flatten haproxy service configuration
This change combines the previous puppet and docker files into a single file that performs the docker service installation and configuration. With this patch the baremetal version of haproxy services has been removed. Change-Id: Id55ae44a7b1b5f08b40170f7406e14973fa93639 Related-Blueprint: services-yaml-flattening
This commit is contained in:
parent
33ad00de4a
commit
05d77c9ed5
|
@ -4,7 +4,7 @@ resource_registry:
|
||||||
OS::TripleO::Services::Core: multinode-core.yaml
|
OS::TripleO::Services::Core: multinode-core.yaml
|
||||||
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
|
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
|
||||||
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
|
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
|
||||||
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
|
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
|
||||||
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
|
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
|
||||||
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
|
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
|
||||||
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
|
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
|
||||||
|
|
|
@ -7,7 +7,7 @@ resource_registry:
|
||||||
|
|
||||||
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
|
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
|
||||||
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
|
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
|
||||||
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
|
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
|
||||||
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
|
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
|
||||||
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
|
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
|
||||||
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
|
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
|
||||||
|
|
|
@ -10,7 +10,7 @@ resource_registry:
|
||||||
OS::TripleO::Services::MetricsQdr: ../../docker/services/metrics/qdr.yaml
|
OS::TripleO::Services::MetricsQdr: ../../docker/services/metrics/qdr.yaml
|
||||||
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
|
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
|
||||||
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
|
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
|
||||||
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
|
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
|
||||||
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
|
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
|
||||||
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
|
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
|
||||||
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
|
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
|
||||||
|
|
|
@ -22,7 +22,7 @@ resource_registry:
|
||||||
OS::TripleO::Services::MetricsQdr: ../../docker/services/metrics/qdr.yaml
|
OS::TripleO::Services::MetricsQdr: ../../docker/services/metrics/qdr.yaml
|
||||||
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
|
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
|
||||||
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
|
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
|
||||||
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
|
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
|
||||||
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
|
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
|
||||||
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
|
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
|
||||||
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
|
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
|
||||||
|
|
|
@ -8,7 +8,7 @@ resource_registry:
|
||||||
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
|
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
|
||||||
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
|
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
|
||||||
OS::TripleO::Services::Redis: ../../docker/services/pacemaker/database/redis.yaml
|
OS::TripleO::Services::Redis: ../../docker/services/pacemaker/database/redis.yaml
|
||||||
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
|
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
|
||||||
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
|
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
|
||||||
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
|
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
|
||||||
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
|
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
|
||||||
|
|
|
@ -20,7 +20,7 @@ resource_registry:
|
||||||
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
|
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
|
||||||
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
|
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
|
||||||
OS::TripleO::Services::Redis: ../../docker/services/pacemaker/database/redis.yaml
|
OS::TripleO::Services::Redis: ../../docker/services/pacemaker/database/redis.yaml
|
||||||
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
|
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
|
||||||
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
|
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
|
||||||
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
|
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
|
||||||
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
|
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
|
||||||
|
|
|
@ -9,7 +9,7 @@ resource_registry:
|
||||||
OS::TripleO::Services::MistralEventEngine: ../../docker/services/mistral-event-engine.yaml
|
OS::TripleO::Services::MistralEventEngine: ../../docker/services/mistral-event-engine.yaml
|
||||||
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/messaging/rpc-qdrouterd.yaml
|
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/messaging/rpc-qdrouterd.yaml
|
||||||
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/pacemaker/notify-rabbitmq.yaml
|
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/pacemaker/notify-rabbitmq.yaml
|
||||||
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
|
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
|
||||||
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
|
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
|
||||||
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
|
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
|
||||||
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
|
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
|
||||||
|
|
|
@ -14,7 +14,7 @@ resource_registry:
|
||||||
OS::TripleO::Services::MistralEventEngine: ../../docker/services/mistral-event-engine.yaml
|
OS::TripleO::Services::MistralEventEngine: ../../docker/services/mistral-event-engine.yaml
|
||||||
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/messaging/rpc-qdrouterd.yaml
|
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/messaging/rpc-qdrouterd.yaml
|
||||||
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/pacemaker/notify-rabbitmq.yaml
|
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/pacemaker/notify-rabbitmq.yaml
|
||||||
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
|
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
|
||||||
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
|
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
|
||||||
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
|
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
|
||||||
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
|
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
|
||||||
|
|
|
@ -23,7 +23,7 @@ resource_registry:
|
||||||
# These enable Pacemaker
|
# These enable Pacemaker
|
||||||
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
|
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
|
||||||
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
|
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
|
||||||
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
|
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
|
||||||
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
|
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
|
||||||
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
|
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
|
||||||
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
|
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
|
||||||
|
|
|
@ -19,7 +19,7 @@ resource_registry:
|
||||||
OS::TripleO::Services::ManilaBackendCephFs: ../../puppet/services/manila-backend-cephfs.yaml
|
OS::TripleO::Services::ManilaBackendCephFs: ../../puppet/services/manila-backend-cephfs.yaml
|
||||||
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
|
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
|
||||||
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
|
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
|
||||||
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
|
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
|
||||||
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
|
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
|
||||||
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
|
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
|
||||||
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
|
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
|
||||||
|
|
|
@ -5,7 +5,7 @@ resource_registry:
|
||||||
OS::TripleO::Services::CephMon: ../../docker/services/ceph-ansible/ceph-mon.yaml
|
OS::TripleO::Services::CephMon: ../../docker/services/ceph-ansible/ceph-mon.yaml
|
||||||
OS::TripleO::Services::CephOSD: ../../docker/services/ceph-ansible/ceph-osd.yaml
|
OS::TripleO::Services::CephOSD: ../../docker/services/ceph-ansible/ceph-osd.yaml
|
||||||
OS::TripleO::Services::CephClient: ../../docker/services/ceph-ansible/ceph-client.yaml
|
OS::TripleO::Services::CephClient: ../../docker/services/ceph-ansible/ceph-client.yaml
|
||||||
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
|
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
|
||||||
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
|
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
|
||||||
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
|
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
|
||||||
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
|
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
|
||||||
|
|
|
@ -8,7 +8,7 @@ resource_registry:
|
||||||
# These enable Pacemaker
|
# These enable Pacemaker
|
||||||
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
|
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
|
||||||
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
|
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
|
||||||
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
|
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
|
||||||
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
|
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
|
||||||
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
|
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
|
||||||
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
|
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
|
||||||
|
|
|
@ -95,6 +95,19 @@ parameters:
|
||||||
default: false
|
default: false
|
||||||
description: Remove package if the service is being disabled during upgrade
|
description: Remove package if the service is being disabled during upgrade
|
||||||
type: boolean
|
type: boolean
|
||||||
|
EnableLoadBalancer:
|
||||||
|
default: true
|
||||||
|
description: Whether to deploy a LoadBalancer, set to false when an external load balancer is used.
