Browse Source

flatten haproxy service configuration

This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.

With this patch the baremetal version of haproxy services has been removed.

Change-Id: Id55ae44a7b1b5f08b40170f7406e14973fa93639
Related-Blueprint: services-yaml-flattening
changes/31/626631/18
David J Peacock 3 years ago
parent
commit
05d77c9ed5
31 changed files with 109 additions and 301 deletions
  1. +1
    -1
      ci/environments/multinode-3nodes-registry.yaml
  2. +1
    -1
      ci/environments/scenario000-multinode-containers.yaml
  3. +1
    -1
      ci/environments/scenario001-multinode-containers.yaml
  4. +1
    -1
      ci/environments/scenario001-standalone.yaml
  5. +1
    -1
      ci/environments/scenario002-multinode-containers.yaml
  6. +1
    -1
      ci/environments/scenario002-standalone.yaml
  7. +1
    -1
      ci/environments/scenario003-multinode-containers.yaml
  8. +1
    -1
      ci/environments/scenario003-standalone.yaml
  9. +1
    -1
      ci/environments/scenario004-multinode-containers.yaml
  10. +1
    -1
      ci/environments/scenario004-standalone.yaml
  11. +1
    -1
      ci/environments/scenario010-multinode-containers.yaml
  12. +1
    -1
      ci/environments/scenario012-multinode-containers.yaml
  13. +63
    -16
      deployment/haproxy/haproxy-container-puppet.yaml
  14. +0
    -0
      deployment/haproxy/haproxy-internal-tls-certmonger.j2.yaml
  15. +14
    -12
      deployment/haproxy/haproxy-pacemaker-puppet.yaml
  16. +0
    -0
      deployment/haproxy/haproxy-public-tls-certmonger.yaml
  17. +0
    -0
      deployment/haproxy/haproxy-public-tls-inject.yaml
  18. +1
    -1
      environments/baremetal-services.yaml
  19. +1
    -1
      environments/docker-ha.yaml
  20. +1
    -1
      environments/nonha-arch.yaml
  21. +1
    -1
      environments/openshift.yaml
  22. +1
    -1
      environments/public-tls-undercloud.yaml
  23. +1
    -1
      environments/services-baremetal/undercloud-haproxy.yaml
  24. +1
    -1
      environments/services/haproxy-public-tls-certmonger.yaml
  25. +1
    -1
      environments/services/undercloud-haproxy.yaml
  26. +1
    -1
      environments/ssl/enable-internal-tls.yaml
  27. +2
    -2
      overcloud-resource-registry-puppet.j2.yaml
  28. +0
    -175
      puppet/services/haproxy.yaml
  29. +0
    -70
      puppet/services/pacemaker/haproxy.yaml
  30. +4
    -0
      releasenotes/notes/drop-baremetal-haproxy-5e2f0f3c9b8da664.yaml
  31. +5
    -5
      sample-env-generator/ssl.yaml

+ 1
- 1
ci/environments/multinode-3nodes-registry.yaml View File

@ -4,7 +4,7 @@ resource_registry:
OS::TripleO::Services::Core: multinode-core.yaml
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml


+ 1
- 1
ci/environments/scenario000-multinode-containers.yaml View File

@ -7,7 +7,7 @@ resource_registry:
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml


+ 1
- 1
ci/environments/scenario001-multinode-containers.yaml View File

@ -10,7 +10,7 @@ resource_registry:
OS::TripleO::Services::MetricsQdr: ../../docker/services/metrics/qdr.yaml
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml


+ 1
- 1
ci/environments/scenario001-standalone.yaml View File

@ -22,7 +22,7 @@ resource_registry:
OS::TripleO::Services::MetricsQdr: ../../docker/services/metrics/qdr.yaml
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml


+ 1
- 1
ci/environments/scenario002-multinode-containers.yaml View File

@ -8,7 +8,7 @@ resource_registry:
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
OS::TripleO::Services::Redis: ../../docker/services/pacemaker/database/redis.yaml
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml


+ 1
- 1
ci/environments/scenario002-standalone.yaml View File

@ -20,7 +20,7 @@ resource_registry:
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
OS::TripleO::Services::Redis: ../../docker/services/pacemaker/database/redis.yaml
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml


+ 1
- 1
ci/environments/scenario003-multinode-containers.yaml View File

@ -9,7 +9,7 @@ resource_registry:
OS::TripleO::Services::MistralEventEngine: ../../docker/services/mistral-event-engine.yaml
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/messaging/rpc-qdrouterd.yaml
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/pacemaker/notify-rabbitmq.yaml
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml


+ 1
- 1
ci/environments/scenario003-standalone.yaml View File

@ -14,7 +14,7 @@ resource_registry:
OS::TripleO::Services::MistralEventEngine: ../../docker/services/mistral-event-engine.yaml
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/messaging/rpc-qdrouterd.yaml
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/pacemaker/notify-rabbitmq.yaml
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml


+ 1
- 1
ci/environments/scenario004-multinode-containers.yaml View File

@ -23,7 +23,7 @@ resource_registry:
# These enable Pacemaker
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml


+ 1
- 1
ci/environments/scenario004-standalone.yaml View File

@ -19,7 +19,7 @@ resource_registry:
OS::TripleO::Services::ManilaBackendCephFs: ../../puppet/services/manila-backend-cephfs.yaml
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml


+ 1
- 1
ci/environments/scenario010-multinode-containers.yaml View File

@ -5,7 +5,7 @@ resource_registry:
OS::TripleO::Services::CephMon: ../../docker/services/ceph-ansible/ceph-mon.yaml
OS::TripleO::Services::CephOSD: ../../docker/services/ceph-ansible/ceph-osd.yaml
OS::TripleO::Services::CephClient: ../../docker/services/ceph-ansible/ceph-client.yaml
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml


+ 1
- 1
ci/environments/scenario012-multinode-containers.yaml View File

@ -8,7 +8,7 @@ resource_registry:
# These enable Pacemaker
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml


docker/services/haproxy.yaml → deployment/haproxy/haproxy-container-puppet.yaml View File


puppet/services/haproxy-internal-tls-certmonger.j2.yaml → deployment/haproxy/haproxy-internal-tls-certmonger.j2.yaml View File


docker/services/pacemaker/haproxy.yaml → deployment/haproxy/haproxy-pacemaker-puppet.yaml View File


puppet/services/haproxy-public-tls-certmonger.yaml → deployment/haproxy/haproxy-public-tls-certmonger.yaml View File


puppet/services/haproxy-public-tls-inject.yaml → deployment/haproxy/haproxy-public-tls-inject.yaml View File


+ 1
- 1
environments/baremetal-services.yaml View File

@ -20,10 +20,10 @@ resource_registry:
OS::TripleO::Services::GnocchiApi: ../puppet/services/gnocchi-api.yaml
OS::TripleO::Services::GnocchiMetricd: ../puppet/services/gnocchi-metricd.yaml
OS::TripleO::Services::GnocchiStatsd: ../puppet/services/gnocchi-statsd.yaml
OS::TripleO::Services::HAproxy: ../puppet/services/haproxy.yaml
OS::TripleO::Services::HeatApi: ../deployment/heat/heat-api-container-puppet.yaml
OS::TripleO::Services::HeatApiCfn: ../deployment/heat/heat-api-cfn-container-puppet.yaml
OS::TripleO::Services::HeatEngine: ../deployment/heat/heat-engine-container-puppet.yaml
OS::TripleO::Services::HAproxy: ../deployment/haproxy/haproxy-container-puppet.yaml
OS::TripleO::Services::Horizon: ../puppet/services/horizon.yaml
OS::TripleO::Services::Iscsid: ../puppet/services/iscsid.yaml
OS::TripleO::Services::Keystone: ../deployment/keystone/keystone-container-puppet.yaml


+ 1
- 1
environments/docker-ha.yaml View File

@ -16,7 +16,7 @@ resource_registry:
# HA Containers managed by pacemaker
OS::TripleO::Services::CinderVolume: ../deployment/cinder/cinder-volume-pacemaker-puppet.yaml
OS::TripleO::Services::Clustercheck: ../docker/services/pacemaker/clustercheck.yaml
OS::TripleO::Services::HAproxy: ../docker/services/pacemaker/haproxy.yaml
OS::TripleO::Services::HAproxy: ../deployment/haproxy/haproxy-pacemaker-puppet.yaml
OS::TripleO::Services::MySQL: ../docker/services/pacemaker/database/mysql.yaml
OS::TripleO::Services::OsloMessagingRpc: ../docker/services/pacemaker/rpc-rabbitmq.yaml
OS::TripleO::Services::OsloMessagingNotify: ../docker/services/messaging/notify-rabbitmq-shared.yaml


