aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--manifests/loadbalancer.pp140
1 files changed, 107 insertions, 33 deletions
diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp
index 024b459..e94f44a 100644
--- a/manifests/loadbalancer.pp
+++ b/manifests/loadbalancer.pp
@@ -66,6 +66,21 @@
# Can be a string or an array.
# Defaults to undef
#
+# [*internal_api_virtual_ip*]
+# Virtual IP on the internal API network.
+# A string.
+# Defaults to false
+#
+# [*storage_virtual_ip*]
+# Virtual IP on the storage network.
+# A string.
+# Defaults to false
+#
+# [*storage_mgmt_virtual_ip*]
+# Virtual IP on the storage mgmt network.
+# A string.
+# Defaults to false
+#
# [*service_certificate*]
# Filename of an HAProxy-compatible certificate and key file
# When set, enables SSL on the public API endpoints using the specified file.
@@ -206,6 +221,9 @@ class tripleo::loadbalancer (
$control_virtual_interface,
$public_virtual_interface,
$public_virtual_ip,
+ $internal_api_virtual_ip = false,
+ $storage_virtual_ip = false,
+ $storage_mgmt_virtual_ip = false,
$manage_vip = true,
$haproxy_service_manage = true,
$haproxy_global_maxconn = 10000,
@@ -301,6 +319,44 @@ class tripleo::loadbalancer (
track_script => ['haproxy'],
priority => 101,
}
+
+
+ if $internal_api_virtual_ip and $internal_api_virtual_ip != $control_virtual_interface {
+ $internal_api_virtual_interface = interface_for_ip($internal_api_virtual_ip)
+ # KEEPALIVE INTERNAL API NETWORK
+ keepalived::instance { '53':
+ interface => $internal_api_virtual_interface,
+ virtual_ips => [join([$internal_api_virtual_ip, ' dev ', $internal_api_virtual_interface])],
+ state => 'MASTER',
+ track_script => ['haproxy'],
+ priority => 101,
+ }
+ }
+
+ if $storage_virtual_ip and $storage_virtual_ip != $control_virtual_interface {
+ $storage_virtual_interface = interface_for_ip($storage_virtual_ip)
+ # KEEPALIVE STORAGE NETWORK
+ keepalived::instance { '54':
+ interface => $storage_virtual_interface,
+ virtual_ips => [join([$storage_virtual_ip, ' dev ', $storage_virtual_interface])],
+ state => 'MASTER',
+ track_script => ['haproxy'],
+ priority => 101,
+ }
+ }
+
+ if $storage_mgmt_virtual_ip and $storage_mgmt_virtual_ip != $control_virtual_interface {
+ $storage_mgmt_virtual_interface = interface_for_ip($storage_mgmt_virtual_ip)
+ # KEEPALIVE STORAGE MANAGEMENT NETWORK
+ keepalived::instance { '55':
+ interface => $storage_mgmt_virtual_interface,
+ virtual_ips => [join([$storage_mgmt_virtual_ip, ' dev ', $storage_mgmt_virtual_interface])],
+ state => 'MASTER',
+ track_script => ['haproxy'],
+ priority => 101,
+ }
+ }
+
}
if $keystone_certificate {
@@ -349,142 +405,160 @@ class tripleo::loadbalancer (
$horizon_bind_certificate = $service_certificate
}
+ $keystone_public_api_vip = hiera('keystone_public_api_vip', $controller_virtual_ip)
+ $keystone_admin_api_vip = hiera('keystone_admin_api_vip', $controller_virtual_ip)
if $keystone_bind_certificate {
$keystone_public_bind_opts = {
- "${controller_virtual_ip}:5000" => [],
+ "${keystone_public_api_vip}:5000" => [],
"${public_virtual_ip}:13000" => ['ssl', 'crt', $keystone_bind_certificate],
}
$keystone_admin_bind_opts = {
