Configure virtual IPs for split out networks
This patch optionally creates new virtual IPs for the storage, storage_mgmt, and internal_api networks if ip addresses are provided. Additionally the HAproxy configuration is updated to use hiera lookups to obtain virtual IPs for alternate networks. By default the ctlplane VIP is still used. Change-Id: I20483574920a1da689374b0eb1b39b0391c3d243
This commit is contained in:
parent
10ac6980f9
commit
a077eaf307
|
@ -66,6 +66,21 @@
|
|||
# Can be a string or an array.
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*internal_api_virtual_ip*]
|
||||
# Virtual IP on the internal API network.
|
||||
# A string.
|
||||
# Defaults to false
|
||||
#
|
||||
# [*storage_virtual_ip*]
|
||||
# Virtual IP on the storage network.
|
||||
# A string.
|
||||
# Defaults to false
|
||||
#
|
||||
# [*storage_mgmt_virtual_ip*]
|
||||
# Virtual IP on the storage mgmt network.
|
||||
# A string.
|
||||
# Defaults to false
|
||||
#
|
||||
# [*service_certificate*]
|
||||
# Filename of an HAProxy-compatible certificate and key file
|
||||
# When set, enables SSL on the public API endpoints using the specified file.
|
||||
|
@ -206,6 +221,9 @@ class tripleo::loadbalancer (
|
|||
$control_virtual_interface,
|
||||
$public_virtual_interface,
|
||||
$public_virtual_ip,
|
||||
$internal_api_virtual_ip = false,
|
||||
$storage_virtual_ip = false,
|
||||
$storage_mgmt_virtual_ip = false,
|
||||
$manage_vip = true,
|
||||
$haproxy_service_manage = true,
|
||||
$haproxy_global_maxconn = 10000,
|
||||
|
@ -301,6 +319,44 @@ class tripleo::loadbalancer (
|
|||
track_script => ['haproxy'],
|
||||
priority => 101,
|
||||
}
|
||||
|
||||
|
||||
if $internal_api_virtual_ip and $internal_api_virtual_ip != $control_virtual_interface {
|
||||
$internal_api_virtual_interface = interface_for_ip($internal_api_virtual_ip)
|
||||
# KEEPALIVE INTERNAL API NETWORK
|
||||
keepalived::instance { '53':
|
||||
interface => $internal_api_virtual_interface,
|
||||
virtual_ips => [join([$internal_api_virtual_ip, ' dev ', $internal_api_virtual_interface])],
|
||||
state => 'MASTER',
|
||||
track_script => ['haproxy'],
|
||||
priority => 101,
|
||||
}
|
||||
}
|
||||
|
||||
if $storage_virtual_ip and $storage_virtual_ip != $control_virtual_interface {
|
||||
$storage_virtual_interface = interface_for_ip($storage_virtual_ip)
|
||||
# KEEPALIVE STORAGE NETWORK
|
||||
keepalived::instance { '54':
|
||||
interface => $storage_virtual_interface,
|
||||
virtual_ips => [join([$storage_virtual_ip, ' dev ', $storage_virtual_interface])],
|
||||
state => 'MASTER',
|
||||
track_script => ['haproxy'],
|
||||
priority => 101,
|
||||
}
|
||||
}
|
||||
|
||||
if $storage_mgmt_virtual_ip and $storage_mgmt_virtual_ip != $control_virtual_interface {
|
||||
$storage_mgmt_virtual_interface = interface_for_ip($storage_mgmt_virtual_ip)
|
||||
# KEEPALIVE STORAGE MANAGEMENT NETWORK
|
||||
