summaryrefslogtreecommitdiffstats
path: root/manifests/haproxy.pp
diff options
context:
space:
mode:
Diffstat (limited to 'manifests/haproxy.pp')
-rw-r--r--manifests/haproxy.pp214
1 files changed, 162 insertions, 52 deletions
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp
index e3e48ce..a79bf14 100644
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@@ -111,91 +111,99 @@
#
# [*keystone_admin*]
# (optional) Enable or not Keystone Admin API binding
-# Defaults to false
+# Defaults to hiera('keystone_enabled', false)
#
# [*keystone_public*]
# (optional) Enable or not Keystone Public API binding
-# Defaults to false
+# Defaults to hiera('keystone_enabled', false)
#
# [*neutron*]
# (optional) Enable or not Neutron API binding
-# Defaults to false
+# Defaults to hiera('neutron_api_enabled', false)
#
# [*cinder*]
# (optional) Enable or not Cinder API binding
-# Defaults to false
+# Defaults to hiera('cinder_api_enabled', false)
#
# [*manila*]
# (optional) Enable or not Manila API binding
-# Defaults to false
+# Defaults to hiera('manila_api_enabled', false)
#
# [*sahara*]
# (optional) Enable or not Sahara API binding
-# defaults to false
+# defaults to hiera('sahara_api_enabled', false)
#
# [*trove*]
# (optional) Enable or not Trove API binding
-# defaults to false
+# defaults to hiera('trove_api_enabled', false)
#
# [*glance_api*]
# (optional) Enable or not Glance API binding
-# Defaults to false
+# Defaults to hiera('glance_api_enabled', false)
#
# [*glance_registry*]
# (optional) Enable or not Glance registry binding
-# Defaults to false
+# Defaults to hiera('glance_registry_enabled', false)
#
# [*nova_osapi*]
# (optional) Enable or not Nova API binding
-# Defaults to false
+# Defaults to hiera('nova_api_enabled', false)
#
# [*nova_metadata*]
# (optional) Enable or not Nova metadata binding
-# Defaults to false
+# Defaults to hiera('nova_api_enabled', false)
#
# [*nova_novncproxy*]
# (optional) Enable or not Nova novncproxy binding
-# Defaults to false
+# Defaults to hiera('nova_vncproxy_enabled', false)
#
# [*ceilometer*]
# (optional) Enable or not Ceilometer API binding
-# Defaults to false
+# Defaults to hiera('ceilometer_api_enabled', false)
#
# [*aodh*]
# (optional) Enable or not Aodh API binding
-# Defaults to false
+# Defaults to hiera('aodh_api_enabled', false)
#
# [*gnocchi*]
# (optional) Enable or not Gnocchi API binding
-# Defaults to false
+# Defaults to hiera('gnocchi_api_enabled', false)
+#
+# [*mistral*]
+# (optional) Enable or not Mistral API binding
+# Defaults to hiera('mistral_api_enabled', false)
#
# [*swift_proxy_server*]
# (optional) Enable or not Swift API binding
-# Defaults to false
+# Defaults to hiera('swift_proxy_enabled', false)
#
# [*heat_api*]
# (optional) Enable or not Heat API binding
-# Defaults to false
+# Defaults to hiera('heat_api_enabled', false)
#
# [*heat_cloudwatch*]
# (optional) Enable or not Heat Cloudwatch API binding
-# Defaults to false
+# Defaults to hiera('heat_api_cloudwatch_enabled', false)