+ 1
- 1
environments/nonha-arch.yaml View File

@ -3,7 +3,7 @@
resource_registry:
OS::TripleO::Services::CinderVolume: ../deployment/cinder/cinder-volume-container-puppet.yaml
OS::TripleO::Services::RabbitMQ: ../docker/services/rabbitmq.yaml
OS::TripleO::Services::HAproxy: ../docker/services/haproxy.yaml
OS::TripleO::Services::HAproxy: ../deployment/haproxy/haproxy-container-puppet.yaml
OS::TripleO::Services::Redis: ../docker/services/database/redis.yaml
OS::TripleO::Services::MySQL: ../docker/services/database/mysql.yaml
OS::TripleO::Services::Keepalived: ../docker/services/keepalived.yaml


+ 1
- 1
environments/openshift.yaml View File

@ -1,6 +1,6 @@
resource_registry:
OS::TripleO::Services::Docker: ../deployment/docker/docker-baremetal-ansible.yaml
OS::TripleO::Services::HAproxy: ../docker/services/haproxy.yaml
OS::TripleO::Services::HAproxy: ../deployment/haproxy/haproxy-container-puppet.yaml
OS::TripleO::Services::Keepalived: ../deployment/keepalived/keepalived-container-puppet.yaml
OS::TripleO::Services::OpenShift::Infra: ../extraconfig/services/openshift-infra.yaml
OS::TripleO::Services::OpenShift::Master: ../extraconfig/services/openshift-master.yaml


+ 1
- 1
environments/public-tls-undercloud.yaml View File

@ -3,4 +3,4 @@ parameter_defaults:
PublicSSLCertificateAutogenerated: true
resource_registry:
OS::TripleO::Services::HAProxyPublicTLS: ../puppet/services/haproxy-public-tls-certmonger.yaml
OS::TripleO::Services::HAProxyPublicTLS: ../deployment/haproxy/haproxy-public-tls-certmonger.yaml

+ 1
- 1
environments/services-baremetal/undercloud-haproxy.yaml View File

@ -1,2 +1,2 @@
resource_registry:
OS::TripleO::Services::UndercloudHAProxy: ../../puppet/services/haproxy.yaml
OS::TripleO::Services::UndercloudHAProxy: ../../deployment/haproxy/haproxy-container-puppet.yaml

+ 1
- 1
environments/services/haproxy-public-tls-certmonger.yaml View File

@ -1,7 +1,7 @@
# A Heat environment file which can be used to enable a
# a TLS for HAProxy via certmonger
resource_registry:
OS::TripleO::Services::HAProxyPublicTLS: ../../puppet/services/haproxy-public-tls-certmonger.yaml
OS::TripleO::Services::HAProxyPublicTLS: ../../deployment/haproxy/haproxy-public-tls-certmonger.yaml
parameter_defaults:
PublicSSLCertificateAutogenerated: true

+ 1
- 1
environments/services/undercloud-haproxy.yaml View File

@ -1,4 +1,4 @@
# DEPRECATED. This file will be removed in the Stein release as it is no longer
# needed
resource_registry:
OS::TripleO::Services::HAproxy: ../../docker/services/haproxy.yaml
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-container-puppet.yaml

+ 1
- 1
environments/ssl/enable-internal-tls.yaml View File

@ -36,5 +36,5 @@ parameter_defaults:
resource_registry:
OS::TripleO::ServiceServerMetadataHook: ../../extraconfig/nova_metadata/krb-service-principals.yaml
OS::TripleO::Services::CertmongerUser: ../../puppet/services/certmonger-user.yaml
OS::TripleO::Services::HAProxyInternalTLS: ../../puppet/services/haproxy-internal-tls-certmonger.yaml
OS::TripleO::Services::HAProxyInternalTLS: ../../deployment/haproxy/haproxy-internal-tls-certmonger.yaml
OS::TripleO::Services::TLSProxyBase: ../../puppet/services/apache.yaml

