aboutsummaryrefslogtreecommitdiffstats
path: root/manifests/loadbalancer.pp
diff options
context:
space:
mode:
Diffstat (limited to 'manifests/loadbalancer.pp')
-rw-r--r--manifests/loadbalancer.pp47
1 files changed, 47 insertions, 0 deletions
diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp
index c6d7f33..a6c4411 100644
--- a/manifests/loadbalancer.pp
+++ b/manifests/loadbalancer.pp
@@ -152,6 +152,11 @@
# When set, enables SSL on the Trove public API endpoint using the specified file.
# Defaults to undef
#
+# [*gnocchi_certificate*]
+# Filename of an HAProxy-compatible certificate and key file
+# When set, enables SSL on the Gnocchi public API endpoint using the specified file.
+# Defaults to undef
+#
# [*swift_certificate*]
# Filename of an HAProxy-compatible certificate and key file
# When set, enables SSL on the Swift public API endpoint using the specified file.
@@ -232,6 +237,10 @@
# (optional) Enable or not Aodh API binding
# Defaults to false
#
+# [*gnocchi*]
+# (optional) Enable or not Gnocchi API binding
+# Defaults to false
+#
# [*swift_proxy_server*]
# (optional) Enable or not Swift API binding
# Defaults to false
@@ -305,6 +314,7 @@ class tripleo::loadbalancer (
$nova_certificate = undef,
$ceilometer_certificate = undef,
$aodh_certificate = undef,
+ $gnocchi_certificate = undef,
$swift_certificate = undef,
$heat_certificate = undef,
$horizon_certificate = undef,
@@ -324,6 +334,7 @@ class tripleo::loadbalancer (
$nova_novncproxy = false,
$ceilometer = false,
$aodh = false,
+ $gnocchi = false,
$swift_proxy_server = false,
$heat_api = false,
$heat_cloudwatch = false,
@@ -483,6 +494,11 @@ class tripleo::loadbalancer (
} else {
$aodh_bind_certificate = $service_certificate
}
+ if $gnocchi_certificate {
+ $gnocchi_bind_certificate = $gnocchi_certificate
+ } else {
+ $gnocchi_bind_certificate = $service_certificate
+ }
if $swift_certificate {
$swift_bind_certificate = $swift_certificate
} else {
@@ -659,6 +675,19 @@ class tripleo::loadbalancer (
}
}
+ $gnocchi_api_vip = hiera('gnocchi_api_vip', $controller_virtual_ip)
+ if $gnocchi_bind_certificate {
+ $gnocchi_bind_opts = {
+ "${gnocchi_api_vip}:8041" => [],
+ "${public_virtual_ip}:13041" => ['ssl', 'crt', $gnocchi_bind_certificate],
+ }
+ } else {
+ $gnocchi_bind_opts = {
+ "${gnocchi_api_vip}:8041" => [],
+ "${public_virtual_ip}:8041" => [],
+ }
+ }
+
$swift_proxy_vip = hiera('swift_proxy_vip', $controller_virtual_ip)
if $swift_bind_certificate {
$swift_bind_opts = {
@@ -819,6 +848,10 @@ class tripleo::loadbalancer (
haproxy::listen { 'cinder':
bind => $cinder_bind_opts,
collect_exported => false,
+ mode => 'http', # Needed for http-request option
+ options => {
+ 'http-request' => ['set-header X-Forwarded-Proto https if { ssl_fc }'],
+ },
}
haproxy::balancermember { 'cinder':
listening_service => 'cinder',
@@ -993,6 +1026,20 @@ class tripleo::loadbalancer (
}
}
+ if $gnocchi {
+ haproxy::listen { 'gnocchi':
+ bind => $gnocchi_bind_opts,
+ collect_exported => false,
+ }
+ haproxy::balancermember { 'gnocchi':
+ listening_service => 'gnocchi',
+ ports => '8041',
+ ipaddresses => hiera('gnocchi_api_node_ips', $controller_hosts_real),
+ server_names => $controller_hosts_names_real,
+ options => ['check', 'inter 2000', 'rise 2', 'fall 5'],
+ }
+ }
+
if $swift_proxy_server {
haproxy::listen { 'swift_proxy_server':
bind => $swift_bind_opts,