|
||||||
|
type: boolean
|
||||||
|
HAProxyStatsEnabled:
|
||||||
|
default: true
|
||||||
|
description: Whether or not to enable the HAProxy stats interface.
|
||||||
|
type: boolean
|
||||||
|
InternalTLSCRLPEMFile:
|
||||||
|
default: '/etc/pki/CA/crl/overcloud-crl.pem'
|
||||||
|
type: string
|
||||||
|
description: Specifies the default CRL PEM file to use for revocation if
|
||||||
|
TLS is used for services in the internal network.
|
||||||
|
|
||||||
conditions:
|
conditions:
|
||||||
puppet_debug_enabled: {get_param: ConfigDebug}
|
puppet_debug_enabled: {get_param: ConfigDebug}
|
||||||
|
@ -114,43 +127,75 @@ conditions:
|
||||||
resources:
|
resources:
|
||||||
|
|
||||||
ContainersCommon:
|
ContainersCommon:
|
||||||
type: ./containers-common.yaml
|
type: ../../docker/services/containers-common.yaml
|
||||||
|
|
||||||
HAProxyBase:
|
|
||||||
type: ../../puppet/services/haproxy.yaml
|
|
||||||
properties:
|
|
||||||
EndpointMap: {get_param: EndpointMap}
|
|
||||||
ServiceData: {get_param: ServiceData}
|
|
||||||
ServiceNetMap: {get_param: ServiceNetMap}
|
|
||||||
DefaultPasswords: {get_param: DefaultPasswords}
|
|
||||||
RoleName: {get_param: RoleName}
|
|
||||||
RoleParameters: {get_param: RoleParameters}
|
|
||||||
HAProxySyslogAddress: {get_param: HAProxySyslogAddress}
|
|
||||||
HAProxySyslogFacility: {get_param: HAProxySyslogFacility}
|
|
||||||
|
|
||||||
HAProxyLogging:
|
HAProxyLogging:
|
||||||
type: OS::TripleO::Services::Logging::HAProxy
|
type: OS::TripleO::Services::Logging::HAProxy
|
||||||
|
|
||||||
|
HAProxyPublicTLS:
|
||||||
|
type: OS::TripleO::Services::HAProxyPublicTLS
|
||||||
|
properties:
|
||||||
|
ServiceData: {get_param: ServiceData}
|
||||||
|
ServiceNetMap: {get_param: ServiceNetMap}
|
||||||
|
DefaultPasswords: {get_param: DefaultPasswords}
|
||||||
|
EndpointMap: {get_param: EndpointMap}
|
||||||
|
RoleName: {get_param: RoleName}
|
||||||
|
RoleParameters: {get_param: RoleParameters}
|
||||||
|
|
||||||
|
HAProxyInternalTLS:
|
||||||
|
type: OS::TripleO::Services::HAProxyInternalTLS
|
||||||
|
properties:
|
||||||
|
ServiceData: {get_param: ServiceData}
|
||||||
|
ServiceNetMap: {get_param: ServiceNetMap}
|
||||||
|
DefaultPasswords: {get_param: DefaultPasswords}
|
||||||
|
EndpointMap: {get_param: EndpointMap}
|
||||||
|
RoleName: {get_param: RoleName}
|
||||||
|
RoleParameters: {get_param: RoleParameters}
|
||||||
|
|
||||||
outputs:
|
outputs:
|
||||||
role_data:
|
role_data:
|
||||||
description: Role data for the HAproxy role.
|
description: Role data for the HAproxy role.
|
||||||
value:
|
value:
|
||||||
service_name: {get_attr: [HAProxyBase, role_data, service_name]}
|
service_name: haproxy
|
||||||
|
monitoring_subscription: {get_param: MonitoringSubscriptionHaproxy}
|
||||||
config_settings:
|
config_settings:
|
||||||
map_merge:
|
map_merge:
|
||||||
- get_attr: [HAProxyBase, role_data, config_settings]
|
|
||||||
- get_attr: [HAProxyLogging, config_settings]
|
- get_attr: [HAProxyLogging, config_settings]
|
||||||
- tripleo::haproxy::haproxy_service_manage: false
|
- tripleo::haproxy::haproxy_service_manage: false
|
||||||
# NOTE(jaosorior): We disable the CRL since we have no way to restart haproxy
|
# NOTE(jaosorior): We disable the CRL since we have no way to restart haproxy
|
||||||
# when this is updated
|
# when this is updated
|
||||||
tripleo::haproxy::crl_file: null
|
tripleo::haproxy::crl_file: null
|
||||||
service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]}
|
- tripleo::haproxy::firewall_rules:
|
||||||
|
'107 haproxy stats':
|
||||||
|
dport: 1993
|
||||||
|
tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress}
|
||||||
|
tripleo::haproxy::haproxy_log_facility: {get_param: HAProxySyslogFacility}
|
||||||
|
tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser}
|
||||||
|
tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword}
|
||||||
|
tripleo::haproxy::redis_password: {get_param: RedisPassword}
|
||||||
|
tripleo::haproxy::crl_file: {get_param: InternalTLSCRLPEMFile}
|
||||||
|
tripleo::haproxy::haproxy_stats: {get_param: HAProxyStatsEnabled}
