diff options
Diffstat (limited to 'manifests/haproxy.pp')
-rw-r--r-- | manifests/haproxy.pp | 55 |
1 files changed, 41 insertions, 14 deletions
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index 4d96e98..2f3f062 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -19,10 +19,6 @@ # # === Parameters: # -# [*keepalived*] -# Whether to configure keepalived to manage the VIPs or not. -# Defaults to true -# # [*haproxy_service_manage*] # Will be passed as value for service_manage to HAProxy module. # Defaults to true @@ -182,6 +178,10 @@ # (optional) Enable or not Aodh API binding # Defaults to hiera('aodh_api_enabled', false) # +# [*panko*] +# (optional) Enable or not Panko API binding +# Defaults to hiera('panko_api_enabled', false) +# # [*barbican*] # (optional) Enable or not Barbican API binding # Defaults to hiera('barbican_api_enabled', false) @@ -371,6 +371,10 @@ # (optional) Specify the network opendaylight is running on. # Defaults to hiera('opendaylight_api_network', undef) # +# [*panko_network*] +# (optional) Specify the network panko is running on. +# Defaults to hiera('panko_api_network', undef) +# # [*sahara_network*] # (optional) Specify the network sahara is running on. # Defaults to hiera('sahara_api_network', undef) @@ -430,6 +434,8 @@ # 'nova_metadata_port' (Defaults to 8775) # 'nova_novnc_port' (Defaults to 6080) # 'nova_novnc_ssl_port' (Defaults to 13080) +# 'panko_api_port' (Defaults to 8779) +# 'panko_api_ssl_port' (Defaults to 13779) # 'sahara_api_port' (Defaults to 8386) # 'sahara_api_ssl_port' (Defaults to 13386) # 'swift_proxy_port' (Defaults to 8080) @@ -449,7 +455,6 @@ class tripleo::haproxy ( $controller_virtual_ip, $public_virtual_ip, - $keepalived = true, $haproxy_service_manage = true, $haproxy_global_maxconn = 20480, $haproxy_default_maxconn = 4096, @@ -482,6 +487,7 @@ class tripleo::haproxy ( $nova_novncproxy = hiera('nova_vnc_proxy_enabled', false), $ceilometer = hiera('ceilometer_api_enabled', false), $aodh = hiera('aodh_api_enabled', false), + $panko = hiera('panko_api_enabled', false), $barbican = hiera('barbican_api_enabled', false), $gnocchi = hiera('gnocchi_api_enabled', false), $mistral = hiera('mistral_api_enabled', false), @@ -527,6 +533,7 @@ class tripleo::haproxy ( $nova_metadata_network = hiera('nova_api_network', undef), $nova_novncproxy_network = hiera('nova_vnc_proxy_network', undef), $nova_osapi_network = hiera('nova_api_network', undef), + $panko_network = hiera('panko_api_network', undef), $sahara_network = hiera('sahara_api_network', undef), $swift_proxy_server_network = hiera('swift_proxy_network', undef), $trove_network = hiera('trove_api_network', undef), @@ -574,6 +581,8 @@ class tripleo::haproxy ( nova_metadata_port => 8775, nova_novnc_port => 6080, nova_novnc_ssl_port => 13080, + panko_api_port => 8779, + panko_api_ssl_port => 13779, sahara_api_port => 8386, sahara_api_ssl_port => 13386, swift_proxy_port => 8080, @@ -605,13 +614,6 @@ class tripleo::haproxy ( $controller_hosts_names_real = downcase(any2array(split($controller_hosts_names, ','))) } - # This code will be removed once we switch undercloud and overcloud to use both haproxy & keepalived roles. - if $keepalived { - include ::tripleo::keepalived - # Make sure keepalive starts before haproxy. - Class['::keepalived::service'] -> Class['::haproxy'] - } - # TODO(bnemec): When we have support for SSL on private and admin endpoints, # have the haproxy stats endpoint use that certificate by default. if $haproxy_stats_certificate { @@ -784,6 +786,7 @@ class tripleo::haproxy ( service_port => $ports[neutron_api_port], ip_addresses => hiera('neutron_api_node_ips', $controller_hosts_real), server_names => hiera('neutron_api_node_names', $controller_hosts_names_real), + mode => 'http', listen_options => { 'http-request' => [ 'set-header X-Forwarded-Proto https if { ssl_fc }', @@ -809,6 +812,7 @@ class tripleo::haproxy ( }, public_ssl_port => $ports[cinder_api_ssl_port], service_network => $cinder_network, + member_options => union($haproxy_member_options, $internal_tls_member_options), } } @@ -819,6 +823,7 @@ class tripleo::haproxy ( service_port => $ports[manila_api_port], ip_addresses => hiera('manila_api_node_ips', $controller_hosts_real), server_names => hiera('manila_api_node_names', $controller_hosts_names_real), + mode => 'http', listen_options => { 'http-request' => [ 'set-header X-Forwarded-Proto https if { ssl_fc }', @@ -934,6 +939,7 @@ class tripleo::haproxy ( service_port => $ports[ceilometer_api_port], ip_addresses => hiera('ceilometer_api_node_ips', $controller_hosts_real), server_names => hiera('ceilometer_api_node_names', $controller_hosts_names_real), + mode => 'http', listen_options => { 'http-request' => [ 'set-header X-Forwarded-Proto https if { ssl_fc }', @@ -952,6 +958,7 @@ class tripleo::haproxy ( service_port => $ports[aodh_api_port], ip_addresses => hiera('aodh_api_node_ips', $controller_hosts_real), server_names => hiera('aodh_api_node_names', $controller_hosts_names_real), + mode => 'http', listen_options => { 'http-request' => [ 'set-header X-Forwarded-Proto https if { ssl_fc }', @@ -963,15 +970,34 @@ class tripleo::haproxy ( } } + if $panko { + ::tripleo::haproxy::endpoint { 'panko': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('panko_api_vip', $controller_virtual_ip), + service_port => $ports[panko_api_port], + ip_addresses => hiera('panko_api_node_ips', $controller_hosts_real), + server_names => hiera('panko_api_node_names', $controller_hosts_names_real), + listen_options => { + 'http-request' => [ + 'set-header X-Forwarded-Proto https if { ssl_fc }', + 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], + }, + public_ssl_port => $ports[panko_api_ssl_port], + service_network => $panko_network, + member_options => union($haproxy_member_options, $internal_tls_member_options), + } + } + if $barbican { ::tripleo::haproxy::endpoint { 'barbican': public_virtual_ip => $public_virtual_ip, internal_ip => hiera('barbican_api_vip', $controller_virtual_ip), service_port => $ports[barbican_api_port], ip_addresses => hiera('barbican_api_node_ips', $controller_hosts_real), - server_names => hiera('aodh_api_node_names', $controller_hosts_names_real), + server_names => hiera('barbican_api_node_names', $controller_hosts_names_real), public_ssl_port => $ports[barbican_api_ssl_port], - service_network => $barbican_network + service_network => $barbican_network, + member_options => union($haproxy_member_options, $internal_tls_member_options), } } @@ -982,6 +1008,7 @@ class tripleo::haproxy ( service_port => $ports[gnocchi_api_port], ip_addresses => hiera('gnocchi_api_node_ips', $controller_hosts_real), server_names => hiera('gnocchi_api_node_names', $controller_hosts_names_real), + mode => 'http', listen_options => { 'http-request' => [ 'set-header X-Forwarded-Proto https if { ssl_fc }', |