Merge "flatten haproxy service configuration"
This commit is contained in:
commit
2e55557806
@ -4,7 +4,7 @@ resource_registry:
|
||||
OS::TripleO::Services::Core: multinode-core.yaml
|
||||
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
|
||||
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
|
||||
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
|
||||
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
|
||||
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
|
||||
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
|
||||
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
|
||||
|
@ -7,7 +7,7 @@ resource_registry:
|
||||
|
||||
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
|
||||
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
|
||||
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
|
||||
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
|
||||
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
|
||||
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
|
||||
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
|
||||
|
@ -10,7 +10,7 @@ resource_registry:
|
||||
OS::TripleO::Services::MetricsQdr: ../../docker/services/metrics/qdr.yaml
|
||||
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
|
||||
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
|
||||
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
|
||||
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
|
||||
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
|
||||
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
|
||||
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
|
||||
|
@ -22,7 +22,7 @@ resource_registry:
|
||||
OS::TripleO::Services::MetricsQdr: ../../docker/services/metrics/qdr.yaml
|
||||
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
|
||||
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
|
||||
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
|
||||
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
|
||||
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
|
||||
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
|
||||
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
|
||||
|
@ -8,7 +8,7 @@ resource_registry:
|
||||
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
|
||||
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
|
||||
OS::TripleO::Services::Redis: ../../docker/services/pacemaker/database/redis.yaml
|
||||
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
|
||||
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
|
||||
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
|
||||
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
|
||||
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
|
||||
|
@ -20,7 +20,7 @@ resource_registry:
|
||||
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
|
||||
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
|
||||
OS::TripleO::Services::Redis: ../../docker/services/pacemaker/database/redis.yaml
|
||||
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
|
||||
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
|
||||
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
|
||||
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
|
||||
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
|
||||
|
@ -9,7 +9,7 @@ resource_registry:
|
||||
OS::TripleO::Services::MistralEventEngine: ../../deployment/mistral/mistral-event-engine-container-puppet.yaml
|
||||
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/messaging/rpc-qdrouterd.yaml
|
||||
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/pacemaker/notify-rabbitmq.yaml
|
||||
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
|
||||
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
|
||||
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
|
||||
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
|
||||
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
|
||||
|
@ -14,7 +14,7 @@ resource_registry:
|
||||
OS::TripleO::Services::MistralEventEngine: ../../deployment/mistral/mistral-event-engine-container-puppet.yaml
|
||||
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/messaging/rpc-qdrouterd.yaml
|
||||
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/pacemaker/notify-rabbitmq.yaml
|
||||
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
|
||||
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
|
||||
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
|
||||
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
|
||||
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
|
||||
|
@ -23,7 +23,7 @@ resource_registry:
|
||||
# These enable Pacemaker
|
||||
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
|
||||
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
|
||||
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
|
||||
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
|
||||
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
|
||||
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
|
||||
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
|
||||
|
@ -19,7 +19,7 @@ resource_registry:
|
||||
OS::TripleO::Services::ManilaBackendCephFs: ../../puppet/services/manila-backend-cephfs.yaml
|
||||
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
|
||||
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
|
||||
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
|
||||
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
|
||||
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
|
||||
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
|
||||
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
|
||||
|
@ -5,7 +5,7 @@ resource_registry:
|
||||
OS::TripleO::Services::CephMon: ../../docker/services/ceph-ansible/ceph-mon.yaml
|
||||
OS::TripleO::Services::CephOSD: ../../docker/services/ceph-ansible/ceph-osd.yaml
|
||||
OS::TripleO::Services::CephClient: ../../docker/services/ceph-ansible/ceph-client.yaml
|
||||
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
|
||||
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
|
||||
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
|
||||
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
|
||||
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
|
||||
|
@ -8,7 +8,7 @@ resource_registry:
|
||||
# These enable Pacemaker
|
||||
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
|
||||
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml
|
||||
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
|
||||
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
|
||||
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
|
||||
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
|
||||
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
|
||||
|
@ -95,6 +95,19 @@ parameters:
|
||||
default: false
|
||||
description: Remove package if the service is being disabled during upgrade
|
||||
type: boolean
|
||||
EnableLoadBalancer:
|
||||
default: true
|
||||
description: Whether to deploy a LoadBalancer, set to false when an external load balancer is used.