keepalived::instance { '55':
|
||||
interface => $storage_mgmt_virtual_interface,
|
||||
virtual_ips => [join([$storage_mgmt_virtual_ip, ' dev ', $storage_mgmt_virtual_interface])],
|
||||
state => 'MASTER',
|
||||
track_script => ['haproxy'],
|
||||
priority => 101,
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
if $keystone_certificate {
|
||||
|
@ -349,142 +405,160 @@ class tripleo::loadbalancer (
|
|||
$horizon_bind_certificate = $service_certificate
|
||||
}
|
||||
|
||||
$keystone_public_api_vip = hiera('keystone_public_api_vip', $controller_virtual_ip)
|
||||
$keystone_admin_api_vip = hiera('keystone_admin_api_vip', $controller_virtual_ip)
|
||||
if $keystone_bind_certificate {
|
||||
$keystone_public_bind_opts = {
|
||||
"${controller_virtual_ip}:5000" => [],
|
||||
"${keystone_public_api_vip}:5000" => [],
|
||||
"${public_virtual_ip}:13000" => ['ssl', 'crt', $keystone_bind_certificate],
|
||||
}
|
||||
$keystone_admin_bind_opts = {
|
||||
"${controller_virtual_ip}:35357" => [],
|
||||
"${keystone_admin_api_vip}:35357" => [],
|
||||
"${public_virtual_ip}:13357" => ['ssl', 'crt', $keystone_bind_certificate],
|
||||
}
|
||||
} else {
|
||||
$keystone_public_bind_opts = {
|
||||
"${controller_virtual_ip}:5000" => [],
|
||||
"${keystone_public_api_vip}:5000" => [],
|
||||
"${public_virtual_ip}:5000" => [],
|
||||
}
|
||||
$keystone_admin_bind_opts = {
|
||||
"${controller_virtual_ip}:35357" => [],
|
||||
"${keystone_admin_api_vip}:35357" => [],
|
||||
"${public_virtual_ip}:35357" => [],
|
||||
}
|
||||
}
|
||||
|
||||
$neutron_api_vip = hiera('neutron_api_vip', $controller_virtual_ip)
|
||||
if $neutron_bind_certificate {
|
||||
$neutron_bind_opts = {
|
||||
"${controller_virtual_ip}:9696" => [],
|
||||
"${neutron_api_vip}:9696" => [],
|
||||
"${public_virtual_ip}:13696" => ['ssl', 'crt', $neutron_bind_certificate],
|
||||
}
|
||||
} else {
|
||||
$neutron_bind_opts = {
|
||||
"${controller_virtual_ip}:9696" => [],
|
||||
"${neutron_api_vip}:9696" => [],
|
||||
"${public_virtual_ip}:9696" => [],
|
||||
}
|
||||
}
|
||||
|
||||
$cinder_api_vip = hiera('cinder_api_vip', $controller_virtual_ip)
|
||||
if $cinder_bind_certificate {
|
||||
$cinder_bind_opts = {
|
||||
"${controller_virtual_ip}:8776" => [],
|
||||
"${cinder_api_vip}:8776" => [],
|
||||
"${public_virtual_ip}:13776" => ['ssl', 'crt', $cinder_bind_certificate],
|
||||
}
|
||||
} else {
|
||||
$cinder_bind_opts = {
|
||||
"${controller_virtual_ip}:8776" => [],
|
||||
"${cinder_api_vip}:8776" => [],
|
||||
"${public_virtual_ip}:8776" => [],
|
||||
}
|
||||
}
|
||||
|
||||
$glance_api_vip = hiera('glance_api_vip', $controller_virtual_ip)
|
||||
if $glance_bind_certificate {
|
||||
$glance_bind_opts = {
|
||||
"${controller_virtual_ip}:9292" => [],
|
||||
"${glance_api_vip}:9292" => [],
|
||||
"${public_virtual_ip}:13292" => ['ssl', 'crt', $glance_bind_certificate],
|
||||
}
|
||||
} else {
|
||||
$glance_bind_opts = {
|
||||
"${controller_virtual_ip}:9292" => [],
|
||||
"${glance_api_vip}:9292" => [],
|
||||
"${public_virtual_ip}:9292" => [],
|
||||
}
|
||||
}
|
||||
|
||||
$nova_api_vip = hiera('nova_api_vip', $controller_virtual_ip)
|
||||
if $nova_bind_certificate {
|
||||
$nova_osapi_bind_opts = {
|
||||
"${controller_virtual_ip}:8774" => [],
|
||||
"${nova_api_vip}:8774" => [],
|
||||
"${public_virtual_ip}:13774" => ['ssl', 'crt', $nova_bind_certificate],
|
||||
}
|
||||
$nova_ec2_bind_opts = {
|
||||
"${controller_virtual_ip}:8773" => [],
|
||||
"${nova_api_vip}:8773" => [],
|
||||
"${public_virtual_ip}:13773" => ['ssl', 'crt', $nova_bind_certificate],
|
||||
}
|
||||
$nova_novnc_bind_opts = {
|
||||
"${controller_virtual_ip}:6080" => [],
|
||||
"${nova_api_vip}:6080" => [],
|
||||
"${public_virtual_ip}:13080" => ['ssl', 'crt', $nova_bind_certificate],
|
||||
}
|
||||
} else {
|
||||
$nova_osapi_bind_opts = {
|
||||
"${controller_virtual_ip}:8774" => [],
|
||||
"${nova_api_vip}:8774" => [],
|
||||
"${public_virtual_ip}:8774" => [],
|
||||
}
|
||||
$nova_ec2_bind_opts = {
|
||||
"${controller_virtual_ip}:8773" => [],
|
||||
"${nova_api_vip}:8773" => [],
|
||||
"${public_virtual_ip}:8773" => [],
|
||||
}
|
||||
$nova_novnc_bind_opts = {
|
||||
"${controller_virtual_ip}:6080" => [],
|
||||
"${nova_api_vip}:6080" => [],
|
||||
"${public_virtual_ip}:6080" => [],
|
||||
}
|
||||
}
|
||||
|
||||
$ceilometer_api_vip = hiera('ceilometer_api_vip', $controller_virtual_ip)
|
||||
if $ceilometer_bind_certificate {
|
||||
$ceilometer_bind_opts = {
|
||||
"${controller_virtual_ip}:8777" => [],
|
||||
"${ceilometer_api_vip}:8777" => [],
|
||||
"${public_virtual_ip}:13777" => ['ssl', 'crt', $ceilometer_bind_certificate],
|
||||
}
|
||||
} else {
|
||||
$ceilometer_bind_opts = {
|
||||
"${controller_virtual_ip}:8777" => [],
|
||||
"${ceilometer_api_vip}:8777" => [],
|
||||
"${public_virtual_ip}:8777" => [],
|
||||
}
|
||||
}
|
||||
|
||||
$swift_proxy_vip = hiera('swift_proxy_vip', $controller_virtual_ip)
|
||||
if $swift_bind_certificate {
|
||||
$swift_bind_opts = {
|
||||
"${controller_virtual_ip}:8080" => [],
|
||||
"${swift_proxy_vip}:8080" => [],
|
||||
"${public_virtual_ip}:13080" => ['ssl', 'crt', $swift_bind_certificate],
|
||||
}
|
||||
} else {
|
||||
$swift_bind_opts = {
|
||||
"${controller_virtual_ip}:8080" => [],
|
||||
"${swift_proxy_vip}:8080" => [],
|
||||
"${public_virtual_ip}:8080" => [],
|
||||
}
|
||||
}
|
||||
|
||||
$heat_api_vip = hiera('heat_api_vip', $controller_virtual_ip)
|
||||
if $heat_bind_certificate {
|
||||
$heat_bind_opts = {
|
||||
"${controller_virtual_ip}:8004" => [],
|
||||
"${heat_api_vip}:8004" => [],
|
||||
"${public_virtual_ip}:13004" => ['ssl', 'crt', $heat_bind_certificate],
|
||||
}
|
||||
$heat_cw_bind_opts = {
|
||||
"${controller_virtual_ip}:8003" => [],
|
||||
"${heat_api_vip}:8003" => [],
|
||||
"${public_virtual_ip}:13003" => ['ssl', 'crt', $heat_bind_certificate],
