Refactor haproxy config (split by service) V2.0

Having all services in one giant haproxy file makes altering
configuration for a service both painful and dangerous. Each service
should be configured with a simple set of variables and rendered with a
single unified template.

Available are two new templates:

* haproxy_single_service_listen.cfg.j2: close to the original style, but
only one service per file
* haproxy_single_service_split.cfg.j2: using the newer haproxy syntax
for separated frontend and backend

For now the default will be the single listen block, for ease of
transition.

Change-Id: I6e237438fbc0aa3c89a3c8bd706a53b74e71904b
This commit is contained in:
Adam Harwell 2018-06-19 00:43:35 -05:00
parent 921a6d8762
commit f1c8136556
110 changed files with 1763 additions and 1504 deletions
ansible
group_vars
inventory
roles
aodh
barbican
blazar
ceph
cinder
cloudkitty
congress
designate
elasticsearch
freezer
glance
gnocchi
grafana
haproxy-config
haproxy
heat
horizon
influxdb
ironic
karbor
keystone
kibana
magnum
manila
mariadb
memcached
mistral
monasca
mongodb
murano
neutron
nova
octavia
opendaylight
panko
prometheus
rabbitmq
sahara
searchlight
senlin
skydive
solum
swift
tacker

@ -208,6 +208,7 @@ gnocchi_api_port: "8041"
grafana_server_port: "3000"
haproxy_stats_port: "1984"
haproxy_monitor_port: "61313"
heat_api_port: "8004"
heat_api_cfn_port: "8000"

@ -493,6 +493,12 @@ solum
[solum-conductor:children]
solum
[solum-application-deployment:children]
solum
[solum-image-builder:children]
solum
# Mistral
[mistral-api:children]
mistral

@ -509,6 +509,12 @@ solum
[solum-conductor:children]
solum
[solum-application-deployment:children]
solum
[solum-image-builder:children]
solum
# Mistral
[mistral-api:children]
mistral

@ -14,6 +14,17 @@ aodh_services:
- "kolla_logs:/var/log/kolla/"
- "{{ kolla_dev_repos_directory ~ '/aodh/aodh:/var/lib/kolla/venv/lib/python2.7/site-packages/aodh' if aodh_dev_mode | bool else '' }}"
dimensions: "{{ aodh_api_dimensions }}"
haproxy:
aodh_api:
enabled: "{{ enable_aodh }}"
mode: "http"
external: false
port: "{{ aodh_api_port }}"
aodh_api_external:
enabled: "{{ enable_aodh }}"
mode: "http"
external: true
port: "{{ aodh_api_port }}"
aodh-evaluator:
container_name: aodh_evaluator
group: aodh-evaluator

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ aodh_services }}"
tags: always

@ -14,6 +14,17 @@ barbican_services:
- "kolla_logs:/var/log/kolla/"
- "{{ kolla_dev_repos_directory ~ '/barbican/barbican:/var/lib/kolla/venv/lib/python2.7/site-packages/barbican' if barbican_dev_mode | bool else '' }}"
dimensions: "{{ barbican_api_dimensions }}"
haproxy:
barbican_api:
enabled: "{{ enable_barbican }}"
mode: "http"
external: false
port: "{{ barbican_api_port }}"
barbican_api_external:
enabled: "{{ enable_barbican }}"
mode: "http"
external: true
port: "{{ barbican_api_port }}"
barbican-keystone-listener:
container_name: barbican_keystone_listener
group: barbican-keystone-listener

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ barbican_services }}"
tags: always

@ -13,6 +13,17 @@ blazar_services:
- "kolla_logs:/var/log/kolla/"
- "{{ kolla_dev_repos_directory ~ '/blazar/blazar:/var/lib/kolla/venv/lib/python2.7/site-packages/blazar' if blazar_dev_mode | bool else '' }}"
dimensions: "{{ blazar_api_dimensions }}"
haproxy:
blazar_api:
enabled: "{{ enable_blazar }}"
mode: "http"
external: false
port: "{{ blazar_api_port }}"
blazar_api_external:
enabled: "{{ enable_blazar }}"
mode: "http"
external: true
port: "{{ blazar_api_port }}"
blazar-manager:
container_name: blazar_manager
group: blazar-manager

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ blazar_services }}"
tags: always

@ -1,6 +1,22 @@
---
project_name: "ceph"
ceph_services:
ceph-rgw:
group: ceph-rgw
enabled: "{{ enable_ceph_rgw|bool }}"
haproxy:
radosgw:
enabled: "{{ enable_ceph|bool and enable_ceph_rgw|bool }}"
mode: "http"
external: false
port: "{{ rgw_port }}"
radosgw_external:
enabled: "{{ enable_ceph|bool and enable_ceph_rgw|bool }}"
mode: "http"
external: true
port: "{{ rgw_port }}"
####################
# Docker

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ ceph_services }}"
tags: always

@ -13,6 +13,17 @@ cinder_services:
- "kolla_logs:/var/log/kolla/"
- "{{ kolla_dev_repos_directory ~ '/cinder/cinder:/var/lib/kolla/venv/lib/python2.7/site-packages/cinder' if cinder_dev_mode | bool else '' }}"
dimensions: "{{ cinder_api_dimensions }}"
haproxy:
cinder_api:
enabled: "{{ enable_cinder }}"
mode: "http"
external: false
port: "{{ cinder_api_port }}"
cinder_api_external:
enabled: "{{ enable_cinder }}"
mode: "http"
external: true
port: "{{ cinder_api_port }}"
cinder-scheduler:
container_name: cinder_scheduler
group: cinder-scheduler