|
||||
type: boolean
|
||||
HAProxyStatsEnabled:
|
||||
default: true
|
||||
description: Whether or not to enable the HAProxy stats interface.
|
||||
type: boolean
|
||||
InternalTLSCRLPEMFile:
|
||||
default: '/etc/pki/CA/crl/overcloud-crl.pem'
|
||||
type: string
|
||||
description: Specifies the default CRL PEM file to use for revocation if
|
||||
TLS is used for services in the internal network.
|
||||
|
||||
conditions:
|
||||
puppet_debug_enabled: {get_param: ConfigDebug}
|
||||
@ -114,43 +127,75 @@ conditions:
|
||||
resources:
|
||||
|
||||
ContainersCommon:
|
||||
type: ./containers-common.yaml
|
||||
|
||||
HAProxyBase:
|
||||
type: ../../puppet/services/haproxy.yaml
|
||||
properties:
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
HAProxySyslogAddress: {get_param: HAProxySyslogAddress}
|
||||
HAProxySyslogFacility: {get_param: HAProxySyslogFacility}
|
||||
type: ../../docker/services/containers-common.yaml
|
||||
|
||||
HAProxyLogging:
|
||||
type: OS::TripleO::Services::Logging::HAProxy
|
||||
|
||||
HAProxyPublicTLS:
|
||||
type: OS::TripleO::Services::HAProxyPublicTLS
|
||||
properties:
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
HAProxyInternalTLS:
|
||||
type: OS::TripleO::Services::HAProxyInternalTLS
|
||||
properties:
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the HAproxy role.
|
||||
value:
|
||||
service_name: {get_attr: [HAProxyBase, role_data, service_name]}
|
||||
service_name: haproxy
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionHaproxy}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [HAProxyBase, role_data, config_settings]
|
||||
- get_attr: [HAProxyLogging, config_settings]
|
||||
- tripleo::haproxy::haproxy_service_manage: false
|
||||
# NOTE(jaosorior): We disable the CRL since we have no way to restart haproxy
|
||||
# when this is updated
|
||||
tripleo::haproxy::crl_file: null
|
||||
service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]}
|
||||
- tripleo::haproxy::firewall_rules:
|
||||
'107 haproxy stats':
|
||||
dport: 1993
|
||||
tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress}
|
||||
tripleo::haproxy::haproxy_log_facility: {get_param: HAProxySyslogFacility}
|
||||
tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser}
|
||||
tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword}
|
||||
tripleo::haproxy::redis_password: {get_param: RedisPassword}
|
||||
tripleo::haproxy::crl_file: {get_param: InternalTLSCRLPEMFile}
|
||||
tripleo::haproxy::haproxy_stats: {get_param: HAProxyStatsEnabled}
|
||||
enable_load_balancer: {get_param: EnableLoadBalancer}
|
||||
tripleo::profile::base::haproxy::certificates_specs:
|
||||
map_merge:
|
||||
- get_attr: [HAProxyPublicTLS, role_data, certificates_specs]
|
||||
- get_attr: [HAProxyInternalTLS, role_data, certificates_specs]
|
||||
- if:
|
||||
- public_tls_enabled
|
||||
- tripleo::haproxy::service_certificate: {get_param: DeployedSSLCertificatePath}
|
||||
- {}
|
||||
- if:
|
||||
- internal_tls_enabled
|
||||
- tripleo::haproxy::ca_bundle: {get_param: InternalTLSCAFile}
|
||||
- null
|
||||
- get_attr: [HAProxyPublicTLS, role_data, config_settings]
|
||||
- get_attr: [HAProxyInternalTLS, role_data, config_settings]
