589650228b
The change updates the haproxy configs to use backends with a default of an empty array. This is needed to ensure that the backends are not being assumed to have some value. In the current system if an inventory item did not exist the rendered backend would be a jinja string which would cause the haproxy play to fail. Closes-Bug: #1513455 Change-Id: I221dbd910c75c2e41c98a33e1c38c7f69718b544 Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
188 lines
7.4 KiB
YAML
188 lines
7.4 KiB
YAML
# Copyright 2014, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
haproxy_backend_options_http:
|
|
- "forwardfor"
|
|
- "httpchk"
|
|
- "httplog"
|
|
|
|
haproxy_backend_options_https:
|
|
- "ssl-hello-chk"
|
|
|
|
keystone_ssl_admin: "{% if keystone_ssl is defined and keystone_ssl | bool and keystone_service_adminuri_proto == 'https' %}true{% else %}false{% endif %}"
|
|
keystone_ssl_internal: "{% if keystone_ssl is defined and keystone_ssl | bool and keystone_service_internaluri_proto == 'https' %}true{% else %}false{% endif %}"
|
|
keystone_ssl_public: "{% if keystone_ssl is defined and keystone_ssl | bool and keystone_service_publicuri_proto == 'https' %}true{% else %}false{% endif %}"
|
|
|
|
haproxy_service_configs:
|
|
- service:
|
|
haproxy_service_name: galera
|
|
haproxy_backend_nodes: "{{ [groups['galera_all'][0]] | default([]) }}" # list expected
|
|
haproxy_backup_nodes: "{{ groups['galera_all'][1:] | default([]) }}"
|
|
haproxy_port: 3306
|
|
haproxy_balance_type: tcp
|
|
haproxy_timeout_client: 5000s
|
|
haproxy_timeout_server: 5000s
|
|
haproxy_backend_options:
|
|
- "mysql-check user {{ galera_monitoring_user }}"
|
|
- service:
|
|
haproxy_service_name: glance_api
|
|
haproxy_backend_nodes: "{{ groups['glance_api'] | default([]) }}"
|
|
haproxy_port: 9292
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "forwardfor"
|
|
- "httpchk"
|
|
- "httplog"
|
|
- service:
|
|
haproxy_service_name: glance_registry
|
|
haproxy_backend_nodes: "{{ groups['glance_registry'] | default([]) }}"
|
|
haproxy_port: 9191
|
|
haproxy_balance_type: http
|
|
- service:
|
|
haproxy_service_name: heat_api_cfn
|
|
haproxy_backend_nodes: "{{ groups['heat_api_cfn'] | default([]) }}"
|
|
haproxy_port: 8000
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "forwardfor"
|
|
- "httpchk"
|
|
- "httplog"
|
|
- service:
|
|
haproxy_service_name: heat_api_cloudwatch
|
|
haproxy_backend_nodes: "{{ groups['heat_api_cloudwatch'] | default([]) }}"
|
|
haproxy_port: 8003
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "forwardfor"
|
|
- "httpchk"
|
|
- "httplog"
|
|
- service:
|
|
haproxy_service_name: heat_api
|
|
haproxy_backend_nodes: "{{ groups['heat_api'] | default([]) }}"
|
|
haproxy_port: 8004
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "forwardfor"
|
|
- "httpchk"
|
|
- "httplog"
|
|
- service:
|
|
haproxy_service_name: keystone_admin
|
|
haproxy_backend_nodes: "{{ groups['keystone_all'] | default([]) }}"
|
|
haproxy_port: 35357
|
|
haproxy_ssl: "{% if haproxy_ssl | bool and keystone_service_adminuri_proto == 'https' %}true{% else %}false{% endif %}"
|
|
haproxy_balance_type: "{{ (keystone_ssl_admin | bool) | ternary('tcp', 'http') }}"
|
|
haproxy_balance_alg: "{{ (keystone_ssl_admin | bool) | ternary('source', 'leastconn') }}"
|
|
haproxy_backend_options: "{{ (keystone_ssl_admin | bool) | ternary(haproxy_backend_options_https, haproxy_backend_options_http) }}"
|
|
- service:
|
|
haproxy_service_name: keystone_service
|
|
haproxy_backend_nodes: "{{ groups['keystone_all'] | default([]) }}"
|
|
