diff options
Diffstat (limited to 'manifests/loadbalancer.pp')
| -rw-r--r-- | manifests/loadbalancer.pp | 81 |
1 files changed, 74 insertions, 7 deletions
diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp index 102deeb..f9877a6 100644 --- a/manifests/loadbalancer.pp +++ b/manifests/loadbalancer.pp @@ -132,6 +132,11 @@ # When set, enables SSL on the Horizon public API endpoint using the specified file. # Defaults to undef # +# [*ironic_certificate*] +# Filename of an HAProxy-compatible certificate and key file +# When set, enables SSL on the Ironic public API endpoint using the specified file. +# Defaults to undef +# # [*keystone_admin*] # (optional) Enable or not Keystone Admin API binding # Defaults to false @@ -196,10 +201,18 @@ # (optional) Enable or not Horizon dashboard binding # Defaults to false # +# [*ironic*] +# (optional) Enable or not Ironic API binding +# Defaults to false +# # [*mysql*] # (optional) Enable or not MySQL Galera binding # Defaults to false # +# [*mysql_clustercheck*] +# (optional) Enable check via clustercheck for mysql +# Defaults to false +# # [*rabbitmq*] # (optional) Enable or not RabbitMQ binding # Defaults to false @@ -232,6 +245,7 @@ class tripleo::loadbalancer ( $swift_certificate = undef, $heat_certificate = undef, $horizon_certificate = undef, + $ironic_certificate = undef, $keystone_admin = false, $keystone_public = false, $neutron = false, @@ -248,7 +262,9 @@ class tripleo::loadbalancer ( $heat_cloudwatch = false, $heat_cfn = false, $horizon = false, + $ironic = false, $mysql = false, + $mysql_clustercheck = false, $rabbitmq = false, $redis = false, ) { @@ -394,6 +410,11 @@ class tripleo::loadbalancer ( } else { $horizon_bind_certificate = $service_certificate } + if $ironic_certificate { + $ironic_bind_certificate = $ironic_certificate + } else { + $ironic_bind_certificate = $service_certificate + } $keystone_public_api_vip = hiera('keystone_public_api_vip', $controller_virtual_ip) $keystone_admin_api_vip = hiera('keystone_admin_api_vip', $controller_virtual_ip) @@ -517,6 +538,10 @@ class tripleo::loadbalancer ( "${heat_api_vip}:8004" => [], "${public_virtual_ip}:13004" => ['ssl', 'crt', $heat_bind_certificate], } + $heat_options = { + 'option' => [ 'httpchk GET /' ], + 'rsprep' => "^Location:\\ http://${public_virtual_ip}(.*) Location:\\ https://${public_virtual_ip}\\1", + } $heat_cw_bind_opts = { "${heat_api_vip}:8003" => [], "${public_virtual_ip}:13003" => ['ssl', 'crt', $heat_bind_certificate], @@ -530,6 +555,9 @@ class tripleo::loadbalancer ( "${heat_api_vip}:8004" => [], "${public_virtual_ip}:8004" => [], } + $heat_options = { + 'option' => [ 'httpchk GET /' ], + } $heat_cw_bind_opts = { "${heat_api_vip}:8003" => [], "${public_virtual_ip}:8003" => [], @@ -553,6 +581,19 @@ class tripleo::loadbalancer ( } } + $ironic_api_vip = hiera('ironic_api_vip', $controller_virtual_ip) + if $ironic_bind_certificate { + $ironic_bind_opts = { + "${ironic_api_vip}:6385" => [], + "${public_virtual_ip}:13385" => ['ssl', 'crt', $ironic_bind_certificate], + } + } else { + $ironic_bind_opts = { + "${ironic_api_vip}:6385" => [], + "${public_virtual_ip}:6385" => [], + } + } + sysctl::value { 'net.ipv4.ip_nonlocal_bind': value => '1' } class { '::haproxy': @@ -790,10 +831,9 @@ class tripleo::loadbalancer ( if $heat_api { haproxy::listen { 'heat_api': bind => $heat_bind_opts, - options => { - 'option' => [ 'httpchk GET /' ], - }, + options => $heat_options, collect_exported => false, + mode => 'http', } haproxy::balancermember { 'heat_api': listening_service => 'heat_api', @@ -855,13 +895,40 @@ class tripleo::loadbalancer ( } } + if $mysql_clustercheck { + $mysql_listen_options = { + 'option' => [ 'httpchk' ], + 'timeout' => [ 'client 0', 'server 0' ], + 'stick-table' => 'type ip size 1000', + 'stick' => 'on dst', + } + $mysql_member_options = ['check', 'inter 2000', 'rise 2', 'fall 5', 'backup', 'port 9200', 'on-marked-down shutdown-sessions'] + } else { + $mysql_listen_options = { + 'timeout' => [ 'client 0', 'server 0' ], + } + $mysql_member_options = ['check', 'inter 2000', 'rise 2', 'fall 5', 'backup'] + } + + if $ironic { + haproxy::listen { 'ironic': + bind => $ironic_bind_opts, + collect_exported => false, + } + haproxy::balancermember { 'ironic': + listening_service => 'ironic', + ports => '6385', + ipaddresses => hiera('ironic_api_node_ips', $controller_hosts_real), + server_names => $controller_hosts_names_real, + options => [], + } + } + if $mysql { haproxy::listen { 'mysql': ipaddress => [hiera('mysql_vip', $controller_virtual_ip)], ports => 3306, - options => { - 'timeout' => [ 'client 0', 'server 0' ], - }, + options => $mysql_listen_options, collect_exported => false, } haproxy::balancermember { 'mysql-backup': @@ -869,7 +936,7 @@ class tripleo::loadbalancer ( ports => '3306', ipaddresses => hiera('mysql_node_ips', $controller_hosts_real), server_names => $controller_hosts_names_real, - options => ['check', 'inter 2000', 'rise 2', 'fall 5', 'backup'], + options => $mysql_member_options, } } |