#
# [*heat_cfn*]
# (optional) Enable or not Heat CFN API binding
-# Defaults to false
+# Defaults to hiera('heat_api_cfn_enabled', false)
#
# [*horizon*]
# (optional) Enable or not Horizon dashboard binding
-# Defaults to false
+# Defaults to hiera('horizon_enabled', false)
#
# [*ironic*]
# (optional) Enable or not Ironic API binding
-# Defaults to false
+# Defaults to hiera('ironic_enabled', false)
+#
+# [*ironic_inspector*]
+# (optional) Enable or not Ironic Inspector API binding
+# Defaults to hiera('ironic_inspector_enabled', false)
#
# [*mysql*]
# (optional) Enable or not MySQL Galera binding
-# Defaults to false
+# Defaults to hiera('mysql_enabled', false)
#
# [*mysql_clustercheck*]
# (optional) Enable check via clustercheck for mysql
@@ -207,7 +215,7 @@
#
# [*redis*]
# (optional) Enable or not Redis binding
-# Defaults to false
+# Defaults to hiera('redis_enabled', false)
#
# [*redis_password*]
# (optional) Password for Redis authentication, eventually needed by the
@@ -218,6 +226,14 @@
# (optional) Enable or not MidoNet API binding
# Defaults to false
#
+# [*zaqar_api*]
+# (optional) Enable or not Zaqar Api binding
+# Defaults to hiera('zaqar_api_enabled', false)
+#
+# [*opendaylight*]
+# (optional) Enable or not OpenDaylight binding
+# Defaults to hiera('opendaylight_api_enabled', false)
+#
# [*service_ports*]
# (optional) Hash that contains the values to override from the service ports
# The available keys to modify the services' ports are:
@@ -232,6 +248,8 @@
# 'glance_registry_port' (Defaults to 9191)
# 'gnocchi_api_port' (Defaults to 8041)
# 'gnocchi_api_ssl_port' (Defaults to 13041)
+# 'mistral_api_port' (Defaults to 8989)
+# 'mistral_api_ssl_port' (Defaults to 13989)
# 'heat_api_port' (Defaults to 8004)
# 'heat_api_ssl_port' (Defaults to 13004)
# 'heat_cfn_port' (Defaults to 8000)
@@ -240,6 +258,8 @@
# 'heat_cw_ssl_port' (Defaults to 13003)
# 'ironic_api_port' (Defaults to 6385)
# 'ironic_api_ssl_port' (Defaults to 13385)
+# 'ironic_inspector_port' (Defaults to 5050)
+# 'ironic_inspector_ssl_port' (Defaults to 13050)
# 'keystone_admin_api_port' (Defaults to 35357)
# 'keystone_admin_api_ssl_port' (Defaults to 13357)
# 'keystone_public_api_port' (Defaults to 5000)
@@ -259,6 +279,8 @@
# 'swift_proxy_ssl_port' (Defaults to 13808)
# 'trove_api_port' (Defaults to 8779)
# 'trove_api_ssl_port' (Defaults to 13779)
+# 'zaqar_api_port' (Defaults to 8888)
+# 'zaqar_api_ssl_port' (Defaults to 13888)
# Defaults to {}
#
class tripleo::haproxy (
@@ -281,33 +303,37 @@ class tripleo::haproxy (
$ssl_cipher_suite = '!SSLv2:kEECDH:kRSA:kEDH:kPSK:+3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES',
$ssl_options = 'no-sslv3',
$haproxy_stats_certificate = undef,
- $keystone_admin = false,
- $keystone_public = false,
- $neutron = false,
- $cinder = false,
- $sahara = false,
- $trove = false,
- $manila = false,
- $glance_api = false,
- $glance_registry = false,
- $nova_osapi = false,
- $nova_metadata = false,
- $nova_novncproxy = false,
- $ceilometer = false,
