aboutsummaryrefslogtreecommitdiffstats
path: root/manifests/haproxy.pp
diff options
context:
space:
mode:
Diffstat (limited to 'manifests/haproxy.pp')
-rw-r--r--manifests/haproxy.pp55
1 files changed, 41 insertions, 14 deletions
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp
index 4d96e98..2f3f062 100644
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@@ -19,10 +19,6 @@
#
# === Parameters:
#
-# [*keepalived*]
-# Whether to configure keepalived to manage the VIPs or not.
-# Defaults to true
-#
# [*haproxy_service_manage*]
# Will be passed as value for service_manage to HAProxy module.
# Defaults to true
@@ -182,6 +178,10 @@
# (optional) Enable or not Aodh API binding
# Defaults to hiera('aodh_api_enabled', false)
#
+# [*panko*]
+# (optional) Enable or not Panko API binding
+# Defaults to hiera('panko_api_enabled', false)
+#
# [*barbican*]
# (optional) Enable or not Barbican API binding
# Defaults to hiera('barbican_api_enabled', false)
@@ -371,6 +371,10 @@
# (optional) Specify the network opendaylight is running on.
# Defaults to hiera('opendaylight_api_network', undef)
#
+# [*panko_network*]
+# (optional) Specify the network panko is running on.
+# Defaults to hiera('panko_api_network', undef)
+#
# [*sahara_network*]
# (optional) Specify the network sahara is running on.
# Defaults to hiera('sahara_api_network', undef)
@@ -430,6 +434,8 @@
# 'nova_metadata_port' (Defaults to 8775)
# 'nova_novnc_port' (Defaults to 6080)
# 'nova_novnc_ssl_port' (Defaults to 13080)
+# 'panko_api_port' (Defaults to 8779)
+# 'panko_api_ssl_port' (Defaults to 13779)
# 'sahara_api_port' (Defaults to 8386)
# 'sahara_api_ssl_port' (Defaults to 13386)
# 'swift_proxy_port' (Defaults to 8080)
@@ -449,7 +455,6 @@
class tripleo::haproxy (
$controller_virtual_ip,
$public_virtual_ip,
- $keepalived = true,
$haproxy_service_manage = true,
$haproxy_global_maxconn = 20480,
$haproxy_default_maxconn = 4096,
@@ -482,6 +487,7 @@ class tripleo::haproxy (
$nova_novncproxy = hiera('nova_vnc_proxy_enabled', false),
$ceilometer = hiera('ceilometer_api_enabled', false),
$aodh = hiera('aodh_api_enabled', false),
+ $panko = hiera('panko_api_enabled', false),
$barbican = hiera('barbican_api_enabled', false),
$gnocchi = hiera('gnocchi_api_enabled', false),
$mistral = hiera('mistral_api_enabled', false),
@@ -527,6 +533,7 @@ class tripleo::haproxy (
$nova_metadata_network = hiera('nova_api_network', undef),
$nova_novncproxy_network = hiera('nova_vnc_proxy_network', undef),
$nova_osapi_network = hiera('nova_api_network', undef),
+ $panko_network = hiera('panko_api_network', undef),
$sahara_network = hiera('sahara_api_network', undef),
$swift_proxy_server_network = hiera('swift_proxy_network', undef),
$trove_network = hiera('trove_api_network', undef),
@@ -574,6 +581,8 @@ class tripleo::haproxy (
nova_metadata_port => 8775,
nova_novnc_port => 6080,
nova_novnc_ssl_port => 13080,
+ panko_api_port => 8779,
+ panko_api_ssl_port => 13779,
sahara_api_port => 8386,
sahara_api_ssl_port => 13386,
swift_proxy_port => 8080,
@@ -605,13 +614,6 @@ class tripleo::haproxy (
$controller_hosts_names_real = downcase(any2array(split($controller_hosts_names, ',')))
}
- # This code will be removed once we switch undercloud and overcloud to use both haproxy & keepalived roles.
- if $keepalived {
- include ::tripleo::keepalived
- # Make sure keepalive starts before haproxy.