|
||||||
|
enable_load_balancer: {get_param: EnableLoadBalancer}
|
||||||
|
tripleo::profile::base::haproxy::certificates_specs:
|
||||||
|
map_merge:
|
||||||
|
- get_attr: [HAProxyPublicTLS, role_data, certificates_specs]
|
||||||
|
- get_attr: [HAProxyInternalTLS, role_data, certificates_specs]
|
||||||
|
- if:
|
||||||
|
- public_tls_enabled
|
||||||
|
- tripleo::haproxy::service_certificate: {get_param: DeployedSSLCertificatePath}
|
||||||
|
- {}
|
||||||
|
- if:
|
||||||
|
- internal_tls_enabled
|
||||||
|
- tripleo::haproxy::ca_bundle: {get_param: InternalTLSCAFile}
|
||||||
|
- null
|
||||||
|
- get_attr: [HAProxyPublicTLS, role_data, config_settings]
|
||||||
|
- get_attr: [HAProxyInternalTLS, role_data, config_settings]
|
||||||
# BEGIN DOCKER SETTINGS
|
# BEGIN DOCKER SETTINGS
|
||||||
puppet_config:
|
puppet_config:
|
||||||
config_volume: haproxy
|
config_volume: haproxy
|
||||||
puppet_tags: haproxy_config
|
puppet_tags: haproxy_config
|
||||||
step_config:
|
step_config: |
|
||||||
"class {'::tripleo::profile::base::haproxy': manage_firewall => false}"
|
class {'::tripleo::profile::base::haproxy': manage_firewall => false}
|
||||||
config_image: {get_param: DockerHAProxyConfigImage}
|
config_image: {get_param: DockerHAProxyConfigImage}
|
||||||
volumes:
|
volumes:
|
||||||
list_concat:
|
list_concat:
|
||||||
|
@ -254,7 +299,7 @@ outputs:
|
||||||
fi
|
fi
|
||||||
exit $rc
|
exit $rc
|
||||||
vars:
|
vars:
|
||||||
puppet_execute: {get_attr: [HAProxyBase, role_data, step_config]}
|
puppet_execute: include ::tripleo::profile::base::haproxy
|
||||||
puppet_tags: 'tripleo::firewall::rule'
|
puppet_tags: 'tripleo::firewall::rule'
|
||||||
puppet_modulepath: '/etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules'
|
puppet_modulepath: '/etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules'
|
||||||
puppet_debug:
|
puppet_debug:
|
||||||
|
@ -286,7 +331,7 @@ outputs:
|
||||||
containers_to_rm:
|
containers_to_rm:
|
||||||
- haproxy
|
- haproxy
|
||||||
host_prep_tasks:
|
host_prep_tasks:
|
||||||
- {get_attr: [HAProxyBase, role_data, host_prep_tasks]}
|
- {get_attr: [HAProxyPublicTLS, role_data, host_prep_tasks]}
|
||||||
- name: Check if rsyslog exists
|
- name: Check if rsyslog exists
|
||||||
shell: systemctl is-active rsyslog
|
shell: systemctl is-active rsyslog
|
||||||
register: rsyslog_config
|
register: rsyslog_config
|
||||||
|
@ -324,4 +369,6 @@ outputs:
|
||||||
/var/log/containers/haproxy.
|
/var/log/containers/haproxy.
|
||||||
ignore_errors: true
|
ignore_errors: true
|
||||||
metadata_settings:
|
metadata_settings:
|
||||||
get_attr: [HAProxyBase, role_data, metadata_settings]
|
list_concat:
|
||||||
|
- {get_attr: [HAProxyPublicTLS, role_data, metadata_settings]}
|
||||||
|
- {get_attr: [HAProxyInternalTLS, role_data, metadata_settings]}
|
|
@ -123,28 +123,31 @@ conditions:
|
||||||
resources:
|
resources:
|
||||||
|
|
||||||
ContainersCommon:
|
ContainersCommon:
|
||||||
type: ../containers-common.yaml
|
type: ../../docker/services/containers-common.yaml
|
||||||
|
|
||||||
HAProxyBase:
|
HAProxyBase:
|
||||||
type: ../../../puppet/services/pacemaker/haproxy.yaml
|
type: ./haproxy-container-puppet.yaml
|
||||||
properties:
|
properties:
|
||||||
EndpointMap: {get_param: EndpointMap}
|
|
||||||
ServiceData: {get_param: ServiceData}
|
ServiceData: {get_param: ServiceData}
|
||||||
ServiceNetMap: {get_param: ServiceNetMap}
|
ServiceNetMap: {get_param: ServiceNetMap}
|
||||||
DefaultPasswords: {get_param: DefaultPasswords}
|
DefaultPasswords: {get_param: DefaultPasswords}
|
||||||
|
EndpointMap: {get_param: EndpointMap}
|
||||||
RoleName: {get_param: RoleName}
|
RoleName: {get_param: RoleName}
|
||||||
RoleParameters: {get_param: RoleParameters}
|
RoleParameters: {get_param: RoleParameters}
|
||||||
HAProxySyslogAddress: {get_param: HAProxySyslogAddress}
|
|
||||||
HAProxySyslogFacility: {get_param: HAProxySyslogFacility}
|
|
||||||
|
|
||||||
outputs:
|
outputs:
|
||||||
role_data:
|
role_data:
|
||||||
description: Role data for the HAproxy role.
|
description: Role data for the HAproxy role.
