Configure haproxy for openshift infra

Openshift Routers are located on the infra node and need to be highly
available on ports 80 and 443.

Depends-On: I5de14152904d06c49e9d5b2df6e3f09a35f23d92
Change-Id: Iee088e1279bff2cdb7a3601288804f626bff29a3
This commit is contained in:
Martin André 2018-09-10 10:57:15 +02:00
parent b6b476de03
commit b2bcc10d5a
17 changed files with 380 additions and 3 deletions

View File

@ -94,6 +94,9 @@ parameter_defaults:
OpenshiftAdmin: {protocol: http, port: '8443', host: IP_ADDRESS}
OpenshiftInternal: {protocol: http, port: '8443', host: IP_ADDRESS}
OpenshiftPublic: {protocol: http, port: '8443', host: IP_ADDRESS}
OpenshiftRouterAdmin: {protocol: http, port: '80', host: IP_ADDRESS}
OpenshiftRouterInternal: {protocol: http, port: '80', host: IP_ADDRESS}
OpenshiftRouterPublic: {protocol: http, port: '80', host: IP_ADDRESS}
PankoAdmin: {protocol: http, port: '8977', host: IP_ADDRESS}
PankoInternal: {protocol: http, port: '8977', host: IP_ADDRESS}
PankoPublic: {protocol: http, port: '8977', host: IP_ADDRESS}

View File

@ -2,3 +2,4 @@ resource_registry:
OS::TripleO::Services::Docker: ../puppet/services/docker.yaml
OS::TripleO::Services::OpenShift::Worker: ../extraconfig/services/openshift-worker.yaml
OS::TripleO::Services::OpenShift::Master: ../extraconfig/services/openshift-master.yaml
OS::TripleO::Services::OpenShift::Infra: ../extraconfig/services/openshift-infra.yaml

View File

@ -97,6 +97,9 @@ parameter_defaults:
OpenshiftAdmin: {protocol: http, port: '8443', host: IP_ADDRESS}
OpenshiftInternal: {protocol: http, port: '8443', host: IP_ADDRESS}
OpenshiftPublic: {protocol: http, port: '8443', host: IP_ADDRESS}
OpenshiftRouterAdmin: {protocol: http, port: '80', host: IP_ADDRESS}
OpenshiftRouterInternal: {protocol: http, port: '80', host: IP_ADDRESS}
OpenshiftRouterPublic: {protocol: http, port: '80', host: IP_ADDRESS}
PankoAdmin: {protocol: http, port: '8977', host: IP_ADDRESS}
PankoInternal: {protocol: http, port: '8977', host: IP_ADDRESS}
PankoPublic: {protocol: http, port: '8977', host: IP_ADDRESS}

View File

@ -90,6 +90,9 @@ parameter_defaults:
OpenshiftAdmin: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
OpenshiftInternal: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
OpenshiftPublic: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
OpenshiftRouterAdmin: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
OpenshiftRouterInternal: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
OpenshiftRouterPublic: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
PankoAdmin: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
PankoInternal: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
PankoPublic: {protocol: 'https', port: '13977', host: 'CLOUDNAME'}

View File

@ -90,6 +90,9 @@ parameter_defaults:
OpenshiftAdmin: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
OpenshiftInternal: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
OpenshiftPublic: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
OpenshiftRouterAdmin: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
OpenshiftRouterInternal: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
OpenshiftRouterPublic: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
PankoAdmin: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
PankoInternal: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
PankoPublic: {protocol: 'https', port: '13977', host: 'IP_ADDRESS'}

View File

@ -90,6 +90,9 @@ parameter_defaults:
OpenshiftAdmin: {protocol: 'https', port: '8443', host: 'CLOUDNAME'}
OpenshiftInternal: {protocol: 'https', port: '8443', host: 'CLOUDNAME'}
OpenshiftPublic: {protocol: 'https', port: '8443', host: 'CLOUDNAME'}
OpenshiftRouterAdmin: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
OpenshiftRouterInternal: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
OpenshiftRouterPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
PankoAdmin: {protocol: 'https', port: '8977', host: 'CLOUDNAME'}
PankoInternal: {protocol: 'https', port: '8977', host: 'CLOUDNAME'}
PankoPublic: {protocol: 'https', port: '13977', host: 'CLOUDNAME'}

