summaryrefslogtreecommitdiffstats
path: root/manifests
diff options
context:
space:
mode:
authorDan Prince <dprince@redhat.com>2015-05-27 22:29:39 -0400
committerDan Prince <dprince@redhat.com>2015-06-03 10:51:30 -0400
commita077eaf307998b3a9996fc5c0846f6604139a3e7 (patch)
tree2e54254c80c82eb1c4092a92b05aa23e31c09a75 /manifests
parent10ac6980f93ca33e279359c29c3cc19151b79f32 (diff)
Configure virtual IPs for split out networks
This patch optionally creates new virtual IPs for the storage, storage_mgmt, and internal_api networks if ip addresses are provided. Additionally the HAproxy configuration is updated to use hiera lookups to obtain virtual IPs for alternate networks. By default the ctlplane VIP is still used. Change-Id: I20483574920a1da689374b0eb1b39b0391c3d243
Diffstat (limited to 'manifests')
-rw-r--r--manifests/loadbalancer.pp140
1 files changed, 107 insertions, 33 deletions
diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp
index 024b459..e94f44a 100644
--- a/manifests/loadbalancer.pp
+++ b/manifests/loadbalancer.pp
@@ -66,6 +66,21 @@
# Can be a string or an array.
# Defaults to undef
#
+# [*internal_api_virtual_ip*]
+# Virtual IP on the internal API network.
+# A string.
+# Defaults to false
+#
+# [*storage_virtual_ip*]
+# Virtual IP on the storage network.
+# A string.
+# Defaults to false
+#
+# [*storage_mgmt_virtual_ip*]
+# Virtual IP on the storage mgmt network.
+# A string.
+# Defaults to false
+#
# [*service_certificate*]
# Filename of an HAProxy-compatible certificate and key file
# When set, enables SSL on the public API endpoints using the specified file.
@@ -206,6 +221,9 @@ class tripleo::loadbalancer (
$control_virtual_interface,
$public_virtual_interface,
$public_virtual_ip,
+ $internal_api_virtual_ip = false,
+ $storage_virtual_ip = false,
+ $storage_mgmt_virtual_ip = false,
$manage_vip = true,
$haproxy_service_manage = true,
$haproxy_global_maxconn = 10000,
@@ -301,6 +319,44 @@ class tripleo::loadbalancer (
track_script => ['haproxy'],
priority => 101,
}
+
+
+ if $internal_api_virtual_ip and $internal_api_virtual_ip != $control_virtual_interface {
+ $internal_api_virtual_interface = interface_for_ip($internal_api_virtual_ip)
+ # KEEPALIVE INTERNAL API NETWORK
+ keepalived::instance { '53':
+ interface => $internal_api_virtual_interface,
+ virtual_ips => [join([$internal_api_virtual_ip, ' dev ', $internal_api_virtual_interface])],
+ state => 'MASTER',
+ track_script => ['haproxy'],
+ priority => 101,
+ }
+ }
+
+ if $storage_virtual_ip and $storage_virtual_ip != $control_virtual_interface {
+ $storage_virtual_interface = interface_for_ip($storage_virtual_ip)
+ # KEEPALIVE STORAGE NETWORK
+ keepalived::instance { '54':
+ interface => $storage_virtual_interface,
+ virtual_ips => [join([$storage_virtual_ip, ' dev ', $storage_virtual_interface])],
+ state => 'MASTER',
+ track_script => ['haproxy'],
+ priority => 101,
+ }
+ }
+
+ if $storage_mgmt_virtual_ip and $storage_mgmt_virtual_ip != $control_virtual_interface {
+ $storage_mgmt_virtual_interface = interface_for_ip($storage_mgmt_virtual_ip)
+ # KEEPALIVE STORAGE MANAGEMENT NETWORK
+ keepalived::instance { '55':
+ interface => $storage_mgmt_virtual_interface,
+ virtual_ips => [join([$storage_mgmt_virtual_ip, ' dev ', $storage_mgmt_virtual_interface])],
+ state => 'MASTER',
+ track_script => ['haproxy'],
+ priority => 101,
+ }
+ }
+
}
if $keystone_certificate {
@@ -349,142 +405,160 @@ class tripleo::loadbalancer (
