diff options
Diffstat (limited to 'manifests/haproxy.pp')
| -rw-r--r-- | manifests/haproxy.pp | 376 |
1 files changed, 332 insertions, 44 deletions
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index a4ab0cc..13d4ba5 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -64,6 +64,26 @@ # Can be a string or an array. # Defaults to undef # +# [*contrail_config_hosts*] +# (optional) Specify the contrail config hosts ips. +# Defaults to hiera('contrail_config_node_ips') +# +# [*contrail_config_hosts_names*] +# (optional) Specify the contrail config hosts. +# Defaults to hiera('contrail_config_node_ips') +# +# [*contrail_config*] +# (optional) Switch to check that contrail config is enabled. +# Defaults to hiera('contrail_config_enabled') +# +# [*contrail_webui*] +# (optional) Switch to check that contrail config is enabled. +# Defaults to hiera('contrail_webui_enabled') +# +# [*contrail_analytics*] +# (optional) Switch to check that contrail config is enabled. +# Defaults to hiera('contrail_analytics_enabled') +# # [*public_virtual_ip*] # Public IP or group of IPs to bind the pools # Can be a string or an array. @@ -143,6 +163,10 @@ # (optional) Enable or not Cinder API binding # Defaults to hiera('cinder_api_enabled', false) # +# [*congress*] +# (optional) Enable or not Congress API binding +# Defaults to hiera('congress_enabled', false) +# # [*manila*] # (optional) Enable or not Manila API binding # Defaults to hiera('manila_api_enabled', false) @@ -151,6 +175,10 @@ # (optional) Enable or not Sahara API binding # defaults to hiera('sahara_api_enabled', false) # +# [*tacker*] +# (optional) Enable or not Tacker API binding +# Defaults to hiera('tacker_enabled', false) +# # [*trove*] # (optional) Enable or not Trove API binding # defaults to hiera('trove_api_enabled', false) @@ -159,14 +187,14 @@ # (optional) Enable or not Glance API binding # Defaults to hiera('glance_api_enabled', false) # -# [*glance_registry*] -# (optional) Enable or not Glance registry binding -# Defaults to hiera('glance_registry_enabled', false) -# # [*nova_osapi*] # (optional) Enable or not Nova API binding # Defaults to hiera('nova_api_enabled', false) # +# [*nova_placement*] +# (optional) Enable or not Nova Placement API binding +# Defaults to hiera('nova_placement_enabled', false) +# # [*nova_metadata*] # (optional) Enable or not Nova metadata binding # Defaults to hiera('nova_api_enabled', false) @@ -175,6 +203,14 @@ # (optional) Enable or not Nova novncproxy binding # Defaults to hiera('nova_vnc_proxy_enabled', false) # +# [*ec2_api*] +# (optional) Enable or not EC2 API binding +# Defaults to hiera('ec2_api_enabled', false) +# +# [*ec2_api_metadata*] +# (optional) Enable or not EC2 API metadata binding +# Defaults to hiera('ec2_api_enabled', false) +# # [*ceilometer*] # (optional) Enable or not Ceilometer API binding # Defaults to hiera('ceilometer_api_enabled', false) @@ -247,6 +283,10 @@ # (optional) Enable or not RabbitMQ binding # Defaults to false # +# [*etcd*] +# (optional) Enable or not Etcd binding +# Defaults to hiera('etcd_enabled', false) +# # [*docker_registry*] # (optional) Enable or not the Docker Registry API binding # Defaults to hiera('enable_docker_registry', false) @@ -276,6 +316,10 @@ # (optional) Enable or not OpenDaylight binding # Defaults to hiera('opendaylight_api_enabled', false) # +# [*ovn_dbs*] +# (optional) Enable or not OVN northd binding +# Defaults to hiera('ovn_dbs_enabled', false) +# # [*zaqar_ws*] # (optional) Enable or not Zaqar Websockets binding # Defaults to false @@ -304,6 +348,10 @@ # (optional) Specify the network cinder is running on. # Defaults to hiera('cinder_api_network', undef) # +# [*congress_network*] +# (optional) Specify the network congress is running on. +# Defaults to hiera('congress_api_network', undef) +# # [*docker_registry_network*] # (optional) Specify the network docker-registry is running on. # Defaults to hiera('docker_registry_network', undef) @@ -312,10 +360,6 @@ # (optional) Specify the network glance_api is running on. # Defaults