- Class['::keepalived::service'] -> Class['::haproxy']
- }
-
# TODO(bnemec): When we have support for SSL on private and admin endpoints,
# have the haproxy stats endpoint use that certificate by default.
if $haproxy_stats_certificate {
@@ -784,6 +786,7 @@ class tripleo::haproxy (
service_port => $ports[neutron_api_port],
ip_addresses => hiera('neutron_api_node_ips', $controller_hosts_real),
server_names => hiera('neutron_api_node_names', $controller_hosts_names_real),
+ mode => 'http',
listen_options => {
'http-request' => [
'set-header X-Forwarded-Proto https if { ssl_fc }',
@@ -809,6 +812,7 @@ class tripleo::haproxy (
},
public_ssl_port => $ports[cinder_api_ssl_port],
service_network => $cinder_network,
+ member_options => union($haproxy_member_options, $internal_tls_member_options),
}
}
@@ -819,6 +823,7 @@ class tripleo::haproxy (
service_port => $ports[manila_api_port],
ip_addresses => hiera('manila_api_node_ips', $controller_hosts_real),
server_names => hiera('manila_api_node_names', $controller_hosts_names_real),
+ mode => 'http',
listen_options => {
'http-request' => [
'set-header X-Forwarded-Proto https if { ssl_fc }',
@@ -934,6 +939,7 @@ class tripleo::haproxy (
service_port => $ports[ceilometer_api_port],
ip_addresses => hiera('ceilometer_api_node_ips', $controller_hosts_real),
server_names => hiera('ceilometer_api_node_names', $controller_hosts_names_real),
+ mode => 'http',
listen_options => {
'http-request' => [
'set-header X-Forwarded-Proto https if { ssl_fc }',
@@ -952,6 +958,7 @@ class tripleo::haproxy (
service_port => $ports[aodh_api_port],
ip_addresses => hiera('aodh_api_node_ips', $controller_hosts_real),
server_names => hiera('aodh_api_node_names', $controller_hosts_names_real),
+ mode => 'http',
listen_options => {
'http-request' => [
'set-header X-Forwarded-Proto https if { ssl_fc }',
@@ -963,15 +970,34 @@ class tripleo::haproxy (
}
}
+ if $panko {
+ ::tripleo::haproxy::endpoint { 'panko':
+ public_virtual_ip => $public_virtual_ip,
+ internal_ip => hiera('panko_api_vip', $controller_virtual_ip),
+ service_port => $ports[panko_api_port],
+ ip_addresses => hiera('panko_api_node_ips', $controller_hosts_real),
+ server_names => hiera('panko_api_node_names', $controller_hosts_names_real),
+ listen_options => {
+ 'http-request' => [
+ 'set-header X-Forwarded-Proto https if { ssl_fc }',
+ 'set-header X-Forwarded-Proto http if !{ ssl_fc }'],
+ },
+ public_ssl_port => $ports[panko_api_ssl_port],
+ service_network => $panko_network,
+ member_options => union($haproxy_member_options, $internal_tls_member_options),
+ }
+ }
+
if $barbican {
::tripleo::haproxy::endpoint { 'barbican':
public_virtual_ip => $public_virtual_ip,
internal_ip => hiera('barbican_api_vip', $controller_virtual_ip),
service_port => $ports[barbican_api_port],
ip_addresses => hiera('barbican_api_node_ips', $controller_hosts_real),
- server_names => hiera('aodh_api_node_names', $controller_hosts_names_real),
+ server_names => hiera('barbican_api_node_names', $controller_hosts_names_real),
public_ssl_port => $ports[barbican_api_ssl_port],
- service_network => $barbican_network
+ service_network => $barbican_network,
+ member_options => union($haproxy_member_options, $internal_tls_member_options),
}
}
@@ -982,6 +1008,7 @@ class tripleo::haproxy (
service_port => $ports[gnocchi_api_port],
ip_addresses => hiera('gnocchi_api_node_ips', $controller_hosts_real),
server_names => hiera('gnocchi_api_node_names', $controller_hosts_names_real),
+ mode => 'http',
listen_options => {
'http-request' => [
'set-header X-Forwarded-Proto https if { ssl_fc }',