diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index d18a1285a8..5549688af3 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -23,7 +23,8 @@ kolla_base_distro: "centos" kolla_install_type: "binary" # Value set in the public_url endpoint in Keystone -kolla_external_address: "{{ kolla_internal_address }}" +kolla_external_vip_address: "{{ kolla_internal_address }}" +kolla_external_address: "{{ kolla_external_vip_address }}" kolla_enable_sanity_checks: "no" @@ -66,6 +67,7 @@ docker_common_options: #################### # Networking options #################### +kolla_external_vip_interface: "{{ network_interface }}" api_interface: "{{ network_interface }}" storage_interface: "{{ network_interface }}" tunnel_interface: "{{ network_interface }}" @@ -204,6 +206,7 @@ rabbitmq_user: "openstack" # HAProxy options #################### haproxy_user: "openstack" +haproxy_enable_external_vip: "{{ 'no' if kolla_external_vip_address == kolla_internal_address else 'yes' }}" ################################# diff --git a/ansible/roles/haproxy/templates/haproxy.cfg.j2 b/ansible/roles/haproxy/templates/haproxy.cfg.j2 index f56daa8545..3f1b132058 100644 --- a/ansible/roles/haproxy/templates/haproxy.cfg.j2 +++ b/ansible/roles/haproxy/templates/haproxy.cfg.j2 @@ -55,11 +55,19 @@ listen mongodb {% endif %} {% if enable_keystone | bool %} -listen keystone_public +listen keystone_internal bind {{ kolla_internal_address }}:{{ keystone_public_port }} {% for host in groups['keystone'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ keystone_public_port }} check inter 2000 rise 2 fall 5 {% endfor %} +{% if haproxy_enable_external_vip | bool %} + +listen keystone_external + bind {{ kolla_external_vip_address }}:{{ keystone_public_port }} +{% for host in groups['keystone'] %} + server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ keystone_public_port }} check inter 2000 rise 2 fall 5 +{% endfor %} +{% endif %} listen keystone_admin bind {{ kolla_internal_address }}:{{ keystone_admin_port }} @@ -80,6 +88,20 @@ listen glance_api {% for host in groups['glance-api'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ glance_api_port }} check inter 2000 rise 2 fall 5 {% endfor %} +{% if haproxy_enable_external_vip | bool %} + +listen glance_registry_external + bind {{ kolla_external_vip_address }}:{{ glance_registry_port }} +{% for host in groups['glance-registry'] %} + server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ glance_registry_port }} check inter 2000 rise 2 fall 5 +{% endfor %} + +listen glance_api_external + bind {{ kolla_external_vip_address }}:{{ glance_api_port }} +{% for host in groups['glance-api'] %} + server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ glance_api_port }} check inter 2000 rise 2 fall 5 +{% endfor %} +{% endif %} {% endif %} {% if enable_nova | bool %} @@ -114,6 +136,40 @@ listen nova_spicehtml5proxy server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_spicehtml5proxy_port }} check inter 2000 rise 2 fall 5 {% endfor %} {% endif %} +{% if haproxy_enable_external_vip | bool %} + +listen nova_api_external + bind {{ kolla_external_vip_address }}:{{ nova_api_port }} +{% for host in groups['nova-api'] %} + server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_api_port }} check inter 2000 rise 2 fall 5 +{% endfor %} + +listen nova_api_ec2_external + bind {{ kolla_external_vip_address }}:{{ nova_api_ec2_port }} +{% for host in groups['nova-api'] %} + server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_api_ec2_port }} check inter 2000 rise 2 fall 5 +{% endfor %} + +listen nova_metadata_external + bind {{ kolla_external_vip_address }}:{{ nova_metadata_port }} +{% for host in groups['nova-api'] %} + server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_metadata_port }} check inter 2000 rise 2 fall 5 +{% endfor %} + +{% if nova_console == 'novnc' %} +listen nova_novncproxy_external + bind {{ kolla_external_vip_address }}:{{ nova_novncproxy_port }} +{% for host in groups['nova-novncproxy'] %} + server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_novncproxy_port }} check inter 2000 rise 2 fall 5 +{% endfor %} +{% elif nova_console == 'spice' %} +listen nova_spicehtml5proxy_external + bind {{ kolla_external_vip_address }}:{{ nova_spicehtml5proxy_port }} +{% for host in groups['nova-spicehtml5proxy'] %} + server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_spicehtml5proxy_port }} check inter 2000 rise 2 fall 5 +{% endfor %} +{% endif %} +{% endif %} {% endif %} {% if enable_neutron | bool %} @@ -122,6 +178,14 @@ listen neutron_server {% for host in groups['neutron-server'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ neutron_server_port }} check inter 2000 rise 2 fall 5 {% endfor %} +{% if haproxy_enable_external_vip | bool %} + +listen neutron_server_external + bind {{ kolla_external_vip_address }}:{{ neutron_server_port }} +{% for host in groups['neutron-server'] %} + server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ neutron_server_port }} check inter 2000 rise 2 fall 5 +{% endfor %} +{% endif %} {% endif %} {% if enable_horizon | bool %} @@ -130,6 +194,14 @@ listen horizon {% for host in groups['horizon'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:80 check inter 2000 rise 2 fall 5 {% endfor %} +{% if haproxy_enable_external_vip | bool %} + +listen horizon_external + bind {{ kolla_external_vip_address }}:80 +{% for host in groups['horizon'] %} + server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:80 check inter 2000 rise 2 fall 5 +{% endfor %} +{% endif %} {% endif %} {% if enable_cinder | bool %} @@ -138,6 +210,14 @@ listen cinder_api {% for host in groups['cinder-api'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ cinder_api_port }} check inter 2000 rise 2 fall 5 {% endfor %} +{% if haproxy_enable_external_vip | bool %} + +listen cinder_api_external + bind {{ kolla_external_vip_address }}:{{ cinder_api_port }} +{% for host in groups['cinder-api'] %} + server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ cinder_api_port }} check inter 2000 rise 2 fall 5 +{% endfor %} +{% endif %} {% endif %} {% if enable_heat | bool %} @@ -152,6 +232,20 @@ listen heat_api_cfn {% for host in groups['heat-api-cfn'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ heat_api_cfn_port }} check inter 2000 rise 2 fall 5 {% endfor %} +{% if haproxy_enable_external_vip | bool %} + +listen heat_api_external + bind {{ kolla_external_vip_address }}:{{ heat_api_port }} +{% for host in groups['heat-api'] %} + server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ heat_api_port }} check inter 2000 rise 2 fall 5 +{% endfor %} + +listen heat_api_cfn_external + bind {{ kolla_external_vip_address }}:{{ heat_api_cfn_port }} +{% for host in groups['heat-api-cfn'] %} + server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ heat_api_cfn_port }} check inter 2000 rise 2 fall 5 +{% endfor %} +{% endif %} {% endif %} {% if enable_ironic | bool %} @@ -160,6 +254,14 @@ listen ironic_api {% for host in groups['ironic-api'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ ironic_api_port }} check inter 2000 rise 2 fall 5 {% endfor %} +{% if haproxy_enable_external_vip | bool %} + +listen ironic_api_external + bind {{ kolla_external_vip_address}}:{{ ironic_api_port }} +{% for host in groups['ironic-api'] %} + server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ ironic_api_port }} check inter 2000 rise 2 fall 5 +{% endfor %} +{% endif %} {% endif %} {% if enable_swift | bool %} @@ -168,6 +270,14 @@ listen swift_api {% for host in groups['swift-proxy-server'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ swift_proxy_server_port }} check inter 2000 rise 2 fall 5 {% endfor %} +{% if haproxy_enable_external_vip | bool %} + +listen swift_api_external + bind {{ kolla_external_vip_address}}:{{ swift_proxy_server_port }} +{% for host in groups['swift-proxy-server'] %} + server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ swift_proxy_server_port }} check inter 2000 rise 2 fall 5 +{% endfor %} +{% endif %} {% endif %} {% if enable_murano | bool %} @@ -176,6 +286,14 @@ listen murano_api {% for host in groups['murano-api'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ murano_api_port }} check inter 2000 rise 2 fall 5 {% endfor %} +{% if haproxy_enable_external_vip | bool %} + +listen murano_api_external + bind {{ kolla_external_vip_address }}:{{ murano_api_port }} +{% for host in groups['murano-api'] %} + server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ murano_api_port }} check inter 2000 rise 2 fall 5 +{% endfor %} +{% endif %} {% endif %} {% if enable_magnum | bool %} @@ -184,6 +302,14 @@ listen magnum_api {% for host in groups['magnum-api'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ magnum_api_port }} check inter 2000 rise 2 fall 5 {% endfor %} +{% if haproxy_enable_external_vip | bool %} + +listen magnum_api_external + bind {{ kolla_external_vip_address }}:{{ magnum_api_port }} +{% for host in groups['magnum-api'] %} + server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ magnum_api_port }} check inter 2000 rise 2 fall 5 +{% endfor %} +{% endif %} {% endif %} {% if enable_ceph | bool and enable_ceph_rgw | bool %} @@ -192,4 +318,12 @@ listen radosgw {% for host in groups['ceph-rgw'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rgw_port }} check inter 2000 rise 2 fall 5 {% endfor %} +{% if haproxy_enable_external_vip | bool %} + +listen radosgw_external + bind {{ kolla_external_vip_address}}:{{ rgw_port }} +{% for host in groups['ceph-rgw'] %} + server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rgw_port }} check inter 2000 rise 2 fall 5 +{% endfor %} +{% endif %} {% endif %} diff --git a/ansible/roles/haproxy/templates/keepalived.conf.j2 b/ansible/roles/haproxy/templates/keepalived.conf.j2 index 01ddabafe5..f71c207d31 100644 --- a/ansible/roles/haproxy/templates/keepalived.conf.j2 +++ b/ansible/roles/haproxy/templates/keepalived.conf.j2 @@ -5,7 +5,7 @@ vrrp_script check_alive { rise 10 } -vrrp_instance Floating { +vrrp_instance kolla_internal_vip { state MASTER interface {{ api_interface }} virtual_router_id 51 @@ -18,3 +18,19 @@ vrrp_instance Floating { check_alive } } + +{% if haproxy_enable_external_vip | bool %} +vrrp_instance kolla_external_vip { + state MASTER + interface {{ kolla_external_vip_interface }} + virtual_router_id 52 + priority {{ groups['haproxy'].index(inventory_hostname) + 1 }} + advert_int 1 + virtual_ipaddress { + {{ kolla_external_vip_address }} + } + track_script { + check_alive + } +} +{% endif %} diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml index 3de40c4e81..885c80bc8a 100644 --- a/etc/kolla/globals.yml +++ b/etc/kolla/globals.yml @@ -15,7 +15,7 @@ #kolla_install_type: "binary" # This should be a VIP, an unused IP on your network that will float between -# the hosts running keepalived for high-availibility. When running an All-In-One +# the hosts running keepalived for high-availability. When running an All-In-One # without haproxy and keepalived, this should be the first IP on your # 'network_interface' as set in the Networking section below. kolla_internal_address: "10.10.10.254" @@ -27,6 +27,12 @@ kolla_internal_address: "10.10.10.254" # It is recommended to use a DNS name as well, but not required. #kolla_external_address: "{{ kolla_internal_address }}" +# This should be a VIP, an unused IP on your network that will float between +# the hosts running keepalived for high-availability. It defaults to the +# kolla_internal_address, allowing internal and external communication to +# share the same address. Specify a kolla_external_vip_address to +# separate internal and external requests between two VIPs. +#kolla_external_vip_address: "{{ kolla_internal_address }}" #################### # Docker options @@ -49,6 +55,7 @@ network_interface: "eth0" # These can be adjusted for even more customization. The default is the same as # the 'network_interface'. These interfaces must container an IPv4 address. +#kolla_external_vip_interface: "{{ network_interface }}" #api_interface: "{{ network_interface }}" #storage_interface: "{{ network_interface }}" #tunnel_interface: "{{ network_interface }}"