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ cinder_services }}"
tags: always

@ -13,6 +13,17 @@ cloudkitty_services:
- "kolla_logs:/var/log/kolla/"
- "{{ kolla_dev_repos_directory ~ '/cloudkitty/cloudkitty:/var/lib/kolla/venv/lib/python2.7/site-packages/cloudkitty' if cloudkitty_dev_mode | bool else '' }}"
dimensions: "{{ cloudkitty_api_dimensions }}"
haproxy:
cloudkitty_api:
enabled: "{{ enable_cloudkitty }}"
mode: "http"
external: false
port: "{{ cloudkitty_api_port }}"
cloudkitty_api_external:
enabled: "{{ enable_cloudkitty }}"
mode: "http"
external: true
port: "{{ cloudkitty_api_port }}"
cloudkitty-processor:
container_name: "cloudkitty_processor"
group: "cloudkitty-processor"

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ cloudkitty_services }}"
tags: always

@ -13,6 +13,17 @@ congress_services:
- "kolla_logs:/var/log/kolla/"
- "{{ kolla_dev_repos_directory ~ '/congress/congress:/var/lib/kolla/venv/lib/python2.7/site-packages/congress' if congress_dev_mode | bool else '' }}"
dimensions: "{{ congress_api_dimensions }}"
haproxy:
congress_api:
enabled: "{{ enable_congress }}"
mode: "http"
external: false
port: "{{ congress_api_port }}"
congress_api_external:
enabled: "{{ enable_congress }}"
mode: "http"
external: true
port: "{{ congress_api_port }}"
congress-policy-engine:
container_name: congress_policy_engine
group: congress-policy-engine

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ congress_services }}"
tags: always

@ -13,6 +13,17 @@ designate_services:
- "kolla_logs:/var/log/kolla/"
- "{{ kolla_dev_repos_directory ~ '/designate/designate:/var/lib/kolla/venv/lib/python2.7/site-packages/designate' if designate_dev_mode | bool else '' }}"
dimensions: "{{ designate_api_dimensions }}"
haproxy:
designate_api:
enabled: "{{ enable_designate }}"
mode: "http"
external: false
port: "{{ designate_api_port }}"
designate_api_external:
enabled: "{{ enable_designate }}"
mode: "http"
external: true
port: "{{ designate_api_port }}"
designate-backend-bind9:
container_name: designate_backend_bind9
group: designate-backend-bind9

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ designate_services }}"
tags: always

@ -12,6 +12,14 @@ elasticsearch_services:
- "/etc/localtime:/etc/localtime:ro"
- "elasticsearch:/var/lib/elasticsearch/data"
dimensions: "{{ elasticsearch_dimensions }}"
haproxy:
elasticsearch:
enabled: "{{ enable_elasticsearch }}"
mode: "http"
external: false
port: "{{ elasticsearch_port }}"
frontend_http_extra:
- "option dontlog-normal"
####################

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ elasticsearch_services }}"
tags: always

@ -14,6 +14,17 @@ freezer_services:
- "kolla_logs:/var/log/kolla/"
- "{{ kolla_dev_repos_directory ~ '/freezer-api/freezer_api:/var/lib/kolla/venv/lib/python2.7/site-packages/freezer_api' if freezer_dev_mode | bool else '' }}"
dimensions: "{{ freezer_api_dimensions }}"
haproxy:
freezer_api:
enabled: "{{ enable_freezer }}"
mode: "http"
external: false
port: "{{ freezer_api_port }}"
freezer_api_external:
enabled: "{{ enable_freezer }}"
mode: "http"
external: true
port: "{{ freezer_api_port }}"
freezer-scheduler:
container_name: freezer_scheduler
group: freezer-scheduler

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ freezer_services }}"
tags: always

@ -15,6 +15,27 @@ glance_services:
- "{{ kolla_dev_repos_directory ~ '/glance/glance:/var/lib/kolla/venv/lib/python2.7/site-packages/glance' if glance_dev_mode | bool else '' }}"
- "kolla_logs:/var/log/kolla/"
dimensions: "{{ glance_api_dimensions }}"
haproxy:
glance_api:
enabled: "{{ enable_glance }}"
mode: "http"
external: false
port: "{{ glance_api_port }}"
frontend_http_extra:
- "timeout client {{ haproxy_glance_api_client_timeout }}"
backend_http_extra:
- "timeout server {{ haproxy_glance_api_server_timeout }}"
custom_member_list: "{{ haproxy_members.split(';') }}"
glance_api_external:
enabled: "{{ enable_glance }}"
mode: "http"
external: true
port: "{{ glance_api_port }}"
frontend_http_extra:
- "timeout client {{ haproxy_glance_api_client_timeout }}"
backend_http_extra:
- "timeout server {{ haproxy_glance_api_server_timeout }}"
custom_member_list: "{{ haproxy_members.split(';') }}"
glance-registry:
container_name: glance_registry
group: glance-registry
@ -27,6 +48,11 @@ glance_services:
- "kolla_logs:/var/log/kolla/"
dimensions: "{{ glance_registry_dimensions }}"
####################
# HAProxy
####################
haproxy_members: "{% for host in glance_api_hosts %}server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ glance_api_port }} check inter 2000 rise 2 fall 5;{% endfor %}"
####################
# Notification
####################
@ -66,6 +92,13 @@ glance_database_user: "{% if use_preconfigured_databases | bool and use_common_m
glance_database_address: "{{ database_address }}:{{ database_port }}"
####################
# HAProxy
####################
haproxy_glance_api_client_timeout: "6h"
haproxy_glance_api_server_timeout: "6h"
####################
# Docker
####################