View File

@ -84,6 +84,9 @@ parameter_defaults:
OpenshiftAdmin: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
OpenshiftInternal: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
OpenshiftPublic: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
OpenshiftRouterAdmin: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
OpenshiftRouterInternal: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
OpenshiftRouterPublic: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
PankoAdmin: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
PankoInternal: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
PankoPublic: {protocol: 'https', port: '13977', host: 'CLOUDNAME'}

View File

@ -84,6 +84,9 @@ parameter_defaults:
OpenshiftAdmin: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
OpenshiftInternal: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
OpenshiftPublic: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
OpenshiftRouterAdmin: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
OpenshiftRouterInternal: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
OpenshiftRouterPublic: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
PankoAdmin: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
PankoInternal: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
PankoPublic: {protocol: 'https', port: '13977', host: 'IP_ADDRESS'}

View File

@ -80,6 +80,9 @@ parameter_defaults:
OpenshiftAdmin: {protocol: 'https', port: '8443', host: 'CLOUDNAME'}
OpenshiftInternal: {protocol: 'https', port: '8443', host: 'CLOUDNAME'}
OpenshiftPublic: {protocol: 'https', port: '8443', host: 'CLOUDNAME'}
OpenshiftRouterAdmin: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
OpenshiftRouterInternal: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
OpenshiftRouterPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
PankoAdmin: {protocol: 'https', port: '8977', host: 'CLOUDNAME'}
PankoInternal: {protocol: 'https', port: '8977', host: 'CLOUDNAME'}
PankoPublic: {protocol: 'https', port: '13977', host: 'CLOUDNAME'}

View File

@ -0,0 +1,82 @@
heat_template_version: rocky
description: External tasks definition for OpenShift
parameters:
RoleNetIpMap:
default: {}
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
# TODO(mandre) This is unused. Remove it or make it OpenShiftNodeVars
OpenShiftWorkerNodeVars:
default: {}
description: OpenShift node vars specific for the worker nodes
type: json
resources:
OpenShiftWorker:
type: ./openshift-worker.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Openshift Service
value:
service_name: openshift_infra
config_settings: {get_attr: [OpenShiftWorker, role_data, config_settings]}
service_config_settings:
haproxy:
tripleo::openshift_infra::haproxy_endpoints:
openshift-router-http:
base_service_name: openshift_infra
public_virtual_ip: "%{hiera('public_virtual_ip')}"
internal_ip: "%{hiera('openshift_infra_vip')}"
service_port: 80
listen_options:
balance: 'roundrobin'
member_options: [ 'check', 'inter 2000', 'rise 2', 'fall 5' ]
haproxy_listen_bind_param: ['transparent']
openshift-router-https:
base_service_name: openshift_infra
public_virtual_ip: "%{hiera('public_virtual_ip')}"
internal_ip: "%{hiera('openshift_infra_vip')}"
service_port: 443
listen_options:
balance: 'roundrobin'
member_options: [ 'check', 'inter 2000', 'rise 2', 'fall 5' ]
haproxy_listen_bind_param: ['transparent']
upgrade_tasks: []
step_config: ''
external_deploy_tasks:
- get_attr: [OpenShiftWorker, role_data, external_deploy_tasks]

View File

@ -265,11 +265,20 @@ Openshift:
Internal:
net_param: OpenshiftMaster
Public:
net_param: Public
net_param: Public
Admin:
net_param: OpenshiftMaster
net_param: OpenshiftMaster
port: 8443
OpenshiftRouter:
Internal:
net_param: OpenshiftInfra
Public:
net_param: Public
Admin:
net_param: OpenshiftInfra
port: 80
Swift:
Internal:
net_param: SwiftProxy

