summaryrefslogtreecommitdiffstats
path: root/manifests/loadbalancer.pp
diff options
context:
space:
mode:
Diffstat (limited to 'manifests/loadbalancer.pp')
-rw-r--r--manifests/loadbalancer.pp173
1 files changed, 170 insertions, 3 deletions
diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp
index b4b4301..0c00eb2 100644
--- a/manifests/loadbalancer.pp
+++ b/manifests/loadbalancer.pp
@@ -35,6 +35,10 @@
# The value to use as maxconn in the haproxy default config section.
# Defaults to 4096
#
+# [*haproxy_default_timeout*]
+# The value to use as timeout in the haproxy default config section.
+# Defaults to [ 'http-request 10s', 'queue 1m', 'connect 10s', 'client 1m', 'server 1m', 'check 10s' ]
+#
# [*haproxy_log_address*]
# The IPv4, IPv6 or filesystem socket path of the syslog server.
# Defaults to '/dev/log'
@@ -130,6 +134,20 @@
# When set, enables SSL on the Ceilometer public API endpoint using the specified file.
# Defaults to undef
#
+# [*aodh_certificate*]
+# Filename of an HAProxy-compatible certificate and key file
+# When set, enables SSL on the Aodh public API endpoint using the specified file.
+#
+# [*sahara_certificate*]
+# Filename of an HAProxy-compatible certificate and key file
+# When set, enables SSL on the Sahara public API endpoint using the specified file.
+# Defaults to undef
+#
+# [*trove_certificate*]
+# Filename of an HAProxy-compatible certificate and key file
+# When set, enables SSL on the Trove public API endpoint using the specified file.
+# Defaults to undef
+#
# [*swift_certificate*]
# Filename of an HAProxy-compatible certificate and key file
# When set, enables SSL on the Swift public API endpoint using the specified file.
@@ -170,6 +188,14 @@
# (optional) Enable or not Manila API binding
# Defaults to false
#
+# [*sahara*]
+# (optional) Enable or not Sahara API binding
+# defaults to false
+#
+# [*trove*]
+# (optional) Enable or not Trove API binding
+# defaults to false
+#
# [*glance_api*]
# (optional) Enable or not Glance API binding
# Defaults to false
@@ -198,6 +224,10 @@
# (optional) Enable or not Ceilometer API binding
# Defaults to false
#
+# [*aodh*]
+# (optional) Enable or not Aodh API binding
+# Defaults to false
+#
# [*swift_proxy_server*]
# (optional) Enable or not Swift API binding
# Defaults to false
@@ -238,6 +268,10 @@
# (optional) Enable or not Redis binding
# Defaults to false
#
+# [*midonet_api*]
+# (optional) Enable or not MidoNet API binding
+# Defaults to false
+#
class tripleo::loadbalancer (
$controller_virtual_ip,
$control_virtual_interface,
@@ -250,6 +284,7 @@ class tripleo::loadbalancer (
$haproxy_service_manage = true,
$haproxy_global_maxconn = 20480,
$haproxy_default_maxconn = 4096,
+ $haproxy_default_timeout = [ 'http-request 10s', 'queue 1m', 'connect 10s', 'client 1m', 'server 1m', 'check 10s' ],
$haproxy_log_address = '/dev/log',
$controller_host = undef,
$controller_hosts = undef,
@@ -258,10 +293,13 @@ class tripleo::loadbalancer (
$keystone_certificate = undef,
$neutron_certificate = undef,
$cinder_certificate = undef,
+ $sahara_certificate = undef,
+ $trove_certificate = undef,
$manila_certificate = undef,
$glance_certificate = undef,
$nova_certificate = undef,
$ceilometer_certificate = undef,
+ $aodh_certificate = undef,
$swift_certificate = undef,
$heat_certificate = undef,
$horizon_certificate = undef,
@@ -270,6 +308,8 @@ class tripleo::loadbalancer (
$keystone_public = false,
$neutron = false,
$cinder = false,
+ $sahara = false,
+ $trove = false,
$manila = false,
$glance_api = false,
$glance_registry = false,
@@ -278,6 +318,7 @@ class tripleo::loadbalancer (
$nova_metadata = false,
$nova_novncproxy = false,
$ceilometer = false,
+ $aodh = false,
$swift_proxy_server = false,
$heat_api = false,
$heat_cloudwatch = false,
@@ -288,6 +329,7 @@ class tripleo::loadbalancer (
$mysql_clustercheck = false,
$rabbitmq = false,
$redis = false,
+ $midonet_api = false,
) {
if !$controller_host and !$controller_hosts {
@@ -401,6 +443,16 @@ class tripleo::loadbalancer (
} else {
$cinder_bind_certificate = $service_certificate
}
+ if $sahara_certificate {
+ $sahara_bind_certificate = $sahara_certificate
+ } else {
+ $sahara_bind_certificate = $service_certificate
+ }
+ if $trove_certificate {
+ $trove_bind_certificate = $trove_certificate
+ } else {
+ $trove_bind_certificate = $trove_certificate
+ }
if $manila_certificate {
$manila_bind_certificate = $manila_certificate
} else {
@@ -421,6 +473,11 @@ class tripleo::loadbalancer (
} else {
$ceilometer_bind_certificate = $service_certificate
}
+ if $aodh_certificate {
+ $aodh_bind_certificate = $aodh_certificate
+ } else {
+ $aodh_bind_certificate = $service_certificate
+ }
if $swift_certificate {
$swift_bind_certificate = $swift_certificate
} else {
@@ -516,6 +573,32 @@ class tripleo::loadbalancer (
}
}
+ $sahara_api_vip = hiera('sahara_api_vip', $controller_virtual_ip)
+ if $sahara_bind_certificate {
+ $sahara_bind_opts = {
+ "${sahara_api_vip}:8386" => [],
+ "${public_virtual_ip}:13786" => ['ssl', 'crt', $sahara_bind_certificate],
+ }
+ } else {
+ $sahara_bind_opts = {
+ "${sahara_api_vip}:8386" => [],
+ "${public_virtual_ip}:8386" => [],
+ }
+ }
+
+ $trove_api_vip = hiera('$trove_api_vip', $controller_virtual_ip)
+ if $trove_bind_certificate {
+ $trove_bind_opts = {
+ "${trove_api_vip}:8779" => [],
+ "${public_virtual_ip}:13779" => ['ssl', 'crt', $trove_bind_certificate],
+ }
+ } else {
+ $trove_bind_opts = {
+ "${trove_api_vip}:8779" => [],
+ "${public_virtual_ip}:8779" => [],
+ }
+ }
+
$nova_api_vip = hiera('nova_api_vip', $controller_virtual_ip)
if $nova_bind_certificate {
$nova_osapi_bind_opts = {
@@ -558,11 +641,24 @@ class tripleo::loadbalancer (
}
}
+ $aodh_api_vip = hiera('aodh_api_vip', $controller_virtual_ip)
+ if $aodh_bind_certificate {
+ $aodh_bind_opts = {
+ "${aodh_api_vip}:8042" => [],
+ "${public_virtual_ip}:13042" => ['ssl', 'crt', $aodh_bind_certificate],
+ }
+ } else {
+ $aodh_bind_opts = {
+ "${aodh_api_vip}:8042" => [],
+ "${public_virtual_ip}:8042" => [],
+ }
+ }
+
$swift_proxy_vip = hiera('swift_proxy_vip', $controller_virtual_ip)
if $swift_bind_certificate {
$swift_bind_opts = {
"${swift_proxy_vip}:8080" => [],
- "${public_virtual_ip}:13080" => ['ssl', 'crt', $swift_bind_certificate],
+ "${public_virtual_ip}:13808" => ['ssl', 'crt', $swift_bind_certificate],
}
} else {
$swift_bind_opts = {
@@ -579,6 +675,7 @@ class tripleo::loadbalancer (
}
$heat_options = {
'rsprep' => "^Location:\\ http://${public_virtual_ip}(.*) Location:\\ https://${public_virtual_ip}\\1",
+ 'http-request' => ['set-header X-Forwarded-Proto https if { ssl_fc }'],
}
$heat_cw_bind_opts = {
"${heat_api_vip}:8003" => [],
@@ -586,7 +683,7 @@ class tripleo::loadbalancer (
}
$heat_cfn_bind_opts = {
"${heat_api_vip}:8000" => [],
