stackforge/puppet-openstack-cloud
Code Issues Proposed changes

Merge "loadbalancer: use TCP checks for API services"

Browse Source
This commit is contained in:
Jenkins
2015-04-10 20:58:38 +00:00
committed by Gerrit Code Review
parent 254fffd28d a8e71e7b33
commit ce0da6acbc
2 changed files with 69 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
manifests/loadbalancer.pp
View File

@@ -485,6 +485,10 @@
# *_db_idle_timeout for all services to be a little less # *_db_idle_timeout for all services to be a little less
# than this timeout. # than this timeout.
# #
# [*api_timeout*]
# (optional) Timeout for API services connections
# Defaults to '90m'.
#
# [*vip_public_ip*] # [*vip_public_ip*]
# (optional) Array or string for public VIP # (optional) Array or string for public VIP
# Should be part of keepalived_public_ips # Should be part of keepalived_public_ips
@@ -602,6 +606,7 @@ class cloud::loadbalancer(
$sensu_api_port = 4568, $sensu_api_port = 4568,
$redis_port = 6379, $redis_port = 6379,
$galera_timeout = '90m', $galera_timeout = '90m',
$api_timeout = '90m',
$vip_public_ip = ['127.0.0.1'], $vip_public_ip = ['127.0.0.1'],
$vip_internal_ip = false, $vip_internal_ip = false,
$vip_monitor_ip = false, $vip_monitor_ip = false,
@@ -612,6 +617,14 @@ class cloud::loadbalancer(
include cloud::params include cloud::params
$common_tcp_options = {
'mode' => 'tcp',
'option' => ['tcpka', 'tcplog', 'forwardfor'],
'balance' => 'source',
'timeout server' => $api_timeout,
'timeout client' => $api_timeout,
}
if $keepalived_vrrp_interface { if $keepalived_vrrp_interface {
$keepalived_vrrp_interface_real = $keepalived_vrrp_interface $keepalived_vrrp_interface_real = $keepalived_vrrp_interface
} else { } else {
@@ -706,12 +719,14 @@ class cloud::loadbalancer(
cloud::loadbalancer::binding { 'keystone_api_cluster': cloud::loadbalancer::binding { 'keystone_api_cluster':
ip => $keystone_api, ip => $keystone_api,
port => $ks_keystone_public_port, port => $ks_keystone_public_port,
options => $common_tcp_options,
bind_options => $keystone_bind_options, bind_options => $keystone_bind_options,
firewall_settings => $firewall_settings, firewall_settings => $firewall_settings,
} }
cloud::loadbalancer::binding { 'keystone_api_admin_cluster': cloud::loadbalancer::binding { 'keystone_api_admin_cluster':
ip => $keystone_api_admin, ip => $keystone_api_admin,
port => $ks_keystone_admin_port, port => $ks_keystone_admin_port,
options => $common_tcp_options,
bind_options => $keystone_admin_bind_options, bind_options => $keystone_admin_bind_options,
firewall_settings => $firewall_settings, firewall_settings => $firewall_settings,
} }
@@ -725,18 +740,21 @@ class cloud::loadbalancer(
cloud::loadbalancer::binding { 'nova_api_cluster': cloud::loadbalancer::binding { 'nova_api_cluster':
ip => $nova_api, ip => $nova_api,
port => $ks_nova_public_port, port => $ks_nova_public_port,
options => $common_tcp_options,
bind_options => $nova_bind_options, bind_options => $nova_bind_options,
firewall_settings => $firewall_settings, firewall_settings => $firewall_settings,
} }
cloud::loadbalancer::binding { 'ec2_api_cluster': cloud::loadbalancer::binding { 'ec2_api_cluster':
ip => $ec2_api, ip => $ec2_api,
port => $ks_ec2_public_port, port => $ks_ec2_public_port,
options => $common_tcp_options,
bind_options => $ec2_bind_options, bind_options => $ec2_bind_options,
firewall_settings => $firewall_settings, firewall_settings => $firewall_settings,
} }
cloud::loadbalancer::binding { 'metadata_api_cluster': cloud::loadbalancer::binding { 'metadata_api_cluster':
