Browse Source

flatten haproxy service configuration

This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.

With this patch the baremetal version of haproxy services has been removed.

Change-Id: Id55ae44a7b1b5f08b40170f7406e14973fa93639
Related-Blueprint: services-yaml-flattening
changes/31/626631/18
David J Peacock 3 years ago
parent
commit
05d77c9ed5
  1. 2
      ci/environments/multinode-3nodes-registry.yaml
  2. 2
      ci/environments/scenario000-multinode-containers.yaml
  3. 2
      ci/environments/scenario001-multinode-containers.yaml
  4. 2
      ci/environments/scenario001-standalone.yaml
  5. 2
      ci/environments/scenario002-multinode-containers.yaml
  6. 2
      ci/environments/scenario002-standalone.yaml
  7. 2
      ci/environments/scenario003-multinode-containers.yaml
  8. 2
      ci/environments/scenario003-standalone.yaml
  9. 2
      ci/environments/scenario004-multinode-containers.yaml
  10. 2
      ci/environments/scenario004-standalone.yaml
  11. 2
      ci/environments/scenario010-multinode-containers.yaml
  12. 2
      ci/environments/scenario012-multinode-containers.yaml
  13. 79
      deployment/haproxy/haproxy-container-puppet.yaml
  14. 0
      deployment/haproxy/haproxy-internal-tls-certmonger.j2.yaml
  15. 26
      deployment/haproxy/haproxy-pacemaker-puppet.yaml
  16. 0
      deployment/haproxy/haproxy-public-tls-certmonger.yaml
  17. 0
      deployment/haproxy/haproxy-public-tls-inject.yaml
  18. 2
      environments/baremetal-services.yaml
  19. 2
      environments/docker-ha.yaml
  20. 2
      environments/nonha-arch.yaml
  21. 2
      environments/openshift.yaml
  22. 2
      environments/public-tls-undercloud.yaml
  23. 2
      environments/services-baremetal/undercloud-haproxy.yaml
  24. 2
      environments/services/haproxy-public-tls-certmonger.yaml
  25. 2
      environments/services/undercloud-haproxy.yaml
  26. 2
      environments/ssl/enable-internal-tls.yaml
  27. 4
      overcloud-resource-registry-puppet.j2.yaml
  28. 175
      puppet/services/haproxy.yaml
  29. 70
      puppet/services/pacemaker/haproxy.yaml
  30. 4
      releasenotes/notes/drop-baremetal-haproxy-5e2f0f3c9b8da664.yaml
  31. 10
      sample-env-generator/ssl.yaml

2
ci/environments/multinode-3nodes-registry.yaml

@ -4,7 +4,7 @@ resource_registry:
OS::TripleO::Services::Core: multinode-core.yaml
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml

2
ci/environments/scenario000-multinode-containers.yaml

@ -7,7 +7,7 @@ resource_registry:
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml

2
ci/environments/scenario001-multinode-containers.yaml

@ -10,7 +10,7 @@ resource_registry:
OS::TripleO::Services::MetricsQdr: ../../docker/services/metrics/qdr.yaml
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml

2
ci/environments/scenario001-standalone.yaml

@ -22,7 +22,7 @@ resource_registry:
OS::TripleO::Services::MetricsQdr: ../../docker/services/metrics/qdr.yaml
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml

2
ci/environments/scenario002-multinode-containers.yaml

@ -8,7 +8,7 @@ resource_registry:
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
OS::TripleO::Services::Redis: ../../docker/services/pacemaker/database/redis.yaml
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml

2
ci/environments/scenario002-standalone.yaml

@ -20,7 +20,7 @@ resource_registry:
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
OS::TripleO::Services::Redis: ../../docker/services/pacemaker/database/redis.yaml
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml

2
ci/environments/scenario003-multinode-containers.yaml

@ -9,7 +9,7 @@ resource_registry:
OS::TripleO::Services::MistralEventEngine: ../../docker/services/mistral-event-engine.yaml
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/messaging/rpc-qdrouterd.yaml
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/pacemaker/notify-rabbitmq.yaml
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml

2
ci/environments/scenario003-standalone.yaml

@ -14,7 +14,7 @@ resource_registry:
OS::TripleO::Services::MistralEventEngine: ../../docker/services/mistral-event-engine.yaml
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/messaging/rpc-qdrouterd.yaml
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/pacemaker/notify-rabbitmq.yaml
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml

2
ci/environments/scenario004-multinode-containers.yaml

@ -23,7 +23,7 @@ resource_registry:
# These enable Pacemaker
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml

2
ci/environments/scenario004-standalone.yaml

@ -19,7 +19,7 @@ resource_registry:
OS::TripleO::Services::ManilaBackendCephFs: ../../puppet/services/manila-backend-cephfs.yaml
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml

2
ci/environments/scenario010-multinode-containers.yaml

@ -5,7 +5,7 @@ resource_registry:
OS::TripleO::Services::CephMon: ../../docker/services/ceph-ansible/ceph-mon.yaml
OS::TripleO::Services::CephOSD: ../../docker/services/ceph-ansible/ceph-osd.yaml
OS::TripleO::Services::CephClient: ../../docker/services/ceph-ansible/ceph-client.yaml
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml

2
ci/environments/scenario012-multinode-containers.yaml

@ -8,7 +8,7 @@ resource_registry:
# These enable Pacemaker
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml

79
docker/services/haproxy.yaml → deployment/haproxy/haproxy-container-puppet.yaml

@ -95,6 +95,19 @@ parameters:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
EnableLoadBalancer:
default: true
description: Whether to deploy a LoadBalancer, set to false when an external load balancer is used.
type: boolean
HAProxyStatsEnabled:
default: true
description: Whether or not to enable the HAProxy stats interface.
type: boolean
InternalTLSCRLPEMFile:
default: '/etc/pki/CA/crl/overcloud-crl.pem'
type: string
description: Specifies the default CRL PEM file to use for revocation if
TLS is used for services in the internal network.
conditions:
puppet_debug_enabled: {get_param: ConfigDebug}
@ -114,43 +127,75 @@ conditions:
resources:
ContainersCommon:
type: ./containers-common.yaml
type: ../../docker/services/containers-common.yaml
HAProxyBase:
type: ../../puppet/services/haproxy.yaml
HAProxyLogging:
type: OS::TripleO::Services::Logging::HAProxy
HAProxyPublicTLS:
type: OS::TripleO::Services::HAProxyPublicTLS
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
HAProxySyslogAddress: {get_param: HAProxySyslogAddress}
HAProxySyslogFacility: {get_param: HAProxySyslogFacility}
HAProxyLogging:
type: OS::TripleO::Services::Logging::HAProxy
HAProxyInternalTLS:
type: OS::TripleO::Services::HAProxyInternalTLS
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the HAproxy role.
value:
service_name: {get_attr: [HAProxyBase, role_data, service_name]}
service_name: haproxy
monitoring_subscription: {get_param: MonitoringSubscriptionHaproxy}
config_settings:
map_merge:
- get_attr: [HAProxyBase, role_data, config_settings]
- get_attr: [HAProxyLogging, config_settings]
- tripleo::haproxy::haproxy_service_manage: false
# NOTE(jaosorior): We disable the CRL since we have no way to restart haproxy
# when this is updated
tripleo::haproxy::crl_file: null
service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]}
- tripleo::haproxy::firewall_rules:
'107 haproxy stats':
dport: 1993
tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress}
tripleo::haproxy::haproxy_log_facility: {get_param: HAProxySyslogFacility}
tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser}
tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword}
tripleo::haproxy::redis_password: {get_param: RedisPassword}
tripleo::haproxy::crl_file: {get_param: InternalTLSCRLPEMFile}
tripleo::haproxy::haproxy_stats: {get_param: HAProxyStatsEnabled}
enable_load_balancer: {get_param: EnableLoadBalancer}
tripleo::profile::base::haproxy::certificates_specs:
map_merge:
- get_attr: [HAProxyPublicTLS, role_data, certificates_specs]
- get_attr: [HAProxyInternalTLS, role_data, certificates_specs]
- if:
- public_tls_enabled
- tripleo::haproxy::service_certificate: {get_param: DeployedSSLCertificatePath}
- {}
- if:
- internal_tls_enabled
- tripleo::haproxy::ca_bundle: {get_param: InternalTLSCAFile}
- null
- get_attr: [HAProxyPublicTLS, role_data, config_settings]
- get_attr: [HAProxyInternalTLS, role_data, config_settings]
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: haproxy
puppet_tags: haproxy_config
step_config:
"class {'::tripleo::profile::base::haproxy': manage_firewall => false}"
step_config: |
class {'::tripleo::profile::base::haproxy': manage_firewall => false}
config_image: {get_param: DockerHAProxyConfigImage}
volumes:
list_concat:
@ -254,7 +299,7 @@ outputs:
fi
exit $rc
vars:
puppet_execute: {get_attr: [HAProxyBase, role_data, step_config]}
puppet_execute: include ::tripleo::profile::base::haproxy
puppet_tags: 'tripleo::firewall::rule'
puppet_modulepath: '/etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules'
puppet_debug:
@ -286,7 +331,7 @@ outputs:
containers_to_rm:
- haproxy
host_prep_tasks:
- {get_attr: [HAProxyBase, role_data, host_prep_tasks]}
- {get_attr: [HAProxyPublicTLS, role_data, host_prep_tasks]}
- name: Check if rsyslog exists
shell: systemctl is-active rsyslog
register: rsyslog_config
@ -324,4 +369,6 @@ outputs:
/var/log/containers/haproxy.
ignore_errors: true
metadata_settings:
get_attr: [HAProxyBase, role_data, metadata_settings]
list_concat:
- {get_attr: [HAProxyPublicTLS, role_data, metadata_settings]}
- {get_attr: [HAProxyInternalTLS, role_data, metadata_settings]}

