
|
|
|
haproxy_trove_service:
|
|
haproxy_service_name: trove
|
|
haproxy_backend_nodes: "{{ groups['trove_api'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
|
haproxy_port: 8779
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
|
|
haproxy_service_enabled: "{{ groups['trove_api'] is defined and groups['trove_api'] | length > 0 }}"
|
|
|
|
haproxy_zun_api_service:
|
|
haproxy_service_name: zun_api
|
|
haproxy_backend_nodes: "{{ groups['zun_api'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
|
haproxy_port: 9517
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk GET /v1 HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
|
|
haproxy_service_enabled: "{{ groups['zun_api'] is defined and groups['zun_api'] | length > 0 }}"
|
|
|
|
haproxy_zun_console_service:
|
|
haproxy_service_name: zun_console
|
|
haproxy_backend_nodes: "{{ groups['zun_api'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
|
haproxy_port: 6784
|
|
haproxy_balance_type: http
|
|
haproxy_timeout_client: 60m
|
|
haproxy_timeout_server: 60m
|
|
haproxy_balance_alg: source
|
|
haproxy_backend_options:
|
|
- "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
|
|
haproxy_backend_httpcheck_options:
|
|
- "expect status 405"
|
|
haproxy_service_enabled: "{{ groups['zun_api'] is defined and groups['zun_api'] | length > 0 }}"
|
|
|
|
haproxy_default_services:
|
|
- service: "{{ haproxy_adjutant_api_service }}"
|
|
- service: "{{ haproxy_aodh_api_service }}"
|
|
- service: "{{ haproxy_barbican_service }}"
|
|
- service: "{{ haproxy_ceph_rgw_service }}"
|
|
- service: "{{ haproxy_cinder_api_service }}"
|
|
- service: "{{ haproxy_cloudkitty_api_service }}"
|
|
- service: "{{ haproxy_designate_api_service }}"
|
|
- service: "{{ haproxy_galera_service }}"
|
|
- service: "{{ haproxy_glance_api_service }}"
|
|
- service: "{{ haproxy_gnocchi_service }}"
|
|
- service: "{{ haproxy_heat_api_cfn_service }}"
|
|
- service: "{{ haproxy_heat_api_service }}"
|
|
- service: "{{ haproxy_horizon_service }}"
|
|
- service: "{{ haproxy_ironic_api_service }}"
|
|
- service: "{{ haproxy_ironic_inspector_service }}"
|
|
- service: "{{ haproxy_keystone_service }}"
|
|
- service: "{{ haproxy_letsencrypt_service }}"
|
|
- service: "{{ haproxy_magnum_service }}"
|
|
- service: "{{ haproxy_manila_service }}"
|
|
- service: "{{ haproxy_masakari_api_service }}"
|
|
- service: "{{ haproxy_mistral_service }}"
|
|
- service: "{{ haproxy_murano_service }}"
|
|
- service: "{{ haproxy_neutron_server_service }}"
|
|
- service: "{{ haproxy_nova_api_metadata_service }}"
|
|
- service: "{{ haproxy_nova_api_compute_service }}"
|
|
- service: "{{ haproxy_nova_console_service }}"
|
|
- service: "{{ haproxy_octavia_service }}"
|
|
- service: "{{ haproxy_opendaylight_neutron_service }}"
|
|
- service: "{{ haproxy_opendaylight_websocket_service }}"
|
|
- service: "{{ haproxy_ovn_northbound_service }}"
|
|
- service: "{{ haproxy_ovn_southbound_service }}"
|
|
- service: "{{ haproxy_ovn_ovsdb_service }}"
|
|
- service: "{{ haproxy_panko_api_service }}"
|
|
- service: "{{ haproxy_placement_service }}"
|
|
- service: "{{ haproxy_rabbitmq_service }}"
|
|
- service: "{{ haproxy_repo_service }}"
|
|
- service: "{{ haproxy_sahara_api_service }}"
|
|
- service: "{{ haproxy_senlin_api_service }}"
|
|
- service: "{{ haproxy_swift_proxy_service }}"
|
|
- service: "{{ haproxy_tacker_service }}"
|
|
- service: "{{ haproxy_trove_service }}"
|
|
- service: "{{ haproxy_zun_api_service }}"
|
|
- service: "{{ haproxy_zun_console_service }}"
|