|
||||||
value:
|
value:
|
||||||
service_name: {get_attr: [HAProxyBase, role_data, service_name]}
|
service_name: haproxy
|
||||||
|
monitoring_subscription: {get_attr: [HAProxyBase, role_data, monitoring_subscription]}
|
||||||
config_settings:
|
config_settings:
|
||||||
map_merge:
|
map_merge:
|
||||||
- get_attr: [HAProxyBase, role_data, config_settings]
|
- get_attr: [HAProxyBase, role_data, config_settings]
|
||||||
|
- tripleo::haproxy::haproxy_service_manage: false
|
||||||
|
tripleo::haproxy::mysql_clustercheck: true
|
||||||
|
tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress}
|
||||||
|
tripleo::haproxy::haproxy_log_facility: {get_param: HAProxySyslogFacility}
|
||||||
- haproxy_docker: true
|
- haproxy_docker: true
|
||||||
tripleo::profile::pacemaker::haproxy_bundle::haproxy_docker_image: &haproxy_image {get_param: DockerHAProxyImage}
|
tripleo::profile::pacemaker::haproxy_bundle::haproxy_docker_image: &haproxy_image {get_param: DockerHAProxyImage}
|
||||||
tripleo::profile::pacemaker::haproxy_bundle::container_backend: {get_param: ContainerCli}
|
tripleo::profile::pacemaker::haproxy_bundle::container_backend: {get_param: ContainerCli}
|
||||||
|
@ -174,7 +177,6 @@ outputs:
|
||||||
data: {get_param: DockerHAProxyImage}
|
data: {get_param: DockerHAProxyImage}
|
||||||
expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
|
expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
|
||||||
- 'pcmklatest'
|
- 'pcmklatest'
|
||||||
service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]}
|
|
||||||
# BEGIN DOCKER SETTINGS
|
# BEGIN DOCKER SETTINGS
|
||||||
puppet_config:
|
puppet_config:
|
||||||
config_volume: haproxy
|
config_volume: haproxy
|
||||||
|
@ -333,7 +335,7 @@ outputs:
|
||||||
/var/log/containers/haproxy.
|
/var/log/containers/haproxy.
|
||||||
ignore_errors: true
|
ignore_errors: true
|
||||||
metadata_settings:
|
metadata_settings:
|
||||||
get_attr: [HAProxyBase, role_data, metadata_settings]
|
{get_attr: [HAProxyBase, role_data, metadata_settings]}
|
||||||
deploy_steps_tasks:
|
deploy_steps_tasks:
|
||||||
- name: HAproxy tag container image for pacemaker
|
- name: HAproxy tag container image for pacemaker
|
||||||
when: step|int == 1
|
when: step|int == 1
|
||||||
|
@ -357,7 +359,7 @@ outputs:
|
||||||
fi
|
fi
|
||||||
exit $rc
|
exit $rc
|
||||||
vars:
|
vars:
|
||||||
puppet_execute: {get_attr: [HAProxyBase, role_data, step_config]}
|
puppet_execute: include ::tripleo::profile::pacemaker::haproxy
|
||||||
puppet_tags: 'tripleo::firewall::rule'
|
puppet_tags: 'tripleo::firewall::rule'
|
||||||
puppet_modulepath: '/etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules'
|
puppet_modulepath: '/etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules'
|
||||||
puppet_debug:
|
puppet_debug:
|
||||||
|
@ -485,7 +487,7 @@ outputs:
|
||||||
block:
|
block:
|
||||||
- name: Check cluster resource status
|
- name: Check cluster resource status
|
||||||
pacemaker_resource:
|
pacemaker_resource:
|
||||||
resource: {get_attr: [HAProxyBase, role_data, service_name]}
|
resource: haproxy
|
||||||
state: started
|
state: started
|
||||||
check_mode: true
|
check_mode: true
|
||||||
ignore_errors: true
|
ignore_errors: true
|
||||||
|
@ -494,7 +496,7 @@ outputs:
|
||||||
block:
|
block:
|
||||||
- name: Disable the haproxy cluster resource.
|
- name: Disable the haproxy cluster resource.
|
||||||
pacemaker_resource:
|
pacemaker_resource:
|
||||||
resource: {get_attr: [HAProxyBase, role_data, service_name]}
|
resource: haproxy
|
||||||
state: disable
|
state: disable
|
||||||
wait_for_resource: true
|
wait_for_resource: true
|
||||||
register: output
|
register: output
|
||||||
|
@ -502,7 +504,7 @@ outputs:
|
||||||
until: output.rc == 0
|
until: output.rc == 0
|
||||||
- name: Delete the stopped haproxy cluster resource.
|
- name: Delete the stopped haproxy cluster resource.
|
||||||
pacemaker_resource:
|
pacemaker_resource:
|
||||||
resource: {get_attr: [HAProxyBase, role_data, service_name]}
|
resource: haproxy
|
||||||
state: delete
|
state: delete
|
||||||
wait_for_resource: true
|
wait_for_resource: true
|
||||||
register: output
|
register: output
|
|
@ -20,10 +20,10 @@ resource_registry:
|
||||||
OS::TripleO::Services::GnocchiApi: ../puppet/services/gnocchi-api.yaml
|
OS::TripleO::Services::GnocchiApi: ../puppet/services/gnocchi-api.yaml
|
||||||
OS::TripleO::Services::GnocchiMetricd: ../puppet/services/gnocchi-metricd.yaml
|
OS::TripleO::Services::GnocchiMetricd: ../puppet/services/gnocchi-metricd.yaml
|
||||||
OS::TripleO::Services::GnocchiStatsd: ../puppet/services/gnocchi-statsd.yaml
|
OS::TripleO::Services::GnocchiStatsd: ../puppet/services/gnocchi-statsd.yaml
|
||||||
OS::TripleO::Services::HAproxy: ../puppet/services/haproxy.yaml
|
|
||||||
OS::TripleO::Services::HeatApi: ../deployment/heat/heat-api-container-puppet.yaml
|
OS::TripleO::Services::HeatApi: ../deployment/heat/heat-api-container-puppet.yaml
|
||||||
OS::TripleO::Services::HeatApiCfn: ../deployment/heat/heat-api-cfn-container-puppet.yaml
|
OS::TripleO::Services::HeatApiCfn: ../deployment/heat/heat-api-cfn-container-puppet.yaml
|
||||||
OS::TripleO::Services::HeatEngine: ../deployment/heat/heat-engine-container-puppet.yaml
|