0
puppet/services/haproxy-internal-tls-certmonger.j2.yaml → deployment/haproxy/haproxy-internal-tls-certmonger.j2.yaml

26
docker/services/pacemaker/haproxy.yaml → deployment/haproxy/haproxy-pacemaker-puppet.yaml

@ -123,28 +123,31 @@ conditions:
resources:
ContainersCommon:
type: ../containers-common.yaml
type: ../../docker/services/containers-common.yaml
HAProxyBase:
type: ../../../puppet/services/pacemaker/haproxy.yaml
type: ./haproxy-container-puppet.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
HAProxySyslogAddress: {get_param: HAProxySyslogAddress}
HAProxySyslogFacility: {get_param: HAProxySyslogFacility}
outputs:
role_data:
description: Role data for the HAproxy role.
value:
service_name: {get_attr: [HAProxyBase, role_data, service_name]}
service_name: haproxy
monitoring_subscription: {get_attr: [HAProxyBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [HAProxyBase, role_data, config_settings]
- tripleo::haproxy::haproxy_service_manage: false
tripleo::haproxy::mysql_clustercheck: true
tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress}
tripleo::haproxy::haproxy_log_facility: {get_param: HAProxySyslogFacility}
- haproxy_docker: true
tripleo::profile::pacemaker::haproxy_bundle::haproxy_docker_image: &haproxy_image {get_param: DockerHAProxyImage}
tripleo::profile::pacemaker::haproxy_bundle::container_backend: {get_param: ContainerCli}
@ -174,7 +177,6 @@ outputs:
data: {get_param: DockerHAProxyImage}
expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
- 'pcmklatest'
service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: haproxy
@ -333,7 +335,7 @@ outputs:
/var/log/containers/haproxy.
ignore_errors: true
metadata_settings:
get_attr: [HAProxyBase, role_data, metadata_settings]
{get_attr: [HAProxyBase, role_data, metadata_settings]}
deploy_steps_tasks:
- name: HAproxy tag container image for pacemaker
when: step|int == 1
@ -357,7 +359,7 @@ outputs:
fi
exit $rc
vars:
puppet_execute: {get_attr: [HAProxyBase, role_data, step_config]}
puppet_execute: include ::tripleo::profile::pacemaker::haproxy
puppet_tags: 'tripleo::firewall::rule'
puppet_modulepath: '/etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules'
puppet_debug:
@ -485,7 +487,7 @@ outputs:
block:
- name: Check cluster resource status
pacemaker_resource:
resource: {get_attr: [HAProxyBase, role_data, service_name]}
resource: haproxy
state: started
check_mode: true
ignore_errors: true
@ -494,7 +496,7 @@ outputs:
block:
- name: Disable the haproxy cluster resource.
pacemaker_resource:
resource: {get_attr: [HAProxyBase, role_data, service_name]}
resource: haproxy
state: disable
wait_for_resource: true
register: output
@ -502,7 +504,7 @@ outputs:
until: output.rc == 0
- name: Delete the stopped haproxy cluster resource.
pacemaker_resource:
resource: {get_attr: [HAProxyBase, role_data, service_name]}
resource: haproxy
state: delete
wait_for_resource: true
register: output

