From e52a7244a7fee449ddf112517346ff0e83966ef6 Mon Sep 17 00:00:00 2001 From: Sam Su Date: Fri, 21 Mar 2014 10:35:58 -0700 Subject: [PATCH] add haproxy Change-Id: I487200a373b4eed7ff36f00b1e0269b008cd19bd --- chef/cookbooks/cpu/.gitignore | 1 + chef/cookbooks/cpu/README.md | 98 +++++++ chef/cookbooks/cpu/attributes/default.rb | 1 + chef/cookbooks/cpu/libraries/default.rb | 18 ++ chef/cookbooks/cpu/metadata.json | 31 +++ chef/cookbooks/cpu/metadata.rb | 9 + chef/cookbooks/cpu/providers/affinity.rb | 25 ++ chef/cookbooks/cpu/providers/nice.rb | 25 ++ chef/cookbooks/cpu/recipes/affinity.rb | 26 ++ chef/cookbooks/cpu/recipes/default.rb | 19 ++ chef/cookbooks/cpu/recipes/governor.rb | 28 ++ chef/cookbooks/cpu/resources/affinity.rb | 12 + chef/cookbooks/cpu/resources/nice.rb | 12 + chef/cookbooks/haproxy/CHANGELOG.md | 106 ++++++++ chef/cookbooks/haproxy/README.md | 223 +++++++++++++++ chef/cookbooks/haproxy/attributes/default.rb | 193 +++++++++++++ .../haproxy/files/default/haproxy-default | 4 + chef/cookbooks/haproxy/libraries/default.rb | 11 + chef/cookbooks/haproxy/metadata.json | 257 ++++++++++++++++++ chef/cookbooks/haproxy/metadata.rb | 230 ++++++++++++++++ chef/cookbooks/haproxy/providers/lb.rb | 21 ++ chef/cookbooks/haproxy/recipes/app_lb.rb | 68 +++++ chef/cookbooks/haproxy/recipes/default.rb | 109 ++++++++ .../haproxy/recipes/install_package.rb | 34 +++ .../haproxy/recipes/install_source.rb | 77 ++++++ chef/cookbooks/haproxy/recipes/tcp_lb.rb | 75 +++++ chef/cookbooks/haproxy/recipes/tuning.rb | 26 ++ chef/cookbooks/haproxy/resources/lb.rb | 19 ++ .../templates/default/haproxy-init.erb | 165 +++++++++++ .../haproxy/templates/default/haproxy.cfg.erb | 36 +++ chef/databags/openstack/openstack.json | 10 + 31 files changed, 1969 insertions(+) create mode 100644 chef/cookbooks/cpu/.gitignore create mode 100644 chef/cookbooks/cpu/README.md create mode 100644 chef/cookbooks/cpu/attributes/default.rb create mode 100644 chef/cookbooks/cpu/libraries/default.rb create mode 100644 chef/cookbooks/cpu/metadata.json create mode 100644 chef/cookbooks/cpu/metadata.rb create mode 100644 chef/cookbooks/cpu/providers/affinity.rb create mode 100644 chef/cookbooks/cpu/providers/nice.rb create mode 100644 chef/cookbooks/cpu/recipes/affinity.rb create mode 100644 chef/cookbooks/cpu/recipes/default.rb create mode 100644 chef/cookbooks/cpu/recipes/governor.rb create mode 100644 chef/cookbooks/cpu/resources/affinity.rb create mode 100644 chef/cookbooks/cpu/resources/nice.rb create mode 100644 chef/cookbooks/haproxy/CHANGELOG.md create mode 100644 chef/cookbooks/haproxy/README.md create mode 100644 chef/cookbooks/haproxy/attributes/default.rb create mode 100644 chef/cookbooks/haproxy/files/default/haproxy-default create mode 100644 chef/cookbooks/haproxy/libraries/default.rb create mode 100644 chef/cookbooks/haproxy/metadata.json create mode 100644 chef/cookbooks/haproxy/metadata.rb create mode 100644 chef/cookbooks/haproxy/providers/lb.rb create mode 100644 chef/cookbooks/haproxy/recipes/app_lb.rb create mode 100644 chef/cookbooks/haproxy/recipes/default.rb create mode 100644 chef/cookbooks/haproxy/recipes/install_package.rb create mode 100644 chef/cookbooks/haproxy/recipes/install_source.rb create mode 100644 chef/cookbooks/haproxy/recipes/tcp_lb.rb create mode 100644 chef/cookbooks/haproxy/recipes/tuning.rb create mode 100644 chef/cookbooks/haproxy/resources/lb.rb create mode 100644 chef/cookbooks/haproxy/templates/default/haproxy-init.erb create mode 100644 chef/cookbooks/haproxy/templates/default/haproxy.cfg.erb diff --git a/chef/cookbooks/cpu/.gitignore b/chef/cookbooks/cpu/.gitignore new file mode 100644 index 0000000..3a4edf6 --- /dev/null +++ b/chef/cookbooks/cpu/.gitignore @@ -0,0 +1 @@ +.project diff --git a/chef/cookbooks/cpu/README.md b/chef/cookbooks/cpu/README.md new file mode 100644 index 0000000..5d9c831 --- /dev/null +++ b/chef/cookbooks/cpu/README.md @@ -0,0 +1,98 @@ +DESCRIPTION +=========== + +Chef cookbook to manage CPU related actions on linux. + +REQUIREMENTS +============ + +Linux 2.6+ +tested on Ubuntu. + +Attributes +========== + +* `node['cpu']['governor']` - governator for to set for the node + +Recipes +======= + +governor +---------- + +Set the governator for the node from attributes + +affinity +-------- + +Install software to set cpu affinity of a process. + +Resources and Providers +======================= + +`affinity` +---------- + +Set the affinity for a process. + +# Actions + +* `set` - Set affinity + +# Attribute Parameters + +* `cpu` : Cpu(s) affinity - required +* `pid` : Pid or PidFile - name + +# Examples + +``` +cpu_affinity 1234 do + cpu 0 +end +``` + +``` +# Set affinity to processor 0,1,2 for process nginx +cpu-affinity "set affinity for nginx" do + pid "/var/run/nginx.pid" + cpu "0-2" +end +``` + +`nice` +---------- + +Set the priority for a process. + +# Actions + +* `set` - Set priority + +# Attribute Parameters + +* `pid` : Pid or PidFile - name +* `priority` : priority for process + +# Examples + +``` +cpu_nice 1234 do + priority 12 +end +``` + +``` +cpu_nice "set affinity for nginx" do + pid "/var/run/nginx.pid" + priority 19 +end +``` + +USAGE +===== + +in a recipe: + + node.set["node"]["cpu"]["governor"] = "performance" + include_recipe "cpu::governor" diff --git a/chef/cookbooks/cpu/attributes/default.rb b/chef/cookbooks/cpu/attributes/default.rb new file mode 100644 index 0000000..3e101d2 --- /dev/null +++ b/chef/cookbooks/cpu/attributes/default.rb @@ -0,0 +1 @@ +default["cpu"]["governor"] = "ondemand" diff --git a/chef/cookbooks/cpu/libraries/default.rb b/chef/cookbooks/cpu/libraries/default.rb new file mode 100644 index 0000000..47168f9 --- /dev/null +++ b/chef/cookbooks/cpu/libraries/default.rb @@ -0,0 +1,18 @@ +def findpid(pidOrFile) + if ::File.file?(pidOrFile) + if ::File.readable?(pidOrFile) + pid = ::File.read(pidOrFile).to_i + else + Chef::Log.error("File #{pidOrFile} isn't readable") + end + else + pid = pidOrFile.to_i + end + # Test if pid exist + begin + Process.getpgid( pid ) + rescue Errno::ESRCH + Chef::Log.error("Pid #{pid} not found") + end + return pid +end diff --git a/chef/cookbooks/cpu/metadata.json b/chef/cookbooks/cpu/metadata.json new file mode 100644 index 0000000..7951d53 --- /dev/null +++ b/chef/cookbooks/cpu/metadata.json @@ -0,0 +1,31 @@ +{ + "name": "cpu", + "description": "Manage CPU Governor on linux", + "long_description": "DESCRIPTION\n===========\n\nChef cookbook to manage CPU related actions on linux.\n\nREQUIREMENTS\n============\n\nLinux 2.6+\ntested on Ubuntu.\n\nAttributes\n==========\n\n* `node['cpu']['governor']` - governator for to set for the node\n\nRecipes\n=======\n\ngovernor\n----------\n\nSet the governator for the node from attributes\n\naffinity\n--------\n\nInstall software to set cpu affinity of a process.\n\nResources and Providers\n=======================\n\n`affinity`\n----------\n\nSet the affinity for a process.\n\n# Actions\n\n* `set` - Set affinity\n\n# Attribute Parameters\n\n* `cpu` : Cpu(s) affinity - required\n* `pid` : Pid or PidFile - name\n\n# Examples\n\n```\ncpu_affinity 1234 do\n cpu 0\nend\n```\n\n```\n# Set affinity to processor 0,1,2 for process nginx\ncpu-affinity \"set affinity for nginx\" do\n pid \"/var/run/nginx.pid\"\n cpu \"0-2\"\nend\n```\n\n`nice`\n----------\n\nSet the priority for a process.\n\n# Actions\n\n* `set` - Set priority\n\n# Attribute Parameters\n\n* `pid` : Pid or PidFile - name\n* `priority` : priority for process\n\n# Examples\n\n```\ncpu_nice 1234 do\n priority 12\nend\n```\n\n```\ncpu_nice \"set affinity for nginx\" do\n pid \"/var/run/nginx.pid\"\n priority 19\nend\n```\n\nUSAGE\n=====\n\nin a recipe:\n\n node.set[\"node\"][\"cpu\"][\"governor\"] = \"performance\"\n include_recipe \"cpu::governor\"\n", + "maintainer": "Guilhem Lettron", + "maintainer_email": "guilhem.lettron@youscribe.com", + "license": "Apache v2.0", + "platforms": { + "ubuntu": ">= 0.0.0", + "debian": ">= 0.0.0" + }, + "dependencies": { + }, + "recommendations": { + }, + "suggestions": { + }, + "conflicting": { + }, + "providing": { + }, + "replacing": { + }, + "attributes": { + }, + "groupings": { + }, + "recipes": { + }, + "version": "0.2.0" +} \ No newline at end of file diff --git a/chef/cookbooks/cpu/metadata.rb b/chef/cookbooks/cpu/metadata.rb new file mode 100644 index 0000000..95475da --- /dev/null +++ b/chef/cookbooks/cpu/metadata.rb @@ -0,0 +1,9 @@ +name "cpu" +maintainer "Guilhem Lettron" +maintainer_email "guilhem.lettron@youscribe.com" +license "Apache v2.0" +description "Manage CPU Governor on linux" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "0.2.0" +supports "ubuntu" +supports "debian" diff --git a/chef/cookbooks/cpu/providers/affinity.rb b/chef/cookbooks/cpu/providers/affinity.rb new file mode 100644 index 0000000..75fbcc0 --- /dev/null +++ b/chef/cookbooks/cpu/providers/affinity.rb @@ -0,0 +1,25 @@ +# +# Cookbook Name:: cpu +# Provider:: cpu_affinity +# Author:: Guilhem Lettron +# +# Copyright 20012, Societe Publica. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +action :set do + execute "set affinity" do + command "taskset --cpu-list --pid #{new_resource.cpu} #{findpid(new_resource.pid)}" + end +end diff --git a/chef/cookbooks/cpu/providers/nice.rb b/chef/cookbooks/cpu/providers/nice.rb new file mode 100644 index 0000000..f7aac97 --- /dev/null +++ b/chef/cookbooks/cpu/providers/nice.rb @@ -0,0 +1,25 @@ +# +# Cookbook Name:: cpu +# Provider:: cpu_nice +# Author:: Guilhem Lettron +# +# Copyright 2012, Societe Publica. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +action :set do + execute "set nice" do + command "renice #{new_resource.priority} #{findpid(new_resource.pid)}" + end +end diff --git a/chef/cookbooks/cpu/recipes/affinity.rb b/chef/cookbooks/cpu/recipes/affinity.rb new file mode 100644 index 0000000..61329ad --- /dev/null +++ b/chef/cookbooks/cpu/recipes/affinity.rb @@ -0,0 +1,26 @@ +# +# Cookbook Name:: cpu +# Author:: Guilhem Lettron +# +# Copyright 2012, Societe Publica. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +case node['platform_family'] +when "debian" + package "util-linux" +when "rhel" + package "schedutils" +end + diff --git a/chef/cookbooks/cpu/recipes/default.rb b/chef/cookbooks/cpu/recipes/default.rb new file mode 100644 index 0000000..7070975 --- /dev/null +++ b/chef/cookbooks/cpu/recipes/default.rb @@ -0,0 +1,19 @@ +# +# Cookbook Name:: cpu +# Author:: Guilhem Lettron +# +# Copyright 2012, Societe Publica. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + diff --git a/chef/cookbooks/cpu/recipes/governor.rb b/chef/cookbooks/cpu/recipes/governor.rb new file mode 100644 index 0000000..de34404 --- /dev/null +++ b/chef/cookbooks/cpu/recipes/governor.rb @@ -0,0 +1,28 @@ +# +# Cookbook Name:: cpu +# Author:: Guilhem Lettron +# +# Copyright 2012, Societe Publica. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +package "cpufrequtils" + +for i in 0..(node["cpu"]["total"] - 1) + execute "set governator" do + command "cpufreq-set --cpu #{i} --governor #{node["cpu"]["governor"]}" + action :run + only_if "cpufreq-info --cpu #{i} --governors | grep #{node["cpu"]["governor"]}" + end +end diff --git a/chef/cookbooks/cpu/resources/affinity.rb b/chef/cookbooks/cpu/resources/affinity.rb new file mode 100644 index 0000000..10ba431 --- /dev/null +++ b/chef/cookbooks/cpu/resources/affinity.rb @@ -0,0 +1,12 @@ +actions :set + +default_action :set + +attribute :pid, :kind_of => [String, Integer], :name_attribute => true +attribute :cpu, :kind_of => [String, Integer], :required => true + +# Covers 0.10.8 and earlier +def initialize(*args) + super + @action = :set +end diff --git a/chef/cookbooks/cpu/resources/nice.rb b/chef/cookbooks/cpu/resources/nice.rb new file mode 100644 index 0000000..679d892 --- /dev/null +++ b/chef/cookbooks/cpu/resources/nice.rb @@ -0,0 +1,12 @@ +actions :set + +default_action :set + +attribute :pid, :kind_of => [String, Integer], :name_attribute => true +attribute :priority, :kind_of => Integer, :required => true + +# Covers 0.10.8 and earlier +def initialize(*args) + super + @action = :set +end diff --git a/chef/cookbooks/haproxy/CHANGELOG.md b/chef/cookbooks/haproxy/CHANGELOG.md new file mode 100644 index 0000000..7e9a301 --- /dev/null +++ b/chef/cookbooks/haproxy/CHANGELOG.md @@ -0,0 +1,106 @@ +haproxy Cookbook CHANGELOG +========================== +This file is used to list changes made in each version of the haproxy cookbook. + + +v1.6.2 +------ +### Bug +- **[COOK-3424](https://tickets.opscode.com/browse/COOK-3424)** - Haproxy cookbook attempts to alter an immutable attribute + +### New Feature +- **[COOK-3135](https://tickets.opscode.com/browse/COOK-3135)** - Allow setting of members with default recipe without changing the template + + +v1.6.2 +------ +### Bug +- **[COOK-3424](https://tickets.opscode.com/browse/COOK-3424)** - Haproxy cookbook attempts to alter an immutable attribute + +### New Feature +- **[COOK-3135](https://tickets.opscode.com/browse/COOK-3135)** - Allow setting of members with default recipe without changing the template + + +v1.6.0 +------ +### New Feature +- Allow setting of members with default recipe without changing the template + + +v1.5.0 +------ +### Improvement +- **[COOK-3660](https://tickets.opscode.com/browse/COOK-3660)** - Make haproxy socket default user group configurable +- **[COOK-3537](https://tickets.opscode.com/browse/COOK-3537)** - Add OpenSSL and zlib source configurations + +### New Feature +- **[COOK-2384](https://tickets.opscode.com/browse/COOK-2384)** - Add LWRP for multiple haproxy sites/configs + +v1.4.0 +------ +### Improvement +- **[COOK-3237](https://tickets.opscode.com/browse/COOK-3237)** - Enable cookie-based persistence in a backend +- **[COOK-3216](https://tickets.opscode.com/browse/COOK-3216)** - Add metadata attributes + +### New Feature +- **[COOK-3211](https://tickets.opscode.com/browse/COOK-3211)** - Support RHEL +- **[COOK-3133](https://tickets.opscode.com/browse/COOK-3133)** - Allow configuration of a global stats socket + +v1.3.2 +------ +### Bug +- [COOK-3046]: haproxy default recipe broken by COOK-2656 + +### Task +- [COOK-2009]: Add test-kitchen support to haproxy + +v1.3.0 +------ +### Improvement +- [COOK-2656]: Unify the haproxy.cfg with that from app_lb + +### New Feature +- [COOK-1488]: Provide an option to build haproxy from source + +v1.2.0 +------ +- [COOK-1936] - use frontend / backend logic +- [COOK-1937] - cleanup for configurations +- [COOK-1938] - more flexibility for options +- [COOK-1939] - reloading haproxy is better than restarting +- [COOK-1940] - haproxy stats listen on 0.0.0.0 by default +- [COOK-1944] - improve haproxy performance + +v1.1.4 +------ +- [COOK-1839] - add httpchk configuration to `app_lb` template + +v1.1.0 +------ +- [COOK-1275] - haproxy-default.erb should be a cookbook_file +- [COOK-1594] - Template-Service ordering issue in app_lb recipe + +v1.0.6 +------ +- [COOK-1310] - redispatch flag has changed + +v1.0.4 +------ +- [COOK-806] - load balancer should include an SSL option +- [COOK-805] - Fundamental haproxy load balancer options should be configurable + +v1.0.3 +------ +- [COOK-620] haproxy::app_lb's template should use the member cloud private IP by default + +v1.0.2 +------ +- fix regression introduced in v1.0.1 + +v1.0.1 +------ +- account for the case where load balancer is in the pool + +v1.0.0 +------ +- Use `node.chef_environment` instead of `node['app_environment']` diff --git a/chef/cookbooks/haproxy/README.md b/chef/cookbooks/haproxy/README.md new file mode 100644 index 0000000..8d431f8 --- /dev/null +++ b/chef/cookbooks/haproxy/README.md @@ -0,0 +1,223 @@ +haproxy Cookbook +================ +Installs haproxy and prepares the configuration location. + + +Requirements +------------ +### Platforms +- Ubuntu (10.04+ due to config option change) +- Redhat (6.0+) +- Debian (6.0+) + + +Attributes +---------- +- `node['haproxy']['incoming_address']` - sets the address to bind the haproxy process on, 0.0.0.0 (all addresses) by default +- `node['haproxy']['incoming_port']` - sets the port on which haproxy listens +- `node['haproxy']['members']` - used by the default recipe to specify the member systems to add. Default + + ```ruby + [{ + "hostname" => "localhost", + "ipaddress" => "127.0.0.1", + "port" => 4000, + "ssl_port" => 4000 + }, { + "hostname" => "localhost", + "ipaddress" => "127.0.0.1", + "port" => 4001, + "ssl_port" => 4001 + }] + ``` + +- `node['haproxy']['member_port']` - the port that member systems will + be listening on if not otherwise specified in the members attribute, default 8080 +- `node['haproxy']['member_weight']` - the weight to apply to member systems if not otherwise specified in the members attribute, default 1 +- `node['haproxy']['app_server_role']` - used by the `app_lb` recipe to search for a specific role of member systems. Default `webserver`. +- `node['haproxy']['balance_algorithm']` - sets the load balancing algorithm; defaults to roundrobin. +- `node['haproxy']['enable_ssl']` - whether or not to create listeners for ssl, default false +- `node['haproxy']['ssl_incoming_address']` - sets the address to bind the haproxy on for SSL, 0.0.0.0 (all addresses) by default +- `node['haproxy']['ssl_member_port']` - the port that member systems will be listening on for ssl, default 8443 +- `node['haproxy']['ssl_incoming_port']` - sets the port on which haproxy listens for ssl, default 443 +- `node['haproxy']['httpchk']` - used by the `app_lb` recipe. If set, will configure httpchk in haproxy.conf +- `node['haproxy']['ssl_httpchk']` - used by the `app_lb` recipe. If set and `enable_ssl` is true, will configure httpchk in haproxy.conf for the `ssl_application` section +- `node['haproxy']['enable_admin']` - whether to enable the admin interface. default true. Listens on port 22002. +- `node['haproxy']['admin']['address_bind']` - sets the address to bind the administrative interface on, 127.0.0.1 by default +- `node['haproxy']['admin']['port']` - sets the port for the administrative interface, 22002 by default +- `node['haproxy']['pid_file']` - the PID file of the haproxy process, used in the tuning recipe. +- `node['haproxy']['defaults_options']` - an array of options to use for the config file's `defaults` stanza, default is ["httplog", "dontlognull", "redispatch"] +- `node['haproxy']['defaults_timeouts']['connect']` - connect timeout in defaults stanza +- `node['haproxy']['defaults_timeouts']['client']` - client timeout in defaults stanza +- `node['haproxy']['defaults_timeouts']['server']` - server timeout in defaults stanza +- `node['haproxy']['x_forwarded_for']` - if true, creates an X-Forwarded-For header containing the original client's IP address. This option disables KeepAlive. +- `node['haproxy']['member_max_connections']` - the maxconn value to be set for each app server +- `node['haproxy']['cookie']` - if set, use this to pin connection to the same server with a cookie. +- `node['haproxy']['user']` - user