- $aodh = false,
- $gnocchi = false,
- $swift_proxy_server = false,
- $heat_api = false,
- $heat_cloudwatch = false,
- $heat_cfn = false,
- $horizon = false,
- $ironic = false,
- $mysql = false,
+ $keystone_admin = hiera('keystone_enabled', false),
+ $keystone_public = hiera('keystone_enabled', false),
+ $neutron = hiera('neutron_api_enabled', false),
+ $cinder = hiera('cinder_api_enabled', false),
+ $manila = hiera('manila_api_enabled', false),
+ $sahara = hiera('sahara_api_enabled', false),
+ $trove = hiera('trove_api_enabled', false),
+ $glance_api = hiera('glance_api_enabled', false),
+ $glance_registry = hiera('glance_registry_enabled', false),
+ $nova_osapi = hiera('nova_api_enabled', false),
+ $nova_metadata = hiera('nova_api_enabled', false),
+ $nova_novncproxy = hiera('nova_vncproxy_enabled', false),
+ $ceilometer = hiera('ceilometer_api_enabled', false),
+ $aodh = hiera('aodh_api_enabled', false),
+ $gnocchi = hiera('gnocchi_api_enabled', false),
+ $mistral = hiera('mistral_api_enabled', false),
+ $swift_proxy_server = hiera('swift_proxy_enabled', false),
+ $heat_api = hiera('heat_api_enabled', false),
+ $heat_cloudwatch = hiera('heat_api_cloudwatch_enabled', false),
+ $heat_cfn = hiera('heat_api_cfn_enabled', false),
+ $horizon = hiera('horizon_enabled', false),
+ $ironic = hiera('ironic_api_enabled', false),
+ $ironic_inspector = hiera('ironic_inspector_enabled', false),
+ $mysql = hiera('mysql_enabled', false),
$mysql_clustercheck = false,
$rabbitmq = false,
- $redis = false,
+ $redis = hiera('redis_enabled', false),
$redis_password = undef,
$midonet_api = false,
+ $zaqar_api = hiera('zaqar_api_enabled', false),
+ $opendaylight = hiera('opendaylight_api_enabled', false),
$service_ports = {}
) {
$default_service_ports = {
@@ -322,6 +348,8 @@ class tripleo::haproxy (
glance_registry_port => 9191,
gnocchi_api_port => 8041,
gnocchi_api_ssl_port => 13041,
+ mistral_api_port => 8989,
+ mistral_api_ssl_port => 13989,
heat_api_port => 8004,
heat_api_ssl_port => 13004,
heat_cfn_port => 8000,
@@ -330,6 +358,8 @@ class tripleo::haproxy (
heat_cw_ssl_port => 13003,
ironic_api_port => 6385,
ironic_api_ssl_port => 13385,
+ ironic_inspector_port => 5050,
+ ironic_inspector_ssl_port => 13050,
keystone_admin_api_port => 35357,
keystone_admin_api_ssl_port => 13357,
keystone_public_api_port => 5000,
@@ -349,6 +379,8 @@ class tripleo::haproxy (
swift_proxy_ssl_port => 13808,
trove_api_port => 8779,
trove_api_ssl_port => 13779,
+ zaqar_api_port => 8888,
+ zaqar_api_ssl_port => 13888,
}
$ports = merge($default_service_ports, $service_ports)
@@ -490,6 +522,21 @@ class tripleo::haproxy (
}
if $keystone_public {
+ $keystone_listen_opts = {
+ 'http-request' => [
+ 'set-header X-Forwarded-Proto https if { ssl_fc }',
+ 'set-header X-Forwarded-Proto http if !{ ssl_fc }'],
+ }
+ if $service_certificate {
+ $keystone_public_tls_listen_opts = {
+ 'rsprep' => '^Location:\ http://(.*) Location:\ https://\1',
+ # NOTE(jaosorior): We always redirect to https for the public_virtual_ip.
