aboutsummaryrefslogtreecommitdiffstats
path: root/manifests/loadbalancer/endpoint.pp
blob: e6bb185417b29b5510b38482155837b68c47fb6f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
# Copyright 2014 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

# == Class: tripleo::loadbalancer::endpoint
#
# Configure a HAProxy listen endpoint
#
# [*internal_ip*]
#  The IP in which the proxy endpoint will be listening in the internal
#  network.
#
# [*service_port*]
#  The default port on which the endpoint will be listening.
#
# [*ip_addresses*]
#  The ordered list of IPs to be used to contact the balancer member.
#
# [*server_names*]
#  The names of the balancer members, which usually should be the hostname.
#
# [*member_options*]
#  Options for the balancer member, specified after the server declaration.
#  These should go in the member's configuration block.
#
# [*public_virtual_ip*]
#  Address in which the proxy endpoint will be listening in the public network.
#  If this service is internal only this should be ommited.
#  Defaults to undef.
#
# [*mode*]
#  HAProxy mode in which the endpoint will be listening. This can be undef,
#  tcp, http or health.
#  Defaults to undef.
#
# [*haproxy_listen_bind_param*]
#  A list of params to be added to the HAProxy listener bind directive.
#  Defaults to undef.
#
# [*listen_options*]
#  Options specified for the listening service's configuration block (in
#  HAproxy terms, the frontend).
#  defaults to {'option' => []}
#
# [*public_ssl_port*]
#  The port used for the public proxy endpoint if it differs from the default
#  one. This is used only if SSL is enabled, and it's used in order to avoid
#  overriding with the internal proxy endpoint (which could happen if they were
#  in the same network).
#  Defaults to undef.
#
# [*public_certificate*]
#  Certificate path used to enable TLS for the public proxy endpoint.
#  Defaults to undef.
#
# [*internal_certificate*]
#  Certificate path used to enable TLS for the internal proxy endpoint.
#  Defaults to undef.
#
define tripleo::loadbalancer::endpoint (
  $internal_ip,
  $service_port,
  $ip_addresses,
  $server_names,
  $member_options,
  $public_virtual_ip         = undef,
  $mode                      = undef,
  $haproxy_listen_bind_param = undef,
  $listen_options            = {
    'option' => [],
  },
  $public_ssl_port           = undef,
  $public_certificate        = undef,
  $internal_certificate      = undef,
) {
  if $public_virtual_ip {
    # service exposed to the public network

    if $public_certificate {
      $public_bind_opts = {
        "${public_virtual_ip}:${public_ssl_port}" => union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate]),
      }
    } else {
      $public_bind_opts = {
        "${public_virtual_ip}:${service_port}" => $haproxy_listen_bind_param,
      }
    }
  } else {
    # internal service only
    $public_bind_opts = {}
  }

  if $internal_certificate {
    $internal_bind_opts = {
      "${internal_ip}:${service_port}" => union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate]),
    }
  } else {
    $internal_bind_opts = {
      "${internal_ip}:${service_port}" => $haproxy_listen_bind_param,
    }
  }
  $bind_opts = merge($internal_bind_opts, $public_bind_opts)

  haproxy::listen { "${name}":
    bind             => $bind_opts,
    collect_exported => false,
    mode             => $mode,
    options          => $listen_options,
  }
  haproxy::balancermember { "${name}":
    listening_service => $name,
    ports             => $service_port,
    ipaddresses       => $ip_addresses,
    server_names      => $server_names,
    options           => $member_options,
  }
}