- "${controller_virtual_ip}:35357" => [],
+ "${keystone_admin_api_vip}:35357" => [],
"${public_virtual_ip}:13357" => ['ssl', 'crt', $keystone_bind_certificate],
}
} else {
$keystone_public_bind_opts = {
- "${controller_virtual_ip}:5000" => [],
+ "${keystone_public_api_vip}:5000" => [],
"${public_virtual_ip}:5000" => [],
}
$keystone_admin_bind_opts = {
- "${controller_virtual_ip}:35357" => [],
+ "${keystone_admin_api_vip}:35357" => [],
"${public_virtual_ip}:35357" => [],
}
}
+
+ $neutron_api_vip = hiera('neutron_api_vip', $controller_virtual_ip)
if $neutron_bind_certificate {
$neutron_bind_opts = {
- "${controller_virtual_ip}:9696" => [],
+ "${neutron_api_vip}:9696" => [],
"${public_virtual_ip}:13696" => ['ssl', 'crt', $neutron_bind_certificate],
}
} else {
$neutron_bind_opts = {
- "${controller_virtual_ip}:9696" => [],
+ "${neutron_api_vip}:9696" => [],
"${public_virtual_ip}:9696" => [],
}
}
+
+ $cinder_api_vip = hiera('cinder_api_vip', $controller_virtual_ip)
if $cinder_bind_certificate {
$cinder_bind_opts = {
- "${controller_virtual_ip}:8776" => [],
+ "${cinder_api_vip}:8776" => [],
"${public_virtual_ip}:13776" => ['ssl', 'crt', $cinder_bind_certificate],
}
} else {
$cinder_bind_opts = {
- "${controller_virtual_ip}:8776" => [],
+ "${cinder_api_vip}:8776" => [],
"${public_virtual_ip}:8776" => [],
}
}
+
+ $glance_api_vip = hiera('glance_api_vip', $controller_virtual_ip)
if $glance_bind_certificate {
$glance_bind_opts = {
- "${controller_virtual_ip}:9292" => [],
+ "${glance_api_vip}:9292" => [],
"${public_virtual_ip}:13292" => ['ssl', 'crt', $glance_bind_certificate],
}
} else {
$glance_bind_opts = {
- "${controller_virtual_ip}:9292" => [],
+ "${glance_api_vip}:9292" => [],
"${public_virtual_ip}:9292" => [],
}
}
+
+ $nova_api_vip = hiera('nova_api_vip', $controller_virtual_ip)
if $nova_bind_certificate {
$nova_osapi_bind_opts = {
- "${controller_virtual_ip}:8774" => [],
+ "${nova_api_vip}:8774" => [],
"${public_virtual_ip}:13774" => ['ssl', 'crt', $nova_bind_certificate],
}
$nova_ec2_bind_opts = {
- "${controller_virtual_ip}:8773" => [],
+ "${nova_api_vip}:8773" => [],
"${public_virtual_ip}:13773" => ['ssl', 'crt', $nova_bind_certificate],
}
$nova_novnc_bind_opts = {
- "${controller_virtual_ip}:6080" => [],
+ "${nova_api_vip}:6080" => [],
"${public_virtual_ip}:13080" => ['ssl', 'crt', $nova_bind_certificate],
}
} else {
$nova_osapi_bind_opts = {
- "${controller_virtual_ip}:8774" => [],
+ "${nova_api_vip}:8774" => [],
"${public_virtual_ip}:8774" => [],
}
$nova_ec2_bind_opts = {
- "${controller_virtual_ip}:8773" => [],
+ "${nova_api_vip}:8773" => [],
"${public_virtual_ip}:8773" => [],
}
$nova_novnc_bind_opts = {
- "${controller_virtual_ip}:6080" => [],
+ "${nova_api_vip}:6080" => [],
"${public_virtual_ip}:6080" => [],
}
}
+
+ $ceilometer_api_vip = hiera('ceilometer_api_vip', $controller_virtual_ip)
if $ceilometer_bind_certificate {
$ceilometer_bind_opts = {
- "${controller_virtual_ip}:8777" => [],
+ "${ceilometer_api_vip}:8777" => [],
"${public_virtual_ip}:13777" => ['ssl', 'crt', $ceilometer_bind_certificate],
}
} else {
$ceilometer_bind_opts = {
- "${controller_virtual_ip}:8777" => [],
+ "${ceilometer_api_vip}:8777" => [],
"${public_virtual_ip}:8777" => [],