- "${public_virtual_ip}:13000" => ['ssl', 'crt', $heat_bind_certificate],
+ "${public_virtual_ip}:13800" => ['ssl', 'crt', $heat_bind_certificate],
}
} else {
$heat_bind_opts = {
@@ -646,7 +743,7 @@ class tripleo::loadbalancer (
'mode' => 'tcp',
'log' => 'global',
'retries' => '3',
- 'timeout' => [ 'http-request 10s', 'queue 1m', 'connect 10s', 'client 1m', 'server 1m', 'check 10s' ],
+ 'timeout' => $haproxy_default_timeout,
'maxconn' => $haproxy_default_maxconn,
},
}
@@ -685,6 +782,10 @@ class tripleo::loadbalancer (
haproxy::listen { 'keystone_public':
bind => $keystone_public_bind_opts,
collect_exported => false,
+ mode => 'http', # Needed for http-request option
+ options => {
+ 'http-request' => ['set-header X-Forwarded-Proto https if { ssl_fc }'],
+ },
}
haproxy::balancermember { 'keystone_public':
listening_service => 'keystone_public',
@@ -737,6 +838,34 @@ class tripleo::loadbalancer (
}
}
+ if $sahara {
+ haproxy::listen { 'sahara':
+ bind => $sahara_bind_opts,
+ collect_exported => false,
+ }
+ haproxy::balancermember { 'sahara':
+ listening_service => 'sahara',
+ ports => '8386',
+ ipaddresses => hiera('sahara_api_node_ips', $controller_hosts_real),
+ server_names => $controller_hosts_names_real,
+ options => ['check', 'inter 2000', 'rise 2', 'fall 5'],
+ }
+ }
+
+ if $trove {
+ haproxy::listen { 'trove':
+ bind => $trove_bind_opts,
+ collect_exported => false,
+ }
+ haproxy::balancermember { 'trove':
+ listening_service => 'trove',
+ ports => '8779',
+ ipaddresses => hiera('trove_api_node_ips', $controller_hosts_real),
+ server_names => $controller_hosts_names_real,
+ options => ['check', 'inter 2000', 'rise 2', 'fall 5'],
+ }
+ }
+
if $glance_api {
haproxy::listen { 'glance_api':
bind => $glance_bind_opts,
@@ -784,6 +913,10 @@ class tripleo::loadbalancer (
haproxy::listen { 'nova_osapi':
bind => $nova_osapi_bind_opts,
collect_exported => false,
+ mode => 'http',
+ options => {
+ 'http-request' => ['set-header X-Forwarded-Proto https if { ssl_fc }'],
+ },
}
haproxy::balancermember { 'nova_osapi':
listening_service => 'nova_osapi',
@@ -814,6 +947,7 @@ class tripleo::loadbalancer (
bind => $nova_novnc_bind_opts,
options => {
'balance' => 'source',
+ 'timeout' => [ 'tunnel 1h' ],
},
collect_exported => false,
}
@@ -840,6 +974,20 @@ class tripleo::loadbalancer (
}
}
+ if $aodh {
+ haproxy::listen { 'aodh':
+ bind => $aodh_bind_opts,
+ collect_exported => false,
+ }
+ haproxy::balancermember { 'aodh':
+ listening_service => 'aodh',
+ ports => '8042',
+ ipaddresses => hiera('aodh_api_node_ips', $controller_hosts_real),
+ server_names => $controller_hosts_names_real,
+ options => ['check', 'inter 2000', 'rise 2', 'fall 5'],
+ }
+ }
+
if $swift_proxy_server {
haproxy::listen { 'swift_proxy_server':
bind => $swift_bind_opts,
@@ -1003,4 +1151,23 @@ class tripleo::loadbalancer (
}
}
+ $midonet_api_vip = hiera('midonet_api_vip', $controller_virtual_ip)
+ $midonet_bind_opts = {
+ "${midonet_api_vip}:8081" => [],
+ "${public_virtual_ip}:8081" => [],
+ }
+
+ if $midonet_api {
+ haproxy::listen { 'midonet_api':
+ bind => $midonet_bind_opts,
+ collect_exported => false,
+ }
+ haproxy::balancermember { 'midonet_api':
+ listening_service => 'midonet_api',
+ ports => '8081',
+ ipaddresses => hiera('midonet_api_node_ips', $controller_hosts_real),
+ server_names => $controller_hosts_names_real,
+ options => ['check', 'inter 2000', 'rise 2', 'fall 5'],
+ }
+ }
}