From b8568c4bc3f2085cad057810105f43b9e0b467c9 Mon Sep 17 00:00:00 2001 From: Martin Magr Date: Wed, 18 Mar 2020 12:14:09 +0100 Subject: [PATCH] Finish HAProxy config for metrics_qdr This patch is fixing following issues: - currently HAProxy is not enabled by default because of wrong hiera key - QDR connections are not http connections - the load balanced services are running only controllers and listening on internal_api interfaces, so the pacemaker_nodes are reused for this configuration. Change-Id: I6ae1ceca7ed4ae313c10e6d8be9803d20d68957d (cherry picked from commit f0f031b26982f89320dbaa20e282adc7cfaa4e05) --- manifests/haproxy.pp | 33 ++++++++++++++++------ manifests/profile/base/metrics/collectd.pp | 19 +------------ manifests/profile/base/metrics/qdr.pp | 10 +------ 3 files changed, 27 insertions(+), 35 deletions(-) diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index 9df204585..0a44f655f 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -1284,14 +1284,31 @@ class tripleo::haproxy ( } if $metrics_qdr { - ::tripleo::haproxy::endpoint { 'metrics_qdr': - public_virtual_ip => $public_virtual_ip, - internal_ip => $controller_virtual_ip, - service_port => $ports[metrics_qdr_port], - ip_addresses => $controller_hosts_real, - server_names => $controller_hosts_names_real, - public_ssl_port => $ports[metrics_qdr_port], - service_network => $metrics_qdr_network, + $metrics_bind_opts = { + "${public_virtual_ip}:${ports[metrics_qdr_port]}" => $haproxy_listen_bind_param, + } + haproxy::listen { 'metrics_qdr': + bind => $metrics_bind_opts, + options => { + 'option' => [ 'tcp-check', 'tcplog' ], + 'tcp-check' => ["connect port ${ports[metrics_qdr_port]}"], + }, + collect_exported => false, + } + # Note(mmagr): while MetricsQdr service runs on all overcloud nodes, we need load balancing + # only on controllers as those are only QDRs forming mesh (listening on connection + # from QDRs running other nodes [storage, compute, etc.]). Sadly we don't have another + # reasonable way to get list of internal_api interfaces of controllers than using list + # of other services running only on controllers and also using internal_api network. + # MetricsQdr will be refactored (split to QDR running on controller or on other node) + # to better integrate, but for now we need this hack to enable the feature + haproxy::balancermember { 'metrics_qdr': + listening_service => 'metrics_qdr', + ports => $ports[metrics_qdr_port], + ipaddresses => hiera('pacemaker_node_ips', $controller_hosts_real), + server_names => hiera('pacemaker_node_names', $controller_hosts_names_real), + options => union($haproxy_member_options, ['on-marked-down shutdown-sessions']), + verifyhost => false, } } diff --git a/manifests/profile/base/metrics/collectd.pp b/manifests/profile/base/metrics/collectd.pp index ea8fb4efc..cae61765c 100644 --- a/manifests/profile/base/metrics/collectd.pp +++ b/manifests/profile/base/metrics/collectd.pp @@ -158,11 +158,6 @@ # (Optional) String. Name of the transport. # Default to 'metrics' # -# [*amqp_external_host*] -# (Optional) String. Host which QDR service, to which collectd should be connected, -# is using for external connections. -# Defaults to hiera('tripleo::profile::base::metrics::qdr::external_listener_addr', 'localhost') -# # [*amqp_host*] # (Optional) String. Hostname or IP address of the AMQP 1.0 intermediary. # Defaults to the undef @@ -211,11 +206,6 @@ # should be connected, is running. # Defaults to hiera('tripleo::profile::base::metrics::qdr::router_mode', 'edge') # -# [*qdr_listens_on_external*] -# (Optional) Boolean. Whether QDR service, to which collectd should be connected, -# is listening for connections on amqp_external_host rather than amqp_host. -# Defaults to hiera('tripleo::profile::base::metrics::qdr::listen_on_external', false) -# # [*python_read_plugins*] # (Optional) List of strings. List of third party python packages to install. # Defaults to []. @@ -256,7 +246,6 @@ class tripleo::profile::base::metrics::collectd ( $sqlalchemy_collectd_bind_host = undef, $sqlalchemy_collectd_log_messages = undef, $amqp_transport_name = 'metrics', - $amqp_external_host = hiera('tripleo::profile::base::metrics::qdr::external_listener_addr', 'localhost'), $amqp_host = undef, $amqp_port = undef, $amqp_user = undef, @@ -266,7 +255,6 @@ class tripleo::profile::base::metrics::collectd ( $amqp_retry_delay = undef, $amqp_interval = undef, $qdr_mode = hiera('tripleo::profile::base::metrics::qdr::router_mode', 'edge'), - $qdr_listens_on_external = hiera('tripleo::profile::base::metrics::qdr::listen_on_external', false), $service_names = hiera('service_names', []), $collectd_manage_repo = false, $python_read_plugins = [], @@ -337,16 +325,11 @@ class tripleo::profile::base::metrics::collectd ( securitylevel => $_collectd_securitylevel, } } elsif !empty($amqp_host) { - if $qdr_listens_on_external and $qdr_mode == 'interior' { - $connect_to = $amqp_external_host - } else { - $connect_to = $amqp_host - } class { 'collectd::plugin::amqp1': ensure => 'present', manage_package => true, transport => $amqp_transport_name, - host => $connect_to, + host => $amqp_host, port => $amqp_port, user => $amqp_user, password => $amqp_password, diff --git a/manifests/profile/base/metrics/qdr.pp b/manifests/profile/base/metrics/qdr.pp index c151ca5ff..24e4113d7 100644 --- a/manifests/profile/base/metrics/qdr.pp +++ b/manifests/profile/base/metrics/qdr.pp @@ -122,8 +122,6 @@ class tripleo::profile::base::metrics::qdr ( $username = undef, $password = undef, - $listen_on_external = false, - $external_listener_addr = 'localhost', $listener_addr = 'localhost', $listener_port = '5666', $listener_require_ssl = false, @@ -213,14 +211,8 @@ class tripleo::profile::base::metrics::qdr ( $all_connectors = $connectors + $internal_connectors } - if $listen_on_external and $router_mode == 'interior' { - $listen_on = $external_listener_addr - } else { - $listen_on = $listener_addr - } - class { 'qdr': - listener_addr => $listen_on, + listener_addr => $listener_addr, listener_port => $listener_port, listener_require_encrypt => $listener_require_encrypt, listener_require_ssl => $listener_require_ssl,