diff options
Diffstat (limited to 'manifests/haproxy.pp')
| -rw-r--r-- | manifests/haproxy.pp | 195 |
1 files changed, 143 insertions, 52 deletions
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index e72d915..2cac604 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -111,99 +111,99 @@ # # [*keystone_admin*] # (optional) Enable or not Keystone Admin API binding -# Defaults to false +# Defaults to hiera('keystone_enabled', false) # # [*keystone_public*] # (optional) Enable or not Keystone Public API binding -# Defaults to false +# Defaults to hiera('keystone_enabled', false) # # [*neutron*] # (optional) Enable or not Neutron API binding -# Defaults to false +# Defaults to hiera('neutron_api_enabled', false) # # [*cinder*] # (optional) Enable or not Cinder API binding -# Defaults to false +# Defaults to hiera('cinder_api_enabled', false) # # [*manila*] # (optional) Enable or not Manila API binding -# Defaults to false +# Defaults to hiera('manila_api_enabled', false) # # [*sahara*] # (optional) Enable or not Sahara API binding -# defaults to false +# defaults to hiera('sahara_api_enabled', false) # # [*trove*] # (optional) Enable or not Trove API binding -# defaults to false +# defaults to hiera('trove_api_enabled', false) # # [*glance_api*] # (optional) Enable or not Glance API binding -# Defaults to false +# Defaults to hiera('glance_api_enabled', false) # # [*glance_registry*] # (optional) Enable or not Glance registry binding -# Defaults to false +# Defaults to hiera('glance_registry_enabled', false) # # [*nova_osapi*] # (optional) Enable or not Nova API binding -# Defaults to false +# Defaults to hiera('nova_api_enabled', false) # # [*nova_metadata*] # (optional) Enable or not Nova metadata binding -# Defaults to false +# Defaults to hiera('nova_api_enabled', false) # # [*nova_novncproxy*] # (optional) Enable or not Nova novncproxy binding -# Defaults to false +# Defaults to hiera('nova_vnc_proxy_enabled', false) # # [*ceilometer*] # (optional) Enable or not Ceilometer API binding -# Defaults to false +# Defaults to hiera('ceilometer_api_enabled', false) # # [*aodh*] # (optional) Enable or not Aodh API binding -# Defaults to false +# Defaults to hiera('aodh_api_enabled', false) # # [*gnocchi*] # (optional) Enable or not Gnocchi API binding -# Defaults to false +# Defaults to hiera('gnocchi_api_enabled', false) # # [*mistral*] # (optional) Enable or not Mistral API binding -# Defaults to false +# Defaults to hiera('mistral_api_enabled', false) # # [*swift_proxy_server*] # (optional) Enable or not Swift API binding -# Defaults to false +# Defaults to hiera('swift_proxy_enabled', false) # # [*heat_api*] # (optional) Enable or not Heat API binding -# Defaults to false +# Defaults to hiera('heat_api_enabled', false) # # [*heat_cloudwatch*] # (optional) Enable or not Heat Cloudwatch API binding -# Defaults to false +# Defaults to hiera('heat_api_cloudwatch_enabled', false) # # [*heat_cfn*] # (optional) Enable or not Heat CFN API binding -# Defaults to false +# Defaults to hiera('heat_api_cfn_enabled', false) # # [*horizon*] # (optional) Enable or not Horizon dashboard binding -# Defaults to false +# Defaults to hiera('horizon_enabled', false) # # [*ironic*] # (optional) Enable or not Ironic API binding -# Defaults to false +# Defaults to hiera('ironic_enabled', false) # # [*ironic_inspector*] # (optional) Enable or not Ironic Inspector API binding -# Defaults to false +# Defaults to hiera('ironic_inspector_enabled', false) # # [*mysql*] # (optional) Enable or not MySQL Galera binding -# Defaults