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ glance_services }}"
tags: always

@ -13,6 +13,17 @@ gnocchi_services:
- "gnocchi:/var/lib/gnocchi/"
- "kolla_logs:/var/log/kolla/"
dimensions: "{{ gnocchi_api_dimensions }}"
haproxy:
gnocchi_api:
enabled: "{{ enable_gnocchi }}"
mode: "http"
external: false
port: "{{ gnocchi_api_port }}"
gnocchi_api_external:
enabled: "{{ enable_gnocchi }}"
mode: "http"
external: true
port: "{{ gnocchi_api_port }}"
gnocchi-metricd:
container_name: gnocchi_metricd
group: gnocchi-metricd

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ gnocchi_services }}"
tags: always

@ -13,6 +13,17 @@ grafana_services:
- "grafana:/var/lib/grafana/"
- "kolla_logs:/var/log/kolla/"
dimensions: "{{ grafana_dimensions }}"
haproxy:
grafana_server:
enabled: "{{ enable_grafana }}"
mode: "http"
external: false
port: "{{ grafana_server_port }}"
grafana_server_external:
enabled: "{{ enable_grafana }}"
mode: "http"
external: true
port: "{{ grafana_server_port }}"
####################
# Database

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ grafana_services }}"
tags: always

@ -0,0 +1,13 @@
---
haproxy_service_template: "haproxy_single_service_listen.cfg.j2"
# Extra frontend/backend options (additive with locally defined options)
haproxy_frontend_http_extra:
- "option httplog"
- "option forwardfor"
haproxy_frontend_tcp_extra:
- "option tcplog"
haproxy_backend_http_extra: []
haproxy_backend_tcp_extra: []
haproxy_health_check: "check inter 2000 rise 2 fall 5"

@ -0,0 +1,17 @@
---
- name: Restart haproxy container
become: true
kolla_docker:
action: "restart_container"
name: haproxy
when:
- kolla_action != "config"
- inventory_hostname in groups['haproxy']
- enable_haproxy | bool
notify:
- Waiting for haproxy to start
- name: Waiting for haproxy to start
wait_for:
host: "{{ api_interface_address }}"
port: "{{ haproxy_stats_port }}"

@ -0,0 +1,21 @@
---
- name: "Copying over {{ project_name }} haproxy config"
vars:
service: "{{ item.value }}"
haproxy_templates:
- "{{ node_custom_config }}/haproxy-config/{{ inventory_hostname }}/{{ haproxy_service_template }}"
- "{{ node_custom_config }}/haproxy-config/{{ haproxy_service_template }}"
- "templates/{{ haproxy_service_template }}"
template_file: "{{ query('first_found', haproxy_templates) | first }}"
template:
src: "{{ template_file }}"
dest: "{{ node_config_directory }}/haproxy/services.d/{{ item.key }}.cfg"
mode: "0660"
become: true
when:
- service.enabled | bool
- service.haproxy is defined
- enable_haproxy | bool
with_dict: "{{ project_services }}"
notify:
- Restart haproxy container

