diff options
Diffstat (limited to 'manifests/haproxy.pp')
| -rw-r--r-- | manifests/haproxy.pp | 233 |
1 files changed, 210 insertions, 23 deletions
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index 2fa02c9..e1c44ee 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -64,6 +64,26 @@ # Can be a string or an array. # Defaults to undef # +# [*contrail_config_hosts*] +# (optional) Specify the contrail config hosts ips. +# Defaults to hiera('contrail_config_node_ips') +# +# [*contrail_config_hosts_names*] +# (optional) Specify the contrail config hosts. +# Defaults to hiera('contrail_config_node_ips') +# +# [*contrail_config*] +# (optional) Switch to check that contrail config is enabled. +# Defaults to hiera('contrail_config_enabled') +# +# [*contrail_webui*] +# (optional) Switch to check that contrail config is enabled. +# Defaults to hiera('contrail_webui_enabled') +# +# [*contrail_analytics*] +# (optional) Switch to check that contrail config is enabled. +# Defaults to hiera('contrail_analytics_enabled') +# # [*public_virtual_ip*] # Public IP or group of IPs to bind the pools # Can be a string or an array. @@ -143,6 +163,10 @@ # (optional) Enable or not Cinder API binding # Defaults to hiera('cinder_api_enabled', false) # +# [*congress*] +# (optional) Enable or not Congress API binding +# Defaults to hiera('congress_enabled', false) +# # [*manila*] # (optional) Enable or not Manila API binding # Defaults to hiera('manila_api_enabled', false) @@ -151,6 +175,10 @@ # (optional) Enable or not Sahara API binding # defaults to hiera('sahara_api_enabled', false) # +# [*tacker*] +# (optional) Enable or not Tacker API binding +# Defaults to hiera('tacker_enabled', false) +# # [*trove*] # (optional) Enable or not Trove API binding # defaults to hiera('trove_api_enabled', false) @@ -159,10 +187,6 @@ # (optional) Enable or not Glance API binding # Defaults to hiera('glance_api_enabled', false) # -# [*glance_registry*] -# (optional) Enable or not Glance registry binding -# Defaults to hiera('glance_registry_enabled', false) -# # [*nova_osapi*] # (optional) Enable or not Nova API binding # Defaults to hiera('nova_api_enabled', false) @@ -179,6 +203,14 @@ # (optional) Enable or not Nova novncproxy binding # Defaults to hiera('nova_vnc_proxy_enabled', false) # +# [*ec2_api*] +# (optional) Enable or not EC2 API binding +# Defaults to hiera('ec2_api_enabled', false) +# +# [*ec2_api_metadata*] +# (optional) Enable or not EC2 API metadata binding +# Defaults to hiera('ec2_api_enabled', false) +# # [*ceilometer*] # (optional) Enable or not Ceilometer API binding # Defaults to hiera('ceilometer_api_enabled', false) @@ -316,6 +348,10 @@ # (optional) Specify the network cinder is running on. # Defaults to hiera('cinder_api_network', undef) # +# [*congress_network*] +# (optional) Specify the network congress is running on. +# Defaults to hiera('congress_api_network', undef) +# # [*docker_registry_network*] # (optional) Specify the network docker-registry is running on. # Defaults to hiera('docker_registry_network', undef) @@ -324,10 +360,6 @@ # (optional) Specify the network glance_api is running on. # Defaults to hiera('glance_api_network', undef) # -# [*glance_registry_network*] -# (optional) Specify the network glance_registry is running on. -# Defaults to hiera('glance_registry_network', undef) -# # [*gnocchi_network*] # (optional) Specify the network gnocchi is running on. # Defaults to hiera('gnocchi_api_network', undef) @@ -388,6 +420,14 @@ # (optional) Specify the network nova_placement is running on. # Defaults to hiera('nova_placement_network', undef) # +# [*ec2_api_network*] +# (optional) Specify the network ec2_api is running on. +# Defaults to hiera('ec2_api_network', undef) +# +# [*ec2_api_metadata_network*] +# (optional) Specify the network ec2_api_metadata is