diff options
| -rw-r--r-- | .gitreview | 2 | ||||
| -rw-r--r-- | lib/puppet/parser/functions/interface_for_ip.rb | 33 | ||||
| -rw-r--r-- | lib/puppet/parser/functions/local_fence_devices.rb | 34 | ||||
| -rw-r--r-- | manifests/fencing.pp | 62 | ||||
| -rw-r--r-- | manifests/loadbalancer.pp | 513 |
5 files changed, 565 insertions, 79 deletions
@@ -1,4 +1,4 @@ [gerrit] host=review.openstack.org port=29418 -project=stackforge/puppet-tripleo.git +project=openstack/puppet-tripleo.git diff --git a/lib/puppet/parser/functions/interface_for_ip.rb b/lib/puppet/parser/functions/interface_for_ip.rb new file mode 100644 index 0000000..1c67120 --- /dev/null +++ b/lib/puppet/parser/functions/interface_for_ip.rb @@ -0,0 +1,33 @@ +require 'ipaddr' + +# Custom function to lookup the interface which matches the subnet +# of the provided IP address. +# The function iterates over all the interfaces and chooses the +# first locally assigned interface which matches the IP. +module Puppet::Parser::Functions + newfunction(:interface_for_ip, :type => :rvalue, :doc => "Find the bind IP address for the provided subnet.") do |arg| + if arg[0].class == String + begin + ip_to_find = arg[0] + Dir.foreach('/sys/class/net/') do |interface| + next if interface == '.' or interface == '..' + iface_no_dash = interface.gsub('-', '_') + interface_ip = lookupvar("ipaddress_#{iface_no_dash}") + netmask = lookupvar("netmask_#{iface_no_dash}") + if not interface_ip.nil? then + ip1=IPAddr.new(interface_ip) + ip2=IPAddr.new(ip_to_find) + if ip1.mask(netmask) == ip2.mask(netmask) then + return interface + end + end + end + rescue JSON::ParserError + raise Puppet::ParseError, "Syntax error: #{arg[0]} is invalid" + end + else + raise Puppet::ParseError, "Syntax error: #{arg[0]} is not a String" + end + return '' + end +end diff --git a/lib/puppet/parser/functions/local_fence_devices.rb b/lib/puppet/parser/functions/local_fence_devices.rb new file mode 100644 index 0000000..1ebce67 --- /dev/null +++ b/lib/puppet/parser/functions/local_fence_devices.rb @@ -0,0 +1,34 @@ +module Puppet::Parser::Functions + newfunction(:local_fence_devices, :arity =>2, :type => :rvalue, + :doc => ("Given an array of fence device configs, limit them" + + "to fence devices whose MAC address is present on" + + "some of the local NICs, and prepare a hash which can be" + + "passed to create_resources function")) do |args| + agent = args[0] + devices = args[1] + unless agent.is_a?(String) && agent.length > 0 + raise Puppet::ParseError, "local_fence_devices: Argument 'agent' must be a non-empty string. The value given was: #{agent_type}" + end + unless devices.is_a?(Array) + raise Puppet::ParseError, "local_fence_devices: Argument 'devices' must be an array. The value given was: #{devices}" + end + + # filter by agent type + agent_type_devices = devices.select { |device| device['agent'] == agent } + + # filter by local mac address + local_devices = agent_type_devices.select do |device| + function_has_interface_with(['macaddress', device['host_mac']]) + end + + # construct a hash for create_resources + return local_devices.each_with_object({}) do |device, hash| + # disallow collisions + if hash[device['host_mac']] + raise Puppet::ParseError, "local_fence_devices: Only single fence device per agent per host is allowed. Collision on #{device['host_mac']} for #{agent}" + end + + hash[device['host_mac']] = device['params'] || {} + end + end +end diff --git a/manifests/fencing.pp b/manifests/fencing.pp new file mode 100644 index 0000000..55280a9 --- /dev/null +++ b/manifests/fencing.pp @@ -0,0 +1,62 @@ +# == Class: tripleo::fencing +# +# Configure Pacemaker fencing devices for TripleO. +# +# === Parameters: +# +# [*config*] +# JSON config of fencing devices, using the following structure: +# { +# "devices": [ +# { +# "agent": "AGENT_NAME", +# "host_mac": "HOST_MAC_ADDRESS", +# "params": {"PARAM_NAME": "PARAM_VALUE"} +# } +# ] +# } +# For