+ 2
- 2
overcloud-resource-registry-puppet.j2.yaml View File

@ -176,8 +176,8 @@ resource_registry:
OS::TripleO::Services::OsloMessagingNotify: docker/services/messaging/notify-rabbitmq-shared.yaml
OS::TripleO::Services::RabbitMQ: OS::Heat::None
OS::TripleO::Services::Qdr: OS::Heat::None
OS::TripleO::Services::HAproxy: docker/services/haproxy.yaml
OS::TripleO::Services::HAProxyPublicTLS: puppet/services/haproxy-public-tls-inject.yaml
OS::TripleO::Services::HAproxy: deployment/haproxy/haproxy-container-puppet.yaml
OS::TripleO::Services::HAProxyPublicTLS: deployment/haproxy/haproxy-public-tls-inject.yaml
OS::TripleO::Services::HAProxyInternalTLS: OS::Heat::None
OS::TripleO::Services::Iscsid: docker/services/iscsid.yaml
OS::TripleO::Services::Keepalived: deployment/keepalived/keepalived-container-puppet.yaml


+ 0
- 175
puppet/services/haproxy.yaml View File

@ -1,175 +0,0 @@
heat_template_version: rocky
description: >
HAproxy service configured with Puppet
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
EnableLoadBalancer:
default: true
description: Whether to deploy a LoadBalancer, set to false when an external load balancer is used.
type: boolean
HAProxyStatsPassword:
description: Password for HAProxy stats endpoint
hidden: true
type: string
HAProxyStatsUser:
description: User for HAProxy stats endpoint
default: admin
type: string
HAProxySyslogAddress:
default: /dev/log
description: Syslog address where HAproxy will send its log
type: string
HAProxySyslogFacility:
default: local0
description: Syslog facility HAProxy will use for its logs
type: string
HAProxyStatsEnabled:
default: true
description: Whether or not to enable the HAProxy stats interface.
type: boolean
RedisPassword:
description: The password for the redis service account.
type: string
hidden: true
MonitoringSubscriptionHaproxy:
default: 'overcloud-haproxy'
type: string
SSLCertificate:
default: ''
description: >
The content of the SSL certificate (without Key) in PEM format.
type: string
PublicSSLCertificateAutogenerated:
default: false
description: >
Whether the public SSL certificate was autogenerated or not.
type: boolean
EnablePublicTLS:
default: true
description: >
Whether to enable TLS on the public interface or not.
type: boolean
DeployedSSLCertificatePath:
default: '/etc/pki/tls/private/overcloud_endpoint.pem'
description: >
The filepath of the certificate as it will be stored in the controller.
type: string
EnableInternalTLS:
type: boolean
default: false
InternalTLSCAFile:
default: '/etc/ipa/ca.crt'
type: string
description: Specifies the default CA cert to use if TLS is used for
services in the internal network.
InternalTLSCRLPEMFile:
default: '/etc/pki/CA/crl/overcloud-crl.pem'
type: string
description: Specifies the default CRL PEM file to use for revocation if
TLS is used for services in the internal network.
conditions:
public_tls_enabled:
and:
- {get_param: EnablePublicTLS}
- or:
- not:
equals:
- {get_param: SSLCertificate}
- ""
- equals:
- {get_param: PublicSSLCertificateAutogenerated}
- true
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
HAProxyPublicTLS:
type: OS::TripleO::Services::HAProxyPublicTLS
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
HAProxyInternalTLS:
type: OS::TripleO::Services::HAProxyInternalTLS
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the HAproxy role.
value:
service_name: haproxy
monitoring_subscription: {get_param: MonitoringSubscriptionHaproxy}
config_settings:
map_merge:
- tripleo::haproxy::firewall_rules:
'107 haproxy stats':
dport: 1993
tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress}
tripleo::haproxy::haproxy_log_facility: {get_param: HAProxySyslogFacility}
tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser}
tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword}
tripleo::haproxy::redis_password: {get_param: RedisPassword}
tripleo::haproxy::crl_file: {get_param: InternalTLSCRLPEMFile}
tripleo::haproxy::haproxy_stats: {get_param: HAProxyStatsEnabled}
enable_load_balancer: {get_param: EnableLoadBalancer}
tripleo::profile::base::haproxy::certificates_specs:
map_merge:
- get_attr: [HAProxyPublicTLS, role_data, certificates_specs]
- get_attr: [HAProxyInternalTLS, role_data, certificates_specs]
- if:
- public_tls_enabled
- tripleo::haproxy::service_certificate: {get_param: DeployedSSLCertificatePath}
- {}
- if:
- internal_tls_enabled
- tripleo::haproxy::ca_bundle: {get_param: InternalTLSCAFile}
- null
- get_attr: [HAProxyPublicTLS, role_data, config_settings]
- get_attr: [HAProxyInternalTLS, role_data, config_settings]
step_config: |
include ::tripleo::profile::base::haproxy
upgrade_tasks: []
host_prep_tasks: {get_attr: [HAProxyPublicTLS, role_data, host_prep_tasks]}
metadata_settings:
list_concat:
- {get_attr: [HAProxyPublicTLS, role_data, metadata_settings]}
- {get_attr: [HAProxyInternalTLS, role_data, metadata_settings]}