0
puppet/services/haproxy-public-tls-certmonger.yaml → deployment/haproxy/haproxy-public-tls-certmonger.yaml

0
puppet/services/haproxy-public-tls-inject.yaml → deployment/haproxy/haproxy-public-tls-inject.yaml

2
environments/baremetal-services.yaml

@ -20,10 +20,10 @@ resource_registry:
OS::TripleO::Services::GnocchiApi: ../puppet/services/gnocchi-api.yaml
OS::TripleO::Services::GnocchiMetricd: ../puppet/services/gnocchi-metricd.yaml
OS::TripleO::Services::GnocchiStatsd: ../puppet/services/gnocchi-statsd.yaml
OS::TripleO::Services::HAproxy: ../puppet/services/haproxy.yaml
OS::TripleO::Services::HeatApi: ../deployment/heat/heat-api-container-puppet.yaml
OS::TripleO::Services::HeatApiCfn: ../deployment/heat/heat-api-cfn-container-puppet.yaml
OS::TripleO::Services::HeatEngine: ../deployment/heat/heat-engine-container-puppet.yaml
OS::TripleO::Services::HAproxy: ../deployment/haproxy/haproxy-container-puppet.yaml
OS::TripleO::Services::Horizon: ../puppet/services/horizon.yaml
OS::TripleO::Services::Iscsid: ../puppet/services/iscsid.yaml
OS::TripleO::Services::Keystone: ../deployment/keystone/keystone-container-puppet.yaml

2
environments/docker-ha.yaml

@ -16,7 +16,7 @@ resource_registry:
# HA Containers managed by pacemaker
OS::TripleO::Services::CinderVolume: ../deployment/cinder/cinder-volume-pacemaker-puppet.yaml
OS::TripleO::Services::Clustercheck: ../docker/services/pacemaker/clustercheck.yaml
OS::TripleO::Services::HAproxy: ../docker/services/pacemaker/haproxy.yaml
OS::TripleO::Services::HAproxy: ../deployment/haproxy/haproxy-pacemaker-puppet.yaml
OS::TripleO::Services::MySQL: ../docker/services/pacemaker/database/mysql.yaml
OS::TripleO::Services::OsloMessagingRpc: ../docker/services/pacemaker/rpc-rabbitmq.yaml
OS::TripleO::Services::OsloMessagingNotify: ../docker/services/messaging/notify-rabbitmq-shared.yaml