instance: +# { +# "devices": [ +# { +# "agent": "fence_xvm", +# "host_mac": "52:54:00:aa:bb:cc", +# "params": { +# "multicast_address": "225.0.0.12", +# "port": "baremetal_0", +# "manage_fw": true, +# "manage_key_file": true, +# "key_file": "/etc/fence_xvm.key", +# "key_file_password": "abcdef" +# } +# } +# ] +# } +# Defaults to {} +# +# [*tries*] +# Number of attempts when creating fence devices and constraints. +# Defaults to 10 +# +# [*try_sleep*] +# Delay (in seconds) between attempts when creating fence devices +# and constraints. +# Defaults to 3 +class tripleo::fencing( + $config = {}, + $tries = 10, + $try_sleep = 3, +) { + $common_params = { + 'tries' => $tries, + 'try_sleep' => $try_sleep, + } + + $all_devices = $config['devices'] + + $xvm_devices = local_fence_devices('fence_xvm', $all_devices) + create_resources('pacemaker::stonith::fence_xvm', $xvm_devices, $common_params) + + $ipmilan_devices = local_fence_devices('fence_ipmilan', $all_devices) + create_resources('pacemaker::stonith::fence_ipmilan', $ipmilan_devices, $common_params) +} diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp index 6b5999a..f7a4ff8 100644 --- a/manifests/loadbalancer.pp +++ b/manifests/loadbalancer.pp @@ -20,9 +20,17 @@ # === Parameters: # # [*manage_vip*] -# Whether to enable keepalived to manage the VIPs or not +# Whether to configure keepalived to manage the VIPs or not. # Defaults to true # +# [*haproxy_service_manage*] +# Will be passed as value for service_manage to haproxy module. +# Defaults to true +# +# [*haproxy_global_maxconn*] +# The value to use as maxconn in the haproxy global config section. +# Defaults to 10000 +# # [*controller_host*] # (Deprecated)Host or group of hosts to load-balance the services # Can be a string or an array. @@ -58,12 +66,75 @@ # Can be a string or an array. # Defaults to undef # -# [*galera_master_hostname*] -# FQDN of the Galera master node +# [*internal_api_virtual_ip*] +# Virtual IP on the internal API network. +# A string. +# Defaults to false +# +# [*storage_virtual_ip*] +# Virtual IP on the storage network. +# A string. +# Defaults to false +# +# [*storage_mgmt_virtual_ip*] +# Virtual IP on the storage mgmt network. +# A string. +# Defaults to false +# +# [*service_certificate*] +# Filename of an HAProxy-compatible certificate and key file +# When set, enables SSL on the public API endpoints using the specified file. +# Any service-specific certificates take precedence over this one. +# Defaults to undef +# +# [*keystone_certificate*] +# Filename of an HAProxy-compatible certificate and key file +# When set, enables SSL on the Keystone public API endpoint using the specified file. +# Defaults to undef +# +# [*neutron_certificate*] +# Filename of an HAProxy-compatible certificate and key file +# When set, enables SSL on the Neutron public API endpoint using the specified file. +# Defaults to undef +# +# [*cinder_certificate*] +# Filename of an HAProxy-compatible certificate and key file +# When set, enables SSL on the Cinder public API endpoint using the specified file. +# Defaults to undef +# +# [*glance_certificate*] +# Filename of an HAProxy-compatible certificate and key file +# When set, enables SSL on the Glance public API endpoint using the specified file. +# Defaults to undef +# +# [*nova_certificate*] +# Filename of an HAProxy-compatible certificate and key file +# When set, enables SSL on the Nova public API endpoint using the specified file. # Defaults to undef # -# [*galera_master_ip*] -# IP of the Galera master node +# [*ceilometer_certificate*] +# Filename of an HAProxy-compatible certificate and key file +# When set, enables SSL on the Ceilometer public API endpoint using the specified file. +# Defaults to undef +# +# [*swift_certificate*] +# Filename of an HAProxy-compatible certificate and key file +# When set, enables SSL on the Swift public API endpoint using the specified file. +# Defaults to undef +# +# [*heat_certificate*] +# Filename of an HAProxy-compatible certificate and key file +# When set, enables SSL on the Heat public API endpoint using the specified file. +# Defaults to undef +# +# [*horizon_certificate*] +# Filename of an HAProxy-compatible certificate and key file +# When set, enables SSL on the Horizon public API endpoint using the specified file. +# Defaults to undef +# +# [*ironic_certificate*] +# Filename of an HAProxy-compatible certificate and key file +# When set, enables SSL on the Ironic public API endpoint using the specified file. # Defaults to undef # # [*keystone_admin*] @@ -130,10 +201,18 @@ # (optional) Enable or not Horizon dashboard binding # Defaults to false # +# [*ironic*] +# (optional) Enable or not Ironic API binding +# Defaults to false +# # [*mysql*] # (optional) Enable or not MySQL Galera binding # Defaults to false # +# [*mysql_clustercheck*] +# (optional) Enable check via clustercheck for mysql +# Defaults to false +# # [*rabbitmq*] # (optional) Enable or not RabbitMQ binding # Defaults to false @@ -147,12 +226,26 @@ class tripleo::loadbalancer ( $control_virtual_interface, $public_virtual_interface, $public_virtual_ip, + $internal_api_virtual_ip = false, + $storage_virtual_ip = false, + $storage_mgmt_virtual_ip = false, $manage_vip = true, + $haproxy_service_manage = true, + $haproxy_global_maxconn = 10000, $controller_host = undef, $controller_hosts = undef, $controller_hosts_names = undef, - $galera_master_hostname = undef, - $galera_master_ip = undef, + $service_certificate = undef, + $keystone_certificate = undef, + $neutron_certificate = undef, + $cinder_certificate = undef, + $glance_certificate = undef, + $nova_certificate = undef, + $ceilometer_certificate = undef, + $swift_certificate = undef, + $heat_certificate = undef, + $horizon_certificate = undef, + $ironic_certificate = undef, $keystone_admin = false, $keystone_public = false, $neutron = false, @@ -169,7 +262,9 @@ class tripleo::loadbalancer ( $heat_cloudwatch = false, $heat_cfn = false, $horizon = false, + $ironic = false, $mysql = false, + $mysql_clustercheck = false, $rabbitmq = false, $redis = false, ) { @@ -230,24 +325,284 @@ class tripleo::loadbalancer ( track_script => ['haproxy'], priority => 101, } + + + if $internal_api_virtual_ip and $internal_api_virtual_ip != $control_virtual_interface { + $internal_api_virtual_interface = interface_for_ip($internal_api_virtual_ip) + # KEEPALIVE INTERNAL API NETWORK + keepalived::instance { '53': + interface => $internal_api_virtual_interface, + virtual_ips => [join([$internal_api_virtual_ip, ' dev ', $internal_api_virtual_interface])], + state => 'MASTER', + track_script => ['haproxy'], + priority => 101, + } + } + + if $storage_virtual_ip and $storage_virtual_ip != $control_virtual_interface { + $storage_virtual_interface = interface_for_ip($storage_virtual_ip) + # KEEPALIVE STORAGE NETWORK + keepalived::instance { '54': + interface => $storage_virtual_interface, + virtual_ips => [join([$storage_virtual_ip, ' dev ', $storage_virtual_interface])], + state => 'MASTER', + track_script => ['haproxy'], + priority => 101, + } + } + + if $storage_mgmt_virtual_ip and $storage_mgmt_virtual_ip != $control_virtual_interface { + $storage_mgmt_virtual_interface = interface_for_ip($storage_mgmt_virtual_ip) + # KEEPALIVE STORAGE MANAGEMENT NETWORK + keepalived::instance { '55': + interface => $storage_mgmt_virtual_interface, + virtual_ips => [join([$storage_mgmt_virtual_ip, ' dev ', $storage_mgmt_virtual_interface])], + state => 'MASTER', + track_script => ['haproxy'], + priority => 101, + } + } + + } + + if $keystone_certificate { + $keystone_bind_certificate = $keystone_certificate + } else { + $keystone_bind_certificate = $service_certificate + } + if $neutron_certificate { + $neutron_bind_certificate = $neutron_certificate + } else { + $neutron_bind_certificate = $service_certificate + } + if $cinder_certificate { + $cinder_bind_certificate = $cinder_certificate + } else { + $cinder_bind_certificate = $service_certificate + } + if $glance_certificate { + $glance_bind_certificate = $glance_certificate + } else { + $glance_bind_certificate = $service_certificate + } + if $nova_certificate { + $nova_bind_certificate = $nova_certificate + } else { + $nova_bind_certificate = $service_certificate + } + if $ceilometer_certificate { + $ceilometer_bind_certificate = $ceilometer_certificate + } else { + $ceilometer_bind_certificate = $service_certificate + } + if $swift_certificate { + $swift_bind_certificate = $swift_certificate + } else { + $swift_bind_certificate = $service_certificate + } + if $heat_certificate { + $heat_bind_certificate = $heat_certificate + } else { + $heat_bind_certificate = $service_certificate + } + if $horizon_certificate { + $horizon_bind_certificate = $horizon_certificate + } else { + $horizon_bind_certificate = $service_certificate + } + if $ironic_certificate { + $ironic_bind_certificate = $ironic_certificate + } else { + $ironic_bind_certificate = $service_certificate + } + + $keystone_public_api_vip = hiera('keystone_public_api_vip', $controller_virtual_ip) + $keystone_admin_api_vip = hiera('keystone_admin_api_vip', $controller_virtual_ip) + if $keystone_bind_certificate { + $keystone_public_bind_opts = { + "${keystone_public_api_vip}:5000" => [], + "${public_virtual_ip}:13000" => ['ssl', 'crt', $keystone_bind_certificate], + } + $keystone_admin_bind_opts = { + "${keystone_admin_api_vip}:35357" => [], + "${public_virtual_ip}:13357" => ['ssl', 'crt', $keystone_bind_certificate], + } + } else { + $keystone_public_bind_opts = { + "${keystone_public_api_vip}:5000" => [], + "${public_virtual_ip}:5000" => [], + } + $keystone_admin_bind_opts = { + "${keystone_admin_api_vip}:35357" => [], + "${public_virtual_ip}:35357" => [], + } + } + + $neutron_api_vip = hiera('neutron_api_vip', $controller_virtual_ip) + if $neutron_bind_certificate { + $neutron_bind_opts = { + "${neutron_api_vip}:9696" => [], + "${public_virtual_ip}:13696" => ['ssl', 'crt', $neutron_bind_certificate], + } + } else { + $neutron_bind_opts = { + "${neutron_api_vip}:9696" => [], + "${public_virtual_ip}:9696" => [], + } + } + + $cinder_api_vip = hiera('cinder_api_vip', $controller_virtual_ip) + if $cinder_bind_certificate { + $cinder_bind_opts = { + "${cinder_api_vip}:8776" => [], + "${public_virtual_ip}:13776" => ['ssl', 'crt', $cinder_bind_certificate], + } + } else { + $cinder_bind_opts = { + "${cinder_api_vip}:8776" => [], + "${public_virtual_ip}:8776" => [], + } + } + + $glance_api_vip = hiera('glance_api_vip', $controller_virtual_ip) + if $glance_bind_certificate { + $glance_bind_opts = { + "${glance_api_vip}:9292" => [], + "${public_virtual_ip}:13292" => ['ssl', 'crt', $glance_bind_certificate], + } + } else { + $glance_bind_opts = { + "${glance_api_vip}:9292" => [], + "${public_virtual_ip}:9292" => [], + } + } + + $nova_api_vip = hiera('nova_api_vip', $controller_virtual_ip) + if $nova_bind_certificate { + $nova_osapi_bind_opts = { + "${nova_api_vip}:8774" => [], + "${public_virtual_ip}:13774" => ['ssl', 'crt', $nova_bind_certificate], + } + $nova_ec2_bind_opts = { + "${nova_api_vip}:8773" => [], + "${public_virtual_ip}:13773" => ['ssl', 'crt', $nova_bind_certificate], + } + $nova_novnc_bind_opts = { + "${nova_api_vip}:6080" => [], + "${public_virtual_ip}:13080" => ['ssl', 'crt', $nova_bind_certificate], + } + } else { + $nova_osapi_bind_opts = { + "${nova_api_vip}:8774" => [], + "${public_virtual_ip}:8774" => [], + } + $nova_ec2_bind_opts = { + "${nova_api_vip}:8773" => [], + "${public_virtual_ip}:8773" => [], + } + $nova_novnc_bind_opts = { + "${nova_api_vip}:6080" => [], + "${public_virtual_ip}:6080" => [], + } + } + + $ceilometer_api_vip = hiera('ceilometer_api_vip', $controller_virtual_ip) + if $ceilometer_bind_certificate { + $ceilometer_bind_opts = { + "${ceilometer_api_vip}:8777" => [], + "${public_virtual_ip}:13777" => ['ssl', 'crt', $ceilometer_bind_certificate], + } + } else { + $ceilometer_bind_opts = { + "${ceilometer_api_vip}:8777" => [], + "${public_virtual_ip}:8777" => [], + } + } + + $swift_proxy_vip = hiera('swift_proxy_vip', $controller_virtual_ip) + if $swift_bind_certificate { + $swift_bind_opts = { + "${swift_proxy_vip}:8080" => [], + "${public_virtual_ip}:13080" => ['ssl', 'crt', $swift_bind_certificate], + } + } else { + $swift_bind_opts = { + "${swift_proxy_vip}:8080" => [], + "${public_virtual_ip}:8080" => [], + } + } + + $heat_api_vip = hiera('heat_api_vip', $controller_virtual_ip) + if $heat_bind_certificate { + $heat_bind_opts = { + "${heat_api_vip}:8004" => [], + "${public_virtual_ip}:13004" => ['ssl', 'crt', $heat_bind_certificate], + } + $heat_cw_bind_opts = { + "${heat_api_vip}:8003" => [], + "${public_virtual_ip}:13003" => ['ssl', 'crt', $heat_bind_certificate], + } + $heat_cfn_bind_opts = { + "${heat_api_vip}:8000" => [], + "${public_virtual_ip}:13000" => ['ssl', 'crt', $heat_bind_certificate], + } + } else { + $heat_bind_opts = { + "${heat_api_vip}:8004" => [], + "${public_virtual_ip}:8004" => [], + } + $heat_cw_bind_opts = { + "${heat_api_vip}:8003" => [], + "${public_virtual_ip}:8003" => [], + } + $heat_cfn_bind_opts = { + "${heat_api_vip}:8000" => [], + "${public_virtual_ip}:8000" => [], + } + } + + $horizon_vip = hiera('horizon_vip', $controller_virtual_ip) + if $horizon_bind_certificate { + $horizon_bind_opts = { + "${horizon_vip}:80" => [], + "${public_virtual_ip}:443" => ['ssl', 'crt', $horizon_bind_certificate], + } + } else { + $horizon_bind_opts = { + "${horizon_vip}:80" => [], + "${public_virtual_ip}:80" => [], + } + } + + $ironic_api_vip = hiera('ironic_api_vip', $controller_virtual_ip) + if $ironic_bind_certificate { + $ironic_bind_opts = { + "${ironic_api_vip}:6385" => [], + "${public_virtual_ip}:13385" => ['ssl', 'crt', $ironic_bind_certificate], + } + } else { + $ironic_bind_opts = { + "${ironic_api_vip}:6385" => [], + "${public_virtual_ip}:6385" => [], + } } sysctl::value { 'net.ipv4.ip_nonlocal_bind': value => '1' } class { '::haproxy': + service_manage => $haproxy_service_manage, global_options => { 'log' => '/dev/log local0', 'pidfile' => '/var/run/haproxy.pid', 'user' => 'haproxy', 'group' => 'haproxy', 'daemon' => '', - 'maxconn' => '4000', + 'maxconn' => $haproxy_global_maxconn, }, defaults_options => { 'mode' => 'tcp', 'log' => 'global', 'retries' => '3', - 'maxconn' => '150', 'option' => [ 'tcpka', 'tcplog' ], 'timeout' => [ 'http-request 10s', 'queue 1m', 'connect 10s', 'client 1m', 'server 1m', 'check 10s' ], }, @@ -265,8 +620,7 @@ class tripleo::loadbalancer ( if $keystone_admin { haproxy::listen { 'keystone_admin': - ipaddress => [$controller_virtual_ip, $public_virtual_ip], - ports => 35357, + bind => $keystone_admin_bind_opts, options => { 'option' => [ 'httpchk GET /' ], }, @@ -275,7 +629,7 @@ class tripleo::loadbalancer ( haproxy::balancermember { 'keystone_admin': listening_service => 'keystone_admin', ports => '35357', - ipaddresses => $controller_hosts_real, + ipaddresses => hiera('keystone_admin_api_node_ips',$controller_hosts_real), server_names => $controller_hosts_names_real, options => ['check', 'inter 2000', 'rise 2', 'fall 5'], } @@ -283,8 +637,7 @@ class tripleo::loadbalancer ( if $keystone_public { haproxy::listen { 'keystone_public': - ipaddress => [$controller_virtual_ip, $public_virtual_ip], - ports => 5000, + bind => $keystone_public_bind_opts, options => { 'option' => [ 'httpchk GET /' ], }, @@ -293,7 +646,7 @@ class tripleo::loadbalancer ( haproxy::balancermember { 'keystone_public': listening_service => 'keystone_public', ports => '5000', - ipaddresses => $controller_hosts_real, + ipaddresses => hiera('keystone_public_api_node_ips', $controller_hosts_real), server_names => $controller_hosts_names_real, options => ['check', 'inter 2000', 'rise 