@ -0,0 +1,91 @@
#jinja2: lstrip_blocks: True
{%- set tls_bind_info = 'ssl crt /etc/haproxy/haproxy.pem' if kolla_enable_tls_external|bool else '' %}
{%- macro userlist_macro(service_name, auth_user, auth_pass) %}
userlist {{ service_name }}-user
user {{ auth_user }} insecure-password {{ auth_pass }}
{% endmacro %}
{%- macro listen_macro(service_name, service_port, service_mode, external,
haproxy_http_extra, haproxy_tcp_extra, host_group,
custom_member_list, auth_user, auth_pass) %}
listen {{ service_name }}
{% if service_mode == 'redirect' %}
mode http
{% else %}
mode {{ service_mode }}
{% endif %}
{% if service_mode == 'http' %}
{# Set up auth if required #}
{% if auth_user and auth_pass %}
acl auth_acl http_auth({{ service_name }}-user)
http-request auth realm basicauth unless auth_acl
{% endif %}
{# Delete any pre-populated XFP header #}
http-request del-header X-Forwarded-Proto
{% for http_option in haproxy_http_extra %}
{{ http_option }}
{% endfor %}
{% elif service_mode == 'tcp' %}
{% for tcp_option in haproxy_tcp_extra %}
{{ tcp_option }}
{% endfor %}
{% endif %}
{% set tls_option = '' %}
{% if external|bool %}
{% set vip_address = kolla_external_vip_address %}
{% if service_mode == 'http' %}
{% set tls_option = tls_bind_info %}
{# Replace the XFP header for external https requests #}
http-request set-header X-Forwarded-Proto https if { ssl_fc }
{% endif %}
{% else %}
{% set vip_address = kolla_internal_vip_address %}
{% endif %}
{{ "bind %s:%s %s"|e|format(vip_address, service_port, tls_option)|trim() }}
{# Redirect mode sets a redirect scheme instead of members #}
{% if service_mode == 'redirect' %}
redirect scheme https code 301 if !{ ssl_fc }
{% else %}
{% if custom_member_list is not none %}
{% for custom_member in custom_member_list %}
{{ custom_member }}
{% endfor %}
{% else %}
{% for host in groups[host_group] %}
{% set api_interface = "ansible_%s"|format(hostvars[host]['api_interface']) %}
{% set host_name = hostvars[host]['ansible_hostname'] %}
{% set host_ip = hostvars[host][api_interface]['ipv4']['address'] %}
server {{ host_name }} {{ host_ip }}:{{ service_port }} {{ haproxy_health_check }}
{% endfor %}
{% endif %}
{% endif %}
{% endmacro %}
{%- set haproxy = service.haproxy|default({}) %}
{%- for haproxy_name, haproxy_service in haproxy.items() %}
{# External defaults to false #}
{% set external = haproxy_service.external|default(false)|bool %}
{# Skip anything that is external when the external vip is not enabled #}
{% if haproxy_service.enabled|bool and (not external or haproxy_enable_external_vip|bool)%}
{# Here we define variables and their defaults #}
{# Custom member list can use jinja to generate a semicolon separated list #}
{% set custom_member_list = haproxy_service.custom_member_list|default(none) %}
{# Mode defaults to http #}
{% set mode = haproxy_service.mode|default('http') %}
{# Use the parent host group but allow it to be overridden #}
{% set host_group = haproxy_service.host_group|default(service.group) %}
{# Additional options can be defined in config, and are additive to the global extras #}
{% set haproxy_tcp_extra = haproxy_service.frontend_tcp_extra|default([]) + haproxy_service.backend_tcp_extra|default([]) + haproxy_frontend_tcp_extra + haproxy_backend_tcp_extra %}
{% set haproxy_http_extra = haproxy_service.frontend_http_extra|default([]) + haproxy_service.backend_http_extra|default([]) + haproxy_frontend_http_extra + haproxy_backend_http_extra %}
{# Allow for basic auth #}
{% set auth_user = haproxy_service.auth_user|default() %}
{% set auth_pass = haproxy_service.auth_pass|default() %}
{% if auth_user and auth_pass %}
{{ userlist_macro(haproxy_name, auth_user, auth_pass) }}
{% endif %}
{{ listen_macro(haproxy_name, haproxy_service.port, mode, external,
haproxy_http_extra, haproxy_tcp_extra, host_group,
custom_member_list, auth_user, auth_pass) }}
{% endif %}
{%- endfor -%}

@ -0,0 +1,118 @@
#jinja2: lstrip_blocks: True
{%- set tls_bind_info = 'ssl crt /etc/haproxy/haproxy.pem' if kolla_enable_tls_external|bool else '' %}
{%- macro userlist_macro(service_name, auth_user, auth_pass) %}
userlist {{ service_name }}-user
user {{ auth_user }} insecure-password {{ auth_pass }}
{% endmacro %}
{%- macro frontend_macro(service_name, service_port, service_mode, external,
frontend_http_extra, frontend_tcp_extra) %}
frontend {{ service_name }}_front
{% if service_mode == 'redirect' %}
mode http
{% else %}
mode {{ service_mode }}
{% endif %}
{% if service_mode == 'http' %}
{# Delete any pre-populated XFP header #}
http-request del-header X-Forwarded-Proto
{% for http_option in frontend_http_extra %}
{{ http_option }}
{% endfor %}
{% elif service_mode == 'tcp' %}
{% for tcp_option in frontend_tcp_extra %}
{{ tcp_option }}
{% endfor %}
{% endif %}
{% set tls_option = '' %}
{% if external|bool %}
{% set vip_address = kolla_external_vip_address %}
{% if service_mode == 'http' %}
{% set tls_option = tls_bind_info %}
{# Replace the XFP header for external https requests #}
http-request set-header X-Forwarded-Proto https if { ssl_fc }
{% endif %}
{% else %}
{% set vip_address = kolla_internal_vip_address %}
{% endif %}
{{ "bind %s:%s %s"|e|format(vip_address, service_port, tls_option)|trim() }}
{# Redirect mode sets a redirect scheme instead of a backend #}
{% if service_mode == 'redirect' %}
redirect scheme https code 301 if !{ ssl_fc }
{% else %}
default_backend {{ service_name }}_back
{% endif %}
{% endmacro %}
{%- macro backend_macro(service_name, service_port, service_mode, host_group,
custom_member_list, backend_http_extra,
backend_tcp_extra, auth_user, auth_pass) %}
backend {{ service_name }}_back
{% if service_mode == 'redirect' %}
mode http
{% else %}
mode {{ service_mode }}
{% endif %}
{% if service_mode == 'http' %}
{# Set up auth if required #}
{% if auth_user and auth_pass %}
acl auth_acl http_auth({{ service_name }}-user)
http-request auth realm basicauth unless auth_acl
{% endif %}
{% for http_option in backend_http_extra %}
{{ http_option }}
{% endfor %}
{% elif service_mode == 'tcp' %}
{% for tcp_option in backend_tcp_extra %}
{{ tcp_option }}
{% endfor %}
{% endif %}
{% if custom_member_list is not none %}
{% for custom_member in custom_member_list %}
{{ custom_member }}
{% endfor %}
{% else %}
{% for host in groups[host_group] %}
{% set api_interface = "ansible_%s"|format(hostvars[host]['api_interface']) %}
{% set host_name = hostvars[host]['ansible_hostname'] %}
{% set host_ip = hostvars[host][api_interface]['ipv4']['address'] %}
server {{ host_name }} {{ host_ip }}:{{ service_port }} {{ haproxy_health_check }}
{% endfor %}
{% endif %}
{% endmacro %}
{%- set haproxy = service.haproxy|default({}) %}
{%- for haproxy_name, haproxy_service in haproxy.items() %}
{# External defaults to false #}
{% set external = haproxy_service.external|default(false)|bool %}
{# Skip anything that is external when the external vip is not enabled #}
{% if haproxy_service.enabled|bool and (not external or haproxy_enable_external_vip|bool)%}
{# Here we define variables and their defaults #}
{# Custom member list can use jinja to generate a semicolon separated list #}
{% set custom_member_list = haproxy_service.custom_member_list|default() %}
{# Mode defaults to http #}
{% set mode = haproxy_service.mode|default('http') %}
{# Use the parent host group but allow it to be overridden #}
{% set host_group = haproxy_service.host_group|default(service.group) %}
{# Additional options can be defined in config, and are additive to the global extras #}
{% set frontend_tcp_extra = haproxy_service.frontend_tcp_extra|default([]) + haproxy_frontend_tcp_extra %}
{% set backend_tcp_extra = haproxy_service.backend_tcp_extra|default([]) %}
{% set frontend_http_extra = haproxy_service.frontend_http_extra|default([]) + haproxy_frontend_http_extra %}
{% set backend_http_extra = haproxy_service.backend_http_extra|default([]) %}
{# Allow for basic auth #}
{% set auth_user = haproxy_service.auth_user|default() %}
{% set auth_pass = haproxy_service.auth_pass|default() %}
{% if auth_user and auth_pass %}
{{ userlist_macro(haproxy_name, auth_user, auth_pass) }}
{% endif %}
{{ frontend_macro(haproxy_name, haproxy_service.port, mode, external,
frontend_http_extra, frontend_tcp_extra) }}
{# Redirect (to https) is a special case, as it does not include a backend #}
{% if haproxy_service.mode != 'redirect' %}
{{ backend_macro(haproxy_name, haproxy_service.port, mode, host_group,
custom_member_list, backend_http_extra, backend_tcp_extra,
auth_user, auth_pass) }}
{% endif %}
{% endif %}
{%- endfor -%}