to false +# Defaults to hiera('mysql_enabled', false) # # [*mysql_clustercheck*] # (optional) Enable check via clustercheck for mysql @@ -215,7 +215,7 @@ # # [*redis*] # (optional) Enable or not Redis binding -# Defaults to false +# Defaults to hiera('redis_enabled', false) # # [*redis_password*] # (optional) Password for Redis authentication, eventually needed by the @@ -228,6 +228,18 @@ # # [*zaqar_api*] # (optional) Enable or not Zaqar Api binding +# Defaults to hiera('zaqar_api_enabled', false) +# +# [*ceph_rgw*] +# (optional) Enable or not Ceph RadosGW binding +# Defaults to hiera('ceph_rgw_enabled', false) +# +# [*opendaylight*] +# (optional) Enable or not OpenDaylight binding +# Defaults to hiera('opendaylight_api_enabled', false) +# +# [*zaqar_ws*] +# (optional) Enable or not Zaqar Websockets binding # Defaults to false # # [*service_ports*] @@ -277,6 +289,12 @@ # 'trove_api_ssl_port' (Defaults to 13779) # 'zaqar_api_port' (Defaults to 8888) # 'zaqar_api_ssl_port' (Defaults to 13888) +# 'ceph_rgw_port' (Defaults to 8080) +# 'ceph_rgw_ssl_port' (Defaults to 13808) +# 'zaqar_ws_port' (Defaults to 9000) +# 'zaqar_ws_ssl_port' (Defaults to 9000) +# * Note that for zaqar's websockets we don't support having a different +# port for SSL, because it ignores the handshake. # Defaults to {} # class tripleo::haproxy ( @@ -299,36 +317,39 @@ class tripleo::haproxy ( $ssl_cipher_suite = '!SSLv2:kEECDH:kRSA:kEDH:kPSK:+3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES', $ssl_options = 'no-sslv3', $haproxy_stats_certificate = undef, - $keystone_admin = false, - $keystone_public = false, - $neutron = false, - $cinder = false, - $sahara = false, - $trove = false, - $manila = false, - $glance_api = false, - $glance_registry = false, - $nova_osapi = false, - $nova_metadata = false, - $nova_novncproxy = false, - $ceilometer = false, - $aodh = false, - $gnocchi = false, - $mistral = false, - $swift_proxy_server = false, - $heat_api = false, - $heat_cloudwatch = false, - $heat_cfn = false, - $horizon = false, - $ironic = false, - $ironic_inspector = false, - $mysql = false, + $keystone_admin = hiera('keystone_enabled', false), + $keystone_public = hiera('keystone_enabled', false), + $neutron = hiera('neutron_api_enabled', false), + $cinder = hiera('cinder_api_enabled', false), + $manila = hiera('manila_api_enabled', false), + $sahara = hiera('sahara_api_enabled', false), + $trove = hiera('trove_api_enabled', false), + $glance_api = hiera('glance_api_enabled', false), + $glance_registry = hiera('glance_registry_enabled', false), + $nova_osapi = hiera('nova_api_enabled', false), + $nova_metadata = hiera('nova_api_enabled', false), + $nova_novncproxy = hiera('nova_vnc_proxy_enabled', false), + $ceilometer = hiera('ceilometer_api_enabled', false), + $aodh = hiera('aodh_api_enabled', false), + $gnocchi = hiera('gnocchi_api_enabled', false), + $mistral = hiera('mistral_api_enabled', false), + $swift_proxy_server = hiera('swift_proxy_enabled', false), + $heat_api = hiera('heat_api_enabled', false), + $heat_cloudwatch = hiera('heat_api_cloudwatch_enabled', false), + $heat_cfn = hiera('heat_api_cfn_enabled', false), + $horizon = hiera('horizon_enabled', false), + $ironic = hiera('ironic_api_enabled', false), + $ironic_inspector = hiera('ironic_inspector_enabled', false), + $mysql = hiera('mysql_enabled', false), $mysql_clustercheck = false, $rabbitmq = false, - $redis = false, + $redis = hiera('redis_enabled', false), $redis_password = undef, $midonet_api = false, - $zaqar_api = false, + $zaqar_api = hiera('zaqar_api_enabled', false), + $ceph_rgw = hiera('ceph_rgw_enabled', false), + $opendaylight = hiera('opendaylight_api_enabled', false), + $zaqar_ws = hiera('zaqar_api_enabled', false), $service_ports = {} ) { $default_service_ports = { @@ -376,6 +397,10 @@ class tripleo::haproxy ( trove_api_ssl_port => 13779, zaqar_api_port => 8888, zaqar_api_ssl_port => 13888, + ceph_rgw_port => 8080, + ceph_rgw_ssl_port => 13808, + zaqar_ws_port => 9000, + zaqar_ws_ssl_port => 9000, } $ports = merge($default_service_ports, $service_ports) @@ -582,6 +607,11 @@ class tripleo::haproxy ( service_port => $ports[manila_api_port], ip_addresses => hiera('manila_api_node_ips', $controller_hosts_real), server_names => $controller_hosts_names_real, + listen_options => { + 'http-request' => [ + 'set-header X-Forwarded-Proto https if { ssl_fc }', + 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], + }, public_ssl_port => $ports[manila_api_ssl_port], } } @@ -884,7 +914,12 @@ class tripleo::haproxy ( options => { 'balance' => 'first', 'option' => ['tcp-check',], - 'tcp-check' => union($redis_tcp_check_options, ['send PING\r\n','expect string +PONG','send info\ replication\r\n','expect string role:master','send QUIT\r\n','expect string +OK']), + 'tcp-check' => union($redis_tcp_check_options, ['send PING\r\n', + 'expect string +PONG', + 'send info\ replication\r\n', + 'expect string role:master', + 'send QUIT\r\n', + 'expect string +OK']), }, collect_exported => false, } @@ -927,4 +962,60 @@ class tripleo::haproxy ( public_ssl_port => $ports[zaqar_api_ssl_port], } } + + if $ceph_rgw { + ::tripleo::haproxy::endpoint { 'ceph_rgw': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('ceph_rgw_vip', $controller_virtual_ip), + service_port => $ports[ceph_rgw_port], + ip_addresses => hiera('ceph_rgw_node_ips', $controller_hosts_real), + server_names => $controller_hosts_names_real, + public_ssl_port => $ports[ceph_rgw_ssl_port], + } + } + + $opendaylight_api_vip = hiera('opendaylight_api_vip', $controller_virtual_ip) + $opendaylight_bind_opts = { + "${opendaylight_api_vip}:8081" => [], + "${public_virtual_ip}:8081" => [], + } + + if $opendaylight { + haproxy::listen { 'opendaylight': + bind => $opendaylight_bind_opts, + options => { + 'balance' => 'source', + }, + collect_exported => false, + } + haproxy::balancermember { 'opendaylight': + listening_service => 'opendaylight', + ports => '8081', + ipaddresses => hiera('opendaylight_api_node_ips', $controller_hosts_real), + server_names => $controller_hosts_names_real, + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + + if $zaqar_ws { + ::tripleo::haproxy::endpoint { 'zaqar_ws': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('zaqar_ws_vip', $controller_virtual_ip), + service_port => $ports[zaqar_ws_port], + ip_addresses => hiera('zaqar_ws_node_ips', $controller_hosts_real), + server_names => $controller_hosts_names_real, + mode => 'http', + haproxy_listen_bind_param => [], # We don't use a transparent proxy here + listen_options => { + # NOTE(jaosorior): Websockets have more overhead in establishing + # connections than regular HTTP connections. Also, since it begins + # as an HTTP connection and then "upgrades" to a TCP connection, some + # timeouts get overriden by others at certain times of the connection. + # The following values were taken from the following site: + # http://blog.haproxy.com/2012/11/07/websockets-load-balancing-with-haproxy/ + 'timeout' => ['connect 5s', 'client 25s', 'server 25s', 'tunnel 3600s'], + }, + public_ssl_port => $ports[zaqar_ws_ssl_port], + } + } } |