that haproxy runs as +- `node['haproxy']['group']` - group that haproxy runs as +- `node['haproxy']['global_max_connections']` - in the `app_lb` config, set the global maxconn +- `node['haproxy']['member_max_connections']` - the maxconn value to + be set for each app server if not otherwise specified in the members attribute +- `node['haproxy']['frontend_max_connections']` - in the `app_lb` config, set the the maxconn per frontend member +- `node['haproxy']['frontend_ssl_max_connections']` - in the `app_lb` config, set the maxconn per frontend member using SSL +- `node['haproxy']['install_method']` - determines which method is used to install haproxy, must be 'source' or 'package'. defaults to 'package' +- `node['haproxy']['conf_dir']` - the location of the haproxy config file +- `node['haproxy']['source']['version']` - the version of haproxy to install +- `node['haproxy']['source']['url']` - the full URL to the haproxy source package +- `node['haproxy']['source']['checksum']` - the checksum of the haproxy source package +- `node['haproxy']['source']['prefix']` - the prefix used to `make install` haproxy +- `node['haproxy']['source']['target_os']` - the target used to `make` haproxy +- `node['haproxy']['source']['target_cpu']` - the target cpu used to `make` haproxy +- `node['haproxy']['source']['target_arch']` - the target arch used to `make` haproxy +- `node['haproxy']['source']['use_pcre']` - whether to build with libpcre support + +Recipes +------- +### default +Sets up haproxy using statically defined configuration. To override the configuration, modify the templates/default/haproxy.cfg.erb file directly, or supply your own and override the cookbook and source by reopening the `template[/etc/haproxy/haproxy.cfg]` resource. + +### app_lb +Sets up haproxy using dynamically defined configuration through search. See __Usage__ below. + +### tuning +Uses the community `cpu` cookbook's `cpu_affinity` LWRP to set affinity for the haproxy process. + +### install_package +Installs haproxy through the package manager. Used by the `default` and `app_lb` recipes. + +### install_source +Installs haproxy from source. Used by the `default` and `app_lb` recipes. + + +Providers +--------- +### haproxy_lb +Configure a part of haproxy (`frontend|backend|listen`). It is used in `default` and `app_lb` recipe to configure default frontends and backends. Several common options can be set as attributes of the LWRP. Others can always be set with the `params` attribute. For instance, + +```ruby +haproxy_lb 'rabbitmq' do + bind '0.0.0.0:5672' + mode 'tcp' + servers (1..4).map do |i| + "rmq#{i} 10.0.0.#{i}:5672 check inter 10s rise 2 fall 3" + end + params({ + 'maxconn' => 20000, + 'balance' => 'roundrobin' + }) +end +``` + +which will be translated into: + +```text +listen rabbitmq' + bind 0.0.0.0:5672 + mode tcp + rmq1 10.0.0.1:5672 check inter 10s rise 2 fall 3 + rmq2 10.0.0.2:5672 check inter 10s rise 2 fall 3 + rmq3 10.0.0.3:5672 check inter 10s rise 2 fall 3 + rmq4 10.0.0.4:5672 check inter 10s rise 2 fall 3 + maxconn 20000 + balance roundrobin +``` + +All options can also be set in the params instead. In that case, you might want to provide an array to params attributes to avoid conflicts for options occuring several times. + +```ruby +haproxy_lb 'rabbitmq' do + params([ + 'bind 0.0.0.0:5672', + 'mode tcp', + 'rmq1 10.0.0.1:5672 check inter 10s rise 2 fall 3', + 'rmq2 10.0.0.2:5672 check inter 10s rise 2 fall 3', + 'rmq3 10.0.0.3:5672 check inter 10s rise 2 fall 3', + 'rmq4 10.0.0.4:5672 check inter 10s rise 2 fall 3', + 'maxconn' => 20000, + 'balance' => 'roundrobin' + ]) +end +``` + +which will give the same result. + +Finally you can also configure frontends and backends by specify the type attribute of the resource. See example in the default recipe. + +Instead of using lwrp, you can use `node['haproxy']['listeners']` to configure all kind of listeners (`listen`, `frontend` and `backend`) + + +Usage +----- +Use either the default recipe or the `app_lb` recipe. + +When using the default recipe, the members attribute specifies the http application servers. If you wish to use the `node['haproxy']['listeners']` attribute or `haproxy_lb` lwrp instead then set `node['haproxy']['enable_default_http']` to `false`. + +```ruby +"haproxy" => { + "members" => [{ + "hostname" => "appserver1", + "ipaddress" => "123.123.123.1", + "port" => 8000, + "ssl_port" => 8443, + "weight" => 1, + "max_connections" => 100 + }, { + "hostname" => "appserver2", + "ipaddress" => "123.123.123.2", + "port" => 8000, + "ssl_port" => 8443, + "weight" => 1, + "max_connections" => 100 + }, { + "hostname" => "appserver3", + "ipaddress" => "123.123.123.3", + "port" => 8000, + "ssl_port" => 8443, + "weight" => 1, + "max_connections" => 100 + }] +} +``` + +Note that the following attributes are optional + +- `port` will default to the value of `node['haproxy']['member_port']` +- `ssl_port` will default to the value of `node['haproxy']['ssl_member_port']` +- `weight` will default to the value of `node['haproxy']['member_weight']` +- `max_connections` will default to the value of `node['haproxy']['member_max_connections']` + +The `app_lb` recipe is designed to be used with the application cookbook, and provides search mechanism to find the appropriate application servers. Set this in a role that includes the haproxy::app_lb recipe. For example, + +```ruby +name 'load_balancer' +description 'haproxy load balancer' +run_list('recipe[haproxy::app_lb]') +override_attributes( + 'haproxy' => { + 'app_server_role' => 'webserver' + } +) +``` + +The search uses the node's `chef_environment`. For example, create `environments/production.rb`, then upload it to the server with knife + + +License & Authors +----------------- +- Author:: Joshua Timberman () + +```text +Copyright:: 2009-2013, Opscode, Inc + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +``` diff --git a/chef/cookbooks/haproxy/attributes/default.rb b/chef/cookbooks/haproxy/attributes/default.rb new file mode 100644 index 0000000..3b56215 --- /dev/null +++ b/chef/cookbooks/haproxy/attributes/default.rb @@ -0,0 +1,193 @@ +# +# Cookbook Name:: haproxy +# Default:: default +# +# Copyright 2010, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +default['haproxy']['enable_default_http'] = true +default['haproxy']['incoming_address'] = "0.0.0.0" +default['haproxy']['incoming_port'] = 80 +default['haproxy']['members'] = [{ + "hostname" => "localhost", + "ipaddress" => "127.0.0.1", + "port" => 4000, + "ssl_port" => 4000 +}, { + "hostname" => "localhost", + "ipaddress" => "127.0.0.1", + "port" => 4001, + "ssl_port" => 4001 +}] +default['haproxy']['member_port'] = 8080 +default['haproxy']['member_weight'] = 1 +default['haproxy']['app_server_role'] = "os-compute-conductor" +default['haproxy']['balance_algorithm'] = "source" +default['haproxy']['enable_ssl'] = false +default['haproxy']['ssl_incoming_address'] = "0.0.0.0" +default['haproxy']['ssl_incoming_port'] = 443 +default['haproxy']['ssl_member_port'] = 8443 +default['haproxy']['httpchk'] = nil +default['haproxy']['ssl_httpchk'] = nil +default['haproxy']['enable_admin'] = true +default['haproxy']['admin']['address_bind'] = "10.145.88.152" +default['haproxy']['admin']['port'] = 22002 +default['haproxy']['enable_stats_socket'] = false +default['haproxy']['stats_socket_path'] = "/var/run/haproxy.sock" +default['haproxy']['stats_socket_user'] = node['haproxy']['user'] +default['haproxy']['stats_socket_group'] = node['haproxy']['group'] +default['haproxy']['pid_file'] = "/var/run/haproxy.pid" + +default['haproxy']['defaults_options'] = ["tcpka", "httpchk", "tcplog"] +default['haproxy']['x_forwarded_for'] = false +default['haproxy']['defaults_timeouts']['connect'] = "5s" +default['haproxy']['defaults_timeouts']['client'] = "50s" +default['haproxy']['defaults_timeouts']['server'] = "50s" +default['haproxy']['cookie'] = nil + +default['haproxy']['user'] = "haproxy" +default['haproxy']['group'] = "haproxy" + +default['haproxy']['global_max_connections'] = 4096 +default['haproxy']['member_max_connections'] = 100 +default['haproxy']['frontend_max_connections'] = 2000 +default['haproxy']['frontend_ssl_max_connections'] = 2000 + +default['haproxy']['install_method'] = 'package' +default['haproxy']['conf_dir'] = '/etc/haproxy' + +default['haproxy']['source']['version'] = '1.4.22' +default['haproxy']['source']['url'] = 'http://haproxy.1wt.eu/download/1.4/src/haproxy-1.4.22.tar.gz' +default['haproxy']['source']['checksum'] = 'ba221b3eaa4d71233230b156c3000f5c2bd4dace94d9266235517fe42f917fc6' +default['haproxy']['source']['prefix'] = '/usr/local' +default['haproxy']['source']['target_os'] = 'generic' +default['haproxy']['source']['target_cpu'] = '' +default['haproxy']['source']['target_arch'] = '' +default['haproxy']['source']['use_pcre'] = false +default['haproxy']['source']['use_openssl'] = false +default['haproxy']['source']['use_zlib'] = false + +default['haproxy']['listeners'] = { + 'listen' => {}, + 'frontend' => {}, + 'backend' => {} +} + +default['haproxy']['services'] = { + "dashboard_http" => { + "role" => "os-compute-single-controller", + "frontend_port" => "80", + "backend_port" => "80", + "balance" => "source", + "options" => [ "capture cookie vgnvisitor= len 32", \ + "cookie SERVERID insert indirect nocache", \ + "mode http", \ + "option forwardfor", \ + "option httpchk", \ + "option httpclose", \ + "rspidel ^Set-cookie:\ IP="] + }, + "dashboard_https" => { + "role" => "os-compute-single-controller", + "frontend_port" => "443", + "backend_port" => "443", + "balance" => "source", + "options" => [ "option tcpka", "option httpchk", "option tcplog"] + }, + "glance_api" => { + "role" => "os-compute-single-controller", + "frontend_port" => "9292", + "backend_port" => "9292", + "balance" => "source", + "options" => [ "option tcpka", "option httpchk", "option tcplog"] + }, + "glance_registry_cluster" => { + "role" => "os-compute-single-controller", + "frontend_port" => "9191", + "backend_port" => "9191", + "balance" => "source", + "options" => [ "option tcpka", "option httpchk", "option tcplog"] + }, + "keystone_admin" => { + "role" => "os-compute-single-controller", + "frontend_port" => "35357", + "backend_port" => "35357", + "balance" => "source", + "options" => [ "option tcpka", "option httpchk", "option tcplog"] + }, + "keystone_public_internal" => { + "role" => "os-compute-single-controller", + "frontend_port" => "5000", + "backend_port" => "5000", + "balance" => "source", + "options" => [ "option tcpka", "option httpchk", "option tcplog"] + }, + "nova_ec2_api" => { + "role" => "os-compute-single-controller", + "frontend_port" => "8773", + "backend_port" => "8773", + "balance" => "source", + "options" => [ "option tcpka", "option httpchk", "option tcplog"] + }, + "nova_compute_api" => { + "role" => "os-compute-single-controller", + "frontend_port" => "8774", + "backend_port" => "8774", + "balance" => "source", + "options" => [ "option tcpka", "option httpchk", "option tcplog"] + }, + "nova_metadata_api" => { + "role" => "os-compute-single-controller", + "frontend_port" => "8775", + "backend_port" => "8775", + "balance" => "source", + "options" => [ "option tcpka", "option httpchk", "option tcplog"] + }, + "cinder_api" => { + "role" => "os-compute-single-controller", + "frontend_port" => "8776", + "backend_port" => "8776", + "balance" => "source", + "options" => [ "option tcpka", "option httpchk", "option tcplog"] + }, + "ceilometer_api" => { + "role" => "os-compute-single-controller", + "frontend_port" => "8777", + "backend_port" => "8777", + "balance" => "source", + "options" => [ "option tcpka", "option httpchk", "option tcplog"] + }, + "spice" => { + "role" => "os-compute-single-controller", + "frontend_port" => "6082", + "backend_port" => "6082", + "balance" => "source", + "options" => [ "option tcpka", "option httpchk", "option tcplog"] + }, + "neutron_api" => { + "role" => "os-compute-single-controller", + "frontend_port" => "9696", + "backend_port" => "9696", + "balance" => "source", + "options" => [ "option tcpka", "option httpchk", "option tcplog"] + }, + "swift_proxy" => { + "role" => "os-compute-single-controller", + "frontend_port" => "8080", + "backend_port" => "8080", + "balance" => "source", + "options" => [ "option tcpka", "option httpchk", "option tcplog"] + } +} diff --git a/chef/cookbooks/haproxy/files/default/haproxy-default b/chef/cookbooks/haproxy/files/default/haproxy-default new file mode 100644 index 0000000..9a2ee79 --- /dev/null +++ b/chef/cookbooks/haproxy/files/default/haproxy-default @@ -0,0 +1,4 @@ +# Set ENABLED to 1 if you want the init script to start haproxy. +ENABLED=1 +# Add extra flags here. +#EXTRAOPTS="-de -m 16" diff --git a/chef/cookbooks/haproxy/libraries/default.rb b/chef/cookbooks/haproxy/libraries/default.rb new file mode 100644 index 0000000..cf416a2 --- /dev/null +++ b/chef/cookbooks/haproxy/libraries/default.rb @@ -0,0 +1,11 @@ +def haproxy_defaults_options + options = node['haproxy']['defaults_options'].dup + if node['haproxy']['x_forwarded_for'] + options.push("forwardfor") + end + return options.uniq +end + +def haproxy_defaults_timeouts + node['haproxy']['defaults_timeouts'] +end diff --git a/chef/cookbooks/haproxy/metadata.json b/chef/cookbooks/haproxy/metadata.json new file mode 100644 index 0000000..d96f614 --- /dev/null +++ b/chef/cookbooks/haproxy/metadata.json @@ -0,0 +1,257 @@ +{ + "name": "haproxy", + "version": "1.6.2", + "description": "Installs and configures haproxy", + "long_description": "haproxy Cookbook\n================\nInstalls haproxy and prepares the configuration location.\n\n\nRequirements\n------------\n### Platforms\n- Ubuntu (10.04+ due to config option change)\n- Redhat (6.0+)\n- Debian (6.0+)\n\n\nAttributes\n----------\n- `node['haproxy']['incoming_address']` - sets the address to bind the haproxy process on, 0.0.0.0 (all addresses) by default\n- `node['haproxy']['incoming_port']` - sets the port on which haproxy listens\n- `node['haproxy']['members']` - used by the default recipe to specify the member systems to add. Default\n\n ```ruby\n [{\n \"hostname\" => \"localhost\",\n \"ipaddress\" => \"127.0.0.1\",\n \"port\" => 4000,\n \"ssl_port\" => 4000\n }, {\n \"hostname\" => \"localhost\",\n \"ipaddress\" => \"127.0.0.1\",\n \"port\" => 4001,\n \"ssl_port\" => 4001\n }]\n ```\n\n- `node['haproxy']['member_port']` - the port that member systems will\n be listening on if not otherwise specified in the members attribute, default 8080\n- `node['haproxy']['member_weight']` - the weight to apply to member systems if not otherwise specified in the members attribute, default 1\n- `node['haproxy']['app_server_role']` - used by the `app_lb` recipe to search for a specific role of member systems. Default `webserver`.\n- `node['haproxy']['balance_algorithm']` - sets the load balancing algorithm; defaults to roundrobin.\n- `node['haproxy']['enable_ssl']` - whether or not to create listeners for ssl, default false\n- `node['haproxy']['ssl_incoming_address']` - sets the address to bind the haproxy on for SSL, 0.0.0.0 (all addresses) by default\n- `node['haproxy']['ssl_member_port']` - the port that member systems will be listening on for ssl, default 8443\n- `node['haproxy']['ssl_incoming_port']` - sets the port on which haproxy listens for ssl, default 443\n- `node['haproxy']['httpchk']` - used by the `app_lb` recipe. If set, will configure httpchk in haproxy.conf\n- `node['haproxy']['ssl_httpchk']` - used by the `app_lb` recipe. If set and `enable_ssl` is true, will configure httpchk in haproxy.conf for the `ssl_application` section\n- `node['haproxy']['enable_admin']` - whether to enable the admin interface. default true. Listens on port 22002.\n- `node['haproxy']['admin']['address_bind']` - sets the address to bind the administrative interface on, 127.0.0.1 by default\n- `node['haproxy']['admin']['port']` - sets the port for the administrative interface, 22002 by default\n- `node['haproxy']['pid_file']` - the PID file of the haproxy process, used in the tuning recipe.\n- `node['haproxy']['defaults_options']` - an array of options to use for the config file's `defaults` stanza, default is [\"httplog\", \"dontlognull\", \"redispatch\"]\n- `node['haproxy']['defaults_timeouts']['connect']` - connect timeout in defaults stanza\n- `node['haproxy']['defaults_timeouts']['client']` - client timeout in defaults stanza\n- `node['haproxy']['defaults_timeouts']['server']` - server timeout in defaults stanza\n- `node['haproxy']['x_forwarded_for']` - if true, creates an X-Forwarded-For header containing the original client's IP address. This option disables KeepAlive.\n- `node['haproxy']['member_max_connections']` - the maxconn value to be set for each app server\n- `node['haproxy']['cookie']` - if set, use this to pin connection to the same server with a cookie.\n- `node['haproxy']['user']` - user that haproxy runs as\n- `node['haproxy']['group']` - group that haproxy runs as\n- `node['haproxy']['global_max_connections']` - in the `app_lb` config, set the global maxconn\n- `node['haproxy']['member_max_connections']` - the maxconn value to\n be set for each app server if not otherwise specified in the members attribute\n- `node['haproxy']['frontend_max_connections']` - in the `app_lb` config, set the the maxconn per frontend member\n- `node['haproxy']['frontend_ssl_max_connections']` - in the `app_lb` config, set the maxconn per frontend member using SSL\n- `node['haproxy']['install_method']` - determines which method is used to install haproxy, must be 'source' or 'package'. defaults to 'package'\n- `node['haproxy']['conf_dir']` - the location of the haproxy config file\n- `node['haproxy']['source']['version']` - the version of haproxy to install\n- `node['haproxy']['source']['url']` - the full URL to the haproxy source package\n- `node['haproxy']['source']['checksum']` - the checksum of the haproxy source package\n- `node['haproxy']['source']['prefix']` - the prefix used to `make install` haproxy\n- `node['haproxy']['source']['target_os']` - the target used to `make` haproxy\n- `node['haproxy']['source']['target_cpu']` - the target cpu used to `make` haproxy\n- `node['haproxy']['source']['target_arch']` - the target arch used to `make` haproxy\n- `node['haproxy']['source']['use_pcre']` - whether to build with libpcre support\n\nRecipes\n-------\n### default\nSets up haproxy using statically defined configuration. To override the configuration, modify the templates/default/haproxy.cfg.erb file directly, or supply your own and override the cookbook and source by reopening the `template[/etc/haproxy/haproxy.cfg]` resource.\n\n### app_lb\nSets up haproxy using dynamically defined configuration through search. See __Usage__ below.\n\n### tuning\nUses the community `cpu` cookbook's `cpu_affinity` LWRP to set affinity for the haproxy process.\n\n### install_package\nInstalls haproxy through the package manager. Used by the `default` and `app_lb` recipes.