2
environments/nonha-arch.yaml

@ -3,7 +3,7 @@
resource_registry:
OS::TripleO::Services::CinderVolume: ../deployment/cinder/cinder-volume-container-puppet.yaml
OS::TripleO::Services::RabbitMQ: ../docker/services/rabbitmq.yaml
OS::TripleO::Services::HAproxy: ../docker/services/haproxy.yaml
OS::TripleO::Services::HAproxy: ../deployment/haproxy/haproxy-container-puppet.yaml
OS::TripleO::Services::Redis: ../docker/services/database/redis.yaml
OS::TripleO::Services::MySQL: ../docker/services/database/mysql.yaml
OS::TripleO::Services::Keepalived: ../docker/services/keepalived.yaml

2
environments/openshift.yaml

@ -1,6 +1,6 @@
resource_registry:
OS::TripleO::Services::Docker: ../deployment/docker/docker-baremetal-ansible.yaml
OS::TripleO::Services::HAproxy: ../docker/services/haproxy.yaml
OS::TripleO::Services::HAproxy: ../deployment/haproxy/haproxy-container-puppet.yaml
OS::TripleO::Services::Keepalived: ../deployment/keepalived/keepalived-container-puppet.yaml
OS::TripleO::Services::OpenShift::Infra: ../extraconfig/services/openshift-infra.yaml
OS::TripleO::Services::OpenShift::Master: ../extraconfig/services/openshift-master.yaml

2
environments/public-tls-undercloud.yaml

@ -3,4 +3,4 @@ parameter_defaults:
PublicSSLCertificateAutogenerated: true
resource_registry:
OS::TripleO::Services::HAProxyPublicTLS: ../puppet/services/haproxy-public-tls-certmonger.yaml
OS::TripleO::Services::HAProxyPublicTLS: ../deployment/haproxy/haproxy-public-tls-certmonger.yaml

2
environments/services-baremetal/undercloud-haproxy.yaml

@ -1,2 +1,2 @@
resource_registry:
OS::TripleO::Services::UndercloudHAProxy: ../../puppet/services/haproxy.yaml
OS::TripleO::Services::UndercloudHAProxy: ../../deployment/haproxy/haproxy-container-puppet.yaml

2
environments/services/haproxy-public-tls-certmonger.yaml

@ -1,7 +1,7 @@
# A Heat environment file which can be used to enable a
# a TLS for HAProxy via certmonger
resource_registry:
OS::TripleO::Services::HAProxyPublicTLS: ../../puppet/services/haproxy-public-tls-certmonger.yaml
OS::TripleO::Services::HAProxyPublicTLS: ../../deployment/haproxy/haproxy-public-tls-certmonger.yaml
parameter_defaults:
PublicSSLCertificateAutogenerated: true

2
environments/services/undercloud-haproxy.yaml

@ -1,4 +1,4 @@
# DEPRECATED. This file will be removed in the Stein release as it is no longer
# needed
resource_registry:
OS::TripleO::Services::HAproxy: ../../docker/services/haproxy.yaml
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-container-puppet.yaml

2
environments/ssl/enable-internal-tls.yaml

@ -36,5 +36,5 @@ parameter_defaults:
resource_registry:
OS::TripleO::ServiceServerMetadataHook: ../../extraconfig/nova_metadata/krb-service-principals.yaml
OS::TripleO::Services::CertmongerUser: ../../puppet/services/certmonger-user.yaml
OS::TripleO::Services::HAProxyInternalTLS: ../../puppet/services/haproxy-internal-tls-certmonger.yaml
OS::TripleO::Services::HAProxyInternalTLS: ../../deployment/haproxy/haproxy-internal-tls-certmonger.yaml
OS::TripleO::Services::TLSProxyBase: ../../puppet/services/apache.yaml