ip => $metadata_api, ip => $metadata_api,
port => $ks_metadata_public_port, port => $ks_metadata_public_port,
options => $common_tcp_options,
bind_options => $metadata_bind_options, bind_options => $metadata_bind_options,
firewall_settings => $firewall_settings, firewall_settings => $firewall_settings,
} }
@@ -762,26 +780,14 @@ class cloud::loadbalancer(
cloud::loadbalancer::binding { 'spice_cluster': cloud::loadbalancer::binding { 'spice_cluster':
ip => $spice, ip => $spice,
port => $spice_port, port => $spice_port,
options => { options => $common_tcp_options,
'mode' => 'tcp',
'option' => ['tcpka', 'tcplog', 'forwardfor'],
'balance' => 'source',
'timeout server' => '120m',
'timeout client' => '120m',
},
bind_options => $spice_bind_options, bind_options => $spice_bind_options,
firewall_settings => $firewall_settings, firewall_settings => $firewall_settings,
} }
cloud::loadbalancer::binding { 'novnc_cluster': cloud::loadbalancer::binding { 'novnc_cluster':
ip => $novnc, ip => $novnc,
port => $novnc_port, port => $novnc_port,
options => { options => $common_tcp_options,
'mode' => 'tcp',
'option' => ['tcpka', 'tcplog', 'forwardfor'],
'balance' => 'source',
'timeout server' => '120m',
'timeout client' => '120m',
},
bind_options => $novnc_bind_options, bind_options => $novnc_bind_options,
firewall_settings => $firewall_settings, firewall_settings => $firewall_settings,
} }
@@ -792,6 +798,8 @@ class cloud::loadbalancer(
'mode' => 'tcp', 'mode' => 'tcp',
'option' => ['tcpka', 'tcplog', 'forwardfor'], 'option' => ['tcpka', 'tcplog', 'forwardfor'],
'balance' => 'roundrobin', 'balance' => 'roundrobin',
'timeout server' => $api_timeout,
'timeout client' => $api_timeout,
}, },
bind_options => $rabbitmq_bind_options, bind_options => $rabbitmq_bind_options,
firewall_settings => $firewall_settings, firewall_settings => $firewall_settings,
@@ -799,18 +807,13 @@ class cloud::loadbalancer(
cloud::loadbalancer::binding { 'trove_api_cluster': cloud::loadbalancer::binding { 'trove_api_cluster':
ip => $trove_api, ip => $trove_api,
port => $ks_trove_public_port, port => $ks_trove_public_port,
options => $common_tcp_options,
bind_options => $trove_bind_options, bind_options => $trove_bind_options,
firewall_settings => $firewall_settings, firewall_settings => $firewall_settings,
} }
cloud::loadbalancer::binding { 'glance_api_cluster': cloud::loadbalancer::binding { 'glance_api_cluster':
ip => $glance_api, ip => $glance_api,
options => { options => $common_tcp_options,
'mode' => 'tcp',
'balance' => 'source',
'option' => ['tcpka', 'tcplog', 'forwardfor'],
'timeout server' => '120m',
'timeout client' => '120m',
},
port => $ks_glance_api_public_port, port => $ks_glance_api_public_port,
bind_options => $glance_api_bind_options, bind_options => $glance_api_bind_options,
firewall_settings => $firewall_settings, firewall_settings => $firewall_settings,
@@ -818,45 +821,51 @@ class cloud::loadbalancer(
cloud::loadbalancer::binding { 'glance_registry_cluster': cloud::loadbalancer::binding { 'glance_registry_cluster':
ip => $glance_registry, ip => $glance_registry,
port => $ks_glance_registry_internal_port, port => $ks_glance_registry_internal_port,
options => $common_tcp_options,
bind_options => $glance_registry_bind_options, bind_options => $glance_registry_bind_options,
firewall_settings => $firewall_settings, firewall_settings => $firewall_settings,
} }
cloud::loadbalancer::binding { 'neutron_api_cluster': cloud::loadbalancer::binding { 'neutron_api_cluster':
