diff options
Diffstat (limited to 'manifests/loadbalancer.pp')
-rw-r--r-- | manifests/loadbalancer.pp | 173 |
1 files changed, 170 insertions, 3 deletions
diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp index b4b4301..0c00eb2 100644 --- a/manifests/loadbalancer.pp +++ b/manifests/loadbalancer.pp @@ -35,6 +35,10 @@ # The value to use as maxconn in the haproxy default config section. # Defaults to 4096 # +# [*haproxy_default_timeout*] +# The value to use as timeout in the haproxy default config section. +# Defaults to [ 'http-request 10s', 'queue 1m', 'connect 10s', 'client 1m', 'server 1m', 'check 10s' ] +# # [*haproxy_log_address*] # The IPv4, IPv6 or filesystem socket path of the syslog server. # Defaults to '/dev/log' @@ -130,6 +134,20 @@ # When set, enables SSL on the Ceilometer public API endpoint using the specified file. # Defaults to undef # +# [*aodh_certificate*] +# Filename of an HAProxy-compatible certificate and key file +# When set, enables SSL on the Aodh public API endpoint using the specified file. +# +# [*sahara_certificate*] +# Filename of an HAProxy-compatible certificate and key file +# When set, enables SSL on the Sahara public API endpoint using the specified file. +# Defaults to undef +# +# [*trove_certificate*] +# Filename of an HAProxy-compatible certificate and key file +# When set, enables SSL on the Trove public API endpoint using the specified file. +# Defaults to undef +# # [*swift_certificate*] # Filename of an HAProxy-compatible certificate and key file # When set, enables SSL on the Swift public API endpoint using the specified file. @@ -170,6 +188,14 @@ # (optional) Enable or not Manila API binding # Defaults to false # +# [*sahara*] +# (optional) Enable or not Sahara API binding +# defaults to false +# +# [*trove*] +# (optional) Enable or not Trove API binding +# defaults to false +# # [*glance_api*] # (optional) Enable or not Glance API binding # Defaults to false @@ -198,6 +224,10 @@ # (optional) Enable or not Ceilometer API binding # Defaults to false # +# [*aodh*] +# (optional) Enable or not Aodh API binding +# Defaults to false +# # [*swift_proxy_server*] # (optional) Enable or not Swift API binding # Defaults to false @@ -238,6 +268,10 @@ # (optional) Enable or not Redis binding # Defaults to false # +# [*midonet_api*] +# (optional) Enable or not MidoNet API binding +# Defaults to false +# class tripleo::loadbalancer ( $controller_virtual_ip, $control_virtual_interface, @@ -250,6 +284,7 @@ class tripleo::loadbalancer ( $haproxy_service_manage = true, $haproxy_global_maxconn = 20480, $haproxy_default_maxconn = 4096, + $haproxy_default_timeout = [ 'http-request 10s', 'queue 1m', 'connect 10s', 'client 1m', 'server 1m', 'check 10s' ], $haproxy_log_address = '/dev/log', $controller_host = undef, $controller_hosts = undef, @@ -258,10 +293,13 @@ class tripleo::loadbalancer ( $keystone_certificate = undef, $neutron_certificate = undef, $cinder_certificate = undef, + $sahara_certificate = undef, + $trove_certificate = undef, $manila_certificate = undef, $glance_certificate = undef, $nova_certificate = undef, $ceilometer_certificate = undef, + $aodh_certificate = undef, $swift_certificate = undef, $heat_certificate = undef, $horizon_certificate = undef, @@ -270,6 +308,8 @@ class tripleo::loadbalancer ( $keystone_public = false, $neutron = false, $cinder = false, + $sahara = false, + $trove = false, $manila = false, $glance_api = false, $glance_registry = false, @@ -278,6 +318,7 @@ class tripleo::loadbalancer ( $nova_metadata = false, $nova_novncproxy = false, $ceilometer = false, + $aodh = false, $swift_proxy_server = false, $heat_api = false, $heat_cloudwatch = false, @@ -288,6 +329,7 @@ class tripleo::loadbalancer ( $mysql_clustercheck = false, $rabbitmq = false, $redis = false, + $midonet_api = false, ) { if !$controller_host and !$controller_hosts { @@ -401,6 +443,16 @@ class tripleo::loadbalancer ( } else { $cinder_bind_certificate = $service_certificate } + if $sahara_certificate { + $sahara_bind_certificate = $sahara_certificate + } else { + $sahara_bind_certificate = $service_certificate + } + if $trove_certificate { + $trove_bind_certificate = $trove_certificate + } else { + $trove_bind_certificate = $trove_certificate + } if $manila_certificate { $manila_bind_certificate = $manila_certificate } else { @@ -421,6 +473,11 @@ class tripleo::loadbalancer ( } else { $ceilometer_bind_certificate = $service_certificate } + if $aodh_certificate { + $aodh_bind_certificate = $aodh_certificate + } else { + $aodh_bind_certificate = $service_certificate + } if $swift_certificate { $swift_bind_certificate = $swift_certificate } else { @@ -516,6 +573,32 @@ class tripleo::loadbalancer ( } } + $sahara_api_vip = hiera('sahara_api_vip', $controller_virtual_ip) + if $sahara_bind_certificate { + $sahara_bind_opts = { + "${sahara_api_vip}:8386" => [], + "${public_virtual_ip}:13786" => ['ssl', 'crt', $sahara_bind_certificate], + } + } else { + $sahara_bind_opts = { + "${sahara_api_vip}:8386" => [], + "${public_virtual_ip}:8386" => [], + } + } + + $trove_api_vip = hiera('$trove_api_vip', $controller_virtual_ip) + if $trove_bind_certificate { + $trove_bind_opts = { + "${trove_api_vip}:8779" => [], + "${public_virtual_ip}:13779" => ['ssl', 'crt', $trove_bind_certificate], + } + } else { + $trove_bind_opts = { + "${trove_api_vip}:8779" => [], + "${public_virtual_ip}:8779" => [], + } + } + $nova_api_vip = hiera('nova_api_vip', $controller_virtual_ip) if $nova_bind_certificate { $nova_osapi_bind_opts = { @@ -558,11 +641,24 @@ class tripleo::loadbalancer ( } } + $aodh_api_vip = hiera('aodh_api_vip', $controller_virtual_ip) + if $aodh_bind_certificate { + $aodh_bind_opts = { + "${aodh_api_vip}:8042" => [], + "${public_virtual_ip}:13042" => ['ssl', 'crt', $aodh_bind_certificate], + } + } else { + $aodh_bind_opts = { + "${aodh_api_vip}:8042" => [], + "${public_virtual_ip}:8042" => [], + } + } + $swift_proxy_vip = hiera('swift_proxy_vip', $controller_virtual_ip) if $swift_bind_certificate { $swift_bind_opts = { "${swift_proxy_vip}:8080" => [], - "${public_virtual_ip}:13080" => ['ssl', 'crt', $swift_bind_certificate], + "${public_virtual_ip}:13808" => ['ssl', 'crt', $swift_bind_certificate], } } else { $swift_bind_opts = { @@ -579,6 +675,7 @@ class tripleo::loadbalancer ( } $heat_options = { 'rsprep' => "^Location:\\ http://${public_virtual_ip}(.*) Location:\\ https://${public_virtual_ip}\\1", + 'http-request' => ['set-header X-Forwarded-Proto https if { ssl_fc }'], } $heat_cw_bind_opts = { "${heat_api_vip}:8003" => [], @@ -586,7 +683,7 @@ class tripleo::loadbalancer ( } $heat_cfn_bind_opts = { "${heat_api_vip}:8000" => [], - "${public_virtual_ip}:13000" => ['ssl', 'crt', $heat_bind_certificate], + "${public_virtual_ip}:13800" => ['ssl', 'crt', $heat_bind_certificate], } } else { $heat_bind_opts = { @@ -646,7 +743,7 @@ class tripleo::loadbalancer ( 'mode' => 'tcp', 'log' => 'global', 'retries' => '3', - 'timeout' => [ 'http-request 10s', 'queue 1m', 'connect 10s', 'client 1m', 'server 1m', 'check 10s' ], + 'timeout' => $haproxy_default_timeout, 'maxconn' => $haproxy_default_maxconn, }, } @@ -685,6 +782,10 @@ class tripleo::loadbalancer ( haproxy::listen { 'keystone_public': bind => $keystone_public_bind_opts, collect_exported => false, + mode => 'http', # Needed for http-request option + options => { + 'http-request' => ['set-header X-Forwarded-Proto https if { ssl_fc }'], + }, } haproxy::balancermember { 'keystone_public': listening_service => 'keystone_public', @@ -737,6 +838,34 @@ class tripleo::loadbalancer ( } } + if $sahara { + haproxy::listen { 'sahara': + bind => $sahara_bind_opts, + collect_exported => false, + } + haproxy::balancermember { 'sahara': + listening_service => 'sahara', + ports => '8386', + ipaddresses => hiera('sahara_api_node_ips', $controller_hosts_real), + server_names => $controller_hosts_names_real, + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + + if $trove { + haproxy::listen { 'trove': + bind => $trove_bind_opts, + collect_exported => false, + } + haproxy::balancermember { 'trove': + listening_service => 'trove', + ports => '8779', + ipaddresses => hiera('trove_api_node_ips', $controller_hosts_real), + server_names => $controller_hosts_names_real, + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + if $glance_api { haproxy::listen { 'glance_api': bind => $glance_bind_opts, @@ -784,6 +913,10 @@ class tripleo::loadbalancer ( haproxy::listen { 'nova_osapi': bind => $nova_osapi_bind_opts, collect_exported => false, + mode => 'http', + options => { + 'http-request' => ['set-header X-Forwarded-Proto https if { ssl_fc }'], + }, } haproxy::balancermember { 'nova_osapi': listening_service => 'nova_osapi', @@ -814,6 +947,7 @@ class tripleo::loadbalancer ( bind => $nova_novnc_bind_opts, options => { 'balance' => 'source', + 'timeout' => [ 'tunnel 1h' ], }, collect_exported => false, } @@ -840,6 +974,20 @@ class tripleo::loadbalancer ( } } + if $aodh { + haproxy::listen { 'aodh': + bind => $aodh_bind_opts, + collect_exported => false, + } + haproxy::balancermember { 'aodh': + listening_service => 'aodh', + ports => '8042', + ipaddresses => hiera('aodh_api_node_ips', $controller_hosts_real), + server_names => $controller_hosts_names_real, + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + if $swift_proxy_server { haproxy::listen { 'swift_proxy_server': bind => $swift_bind_opts, @@ -1003,4 +1151,23 @@ class tripleo::loadbalancer ( } } + $midonet_api_vip = hiera('midonet_api_vip', $controller_virtual_ip) + $midonet_bind_opts = { + "${midonet_api_vip}:8081" => [], + "${public_virtual_ip}:8081" => [], + } + + if $midonet_api { + haproxy::listen { 'midonet_api': + bind => $midonet_bind_opts, + collect_exported => false, + } + haproxy::balancermember { 'midonet_api': + listening_service => 'midonet_api', + ports => '8081', + ipaddresses => hiera('midonet_api_node_ips', $controller_hosts_real), + server_names => $controller_hosts_names_real, + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } } |