diff options
Diffstat (limited to 'manifests/loadbalancer.pp')
-rw-r--r-- | manifests/loadbalancer.pp | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp index c6d7f33..a6c4411 100644 --- a/manifests/loadbalancer.pp +++ b/manifests/loadbalancer.pp @@ -152,6 +152,11 @@ # When set, enables SSL on the Trove public API endpoint using the specified file. # Defaults to undef # +# [*gnocchi_certificate*] +# Filename of an HAProxy-compatible certificate and key file +# When set, enables SSL on the Gnocchi public API endpoint using the specified file. +# Defaults to undef +# # [*swift_certificate*] # Filename of an HAProxy-compatible certificate and key file # When set, enables SSL on the Swift public API endpoint using the specified file. @@ -232,6 +237,10 @@ # (optional) Enable or not Aodh API binding # Defaults to false # +# [*gnocchi*] +# (optional) Enable or not Gnocchi API binding +# Defaults to false +# # [*swift_proxy_server*] # (optional) Enable or not Swift API binding # Defaults to false @@ -305,6 +314,7 @@ class tripleo::loadbalancer ( $nova_certificate = undef, $ceilometer_certificate = undef, $aodh_certificate = undef, + $gnocchi_certificate = undef, $swift_certificate = undef, $heat_certificate = undef, $horizon_certificate = undef, @@ -324,6 +334,7 @@ class tripleo::loadbalancer ( $nova_novncproxy = false, $ceilometer = false, $aodh = false, + $gnocchi = false, $swift_proxy_server = false, $heat_api = false, $heat_cloudwatch = false, @@ -483,6 +494,11 @@ class tripleo::loadbalancer ( } else { $aodh_bind_certificate = $service_certificate } + if $gnocchi_certificate { + $gnocchi_bind_certificate = $gnocchi_certificate + } else { + $gnocchi_bind_certificate = $service_certificate + } if $swift_certificate { $swift_bind_certificate = $swift_certificate } else { @@ -659,6 +675,19 @@ class tripleo::loadbalancer ( } } + $gnocchi_api_vip = hiera('gnocchi_api_vip', $controller_virtual_ip) + if $gnocchi_bind_certificate { + $gnocchi_bind_opts = { + "${gnocchi_api_vip}:8041" => [], + "${public_virtual_ip}:13041" => ['ssl', 'crt', $gnocchi_bind_certificate], + } + } else { + $gnocchi_bind_opts = { + "${gnocchi_api_vip}:8041" => [], + "${public_virtual_ip}:8041" => [], + } + } + $swift_proxy_vip = hiera('swift_proxy_vip', $controller_virtual_ip) if $swift_bind_certificate { $swift_bind_opts = { @@ -819,6 +848,10 @@ class tripleo::loadbalancer ( haproxy::listen { 'cinder': bind => $cinder_bind_opts, collect_exported => false, + mode => 'http', # Needed for http-request option + options => { + 'http-request' => ['set-header X-Forwarded-Proto https if { ssl_fc }'], + }, } haproxy::balancermember { 'cinder': listening_service => 'cinder', @@ -993,6 +1026,20 @@ class tripleo::loadbalancer ( } } + if $gnocchi { + haproxy::listen { 'gnocchi': + bind => $gnocchi_bind_opts, + collect_exported => false, + } + haproxy::balancermember { 'gnocchi': + listening_service => 'gnocchi', + ports => '8041', + ipaddresses => hiera('gnocchi_api_node_ips', $controller_hosts_real), + server_names => $controller_hosts_names_real, + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + if $swift_proxy_server { haproxy::listen { 'swift_proxy_server': bind => $swift_bind_opts, |