openstack/openstack-ansible
Code Issues Proposed changes
14a57702ca
openstack-ansible/doc/source/install-guide/configure-haproxy.rst
Jean-Philippe Evrard a239b29baf
Implementation of keepalived for haproxy 
This commit uses a keepalived role, available in
ansible galaxy, to configure keepalived for haproxy

Keepalived makes the haproxy truely HA, by having
haproxy's VIP highly available between the hosts
defined in the inventory.

The keepalived role configuration is fully
documented on the upstream role.

To configure keepalived on your host, you only have to
give it a variable (dict). A template handles the
generation of the configuration of keepalived.

By default, the variable files defined in vars/configs/
are enough to have a keepalived working for haproxy,
with a master-backup configuration.

You can define other variable files by setting
haproxy_keepalived_(master|backup)_vars in your
user_variables. This should point to a "variable
template" file like the one you can find
in vars/configs/*

The haproxy playbook has been changed to rely on
the dynamic generation script. It will use the env.d
to have haproxy hosts. The first host from the
generated inventory will be considered as master,
while the others are slaves. The keepalived role
will only run if more than haproxy host is found
in the inventory. This behaviour can be changed
and keepalived can be disabled by the variable:
haproxy_use_keepalived.

The implemented variables are the following:
* haproxy_keepalived_(ext|int)ernal_vip_cidr
* haproxy_keepalived_(ext|int)ernal_interface
* haproxy_keepalived_(ext|int)ernal_virtual_router_id
* haproxy_keepalived_priority_backup
* haproxy_keepalived_priority_master
* haproxy_keepalived_vars_file

In these variables, only the following variables
are necessary: keepalived_(ext|int)ernal_vip_cidr
However, it's recommended to also configure the
keepalived_(ext|int)ernal_interface
(to know which interface the vips can bind on)

Closes-Bug: 1414397
Change-Id: Ib87a3bb70d6f4b7ac9356e8a28fe4b5936eb9334
2015-10-07 23:08:41 -05:00

93 lines
3.2 KiB
ReStructuredText
Raw Blame History

`Home <index.html>`_ OpenStack-Ansible Installation Guide
Configuring HAProxy (optional)
------------------------------
For evaluation, testing, and development, HAProxy can temporarily
provide load balancing services in lieu of hardware load balancers. The
default HAProxy configuration does not provide highly-available load
balancing services. For production deployments, deploy a hardware load
balancer prior to deploying OSA.
- In the ``/etc/openstack_deploy/openstack_user_config.yml`` file, add
the ``haproxy_hosts`` section with one or more infrastructure target
hosts, for example:
.. code-block:: yaml
haproxy_hosts:
123456-infra01:
ip: 172.29.236.51
123457-infra02:
ip: 172.29.236.52
123458-infra03:
ip: 172.29.236.53
Making HAProxy highly-available
###############################
HAProxy will be deployed in a highly-available manner, by installing
keepalived if multiple hosts are found in the inventory.
To skip the deployment of keepalived along HAProxy when installing
HAProxy on multiple hosts, edit the
``/etc/openstack_deploy/user_variables.yml`` by setting:
.. code-block:: yaml
haproxy_use_keepalived: False
Otherwise, edit at least the following variables in
``user_variables.yml`` to make keepalived work:
.. code-block:: yaml
haproxy_keepalived_external_vip_cidr: 192.168.0.4/25
haproxy_keepalived_internal_vip_cidr: 172.29.236.54/16
haproxy_keepalived_external_interface: br-flat
haproxy_keepalived_internal_interface: br-mgmt
``haproxy_keepalived_internal_interface`` represents the interface
on the deployed node where the keepalived master will bind the
internal vip. By default the ``br-mgmt`` will be used.
``haproxy_keepalived_external_interface`` represents the interface
on the deployed node where the keepalived master will bind the
external vip. By default the ``br-mgmt`` will be used.
``haproxy_keepalived_external_vip_cidr`` represents the external
vip (and its netmask) that will be used on keepalived master host.
``haproxy_keepalived_internal_vip_cidr`` represents the internal
vip (and its netmask) that will be used on keepalived master host.
Additional variables can be set to adapt keepalived in the deployed
environment. Please refer to the ``user_variables.yml``
for more descriptions.
All the variables mentionned here before are used in the variable
files ``vars/configs/keepalived_haproxy_master.yml`` and
``vars/configs/keepalived_haproxy_backup.yml`` to feed the
keepalived role. More information can be found on the keepalived
role documentation. You can use your own file by setting their path
in your ``/etc/openstack_deploy/user_variables.yml``:
.. code-block:: yaml
haproxy_keepalived_vars_file:
Securing HAProxy communication with SSL certificates
####################################################
The openstack-ansible project provides the ability to secure HAProxy
communications with self-signed or user-provided SSL certificates.
Refer to `Securing services with SSL certificates`_ for available configuration
options.
.. _Securing services with SSL certificates: configure-sslcertificates.html
--------------
.. include:: navigation.txt
View Git Blame Copy Permalink