2', 'fall 5'], } @@ -301,8 +654,7 @@ class tripleo::loadbalancer ( if $neutron { haproxy::listen { 'neutron': - ipaddress => [$controller_virtual_ip, $public_virtual_ip], - ports => 9696, + bind => $neutron_bind_opts, options => { 'option' => [ 'httpchk GET /' ], }, @@ -311,7 +663,7 @@ class tripleo::loadbalancer ( haproxy::balancermember { 'neutron': listening_service => 'neutron', ports => '9696', - ipaddresses => $controller_hosts_real, + ipaddresses => hiera('neutron_api_node_ips', $controller_hosts_real), server_names => $controller_hosts_names_real, options => ['check', 'inter 2000', 'rise 2', 'fall 5'], } @@ -319,8 +671,7 @@ class tripleo::loadbalancer ( if $cinder { haproxy::listen { 'cinder': - ipaddress => [$controller_virtual_ip, $public_virtual_ip], - ports => 8776, + bind => $cinder_bind_opts, options => { 'option' => [ 'httpchk GET /' ], }, @@ -329,7 +680,7 @@ class tripleo::loadbalancer ( haproxy::balancermember { 'cinder': listening_service => 'cinder', ports => '8776', - ipaddresses => $controller_hosts_real, + ipaddresses => hiera('cinder_api_node_ips', $controller_hosts_real), server_names => $controller_hosts_names_real, options => ['check', 'inter 2000', 'rise 2', 'fall 5'], } @@ -337,8 +688,7 @@ class tripleo::loadbalancer ( if $glance_api { haproxy::listen { 'glance_api': - ipaddress => [$controller_virtual_ip, $public_virtual_ip], - ports => 9292, + bind => $glance_bind_opts, options => { 'option' => [ 'httpchk GET /' ], }, @@ -347,7 +697,7 @@ class tripleo::loadbalancer ( haproxy::balancermember { 'glance_api': listening_service => 'glance_api', ports => '9292', - ipaddresses => $controller_hosts_real, + ipaddresses => hiera('glance_api_node_ips', $controller_hosts_real), server_names => $controller_hosts_names_real, options => ['check', 'inter 2000', 'rise 2', 'fall 5'], } @@ -355,17 +705,17 @@ class tripleo::loadbalancer ( if $glance_registry { haproxy::listen { 'glance_registry': - ipaddress => [$controller_virtual_ip, $public_virtual_ip], + ipaddress => hiera('glance_registry_vip', $controller_virtual_ip), ports => 9191, options => { - 'option' => [ 'httpchk GET /' ], + 'mode' => 'tcp', }, collect_exported => false, } haproxy::balancermember { 'glance_registry': listening_service => 'glance_registry', ports => '9191', - ipaddresses => $controller_hosts_real, + ipaddresses => hiera('glance_registry_node_ips', $controller_hosts_real), server_names => $controller_hosts_names_real, options => ['check', 'inter 2000', 'rise 2', 'fall 5'], } @@ -373,8 +723,7 @@ class tripleo::loadbalancer ( if $nova_ec2 { haproxy::listen { 'nova_ec2': - ipaddress => [$controller_virtual_ip, $public_virtual_ip], - ports => 8773, + bind => $nova_ec2_bind_opts, options => { 'option' => [ 'httpchk GET /' ], }, @@ -383,7 +732,7 @@ class tripleo::loadbalancer ( haproxy::balancermember { 'nova_ec2': listening_service => 'nova_ec2', ports => '8773', - ipaddresses => $controller_hosts_real, + ipaddresses => hiera('nova_api_node_ips', $controller_hosts_real), server_names => $controller_hosts_names_real, options => ['check', 'inter 2000', 'rise 2', 'fall 5'], } @@ -391,8 +740,7 @@ class tripleo::loadbalancer ( if $nova_osapi { haproxy::listen { 'nova_osapi': - ipaddress => [$controller_virtual_ip, $public_virtual_ip], - ports => 8774, + bind => $nova_osapi_bind_opts, options => { 'option' => [ 'httpchk GET /' ], }, @@ -401,7 +749,7 @@ class tripleo::loadbalancer ( haproxy::balancermember { 'nova_osapi': listening_service => 'nova_osapi', ports => '8774', - ipaddresses => $controller_hosts_real, + ipaddresses => hiera('nova_api_node_ips', $controller_hosts_real), server_names => $controller_hosts_names_real, options => ['check', 'inter 2000', 'rise 2', 'fall 5'], } @@ -409,7 +757,7 @@ class tripleo::loadbalancer ( if $nova_metadata { haproxy::listen { 'nova_metadata': - ipaddress => [$controller_virtual_ip, $public_virtual_ip], + ipaddress => hiera('nova_metadata_vip', $controller_virtual_ip), ports => 8775, options => { 'option' => [ 'httpchk GET /' ], @@ -419,7 +767,7 @@ class tripleo::loadbalancer ( haproxy::balancermember { 'nova_metadata': listening_service => 'nova_metadata', ports => '8775', - ipaddresses => $controller_hosts_real, + ipaddresses => hiera('nova_metadata_node_ips', $controller_hosts_real), server_names => $controller_hosts_names_real, options => ['check', 'inter 2000', 'rise 2', 'fall 5'], } @@ -427,8 +775,7 @@ class tripleo::loadbalancer ( if $nova_novncproxy { haproxy::listen { 'nova_novncproxy': - ipaddress => [$controller_virtual_ip, $public_virtual_ip], - ports => 6080, + bind => $nova_novnc_bind_opts, options => { 'option' => [ 'httpchk GET /' ], }, @@ -437,7 +784,7 @@ class tripleo::loadbalancer ( haproxy::balancermember { 'nova_novncproxy': listening_service => 'nova_novncproxy', ports => '6080', - ipaddresses => $controller_hosts_real, + ipaddresses => hiera('nova_api_node_ips', $controller_hosts_real), server_names => $controller_hosts_names_real, options => ['check', 'inter 2000', 'rise 2', 'fall 5'], } @@ -445,14 +792,13 @@ class tripleo::loadbalancer ( if $ceilometer { haproxy::listen { 'ceilometer': - ipaddress => [$controller_virtual_ip, $public_virtual_ip], - ports => 8777, + bind => $ceilometer_bind_opts, collect_exported => false, } haproxy::balancermember { 'ceilometer': listening_service => 'ceilometer', ports => '8777', - ipaddresses => $controller_hosts_real, + ipaddresses => hiera('ceilometer_api_node_ips', $controller_hosts_real), server_names => $controller_hosts_names_real, options => [], } @@ -460,8 +806,7 @@ class tripleo::loadbalancer ( if $swift_proxy_server { haproxy::listen { 'swift_proxy_server': - ipaddress => [$controller_virtual_ip, $public_virtual_ip], - ports => 8080, + bind => $swift_bind_opts, options => { 'option' => [ 'httpchk GET /info' ], }, @@ -470,7 +815,7 @@ class tripleo::loadbalancer ( haproxy::balancermember { 'swift_proxy_server': listening_service => 'swift_proxy_server', ports => '8080', - ipaddresses => $controller_hosts_real, + ipaddresses => hiera('swift_proxy_node_ips', $controller_hosts_real), server_names => $controller_hosts_names_real, options => ['check', 'inter 2000', 'rise 2', 'fall 5'], } @@ -478,8 +823,7 @@ class tripleo::loadbalancer ( if $heat_api { haproxy::listen { 'heat_api': - ipaddress => [$controller_virtual_ip, $public_virtual_ip], - ports => 8004, + bind => $heat_bind_opts, options => { 'option' => [ 'httpchk GET /' ], }, @@ -488,7 +832,7 @@ class tripleo::loadbalancer ( haproxy::balancermember { 'heat_api': listening_service => 'heat_api', ports => '8004', - ipaddresses => $controller_hosts_real, + ipaddresses => hiera('heat_api_node_ips', $controller_hosts_real), server_names => $controller_hosts_names_real, options => ['check', 'inter 2000', 'rise 2', 'fall 5'], } @@ -496,8 +840,7 @@ class tripleo::loadbalancer ( if $heat_cloudwatch { haproxy::listen { 'heat_cloudwatch': - ipaddress => [$controller_virtual_ip, $public_virtual_ip], - ports => 8003, + bind => $heat_cw_bind_opts, options => { 'option' => [ 'httpchk GET /' ], }, @@ -506,7 +849,7 @@ class tripleo::loadbalancer ( haproxy::balancermember { 'heat_cloudwatch': listening_service => 'heat_cloudwatch', ports => '8003', - ipaddresses => $controller_hosts_real, + ipaddresses => hiera('heat_api_node_ips', $controller_hosts_real), server_names => $controller_hosts_names_real, options => ['check', 'inter 2000', 'rise 2', 'fall 5'], } @@ -514,8 +857,7 @@ class tripleo::loadbalancer ( if $heat_cfn { haproxy::listen { 'heat_cfn': - ipaddress => [$controller_virtual_ip, $public_virtual_ip], - ports => 8000, + bind => $heat_cfn_bind_opts, options => { 'option' => [ 'httpchk GET /' ], }, @@ -524,7 +866,7 @@ class tripleo::loadbalancer ( haproxy::balancermember { 'heat_cfn': listening_service => 'heat_cfn', ports => '8000', - ipaddresses => $controller_hosts_real, + ipaddresses => hiera('heat_api_node_ips', $controller_hosts_real), server_names => $controller_hosts_names_real, options => ['check', 'inter 2000', 'rise 2', 'fall 5'], } @@ -532,8 +874,7 @@ class tripleo::loadbalancer ( if $horizon { haproxy::listen { 'horizon': - ipaddress => [$controller_virtual_ip, $public_virtual_ip], - ports => 80, + bind => $horizon_bind_opts, options => { 'option' => [ 'httpchk GET /' ], }, @@ -542,44 +883,60 @@ class tripleo::loadbalancer ( haproxy::balancermember { 'horizon': listening_service => 'horizon', ports => '80', - ipaddresses => $controller_hosts_real, + ipaddresses => hiera('horizon_node_ips', $controller_hosts_real), server_names => $controller_hosts_names_real, options => ['check', 'inter 2000', 'rise 2', 'fall 5'], } } + if $mysql_clustercheck { + $mysql_listen_options = { + 'option' => [ 'httpchk' ], + 'timeout' => [ 'client 0', 'server 0' ], + 'stick-table' => 'type ip size 1000', + 'stick' => 'on dst', + } + $mysql_member_options = ['check', 'inter 2000', 'rise 2', 'fall 5', 'backup', 'port 9200', 'on-marked-down shutdown-sessions'] + } else { + $mysql_listen_options = { + 'timeout' => [ 'client 0', 'server 0' ], + } + $mysql_member_options = ['check', 'inter 2000', 'rise 2', 'fall 5', 'backup'] + } + + if $ironic { + haproxy::listen { 'ironic': + bind => $ironic_bind_opts, + collect_exported => false, + } + haproxy::balancermember { 'ironic': + listening_service => 'ironic', + ports => '6385', + ipaddresses => hiera('ironic_api_node_ips', $controller_hosts_real), + server_names => $controller_hosts_names_real, + options => [], + } + } + if $mysql { haproxy::listen { 'mysql': - ipaddress => [$controller_virtual_ip], + ipaddress => [hiera('mysql_vip', $controller_virtual_ip)], ports => 3306, - options => { - 'timeout' => [ 'client 0', 'server 0' ], - }, + options => $mysql_listen_options, collect_exported => false, } - - haproxy::balancermember { 'mysql': - listening_service => 'mysql', - ports => '3306', - ipaddresses => $galera_master_ip, - server_names => $galera_master_hostname, - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - - $controller_hosts_without_galera_master = delete($controller_hosts_real, $galera_master_ip) - $controller_hosts_names_without_galera_master = delete($controller_hosts_names_real, downcase($galera_master_hostname)) haproxy::balancermember { 'mysql-backup': listening_service => 'mysql', ports => '3306', - ipaddresses => $controller_hosts_without_galera_master, - server_names => $controller_hosts_names_without_galera_master, - options => ['check', 'inter 2000', 'rise 2', 'fall 5', 'backup'], + ipaddresses => hiera('mysql_node_ips', $controller_hosts_real), + server_names => $controller_hosts_names_real, + options => $mysql_member_options, } } if $rabbitmq { haproxy::listen { 'rabbitmq': - ipaddress => [$controller_virtual_ip], + ipaddress => [hiera('rabbitmq_vip', $controller_virtual_ip)], ports => 5672, options => { 'timeout' => [ 'client 0', 'server 0' ], @@ -589,7 +946,7 @@ class tripleo::loadbalancer ( haproxy::balancermember { 'rabbitmq': listening_service => 'rabbitmq', ports => '5672', - ipaddresses => $controller_hosts_real, + ipaddresses => hiera('rabbitmq_network', $controller_hosts_real), server_names => $controller_hosts_names_real, options => ['check', 'inter 2000', 'rise 2', 'fall 5'], } @@ -597,7 +954,7 @@ class tripleo::loadbalancer ( if $redis { haproxy::listen { 'redis': - ipaddress => [$controller_virtual_ip], + ipaddress => [hiera('redis_vip', $controller_virtual_ip)], ports => 6379, options => { 'timeout' => [ 'client 0', 'server 0' ], @@ -611,7 +968,7 @@ class tripleo::loadbalancer ( haproxy::balancermember { 'redis': listening_service => 'redis', ports => '6379', - ipaddresses => $controller_hosts_real, + ipaddresses => hiera('redis_node_ips', $controller_hosts_real), server_names => $controller_hosts_names_real, options => ['check', 'inter 2000', 'rise 2', 'fall 5'], } |