loadbalancer: Allow user to bind multiple public/private ips

Currently, a deployer can only bind on the loadbalancer 1 ip per network (be it public, internal, admin, etc...). If a deployer wants to bind to the ipv6 and ipv4 at the same time he couldn't. This patch aims to fix that.
2014-07-21 10:41:38 -04:00
parent adb01133ea
commit c37c7b52eb
6 changed files with 29 additions and 10 deletions
--- a/.fixtures.yml
+++ b/.fixtures.yml
@@ -101,7 +101,7 @@ fixtures:
      ref: '4592bfd59cd5d4795069798a14b483e16c98c1ff'
    'stdlib':
      repo: 'git://github.com/enovance/puppetlabs-stdlib.git'
-      ref: '224b8f9a191f635b03ee900a9bf87bfdb0f1a6ed'
+      ref: '8a9b2dfc0e463bec39c00c82c30e0a8a8b7867f3'
    'xinetd':
      repo: 'git://github.com/enovance/puppetlabs-xinetd.git'
      ref: '7557af0e418d1a587df04fe7d01322ff2473c32e'
--- a/4
+++ b/4
@@ -143,9 +143,11 @@ mod 'ssh',
 mod 'rsyslog',
  :git => 'git://github.com/enovance/puppet-rsyslog.git',
  :ref => '67c7c501b916ebd1a27a8a218d49602339526c4f'
+#TODO(Spredzy) come back to upstream after
+# https://github.com/puppetlabs/puppetlabs-stdlib/pull/319
 mod 'stdlib',
  :git => 'git://github.com/enovance/puppetlabs-stdlib.git',
-  :ref => '224b8f9a191f635b03ee900a9bf87bfdb0f1a6ed'
+  :ref => '8a9b2dfc0e463bec39c00c82c30e0a8a8b7867f3'
 mod 'sysctl',
  :git => 'git://github.com/enovance/puppet-sysctl.git',
  :ref => '4a463384e844f51b270428643a5b8beb3628e854'
--- a/manifests/loadbalancer.pp
+++ b/manifests/loadbalancer.pp
@@ -192,7 +192,7 @@ class cloud::loadbalancer(
  $keepalived_public_interface      = 'eth0',
  $keepalived_public_ipvs           = ['127.0.0.1'],
  $keepalived_internal_interface    = 'eth1',
-  $keepalived_internal_ipvs         = false,
+  $keepalived_internal_ipvs         = [],
  $ceilometer_bind_options          = [],
  $cinder_bind_options              = [],
  $ec2_bind_options                 = [],
@@ -259,13 +259,13 @@ class cloud::loadbalancer(
  # end of deprecation support

  # Fail if OpenStack and Galera VIP are  not in the VIP list
-  if $vip_public_ip and !($vip_public_ip in $keepalived_public_ipvs_real) {
+  if $vip_public_ip and !(member(any2array($keepalived_public_ipvs_real), $vip_public_ip)) {
    fail('vip_public_ip should be part of keepalived_public_ipvs.')
  }
-  if $vip_internal_ip and !($vip_internal_ip in $keepalived_internal_ipvs) {
+  if $vip_internal_ip and !(member(any2array($keepalived_internal_ipvs),$vip_internal_ip)) {
    fail('vip_internal_ip should be part of keepalived_internal_ipvs.')
  }
-  if $galera_ip and !(($galera_ip in $keepalived_public_ipvs_real) or ($galera_ip in $keepalived_internal_ipvs)) {
+  if $galera_ip and !((member(any2array($keepalived_public_ipvs_real),$galera_ip)) or (member(any2array($keepalived_internal_ipvs),$galera_ip))) {
    fail('galera_ip should be part of keepalived_public_ipvs or keepalived_internal_ipvs.')
  }

@@ -289,7 +289,7 @@ class cloud::loadbalancer(
    notify_backup => '"/etc/init.d/haproxy stop"',
  }

-  if $keepalived_internal_ipvs {
+  if !empty($keepalived_internal_ipvs) {
    if ! $keepalived_vrrp_interface {
      $keepalived_vrrp_interface_internal = $keepalived_internal_interface
    } else {
@@ -484,7 +484,7 @@ class cloud::loadbalancer(
    bind_options => $horizon_ssl_bind_options,
  }

-  if ($galera_ip in $keepalived_public_ipvs_real) {
+  if (member(any2array($keepalived_public_ipvs_real), $galera_ip)) {
    warning('Exposing Galera cluster to public network is a security issue.')
  }
  haproxy::listen { 'galera_cluster':
--- a/manifests/loadbalancer/binding.pp
+++ b/manifests/loadbalancer/binding.pp
@@ -49,7 +49,7 @@ define cloud::loadbalancer::binding (
      $listen_ip_real = $all_vip_array
    } else {
      # when binding is specified in parameter
-      if ($ip in $all_vip_array) {
+      if (member($all_vip_array, $ip)) {
        $listen_ip_real = $ip
      } else {
        fail("${ip} is not part of VIP pools.")
--- a/manifests/loadbalancer/listen_http.pp
+++ b/manifests/loadbalancer/listen_http.pp
@@ -22,7 +22,7 @@ define cloud::loadbalancer::listen_http(
  $httpchk      = 'httpchk',
  $options      = {},
  $bind_options = [],
-  $listen_ip    = '0.0.0.0') {
+  $listen_ip    = ['0.0.0.0']) {

  $options_basic = {'mode'       => 'http',
                    'balance'    => 'roundrobin',
--- a/spec/classes/cloud_loadbalancer_spec.rb
+++ b/spec/classes/cloud_loadbalancer_spec.rb
@@ -247,6 +247,23 @@ describe 'cloud::loadbalancer' do
      )}
    end

+    context 'configure OpenStack binding on IPv4 and IPv6 public ip' do
+      before do
+        params.merge!(
+          :nova_api               => true,
+          :galera_ip              => '172.16.0.1',
+          :vip_public_ip          => ['172.16.0.1', '2001:0db8:85a3:0000:0000:8a2e:0370:7334'],
+          :vip_internal_ip        => '192.168.0.1',
+          :keepalived_public_ipvs => ['172.16.0.1', '172.16.0.2', '2001:0db8:85a3:0000:0000:8a2e:0370:7334'],
+          :keepalived_internal_ipvs => ['192.168.0.1', '192.168.0.2']
+        )
+      end
+      it { should contain_haproxy__listen('nova_api_cluster').with(
+        :ipaddress => ['172.16.0.1', '2001:0db8:85a3:0000:0000:8a2e:0370:7334', '192.168.0.1'],
+        :ports     => '8774'
+      )}
+    end
+
    context 'disable an OpenStack service binding' do
      before do
        params.merge!(:metadata_api => false)