$horizon_bind_certificate = $service_certificate
}
+ $keystone_public_api_vip = hiera('keystone_public_api_vip', $controller_virtual_ip)
+ $keystone_admin_api_vip = hiera('keystone_admin_api_vip', $controller_virtual_ip)
if $keystone_bind_certificate {
$keystone_public_bind_opts = {
- "${controller_virtual_ip}:5000" => [],
+ "${keystone_public_api_vip}:5000" => [],
"${public_virtual_ip}:13000" => ['ssl', 'crt', $keystone_bind_certificate],
}
$keystone_admin_bind_opts = {
- "${controller_virtual_ip}:35357" => [],
+ "${keystone_admin_api_vip}:35357" => [],
"${public_virtual_ip}:13357" => ['ssl', 'crt', $keystone_bind_certificate],
}
} else {
$keystone_public_bind_opts = {
- "${controller_virtual_ip}:5000" => [],
+ "${keystone_public_api_vip}:5000" => [],
"${public_virtual_ip}:5000" => [],
}
$keystone_admin_bind_opts = {
- "${controller_virtual_ip}:35357" => [],
+ "${keystone_admin_api_vip}:35357" => [],
"${public_virtual_ip}:35357" => [],
}
}
+
+ $neutron_api_vip = hiera('neutron_api_vip', $controller_virtual_ip)
if $neutron_bind_certificate {
$neutron_bind_opts = {
- "${controller_virtual_ip}:9696" => [],
+ "${neutron_api_vip}:9696" => [],
"${public_virtual_ip}:13696" => ['ssl', 'crt', $neutron_bind_certificate],
}
} else {
$neutron_bind_opts = {
- "${controller_virtual_ip}:9696" => [],
+ "${neutron_api_vip}:9696" => [],
"${public_virtual_ip}:9696" => [],
}
}
+
+ $cinder_api_vip = hiera('cinder_api_vip', $controller_virtual_ip)
if $cinder_bind_certificate {
$cinder_bind_opts = {
- "${controller_virtual_ip}:8776" => [],
+ "${cinder_api_vip}:8776" => [],
"${public_virtual_ip}:13776" => ['ssl', 'crt', $cinder_bind_certificate],
}
} else {
$cinder_bind_opts = {
- "${controller_virtual_ip}:8776" => [],
+ "${cinder_api_vip}:8776" => [],
"${public_virtual_ip}:8776" => [],
}
}
+
+ $glance_api_vip = hiera('glance_api_vip', $controller_virtual_ip)
if $glance_bind_certificate {
$glance_bind_opts = {
- "${controller_virtual_ip}:9292" => [],
+ "${glance_api_vip}:9292" => [],
"${public_virtual_ip}:13292" => ['ssl', 'crt', $glance_bind_certificate],
}
} else {
$glance_bind_opts = {
- "${controller_virtual_ip}:9292" => [],
+ "${glance_api_vip}:9292" => [],
"${public_virtual_ip}:9292" => [],
}
}
+
+ $nova_api_vip = hiera('nova_api_vip', $controller_virtual_ip)
if $nova_bind_certificate {
$nova_osapi_bind_opts = {
- "${controller_virtual_ip}:8774" => [],
+ "${nova_api_vip}:8774" => [],
"${public_virtual_ip}:13774" => ['ssl', 'crt', $nova_bind_certificate],
}
$nova_ec2_bind_opts = {
- "${controller_virtual_ip}:8773" => [],
+ "${nova_api_vip}:8773" => [],
"${public_virtual_ip}:13773" => ['ssl', 'crt', $nova_bind_certificate],
}
$nova_novnc_bind_opts = {
- "${controller_virtual_ip}:6080" => [],
+ "${nova_api_vip}:6080" => [],
"${public_virtual_ip}:13080" => ['ssl', 'crt', $nova_bind_certificate],
}
} else {
$nova_osapi_bind_opts = {
- "${controller_virtual_ip}:8774" => [],
+ "${nova_api_vip}:8774" => [],
"${public_virtual_ip}:8774" => [],
}
$nova_ec2_bind_opts = {
- "${controller_virtual_ip}:8773" => [],
+ "${nova_api_vip}:8773" => [],
"${public_virtual_ip}:8773" => [],
}
$nova_novnc_bind_opts = {
- "${controller_virtual_ip}:6080" => [],
+ "${nova_api_vip}:6080" => [],
"${public_virtual_ip}:6080" => [],
}
}
+
+ $ceilometer_api_vip = hiera('ceilometer_api_vip', $controller_virtual_ip)
if $ceilometer_bind_certificate {
$ceilometer_bind_opts = {
- "${controller_virtual_ip}:8777" => [],