4
overcloud-resource-registry-puppet.j2.yaml

@ -176,8 +176,8 @@ resource_registry:
OS::TripleO::Services::OsloMessagingNotify: docker/services/messaging/notify-rabbitmq-shared.yaml
OS::TripleO::Services::RabbitMQ: OS::Heat::None
OS::TripleO::Services::Qdr: OS::Heat::None
OS::TripleO::Services::HAproxy: docker/services/haproxy.yaml
OS::TripleO::Services::HAProxyPublicTLS: puppet/services/haproxy-public-tls-inject.yaml
OS::TripleO::Services::HAproxy: deployment/haproxy/haproxy-container-puppet.yaml
OS::TripleO::Services::HAProxyPublicTLS: deployment/haproxy/haproxy-public-tls-inject.yaml
OS::TripleO::Services::HAProxyInternalTLS: OS::Heat::None
OS::TripleO::Services::Iscsid: docker/services/iscsid.yaml
OS::TripleO::Services::Keepalived: deployment/keepalived/keepalived-container-puppet.yaml

175
puppet/services/haproxy.yaml

@ -1,175 +0,0 @@
heat_template_version: rocky
description: >
HAproxy service configured with Puppet
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
EnableLoadBalancer:
default: true
description: Whether to deploy a LoadBalancer, set to false when an external load balancer is used.
type: boolean
HAProxyStatsPassword:
description: Password for HAProxy stats endpoint
hidden: true
type: string
HAProxyStatsUser:
description: User for HAProxy stats endpoint
default: admin
type: string
HAProxySyslogAddress:
default: /dev/log
description: Syslog address where HAproxy will send its log
type: string
HAProxySyslogFacility:
default: local0
description: Syslog facility HAProxy will use for its logs
type: string
HAProxyStatsEnabled:
default: true
description: Whether or not to enable the HAProxy stats interface.
type: boolean
RedisPassword:
description: The password for the redis service account.
type: string
hidden: true
MonitoringSubscriptionHaproxy:
default: 'overcloud-haproxy'
type: string
SSLCertificate:
default: ''
description: >
The content of the SSL certificate (without Key) in PEM format.
type: string
PublicSSLCertificateAutogenerated:
default: false
description: >
Whether the public SSL certificate was autogenerated or not.
type: boolean
EnablePublicTLS:
default: true
description: >
Whether to enable TLS on the public interface or not.
type: boolean
DeployedSSLCertificatePath:
default: '/etc/pki/tls/private/overcloud_endpoint.pem'
description: >
The filepath of the certificate as it will be stored in the controller.
type: string
EnableInternalTLS:
type: boolean
default: false
InternalTLSCAFile:
default: '/etc/ipa/ca.crt'
type: string
description: Specifies the default CA cert to use if TLS is used for
services in the internal network.
InternalTLSCRLPEMFile:
default: '/etc/pki/CA/crl/overcloud-crl.pem'
type: string
description: Specifies the default CRL PEM file to use for revocation if
TLS is used for services in the internal network.
conditions:
public_tls_enabled:
and:
- {get_param: EnablePublicTLS}
- or:
- not:
equals:
- {get_param: SSLCertificate}
- ""
- equals:
- {get_param: PublicSSLCertificateAutogenerated}
- true
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
HAProxyPublicTLS:
type: OS::TripleO::Services::HAProxyPublicTLS
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
HAProxyInternalTLS:
type: OS::TripleO::Services::HAProxyInternalTLS
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the HAproxy role.
value:
service_name: haproxy
monitoring_subscription: {get_param: MonitoringSubscriptionHaproxy}
config_settings:
map_merge:
- tripleo::haproxy::firewall_rules:
'107 haproxy stats':
dport: 1993
tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress}
tripleo::haproxy::haproxy_log_facility: {get_param: HAProxySyslogFacility}
tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser}
tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword}
tripleo::haproxy::redis_password: {get_param: RedisPassword}
tripleo::haproxy::crl_file: {get_param: InternalTLSCRLPEMFile}
tripleo::haproxy::haproxy_stats: {get_param: HAProxyStatsEnabled}
enable_load_balancer: {get_param: EnableLoadBalancer}
tripleo::profile::base::haproxy::certificates_specs:
map_merge:
- get_attr: [HAProxyPublicTLS, role_data, certificates_specs]
- get_attr: [HAProxyInternalTLS, role_data, certificates_specs]
- if:
- public_tls_enabled
- tripleo::haproxy::service_certificate: {get_param: DeployedSSLCertificatePath}
- {}
- if:
- internal_tls_enabled
- tripleo::haproxy::ca_bundle: {get_param: InternalTLSCAFile}
- null
- get_attr: [HAProxyPublicTLS, role_data, config_settings]
- get_attr: [HAProxyInternalTLS, role_data, config_settings]
step_config: |
include ::tripleo::profile::base::haproxy
upgrade_tasks: []
host_prep_tasks: {get_attr: [HAProxyPublicTLS, role_data, host_prep_tasks]}
metadata_settings:
list_concat:
- {get_attr: [HAProxyPublicTLS, role_data, metadata_settings]}
- {get_attr: [HAProxyInternalTLS, role_data, metadata_settings]}