\n\n### install_source\nInstalls haproxy from source. Used by the `default` and `app_lb` recipes.\n\n\nProviders\n---------\n### haproxy_lb\nConfigure a part of haproxy (`frontend|backend|listen`). It is used in `default` and `app_lb` recipe to configure default frontends and backends. Several common options can be set as attributes of the LWRP. Others can always be set with the `params` attribute. For instance,\n\n```ruby\nhaproxy_lb 'rabbitmq' do\n bind '0.0.0.0:5672'\n mode 'tcp'\n servers (1..4).map do |i|\n \"rmq#{i} 10.0.0.#{i}:5672 check inter 10s rise 2 fall 3\"\n end\n params({\n 'maxconn' => 20000,\n 'balance' => 'roundrobin'\n })\nend\n```\n\nwhich will be translated into:\n\n```text\nlisten rabbitmq'\n bind 0.0.0.0:5672\n mode tcp\n rmq1 10.0.0.1:5672 check inter 10s rise 2 fall 3\n rmq2 10.0.0.2:5672 check inter 10s rise 2 fall 3\n rmq3 10.0.0.3:5672 check inter 10s rise 2 fall 3\n rmq4 10.0.0.4:5672 check inter 10s rise 2 fall 3\n maxconn 20000\n balance roundrobin\n```\n\nAll options can also be set in the params instead. In that case, you might want to provide an array to params attributes to avoid conflicts for options occuring several times.\n\n```ruby\nhaproxy_lb 'rabbitmq' do\n params([\n 'bind 0.0.0.0:5672',\n 'mode tcp',\n 'rmq1 10.0.0.1:5672 check inter 10s rise 2 fall 3',\n 'rmq2 10.0.0.2:5672 check inter 10s rise 2 fall 3',\n 'rmq3 10.0.0.3:5672 check inter 10s rise 2 fall 3',\n 'rmq4 10.0.0.4:5672 check inter 10s rise 2 fall 3',\n 'maxconn' => 20000,\n 'balance' => 'roundrobin'\n ])\nend\n```\n\nwhich will give the same result.\n\nFinally you can also configure frontends and backends by specify the type attribute of the resource. See example in the default recipe.\n\nInstead of using lwrp, you can use `node['haproxy']['listeners']` to configure all kind of listeners (`listen`, `frontend` and `backend`)\n\n\nUsage\n-----\nUse either the default recipe or the `app_lb` recipe.\n\nWhen using the default recipe, the members attribute specifies the http application servers. If you wish to use the `node['haproxy']['listeners']` attribute or `haproxy_lb` lwrp instead then set `node['haproxy']['enable_default_http']` to `false`.\n\n```ruby\n\"haproxy\" => {\n \"members\" => [{\n \"hostname\" => \"appserver1\",\n \"ipaddress\" => \"123.123.123.1\",\n \"port\" => 8000,\n \"ssl_port\" => 8443,\n \"weight\" => 1,\n \"max_connections\" => 100\n }, {\n \"hostname\" => \"appserver2\",\n \"ipaddress\" => \"123.123.123.2\",\n \"port\" => 8000,\n \"ssl_port\" => 8443,\n \"weight\" => 1,\n \"max_connections\" => 100\n }, {\n \"hostname\" => \"appserver3\",\n \"ipaddress\" => \"123.123.123.3\",\n \"port\" => 8000,\n \"ssl_port\" => 8443,\n \"weight\" => 1,\n \"max_connections\" => 100\n }]\n}\n```\n\nNote that the following attributes are optional\n\n- `port` will default to the value of `node['haproxy']['member_port']`\n- `ssl_port` will default to the value of `node['haproxy']['ssl_member_port']`\n- `weight` will default to the value of `node['haproxy']['member_weight']`\n- `max_connections` will default to the value of `node['haproxy']['member_max_connections']`\n\nThe `app_lb` recipe is designed to be used with the application cookbook, and provides search mechanism to find the appropriate application servers. Set this in a role that includes the haproxy::app_lb recipe. For example,\n\n```ruby\nname 'load_balancer'\ndescription 'haproxy load balancer'\nrun_list('recipe[haproxy::app_lb]')\noverride_attributes(\n 'haproxy' => {\n 'app_server_role' => 'webserver'\n }\n)\n```\n\nThe search uses the node's `chef_environment`. For example, create `environments/production.rb`, then upload it to the server with knife\n\n\nLicense & Authors\n-----------------\n- Author:: Joshua Timberman ()\n\n```text\nCopyright:: 2009-2013, Opscode, Inc\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n", + "maintainer": "Opscode, Inc.", + "maintainer_email": "cookbooks@opscode.com", + "license": "Apache 2.0", + "platforms": { + "debian": ">= 0.0.0", + "ubuntu": ">= 0.0.0", + "centos": ">= 0.0.0", + "redhat": ">= 0.0.0" + }, + "dependencies": { + "cpu": ">= 0.2.0", + "build-essential": ">= 0.0.0" + }, + "recommendations": { + }, + "suggestions": { + }, + "conflicting": { + }, + "providing": { + }, + "replacing": { + }, + "attributes": { + "haproxy/incoming_address": { + "display_name": "HAProxy incoming address", + "description": "Sets the address to bind the haproxy process on, 0.0.0.0 (all addresses) by default.", + "required": "optional", + "default": "0.0.0.0" + }, + "haproxy/incoming_port": { + "display_name": "HAProxy incoming port", + "description": "Sets the port on which haproxy listens.", + "required": "optional", + "default": "80" + }, + "haproxy/member_port": { + "display_name": "HAProxy member port", + "description": "The port that member systems will be listening on, default 8080.", + "required": "optional", + "default": "8080" + }, + "haproxy/app_server_role": { + "display_name": "HAProxy app server role", + "description": "Used by the app_lb recipe to search for a specific role of member systems. Default webserver.", + "required": "optional", + "default": "webserver" + }, + "haproxy/balance_algorithm": { + "display_name": "HAProxy balance algorithm", + "description": "Sets the load balancing algorithm; defaults to roundrobin.", + "required": "optional", + "default": "roundrobin" + }, + "haproxy/enable_ssl": { + "display_name": "HAProxy enable ssl", + "description": "Whether or not to create listeners for ssl, default false.", + "required": "optional" + }, + "haproxy/ssl_incoming_address": { + "display_name": "HAProxy ssl incoming address", + "description": "Sets the address to bind the haproxy on for SSL, 0.0.0.0 (all addresses) by default.", + "required": "optional", + "default": "0.0.0.0" + }, + "haproxy/ssl_member_port": { + "display_name": "HAProxy member port", + "description": "The port that member systems will be listening on for ssl, default 8443.", + "required": "optional", + "default": "8443" + }, + "haproxy/ssl_incoming_port": { + "display_name": "HAProxy incoming port", + "description": "Sets the port on which haproxy listens for ssl, default 443.", + "required": "optional", + "default": "443" + }, + "haproxy/httpchk": { + "display_name": "HAProxy HTTP health check", + "description": "Used by the haproxy::app_lb recipe. If set, will configure httpchk in haproxy.conf.", + "required": "optional" + }, + "haproxy/ssl_httpchk": { + "display_name": "HAProxy SSL HTTP health check", + "description": "Used by the app_lb recipe. If set and enable_ssl is true, will configure httpchk in haproxy.conf for the ssl_application section.", + "required": "optional" + }, + "haproxy/enable_admin": { + "display_name": "HAProxy enable admin", + "description": "Whether to enable the admin interface. default true. Listens on port 22002.", + "required": "optional", + "default": "true" + }, + "haproxy/admin/address_bind": { + "display_name": "HAProxy admin address bind", + "description": "Sets the address to bind the administrative interface on, 127.0.0.1 by default.", + "required": "optional", + "default": "127.0.0.1" + }, + "haproxy/admin/port": { + "display_name": "HAProxy admin port", + "description": "Sets the port for the administrative interface, 22002 by default.", + "required": "optional", + "default": "22002" + }, + "haproxy/pid_file": { + "display_name": "HAProxy PID file", + "description": "The PID file of the haproxy process, used in the tuning recipe.", + "required": "optional", + "default": "/var/run/haproxy.pid" + }, + "haproxy/default options": { + "display_name": "HAProxy default options", + "description": "An array of options to use for the config file's defaults stanza, default is [\"httplog\", \"dontlognull\", \"redispatch\"].", + "required": "optional", + "type": "array", + "default": [ + "httplog", + "dontlognull", + "redispatch" + ] + }, + "haproxy/defaults_timeouts/connect": { + "display_name": "HAProxy connect timeout", + "description": "Connect timeout in defaults stanza.", + "required": "optional", + "default": "5s" + }, + "haproxy/defaults_timeouts/client": { + "display_name": "HAProxy client timeout", + "description": "Client timeout in defaults stanza.", + "required": "optional", + "default": "50s" + }, + "haproxy/defaults_timeouts/server": { + "display_name": "HAProxy server timeout", + "description": "Server timeout in defaults stanza.", + "required": "optional", + "default": "50s" + }, + "haproxy/x_forwarded_for": { + "display_name": "HAProxy X-Forwarded-For", + "description": "If true, creates an X-Forwarded-For header containing the original client's IP address. This option disables KeepAlive.", + "required": "optional" + }, + "haproxy/member_max_connections": { + "display_name": "HAProxy member max connections", + "description": "The maxconn value to be set for each app server.", + "required": "optional", + "default": "100" + }, + "haproxy/user": { + "display_name": "HAProxy user", + "description": "User that haproxy runs as.", + "required": "optional", + "default": "haproxy" + }, + "haproxy/group": { + "display_name": "HAProxy group", + "description": "Group that haproxy runs as.", + "required": "optional", + "default": "haproxy" + }, + "haproxy/global_max_connections": { + "display_name": "HAProxy global max connections", + "description": "In the app_lb config, set the global maxconn.", + "required": "optional", + "default": "4096" + }, + "haproxy/frontend_max_connections": { + "display_name": "HAProxy