+ "${ceilometer_api_vip}:8777" => [],
"${public_virtual_ip}:13777" => ['ssl', 'crt', $ceilometer_bind_certificate],
}
} else {
$ceilometer_bind_opts = {
- "${controller_virtual_ip}:8777" => [],
+ "${ceilometer_api_vip}:8777" => [],
"${public_virtual_ip}:8777" => [],
}
}
+
+ $swift_proxy_vip = hiera('swift_proxy_vip', $controller_virtual_ip)
if $swift_bind_certificate {
$swift_bind_opts = {
- "${controller_virtual_ip}:8080" => [],
+ "${swift_proxy_vip}:8080" => [],
"${public_virtual_ip}:13080" => ['ssl', 'crt', $swift_bind_certificate],
}
} else {
$swift_bind_opts = {
- "${controller_virtual_ip}:8080" => [],
+ "${swift_proxy_vip}:8080" => [],
"${public_virtual_ip}:8080" => [],
}
}
+
+ $heat_api_vip = hiera('heat_api_vip', $controller_virtual_ip)
if $heat_bind_certificate {
$heat_bind_opts = {
- "${controller_virtual_ip}:8004" => [],
+ "${heat_api_vip}:8004" => [],
"${public_virtual_ip}:13004" => ['ssl', 'crt', $heat_bind_certificate],
}
$heat_cw_bind_opts = {
- "${controller_virtual_ip}:8003" => [],
+ "${heat_api_vip}:8003" => [],
"${public_virtual_ip}:13003" => ['ssl', 'crt', $heat_bind_certificate],
}
$heat_cfn_bind_opts = {
- "${controller_virtual_ip}:8000" => [],
+ "${heat_api_vip}:8000" => [],
"${public_virtual_ip}:13000" => ['ssl', 'crt', $heat_bind_certificate],
}
} else {
$heat_bind_opts = {
- "${controller_virtual_ip}:8004" => [],
+ "${heat_api_vip}:8004" => [],
"${public_virtual_ip}:8004" => [],
}
$heat_cw_bind_opts = {
- "${controller_virtual_ip}:8003" => [],
+ "${heat_api_vip}:8003" => [],
"${public_virtual_ip}:8003" => [],
}
$heat_cfn_bind_opts = {
- "${controller_virtual_ip}:8000" => [],
+ "${heat_api_vip}:8000" => [],
"${public_virtual_ip}:8000" => [],
}
}
+
+ $horizon_vip = hiera('horizon_vip', $controller_virtual_ip)
if $horizon_bind_certificate {
$horizon_bind_opts = {
- "${controller_virtual_ip}:80" => [],
+ "${horizon_vip}:80" => [],
"${public_virtual_ip}:443" => ['ssl', 'crt', $horizon_bind_certificate],
}
} else {
$horizon_bind_opts = {
- "${controller_virtual_ip}:80" => [],
+ "${horizon_vip}:80" => [],
"${public_virtual_ip}:80" => [],
}
}
@@ -607,7 +681,7 @@ class tripleo::loadbalancer (
if $glance_registry {
haproxy::listen { 'glance_registry':
- ipaddress => $controller_virtual_ip,
+ ipaddress => hiera('glance_registry_vip', $controller_virtual_ip),
ports => 9191,
options => {
'option' => [ 'httpchk GET /' ],
@@ -659,7 +733,7 @@ class tripleo::loadbalancer (
if $nova_metadata {
haproxy::listen { 'nova_metadata':
- ipaddress => $controller_virtual_ip,
+ ipaddress => hiera('nova_metadata_vip', $controller_virtual_ip),
ports => 8775,
options => {
'option' => [ 'httpchk GET /' ],
@@ -793,7 +867,7 @@ class tripleo::loadbalancer (
if $mysql {
haproxy::listen { 'mysql':
- ipaddress => [$controller_virtual_ip],
+ ipaddress => [hiera('mysql_vip', $controller_virtual_ip)],
ports => 3306,
options => {
'timeout' => [ 'client 0', 'server 0' ],
@@ -822,7 +896,7 @@ class tripleo::loadbalancer (
if $rabbitmq {
haproxy::listen { 'rabbitmq':
- ipaddress => [$controller_virtual_ip],
+ ipaddress => [hiera('rabbitmq_vip', $controller_virtual_ip)],
ports => 5672,
options => {
'timeout' => [ 'client 0', 'server 0' ],
@@ -840,7 +914,7 @@ class tripleo::loadbalancer (
if $redis {
haproxy::listen { 'redis':
- ipaddress => [$controller_virtual_ip],
+ ipaddress => [hiera('redis_vip', $controller_virtual_ip)],
ports => 6379,
options => {
'timeout' => [ 'client 0', 'server 0' ],