+ 0
- 70
puppet/services/pacemaker/haproxy.yaml View File

@ -1,70 +0,0 @@
heat_template_version: rocky
description: >
HAproxy service with Pacemaker configured with Puppet
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
HAProxySyslogFacility:
default: local0
description: Syslog facility HAProxy will use for its logs
type: string
HAProxySyslogAddress:
default: /dev/log
description: Syslog address where HAproxy will send its log
type: string
resources:
LoadbalancerServiceBase:
type: ../haproxy.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the HAproxy with pacemaker role.
value:
service_name: haproxy
monitoring_subscription: {get_attr: [LoadbalancerServiceBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [LoadbalancerServiceBase, role_data, config_settings]
- tripleo::haproxy::haproxy_service_manage: false
tripleo::haproxy::mysql_clustercheck: true
tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress}
tripleo::haproxy::haproxy_log_facility: {get_param: HAProxySyslogFacility}
step_config: |
include ::tripleo::profile::pacemaker::haproxy
host_prep_tasks: {get_attr: [LoadbalancerServiceBase, role_data, host_prep_tasks]}
metadata_settings:
get_attr: [LoadbalancerServiceBase, role_data, metadata_settings]

+ 4
- 0
releasenotes/notes/drop-baremetal-haproxy-5e2f0f3c9b8da664.yaml View File

@ -0,0 +1,4 @@
---
upgrade:
- |
Installing haproxy services on baremetal is no longer supported.

+ 5
- 5
sample-env-generator/ssl.yaml View File

@ -7,7 +7,7 @@ environments:
For these values to take effect, one of the tls-endpoints-*.yaml
environments must also be used.
files:
puppet/services/haproxy-public-tls-inject.yaml:
deployment/haproxy/haproxy-public-tls-inject.yaml:
parameters: all
puppet/services/horizon.yaml:
parameters:
@ -58,7 +58,7 @@ environments:
resource_registry:
# FIXME(bogdando): switch it, once it is containerized
OS::TripleO::Services::CertmongerUser: ../../puppet/services/certmonger-user.yaml
OS::TripleO::Services::HAProxyInternalTLS: ../../puppet/services/haproxy-internal-tls-certmonger.yaml
OS::TripleO::Services::HAProxyInternalTLS: ../../deployment/haproxy/haproxy-internal-tls-certmonger.yaml
# We use apache as a TLS proxy
# FIXME(bogdando): switch it, once it is containerized
OS::TripleO::Services::TLSProxyBase: ../../puppet/services/apache.yaml
@ -465,13 +465,13 @@ environments:
network/endpoints/endpoint_map.yaml:
parameters:
- EndpointMap
docker/services/haproxy.yaml:
deployment/haproxy/haproxy-container-puppet.yaml:
parameters:
- EnablePublicTLS
docker/services/pacemaker/haproxy.yaml:
deployment/haproxy/haproxy-pacemaker-puppet.yaml:
parameters:
- EnablePublicTLS
puppet/services/haproxy.yaml:
deployment/haproxy/haproxy-container-puppet.yaml:
parameters:
- EnablePublicTLS
sample_values:


Loading…
Cancel
Save