OS::TripleO::Services::HeatEngine: ../deployment/heat/heat-engine-container-puppet.yaml
|
||||||
|
OS::TripleO::Services::HAproxy: ../deployment/haproxy/haproxy-container-puppet.yaml
|
||||||
OS::TripleO::Services::Horizon: ../puppet/services/horizon.yaml
|
OS::TripleO::Services::Horizon: ../puppet/services/horizon.yaml
|
||||||
OS::TripleO::Services::Iscsid: ../puppet/services/iscsid.yaml
|
OS::TripleO::Services::Iscsid: ../puppet/services/iscsid.yaml
|
||||||
OS::TripleO::Services::Keystone: ../deployment/keystone/keystone-container-puppet.yaml
|
OS::TripleO::Services::Keystone: ../deployment/keystone/keystone-container-puppet.yaml
|
||||||
|
|
|
@ -16,7 +16,7 @@ resource_registry:
|
||||||
# HA Containers managed by pacemaker
|
# HA Containers managed by pacemaker
|
||||||
OS::TripleO::Services::CinderVolume: ../deployment/cinder/cinder-volume-pacemaker-puppet.yaml
|
OS::TripleO::Services::CinderVolume: ../deployment/cinder/cinder-volume-pacemaker-puppet.yaml
|
||||||
OS::TripleO::Services::Clustercheck: ../docker/services/pacemaker/clustercheck.yaml
|
OS::TripleO::Services::Clustercheck: ../docker/services/pacemaker/clustercheck.yaml
|
||||||
OS::TripleO::Services::HAproxy: ../docker/services/pacemaker/haproxy.yaml
|
OS::TripleO::Services::HAproxy: ../deployment/haproxy/haproxy-pacemaker-puppet.yaml
|
||||||
OS::TripleO::Services::MySQL: ../docker/services/pacemaker/database/mysql.yaml
|
OS::TripleO::Services::MySQL: ../docker/services/pacemaker/database/mysql.yaml
|
||||||
OS::TripleO::Services::OsloMessagingRpc: ../docker/services/pacemaker/rpc-rabbitmq.yaml
|
OS::TripleO::Services::OsloMessagingRpc: ../docker/services/pacemaker/rpc-rabbitmq.yaml
|
||||||
OS::TripleO::Services::OsloMessagingNotify: ../docker/services/messaging/notify-rabbitmq-shared.yaml
|
OS::TripleO::Services::OsloMessagingNotify: ../docker/services/messaging/notify-rabbitmq-shared.yaml
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
resource_registry:
|
resource_registry:
|
||||||
OS::TripleO::Services::CinderVolume: ../deployment/cinder/cinder-volume-container-puppet.yaml
|
OS::TripleO::Services::CinderVolume: ../deployment/cinder/cinder-volume-container-puppet.yaml
|
||||||
OS::TripleO::Services::RabbitMQ: ../docker/services/rabbitmq.yaml
|
OS::TripleO::Services::RabbitMQ: ../docker/services/rabbitmq.yaml
|
||||||
OS::TripleO::Services::HAproxy: ../docker/services/haproxy.yaml
|
OS::TripleO::Services::HAproxy: ../deployment/haproxy/haproxy-container-puppet.yaml
|
||||||
OS::TripleO::Services::Redis: ../docker/services/database/redis.yaml
|
OS::TripleO::Services::Redis: ../docker/services/database/redis.yaml
|
||||||
OS::TripleO::Services::MySQL: ../docker/services/database/mysql.yaml
|
OS::TripleO::Services::MySQL: ../docker/services/database/mysql.yaml
|
||||||
OS::TripleO::Services::Keepalived: ../docker/services/keepalived.yaml
|
OS::TripleO::Services::Keepalived: ../docker/services/keepalived.yaml
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
resource_registry:
|
resource_registry:
|
||||||
OS::TripleO::Services::Docker: ../deployment/docker/docker-baremetal-ansible.yaml
|
OS::TripleO::Services::Docker: ../deployment/docker/docker-baremetal-ansible.yaml
|
||||||
OS::TripleO::Services::HAproxy: ../docker/services/haproxy.yaml
|
OS::TripleO::Services::HAproxy: ../deployment/haproxy/haproxy-container-puppet.yaml
|
||||||
OS::TripleO::Services::Keepalived: ../deployment/keepalived/keepalived-container-puppet.yaml
|
OS::TripleO::Services::Keepalived: ../deployment/keepalived/keepalived-container-puppet.yaml
|
||||||
OS::TripleO::Services::OpenShift::Infra: ../extraconfig/services/openshift-infra.yaml
|
OS::TripleO::Services::OpenShift::Infra: ../extraconfig/services/openshift-infra.yaml
|
||||||
OS::TripleO::Services::OpenShift::Master: ../extraconfig/services/openshift-master.yaml
|
OS::TripleO::Services::OpenShift::Master: ../extraconfig/services/openshift-master.yaml
|
||||||
|
|
|
@ -3,4 +3,4 @@ parameter_defaults:
|
||||||
PublicSSLCertificateAutogenerated: true
|
PublicSSLCertificateAutogenerated: true
|
||||||
|
|
||||||
resource_registry:
|
resource_registry:
|
||||||
OS::TripleO::Services::HAProxyPublicTLS: ../puppet/services/haproxy-public-tls-certmonger.yaml
|
OS::TripleO::Services::HAProxyPublicTLS: ../deployment/haproxy/haproxy-public-tls-certmonger.yaml
|
||||||
|
|
|
@ -1,2 +1,2 @@
|
||||||
resource_registry:
|
resource_registry:
|
||||||
OS::TripleO::Services::UndercloudHAProxy: ../../puppet/services/haproxy.yaml
|
OS::TripleO::Services::UndercloudHAProxy: ../../deployment/haproxy/haproxy-container-puppet.yaml
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# A Heat environment file which can be used to enable a
|
# A Heat environment file which can be used to enable a
|
||||||
# a TLS for HAProxy via certmonger
|
# a TLS for HAProxy via certmonger
|
||||||
resource_registry:
|
resource_registry:
|
||||||
OS::TripleO::Services::HAProxyPublicTLS: ../../puppet/services/haproxy-public-tls-certmonger.yaml
|
OS::TripleO::Services::HAProxyPublicTLS: ../../deployment/haproxy/haproxy-public-tls-certmonger.yaml
|
||||||
|
|
||||||
parameter_defaults:
|
parameter_defaults:
|
||||||
PublicSSLCertificateAutogenerated: true
|
PublicSSLCertificateAutogenerated: true