@ -38,27 +38,12 @@ haproxy_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_
haproxy_tag: "{{ openstack_release }}"
haproxy_image_full: "{{ haproxy_image }}:{{ haproxy_tag }}"
haproxy_client_timeout: "1m"
haproxy_server_timeout: "1m"
# Check http://www.haproxy.org/download/1.5/doc/configuration.txt for available options
haproxy_defaults_balance: "roundrobin"
haproxy_glance_api_client_timeout: "6h"
haproxy_glance_api_server_timeout: "6h"
haproxy_outward_rabbitmq_client_timeout: "1h"
haproxy_outward_rabbitmq_server_timeout: "1h"
syslog_server: "{{ api_interface_address }}"
syslog_haproxy_facility: "local1"
# Traffic mode. Valid options are [ multicast, unicast ]
keepalived_traffic_mode: "multicast"
haproxy_listen_tcp_extra: []
haproxy_listen_http_extra: []
# Extended global configuration, optimization options.
haproxy_max_connections: 4000
haproxy_processes: 1
@ -66,3 +51,14 @@ haproxy_process_cpu_map: "no"
haproxy_dimensions: "{{ default_container_dimensions }}"
keepalived_dimensions: "{{ default_container_dimensions }}"
# Default timeout values
haproxy_http_request_timeout: "10s"
haproxy_queue_timeout: "1m"
haproxy_connect_timeout: "10s"
haproxy_client_timeout: "1m"
haproxy_server_timeout: "1m"
haproxy_check_timeout: "10s"
# Check http://www.haproxy.org/download/1.5/doc/configuration.txt for available options
haproxy_defaults_balance: "roundrobin"

@ -3,8 +3,6 @@
vars:
service_name: "haproxy"
service: "{{ haproxy_services[service_name] }}"
config_json: "{{ haproxy_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
haproxy_container: "{{ check_haproxy_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
become: true
kolla_docker:
action: "recreate_or_restart_container"
@ -18,19 +16,13 @@
- kolla_action != "config"
- inventory_hostname in groups[service.group]
- service.enabled | bool
- config_json.changed | bool
or haproxy_cfg.changed | bool
or haproxy_pem.changed | bool
or haproxy_container.changed | bool
notify:
- Waiting for virtual IP to appear
- Waiting for haproxy to start
- name: Restart keepalived container
vars:
service_name: "keepalived"
service: "{{ haproxy_services[service_name] }}"
config_json: "{{ haproxy_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
keepalived_container: "{{ check_haproxy_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
become: true
kolla_docker:
action: "recreate_or_restart_container"
@ -44,26 +36,15 @@
- kolla_action != "config"
- inventory_hostname in groups[service.group]
- service.enabled | bool
- config_json.changed | bool
or keepalived_conf.changed | bool
or keepalived_container.changed | bool
notify:
- Waiting for virtual IP to appear
- name: Ensuring latest haproxy config is used
command: docker exec haproxy /usr/local/bin/kolla_ensure_haproxy_latest_config
register: status
changed_when: status.stdout.find('changed') != -1
when:
- kolla_action != "config"
- haproxy_config_jsons.changed | bool
or haproxy_cfg.changed | bool
or haproxy_pem.changed | bool
- name: Waiting for haproxy to start
wait_for:
host: "{{ api_interface_address }}"
port: "{{ haproxy_monitor_port }}"
- name: Waiting for virtual IP to appear
wait_for:
host: "{{ kolla_internal_vip_address }}"
port: "{{ database_port }}"
when:
- enable_mariadb | bool
or enable_external_mariadb_load_balancer | bool
port: "{{ haproxy_monitor_port }}"

