From 08a9795d05ef407677975ef76911269e26e63d15 Mon Sep 17 00:00:00 2001 From: Dan Prince Date: Wed, 27 May 2015 22:29:39 -0400 Subject: [PATCH] Configure virtual IPs for split out networks This patch optionally creates new virtual IPs for the storage, storage_mgmt, and internal_api networks if ip addresses are provided. Additionally the HAproxy configuration is updated to use hiera lookups to obtain virtual IPs for alternate networks. By default the ctlplane VIP is still used. Change-Id: I20483574920a1da689374b0eb1b39b0391c3d243 --- manifests/loadbalancer.pp | 94 +++++++++++++++++++++++++++++++-------- 1 file changed, 75 insertions(+), 19 deletions(-) diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp index da980908d..2d6338f26 100644 --- a/manifests/loadbalancer.pp +++ b/manifests/loadbalancer.pp @@ -66,6 +66,21 @@ # Can be a string or an array. # Defaults to undef # +# [*internal_api_virtual_ip*] +# Virtual IP on the internal API network. +# A string. +# Defaults to false +# +# [*storage_virtual_ip*] +# Virtual IP on the storage network. +# A string. +# Defaults to false +# +# [*storage_mgmt_virtual_ip*] +# Virtual IP on the storage mgmt network. +# A string. +# Defaults to false +# # [*galera_master_hostname*] # FQDN of the Galera master node # Defaults to undef @@ -155,6 +170,9 @@ class tripleo::loadbalancer ( $control_virtual_interface, $public_virtual_interface, $public_virtual_ip, + $internal_api_virtual_ip = false, + $storage_virtual_ip = false, + $storage_mgmt_virtual_ip = false, $manage_vip = true, $haproxy_service_manage = true, $haproxy_global_maxconn = 10000, @@ -240,6 +258,44 @@ class tripleo::loadbalancer ( track_script => ['haproxy'], priority => 101, } + + + if $internal_api_virtual_ip and $internal_api_virtual_ip != $control_virtual_interface { + $internal_api_virtual_interface = interface_for_ip($internal_api_virtual_ip) + # KEEPALIVE INTERNAL API NETWORK + keepalived::instance { '53': + interface => $internal_api_virtual_interface, + virtual_ips => [join([$internal_api_virtual_ip, ' dev ', $internal_api_virtual_interface])], + state => 'MASTER', + track_script => ['haproxy'], + priority => 101, + } + } + + if $storage_virtual_ip and $storage_virtual_ip != $control_virtual_interface { + $storage_virtual_interface = interface_for_ip($storage_virtual_ip) + # KEEPALIVE STORAGE NETWORK + keepalived::instance { '54': + interface => $storage_virtual_interface, + virtual_ips => [join([$storage_virtual_ip, ' dev ', $storage_virtual_interface])], + state => 'MASTER', + track_script => ['haproxy'], + priority => 101, + } + } + + if $storage_mgmt_virtual_ip and $storage_mgmt_virtual_ip != $control_virtual_interface { + $storage_mgmt_virtual_interface = interface_for_ip($storage_mgmt_virtual_ip) + # KEEPALIVE STORAGE MANAGEMENT NETWORK + keepalived::instance { '55': + interface => $storage_mgmt_virtual_interface, + virtual_ips => [join([$storage_mgmt_virtual_ip, ' dev ', $storage_mgmt_virtual_interface])], + state => 'MASTER', + track_script => ['haproxy'], + priority => 101, + } + } + } sysctl::value { 'net.ipv4.ip_nonlocal_bind': value => '1' } @@ -275,7 +331,7 @@ class tripleo::loadbalancer ( if $keystone_admin { haproxy::listen { 'keystone_admin': - ipaddress => [$controller_virtual_ip, $public_virtual_ip], + ipaddress => unique([hiera('keystone_admin_api_vip', $controller_virtual_ip), $public_virtual_ip]), ports => 35357, options => { 'option' => [ 'httpchk GET /' ], @@ -293,7 +349,7 @@ class tripleo::loadbalancer ( if $keystone_public { haproxy::listen { 'keystone_public': - ipaddress => [$controller_virtual_ip, $public_virtual_ip], + ipaddress => unique([hiera('keystone_public_api_vip', $controller_virtual_ip), $public_virtual_ip]), ports => 5000, options => { 'option' => [ 'httpchk GET /' ], @@ -311,7 +367,7 @@ class tripleo::loadbalancer ( if $neutron { haproxy::listen { 'neutron': - ipaddress => [$controller_virtual_ip, $public_virtual_ip], + ipaddress => unique([hiera('neutron_api_vip', $controller_virtual_ip), $public_virtual_ip]), ports => 9696, options => { 'option' => [ 'httpchk GET /' ], @@ -329,7 +385,7 @@ class tripleo::loadbalancer ( if $cinder { haproxy::listen { 'cinder': - ipaddress => [$controller_virtual_ip, $public_virtual_ip], + ipaddress => unique([hiera('cinder_api_vip', $controller_virtual_ip), $public_virtual_ip]), ports => 8776, options => { 'option' => [ 'httpchk GET /' ], @@ -347,7 +403,7 @@ class tripleo::loadbalancer ( if $glance_api { haproxy::listen { 