to hiera('glance_api_network', undef) # -# [*glance_registry_network*] -# (optional) Specify the network glance_registry is running on. -# Defaults to hiera('glance_registry_network', undef) -# # [*gnocchi_network*] # (optional) Specify the network gnocchi is running on. # Defaults to hiera('gnocchi_api_network', undef) @@ -372,6 +416,18 @@ # (optional) Specify the network nova_osapi is running on. # Defaults to hiera('nova_api_network', undef) # +# [*nova_placement_network*] +# (optional) Specify the network nova_placement is running on. +# Defaults to hiera('nova_placement_network', undef) +# +# [*ec2_api_network*] +# (optional) Specify the network ec2_api is running on. +# Defaults to hiera('ec2_api_network', undef) +# +# [*ec2_api_metadata_network*] +# (optional) Specify the network ec2_api_metadata is running on. +# Defaults to hiera('ec2_api_network', undef) +# # [*opendaylight_network*] # (optional) Specify the network opendaylight is running on. # Defaults to hiera('opendaylight_api_network', undef) @@ -380,6 +436,10 @@ # (optional) Specify the network panko is running on. # Defaults to hiera('panko_api_network', undef) # +# [*ovn_dbs_network*] +# (optional) Specify the network ovn_dbs is running on. +# Defaults to hiera('ovn_dbs_network', undef) +# # [*sahara_network*] # (optional) Specify the network sahara is running on. # Defaults to hiera('sahara_api_network', undef) @@ -388,6 +448,10 @@ # (optional) Specify the network swift_proxy_server is running on. # Defaults to hiera('swift_proxy_network', undef) # +# [*tacker_network*] +# (optional) Specify the network tacker is running on. +# Defaults to hiera('tacker_api_network', undef) +# # [*trove_network*] # (optional) Specify the network trove is running on. # Defaults to hiera('trove_api_network', undef) @@ -411,7 +475,6 @@ # 'docker_registry_ssl_port' (Defaults to 13787) # 'glance_api_port' (Defaults to 9292) # 'glance_api_ssl_port' (Defaults to 13292) -# 'glance_registry_port' (Defaults to 9191) # 'gnocchi_api_port' (Defaults to 8041) # 'gnocchi_api_ssl_port' (Defaults to 13041) # 'mistral_api_port' (Defaults to 8989) @@ -436,11 +499,16 @@ # 'neutron_api_ssl_port' (Defaults to 13696) # 'nova_api_port' (Defaults to 8774) # 'nova_api_ssl_port' (Defaults to 13774) +# 'nova_placement_port' (Defaults to 8778) +# 'nova_placement_ssl_port' (Defaults to 13778) # 'nova_metadata_port' (Defaults to 8775) # 'nova_novnc_port' (Defaults to 6080) # 'nova_novnc_ssl_port' (Defaults to 13080) +# 'opendaylight_api_port' (Defaults to 8081) # 'panko_api_port' (Defaults to 8779) # 'panko_api_ssl_port' (Defaults to 13779) +# 'ovn_nbdb_port' (Defaults to 6641) +# 'ovn_sbdb_port' (Defaults to 6642) # 'sahara_api_port' (Defaults to 8386) # 'sahara_api_ssl_port' (Defaults to 13386) # 'swift_proxy_port' (Defaults to 8080) @@ -471,6 +539,11 @@ class tripleo::haproxy ( $haproxy_stats_password = undef, $controller_hosts = hiera('controller_node_ips'), $controller_hosts_names = hiera('controller_node_names', undef), + $contrail_config_hosts = hiera('contrail_config_node_ips', undef), + $contrail_config_hosts_names = hiera('contrail_config_node_names', undef), + $contrail_analytics = hiera('contrail_analytics_enabled', false), + $contrail_config = hiera('contrail_config_enabled', false), + $contrail_webui = hiera('contrail_webui_enabled', false), $service_certificate = undef, $use_internal_certificates = false, $internal_certificates_specs = {}, @@ -483,14 +556,18 @@ class tripleo::haproxy ( $keystone_public = hiera('keystone_enabled', false), $neutron = hiera('neutron_api_enabled', false), $cinder = hiera('cinder_api_enabled', false), + $congress = hiera('congress_enabled', false), $manila = hiera('manila_api_enabled', false), $sahara = hiera('sahara_api_enabled', false), + $tacker = hiera('tacker_enabled', false), $trove = hiera('trove_api_enabled', false), $glance_api = hiera('glance_api_enabled', false), - $glance_registry = hiera('glance_registry_enabled', false), $nova_osapi = hiera('nova_api_enabled', false), + $nova_placement = hiera('nova_placement_enabled', false), $nova_metadata = hiera('nova_api_enabled', false), $nova_novncproxy = hiera('nova_vnc_proxy_enabled', false), + $ec2_api = hiera('ec2_api_enabled', false), + $ec2_api_metadata = hiera('ec2_api_enabled', false), $ceilometer = hiera('ceilometer_api_enabled', false), $aodh = hiera('aodh_api_enabled', false), $panko = hiera('panko_api_enabled', false), @@ -508,6 +585,7 @@ class tripleo::haproxy ( $mysql_clustercheck = false, $mysql_member_options = undef, $rabbitmq = false, + $etcd = hiera('etcd_enabled', false), $docker_registry = hiera('enable_docker_registry', false), $redis = hiera('redis_enabled', false), $redis_password = undef, @@ -515,6 +593,7 @@ class tripleo::haproxy ( $zaqar_api = hiera('zaqar_api_enabled', false), $ceph_rgw = hiera('ceph_rgw_enabled', false), $opendaylight = hiera('opendaylight_api_enabled', false), + $ovn_dbs = hiera('ovn_dbs_enabled', false), $zaqar_ws = hiera('zaqar_api_enabled', false), $ui = hiera('enable_ui', false), $aodh_network = hiera('aodh_api_network', undef), @@ -522,9 +601,9 @@ class tripleo::haproxy ( $ceilometer_network = hiera('ceilometer_api_network', undef), $ceph_rgw_network = hiera('ceph_rgw_network', undef), $cinder_network = hiera('cinder_api_network', undef), + $congress_network = hiera('congress_api_network', undef), $docker_registry_network = hiera('docker_registry_network', undef), $glance_api_network = hiera('glance_api_network', undef), - $glance_registry_network = hiera('glance_registry_network', undef), $gnocchi_network = hiera('gnocchi_api_network', undef), $heat_api_network = hiera('heat_api_network', undef), $heat_cfn_network = hiera('heat_api_cfn_network', undef), @@ -539,9 +618,14 @@ class tripleo::haproxy ( $nova_metadata_network = hiera('nova_api_network', undef), $nova_novncproxy_network = hiera('nova_vnc_proxy_network', undef), $nova_osapi_network = hiera('nova_api_network', undef), + $nova_placement_network = hiera('nova_placement_network', undef), $panko_network = hiera('panko_api_network', undef), + $ovn_dbs_network = hiera('ovn_dbs_network', undef), + $ec2_api_network = hiera('ec2_api_network', undef), + $ec2_api_metadata_network = hiera('ec2_api_network', undef), $sahara_network = hiera('sahara_api_network', undef), $swift_proxy_server_network = hiera('swift_proxy_network', undef), + $tacker_network = hiera('tacker_api_network', undef), $trove_network = hiera('trove_api_network', undef), $zaqar_api_network = hiera('zaqar_api_network', undef), $service_ports = {} @@ -555,11 +639,20 @@ class tripleo::haproxy ( ceilometer_api_ssl_port => 13777, cinder_api_port => 8776, cinder_api_ssl_port => 13776, + congress_api_port => 1789, + congress_api_ssl_port => 13789, + contrail_config_port => 8082, + contrail_config_ssl_port => 18082, + contrail_discovery_port => 5998, + contrail_discovery_ssl_port => 15998, + contrail_analytics_port => 8090, + contrail_analytics_ssl_port => 18090, + contrail_webui_http_port => 8080, + contrail_webui_https_port => 8143, docker_registry_port => 8787, docker_registry_ssl_port => 13787, glance_api_port => 9292, glance_api_ssl_port => 13292, - glance_registry_port => 9191, gnocchi_api_port => 8041, gnocchi_api_ssl_port => 13041, mistral_api_port => 8989, @@ -580,19 +673,30 @@ class tripleo::haproxy ( keystone_public_api_ssl_port => 13000, manila_api_port => 8786, manila_api_ssl_port => 13786, + midonet_cluster_port => 8181, neutron_api_port => 9696, neutron_api_ssl_port => 13696, nova_api_port => 8774, nova_api_ssl_port => 13774, + nova_placement_port => 8778, + nova_placement_ssl_port => 13778, nova_metadata_port => 8775, nova_novnc_port => 6080, nova_novnc_ssl_port => 13080, + opendaylight_api_port => 8081, panko_api_port => 8779, panko_api_ssl_port => 13779, + ovn_nbdb_port => 6641, + ovn_sbdb_port => 6642, + ec2_api_port => 8788, + ec2_api_ssl_port => 13788, + ec2_api_metadata_port => 8789, sahara_api_port => 8386, sahara_api_ssl_port => 13386, swift_proxy_port => 8080, swift_proxy_ssl_port => 13808, + tacker_api_port => 9890, + tacker_api_ssl_port => 13989, trove_api_port => 8779, trove_api_ssl_port => 13779, ui_port => 3000, @@ -687,6 +791,11 @@ class tripleo::haproxy ( "${redis_vip}:6379" => $haproxy_listen_bind_param, } + $etcd_vip = hiera('etcd_vip', $controller_virtual_ip) + $etcd_bind_opts = { + "${etcd_vip}:2379" => $haproxy_listen_bind_param, + } + class { '::haproxy': service_manage => $haproxy_service_manage, global_options => { @@ -799,6 +908,7 @@ class tripleo::haproxy ( }, public_ssl_port => $ports[neutron_api_ssl_port], service_network => $neutron_network, + member_options => union($haproxy_member_options, $internal_tls_member_options), } } @@ -821,6 +931,24 @@ class tripleo::haproxy ( } } + if $congress { + ::tripleo::haproxy::endpoint { 'congress': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('congress_api_vip', $controller_virtual_ip), + service_port => $ports[congress_api_port], + ip_addresses => hiera('congress_node_ips', $controller_hosts_real), + server_names => hiera('congress_api_node_names', $controller_hosts_names_real), + mode => 'http', + listen_options => { + 'http-request' => [ + 'set-header X-Forwarded-Proto https if { ssl_fc }', + 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], + }, + public_ssl_port => $ports[congress_api_ssl_port], + service_network => $congress_network, + } + } + if $manila { ::tripleo::haproxy::endpoint { 'manila': public_virtual_ip => $public_virtual_ip, @@ -851,6 +979,24 @@ class tripleo::haproxy ( } } + if $tacker { + ::tripleo::haproxy::endpoint { 'tacker': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('tacker_api_vip', $controller_virtual_ip), + service_port => $ports[tacker_api_port], + ip_addresses => hiera('tacker_node_ips', $controller_hosts_real), + server_names => hiera('tacker_api_node_names', $controller_hosts_names_real), + mode => 'http', + listen_options => { + 'http-request' => [ + 'set-header X-Forwarded-Proto https if { ssl_fc }', + 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], + }, + public_ssl_port => $ports[tacker_api_ssl_port], + service_network => $tacker_network, + } + } + if $trove { ::tripleo::haproxy::endpoint { 'trove': public_virtual_ip => $public_virtual_ip, @@ -878,16 +1024,7 @@ class tripleo::haproxy ( 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], }, service_network => $glance_api_network, - } - } - - if $glance_registry { - ::tripleo::haproxy::endpoint { 'glance_registry': - internal_ip => hiera('glance_registry_vip', $controller_virtual_ip), - service_port => $ports[glance_registry_port], - ip_addresses => hiera('glance_registry_node_ips', $controller_hosts_real), - server_names => hiera('glance_registry_node_names', $controller_hosts_names_real), - service_network => $glance_registry_network, + member_options => union($haproxy_member_options, $internal_tls_member_options), } } @@ -907,6 +1044,26 @@ class tripleo::haproxy ( }, public_ssl_port => $ports[nova_api_ssl_port], service_network => $nova_osapi_network, + #member_options => union($haproxy_member_options, $internal_tls_member_options), + } + } + + $nova_placement_vip = hiera('nova_placement_vip', $controller_virtual_ip) + if $nova_placement { + ::tripleo::haproxy::endpoint { 'nova_placement': + public_virtual_ip => $public_virtual_ip, + internal_ip => $nova_placement_vip, + service_port => $ports[nova_placement_port], + ip_addresses => hiera('nova_placement_node_ips', $controller_hosts_real), + server_names => hiera('nova_placement_node_names', $controller_hosts_names_real), + mode => 'http', + listen_options => { + 'http-request' => [ + 'set-header X-Forwarded-Proto https if { ssl_fc }', + 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], + }, + public_ssl_port => $ports[nova_placement_ssl_port], + service_network => $nova_placement_network, member_options => union($haproxy_member_options, $internal_tls_member_options), } } @@ -937,6 +1094,34 @@ class tripleo::haproxy ( } } + if $ec2_api { + ::tripleo::haproxy::endpoint { 'ec2_api': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('ec2_api_vip', $controller_virtual_ip), + service_port => $ports[ec2_api_port], + ip_addresses => hiera('ec2_api_node_ips', $controller_hosts_real), + server_names => hiera('ec2_api_node_names', $controller_hosts_names_real), + mode => 'http', + listen_options => { + 'http-request' => [ + 'set-header X-Forwarded-Proto https if { ssl_fc }', + 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], + }, + public_ssl_port => $ports[ec2_api_ssl_port], + service_network => $ec2_api_network, + } + } + + if $ec2_api_metadata { + ::tripleo::haproxy::endpoint { 'ec2_api_metadata': + internal_ip => hiera('ec2_api_vip', $controller_virtual_ip), + service_port => $ports[ec2_api_metadata_port], + ip_addresses => hiera('ec2_api_node_ips', $controller_hosts_real), + server_names => hiera('ec2_api_node_names', $controller_hosts_names_real), + service_network => $ec2_api_metadata_network, + } + } + if $ceilometer { ::tripleo::haproxy::endpoint { 'ceilometer': public_virtual_ip => $public_virtual_ip, @@ -1189,6 +1374,15 @@ class tripleo::haproxy ( server_names => hiera('mysql_node_names', $controller_hosts_names_real), options => $mysql_member_options_real, } + if hiera('manage_firewall', true) { + include ::tripleo::firewall + $mysql_firewall_rules = { + '100 mysql_haproxy' => { + 'dport' => 3306, + } + } + create_resources('tripleo::firewall::rule', $mysql_firewall_rules) + } } if $rabbitmq { @@ -1209,6 +1403,23 @@ class tripleo::haproxy ( } } + if $etcd { + haproxy::listen { 'etcd': + bind => $etcd_bind_opts, + options => { + 'balance' => 'source', + }, + collect_exported => false, + } + haproxy::balancermember { 'etcd': + listening_service => 'etcd', + ports => '2379', + ipaddresses => hiera('etcd_node_ips', $controller_hosts_real), + server_names => hiera('etcd_node_names', $controller_hosts_names_real), + options => $haproxy_member_options, + } + } + if $docker_registry { ::tripleo::haproxy::endpoint { 'docker-registry': public_virtual_ip => $public_virtual_ip, @@ -1248,12 +1459,21 @@ class tripleo::haproxy ( server_names => hiera('redis_node_names', $controller_hosts_names_real), options => $haproxy_member_options, } + if hiera('manage_firewall', true) { + include ::tripleo::firewall + $redis_firewall_rules = { + '100 redis_haproxy' => { + 'dport' => 6379, + } + } + create_resources('tripleo::firewall::rule', $redis_firewall_rules) + } } - $midonet_api_vip = hiera('midonet_api_vip', $controller_virtual_ip) + $midonet_cluster_vip = hiera('midonet_cluster_vip', $controller_virtual_ip) $midonet_bind_opts = { - "${midonet_api_vip}:8081" => [], - "${public_virtual_ip}:8081" => [], + "${midonet_cluster_vip}:${ports[midonet_cluster_port]}" => [], + "${public_virtual_ip}:${ports[midonet_cluster_port]}" => [], } if $midonet_api { @@ -1263,7 +1483,7 @@ class tripleo::haproxy ( } haproxy::balancermember { 'midonet_api': listening_service => 'midonet_api', - ports => '8081', + ports => $ports[midonet_cluster_port], ipaddresses => hiera('midonet_api_node_ips', $controller_hosts_real), server_names => hiera('midonet_api_node_names', $controller_hosts_names_real), options => $haproxy_member_options, @@ -1294,26 +1514,49 @@ class tripleo::haproxy ( } } - $opendaylight_api_vip = hiera('opendaylight_api_vip', $controller_virtual_ip) - $opendaylight_bind_opts = { - "${opendaylight_api_vip}:8081" => $haproxy_listen_bind_param, - "${public_virtual_ip}:8081" => $haproxy_listen_bind_param, - } - if $opendaylight { - haproxy::listen { 'opendaylight': - bind => $opendaylight_bind_opts, - options => { + ::tripleo::haproxy::endpoint { 'opendaylight': + internal_ip => unique([hiera('opendaylight_api_vip', $controller_virtual_ip), $controller_virtual_ip]), + service_port => $ports[opendaylight_api_port], + ip_addresses => hiera('opendaylight_api_node_ips', $controller_hosts_real), + server_names => hiera('opendaylight_api_node_names', $controller_hosts_names_real), + mode => 'http', + listen_options => { 'balance' => 'source', }, - collect_exported => false, } - haproxy::balancermember { 'opendaylight': - listening_service => 'opendaylight', - ports => '8081', - ipaddresses => hiera('opendaylight_api_node_ips', $controller_hosts_real), - server_names => hiera('opendaylight_api_node_names', $controller_hosts_names_real), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + + + if $ovn_dbs { + # FIXME: is this config enough to ensure we only hit the first node in + # ovn_northd_node_ips ? + $ovn_db_listen_options = { + 'option' => [ 'tcpka' ], + 'timeout client' => '90m', + 'timeout server' => '90m', + 'stick-table' => 'type ip size 1000', + 'stick' => 'on dst', + } + ::tripleo::haproxy::endpoint { 'ovn_nbdb': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('ovn_dbs_vip', $controller_virtual_ip), + service_port => $ports[ovn_nbdb_port], + ip_addresses => hiera('ovn_dbs_node_ips', $controller_hosts_real), + server_names => hiera('ovn_dbs_node_names', $controller_hosts_names_real), + service_network => $ovn_dbs_network, + listen_options => $ovn_db_listen_options, + mode => 'tcp' + } + ::tripleo::haproxy::endpoint { 'ovn_sbdb': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('ovn_dbs_vip', $controller_virtual_ip), + service_port => $ports[ovn_sbdb_port], + ip_addresses => hiera('ovn_dbs_node_ips', $controller_hosts_real), + server_names => hiera('ovn_dbs_node_names', $controller_hosts_names_real), + service_network => $ovn_dbs_network, + listen_options => $ovn_db_listen_options, + mode => 'tcp' } } @@ -1330,7 +1573,7 @@ class tripleo::haproxy ( # NOTE(jaosorior): Websockets have more overhead in establishing # connections than regular HTTP connections. Also, since it begins # as an HTTP connection and then "upgrades" to a TCP connection, some - # timeouts get overriden by others at certain times of the connection. + # timeouts get overridden by others at certain times of the connection. # The following values were taken from the following site: # http://blog.haproxy.com/2012/11/07/websockets-load-balancing-with-haproxy/ 'timeout' => ['connect 5s', 'client 25s', 'server 25s', 'tunnel 3600s'], @@ -1351,5 +1594,50 @@ class tripleo::haproxy ( public_ssl_port => $ports[ui_ssl_port], } } - + if $contrail_config { + ::tripleo::haproxy::endpoint { 'contrail_config': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('contrail_config_vip', $controller_virtual_ip), + service_port => $ports[contrail_config_port], + ip_addresses => hiera('contrail_config_node_ips'), + server_names => hiera('contrail_config_node_ips'), + public_ssl_port => $ports[contrail_config_ssl_port], + } + ::tripleo::haproxy::endpoint { 'contrail_discovery': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('contrail_config_vip', $controller_virtual_ip), + service_port => $ports[contrail_discovery_port], + ip_addresses => hiera('contrail_config_node_ips'), + server_names => hiera('contrail_config_node_ips'), + public_ssl_port => $ports[contrail_discovery_ssl_port], + } + } + if $contrail_analytics { + ::tripleo::haproxy::endpoint { 'contrail_analytics': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('contrail_analytics_vip', $controller_virtual_ip), + service_port => $ports[contrail_analytics_port], + ip_addresses => hiera('contrail_config_node_ips'), + server_names => hiera('contrail_config_node_ips'), + public_ssl_port => $ports[contrail_analytics_ssl_port], + } + } + if $contrail_webui { + ::tripleo::haproxy::endpoint { 'contrail_webui_http': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('contrail_webui_vip', $controller_virtual_ip), + service_port => $ports[contrail_webui_http_port], + ip_addresses => hiera('contrail_config_node_ips'), + server_names => hiera('contrail_config_node_ips'), + public_ssl_port => $ports[contrail_webui_http_port], + } + ::tripleo::haproxy::endpoint { 'contrail_webui_https': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('contrail_webui_vip', $controller_virtual_ip), + service_port => $ports[contrail_webui_https_port], + ip_addresses => hiera('contrail_config_node_ips'), + server_names => hiera('contrail_config_node_ips'), + public_ssl_port => $ports[contrail_webui_https_port], + } + } } |