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# DEPRECATED. This file will be removed in the Stein release as it is no longer
|
# DEPRECATED. This file will be removed in the Stein release as it is no longer
|
||||||
# needed
|
# needed
|
||||||
resource_registry:
|
resource_registry:
|
||||||
OS::TripleO::Services::HAproxy: ../../docker/services/haproxy.yaml
|
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-container-puppet.yaml
|
||||||
|
|
|
@ -36,5 +36,5 @@ parameter_defaults:
|
||||||
resource_registry:
|
resource_registry:
|
||||||
OS::TripleO::ServiceServerMetadataHook: ../../extraconfig/nova_metadata/krb-service-principals.yaml
|
OS::TripleO::ServiceServerMetadataHook: ../../extraconfig/nova_metadata/krb-service-principals.yaml
|
||||||
OS::TripleO::Services::CertmongerUser: ../../puppet/services/certmonger-user.yaml
|
OS::TripleO::Services::CertmongerUser: ../../puppet/services/certmonger-user.yaml
|
||||||
OS::TripleO::Services::HAProxyInternalTLS: ../../puppet/services/haproxy-internal-tls-certmonger.yaml
|
OS::TripleO::Services::HAProxyInternalTLS: ../../deployment/haproxy/haproxy-internal-tls-certmonger.yaml
|
||||||
OS::TripleO::Services::TLSProxyBase: ../../puppet/services/apache.yaml
|
OS::TripleO::Services::TLSProxyBase: ../../puppet/services/apache.yaml
|
||||||
|
|
|
@ -176,8 +176,8 @@ resource_registry:
|
||||||
OS::TripleO::Services::OsloMessagingNotify: docker/services/messaging/notify-rabbitmq-shared.yaml
|
OS::TripleO::Services::OsloMessagingNotify: docker/services/messaging/notify-rabbitmq-shared.yaml
|
||||||
OS::TripleO::Services::RabbitMQ: OS::Heat::None
|
OS::TripleO::Services::RabbitMQ: OS::Heat::None
|
||||||
OS::TripleO::Services::Qdr: OS::Heat::None
|
OS::TripleO::Services::Qdr: OS::Heat::None
|
||||||
OS::TripleO::Services::HAproxy: docker/services/haproxy.yaml
|
OS::TripleO::Services::HAproxy: deployment/haproxy/haproxy-container-puppet.yaml
|
||||||
OS::TripleO::Services::HAProxyPublicTLS: puppet/services/haproxy-public-tls-inject.yaml
|
OS::TripleO::Services::HAProxyPublicTLS: deployment/haproxy/haproxy-public-tls-inject.yaml
|
||||||
OS::TripleO::Services::HAProxyInternalTLS: OS::Heat::None
|
OS::TripleO::Services::HAProxyInternalTLS: OS::Heat::None
|
||||||
OS::TripleO::Services::Iscsid: docker/services/iscsid.yaml
|
OS::TripleO::Services::Iscsid: docker/services/iscsid.yaml
|
||||||
OS::TripleO::Services::Keepalived: deployment/keepalived/keepalived-container-puppet.yaml
|
OS::TripleO::Services::Keepalived: deployment/keepalived/keepalived-container-puppet.yaml
|
||||||
|
|
|
@ -1,175 +0,0 @@
|
||||||
heat_template_version: rocky
|
|
||||||
|
|
||||||
description: >
|
|
||||||
HAproxy service configured with Puppet
|
|
||||||
|
|
||||||
parameters:
|
|
||||||
ServiceData:
|
|
||||||
default: {}
|
|
||||||
description: Dictionary packing service data
|
|
||||||
type: json
|
|
||||||
ServiceNetMap:
|
|
||||||
default: {}
|
|
||||||
description: Mapping of service_name -> network name. Typically set
|
|
||||||
via parameter_defaults in the resource registry. This
|
|
||||||
mapping overrides those in ServiceNetMapDefaults.
|
|
||||||
type: json
|
|
||||||
DefaultPasswords:
|
|
||||||
default: {}
|
|
||||||
type: json
|
|
||||||
RoleName:
|
|
||||||
default: ''
|
|
||||||
description: Role name on which the service is applied
|
|
||||||
type: string
|
|
||||||
RoleParameters:
|
|
||||||
default: {}
|
|
||||||
description: Parameters specific to the role
|
|
||||||
type: json
|
|
||||||
EndpointMap:
|
|
||||||
default: {}
|
|
||||||
description: Mapping of service endpoint -> protocol. Typically set
|
|
||||||
via parameter_defaults in the resource registry.
|
|
||||||
type: json
|
|
||||||
EnableLoadBalancer:
|
|
||||||
default: true
|
|
||||||
description: Whether to deploy a LoadBalancer, set to false when an external load balancer is used.
|
|
||||||
type: boolean
|
|
||||||
HAProxyStatsPassword:
|
|
||||||
description: Password for HAProxy stats endpoint
|
|
||||||
hidden: true
|
|
||||||
type: string
|
|
||||||
HAProxyStatsUser:
|
|
||||||
description: User for HAProxy stats endpoint
|
|
||||||
default: admin
|
|
||||||
type: string
|
|
||||||
HAProxySyslogAddress:
|
|
||||||
default: /dev/log
|
|
||||||
description: Syslog address where HAproxy will send its log
|
|
||||||
type: string
|
|
||||||
HAProxySyslogFacility:
|
|
||||||
default: local0
|
|
||||||
description: Syslog facility HAProxy will use for its logs
|
|
||||||
type: string
|
|
||||||
HAProxyStatsEnabled:
|
|
||||||
default: true
|
|
||||||
description: Whether or not to enable the HAProxy stats interface.
|
|
||||||
type: boolean
|
|
||||||
RedisPassword:
|
|
||||||
description: The password for the redis service account.
|
|
||||||
type: string
|
|
||||||
hidden: true
|
|
||||||
MonitoringSubscriptionHaproxy:
|
|
||||||
default: 'overcloud-haproxy'
|
|
||||||
type: string
|
|
||||||
SSLCertificate:
|
|
||||||
default: ''
|
|
||||||
description: >
|
|
||||||
The content of the SSL certificate (without Key) in PEM format.
|
|
||||||
type: string
|
|
||||||
PublicSSLCertificateAutogenerated:
|
|
||||||
default: false
|
|
||||||
description: >
|
|
||||||
Whether the public SSL certificate was autogenerated or not.
|
|
||||||
type: boolean
|
|
||||||
EnablePublicTLS:
|
|
||||||
default: true
|
|
||||||
description: >
|
|
||||||
Whether to enable TLS on the public interface or not.
|
|
||||||
type: boolean
|
|
||||||
DeployedSSLCertificatePath:
|
|
||||||
default: '/etc/pki/tls/private/overcloud_endpoint.pem'
|
|
||||||
description: >
|
|
||||||
The filepath of the certificate as it will be stored in the controller.
|
|
||||||
type: string
|
|
||||||
EnableInternalTLS:
|
|
||||||
type: boolean
|
|
||||||
default: false
|
|
||||||
InternalTLSCAFile:
|
|
||||||
default: '/etc/ipa/ca.crt'
|
|
||||||
type: string
|
|
||||||
description: Specifies the default CA cert to use if TLS is used for
|
|
||||||
services in the internal network.
|
|
||||||
InternalTLSCRLPEMFile:
|
|
||||||
default: '/etc/pki/CA/crl/overcloud-crl.pem'
|
|
||||||
type: string
|
|
||||||
description: Specifies the default CRL PEM file to use for revocation if
|
|
||||||
TLS is used for services in the internal network.
|
|
||||||
|
|
||||||
conditions:
|
|
||||||
|
|
||||||
public_tls_enabled:
|
|
||||||
and:
|
|
||||||
- {get_param: EnablePublicTLS}
|
|
||||||
- or:
|
|
||||||
- not:
|
|
||||||
equals:
|
|
||||||
- {get_param: SSLCertificate}
|
|
||||||
- ""
|
|
||||||
- equals:
|
|
||||||
- {get_param: PublicSSLCertificateAutogenerated}
|
|
||||||
- true
|
|
||||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
|
||||||
|
|
||||||
resources:
|
|
||||||
|
|
||||||
HAProxyPublicTLS:
|
|
||||||
type: OS::TripleO::Services::HAProxyPublicTLS
|
|
||||||
properties:
|
|
||||||
ServiceData: {get_param: ServiceData}
|
|
||||||
ServiceNetMap: {get_param: ServiceNetMap}
|
|
||||||
DefaultPasswords: {get_param: DefaultPasswords}
|
|
||||||
EndpointMap: {get_param: EndpointMap}
|
|
||||||
RoleName: {get_param: RoleName}
|
|
||||||
RoleParameters: {get_param: RoleParameters}
|
|
||||||
|
|
||||||
HAProxyInternalTLS:
|
|
||||||
type: OS::TripleO::Services::HAProxyInternalTLS
|
|
||||||
properties:
|
|
||||||
ServiceData: {get_param: ServiceData}
|
|
||||||
ServiceNetMap: {get_param: ServiceNetMap}
|
|
||||||
DefaultPasswords: {get_param: DefaultPasswords}
|
|
||||||
EndpointMap: {get_param: EndpointMap}
|
|
||||||
RoleName: {get_param: RoleName}
|
|
||||||
RoleParameters: {get_param: RoleParameters}
|
|
||||||
|
|
||||||
outputs:
|
|
||||||
role_data:
|
|
||||||
description: Role data for the HAproxy role.
|
|
||||||
value:
|
|
||||||
service_name: haproxy
|
|
||||||
monitoring_subscription: {get_param: MonitoringSubscriptionHaproxy}
|
|
||||||
config_settings:
|
|
||||||
map_merge:
|
|
||||||
- tripleo::haproxy::firewall_rules:
|
|
||||||
'107 haproxy stats':
|
|
||||||
dport: 1993
|
|
||||||
tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress}
|
|
||||||
tripleo::haproxy::haproxy_log_facility: {get_param: HAProxySyslogFacility}
|
|
||||||
tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser}
|
|
||||||
tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword}
|
|
||||||
tripleo::haproxy::redis_password: {get_param: RedisPassword}
|
|
||||||
tripleo::haproxy::crl_file: {get_param: InternalTLSCRLPEMFile}
|
|
||||||
tripleo::haproxy::haproxy_stats: {get_param: HAProxyStatsEnabled}
|
|
||||||
enable_load_balancer: {get_param: EnableLoadBalancer}
|
|
||||||
tripleo::profile::base::haproxy::certificates_specs:
|
|
||||||
map_merge:
|
|
||||||
- get_attr: [HAProxyPublicTLS, role_data, certificates_specs]
|
|
||||||
- get_attr: [HAProxyInternalTLS, role_data, certificates_specs]
|
|
||||||
- if:
|
|
||||||
- public_tls_enabled
|
|
||||||
- tripleo::haproxy::service_certificate: {get_param: DeployedSSLCertificatePath}
|
|
||||||
- {}
|
|
||||||
- if:
|
|
||||||
- internal_tls_enabled
|
|
||||||
- tripleo::haproxy::ca_bundle: {get_param: InternalTLSCAFile}
|
|
||||||
- null
|
|
||||||
- get_attr: [HAProxyPublicTLS, role_data, config_settings]
|
|
||||||
- get_attr: [HAProxyInternalTLS, role_data, config_settings]
|
|
||||||
step_config: |
|
|
||||||
include ::tripleo::profile::base::haproxy
|
|
||||||
upgrade_tasks: []
|
|
||||||
host_prep_tasks: {get_attr: [HAProxyPublicTLS, role_data, host_prep_tasks]}
|
|
||||||
metadata_settings:
|
|
||||||
list_concat:
|
|
||||||
- {get_attr: [HAProxyPublicTLS, role_data, metadata_settings]}
|
|
||||||
- {get_attr: [HAProxyInternalTLS, role_data, metadata_settings]}
|
|
|
@ -1,70 +0,0 @@
|
||||||
heat_template_version: rocky
|
|
||||||
|
|
||||||
description: >
|
|
||||||
HAproxy service with Pacemaker configured with Puppet
|
|
||||||
|
|
||||||
parameters:
|
|
||||||
ServiceData:
|
|
||||||
default: {}
|
|
||||||
description: Dictionary packing service data
|
|
||||||
type: json
|
|
||||||
ServiceNetMap:
|
|
||||||
default: {}
|
|
||||||
description: Mapping of service_name -> network name. Typically set
|
|
||||||
via parameter_defaults in the resource registry. This
|
|
||||||
mapping overrides those in ServiceNetMapDefaults.