View File

@ -97,6 +97,9 @@ parameters:
OpenshiftAdmin: {protocol: http, port: '8443', host: IP_ADDRESS}
OpenshiftInternal: {protocol: http, port: '8443', host: IP_ADDRESS}
OpenshiftPublic: {protocol: http, port: '8443', host: IP_ADDRESS}
OpenshiftRouterAdmin: {protocol: http, port: '80', host: IP_ADDRESS}
OpenshiftRouterInternal: {protocol: http, port: '80', host: IP_ADDRESS}
OpenshiftRouterPublic: {protocol: http, port: '80', host: IP_ADDRESS}
PankoAdmin: {protocol: http, port: '8977', host: IP_ADDRESS}
PankoInternal: {protocol: http, port: '8977', host: IP_ADDRESS}
PankoPublic: {protocol: http, port: '8977', host: IP_ADDRESS}
@ -7523,6 +7526,249 @@ outputs:
template: NETWORK_uri
port:
get_param: [EndpointMap, OpenshiftPublic, port]
OpenshiftRouterAdmin:
host:
str_replace:
template:
get_param: [EndpointMap, OpenshiftRouterAdmin, host]
params:
CLOUDNAME:
get_param:
- CloudEndpoints
- get_param: [ServiceNetMap, OpenshiftInfraNetwork]
IP_ADDRESS:
get_param:
- NetIpMap
- str_replace:
params:
NETWORK:
get_param: [ServiceNetMap, OpenshiftInfraNetwork]
template: NETWORK_uri
host_nobrackets:
str_replace:
template:
get_param: [EndpointMap, OpenshiftRouterAdmin, host]
params:
CLOUDNAME:
get_param:
- CloudEndpoints
- get_param: [ServiceNetMap, OpenshiftInfraNetwork]
IP_ADDRESS:
get_param:
- NetIpMap
- get_param: [ServiceNetMap, OpenshiftInfraNetwork]
port:
get_param: [EndpointMap, OpenshiftRouterAdmin, port]
protocol:
get_param: [EndpointMap, OpenshiftRouterAdmin, protocol]
uri:
make_url:
scheme:
get_param: [EndpointMap, OpenshiftRouterAdmin, protocol]
host:
str_replace:
template:
get_param: [EndpointMap, OpenshiftRouterAdmin, host]
params:
CLOUDNAME:
get_param:
- CloudEndpoints
- get_param: [ServiceNetMap, OpenshiftInfraNetwork]
IP_ADDRESS:
get_param:
- NetIpMap
- str_replace:
params:
NETWORK:
get_param: [ServiceNetMap, OpenshiftInfraNetwork]
template: NETWORK_uri
port:
get_param: [EndpointMap, OpenshiftRouterAdmin, port]
uri_no_suffix:
make_url:
scheme:
get_param: [EndpointMap, OpenshiftRouterAdmin, protocol]
host:
str_replace:
template:
get_param: [EndpointMap, OpenshiftRouterAdmin, host]
params:
CLOUDNAME:
get_param:
- CloudEndpoints
- get_param: [ServiceNetMap, OpenshiftInfraNetwork]
IP_ADDRESS:
get_param:
- NetIpMap
- str_replace:
params:
NETWORK:
get_param: [ServiceNetMap, OpenshiftInfraNetwork]
template: NETWORK_uri
port:
get_param: [EndpointMap, OpenshiftRouterAdmin, port]
OpenshiftRouterInternal:
host:
str_replace:
template:
get_param: [EndpointMap, OpenshiftRouterInternal, host]
params:
CLOUDNAME:
get_param:
- CloudEndpoints
- get_param: [ServiceNetMap, OpenshiftInfraNetwork]
IP_ADDRESS:
get_param:
- NetIpMap
- str_replace:
params:
NETWORK:
get_param: [ServiceNetMap, OpenshiftInfraNetwork]
template: NETWORK_uri
host_nobrackets:
str_replace:
template:
get_param: [EndpointMap, OpenshiftRouterInternal, host]
params:
CLOUDNAME:
get_param:
- CloudEndpoints
- get_param: [ServiceNetMap, OpenshiftInfraNetwork]
IP_ADDRESS:
get_param:
- NetIpMap
- get_param: [ServiceNetMap, OpenshiftInfraNetwork]
port:
get_param: [EndpointMap, OpenshiftRouterInternal, port]
protocol:
get_param: [EndpointMap, OpenshiftRouterInternal, protocol]
uri:
make_url:
scheme:
get_param: [EndpointMap, OpenshiftRouterInternal, protocol]
host:
str_replace:
template:
get_param: [EndpointMap, OpenshiftRouterInternal, host]
params:
CLOUDNAME:
get_param:
- CloudEndpoints
- get_param: [ServiceNetMap, OpenshiftInfraNetwork]
IP_ADDRESS:
get_param:
- NetIpMap
- str_replace:
params:
NETWORK:
get_param: [ServiceNetMap, OpenshiftInfraNetwork]
template: NETWORK_uri
port:
get_param: [EndpointMap, OpenshiftRouterInternal, port]
uri_no_suffix:
make_url:
scheme:
get_param: [EndpointMap, OpenshiftRouterInternal, protocol]
host:
str_replace:
template:
get_param: [EndpointMap, OpenshiftRouterInternal, host]
params:
CLOUDNAME:
get_param:
- CloudEndpoints
- get_param: [ServiceNetMap, OpenshiftInfraNetwork]
IP_ADDRESS:
get_param:
- NetIpMap
- str_replace:
params:
NETWORK:
get_param: [ServiceNetMap, OpenshiftInfraNetwork]
template: NETWORK_uri
port:
get_param: [EndpointMap, OpenshiftRouterInternal, port]
OpenshiftRouterPublic:
host:
str_replace:
template:
get_param: [EndpointMap, OpenshiftRouterPublic, host]
params:
CLOUDNAME:
get_param:
- CloudEndpoints
- get_param: [ServiceNetMap, PublicNetwork]
IP_ADDRESS:
get_param:
- NetIpMap
- str_replace:
params:
NETWORK:
get_param: [ServiceNetMap, PublicNetwork]
template: NETWORK_uri
host_nobrackets:
str_replace:
template:
get_param: [EndpointMap, OpenshiftRouterPublic, host]
params:
CLOUDNAME:
get_param:
- CloudEndpoints
- get_param: [ServiceNetMap, PublicNetwork]
IP_ADDRESS:
get_param:
- NetIpMap
- get_param: [ServiceNetMap, PublicNetwork]
port:
get_param: [EndpointMap, OpenshiftRouterPublic, port]
protocol:
get_param: [EndpointMap, OpenshiftRouterPublic, protocol]
uri:
make_url:
scheme:
get_param: [EndpointMap, OpenshiftRouterPublic, protocol]
host:
str_replace:
template:
get_param: [EndpointMap, OpenshiftRouterPublic, host]
params:
CLOUDNAME:
get_param:
- CloudEndpoints
- get_param: [ServiceNetMap, PublicNetwork]
IP_ADDRESS:
get_param:
- NetIpMap
- str_replace:
params:
NETWORK:
get_param: [ServiceNetMap, PublicNetwork]
template: NETWORK_uri
port:
get_param: [EndpointMap, OpenshiftRouterPublic, port]
uri_no_suffix:
make_url:
scheme:
get_param: [EndpointMap, OpenshiftRouterPublic, protocol]
host:
str_replace:
template:
get_param: [EndpointMap, OpenshiftRouterPublic, host]
params:
CLOUDNAME:
get_param:
- CloudEndpoints
- get_param: [ServiceNetMap, PublicNetwork]
IP_ADDRESS:
get_param:
- NetIpMap
- str_replace:
params:
NETWORK:
get_param: [ServiceNetMap, PublicNetwork]
template: NETWORK_uri
port:
get_param: [EndpointMap, OpenshiftRouterPublic, port]
PankoAdmin:
host:
str_replace:

View File

@ -87,6 +87,7 @@ parameters:
CephStorageHostnameResolveNetwork: storage
EtcdNetwork: internal_api
OpenshiftMasterNetwork: internal_api
OpenshiftInfraNetwork: internal_api
{% for role in roles if role.name != 'CephStorage' %}
{{role.name}}HostnameResolveNetwork: internal_api
{% endfor %}

View File

@ -207,6 +207,7 @@ resource_registry:
OS::TripleO::Services::ContainersLogrotateCrond: docker/services/logrotate-crond.yaml
OS::TripleO::Services::OpenShift::Master: OS::Heat::None
OS::TripleO::Services::OpenShift::Worker: OS::Heat::None
OS::TripleO::Services::OpenShift::Infra: OS::Heat::None
OS::TripleO::Services::OpenShift::GlusterFS: OS::Heat::None
OS::TripleO::Services::SwiftProxy: docker/services/swift-proxy.yaml
OS::TripleO::Services::SwiftDispersion: OS::Heat::None

View File

@ -30,4 +30,5 @@
- OS::TripleO::Services::Keepalived
- OS::TripleO::Services::OpenShift::Master
- OS::TripleO::Services::OpenShift::Worker
- OS::TripleO::Services::OpenShift::Infra
- OS::TripleO::Services::OpenShift::GlusterFS

View File

@ -21,4 +21,4 @@
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Sshd
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::OpenShift::Worker
- OS::TripleO::Services::OpenShift::Infra

View File

@ -185,6 +185,9 @@ environments:
OpenshiftAdmin: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
OpenshiftInternal: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
OpenshiftPublic: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
OpenshiftRouterAdmin: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
OpenshiftRouterInternal: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
OpenshiftRouterPublic: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
PankoAdmin: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
PankoInternal: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
PankoPublic: {protocol: 'https', port: '13977', host: 'IP_ADDRESS'}
@ -301,6 +304,9 @@ environments:
OpenshiftAdmin: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
OpenshiftInternal: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
OpenshiftPublic: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
OpenshiftRouterAdmin: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
OpenshiftRouterInternal: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
OpenshiftRouterPublic: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
PankoAdmin: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
PankoInternal: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
PankoPublic: {protocol: 'https', port: '13977', host: 'CLOUDNAME'}
@ -417,6 +423,9 @@ environments:
OpenshiftAdmin: {protocol: 'https', port: '8443', host: 'CLOUDNAME'}
OpenshiftInternal: {protocol: 'https', port: '8443', host: 'CLOUDNAME'}
OpenshiftPublic: {protocol: 'https', port: '8443', host: 'CLOUDNAME'}
OpenshiftRouterAdmin: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
OpenshiftRouterInternal: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
OpenshiftRouterPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
PankoAdmin: {protocol: 'https', port: '8977', host: 'CLOUDNAME'}
PankoInternal: {protocol: 'https', port: '8977', host: 'CLOUDNAME'}
PankoPublic: {protocol: 'https', port: '13977', host: 'CLOUDNAME'}
@ -546,6 +555,9 @@ environments:
OpenshiftAdmin: {protocol: http, port: '8443', host: IP_ADDRESS}
OpenshiftInternal: {protocol: http, port: '8443', host: IP_ADDRESS}
OpenshiftPublic: {protocol: http, port: '8443', host: IP_ADDRESS}
OpenshiftRouterAdmin: {protocol: http, port: '80', host: IP_ADDRESS}
OpenshiftRouterInternal: {protocol: http, port: '80', host: IP_ADDRESS}
OpenshiftRouterPublic: {protocol: http, port: '80', host: IP_ADDRESS}
PankoAdmin: {protocol: http, port: '8977', host: IP_ADDRESS}
PankoInternal: {protocol: http, port: '8977', host: IP_ADDRESS}
PankoPublic: {protocol: http, port: '8977', host: IP_ADDRESS}