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
config_volume: haproxy
|
||||
puppet_tags: haproxy_config
|
||||
step_config:
|
||||
"class {'::tripleo::profile::base::haproxy': manage_firewall => false}"
|
||||
step_config: |
|
||||
class {'::tripleo::profile::base::haproxy': manage_firewall => false}
|
||||
config_image: {get_param: DockerHAProxyConfigImage}
|
||||
volumes:
|
||||
list_concat:
|
||||
@ -254,7 +299,7 @@ outputs:
|
||||
fi
|
||||
exit $rc
|
||||
vars:
|
||||
puppet_execute: {get_attr: [HAProxyBase, role_data, step_config]}
|
||||
puppet_execute: include ::tripleo::profile::base::haproxy
|
||||
puppet_tags: 'tripleo::firewall::rule'
|
||||
puppet_modulepath: '/etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules'
|
||||
puppet_debug:
|
||||
@ -286,7 +331,7 @@ outputs:
|
||||
containers_to_rm:
|
||||
- haproxy
|
||||
host_prep_tasks:
|
||||
- {get_attr: [HAProxyBase, role_data, host_prep_tasks]}
|
||||
- {get_attr: [HAProxyPublicTLS, role_data, host_prep_tasks]}
|
||||
- name: Check if rsyslog exists
|
||||
shell: systemctl is-active rsyslog
|
||||
register: rsyslog_config
|
||||
@ -324,4 +369,6 @@ outputs:
|
||||
/var/log/containers/haproxy.
|
||||
ignore_errors: true
|
||||
metadata_settings:
|
||||
get_attr: [HAProxyBase, role_data, metadata_settings]
|
||||
list_concat:
|
||||
- {get_attr: [HAProxyPublicTLS, role_data, metadata_settings]}
|
||||
- {get_attr: [HAProxyInternalTLS, role_data, metadata_settings]}
|
@ -123,28 +123,31 @@ conditions:
|
||||
resources:
|
||||
|
||||
ContainersCommon:
|
||||
type: ../containers-common.yaml
|
||||
type: ../../docker/services/containers-common.yaml
|
||||
|
||||
HAProxyBase:
|
||||
type: ../../../puppet/services/pacemaker/haproxy.yaml
|
||||
type: ./haproxy-container-puppet.yaml
|
||||
properties:
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
HAProxySyslogAddress: {get_param: HAProxySyslogAddress}
|
||||
HAProxySyslogFacility: {get_param: HAProxySyslogFacility}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the HAproxy role.
|
||||
value:
|
||||
service_name: {get_attr: [HAProxyBase, role_data, service_name]}
|
||||
service_name: haproxy
|
||||
monitoring_subscription: {get_attr: [HAProxyBase, role_data, monitoring_subscription]}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [HAProxyBase, role_data, config_settings]
|
||||
- tripleo::haproxy::haproxy_service_manage: false
|
||||
tripleo::haproxy::mysql_clustercheck: true
|
||||
tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress}
|
||||
tripleo::haproxy::haproxy_log_facility: {get_param: HAProxySyslogFacility}
|
||||
- haproxy_docker: true
|
||||
tripleo::profile::pacemaker::haproxy_bundle::haproxy_docker_image: &haproxy_image {get_param: DockerHAProxyImage}
|
||||
tripleo::profile::pacemaker::haproxy_bundle::container_backend: {get_param: ContainerCli}
|
||||
@ -174,7 +177,6 @@ outputs:
|
||||
data: {get_param: DockerHAProxyImage}
|
||||
expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
|
||||
- 'pcmklatest'
|
||||
service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]}
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
config_volume: haproxy
|
||||
@ -333,7 +335,7 @@ outputs:
|
||||
/var/log/containers/haproxy.