|
|
||||||
type: json
|
|
||||||
DefaultPasswords:
|
|
||||||
default: {}
|
|
||||||
type: json
|
|
||||||
RoleName:
|
|
||||||
default: ''
|
|
||||||
description: Role name on which the service is applied
|
|
||||||
type: string
|
|
||||||
RoleParameters:
|
|
||||||
default: {}
|
|
||||||
description: Parameters specific to the role
|
|
||||||
type: json
|
|
||||||
EndpointMap:
|
|
||||||
default: {}
|
|
||||||
description: Mapping of service endpoint -> protocol. Typically set
|
|
||||||
via parameter_defaults in the resource registry.
|
|
||||||
type: json
|
|
||||||
HAProxySyslogFacility:
|
|
||||||
default: local0
|
|
||||||
description: Syslog facility HAProxy will use for its logs
|
|
||||||
type: string
|
|
||||||
HAProxySyslogAddress:
|
|
||||||
default: /dev/log
|
|
||||||
description: Syslog address where HAproxy will send its log
|
|
||||||
type: string
|
|
||||||
|
|
||||||
resources:
|
|
||||||
LoadbalancerServiceBase:
|
|
||||||
type: ../haproxy.yaml
|
|
||||||
properties:
|
|
||||||
ServiceData: {get_param: ServiceData}
|
|
||||||
ServiceNetMap: {get_param: ServiceNetMap}
|
|
||||||
DefaultPasswords: {get_param: DefaultPasswords}
|
|
||||||
EndpointMap: {get_param: EndpointMap}
|
|
||||||
RoleName: {get_param: RoleName}
|
|
||||||
RoleParameters: {get_param: RoleParameters}
|
|
||||||
|
|
||||||
outputs:
|
|
||||||
role_data:
|
|
||||||
description: Role data for the HAproxy with pacemaker role.
|
|
||||||
value:
|
|
||||||
service_name: haproxy
|
|
||||||
monitoring_subscription: {get_attr: [LoadbalancerServiceBase, role_data, monitoring_subscription]}
|
|
||||||
config_settings:
|
|
||||||
map_merge:
|
|
||||||
- get_attr: [LoadbalancerServiceBase, role_data, config_settings]
|
|
||||||
- tripleo::haproxy::haproxy_service_manage: false
|
|
||||||
tripleo::haproxy::mysql_clustercheck: true
|
|
||||||
tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress}
|
|
||||||
tripleo::haproxy::haproxy_log_facility: {get_param: HAProxySyslogFacility}
|
|
||||||
step_config: |
|
|
||||||
include ::tripleo::profile::pacemaker::haproxy
|
|
||||||
host_prep_tasks: {get_attr: [LoadbalancerServiceBase, role_data, host_prep_tasks]}
|
|
||||||
metadata_settings:
|
|
||||||
get_attr: [LoadbalancerServiceBase, role_data, metadata_settings]
|
|
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
upgrade:
|
||||||
|
- |
|
||||||
|
Installing haproxy services on baremetal is no longer supported.
|
|
@ -7,7 +7,7 @@ environments:
|
||||||
For these values to take effect, one of the tls-endpoints-*.yaml
|
For these values to take effect, one of the tls-endpoints-*.yaml
|
||||||
environments must also be used.
|
environments must also be used.
|
||||||
files:
|
files:
|
||||||
puppet/services/haproxy-public-tls-inject.yaml:
|
deployment/haproxy/haproxy-public-tls-inject.yaml:
|
||||||
parameters: all
|
parameters: all
|
||||||
puppet/services/horizon.yaml:
|
puppet/services/horizon.yaml:
|
||||||
parameters:
|
parameters:
|
||||||
|
@ -58,7 +58,7 @@ environments:
|
||||||
resource_registry:
|
resource_registry:
|
||||||
# FIXME(bogdando): switch it, once it is containerized
|
# FIXME(bogdando): switch it, once it is containerized
|
||||||
OS::TripleO::Services::CertmongerUser: ../../puppet/services/certmonger-user.yaml
|
OS::TripleO::Services::CertmongerUser: ../../puppet/services/certmonger-user.yaml
|
||||||
OS::TripleO::Services::HAProxyInternalTLS: ../../puppet/services/haproxy-internal-tls-certmonger.yaml
|
OS::TripleO::Services::HAProxyInternalTLS: ../../deployment/haproxy/haproxy-internal-tls-certmonger.yaml
|
||||||
# We use apache as a TLS proxy
|
# We use apache as a TLS proxy
|
||||||
# FIXME(bogdando): switch it, once it is containerized
|
# FIXME(bogdando): switch it, once it is containerized
|
||||||
OS::TripleO::Services::TLSProxyBase: ../../puppet/services/apache.yaml
|
OS::TripleO::Services::TLSProxyBase: ../../puppet/services/apache.yaml
|
||||||
|
@ -465,13 +465,13 @@ environments:
|
||||||
network/endpoints/endpoint_map.yaml:
|
network/endpoints/endpoint_map.yaml:
|
||||||
parameters:
|
parameters:
|
||||||
- EndpointMap
|
- EndpointMap
|
||||||
docker/services/haproxy.yaml:
|
deployment/haproxy/haproxy-container-puppet.yaml:
|
||||||
parameters:
|
parameters:
|
||||||
- EnablePublicTLS
|
- EnablePublicTLS
|
||||||
docker/services/pacemaker/haproxy.yaml:
|
deployment/haproxy/haproxy-pacemaker-puppet.yaml:
|
||||||
parameters:
|
parameters:
|
||||||
- EnablePublicTLS
|
- EnablePublicTLS
|
||||||
puppet/services/haproxy.yaml:
|
deployment/haproxy/haproxy-container-puppet.yaml:
|
||||||
parameters:
|
parameters:
|
||||||
- EnablePublicTLS
|
- EnablePublicTLS
|
||||||
sample_values:
|
sample_values:
|
||||||
|
|
Loading…
Reference in New Issue