Add haproxy role

This patch adds the haproxy role created from validations/haproxy.yaml. Change-Id: I05bc680721bf9c66150e2157d05ba128e2ae5b09 Implements: blueprint validation-framework Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
2019-02-25 14:45:49 +01:00 · 2019-02-25 14:45:49 +01:00 · 00d765e96a
parent 98d61e30a2
commit 00d765e96a
6 changed files with 152 additions and 0 deletions
--- a/playbooks/haproxy.yaml
+++ b/playbooks/haproxy.yaml
@ -0,0 +1,17 @@
+---
+- hosts: Controller
+  vars:
+    metadata:
+      name: HAProxy configuration
+      description: Verify the HAProxy configuration has recommended values.
+      groups:
+        - post-deployment
+    config_file: '/var/lib/config-data/puppet-generated/haproxy/etc/haproxy/haproxy.cfg'
+    global_maxconn_min: 20480
+    defaults_maxconn_min: 4096
+    defaults_timeout_queue: '2m'
+    defaults_timeout_client: '2m'
+    defaults_timeout_server: '2m'
+    defaults_timeout_check: '10s'
+  roles:
+    - haproxy
--- a/roles/haproxy/README.md
+++ b/roles/haproxy/README.md
@ -0,0 +1,42 @@
+haproxy
+=======
+
+An Ansible role to check if the HAProxy configuration has recommended values.
+
+Requirements
+------------
+
+This role requires an Up and Running Overcloud
+
+Role Variables
+--------------
+
+- config_file: '/var/lib/config-data/puppet-generated/haproxy/etc/haproxy/haproxy.cfg'
+- global_maxconn_min: 20480
+- defaults_maxconn_min: 4096
+- defaults_timeout_queue: '2m'
+- defaults_timeout_client: '2m'
+- defaults_timeout_server: '2m'
+- defaults_timeout_check: '10s'
+
+Dependencies
+------------
+
+No dependencies
+
+Example Playbook
+----------------
+
+    - hosts: undercloud
+      roles:
+         - { role: haproxy }
+
+License
+-------
+
+Apache
+
+Author Information
+------------------
+
+Red Hat TripleO Validations Team.
--- a/roles/haproxy/defaults/main.yml
+++ b/roles/haproxy/defaults/main.yml
@ -0,0 +1,8 @@
+---
+haproxy_config_file: '/var/lib/config-data/puppet-generated/haproxy/etc/haproxy/haproxy.cfg'
+global_maxconn_min: 20480
+defaults_maxconn_min: 4096
+defaults_timeout_queue: '2m'
+defaults_timeout_client: '2m'
+defaults_timeout_server: '2m'
+defaults_timeout_check: '10s'
--- a/roles/haproxy/meta/main.yml
+++ b/roles/haproxy/meta/main.yml
@ -0,0 +1,28 @@
+galaxy_info:
+  author: TripleO Validations Team
+  company: Red Hat
+  license: Apache
+  min_ansible_version: 2.4
+
+  platforms:
+  - name: CentOS
+    versions:
+    - 7
+  - name: RHEL
+    versions:
+    - 7
+
+  categories:
+    - cloud
+    - baremetal
+    - system
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
--- a/roles/haproxy/tasks/main.yml
+++ b/roles/haproxy/tasks/main.yml
@ -0,0 +1,51 @@
+---
+- name: Gather the HAProxy config
+  become: true
+  haproxy_conf:
+    path: "{{ haproxy_config_file }}"
+
+- name: Verify global maxconn
+  fail:
+    msg: >-
+      The 'global maxconn' value '{{ haproxy_conf.global.maxconn }}'
+      must be greater than {{ global_maxconn_min }}
+  failed_when: haproxy_conf.global.maxconn|int < global_maxconn_min
+
+- name: Verify defaults maxconn
+  fail:
+    msg: >-
+      The 'defaults maxconn' value '{{ haproxy_conf.defaults.maxconn }}'
+      must be greater than {{ defaults_maxconn_min }}
+  failed_when: haproxy_conf.defaults.maxconn|int < defaults_maxconn_min
+
+- name: Verify defaults timeout queue
+  fail:
+    msg: >-
+      The 'timeout queue' option in 'defaults' is
+      '{{ haproxy_conf.defaults['timeout queue'] }}',
+      but must be set to {{ defaults_timeout_queue }}
+  failed_when: "haproxy_conf.defaults['timeout queue'] != defaults_timeout_queue"
+
+- name: Verify defaults timeout client
+  fail:
+    msg: >-
+      The 'timeout client' option in 'defaults' is
+      '{{ haproxy_conf.defaults['timeout client'] }}',
+      but must be set to {{ defaults_timeout_client }}
+  failed_when: "haproxy_conf.defaults['timeout client'] != defaults_timeout_client"
+
+- name: Verify defaults timeout server
+  fail:
+    msg: >-
+      The 'timeout server' option in 'defaults' is
+      '{{ haproxy_conf.defaults['timeout server'] }}',
+      but must be set to {{ defaults_timeout_server }}
+  failed_when: "haproxy_conf.defaults['timeout server'] != defaults_timeout_server"
+
+- name: Verify defaults timeout check
+  fail:
+    msg: >-
+      The 'timeout check' option in 'defaults' is
+      '{{ haproxy_conf.defaults['timeout check'] }}',
+      but must be set to {{ defaults_timeout_check }}
+  failed_when: "haproxy_conf.defaults['timeout check'] != defaults_timeout_check"
--- a/roles/haproxy/vars/main.yml
+++ b/roles/haproxy/vars/main.yml
@ -0,0 +1,6 @@
+---
+metadata:
+  name: HAProxy configuration
+  description: Verify the HAProxy configuration has recommended values.
+  groups:
+    - post-deployment