summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEmilien Macchi <emilien@redhat.com>2016-02-29 20:04:34 -0500
committerEmilien Macchi <emilien@redhat.com>2016-04-19 14:36:38 +0000
commitf9c33aeb81a9c89228ced75add1282e35824d49d (patch)
treeafddc968ffc70c841cf961c6bd8c06a27853b2b1
parent33c6afe89ade18f3017158bddf60c1e51937583e (diff)
IPv6 dual-stack support
TL;DR: If keystone_public_api_vip and/or public_virtual_ip is an array of IPs, HAproxy will be configured to listen on all IPs that are given in the arrays. It allows to specify an array for keystone_public_api_vip and/or public_virtual_ip where one IP is v4 and another one is v6. HAproxy will configured to listen on both and redirect the traffic to the IPv6 network (Dual-Stack). Implementation & background: HAproxy requires binding options as an hash where each IP contains an array of binding options. TripleO does not support Puppet Parser [1] (yet) so we can't manipulate data iterations inside the manifests. This patch creates a custom function, called list_to_hash. Example: keystone_vips = ['192.168.0.1:5000', '192.168.0.2:5000'] $keystone_bind_opts = ['transparent'] Using this function: $keystone_vips_hash = list_to_hash($keystone_vips, $keystone_bind_opts) Would return: $keystone_vips_hash = { '192.168.0.1:5000' => ['transparent'], '192.168.0.2:5000' => ['transparent'], } This function will help us in loadbalancer.pp to construct binding options in dynamic way. It's backward compatible, so you don't have to give an array. But if you do, multiple binding will be configured in HAproxy and you'll also be able to deploy IPv6 Dual-Stack. [1] https://docs.puppetlabs.com/puppet/latest/reference/lang_iteration.html Change-Id: I003b6d7d171652654745861d4231882f9e0d373e
-rw-r--r--lib/puppet/parser/functions/list_to_hash.rb31
-rw-r--r--manifests/loadbalancer/endpoint.pp16
2 files changed, 35 insertions, 12 deletions
diff --git a/lib/puppet/parser/functions/list_to_hash.rb b/lib/puppet/parser/functions/list_to_hash.rb
new file mode 100644
index 0000000..c6449a9
--- /dev/null
+++ b/lib/puppet/parser/functions/list_to_hash.rb
@@ -0,0 +1,31 @@
+# This function is an hack because we are not enabling Puppet parser
+# that would allow us to manipulate data iterations directly in manifests.
+#
+# Example:
+# keystone_vips = ['192.168.0.1:5000', '192.168.0.2:5000']
+# $keystone_bind_opts = ['transparent']
+#
+# Using this function:
+# $keystone_vips_hash = list_to_hash($keystone_vips, $keystone_bind_opts)
+#
+# Would return:
+# $keystone_vips_hash = {
+# '192.168.0.1:5000' => ['transparent'],
+# '192.168.0.2:5000' => ['transparent'],
+# }
+#
+# Disclaimer: this function is an hack and will disappear once TripleO enable
+# Puppet parser.
+#
+
+module Puppet::Parser::Functions
+ newfunction(:list_to_hash, :type => :rvalue, :doc => <<-EOS
+ This function returns an hash from a specified array
+ EOS
+ ) do |argv|
+ arr1 = argv[0]
+ arr2 = argv[1]
+ h = arr1.each_with_object({}) { |v,h| h[v] = arr2 }
+ return h
+ end
+end
diff --git a/manifests/loadbalancer/endpoint.pp b/manifests/loadbalancer/endpoint.pp
index e6bb185..f75f79a 100644
--- a/manifests/loadbalancer/endpoint.pp
+++ b/manifests/loadbalancer/endpoint.pp
@@ -88,13 +88,9 @@ define tripleo::loadbalancer::endpoint (
# service exposed to the public network
if $public_certificate {
- $public_bind_opts = {
- "${public_virtual_ip}:${public_ssl_port}" => union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate]),
- }
+ $public_bind_opts = list_to_hash(suffix(any2array($public_virtual_ip), ":${public_ssl_port}"), union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate]))
} else {
- $public_bind_opts = {
- "${public_virtual_ip}:${service_port}" => $haproxy_listen_bind_param,
- }
+ $public_bind_opts = list_to_hash(suffix(any2array($public_virtual_ip), ":${service_port}"), $haproxy_listen_bind_param)
}
} else {
# internal service only
@@ -102,13 +98,9 @@ define tripleo::loadbalancer::endpoint (
}
if $internal_certificate {
- $internal_bind_opts = {
- "${internal_ip}:${service_port}" => union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate]),
- }
+ $internal_bind_opts = list_to_hash(suffix(any2array($internal_ip), ":${service_port}"), union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate]))
} else {
- $internal_bind_opts = {
- "${internal_ip}:${service_port}" => $haproxy_listen_bind_param,
- }
+ $internal_bind_opts = list_to_hash(suffix(any2array($internal_ip), ":${service_port}"), $haproxy_listen_bind_param)
}
$bind_opts = merge($internal_bind_opts, $public_bind_opts)