@ -20,20 +20,32 @@
- item.value.enabled | bool
with_dict: "{{ haproxy_services }}"
- name: Ensuring service config subdir exists
vars:
service: "{{ haproxy_services['haproxy'] }}"
file:
path: "{{ node_config_directory }}/haproxy/services.d"
state: "directory"
owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
mode: "0770"
become: true
when:
- inventory_hostname in groups[service.group]
- service.enabled | bool
- name: Copying over config.json files for services
template:
src: "{{ item.key }}.json.j2"
dest: "{{ node_config_directory }}/{{ item.key }}/config.json"
mode: "0660"
become: true
register: haproxy_config_jsons
when:
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
with_dict: "{{ haproxy_services }}"
notify:
- "Restart {{ item.key }} container"
- Ensuring latest haproxy config is used
- name: Copying over haproxy.cfg
vars:
@ -43,17 +55,15 @@
dest: "{{ node_config_directory }}/haproxy/haproxy.cfg"
mode: "0660"
become: true
register: haproxy_cfg
when:
- inventory_hostname in groups[service.group]
- service.enabled | bool
with_first_found:
- "{{ node_custom_config }}/haproxy/{{ inventory_hostname }}/haproxy.cfg"
- "{{ node_custom_config }}/haproxy/haproxy.cfg"
- "haproxy.cfg.j2"
- "{{ node_custom_config }}/haproxy/{{ inventory_hostname }}/haproxy_main.cfg"
- "{{ node_custom_config }}/haproxy/haproxy_main.cfg"
- "haproxy_main.cfg.j2"
notify:
- Restart haproxy container
- Ensuring latest haproxy config is used
- name: Copying over keepalived.conf
vars:
@ -63,7 +73,6 @@
dest: "{{ node_config_directory }}/keepalived/keepalived.conf"
mode: "0660"
become: true
register: keepalived_conf
when:
- inventory_hostname in groups[service.group]
- service.enabled | bool
@ -82,7 +91,6 @@
dest: "{{ node_config_directory }}/haproxy/{{ item }}"
mode: "0660"
become: true
register: haproxy_pem
when:
- kolla_enable_tls_external | bool
- inventory_hostname in groups[service.group]
@ -91,7 +99,24 @@
- "haproxy.pem"
notify:
- Restart haproxy container
- Ensuring latest haproxy config is used
- name: Copying over haproxy start script
vars:
service: "{{ haproxy_services['haproxy'] }}"
template:
src: "{{ item }}"
dest: "{{ node_config_directory }}/haproxy/haproxy_run.sh"
mode: "0770"
become: true
when:
- inventory_hostname in groups[service.group]
- service.enabled | bool
with_first_found:
- "{{ node_custom_config }}/haproxy/{{ inventory_hostname }}/haproxy_run.sh"
- "{{ node_custom_config }}/haproxy/haproxy_run.sh"
- "haproxy_run.sh.j2"
notify:
- Restart haproxy container
- name: Check haproxy containers
become: true
@ -103,7 +128,6 @@
volumes: "{{ item.value.volumes }}"
dimensions: "{{ item.value.dimensions }}"
privileged: "{{ item.value.privileged | default(False) }}"
register: check_haproxy_containers
when:
- kolla_action != "config"
- inventory_hostname in groups[item.value.group]

@ -108,7 +108,7 @@
- name: Checking free port for HAProxy stats
wait_for:
host: "{{ kolla_internal_vip_address }}"
host: "{{ api_interface_address }}"
port: "{{ haproxy_stats_port }}"
connect_timeout: 1
timeout: 1
@ -118,6 +118,31 @@
- container_facts['haproxy'] is not defined
- inventory_hostname in groups['haproxy']
- name: Checking free port for HAProxy monitor (api interface)
wait_for:
host: "{{ api_interface_address }}"
port: "{{ haproxy_monitor_port }}"
connect_timeout: 1
timeout: 1
state: stopped
when:
- enable_haproxy | bool
- container_facts['haproxy'] is not defined
- inventory_hostname in groups['haproxy']
- name: Checking free port for HAProxy monitor (vip interface)
wait_for:
host: "{{ kolla_internal_vip_address }}"
port: "{{ haproxy_monitor_port }}"
connect_timeout: 1
timeout: 1
state: stopped
when:
- enable_haproxy | bool
- container_facts['haproxy'] is not defined
- inventory_hostname in groups['haproxy']
- api_interface_address != kolla_internal_vip_address
- name: Checking if kolla_internal_vip_address is in the same network as api_interface on all nodes
command: ip -4 -o addr show dev {{ api_interface }}
register: ip_addr_output

File diff suppressed because it is too large Load Diff

@ -1,13 +1,24 @@
{% set haproxy_cmd='/usr/sbin/haproxy -W -db' if kolla_base_distro in ['ubuntu'] else '/usr/sbin/haproxy-systemd-wrapper' %}
{
"command": "{{ haproxy_cmd }} -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid",
"command": "/etc/haproxy/haproxy_run.sh",
"config_files": [
{
"source": "{{ container_config_directory }}/haproxy_run.sh",
"dest": "/etc/haproxy/haproxy_run.sh",
"owner": "root",
"perm": "0700"
},
{
"source": "{{ container_config_directory }}/haproxy.cfg",
"dest": "/etc/haproxy/haproxy.cfg",
"owner": "root",
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/services.d/",
"dest": "/etc/haproxy/services.d",
"owner": "root",
"perm": "0700"
},
{
"source": "{{ container_config_directory }}/haproxy.pem",
"dest": "/etc/haproxy/haproxy.pem",