|
||||
ignore_errors: true
|
||||
metadata_settings:
|
||||
get_attr: [HAProxyBase, role_data, metadata_settings]
|
||||
{get_attr: [HAProxyBase, role_data, metadata_settings]}
|
||||
deploy_steps_tasks:
|
||||
- name: HAproxy tag container image for pacemaker
|
||||
when: step|int == 1
|
||||
@ -357,7 +359,7 @@ outputs:
|
||||
fi
|
||||
exit $rc
|
||||
vars:
|
||||
puppet_execute: {get_attr: [HAProxyBase, role_data, step_config]}
|
||||
puppet_execute: include ::tripleo::profile::pacemaker::haproxy
|
||||
puppet_tags: 'tripleo::firewall::rule'
|
||||
puppet_modulepath: '/etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules'
|
||||
puppet_debug:
|
||||
@ -485,7 +487,7 @@ outputs:
|
||||
block:
|
||||
- name: Check cluster resource status
|
||||
pacemaker_resource:
|
||||
resource: {get_attr: [HAProxyBase, role_data, service_name]}
|
||||
resource: haproxy
|
||||
state: started
|
||||
check_mode: true
|
||||
ignore_errors: true
|
||||
@ -494,7 +496,7 @@ outputs:
|
||||
block:
|
||||
- name: Disable the haproxy cluster resource.
|
||||
pacemaker_resource:
|
||||
resource: {get_attr: [HAProxyBase, role_data, service_name]}
|
||||
resource: haproxy
|
||||
state: disable
|
||||
wait_for_resource: true
|
||||
register: output
|
||||
@ -502,7 +504,7 @@ outputs:
|
||||
until: output.rc == 0
|
||||
- name: Delete the stopped haproxy cluster resource.
|
||||
pacemaker_resource:
|
||||
resource: {get_attr: [HAProxyBase, role_data, service_name]}
|
||||
resource: haproxy
|
||||
state: delete
|
||||
wait_for_resource: true
|
||||
register: output
|
@ -20,10 +20,10 @@ resource_registry:
|
||||
OS::TripleO::Services::GnocchiApi: ../puppet/services/gnocchi-api.yaml
|
||||
OS::TripleO::Services::GnocchiMetricd: ../puppet/services/gnocchi-metricd.yaml
|
||||
OS::TripleO::Services::GnocchiStatsd: ../puppet/services/gnocchi-statsd.yaml
|
||||
OS::TripleO::Services::HAproxy: ../puppet/services/haproxy.yaml
|
||||
OS::TripleO::Services::HeatApi: ../deployment/heat/heat-api-container-puppet.yaml
|
||||
OS::TripleO::Services::HeatApiCfn: ../deployment/heat/heat-api-cfn-container-puppet.yaml
|
||||
OS::TripleO::Services::HeatEngine: ../deployment/heat/heat-engine-container-puppet.yaml
|
||||
OS::TripleO::Services::HAproxy: ../deployment/haproxy/haproxy-container-puppet.yaml
|
||||
OS::TripleO::Services::Horizon: ../puppet/services/horizon.yaml
|
||||
OS::TripleO::Services::Iscsid: ../deployment/iscsid/iscsid-container-puppet.yaml
|
||||
OS::TripleO::Services::Keystone: ../deployment/keystone/keystone-container-puppet.yaml
|
||||
|
@ -16,7 +16,7 @@ resource_registry:
|
||||
# HA Containers managed by pacemaker
|
||||
OS::TripleO::Services::CinderVolume: ../deployment/cinder/cinder-volume-pacemaker-puppet.yaml
|
||||
OS::TripleO::Services::Clustercheck: ../docker/services/pacemaker/clustercheck.yaml
|
||||
OS::TripleO::Services::HAproxy: ../docker/services/pacemaker/haproxy.yaml
|
||||
OS::TripleO::Services::HAproxy: ../deployment/haproxy/haproxy-pacemaker-puppet.yaml
|
||||
OS::TripleO::Services::MySQL: ../docker/services/pacemaker/database/mysql.yaml
|
||||
OS::TripleO::Services::OsloMessagingRpc: ../docker/services/pacemaker/rpc-rabbitmq.yaml
