diff options
-rw-r--r-- | manifests/loadbalancer.pp | 140 |
1 files changed, 107 insertions, 33 deletions
diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp index 024b459..e94f44a 100644 --- a/manifests/loadbalancer.pp +++ b/manifests/loadbalancer.pp @@ -66,6 +66,21 @@ # Can be a string or an array. # Defaults to undef # +# [*internal_api_virtual_ip*] +# Virtual IP on the internal API network. +# A string. +# Defaults to false +# +# [*storage_virtual_ip*] +# Virtual IP on the storage network. +# A string. +# Defaults to false +# +# [*storage_mgmt_virtual_ip*] +# Virtual IP on the storage mgmt network. +# A string. +# Defaults to false +# # [*service_certificate*] # Filename of an HAProxy-compatible certificate and key file # When set, enables SSL on the public API endpoints using the specified file. @@ -206,6 +221,9 @@ class tripleo::loadbalancer ( $control_virtual_interface, $public_virtual_interface, $public_virtual_ip, + $internal_api_virtual_ip = false, + $storage_virtual_ip = false, + $storage_mgmt_virtual_ip = false, $manage_vip = true, $haproxy_service_manage = true, $haproxy_global_maxconn = 10000, @@ -301,6 +319,44 @@ class tripleo::loadbalancer ( track_script => ['haproxy'], priority => 101, } + + + if $internal_api_virtual_ip and $internal_api_virtual_ip != $control_virtual_interface { + $internal_api_virtual_interface = interface_for_ip($internal_api_virtual_ip) + # KEEPALIVE INTERNAL API NETWORK + keepalived::instance { '53': + interface => $internal_api_virtual_interface, + virtual_ips => [join([$internal_api_virtual_ip, ' dev ', $internal_api_virtual_interface])], + state => 'MASTER', + track_script => ['haproxy'], + priority => 101, + } + } + + if $storage_virtual_ip and $storage_virtual_ip != $control_virtual_interface { + $storage_virtual_interface = interface_for_ip($storage_virtual_ip) + # KEEPALIVE STORAGE NETWORK + keepalived::instance { '54': + interface => $storage_virtual_interface, + virtual_ips => [join([$storage_virtual_ip, ' dev ', $storage_virtual_interface])], + state => 'MASTER', + track_script => ['haproxy'], + priority => 101, + } + } + + if $storage_mgmt_virtual_ip and $storage_mgmt_virtual_ip != $control_virtual_interface { + $storage_mgmt_virtual_interface = interface_for_ip($storage_mgmt_virtual_ip) + # KEEPALIVE STORAGE MANAGEMENT NETWORK + keepalived::instance { '55': + interface => $storage_mgmt_virtual_interface, + virtual_ips => [join([$storage_mgmt_virtual_ip, ' dev ', $storage_mgmt_virtual_interface])], + state => 'MASTER', + track_script => ['haproxy'], + priority => 101, + } + } + } if $keystone_certificate { @@ -349,142 +405,160 @@ class tripleo::loadbalancer ( $horizon_bind_certificate = $service_certificate } + $keystone_public_api_vip = hiera('keystone_public_api_vip', $controller_virtual_ip) + $keystone_admin_api_vip = hiera('keystone_admin_api_vip', $controller_virtual_ip) if $keystone_bind_certificate { $keystone_public_bind_opts = { - "${controller_virtual_ip}:5000" => [], + "${keystone_public_api_vip}:5000" => [], "${public_virtual_ip}:13000" => ['ssl', 'crt', $keystone_bind_certificate], } $keystone_admin_bind_opts = { - "${controller_virtual_ip}:35357" => [], + "${keystone_admin_api_vip}:35357" => [], "${public_virtual_ip}:13357" => ['ssl', 'crt', $keystone_bind_certificate], } } else { $keystone_public_bind_opts = { - "${controller_virtual_ip}:5000" => [], + "${keystone_public_api_vip}:5000" => [], "${public_virtual_ip}:5000" => [], } $keystone_admin_bind_opts = { - "${controller_virtual_ip}:35357" => [], + "${keystone_admin_api_vip}:35357" => [], "${public_virtual_ip}:35357" => [], } } + + $neutron_api_vip = hiera('neutron_api_vip', $controller_virtual_ip) if $neutron_bind_certificate { $neutron_bind_opts = { - "${controller_virtual_ip}:9696" => [], + "${neutron_api_vip}:9696" => [], "${public_virtual_ip}:13696" => ['ssl', 'crt', $neutron_bind_certificate], } } else { $neutron_bind_opts = { - "${controller_virtual_ip}:9696" => [], + "${neutron_api_vip}:9696" => [], "${public_virtual_ip}:9696" => [], } } + + $cinder_api_vip = hiera('cinder_api_vip', $controller_virtual_ip) if $cinder_bind_certificate { $cinder_bind_opts = { - "${controller_virtual_ip}:8776" => [], + "${cinder_api_vip}:8776" => [], "${public_virtual_ip}:13776" => ['ssl', 'crt', $cinder_bind_certificate], } } else { $cinder_bind_opts = { - "${controller_virtual_ip}:8776" => [], + "${cinder_api_vip}:8776" => [], "${public_virtual_ip}:8776" => [], } } + + $glance_api_vip = hiera('glance_api_vip', $controller_virtual_ip) if $glance_bind_certificate { $glance_bind_opts = { - "${controller_virtual_ip}:9292" => [], + "${glance_api_vip}:9292" => [], "${public_virtual_ip}:13292" => ['ssl', 'crt', $glance_bind_certificate], } } else { $glance_bind_opts = { - "${controller_virtual_ip}:9292" => [], + "${glance_api_vip}:9292" => [], "${public_virtual_ip}:9292" => [], } } + + $nova_api_vip = hiera('nova_api_vip', $controller_virtual_ip) if $nova_bind_certificate { $nova_osapi_bind_opts = { - "${controller_virtual_ip}:8774" => [], + "${nova_api_vip}:8774" => [], "${public_virtual_ip}:13774" => ['ssl', 'crt', $nova_bind_certificate], } $nova_ec2_bind_opts = { - "${controller_virtual_ip}:8773" => [], + "${nova_api_vip}:8773" => [], "${public_virtual_ip}:13773" => ['ssl', 'crt', $nova_bind_certificate], } $nova_novnc_bind_opts = { - "${controller_virtual_ip}:6080" => [], + "${nova_api_vip}:6080" => [], "${public_virtual_ip}:13080" => ['ssl', 'crt', $nova_bind_certificate], } } else { $nova_osapi_bind_opts = { - "${controller_virtual_ip}:8774" => [], + "${nova_api_vip}:8774" => [], "${public_virtual_ip}:8774" => [], } $nova_ec2_bind_opts = { - "${controller_virtual_ip}:8773" => [], + "${nova_api_vip}:8773" => [], "${public_virtual_ip}:8773" => [], } $nova_novnc_bind_opts = { - "${controller_virtual_ip}:6080" => [], + "${nova_api_vip}:6080" => [], "${public_virtual_ip}:6080" => [], } } + + $ceilometer_api_vip = hiera('ceilometer_api_vip', $controller_virtual_ip) if $ceilometer_bind_certificate { $ceilometer_bind_opts = { - "${controller_virtual_ip}:8777" => [], + "${ceilometer_api_vip}:8777" => [], "${public_virtual_ip}:13777" => ['ssl', 'crt', $ceilometer_bind_certificate], } } else { $ceilometer_bind_opts = { - "${controller_virtual_ip}:8777" => [], + "${ceilometer_api_vip}:8777" => [], "${public_virtual_ip}:8777" => [], } } + + $swift_proxy_vip = hiera('swift_proxy_vip', $controller_virtual_ip) if $swift_bind_certificate { $swift_bind_opts = { - "${controller_virtual_ip}:8080" => [], + "${swift_proxy_vip}:8080" => [], "${public_virtual_ip}:13080" => ['ssl', 'crt', $swift_bind_certificate], } } else { $swift_bind_opts = { - "${controller_virtual_ip}:8080" => [], + "${swift_proxy_vip}:8080" => [], "${public_virtual_ip}:8080" => [], } } + + $heat_api_vip = hiera('heat_api_vip', $controller_virtual_ip) if $heat_bind_certificate { $heat_bind_opts = { - "${controller_virtual_ip}:8004" => [], + "${heat_api_vip}:8004" => [], "${public_virtual_ip}:13004" => ['ssl', 'crt', $heat_bind_certificate], } $heat_cw_bind_opts = { - "${controller_virtual_ip}:8003" => [], + "${heat_api_vip}:8003" => [], "${public_virtual_ip}:13003" => ['ssl', 'crt', $heat_bind_certificate], } $heat_cfn_bind_opts = { - "${controller_virtual_ip}:8000" => [], + "${heat_api_vip}:8000" => [], "${public_virtual_ip}:13000" => ['ssl', 'crt', $heat_bind_certificate], } } else { $heat_bind_opts = { - "${controller_virtual_ip}:8004" => [], + "${heat_api_vip}:8004" => [], "${public_virtual_ip}:8004" => [], } $heat_cw_bind_opts = { - "${controller_virtual_ip}:8003" => [], + "${heat_api_vip}:8003" => [], "${public_virtual_ip}:8003" => [], } $heat_cfn_bind_opts = { - "${controller_virtual_ip}:8000" => [], + "${heat_api_vip}:8000" => [], "${public_virtual_ip}:8000" => [], } } + + $horizon_vip = hiera('horizon_vip', $controller_virtual_ip) if $horizon_bind_certificate { $horizon_bind_opts = { - "${controller_virtual_ip}:80" => [], + "${horizon_vip}:80" => [], "${public_virtual_ip}:443" => ['ssl', 'crt', $horizon_bind_certificate], } } else { $horizon_bind_opts = { - "${controller_virtual_ip}:80" => [], + "${horizon_vip}:80" => [], "${public_virtual_ip}:80" => [], } } @@ -607,7 +681,7 @@ class tripleo::loadbalancer ( if $glance_registry { haproxy::listen { 'glance_registry': - ipaddress => $controller_virtual_ip, + ipaddress => hiera('glance_registry_vip', $controller_virtual_ip), ports => 9191, options => { 'option' => [ 'httpchk GET /' ], @@ -659,7 +733,7 @@ class tripleo::loadbalancer ( if $nova_metadata { haproxy::listen { 'nova_metadata': - ipaddress => $controller_virtual_ip, + ipaddress => hiera('nova_metadata_vip', $controller_virtual_ip), ports => 8775, options => { 'option' => [ 'httpchk GET /' ], @@ -793,7 +867,7 @@ class tripleo::loadbalancer ( if $mysql { haproxy::listen { 'mysql': - ipaddress => [$controller_virtual_ip], + ipaddress => [hiera('mysql_vip', $controller_virtual_ip)], ports => 3306, options => { 'timeout' => [ 'client 0', 'server 0' ], @@ -822,7 +896,7 @@ class tripleo::loadbalancer ( if $rabbitmq { haproxy::listen { 'rabbitmq': - ipaddress => [$controller_virtual_ip], + ipaddress => [hiera('rabbitmq_vip', $controller_virtual_ip)], ports => 5672, options => { 'timeout' => [ 'client 0', 'server 0' ], @@ -840,7 +914,7 @@ class tripleo::loadbalancer ( if $redis { haproxy::listen { 'redis': - ipaddress => [$controller_virtual_ip], + ipaddress => [hiera('redis_vip', $controller_virtual_ip)], ports => 6379, options => { 'timeout' => [ 'client 0', 'server 0' ], |