}
}
+
+ $swift_proxy_vip = hiera('swift_proxy_vip', $controller_virtual_ip)
if $swift_bind_certificate {
$swift_bind_opts = {
- "${controller_virtual_ip}:8080" => [],
+ "${swift_proxy_vip}:8080" => [],
"${public_virtual_ip}:13080" => ['ssl', 'crt', $swift_bind_certificate],
}
} else {
$swift_bind_opts = {
- "${controller_virtual_ip}:8080" => [],
+ "${swift_proxy_vip}:8080" => [],
"${public_virtual_ip}:8080" => [],
}
}
+
+ $heat_api_vip = hiera('heat_api_vip', $controller_virtual_ip)
if $heat_bind_certificate {
$heat_bind_opts = {
- "${controller_virtual_ip}:8004" => [],
+ "${heat_api_vip}:8004" => [],
"${public_virtual_ip}:13004" => ['ssl', 'crt', $heat_bind_certificate],
}
$heat_cw_bind_opts = {
- "${controller_virtual_ip}:8003" => [],
+ "${heat_api_vip}:8003" => [],
"${public_virtual_ip}:13003" => ['ssl', 'crt', $heat_bind_certificate],
}
$heat_cfn_bind_opts = {
- "${controller_virtual_ip}:8000" => [],
+ "${heat_api_vip}:8000" => [],
"${public_virtual_ip}:13000" => ['ssl', 'crt', $heat_bind_certificate],
}
} else {
$heat_bind_opts = {
- "${controller_virtual_ip}:8004" => [],
+ "${heat_api_vip}:8004" => [],
"${public_virtual_ip}:8004" => [],
}
$heat_cw_bind_opts = {
- "${controller_virtual_ip}:8003" => [],
+ "${heat_api_vip}:8003" => [],
"${public_virtual_ip}:8003" => [],
}
$heat_cfn_bind_opts = {
- "${controller_virtual_ip}:8000" => [],
+ "${heat_api_vip}:8000" => [],
"${public_virtual_ip}:8000" => [],
}
}
+
+ $horizon_vip = hiera('horizon_vip', $controller_virtual_ip)
if $horizon_bind_certificate {
$horizon_bind_opts = {
- "${controller_virtual_ip}:80" => [],
+ "${horizon_vip}:80" => [],
"${public_virtual_ip}:443" => ['ssl', 'crt', $horizon_bind_certificate],
}
} else {
$horizon_bind_opts = {
- "${controller_virtual_ip}:80" => [],
+ "${horizon_vip}:80" => [],
"${public_virtual_ip}:80" => [],
}
}
@@ -607,7 +681,7 @@ class tripleo::loadbalancer (
if $glance_registry {
haproxy::listen { 'glance_registry':
- ipaddress => $controller_virtual_ip,
+ ipaddress => hiera('glance_registry_vip', $controller_virtual_ip),
ports => 9191,
options => {
'option' => [ 'httpchk GET /' ],
@@ -659,7 +733,7 @@ class tripleo::loadbalancer (
if $nova_metadata {
haproxy::listen { 'nova_metadata':
- ipaddress => $controller_virtual_ip,
+ ipaddress => hiera('nova_metadata_vip', $controller_virtual_ip),
ports => 8775,
options => {
'option' => [ 'httpchk GET /' ],
@@ -793,7 +867,7 @@ class tripleo::loadbalancer (
if $mysql {
haproxy::listen { 'mysql':
- ipaddress => [$controller_virtual_ip],
+ ipaddress => [hiera('mysql_vip', $controller_virtual_ip)],
ports => 3306,
options => {
'timeout' => [ 'client 0', 'server 0' ],
@@ -822,7 +896,7 @@ class tripleo::loadbalancer (
if $rabbitmq {
haproxy::listen { 'rabbitmq':
- ipaddress => [$controller_virtual_ip],
+ ipaddress => [hiera('rabbitmq_vip', $controller_virtual_ip)],
ports => 5672,
options => {
'timeout' => [ 'client 0', 'server 0' ],
@@ -840,7 +914,7 @@ class tripleo::loadbalancer (
if $redis {
haproxy::listen { 'redis':
- ipaddress => [$controller_virtual_ip],
+ ipaddress => [hiera('redis_vip', $controller_virtual_ip)],
ports => 6379,
options => {
'timeout' => [ 'client 0', 'server 0' ],