|
||||
OS::TripleO::Services::OsloMessagingNotify: ../docker/services/messaging/notify-rabbitmq-shared.yaml
|
||||
|
@ -3,7 +3,7 @@
|
||||
resource_registry:
|
||||
OS::TripleO::Services::CinderVolume: ../deployment/cinder/cinder-volume-container-puppet.yaml
|
||||
OS::TripleO::Services::RabbitMQ: ../docker/services/rabbitmq.yaml
|
||||
OS::TripleO::Services::HAproxy: ../docker/services/haproxy.yaml
|
||||
OS::TripleO::Services::HAproxy: ../deployment/haproxy/haproxy-container-puppet.yaml
|
||||
OS::TripleO::Services::Redis: ../docker/services/database/redis.yaml
|
||||
OS::TripleO::Services::MySQL: ../docker/services/database/mysql.yaml
|
||||
OS::TripleO::Services::Keepalived: ../docker/services/keepalived.yaml
|
||||
|
@ -1,6 +1,6 @@
|
||||
resource_registry:
|
||||
OS::TripleO::Services::Docker: ../deployment/docker/docker-baremetal-ansible.yaml
|
||||
OS::TripleO::Services::HAproxy: ../docker/services/haproxy.yaml
|
||||
OS::TripleO::Services::HAproxy: ../deployment/haproxy/haproxy-container-puppet.yaml
|
||||
OS::TripleO::Services::Keepalived: ../deployment/keepalived/keepalived-container-puppet.yaml
|
||||
OS::TripleO::Services::OpenShift::Infra: ../extraconfig/services/openshift-infra.yaml
|
||||
OS::TripleO::Services::OpenShift::Master: ../extraconfig/services/openshift-master.yaml
|
||||
|
@ -3,4 +3,4 @@ parameter_defaults:
|
||||
PublicSSLCertificateAutogenerated: true
|
||||
|
||||
resource_registry:
|
||||
OS::TripleO::Services::HAProxyPublicTLS: ../puppet/services/haproxy-public-tls-certmonger.yaml
|
||||
OS::TripleO::Services::HAProxyPublicTLS: ../deployment/haproxy/haproxy-public-tls-certmonger.yaml
|
||||
|
@ -1,2 +1,2 @@
|
||||
resource_registry:
|
||||
OS::TripleO::Services::UndercloudHAProxy: ../../puppet/services/haproxy.yaml
|
||||
OS::TripleO::Services::UndercloudHAProxy: ../../deployment/haproxy/haproxy-container-puppet.yaml
|
||||
|
@ -1,7 +1,7 @@
|
||||
# A Heat environment file which can be used to enable a
|
||||
# a TLS for HAProxy via certmonger
|
||||
resource_registry:
|
||||
OS::TripleO::Services::HAProxyPublicTLS: ../../puppet/services/haproxy-public-tls-certmonger.yaml
|
||||
OS::TripleO::Services::HAProxyPublicTLS: ../../deployment/haproxy/haproxy-public-tls-certmonger.yaml
|
||||
|
||||
parameter_defaults:
|
||||
PublicSSLCertificateAutogenerated: true
|
||||
|
@ -1,4 +1,4 @@
|
||||
# DEPRECATED. This file will be removed in the Stein release as it is no longer
|
||||
# needed
|
||||
resource_registry:
|
||||
OS::TripleO::Services::HAproxy: ../../docker/services/haproxy.yaml
|
||||
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-container-puppet.yaml
|
||||
|
@ -36,5 +36,5 @@ parameter_defaults:
|
||||
resource_registry:
|
||||
OS::TripleO::ServiceServerMetadataHook: ../../extraconfig/nova_metadata/krb-service-principals.yaml
|
||||
OS::TripleO::Services::CertmongerUser: ../../puppet/services/certmonger-user.yaml
|
||||
OS::TripleO::Services::HAProxyInternalTLS: ../../puppet/services/haproxy-internal-tls-certmonger.yaml
|
||||
OS::TripleO::Services::HAProxyInternalTLS: ../../deployment/haproxy/haproxy-internal-tls-certmonger.yaml
|
||||
OS::TripleO::Services::TLSProxyBase: ../../puppet/services/apache.yaml
