summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--manifests/loadbalancer.pp44
1 files changed, 44 insertions, 0 deletions
diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp
index 3efbb51..f7a4ff8 100644
--- a/manifests/loadbalancer.pp
+++ b/manifests/loadbalancer.pp
@@ -132,6 +132,11 @@
# When set, enables SSL on the Horizon public API endpoint using the specified file.
# Defaults to undef
#
+# [*ironic_certificate*]
+# Filename of an HAProxy-compatible certificate and key file
+# When set, enables SSL on the Ironic public API endpoint using the specified file.
+# Defaults to undef
+#
# [*keystone_admin*]
# (optional) Enable or not Keystone Admin API binding
# Defaults to false
@@ -196,6 +201,10 @@
# (optional) Enable or not Horizon dashboard binding
# Defaults to false
#
+# [*ironic*]
+# (optional) Enable or not Ironic API binding
+# Defaults to false
+#
# [*mysql*]
# (optional) Enable or not MySQL Galera binding
# Defaults to false
@@ -236,6 +245,7 @@ class tripleo::loadbalancer (
$swift_certificate = undef,
$heat_certificate = undef,
$horizon_certificate = undef,
+ $ironic_certificate = undef,
$keystone_admin = false,
$keystone_public = false,
$neutron = false,
@@ -252,6 +262,7 @@ class tripleo::loadbalancer (
$heat_cloudwatch = false,
$heat_cfn = false,
$horizon = false,
+ $ironic = false,
$mysql = false,
$mysql_clustercheck = false,
$rabbitmq = false,
@@ -399,6 +410,11 @@ class tripleo::loadbalancer (
} else {
$horizon_bind_certificate = $service_certificate
}
+ if $ironic_certificate {
+ $ironic_bind_certificate = $ironic_certificate
+ } else {
+ $ironic_bind_certificate = $service_certificate
+ }
$keystone_public_api_vip = hiera('keystone_public_api_vip', $controller_virtual_ip)
$keystone_admin_api_vip = hiera('keystone_admin_api_vip', $controller_virtual_ip)
@@ -558,6 +574,19 @@ class tripleo::loadbalancer (
}
}
+ $ironic_api_vip = hiera('ironic_api_vip', $controller_virtual_ip)
+ if $ironic_bind_certificate {
+ $ironic_bind_opts = {
+ "${ironic_api_vip}:6385" => [],
+ "${public_virtual_ip}:13385" => ['ssl', 'crt', $ironic_bind_certificate],
+ }
+ } else {
+ $ironic_bind_opts = {
+ "${ironic_api_vip}:6385" => [],
+ "${public_virtual_ip}:6385" => [],
+ }
+ }
+
sysctl::value { 'net.ipv4.ip_nonlocal_bind': value => '1' }
class { '::haproxy':
@@ -874,6 +903,21 @@ class tripleo::loadbalancer (
}
$mysql_member_options = ['check', 'inter 2000', 'rise 2', 'fall 5', 'backup']
}
+
+ if $ironic {
+ haproxy::listen { 'ironic':
+ bind => $ironic_bind_opts,
+ collect_exported => false,
+ }
+ haproxy::balancermember { 'ironic':
+ listening_service => 'ironic',
+ ports => '6385',
+ ipaddresses => hiera('ironic_api_node_ips', $controller_hosts_real),
+ server_names => $controller_hosts_names_real,
+ options => [],
+ }
+ }
+
if $mysql {
haproxy::listen { 'mysql':
ipaddress => [hiera('mysql_vip', $controller_virtual_ip)],