summaryrefslogtreecommitdiffstats
path: root/docker/services/pacemaker/haproxy.yaml
AgeCommit message (Collapse)AuthorFilesLines
2017-07-12Merge "Bind mount needed cert for haproxy for HA too"Jenkins1-12/+26
2017-07-10Bind mount needed cert for haproxy for HA tooMartin André1-12/+26
haproxy needs the deployed SSL cert file to function when TLS is enabled. It is also required for the docker-puppet haproxy container since the haproxy puppet module uses a validate_cmd to check the generated config file is valid that fails when the required SSL cert is not present. There is no clean way to disable this feature [1] so we need to bind mount the cert into the container. This commit applies the same change that was applied in Id2df144b678769def204961236624091d4e5c457 for the non-ha case. [1] https://github.com/puppetlabs/puppetlabs-haproxy/blob/4753ea5b2506ee093e9b4c8af6e91201d476d426/manifests/config.pp#L53-L57 Change-Id: I93e1ee86197bcf271f18a62a27c2f350ed3966ea Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
2017-07-10Copy only generated puppet files into the containerMartin André1-0/+6
This solves a problem with bind-mounts when the containers are holding files descriptors open. At the same time this makes the template more robust to puppet changes since new config files will be available in the containers without needing to update the templates. Partial-Bug: #1698323 Change-Id: Ia4ad6d77387e3dc354cd131c2f9756939fb8f736
2017-06-28Add heat parameter for all of config_volume imagesMartin André1-1/+8
This commit consistently defines a heat template parameter in the form of DockerXXXConfigImage where XXX represents the name of the config_volume that is used by docker-puppet. The goal is to mitigate hard to debug errors where the templates would set different defaults for the image docker-puppet.py uses to run, for the same config_volume name. This fixes a couple of inconsistencies on the way. Change-Id: I212020a76622a03521385a6cae4ce73e51ce5b6b Closes-Bug: #1699791
2017-06-12Generate HAproxy iptables rules for containerized HA deploymentsDamien Ciabrini1-10/+13
The containerized HAproxy service can only specify steps to be run in containers, i.e. it cannot runs the regular puppet steps on bare metal at the same time. A side effect is that the dedicated HAproxy iptables rules are no longer generated. Update the docker_config step to fix the creation of iptables rules for HAproxy and persist them on-disk as before. Co-Authored-By: Michele Baldessari <michele@acksyn.org> Closes-Bug: 1697387 Change-Id: Ib5a083ba3299a82645f1a0f9da0d482c6b89ee23
2017-05-24Containerize HAProxy for HADamien Ciabrini1-0/+116
This service allows configuring and deploying HAProxy containers in a HA overcloud managed by pacemaker. The containers are managed and run by pacemaker. Pacemaker runs the standard Kolla image but overrides the initial command so that it explicitely calls HAProxy. This way, we shield ourselves from any unexpected future change in Kolla. This container needs to use the 'docker_config' section to invoke puppet (as opposed to 'docker_puppet_tasks'), because due to the HA composability each resource creation needs to happen on the bootstrap node of that service and 'docker_puppet_tasks' will only run on the controller/primary role. Co-Authored-By: Michele Baldessari <michele@acksyn.org> Closes-Bug: #1692908 Depends-On: Ifcf890a88ef003d3ab754cb677cbf34ba8db9312 Change-Id: I2f679bfe195733f4507e9b9e920b678e1370bb82