'glance_api': - ipaddress => [$controller_virtual_ip, $public_virtual_ip], + ipaddress => unique([hiera('glance_api_vip', $controller_virtual_ip), $public_virtual_ip]), ports => 9292, options => { 'option' => [ 'httpchk GET /' ], @@ -365,7 +421,7 @@ class tripleo::loadbalancer ( if $glance_registry { haproxy::listen { 'glance_registry': - ipaddress => [$controller_virtual_ip, $public_virtual_ip], + ipaddress => unique([hiera('glance_registry_vip', $controller_virtual_ip), $public_virtual_ip]), ports => 9191, options => { 'option' => [ 'httpchk GET /' ], @@ -383,7 +439,7 @@ class tripleo::loadbalancer ( if $nova_ec2 { haproxy::listen { 'nova_ec2': - ipaddress => [$controller_virtual_ip, $public_virtual_ip], + ipaddress => unique([hiera('nova_api_vip', $controller_virtual_ip), $public_virtual_ip]), ports => 8773, options => { 'option' => [ 'httpchk GET /' ], @@ -401,7 +457,7 @@ class tripleo::loadbalancer ( if $nova_osapi { haproxy::listen { 'nova_osapi': - ipaddress => [$controller_virtual_ip, $public_virtual_ip], + ipaddress => unique([hiera('nova_api_vip', $controller_virtual_ip), $public_virtual_ip]), ports => 8774, options => { 'option' => [ 'httpchk GET /' ], @@ -419,7 +475,7 @@ class tripleo::loadbalancer ( if $nova_metadata { haproxy::listen { 'nova_metadata': - ipaddress => [$controller_virtual_ip, $public_virtual_ip], + ipaddress => unique([hiera('nova_metadata_vip', $controller_virtual_ip), $public_virtual_ip]), ports => 8775, options => { 'option' => [ 'httpchk GET /' ], @@ -437,7 +493,7 @@ class tripleo::loadbalancer ( if $nova_novncproxy { haproxy::listen { 'nova_novncproxy': - ipaddress => [$controller_virtual_ip, $public_virtual_ip], + ipaddress => unique([hiera('nova_api_vip', $controller_virtual_ip), $public_virtual_ip]), ports => 6080, options => { 'option' => [ 'httpchk GET /' ], @@ -455,7 +511,7 @@ class tripleo::loadbalancer ( if $ceilometer { haproxy::listen { 'ceilometer': - ipaddress => [$controller_virtual_ip, $public_virtual_ip], + ipaddress => unique([hiera('ceilometer_api_vip', $controller_virtual_ip), $public_virtual_ip]), ports => 8777, collect_exported => false, } @@ -470,7 +526,7 @@ class tripleo::loadbalancer ( if $swift_proxy_server { haproxy::listen { 'swift_proxy_server': - ipaddress => [$controller_virtual_ip, $public_virtual_ip], + ipaddress => unique([hiera('swift_proxy_vip', $controller_virtual_ip), $public_virtual_ip]), ports => 8080, options => { 'option' => [ 'httpchk GET /info' ], @@ -488,7 +544,7 @@ class tripleo::loadbalancer ( if $heat_api { haproxy::listen { 'heat_api': - ipaddress => [$controller_virtual_ip, $public_virtual_ip], + ipaddress => unique([hiera('heat_vip', $controller_virtual_ip), $public_virtual_ip]), ports => 8004, options => { 'option' => [ 'httpchk GET /' ], @@ -506,7 +562,7 @@ class tripleo::loadbalancer ( if $heat_cloudwatch { haproxy::listen { 'heat_cloudwatch': - ipaddress => [$controller_virtual_ip, $public_virtual_ip], + ipaddress => unique([hiera('heat_vip', $controller_virtual_ip), $public_virtual_ip]), ports => 8003, options => { 'option' => [ 'httpchk GET /' ], @@ -524,7 +580,7 @@ class tripleo::loadbalancer ( if $heat_cfn { haproxy::listen { 'heat_cfn': - ipaddress => [$controller_virtual_ip, $public_virtual_ip], + ipaddress => unique([hiera('heat_vip', $controller_virtual_ip), $public_virtual_ip]), ports => 8000, options => { 'option' => [ 'httpchk GET /' ], @@ -542,7 +598,7 @@ class tripleo::loadbalancer ( if $horizon { haproxy::listen { 'horizon': - ipaddress => [$controller_virtual_ip, $public_virtual_ip], + ipaddress => unique([hiera('horizon_vip', $controller_virtual_ip), $public_virtual_ip]), ports => 80, options => { 'option' => [ 'httpchk GET /' ], @@ -560,7 +616,7 @@ class tripleo::loadbalancer ( if $mysql { haproxy::listen { 'mysql': - ipaddress => [$controller_virtual_ip], + ipaddress => [hiera('mysql_vip', $controller_virtual_ip)], ports => 3306, options => { 'timeout' => [ 'client 0', 'server 0' ], @@ -589,7 +645,7 @@ class tripleo::loadbalancer ( if $rabbitmq { haproxy::listen { 'rabbitmq': - ipaddress => [$controller_virtual_ip], + ipaddress => [hiera('rabbitmq_vip', $controller_virtual_ip)], ports => 5672, options => { 'timeout' => [ 'client 0', 'server 0' ], @@ -607,7 +663,7 @@ class tripleo::loadbalancer ( if $redis { haproxy::listen { 'redis': - ipaddress => [$controller_virtual_ip], + ipaddress => [hiera('redis_vip', $controller_virtual_ip)], ports => 6379, options => { 'timeout' => [ 'client 0', 'server 0' ],