@ -0,0 +1,49 @@
#jinja2: lstrip_blocks: True
global
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
log {{ syslog_server }}:{{ syslog_udp_port }} {{ syslog_haproxy_facility }}
maxconn {{ haproxy_max_connections }}
nbproc {{ haproxy_processes }}
{% if haproxy_processes > 1 and haproxy_process_cpu_map | bool %}
{% for cpu_idx in range(0, haproxy_processes) %}
cpu-map {{ cpu_idx + 1 }} {{ cpu_idx }}
{% endfor %}
{% endif %}
stats socket /var/lib/kolla/haproxy/haproxy.sock group kolla mode 660
{% if kolla_enable_tls_external | bool %}
ssl-default-bind-ciphers DEFAULT:!MEDIUM:!3DES
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11
tune.ssl.default-dh-param 4096
{% endif %}
defaults
log global
option redispatch
retries 3
timeout http-request {{ haproxy_http_request_timeout }}
timeout queue {{ haproxy_queue_timeout }}
timeout connect {{ haproxy_connect_timeout }}
timeout client {{ haproxy_client_timeout }}
timeout server {{ haproxy_server_timeout }}
timeout check {{ haproxy_check_timeout }}
balance {{ haproxy_defaults_balance }}
listen stats
bind {{ api_interface_address }}:{{ haproxy_stats_port }}
mode http
stats enable
stats uri /
stats refresh 15s
stats realm Haproxy\ Stats
stats auth {{ haproxy_user }}:{{ haproxy_password }}
frontend status
bind {{ api_interface_address }}:{{ haproxy_monitor_port }}
{% if api_interface_address != kolla_internal_vip_address %}
bind {{ kolla_internal_vip_address }}:{{ haproxy_monitor_port }}
{% endif %}
mode http
monitor-uri /

@ -0,0 +1,10 @@
#!/bin/bash -x
{% set haproxy_cmd='/usr/sbin/haproxy -W -db' if kolla_base_distro in ['ubuntu'] else '/usr/sbin/haproxy-systemd-wrapper' %}
# We need to run haproxy with one `-f` for each service, because including an
# entire config directory was not a feature until version 1.7 of HAProxy.
# So, append "-f $cfg" to the haproxy command for each service file.
# This will run haproxy_cmd *exactly once*.
find /etc/haproxy/services.d/ -mindepth 1 -print0 | \
xargs -0 -Icfg echo -f cfg | \
xargs {{ haproxy_cmd }} -p /run/haproxy.pid -f /etc/haproxy/haproxy.cfg

@ -13,6 +13,17 @@ heat_services:
- "{{ kolla_dev_repos_directory ~ '/heat/heat:/var/lib/kolla/venv/lib/python2.7/site-packages/heat' if heat_dev_mode | bool else '' }}"
- "kolla_logs:/var/log/kolla/"
dimensions: "{{ heat_api_dimensions }}"
haproxy:
heat_api:
enabled: "{{ enable_heat }}"
mode: "http"
external: false
port: "{{ heat_api_port }}"
heat_api_external:
enabled: "{{ enable_heat }}"
mode: "http"
external: true
port: "{{ heat_api_port }}"
heat-api-cfn:
container_name: heat_api_cfn
group: heat-api-cfn
@ -24,6 +35,17 @@ heat_services:
- "{{ kolla_dev_repos_directory ~ '/heat/heat:/var/lib/kolla/venv/lib/python2.7/site-packages/heat' if heat_dev_mode | bool else '' }}"
- "kolla_logs:/var/log/kolla/"
dimensions: "{{ heat_api_cfn_dimensions }}"
haproxy:
heat_api_cfn:
enabled: "{{ enable_heat }}"
mode: "http"
external: false
port: "{{ heat_api_cfn_port }}"
heat_api_cfn_external:
enabled: "{{ enable_heat }}"
mode: "http"
external: true
port: "{{ heat_api_cfn_port }}"
heat-engine:
container_name: heat_engine
group: heat-engine

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ heat_services }}"
tags: always

@ -43,6 +43,26 @@ horizon_services:
- "kolla_logs:/var/log/kolla/"
- "/tmp:/tmp"
dimensions: "{{ horizon_dimensions }}"
haproxy:
horizon:
enabled: "{{ enable_horizon }}"
mode: "http"
external: false
port: "{{ horizon_port }}"
frontend_http_extra:
- "balance source"
horizon_external:
enabled: "{{ enable_horizon }}"
mode: "http"
external: true
port: "{% if kolla_enable_tls_external|bool %}443{% else %}{{ horizon_port }}{% endif %}"
frontend_http_extra:
- "balance source"
horizon_external_redirect:
enabled: "{{ enable_horizon|bool and kolla_enable_tls_external|bool }}"
mode: "redirect"
external: true
port: "{{ horizon_port }}"
horizon_keystone_domain_choices:
Default: default

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ horizon_services }}"
tags: always