haproxy_bind: "{% if internal_lb_vip_address == external_lb_vip_address %}*{% else %}{{ external_lb_vip_address }}{% endif %}"
|
|
haproxy_port: 5000
|
|
haproxy_ssl: "{% if haproxy_ssl | bool and keystone_service_publicuri_proto == 'https' %}true{% else %}false{% endif %}"
|
|
haproxy_balance_type: "{{ (keystone_ssl_public | bool) | ternary('tcp','http') }}"
|
|
haproxy_balance_alg: "{{ (keystone_ssl_public | bool) | ternary('source', 'leastconn') }}"
|
|
haproxy_backend_options: "{{ (keystone_ssl_public | bool) | ternary(haproxy_backend_options_https, haproxy_backend_options_http) }}"
|
|
- service:
|
|
haproxy_service_name: neutron_server
|
|
haproxy_backend_nodes: "{{ groups['neutron_server'] | default([]) }}"
|
|
haproxy_port: 9696
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "forwardfor"
|
|
- "httpchk"
|
|
- "httplog"
|
|
- service:
|
|
haproxy_service_name: nova_api_metadata
|
|
haproxy_backend_nodes: "{{ groups['nova_api_metadata'] | default([]) }}"
|
|
haproxy_port: 8775
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk"
|
|
- "httplog"
|
|
- service:
|
|
haproxy_service_name: nova_api_os_compute
|
|
haproxy_backend_nodes: "{{ groups['nova_api_os_compute'] | default([]) }}"
|
|
haproxy_port: 8774
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "forwardfor"
|
|
- "httpchk"
|
|
- "httplog"
|
|
- service:
|
|
haproxy_service_name: nova_console
|
|
haproxy_backend_nodes: "{{ groups['nova_console'] | default([]) }}"
|
|
haproxy_ssl: "{% if haproxy_ssl | bool and nova_spice_html5proxy_base_proto == 'https' %}true{% else %}false{% endif %}"
|
|
haproxy_port: 6082
|
|
haproxy_balance_type: tcp
|
|
haproxy_timeout_client: 60m
|
|
haproxy_timeout_server: 60m
|
|
haproxy_balance_alg: source
|
|
- service:
|
|
haproxy_service_name: nova_console_novnc
|
|
haproxy_backend_nodes: "{{ groups['nova_console'] | default([]) }}"
|
|
haproxy_ssl: "{% if haproxy_ssl | bool and nova_novncproxy_proto == 'https' %}true{% else %}false{% endif %}"
|
|
haproxy_port: 6080
|
|
haproxy_balance_type: tcp
|
|
haproxy_timeout_client: 60m
|
|
haproxy_timeout_server: 60m
|
|
haproxy_balance_alg: source
|
|
- service:
|
|
haproxy_service_name: cinder_api
|
|
haproxy_backend_nodes: "{{ groups['cinder_api'] | default([]) }}"
|
|
haproxy_port: 8776
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "forwardfor"
|
|
- "httpchk"
|
|
- "httplog"
|
|
- service:
|
|
haproxy_service_name: horizon
|
|
haproxy_backend_nodes: "{{ groups['horizon_all'] | default([]) }}"
|
|
haproxy_port: 80
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "forwardfor"
|
|
- "httpchk"
|
|
- "httplog"
|
|
- service:
|
|
haproxy_service_name: horizon_ssl
|
|
haproxy_backend_nodes: "{{ groups['horizon_all'] | default([]) }}"
|
|
haproxy_port: 443
|
|
haproxy_balance_type: tcp
|
|
haproxy_balance_alg: source
|
|
haproxy_backend_options:
|
|
- "ssl-hello-chk"
|
|
- service:
|
|
haproxy_service_name: swift_proxy
|
|
haproxy_backend_nodes: "{{ groups['swift_proxy'] | default([]) }}"
|
|
haproxy_balance_alg: source
|
|
haproxy_port: 8080
|
|
haproxy_balance_type: http
|
|
- service:
|
|
haproxy_service_name: repo_all
|
|
haproxy_backend_nodes: "{{ groups['pkg_repo'] | default([]) }}"
|
|
haproxy_port: 8181
|
|
haproxy_backend_port: 8181
|
|
haproxy_balance_type: http
|
|
- service:
|
|
haproxy_service_name: ceilometer_api
|
|
haproxy_backend_nodes: "{{ groups['ceilometer_api_container'] | default([]) }}"
|
|
haproxy_port: 8777
|
|
haproxy_balance_type: http
|
|
- service:
|
|
haproxy_service_name: aodh_api
|
|
haproxy_backend_nodes: "{{ groups['aodh_api'] | default([]) }}"
|
|
haproxy_port: 8042
|
|
haproxy_balance_type: http
|