70
puppet/services/pacemaker/haproxy.yaml

@ -1,70 +0,0 @@
heat_template_version: rocky
description: >
HAproxy service with Pacemaker configured with Puppet
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
HAProxySyslogFacility:
default: local0
description: Syslog facility HAProxy will use for its logs
type: string
HAProxySyslogAddress:
default: /dev/log
description: Syslog address where HAproxy will send its log
type: string
resources:
LoadbalancerServiceBase:
type: ../haproxy.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the HAproxy with pacemaker role.
value:
service_name: haproxy
monitoring_subscription: {get_attr: [LoadbalancerServiceBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [LoadbalancerServiceBase, role_data, config_settings]
- tripleo::haproxy::haproxy_service_manage: false
tripleo::haproxy::mysql_clustercheck: true
tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress}
tripleo::haproxy::haproxy_log_facility: {get_param: HAProxySyslogFacility}
step_config: |
include ::tripleo::profile::pacemaker::haproxy
host_prep_tasks: {get_attr: [LoadbalancerServiceBase, role_data, host_prep_tasks]}
metadata_settings:
get_attr: [LoadbalancerServiceBase, role_data, metadata_settings]

4
releasenotes/notes/drop-baremetal-haproxy-5e2f0f3c9b8da664.yaml

@ -0,0 +1,4 @@
---
upgrade:
- |
Installing haproxy services on baremetal is no longer supported.

10
sample-env-generator/ssl.yaml

@ -7,7 +7,7 @@ environments:
For these values to take effect, one of the tls-endpoints-*.yaml
environments must also be used.
files:
puppet/services/haproxy-public-tls-inject.yaml:
deployment/haproxy/haproxy-public-tls-inject.yaml:
parameters: all
puppet/services/horizon.yaml:
parameters:
@ -58,7 +58,7 @@ environments:
resource_registry:
# FIXME(bogdando): switch it, once it is containerized
OS::TripleO::Services::CertmongerUser: ../../puppet/services/certmonger-user.yaml
OS::TripleO::Services::HAProxyInternalTLS: ../../puppet/services/haproxy-internal-tls-certmonger.yaml
OS::TripleO::Services::HAProxyInternalTLS: ../../deployment/haproxy/haproxy-internal-tls-certmonger.yaml
# We use apache as a TLS proxy
# FIXME(bogdando): switch it, once it is containerized
OS::TripleO::Services::TLSProxyBase: ../../puppet/services/apache.yaml
@ -465,13 +465,13 @@ environments:
network/endpoints/endpoint_map.yaml:
parameters:
- EndpointMap
docker/services/haproxy.yaml:
deployment/haproxy/haproxy-container-puppet.yaml:
parameters:
- EnablePublicTLS
docker/services/pacemaker/haproxy.yaml:
deployment/haproxy/haproxy-pacemaker-puppet.yaml:
parameters:
- EnablePublicTLS
puppet/services/haproxy.yaml:
deployment/haproxy/haproxy-container-puppet.yaml:
parameters:
- EnablePublicTLS
sample_values:

Loading…
Cancel
Save