running on. +# Defaults to hiera('ec2_api_network', undef) +# # [*opendaylight_network*] # (optional) Specify the network opendaylight is running on. # Defaults to hiera('opendaylight_api_network', undef) @@ -408,6 +448,10 @@ # (optional) Specify the network swift_proxy_server is running on. # Defaults to hiera('swift_proxy_network', undef) # +# [*tacker_network*] +# (optional) Specify the network tacker is running on. +# Defaults to hiera('tacker_api_network', undef) +# # [*trove_network*] # (optional) Specify the network trove is running on. # Defaults to hiera('trove_api_network', undef) @@ -431,7 +475,6 @@ # 'docker_registry_ssl_port' (Defaults to 13787) # 'glance_api_port' (Defaults to 9292) # 'glance_api_ssl_port' (Defaults to 13292) -# 'glance_registry_port' (Defaults to 9191) # 'gnocchi_api_port' (Defaults to 8041) # 'gnocchi_api_ssl_port' (Defaults to 13041) # 'mistral_api_port' (Defaults to 8989) @@ -496,6 +539,11 @@ class tripleo::haproxy ( $haproxy_stats_password = undef, $controller_hosts = hiera('controller_node_ips'), $controller_hosts_names = hiera('controller_node_names', undef), + $contrail_config_hosts = hiera('contrail_config_node_ips', undef), + $contrail_config_hosts_names = hiera('contrail_config_node_names', undef), + $contrail_analytics = hiera('contrail_analytics_enabled', false), + $contrail_config = hiera('contrail_config_enabled', false), + $contrail_webui = hiera('contrail_webui_enabled', false), $service_certificate = undef, $use_internal_certificates = false, $internal_certificates_specs = {}, @@ -508,15 +556,18 @@ class tripleo::haproxy ( $keystone_public = hiera('keystone_enabled', false), $neutron = hiera('neutron_api_enabled', false), $cinder = hiera('cinder_api_enabled', false), + $congress = hiera('congress_enabled', false), $manila = hiera('manila_api_enabled', false), $sahara = hiera('sahara_api_enabled', false), + $tacker = hiera('tacker_enabled', false), $trove = hiera('trove_api_enabled', false), $glance_api = hiera('glance_api_enabled', false), - $glance_registry = hiera('glance_registry_enabled', false), $nova_osapi = hiera('nova_api_enabled', false), $nova_placement = hiera('nova_placement_enabled', false), $nova_metadata = hiera('nova_api_enabled', false), $nova_novncproxy = hiera('nova_vnc_proxy_enabled', false), + $ec2_api = hiera('ec2_api_enabled', false), + $ec2_api_metadata = hiera('ec2_api_enabled', false), $ceilometer = hiera('ceilometer_api_enabled', false), $aodh = hiera('aodh_api_enabled', false), $panko = hiera('panko_api_enabled', false), @@ -550,9 +601,9 @@ class tripleo::haproxy ( $ceilometer_network = hiera('ceilometer_api_network', undef), $ceph_rgw_network = hiera('ceph_rgw_network', undef), $cinder_network = hiera('cinder_api_network', undef), + $congress_network = hiera('congress_api_network', undef), $docker_registry_network = hiera('docker_registry_network', undef), $glance_api_network = hiera('glance_api_network', undef), - $glance_registry_network = hiera('glance_registry_network', undef), $gnocchi_network = hiera('gnocchi_api_network', undef), $heat_api_network = hiera('heat_api_network', undef), $heat_cfn_network = hiera('heat_api_cfn_network', undef), @@ -570,8 +621,11 @@ class tripleo::haproxy ( $nova_placement_network = hiera('nova_placement_network', undef), $panko_network = hiera('panko_api_network', undef), $ovn_dbs_network = hiera('ovn_dbs_network', undef), + $ec2_api_network = hiera('ec2_api_network', undef), + $ec2_api_metadata_network = hiera('ec2_api_network', undef), $sahara_network = hiera('sahara_api_network', undef), $swift_proxy_server_network = hiera('swift_proxy_network', undef), + $tacker_network = hiera('tacker_api_network', undef), $trove_network = hiera('trove_api_network', undef), $zaqar_api_network = hiera('zaqar_api_network', undef), $service_ports = {} @@ -585,11 +639,20 @@ class tripleo::haproxy ( ceilometer_api_ssl_port => 13777, cinder_api_port => 8776, cinder_api_ssl_port => 13776, + congress_api_port => 1789, + congress_api_ssl_port => 13789, + contrail_config_port => 8082, + contrail_config_ssl_port => 18082, + contrail_discovery_port => 5998, + contrail_discovery_ssl_port => 15998, + contrail_analytics_port => 8090, + contrail_analytics_ssl_port => 18090, + contrail_webui_http_port => 8080, + contrail_webui_https_port => 8143, docker_registry_port => 8787, docker_registry_ssl_port => 13787, glance_api_port => 9292, glance_api_ssl_port => 13292, - glance_registry_port => 9191, gnocchi_api_port => 8041, gnocchi_api_ssl_port => 13041, mistral_api_port => 8989, @@ -625,10 +688,15 @@ class tripleo::haproxy ( panko_api_ssl_port => 13779, ovn_nbdb_port => 6641, ovn_sbdb_port => 6642, + ec2_api_port => 8788, + ec2_api_ssl_port => 13788, + ec2_api_metadata_port => 8789, sahara_api_port => 8386, sahara_api_ssl_port => 13386, swift_proxy_port => 8080, swift_proxy_ssl_port => 13808, + tacker_api_port => 9890, + tacker_api_ssl_port => 13989, trove_api_port => 8779, trove_api_ssl_port => 13779, ui_port => 3000, @@ -840,6 +908,7 @@ class tripleo::haproxy ( }, public_ssl_port => $ports[neutron_api_ssl_port], service_network => $neutron_network, + member_options => union($haproxy_member_options, $internal_tls_member_options), } } @@ -862,6 +931,24 @@ class tripleo::haproxy ( } } + if $congress { + ::tripleo::haproxy::endpoint { 'congress': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('congress_api_vip', $controller_virtual_ip), + service_port => $ports[congress_api_port], + ip_addresses => hiera('congress_node_ips', $controller_hosts_real), + server_names => hiera('congress_api_node_names', $controller_hosts_names_real), + mode => 'http', + listen_options => { + 'http-request' => [ + 'set-header X-Forwarded-Proto https if { ssl_fc }', + 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], + }, + public_ssl_port => $ports[congress_api_ssl_port], + service_network => $congress_network, + } + } + if $manila { ::tripleo::haproxy::endpoint { 'manila': public_virtual_ip => $public_virtual_ip, @@ -892,6 +979,24 @@ class tripleo::haproxy ( } } + if $tacker { + ::tripleo::haproxy::endpoint { 'tacker': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('tacker_api_vip', $controller_virtual_ip), + service_port => $ports[tacker_api_port], + ip_addresses => hiera('tacker_node_ips', $controller_hosts_real), + server_names => hiera('tacker_api_node_names', $controller_hosts_names_real), + mode => 'http', + listen_options => { + 'http-request' => [ + 'set-header X-Forwarded-Proto https if { ssl_fc }', + 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], + }, + public_ssl_port => $ports[tacker_api_ssl_port], + service_network => $tacker_network, + } + } + if $trove { ::tripleo::haproxy::endpoint { 'trove': public_virtual_ip => $public_virtual_ip, @@ -919,16 +1024,7 @@ class tripleo::haproxy ( 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], }, service_network => $glance_api_network, - } - } - - if $glance_registry { - ::tripleo::haproxy::endpoint { 'glance_registry': - internal_ip => hiera('glance_registry_vip', $controller_virtual_ip), - service_port => $ports[glance_registry_port], - ip_addresses => hiera('glance_registry_node_ips', $controller_hosts_real), - server_names => hiera('glance_registry_node_names', $controller_hosts_names_real), - service_network => $glance_registry_network, + member_options => union($haproxy_member_options, $internal_tls_member_options), } } @@ -998,6 +1094,34 @@ class tripleo::haproxy ( } } + if $ec2_api { + ::tripleo::haproxy::endpoint { 'ec2_api': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('ec2_api_vip', $controller_virtual_ip), + service_port => $ports[ec2_api_port], + ip_addresses => hiera('ec2_api_node_ips', $controller_hosts_real), + server_names => hiera('ec2_api_node_names', $controller_hosts_names_real), + mode => 'http', + listen_options => { + 'http-request' => [ + 'set-header X-Forwarded-Proto https if { ssl_fc }', + 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], + }, + public_ssl_port => $ports[ec2_api_ssl_port], + service_network => $ec2_api_network, + } + } + + if $ec2_api_metadata { + ::tripleo::haproxy::endpoint { 'ec2_api_metadata': + internal_ip => hiera('ec2_api_vip', $controller_virtual_ip), + service_port => $ports[ec2_api_metadata_port], + ip_addresses => hiera('ec2_api_node_ips', $controller_hosts_real), + server_names => hiera('ec2_api_node_names', $controller_hosts_names_real), + service_network => $ec2_api_metadata_network, + } + } + if $ceilometer { ::tripleo::haproxy::endpoint { 'ceilometer': public_virtual_ip => $public_virtual_ip, @@ -1250,6 +1374,15 @@ class tripleo::haproxy ( server_names => hiera('mysql_node_names', $controller_hosts_names_real), options => $mysql_member_options_real, } + if hiera('manage_firewall', true) { + include ::tripleo::firewall + $mysql_firewall_rules = { + '100 mysql_haproxy' => { + 'dport' => 3306, + } + } + create_resources('tripleo::firewall::rule', $mysql_firewall_rules) + } } if $rabbitmq { @@ -1326,6 +1459,15 @@ class tripleo::haproxy ( server_names => hiera('redis_node_names', $controller_hosts_names_real), options => $haproxy_member_options, } + if hiera('manage_firewall', true) { + include ::tripleo::firewall + $redis_firewall_rules = { + '100 redis_haproxy' => { + 'dport' => 6379, + } + } + create_resources('tripleo::firewall::rule', $redis_firewall_rules) + } } $midonet_cluster_vip = hiera('midonet_cluster_vip', $controller_virtual_ip) @@ -1452,5 +1594,50 @@ class tripleo::haproxy ( public_ssl_port => $ports[ui_ssl_port], } } - + if $contrail_config { + ::tripleo::haproxy::endpoint { 'contrail_config': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('contrail_config_vip', $controller_virtual_ip), + service_port => $ports[contrail_config_port], + ip_addresses => hiera('contrail_config_node_ips'), + server_names => hiera('contrail_config_node_ips'), + public_ssl_port => $ports[contrail_config_ssl_port], + } + ::tripleo::haproxy::endpoint { 'contrail_discovery': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('contrail_config_vip', $controller_virtual_ip), + service_port => $ports[contrail_discovery_port], + ip_addresses => hiera('contrail_config_node_ips'), + server_names => hiera('contrail_config_node_ips'), + public_ssl_port => $ports[contrail_discovery_ssl_port], + } + } + if $contrail_analytics { + ::tripleo::haproxy::endpoint { 'contrail_analytics': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('contrail_analytics_vip', $controller_virtual_ip), + service_port => $ports[contrail_analytics_port], + ip_addresses => hiera('contrail_config_node_ips'), + server_names => hiera('contrail_config_node_ips'), + public_ssl_port => $ports[contrail_analytics_ssl_port], + } + } + if $contrail_webui { + ::tripleo::haproxy::endpoint { 'contrail_webui_http': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('contrail_webui_vip', $controller_virtual_ip), + service_port => $ports[contrail_webui_http_port], + ip_addresses => hiera('contrail_config_node_ips'), + server_names => hiera('contrail_config_node_ips'), + public_ssl_port => $ports[contrail_webui_http_port], + } + ::tripleo::haproxy::endpoint { 'contrail_webui_https': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('contrail_webui_vip', $controller_virtual_ip), + service_port => $ports[contrail_webui_https_port], + ip_addresses => hiera('contrail_config_node_ips'), + server_names => hiera('contrail_config_node_ips'), + public_ssl_port => $ports[contrail_webui_https_port], + } + } } |