|
||||
|
@ -176,8 +176,8 @@ resource_registry:
|
||||
OS::TripleO::Services::OsloMessagingNotify: docker/services/messaging/notify-rabbitmq-shared.yaml
|
||||
OS::TripleO::Services::RabbitMQ: OS::Heat::None
|
||||
OS::TripleO::Services::Qdr: OS::Heat::None
|
||||
OS::TripleO::Services::HAproxy: docker/services/haproxy.yaml
|
||||
OS::TripleO::Services::HAProxyPublicTLS: puppet/services/haproxy-public-tls-inject.yaml
|
||||
OS::TripleO::Services::HAproxy: deployment/haproxy/haproxy-container-puppet.yaml
|
||||
OS::TripleO::Services::HAProxyPublicTLS: deployment/haproxy/haproxy-public-tls-inject.yaml
|
||||
OS::TripleO::Services::HAProxyInternalTLS: OS::Heat::None
|
||||
OS::TripleO::Services::Iscsid: deployment/iscsid/iscsid-container-puppet.yaml
|
||||
OS::TripleO::Services::Keepalived: deployment/keepalived/keepalived-container-puppet.yaml
|
||||
|
@ -1,175 +0,0 @@
|
||||
heat_template_version: rocky
|
||||
|
||||
description: >
|
||||
HAproxy service configured with Puppet
|
||||
|
||||
parameters:
|
||||
ServiceData:
|
||||
default: {}
|
||||
description: Dictionary packing service data
|
||||
type: json
|
||||
ServiceNetMap:
|
||||
default: {}
|
||||
description: Mapping of service_name -> network name. Typically set
|
||||
via parameter_defaults in the resource registry. This
|
||||
mapping overrides those in ServiceNetMapDefaults.
|
||||
type: json
|
||||
DefaultPasswords:
|
||||
default: {}
|
||||
type: json
|
||||
RoleName:
|
||||
default: ''
|
||||
description: Role name on which the service is applied
|
||||
type: string
|
||||
RoleParameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
EnableLoadBalancer:
|
||||
default: true
|
||||
description: Whether to deploy a LoadBalancer, set to false when an external load balancer is used.
|
||||
type: boolean
|
||||
HAProxyStatsPassword:
|
||||
description: Password for HAProxy stats endpoint
|
||||
hidden: true
|
||||
type: string
|
||||
HAProxyStatsUser:
|
||||
description: User for HAProxy stats endpoint
|
||||
default: admin
|
||||
type: string
|
||||
HAProxySyslogAddress:
|
||||
default: /dev/log
|
||||
description: Syslog address where HAproxy will send its log
|
||||
type: string
|
||||
HAProxySyslogFacility:
|
||||
default: local0
|
||||
description: Syslog facility HAProxy will use for its logs
|
||||
type: string
|
||||
HAProxyStatsEnabled:
|
||||
default: true
|
||||
description: Whether or not to enable the HAProxy stats interface.
|
||||
type: boolean
|
||||
RedisPassword:
|
||||
description: The password for the redis service account.
|
||||
type: string
|
||||
hidden: true
|
||||
MonitoringSubscriptionHaproxy:
|
||||
default: 'overcloud-haproxy'
|
||||
type: string
|
||||
SSLCertificate:
|
||||
default: ''
|
||||
description: >
|
||||
The content of the SSL certificate (without Key) in PEM format.
|
||||
type: string
|
||||
PublicSSLCertificateAutogenerated:
|
||||
default: false
|
||||
description: >
|
||||
Whether the public SSL certificate was autogenerated or not.
|
||||
type: boolean
|
||||
EnablePublicTLS:
|
||||
default: true
|
||||
description: >
|
||||
Whether to enable TLS on the public interface or not.