+ 'redirect' => "scheme https code 301 if { hdr(host) -i ${public_virtual_ip} } !{ ssl_fc }",
+ 'option' => 'forwardfor',
+ }
+ } else {
+ $keystone_public_tls_listen_opts = {}
+ }
::tripleo::haproxy::endpoint { 'keystone_public':
public_virtual_ip => $public_virtual_ip,
internal_ip => hiera('keystone_public_api_vip', $controller_virtual_ip),
@@ -497,11 +544,7 @@ class tripleo::haproxy (
ip_addresses => hiera('keystone_public_api_node_ips', $controller_hosts_real),
server_names => $controller_hosts_names_real,
mode => 'http',
- listen_options => {
- 'http-request' => [
- 'set-header X-Forwarded-Proto https if { ssl_fc }',
- 'set-header X-Forwarded-Proto http if !{ ssl_fc }'],
- },
+ listen_options => merge($keystone_listen_opts, $keystone_public_tls_listen_opts),
public_ssl_port => $ports[keystone_public_api_ssl_port],
}
}
@@ -575,6 +618,12 @@ class tripleo::haproxy (
ip_addresses => hiera('glance_api_node_ips', $controller_hosts_real),
server_names => $controller_hosts_names_real,
public_ssl_port => $ports[glance_api_ssl_port],
+ mode => 'http',
+ listen_options => {
+ 'http-request' => [
+ 'set-header X-Forwarded-Proto https if { ssl_fc }',
+ 'set-header X-Forwarded-Proto http if !{ ssl_fc }'],
+ },
}
}
@@ -662,6 +711,17 @@ class tripleo::haproxy (
}
}
+ if $mistral {
+ ::tripleo::haproxy::endpoint { 'mistral':
+ public_virtual_ip => $public_virtual_ip,
+ internal_ip => hiera('mistral_api_vip', $controller_virtual_ip),
+ service_port => $ports[mistral_api_port],
+ ip_addresses => hiera('mistral_api_node_ips', $controller_hosts_real),
+ server_names => $controller_hosts_names_real,
+ public_ssl_port => $ports[mistral_api_ssl_port],
+ }
+ }
+
if $swift_proxy_server {
::tripleo::haproxy::endpoint { 'swift_proxy_server':
public_virtual_ip => $public_virtual_ip,
@@ -754,6 +814,17 @@ class tripleo::haproxy (
}
}
+ if $ironic_inspector {
+ ::tripleo::haproxy::endpoint { 'ironic-inspector':
+ public_virtual_ip => $public_virtual_ip,
+ internal_ip => hiera('ironic_inspector_vip', $controller_virtual_ip),
+ service_port => $ports[ironic_inspector_port],
+ ip_addresses => hiera('ironic_inspector_node_ips', $controller_hosts_real),
+ server_names => $controller_hosts_names_real,
+ public_ssl_port => $ports[ironic_inspector_ssl_port],
+ }
+ }
+
if $mysql_clustercheck {
$mysql_listen_options = {
'option' => [ 'tcpka', 'httpchk' ],
@@ -815,7 +886,12 @@ class tripleo::haproxy (
options => {
'balance' => 'first',
'option' => ['tcp-check',],
- 'tcp-check' => union($redis_tcp_check_options, ['send PING\r\n','expect string +PONG','send info\ replication\r\n','expect string role:master','send QUIT\r\n','expect string +OK']),
+ 'tcp-check' => union($redis_tcp_check_options, ['send PING\r\n',
+ 'expect string +PONG',
+ 'send info\ replication\r\n',
+ 'expect string role:master',
+ 'send QUIT\r\n',
+ 'expect string +OK']),
},
collect_exported => false,
}
@@ -847,4 +923,38 @@ class tripleo::haproxy (
options => $haproxy_member_options,
}
}
+ if $zaqar_api {
+ ::tripleo::haproxy::endpoint { 'zaqar_api':
+ public_virtual_ip => $public_virtual_ip,
+ internal_ip => hiera('zaqar_api_vip', $controller_virtual_ip),
+ service_port => $ports[zaqar_api_port],
+ ip_addresses => hiera('zaqar_api_node_ips', $controller_hosts_real),
+ server_names => $controller_hosts_names_real,
+ mode => 'http',
+ public_ssl_port => $ports[zaqar_api_ssl_port],
+ }
+ }
+
+ $opendaylight_api_vip = hiera('opendaylight_api_vip', $controller_virtual_ip)
+ $opendaylight_bind_opts = {
+ "${opendaylight_api_vip}:8081" => [],
+ "${public_virtual_ip}:8081" => [],
+ }
+
+ if $opendaylight {
+ haproxy::listen { 'opendaylight':
+ bind => $opendaylight_bind_opts,
+ options => {
+ 'balance' => 'source',
+ },
+ collect_exported => false,
+ }
+ haproxy::balancermember { 'opendaylight':
+ listening_service => 'opendaylight',
+ ports => '8081',
+ ipaddresses => hiera('opendaylight_api_node_ips', $controller_hosts_real),
+ server_names => $controller_hosts_names_real,
+ options => ['check', 'inter 2000', 'rise 2', 'fall 5'],
+ }
+ }
}