ip => $neutron_api, ip => $neutron_api,
port => $ks_neutron_public_port, port => $ks_neutron_public_port,
options => $common_tcp_options,
bind_options => $neutron_bind_options, bind_options => $neutron_bind_options,
firewall_settings => $firewall_settings, firewall_settings => $firewall_settings,
} }
cloud::loadbalancer::binding { 'cinder_api_cluster': cloud::loadbalancer::binding { 'cinder_api_cluster':
ip => $cinder_api, ip => $cinder_api,
port => $ks_cinder_public_port, port => $ks_cinder_public_port,
options => $common_tcp_options,
bind_options => $cinder_bind_options, bind_options => $cinder_bind_options,
firewall_settings => $firewall_settings, firewall_settings => $firewall_settings,
} }
cloud::loadbalancer::binding { 'ceilometer_api_cluster': cloud::loadbalancer::binding { 'ceilometer_api_cluster':
ip => $ceilometer_api, ip => $ceilometer_api,
port => $ks_ceilometer_public_port, port => $ks_ceilometer_public_port,
options => $common_tcp_options,
bind_options => $ceilometer_bind_options, bind_options => $ceilometer_bind_options,
firewall_settings => $firewall_settings, firewall_settings => $firewall_settings,
} }
if 'ssl' in $heat_api_bind_options { if 'ssl' in $heat_api_bind_options {
$heat_api_options = { $heat_api_options = merge($common_tcp_options, {
'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }' } 'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }',
})
} else { } else {
$heat_api_options = {} $heat_api_options = $common_tcp_options
} }
cloud::loadbalancer::binding { 'heat_api_cluster': cloud::loadbalancer::binding { 'heat_api_cluster':
ip => $heat_api, ip => $heat_api,
port => $ks_heat_public_port, port => $ks_heat_public_port,
bind_options => $heat_api_bind_options,
options => $heat_api_options, options => $heat_api_options,
bind_options => $heat_api_bind_options,
firewall_settings => $firewall_settings, firewall_settings => $firewall_settings,
} }
if 'ssl' in $heat_cfn_bind_options { if 'ssl' in $heat_cfn_bind_options {
$heat_cfn_options = { $heat_cfn_options = merge($common_tcp_options, {
'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }' } 'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }',
})
} else { } else {
$heat_cfn_options = { } $heat_cfn_options = $common_tcp_options
} }
cloud::loadbalancer::binding { 'heat_cfn_api_cluster': cloud::loadbalancer::binding { 'heat_cfn_api_cluster':
ip => $heat_cfn_api, ip => $heat_cfn_api,
@@ -866,10 +875,11 @@ class cloud::loadbalancer(
firewall_settings => $firewall_settings, firewall_settings => $firewall_settings,
} }
if 'ssl' in $heat_cloudwatch_bind_options { if 'ssl' in $heat_cloudwatch_bind_options {
$heat_cloudwatch_options = { $heat_cloudwatch_options = merge($common_tcp_options, {
'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }' } 'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }',
})
} else { } else {
$heat_cloudwatch_options = { } $heat_cloudwatch_options = $common_tcp_options
} }
cloud::loadbalancer::binding { 'heat_cloudwatch_api_cluster': cloud::loadbalancer::binding { 'heat_cloudwatch_api_cluster':
ip => $heat_cloudwatch_api, ip => $heat_cloudwatch_api,
@@ -953,8 +963,8 @@ class cloud::loadbalancer(
'mode' => 'tcp', 'mode' => 'tcp',
'balance' => 'roundrobin', 'balance' => 'roundrobin',
'option' => ['tcpka', 'tcplog', 'httpchk'], #httpchk mandatory expect 200 on port 9000 'option' => ['tcpka', 'tcplog', 'httpchk'], #httpchk mandatory expect 200 on port 9000
'timeout client' => $galera_timeout, 'timeout client' => '90m',