frontend max connections", + "description": "In the app_lb config, set the the maxconn per frontend member.", + "required": "optional", + "default": "2000" + }, + "haproxy/frontend_ssl_max_connections": { + "display_name": "HAProxy frontend SSL max connections", + "description": "In the app_lb config, set the maxconn per frontend member using SSL.", + "required": "optional", + "default": "2000" + }, + "haproxy/install_method": { + "display_name": "HAProxy install method", + "description": "Determines which method is used to install haproxy, must be 'source' or 'package'. defaults to 'package'.", + "required": "recommended", + "choice": [ + "package", + "source" + ], + "default": "package" + }, + "haproxy/conf_dir": { + "display_name": "HAProxy config directory", + "description": "The location of the haproxy config file.", + "required": "optional", + "default": "/etc/haproxy" + }, + "haproxy/source/version": { + "display_name": "HAProxy source version", + "description": "The version of haproxy to install.", + "required": "optional", + "default": "1.4.22" + }, + "haproxy/source/url": { + "display_name": "HAProxy source URL", + "description": "The full URL to the haproxy source package.", + "required": "optional", + "default": "http://haproxy.1wt.eu/download/1.4/src/haproxy-1.4.22.tar.gz" + }, + "haproxy/source/checksum": { + "display_name": "HAProxy source checksum", + "description": "The checksum of the haproxy source package.", + "required": "optional", + "default": "ba221b3eaa4d71233230b156c3000f5c2bd4dace94d9266235517fe42f917fc6" + }, + "haproxy/source/prefix": { + "display_name": "HAProxy source prefix", + "description": "The prefix used to make install haproxy.", + "required": "optional", + "default": "/usr/local" + }, + "haproxy/source/target_os": { + "display_name": "HAProxy source target OS", + "description": "The target used to make haproxy.", + "required": "optional", + "default": "generic" + }, + "haproxy/source/target_cpu": { + "display_name": "HAProxy source target CPU", + "description": "The target cpu used to make haproxy.", + "required": "optional", + "default": "" + }, + "haproxy/source/target_arch": { + "display_name": "HAProxy source target arch", + "description": "The target arch used to make haproxy.", + "required": "optional", + "default": "" + }, + "haproxy/source/use_pcre": { + "display_name": "HAProxy source use PCRE", + "description": "Whether to build with libpcre support.", + "required": "optional" + } + }, + "groupings": { + }, + "recipes": { + "haproxy": "Installs and configures haproxy", + "haproxy::app_lb": "Installs and configures haproxy by searching for nodes of a particular role" + } +} \ No newline at end of file diff --git a/chef/cookbooks/haproxy/metadata.rb b/chef/cookbooks/haproxy/metadata.rb new file mode 100644 index 0000000..f39bcb3 --- /dev/null +++ b/chef/cookbooks/haproxy/metadata.rb @@ -0,0 +1,230 @@ +name "haproxy" +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "Installs and configures haproxy" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "1.6.2" + +recipe "haproxy", "Installs and configures haproxy" +recipe "haproxy::app_lb", "Installs and configures haproxy by searching for nodes of a particular role" + +%w{ debian ubuntu centos redhat}.each do |os| + supports os +end + +depends "cpu", ">= 0.2.0" +depends "build-essential" + +attribute "haproxy/incoming_address", + :display_name => "HAProxy incoming address", + :description => "Sets the address to bind the haproxy process on, 0.0.0.0 (all addresses) by default.", + :required => "optional", + :default => "0.0.0.0" + +attribute "haproxy/incoming_port", + :display_name => "HAProxy incoming port", + :description => "Sets the port on which haproxy listens.", + :required => "optional", + :default => "80" + +attribute "haproxy/member_port", + :display_name => "HAProxy member port", + :description => "The port that member systems will be listening on, default 8080.", + :required => "optional", + :default => "8080" + +attribute "haproxy/app_server_role", + :display_name => "HAProxy app server role", + :description => "Used by the app_lb recipe to search for a specific role of member systems. Default webserver.", + :required => "optional", + :default => "webserver" + +attribute "haproxy/balance_algorithm", + :display_name => "HAProxy balance algorithm", + :description => "Sets the load balancing algorithm; defaults to roundrobin.", + :required => "optional", + :default => "roundrobin" + +attribute "haproxy/enable_ssl", + :display_name => "HAProxy enable ssl", + :description => "Whether or not to create listeners for ssl, default false.", + :required => "optional" + +attribute "haproxy/ssl_incoming_address", + :display_name => "HAProxy ssl incoming address", + :description => "Sets the address to bind the haproxy on for SSL, 0.0.0.0 (all addresses) by default.", + :required => "optional", + :default => "0.0.0.0" + +attribute "haproxy/ssl_member_port", + :display_name => "HAProxy member port", + :description => "The port that member systems will be listening on for ssl, default 8443.", + :required => "optional", + :default => "8443" + +attribute "haproxy/ssl_incoming_port", + :display_name => "HAProxy incoming port", + :description => "Sets the port on which haproxy listens for ssl, default 443.", + :required => "optional", + :default => "443" + +attribute "haproxy/httpchk", + :display_name => "HAProxy HTTP health check", + :description => "Used by the haproxy::app_lb recipe. If set, will configure httpchk in haproxy.conf.", + :required => "optional" + +attribute "haproxy/ssl_httpchk", + :display_name => "HAProxy SSL HTTP health check", + :description => "Used by the app_lb recipe. If set and enable_ssl is true, will configure httpchk in haproxy.conf for the ssl_application section.", + :required => "optional" + +attribute "haproxy/enable_admin", + :display_name => "HAProxy enable admin", + :description => "Whether to enable the admin interface. default true. Listens on port 22002.", + :required => "optional", + :default => "true" + +attribute "haproxy/admin/address_bind", + :display_name => "HAProxy admin address bind", + :description => "Sets the address to bind the administrative interface on, 127.0.0.1 by default.", + :required => "optional", + :default => "127.0.0.1" + +attribute "haproxy/admin/port", + :display_name => "HAProxy admin port", + :description => "Sets the port for the administrative interface, 22002 by default.", + :required => "optional", + :default => "22002" + +attribute "haproxy/pid_file", + :display_name => "HAProxy PID file", + :description => "The PID file of the haproxy process, used in the tuning recipe.", + :required => "optional", + :default => "/var/run/haproxy.pid" + +attribute "haproxy/default options", + :display_name => "HAProxy default options", + :description => "An array of options to use for the config file's defaults stanza, default is [\"httplog\", \"dontlognull\", \"redispatch\"].", + :required => "optional", + :type => "array", + :default => ["httplog", "dontlognull", "redispatch"] + +attribute "haproxy/defaults_timeouts/connect", + :display_name => "HAProxy connect timeout", + :description => "Connect timeout in defaults stanza.", + :required => "optional", + :default => "5s" + +attribute "haproxy/defaults_timeouts/client", + :display_name => "HAProxy client timeout", + :description => "Client timeout in defaults stanza.", + :required => "optional", + :default => "50s" + +attribute "haproxy/defaults_timeouts/server", + :display_name => "HAProxy server timeout", + :description => "Server timeout in defaults stanza.", + :required => "optional", + :default => "50s" + +attribute "haproxy/x_forwarded_for", + :display_name => "HAProxy X-Forwarded-For", + :description => "If true, creates an X-Forwarded-For header containing the original client's IP address. This option disables KeepAlive.", + :required => "optional" + +attribute "haproxy/member_max_connections", + :display_name => "HAProxy member max connections", + :description => "The maxconn value to be set for each app server.", + :required => "optional", + :default => "100" + +attribute "haproxy/user", + :display_name => "HAProxy user", + :description => "User that haproxy runs as.", + :required => "optional", + :default => "haproxy" + +attribute "haproxy/group", + :display_name => "HAProxy group", + :description => "Group that haproxy runs as.", + :required => "optional", + :default => "haproxy" + +attribute "haproxy/global_max_connections", + :display_name => "HAProxy global max connections", + :description => "In the app_lb config, set the global maxconn.", + :required => "optional", + :default => "4096" + +attribute "haproxy/frontend_max_connections", + :display_name => "HAProxy frontend max connections", + :description => "In the app_lb config, set the the maxconn per frontend member.", + :required => "optional", + :default => "2000" + +attribute "haproxy/frontend_ssl_max_connections", + :display_name => "HAProxy frontend SSL max connections", + :description => "In the app_lb config, set the maxconn per frontend member using SSL.", + :required => "optional", + :default => "2000" + +attribute "haproxy/install_method", + :display_name => "HAProxy install method", + :description => "Determines which method is used to install haproxy, must be 'source' or 'package'. defaults to 'package'.", + :required => "recommended", + :choice => ["package", "source"], + :default => "package" + +attribute "haproxy/conf_dir", + :display_name => "HAProxy config directory", + :description => "The location of the haproxy config file.", + :required => "optional", + :default => "/etc/haproxy" + +attribute "haproxy/source/version", + :display_name => "HAProxy source version", + :description => "The version of haproxy to install.", + :required => "optional", + :default => "1.4.22" + +attribute "haproxy/source/url", + :display_name => "HAProxy source URL", + :description => "The full URL to the haproxy source package.", + :required => "optional", + :default => "http://haproxy.1wt.eu/download/1.4/src/haproxy-1.4.22.tar.gz" + +attribute "haproxy/source/checksum", + :display_name => "HAProxy source checksum", + :description => "The checksum of the haproxy source package.", + :required => "optional", + :default => "ba221b3eaa4d71233230b156c3000f5c2bd4dace94d9266235517fe42f917fc6" + +attribute "haproxy/source/prefix", + :display_name => "HAProxy source prefix", + :description => "The prefix used to make install haproxy.", + :required => "optional", + :default => "/usr/local" + +attribute "haproxy/source/target_os", + :display_name => "HAProxy source target OS", + :description => "The target used to make haproxy.", + :required => "optional", + :default => "generic" + +attribute "haproxy/source/target_cpu", + :display_name => "HAProxy source target CPU", + :description => "The target cpu used to make haproxy.", + :required => "optional", + :default => "" + +attribute "haproxy/source/target_arch", + :display_name => "HAProxy source target arch", + :description => "The target arch used to make haproxy.", + :required => "optional", + :default => "" + +attribute "haproxy/source/use_pcre", + :display_name => "HAProxy source use PCRE", + :description => "Whether to build with libpcre support.", + :required => "optional" diff --git a/chef/cookbooks/haproxy/providers/lb.rb b/chef/cookbooks/haproxy/providers/lb.rb new file mode 100644 index 0000000..218dc5b --- /dev/null +++ b/chef/cookbooks/haproxy/providers/lb.rb @@ -0,0 +1,21 @@ +use_inline_resources + +action :create do + #While there is no way to have an include directive for haproxy + #configuration file, this provider will only modify attributes ! + listener = [] + listener << "bind #{new_resource.bind}" unless new_resource.bind.nil? + + if new_resource.params.is_a? Hash + listener += new_resource.params.map { |k,v| "#{k} #{v}" } + else + listener += new_resource.params + end + + listener << "balance #{new_resource.balance}" unless new_resource.balance.nil? + listener << "mode #{new_resource.mode}" unless new_resource.mode.nil? + listener += new_resource.servers.map {|server| "server #{server}" } + + node.default['haproxy']['listeners'][new_resource.type][new_resource.name] = listener +end + diff --git a/chef/cookbooks/haproxy/recipes/app_lb.rb b/chef/cookbooks/haproxy/recipes/app_lb.rb new file mode 100644 index 0000000..fbd922e --- /dev/null +++ b/chef/cookbooks/haproxy/recipes/app_lb.rb @@ -0,0 +1,68 @@ +# +# Cookbook Name:: haproxy +# Recipe:: app_lb +# +# Copyright 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +pool_members = search("node", "role:#{node['haproxy']['app_server_role']} AND chef_environment:#{node.chef_environment}") || [] + +# load balancer may be in the pool +pool_members << node if node.run_list.roles.include?(node['haproxy']['app_server_role']) + +# we prefer connecting via local_ipv4 if +# pool members are in the same cloud +# TODO refactor this logic into library...see COOK-494 +pool_members.map! do |member| + server_ip = begin + if member.attribute?('cloud') + if node.attribute?('cloud') && (member['cloud']['provider'] == node['cloud']['provider']) + member['cloud']['local_ipv4'] + else + member['cloud']['public_ipv4'] + end + else + member['ipaddress'] + end + end + {:ipaddress => server_ip, :hostname => member['hostname']} +end + + +pool = ["options httpchk #{node['haproxy']['httpchk']}"] if node['haproxy']['httpchk'] +servers = pool_members.uniq.map do |s| + "#{s[:hostrame]} #{s[:ipaddress]}:#{node['haproxy']['member_port']} weight 1 maxconn #{node['haproxy']['member_max_connections']} check" +end +haproxy_lb 'servers-http' do + type 'backend' + servers servers + params pool +end + +if node['haproxy']['enable_ssl'] + pool = ["option ssl-hello-chk"] + pool << ["options httpchk #{node['haproxy']['ssl_httpchk']}"] if node['haproxy']['ssl_httpchk'] + servers = pool_members.uniq.map do |s| + "#{s[:hostrame]} #{s[:ipaddress]}:#{node['haproxy']['ssl_member_port']} weight 1 maxconn #{node['haproxy']['member_max_connections']} check" + end + haproxy_lb 'servers-http' do + type 'backend' + mode 'tcp' + servers servers + params pool + end +end + +include_recipe "haproxy::install_#{node['haproxy']['install_method']}" diff --git a/chef/cookbooks/haproxy/recipes/default.rb b/chef/cookbooks/haproxy/recipes/default.rb new file mode 100644 index 0000000..845a65e --- /dev/null +++ b/chef/cookbooks/haproxy/recipes/default.rb @@ -0,0 +1,109 @@ +# +# Cookbook Name:: haproxy +# Recipe:: default +# +# Copyright 2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "haproxy::install_#{node['haproxy']['install_method']}" + +cookbook_file "/etc/default/haproxy" do + source "haproxy-default" + owner "root" + group "root" + mode 00644 + notifies :restart, "service[haproxy]" +end + + +if node['haproxy']['enable_admin'] + admin = node['haproxy']['admin'] + haproxy_lb "admin" do + bind "#{admin['address_bind']}:#{admin['port']}" + mode 'http' + params({ 'stats' => 'uri /'}) + end +end + +conf = node['haproxy'] +member_max_conn = conf['member_max_connections'] +member_weight = conf['member_weight'] + +if conf['enable_default_http'] + haproxy_lb 'http' do + type 'frontend' + params({ + 'maxconn' => conf['frontend_max_connections'], + 'bind' => "#{conf['incoming_address']}:#{conf['incoming_port']}", + 'default_backend' => 'servers-http' + }) + end + + member_port = conf['member_port'] + pool = [] + pool << "option httpchk #{conf['httpchk']}" if conf['httpchk'] + servers = node['haproxy']['members'].each do |member| + "#{member['hostname']} #{member['ipaddress']}:#{member['port'] || member_port} weight #{member['weight'] || member_weight} maxconn #{member['max_connections'] || member_max_conn} check" + end + haproxy_lb 'servers-http' do + type 'backend' + servers servers + params pool + end +end + + +if node['haproxy']['enable_ssl'] + haproxy_lb 'https' do + type 'frontend' + mode 'tcp' + params({ + 'maxconn' => node['haproxy']['frontend_ssl_max_connections'], + 'bind' => "#{node['haproxy']['ssl_incoming_address']}:#{node['haproxy']['ssl_incoming_port']}", + 'default_backend' => 'servers-https' + }) + end + + ssl_member_port = conf['ssl_member_port'] + pool = ['option ssl-hello-chk'] + pool << "option httpchk #{conf['ssl_httpchk']}" if conf['ssl_httpchk'] + servers = node['haproxy']['members'].each do |member| + "#{member['hostname']} #{member['ipaddress']}:#{member['ssl_port'] || ssl_member_port} weight #{member['weight'] || member_weight} maxconn #{member['max_connections'] || member_max_conn} check" + end + haproxy_lb 'servers-https' do + type 'backend' + mode 'tcp' + servers servers + params pool + end +end + + +template "#{node['haproxy']['conf_dir']}/haproxy.cfg" do + source "haproxy.cfg.erb" + owner "root" + group "root" + mode 00644 + notifies :reload, "service[haproxy]" + variables( + :defaults_options => haproxy_defaults_options, + :defaults_timeouts => haproxy_defaults_timeouts + ) +end + +service "haproxy" do + supports :restart => true, :status => true, :reload => true + action [:enable, :start] +end diff --git a/chef/cookbooks/haproxy/recipes/install_package.rb b/chef/cookbooks/haproxy/recipes/install_package.rb new file mode 100644 index 0000000..09d3f0a --- /dev/null +++ b/chef/cookbooks/haproxy/recipes/install_package.rb @@ -0,0 +1,34 @@ +# +# Cookbook Name:: haproxy +# Recipe:: install_package +# +# Copyright 2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +package "haproxy" + +directory node['haproxy']['conf_dir'] + +template "/etc/init.d/haproxy" do + source "haproxy-init.erb" + owner "root" + group "root" + mode 00755 + variables( + :hostname => node['hostname'], + :conf_dir => node['haproxy']['conf_dir'], + :prefix => "/usr" + ) +end diff --git a/chef/cookbooks/haproxy/recipes/install_source.rb b/chef/cookbooks/haproxy/recipes/install_source.rb new file mode 100644 index 0000000..0a1bfef --- /dev/null +++ b/chef/cookbooks/haproxy/recipes/install_source.rb @@ -0,0 +1,77 @@ +# +# Cookbook Name:: haproxy +# Recipe:: default +# +# Copyright 2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe 'build-essential' + +package 'libpcre3-dev' do + only_if { node['haproxy']['source']['use_pcre'] } +end + +package 'libssl-dev' do + only_if { node['haproxy']['source']['use_openssl'] } +end + +package 'zlib1g-dev' do + only_if { node['haproxy']['source']['use_zlib'] } +end + +node.set['haproxy']['conf_dir'] = "#{node['haproxy']['source']['prefix']}/etc" + +remote_file "#{Chef::Config[:file_cache_path]}/haproxy-#{node['haproxy']['source']['version']}.tar.gz" do + source node['haproxy']['source']['url'] + checksum node['haproxy']['source']['checksum'] + action :create_if_missing +end + +make_cmd = "make TARGET=#{node['haproxy']['source']['target_os']}" +make_cmd << " CPU=#{node['haproxy']['source']['target_cpu' ]}" unless node['haproxy']['source']['target_cpu'].empty? +make_cmd << " ARCH=#{node['haproxy']['source']['target_arch']}" unless