diff options
-rw-r--r-- | manifests/loadbalancer.pp | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp index 3efbb51..f7a4ff8 100644 --- a/manifests/loadbalancer.pp +++ b/manifests/loadbalancer.pp @@ -132,6 +132,11 @@ # When set, enables SSL on the Horizon public API endpoint using the specified file. # Defaults to undef # +# [*ironic_certificate*] +# Filename of an HAProxy-compatible certificate and key file +# When set, enables SSL on the Ironic public API endpoint using the specified file. +# Defaults to undef +# # [*keystone_admin*] # (optional) Enable or not Keystone Admin API binding # Defaults to false @@ -196,6 +201,10 @@ # (optional) Enable or not Horizon dashboard binding # Defaults to false # +# [*ironic*] +# (optional) Enable or not Ironic API binding +# Defaults to false +# # [*mysql*] # (optional) Enable or not MySQL Galera binding # Defaults to false @@ -236,6 +245,7 @@ class tripleo::loadbalancer ( $swift_certificate = undef, $heat_certificate = undef, $horizon_certificate = undef, + $ironic_certificate = undef, $keystone_admin = false, $keystone_public = false, $neutron = false, @@ -252,6 +262,7 @@ class tripleo::loadbalancer ( $heat_cloudwatch = false, $heat_cfn = false, $horizon = false, + $ironic = false, $mysql = false, $mysql_clustercheck = false, $rabbitmq = false, @@ -399,6 +410,11 @@ class tripleo::loadbalancer ( } else { $horizon_bind_certificate = $service_certificate } + if $ironic_certificate { + $ironic_bind_certificate = $ironic_certificate + } else { + $ironic_bind_certificate = $service_certificate + } $keystone_public_api_vip = hiera('keystone_public_api_vip', $controller_virtual_ip) $keystone_admin_api_vip = hiera('keystone_admin_api_vip', $controller_virtual_ip) @@ -558,6 +574,19 @@ class tripleo::loadbalancer ( } } + $ironic_api_vip = hiera('ironic_api_vip', $controller_virtual_ip) + if $ironic_bind_certificate { + $ironic_bind_opts = { + "${ironic_api_vip}:6385" => [], + "${public_virtual_ip}:13385" => ['ssl', 'crt', $ironic_bind_certificate], + } + } else { + $ironic_bind_opts = { + "${ironic_api_vip}:6385" => [], + "${public_virtual_ip}:6385" => [], + } + } + sysctl::value { 'net.ipv4.ip_nonlocal_bind': value => '1' } class { '::haproxy': @@ -874,6 +903,21 @@ class tripleo::loadbalancer ( } $mysql_member_options = ['check', 'inter 2000', 'rise 2', 'fall 5', 'backup'] } + + if $ironic { + haproxy::listen { 'ironic': + bind => $ironic_bind_opts, + collect_exported => false, + } + haproxy::balancermember { 'ironic': + listening_service => 'ironic', + ports => '6385', + ipaddresses => hiera('ironic_api_node_ips', $controller_hosts_real), + server_names => $controller_hosts_names_real, + options => [], + } + } + if $mysql { haproxy::listen { 'mysql': ipaddress => [hiera('mysql_vip', $controller_virtual_ip)], |