|
||||
}
|
||||
$heat_cfn_bind_opts = {
|
||||
"${controller_virtual_ip}:8000" => [],
|
||||
"${heat_api_vip}:8000" => [],
|
||||
"${public_virtual_ip}:13000" => ['ssl', 'crt', $heat_bind_certificate],
|
||||
}
|
||||
} else {
|
||||
$heat_bind_opts = {
|
||||
"${controller_virtual_ip}:8004" => [],
|
||||
"${heat_api_vip}:8004" => [],
|
||||
"${public_virtual_ip}:8004" => [],
|
||||
}
|
||||
$heat_cw_bind_opts = {
|
||||
"${controller_virtual_ip}:8003" => [],
|
||||
"${heat_api_vip}:8003" => [],
|
||||
"${public_virtual_ip}:8003" => [],
|
||||
}
|
||||
$heat_cfn_bind_opts = {
|
||||
"${controller_virtual_ip}:8000" => [],
|
||||
"${heat_api_vip}:8000" => [],
|
||||
"${public_virtual_ip}:8000" => [],
|
||||
}
|
||||
}
|
||||
|
||||
$horizon_vip = hiera('horizon_vip', $controller_virtual_ip)
|
||||
if $horizon_bind_certificate {
|
||||
$horizon_bind_opts = {
|
||||
"${controller_virtual_ip}:80" => [],
|
||||
"${horizon_vip}:80" => [],
|
||||
"${public_virtual_ip}:443" => ['ssl', 'crt', $horizon_bind_certificate],
|
||||
}
|
||||
} else {
|
||||
$horizon_bind_opts = {
|
||||
"${controller_virtual_ip}:80" => [],
|
||||
"${horizon_vip}:80" => [],
|
||||
"${public_virtual_ip}:80" => [],
|
||||
}
|
||||
}
|
||||
|
@ -607,7 +681,7 @@ class tripleo::loadbalancer (
|
|||
|
||||
if $glance_registry {
|
||||
haproxy::listen { 'glance_registry':
|
||||
ipaddress => $controller_virtual_ip,
|
||||
ipaddress => hiera('glance_registry_vip', $controller_virtual_ip),
|
||||
ports => 9191,
|
||||
options => {
|
||||
'option' => [ 'httpchk GET /' ],
|
||||
|
@ -659,7 +733,7 @@ class tripleo::loadbalancer (
|
|||
|
||||
if $nova_metadata {
|
||||
haproxy::listen { 'nova_metadata':
|
||||
ipaddress => $controller_virtual_ip,
|
||||
ipaddress => hiera('nova_metadata_vip', $controller_virtual_ip),
|
||||
ports => 8775,
|
||||
options => {
|
||||
'option' => [ 'httpchk GET /' ],
|
||||
|
@ -793,7 +867,7 @@ class tripleo::loadbalancer (
|
|||
|
||||
if $mysql {
|
||||
haproxy::listen { 'mysql':
|
||||
ipaddress => [$controller_virtual_ip],
|
||||
ipaddress => [hiera('mysql_vip', $controller_virtual_ip)],
|
||||
ports => 3306,
|
||||
options => {
|
||||
'timeout' => [ 'client 0', 'server 0' ],
|
||||
|
@ -822,7 +896,7 @@ class tripleo::loadbalancer (
|
|||
|
||||
if $rabbitmq {
|
||||
haproxy::listen { 'rabbitmq':
|
||||
ipaddress => [$controller_virtual_ip],
|
||||
ipaddress => [hiera('rabbitmq_vip', $controller_virtual_ip)],
|
||||
ports => 5672,
|
||||
options => {
|
||||
'timeout' => [ 'client 0', 'server 0' ],
|
||||
|
@ -840,7 +914,7 @@ class tripleo::loadbalancer (
|
|||
|
||||
if $redis {
|
||||
haproxy::listen { 'redis':
|
||||
ipaddress => [$controller_virtual_ip],
|
||||
ipaddress => [hiera('redis_vip', $controller_virtual_ip)],
|
||||
ports => 6379,
|
||||
options => {
|
||||
'timeout' => [ 'client 0', 'server 0' ],
|
||||
|
|
Loading…
Reference in New Issue