|
||||
type: boolean
|
||||
DeployedSSLCertificatePath:
|
||||
default: '/etc/pki/tls/private/overcloud_endpoint.pem'
|
||||
description: >
|
||||
The filepath of the certificate as it will be stored in the controller.
|
||||
type: string
|
||||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
InternalTLSCAFile:
|
||||
default: '/etc/ipa/ca.crt'
|
||||
type: string
|
||||
description: Specifies the default CA cert to use if TLS is used for
|
||||
services in the internal network.
|
||||
InternalTLSCRLPEMFile:
|
||||
default: '/etc/pki/CA/crl/overcloud-crl.pem'
|
||||
type: string
|
||||
description: Specifies the default CRL PEM file to use for revocation if
|
||||
TLS is used for services in the internal network.
|
||||
|
||||
conditions:
|
||||
|
||||
public_tls_enabled:
|
||||
and:
|
||||
- {get_param: EnablePublicTLS}
|
||||
- or:
|
||||
- not:
|
||||
equals:
|
||||
- {get_param: SSLCertificate}
|
||||
- ""
|
||||
- equals:
|
||||
- {get_param: PublicSSLCertificateAutogenerated}
|
||||
- true
|
||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||
|
||||
resources:
|
||||
|
||||
HAProxyPublicTLS:
|
||||
type: OS::TripleO::Services::HAProxyPublicTLS
|
||||
properties:
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
HAProxyInternalTLS:
|
||||
type: OS::TripleO::Services::HAProxyInternalTLS
|
||||
properties:
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the HAproxy role.
|
||||
value:
|
||||
service_name: haproxy
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionHaproxy}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- tripleo::haproxy::firewall_rules:
|
||||
'107 haproxy stats':
|
||||
dport: 1993
|
||||
tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress}
|
||||
tripleo::haproxy::haproxy_log_facility: {get_param: HAProxySyslogFacility}
|
||||
tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser}
|
||||
tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword}
|
||||
tripleo::haproxy::redis_password: {get_param: RedisPassword}
|
||||
tripleo::haproxy::crl_file: {get_param: InternalTLSCRLPEMFile}
|
||||
tripleo::haproxy::haproxy_stats: {get_param: HAProxyStatsEnabled}
|
||||
enable_load_balancer: {get_param: EnableLoadBalancer}
|
||||
tripleo::profile::base::haproxy::certificates_specs:
|
||||
map_merge:
|
||||
- get_attr: [HAProxyPublicTLS, role_data, certificates_specs]
|
||||
- get_attr: [HAProxyInternalTLS, role_data, certificates_specs]
|
||||
- if:
|
||||
- public_tls_enabled
|
||||
- tripleo::haproxy::service_certificate: {get_param: DeployedSSLCertificatePath}
|
||||
- {}
|
||||
- if:
|
||||
- internal_tls_enabled
|
||||
- tripleo::haproxy::ca_bundle: {get_param: InternalTLSCAFile}
|
||||
- null
|
||||
- get_attr: [HAProxyPublicTLS, role_data, config_settings]
|
||||
- get_attr: [HAProxyInternalTLS, role_data, config_settings]
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::haproxy
|
||||
upgrade_tasks: []
|
||||
host_prep_tasks: {get_attr: [HAProxyPublicTLS, role_data, host_prep_tasks]}
|
||||
metadata_settings:
|
||||
list_concat:
|
||||
- {get_attr: [HAProxyPublicTLS, role_data, metadata_settings]}
|
||||
- {get_attr: [HAProxyInternalTLS, role_data, metadata_settings]}
|
@ -1,70 +0,0 @@
|
||||
heat_template_version: rocky
|
||||
|
||||
description: >
|
||||
HAproxy service with Pacemaker configured with Puppet
|
||||
|
||||
parameters:
|
||||
ServiceData:
|
||||
default: {}
|
||||
description: Dictionary packing service data
|
||||
type: json
|
||||
ServiceNetMap:
|
||||
default: {}
|
||||
description: Mapping of service_name -> network name. Typically set
|
||||
via parameter_defaults in the resource registry. This
|
||||
mapping overrides those in ServiceNetMapDefaults.