node['haproxy']['source']['target_arch'].empty? +make_cmd << " USE_PCRE=1" if node['haproxy']['source']['use_pcre'] +make_cmd << " USE_OPENSSL=1" if node['haproxy']['source']['use_openssl'] +make_cmd << " USE_ZLIB=1" if node['haproxy']['source']['use_zlib'] + +bash "compile_haproxy" do + cwd Chef::Config[:file_cache_path] + code <<-EOH + tar xzf haproxy-#{node['haproxy']['source']['version']}.tar.gz + cd haproxy-#{node['haproxy']['source']['version']} + #{make_cmd} && make install PREFIX=#{node['haproxy']['source']['prefix']} + EOH + creates "#{node['haproxy']['source']['prefix']}/sbin/haproxy" +end + +user "haproxy" do + comment "haproxy system account" + system true + shell "/bin/false" +end + +directory node['haproxy']['conf_dir'] + +template "/etc/init.d/haproxy" do + source "haproxy-init.erb" + owner "root" + group "root" + mode 00755 + variables( + :hostname => node['hostname'], + :conf_dir => node['haproxy']['conf_dir'], + :prefix => node['haproxy']['source']['prefix'] + ) +end diff --git a/chef/cookbooks/haproxy/recipes/tcp_lb.rb b/chef/cookbooks/haproxy/recipes/tcp_lb.rb new file mode 100644 index 0000000..a8975da --- /dev/null +++ b/chef/cookbooks/haproxy/recipes/tcp_lb.rb @@ -0,0 +1,75 @@ +# +# Cookbook Name:: haproxy +# Recipe:: tcp_lb +# +# Copyright 2014, Sam Su +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +node['haproxy']['services'].each do |name, service| + pool_members = search("node", "role:#{service['role']} AND chef_environment:#{node.chef_environment}") || [] + + # load balancer may be in the pool + pool_members << node if node.run_list.roles.include?(service[:role]) + + # we prefer connecting via local_ipv4 if + # pool members are in the same cloud + # TODO refactor this logic into library...see COOK-494 + pool_members.map! do |member| + server_ip = begin + if member.attribute?('cloud') + if node.attribute?('cloud') && (member['cloud']['provider'] == node['cloud']['provider']) + member['cloud']['local_ipv4'] + else + member['cloud']['public_ipv4'] + end + else + member['ipaddress'] + end + end + {:ipaddress => server_ip, :hostname => member['hostname']} + end + + pool = ["options httpchk #{node['haproxy']['httpchk']}"] if node['haproxy']['httpchk'] + pool = service[:options] + servers = pool_members.uniq.map do |s| + "#{s[:hostrame]} #{s[:ipaddress]}:#{service[:backend_port]} check inter 2000 rise 2 fall 5" + end + + haproxy_lb name do + bind node['haproxy']['incoming_address'] + ':' + service[:frontend_port] + servers servers + params pool + end +end + +include_recipe "haproxy::install_#{node['haproxy']['install_method']}" + +template "#{node['haproxy']['conf_dir']}/haproxy.cfg" do + source "haproxy.cfg.erb" + owner "root" + group "root" + mode 00644 + notifies :reload, "service[haproxy]" + variables( + :defaults_options => haproxy_defaults_options, + :defaults_timeouts => haproxy_defaults_timeouts + ) +end + +service "haproxy" do + supports :restart => true, :status => true, :reload => true + action [:enable, :start] +end + diff --git a/chef/cookbooks/haproxy/recipes/tuning.rb b/chef/cookbooks/haproxy/recipes/tuning.rb new file mode 100644 index 0000000..b32656c --- /dev/null +++ b/chef/cookbooks/haproxy/recipes/tuning.rb @@ -0,0 +1,26 @@ +# +# Cookbook Name:: haproxy +# Author:: Guilhem Lettron +# +# Copyright 2012, Societe Publica. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "cpu::affinity" + +cpu_affinity "set affinity for haproxy" do + pid node['haproxy']['pid_file'] + cpu 0 + subscribes :set, resources("service[haproxy]"), :immediately +end diff --git a/chef/cookbooks/haproxy/resources/lb.rb b/chef/cookbooks/haproxy/resources/lb.rb new file mode 100644 index 0000000..fa9adfa --- /dev/null +++ b/chef/cookbooks/haproxy/resources/lb.rb @@ -0,0 +1,19 @@ +actions :create +default_action :create + + +attribute :name, :kind_of => String, :name_attribute => true +attribute :type, :kind_of => String, :default => 'listen', :equal_to => ['listen', 'backend', 'frontend'] + +#Defining some attributes, but they can be all nil and defined in params +#if convenient. +attribute :servers, :kind_of => Array, :default => [] +attribute :balance, :kind_of => String +attribute :bind, :kind_of => String, :default => nil +attribute :mode, :kind_of => String, :default => nil, + :equal_to => ['http', 'tcp', 'health', nil] + +#I can't think of all parameters available in the future so we allow +#arbitrary params. Type can be array or hash because some attributes +#(like server) can set several times +attribute :params, :kind_of => [Array, Hash], :default => [] diff --git a/chef/cookbooks/haproxy/templates/default/haproxy-init.erb b/chef/cookbooks/haproxy/templates/default/haproxy-init.erb new file mode 100644 index 0000000..28babd0 --- /dev/null +++ b/chef/cookbooks/haproxy/templates/default/haproxy-init.erb @@ -0,0 +1,165 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: haproxy +# Required-Start: $local_fs $network $remote_fs +# Required-Stop: $local_fs $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: fast and reliable load balancing reverse proxy +# Description: This file should be used to start and stop haproxy. +### END INIT INFO + +# Author: Arnaud Cornet + +# Written by Chef on <%= @hostname %> + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +PIDFILE=/var/run/haproxy.pid +CONFIG=<%= @conf_dir %>/haproxy.cfg +HAPROXY=<%= @prefix %>/sbin/haproxy +EXTRAOPTS= +ENABLED=0 + +test -x $HAPROXY || exit 0 +test -f "$CONFIG" || exit 0 + +if [ -e /etc/default/haproxy ]; then + . /etc/default/haproxy +fi + +test "$ENABLED" != "0" || exit 0 + +[ -f /etc/default/rcS ] && . /etc/default/rcS +. /lib/lsb/init-functions + + +haproxy_start() +{ + start-stop-daemon --start --pidfile "$PIDFILE" \ + --exec $HAPROXY -- -f "$CONFIG" -D -p "$PIDFILE" \ + $EXTRAOPTS || return 2 + return 0 +} + +haproxy_stop() +{ + if [ ! -f $PIDFILE ] ; then + # This is a success according to LSB + return 0 + fi + for pid in $(cat $PIDFILE) ; do + /bin/kill $pid || return 4 + done + rm -f $PIDFILE + return 0 +} + +haproxy_reload() +{ + $HAPROXY -f "$CONFIG" -p $PIDFILE -D $EXTRAOPTS -sf $(cat $PIDFILE) \ + || return 2 + return 0 +} + +haproxy_status() +{ + if [ ! -f $PIDFILE ] ; then + # program not running + return 3 + fi + + for pid in $(cat $PIDFILE) ; do + if ! ps --no-headers p "$pid" | grep haproxy > /dev/null ; then + # program running, bogus pidfile + return 1 + fi + done + + return 0 +} + + +case "$1" in +start) + log_daemon_msg "Starting haproxy" "haproxy" + haproxy_start + ret=$? + case "$ret" in + 0) + log_end_msg 0 + ;; + 1) + log_end_msg 1 + echo "pid file '$PIDFILE' found, haproxy not started." + ;; + 2) + log_end_msg 1 + ;; + esac + exit $ret + ;; +stop) + log_daemon_msg "Stopping haproxy" "haproxy" + haproxy_stop + ret=$? + case "$ret" in + 0|1) + log_end_msg 0 + ;; + 2) + log_end_msg 1 + ;; + esac + exit $ret + ;; +reload|force-reload) + log_daemon_msg "Reloading haproxy" "haproxy" + haproxy_reload + case "$?" in + 0|1) + log_end_msg 0 + ;; + 2) + log_end_msg 1 + ;; + esac + ;; +restart) + log_daemon_msg "Restarting haproxy" "haproxy" + haproxy_stop + haproxy_start + case "$?" in + 0) + log_end_msg 0 + ;; + 1) + log_end_msg 1 + ;; + 2) + log_end_msg 1 + ;; + esac + ;; +status) + haproxy_status + ret=$? + case "$ret" in + 0) + echo "haproxy is running." + ;; + 1) + echo "haproxy dead, but $PIDFILE exists." + ;; + *) + echo "haproxy not running." + ;; + esac + exit $ret + ;; +*) + echo "Usage: /etc/init.d/haproxy {start|stop|reload|restart|status}" + exit 2 + ;; +esac + +: diff --git a/chef/cookbooks/haproxy/templates/default/haproxy.cfg.erb b/chef/cookbooks/haproxy/templates/default/haproxy.cfg.erb new file mode 100644 index 0000000..d4de2e5 --- /dev/null +++ b/chef/cookbooks/haproxy/templates/default/haproxy.cfg.erb @@ -0,0 +1,36 @@ +global + log 127.0.0.1 local0 + log 127.0.0.1 local1 notice + #log loghost local0 info + maxconn <%= node['haproxy']['global_max_connections'] %> + #debug + #quiet + user <%= node['haproxy']['user'] %> + group <%= node['haproxy']['group'] %> +<% if node['haproxy']['enable_stats_socket'] -%> + stats socket <%= node['haproxy']['stats_socket_path'] %> user <%= node['haproxy']['stats_socket_user'] %> group <%= node['haproxy']['stats_socket_group'] %> +<% end -%> + +defaults + log global + mode http + retries 3 +<% @defaults_timeouts.sort.map do | value, time | -%> + timeout <%= value %> <%= time %> +<% end -%> +<% @defaults_options.sort.each do | option | -%> + option <%= option %> +<% end -%> + balance <%= node['haproxy']['balance_algorithm'] %> + +# Set up application listeners here. + +<% node['haproxy']['listeners'].each do |type, listeners | %> +<% listeners.each do |name, listen| %> +<%= type %> <%= name %> +<% listen.each do |option| %> + <%= option %> +<% end %> + +<% end %> +<% end %> diff --git a/chef/databags/openstack/openstack.json b/chef/databags/openstack/openstack.json index f5fe061..0cfe563 100644 --- a/chef/databags/openstack/openstack.json +++ b/chef/databags/openstack/openstack.json @@ -100,6 +100,16 @@ }, "text" : true }, + "ha": { + "status": "disable", + "haproxy": { + "vip": "10.145.88.231", + "roles": { + "os-controller": ["dashboard_http","dashboard_https","keystone_admin", "keystone_public_internal","nova_ec2_api","nova_compute_api","cinder_api","neutron_api"], + "os-image": ["glance_api","glance_registry_cluster"] + } + } + }, "dashboard_roles" : [ "os-controller", "os-dashboard" ], "db" : { "mysql" : { "bind_address" : "10.145.88.231", "port" : "3306"