'timeout server' => $galera_timeout, 'timeout server' => '90m',
}, },
bind_options => $galera_bind_options, bind_options => $galera_bind_options,
} }
@@ -976,8 +986,8 @@ class cloud::loadbalancer(
'mode' => 'tcp', 'mode' => 'tcp',
'balance' => 'roundrobin', 'balance' => 'roundrobin',
'option' => ['tcpka', 'tcplog', 'httpchk'], #httpchk mandatory expect 200 on port 9000 'option' => ['tcpka', 'tcplog', 'httpchk'], #httpchk mandatory expect 200 on port 9000
'timeout client' => $galera_timeout, 'timeout client' => '90m',
'timeout server' => $galera_timeout, 'timeout server' => '90m',
}, },
bind_options => $galera_bind_options, bind_options => $galera_bind_options,
} }

37
spec/classes/cloud_loadbalancer_spec.rb
View File

@@ -269,8 +269,8 @@ describe 'cloud::loadbalancer' do
'mode' => 'tcp', 'mode' => 'tcp',
'balance' => 'source', 'balance' => 'source',
'option' => ['tcpka', 'tcplog', 'forwardfor'], 'option' => ['tcpka', 'tcplog', 'forwardfor'],
'timeout server' => '120m', 'timeout server' => '90m',
'timeout client' => '120m' 'timeout client' => '90m'
} }
)} )}
end end
@@ -289,8 +289,8 @@ describe 'cloud::loadbalancer' do
'mode' => 'tcp', 'mode' => 'tcp',
'balance' => 'source', 'balance' => 'source',
'option' => ['tcpka', 'tcplog', 'forwardfor'], 'option' => ['tcpka', 'tcplog', 'forwardfor'],
'timeout server' => '120m', 'timeout server' => '90m',
'timeout client' => '120m' 'timeout client' => '90m'
} }
)} )}
end end
@@ -404,10 +404,11 @@ describe 'cloud::loadbalancer' do
:ipaddress => [params[:vip_public_ip]], :ipaddress => [params[:vip_public_ip]],
:ports => '8774', :ports => '8774',
:options => { :options => {
'mode' => 'http', 'mode' => 'tcp',
'option' => ['tcpka','forwardfor','tcplog','httpchk'], 'balance' => 'source',
'http-check' => 'expect ! rstatus ^5', 'option' => ['tcpka', 'tcplog', 'forwardfor'],
'balance' => 'roundrobin', 'timeout server' => '90m',
'timeout client' => '90m'
}, },
:bind_options => ['ssl', 'crt'] :bind_options => ['ssl', 'crt']
)} )}
@@ -423,10 +424,11 @@ describe 'cloud::loadbalancer' do
:ipaddress => [params[:vip_public_ip]], :ipaddress => [params[:vip_public_ip]],
:ports => '8776', :ports => '8776',
:options => { :options => {
'mode' => 'http', 'mode' => 'tcp',
'option' => ['tcpka','forwardfor','tcplog', 'httpchk'], 'balance' => 'source',
'http-check' => 'expect ! rstatus ^5', 'option' => ['tcpka', 'tcplog', 'forwardfor'],
'balance' => 'roundrobin', 'timeout server' => '90m',
'timeout client' => '90m'
}, },
:bind_options => ['something not secure'] :bind_options => ['something not secure']
)} )}
@@ -499,11 +501,12 @@ describe 'cloud::loadbalancer' do
:ipaddress => [params[:vip_public_ip]], :ipaddress => [params[:vip_public_ip]],
:ports => '8004', :ports => '8004',
:options => { :options => {
'mode' => 'tcp',
'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }', 'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }',
'mode' => 'http', 'balance' => 'source',
'option' => ['tcpka','forwardfor','tcplog', 'httpchk'], 'option' => ['tcpka', 'tcplog', 'forwardfor'],
'http-check' => 'expect ! rstatus ^5', 'timeout server' => '90m',
'balance' => 'roundrobin' 'timeout client' => '90m'
}, },
:bind_options => ['ssl', 'crt'] :bind_options => ['ssl', 'crt']
)} )}
@@ -519,6 +522,8 @@ describe 'cloud::loadbalancer' do
'mode' => 'tcp', 'mode' => 'tcp',
'balance' => 'roundrobin', 'balance' => 'roundrobin',
'option' => ['tcpka', 'tcplog', 'forwardfor'], 'option' => ['tcpka', 'tcplog', 'forwardfor'],
'timeout server' => '90m',
'timeout client' => '90m',
} }
)} )}
end end