|
||||
type: json
|
||||
DefaultPasswords:
|
||||
default: {}
|
||||
type: json
|
||||
RoleName:
|
||||
default: ''
|
||||
description: Role name on which the service is applied
|
||||
type: string
|
||||
RoleParameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
HAProxySyslogFacility:
|
||||
default: local0
|
||||
description: Syslog facility HAProxy will use for its logs
|
||||
type: string
|
||||
HAProxySyslogAddress:
|
||||
default: /dev/log
|
||||
description: Syslog address where HAproxy will send its log
|
||||
type: string
|
||||
|
||||
resources:
|
||||
LoadbalancerServiceBase:
|
||||
type: ../haproxy.yaml
|
||||
properties:
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the HAproxy with pacemaker role.
|
||||
value:
|
||||
service_name: haproxy
|
||||
monitoring_subscription: {get_attr: [LoadbalancerServiceBase, role_data, monitoring_subscription]}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [LoadbalancerServiceBase, role_data, config_settings]
|
||||
- tripleo::haproxy::haproxy_service_manage: false
|
||||
tripleo::haproxy::mysql_clustercheck: true
|
||||
tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress}
|
||||
tripleo::haproxy::haproxy_log_facility: {get_param: HAProxySyslogFacility}
|
||||
step_config: |
|
||||
include ::tripleo::profile::pacemaker::haproxy
|
||||
host_prep_tasks: {get_attr: [LoadbalancerServiceBase, role_data, host_prep_tasks]}
|
||||
metadata_settings:
|
||||
get_attr: [LoadbalancerServiceBase, role_data, metadata_settings]
|
@ -0,0 +1,4 @@
|
||||
---
|
||||
upgrade:
|
||||
- |
|
||||
Installing haproxy services on baremetal is no longer supported.
|
@ -7,7 +7,7 @@ environments:
|
||||
For these values to take effect, one of the tls-endpoints-*.yaml
|
||||
environments must also be used.
|
||||
files:
|
||||
puppet/services/haproxy-public-tls-inject.yaml:
|
||||
deployment/haproxy/haproxy-public-tls-inject.yaml:
|
||||
parameters: all
|
||||
puppet/services/horizon.yaml:
|
||||
parameters:
|
||||
@ -58,7 +58,7 @@ environments:
|
||||
resource_registry:
|
||||
# FIXME(bogdando): switch it, once it is containerized
|
||||
OS::TripleO::Services::CertmongerUser: ../../puppet/services/certmonger-user.yaml
|
||||
OS::TripleO::Services::HAProxyInternalTLS: ../../puppet/services/haproxy-internal-tls-certmonger.yaml
|
||||
OS::TripleO::Services::HAProxyInternalTLS: ../../deployment/haproxy/haproxy-internal-tls-certmonger.yaml
|
||||
# We use apache as a TLS proxy
|
||||
# FIXME(bogdando): switch it, once it is containerized
|
||||
OS::TripleO::Services::TLSProxyBase: ../../puppet/services/apache.yaml
|
||||
@ -465,13 +465,13 @@ environments:
|
||||
network/endpoints/endpoint_map.yaml:
|
||||
parameters:
|
||||
- EndpointMap
|
||||
docker/services/haproxy.yaml:
|
||||
deployment/haproxy/haproxy-container-puppet.yaml:
|
||||
parameters:
|
||||
- EnablePublicTLS
|
||||
docker/services/pacemaker/haproxy.yaml:
|
||||
deployment/haproxy/haproxy-pacemaker-puppet.yaml:
|
||||
parameters:
|
||||
- EnablePublicTLS
|
||||
puppet/services/haproxy.yaml:
|
||||
deployment/haproxy/haproxy-container-puppet.yaml:
|
||||
parameters:
|
||||
- EnablePublicTLS
|
||||
sample_values:
|
||||
|
Loading…
Reference in New Issue
Block a user