@ -13,6 +13,17 @@ influxdb_services:
- "influxdb:/var/lib/influxdb"
- "kolla_logs:/var/log/kolla/"
dimensions: "{{ influxdb_dimensions }}"
haproxy:
influxdb_admin:
enabled: "{{ enable_influxdb }}"
mode: "http"
external: false
port: "{{ influxdb_admin_port }}"
influxdb_http:
enabled: "{{ enable_influxdb }}"
mode: "http"
external: false
port: "{{ influxdb_http_port }}"
####################

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ influxdb_services }}"
tags: always

@ -13,6 +13,17 @@ ironic_services:
- "kolla_logs:/var/log/kolla"
- "{{ kolla_dev_repos_directory ~ '/ironic/ironic:/var/lib/kolla/venv/lib/python2.7/site-packages/ironic' if ironic_dev_mode | bool else '' }}"
dimensions: "{{ ironic_api_dimensions }}"
haproxy:
ironic_api:
enabled: "{{ enable_ironic }}"
mode: "http"
external: false
port: "{{ ironic_api_port }}"
ironic_api_external:
enabled: "{{ enable_ironic }}"
mode: "http"
external: true
port: "{{ ironic_api_port }}"
ironic-conductor:
container_name: ironic_conductor
group: ironic-conductor
@ -44,6 +55,17 @@ ironic_services:
- "kolla_logs:/var/log/kolla"
- "{{ kolla_dev_repos_directory ~ '/ironic-inspector/ironic_inspector:/var/lib/kolla/venv/lib/python2.7/site-packages/ironic_inspector' if ironic_dev_mode | bool else '' }}"
dimensions: "{{ ironic_inspector_dimensions }}"
haproxy:
ironic_inspector:
enabled: "{{ enable_ironic }}"
mode: "http"
external: false
port: "{{ ironic_inspector_port }}"
ironic_inspector_external:
enabled: "{{ enable_ironic }}"
mode: "http"
external: true
port: "{{ ironic_inspector_port }}"
ironic-pxe:
container_name: ironic_pxe
group: ironic-pxe

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ ironic_services }}"
tags: always

@ -12,6 +12,17 @@ karbor_services:
- "/etc/localtime:/etc/localtime:ro"
- "kolla_logs:/var/log/kolla/"
dimensions: "{{ karbor_api_dimensions }}"
haproxy:
karbor_api:
enabled: "{{ enable_karbor }}"
mode: "http"
external: false
port: "{{ karbor_api_port }}"
karbor_api_external:
enabled: "{{ enable_karbor }}"
mode: "http"
external: true
port: "{{ karbor_api_port }}"
karbor-protection:
container_name: karbor_protection
group: karbor-protection

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ karbor_services }}"
tags: always

@ -14,6 +14,22 @@ keystone_services:
- "kolla_logs:/var/log/kolla/"
- "{% if keystone_token_provider == 'fernet' %}keystone_fernet_tokens:/etc/keystone/fernet-keys{% endif %}"
dimensions: "{{ keystone_dimensions }}"
haproxy:
keystone_internal:
enabled: "{{ enable_keystone }}"
mode: "http"
external: false
port: "{{ keystone_public_port }}"
keystone_external:
enabled: "{{ enable_keystone }}"
mode: "http"
external: true
port: "{{ keystone_public_port }}"
keystone_admin:
enabled: "{{ enable_keystone }}"
mode: "http"
external: false
port: "{{ keystone_admin_port }}"
keystone-ssh:
container_name: "keystone_ssh"
group: "keystone"

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ keystone_services }}"
tags: always

@ -12,6 +12,21 @@ kibana_services:
- "/etc/localtime:/etc/localtime:ro"
- "kolla_logs:/var/log/kolla/"
dimensions: "{{ kibana_dimensions }}"
haproxy:
kibana:
enabled: "{{ enable_kibana }}"
mode: "http"
external: false
port: "{{ kibana_server_port }}"
auth_user: "{{ kibana_user }}"
auth_pass: "{{ kibana_password }}"
kibana_external:
enabled: "{{ enable_kibana }}"
mode: "http"
external: true
port: "{{ kibana_server_port }}"
auth_user: "{{ kibana_user }}"
auth_pass: "{{ kibana_password }}"
####################

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ kibana_services }}"
tags: always

@ -15,6 +15,17 @@ magnum_services:
- "{{ kolla_dev_repos_directory ~ '/magnum/magnum:/var/lib/kolla/venv/lib/python2.7/site-packages/magnum' if magnum_dev_mode | bool else '' }}"
- "kolla_logs:/var/log/kolla/"
dimensions: "{{ magnum_api_dimensions }}"
haproxy:
magnum_api:
enabled: "{{ enable_magnum }}"
mode: "http"
external: false
port: "{{ magnum_api_port }}"
magnum_api_external:
enabled: "{{ enable_magnum }}"
mode: "http"
external: true
port: "{{ magnum_api_port }}"
magnum-conductor:
container_name: magnum_conductor
group: magnum-conductor

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ magnum_services }}"
tags: always

@ -13,6 +13,17 @@ manila_services:
- "kolla_logs:/var/log/kolla/"
- "{{ kolla_dev_repos_directory ~ '/manila/manila:/var/lib/kolla/venv/lib/python2.7/site-packages/manila' if manila_dev_mode | bool else '' }}"
dimensions: "{{ manila_api_dimensions }}"
haproxy:
manila_api:
enabled: "{{ enable_manila }}"
mode: "http"
external: false
port: "{{ manila_api_port }}"
manila_api_external:
enabled: "{{ enable_manila }}"
mode: "http"
external: true
port: "{{ manila_api_port }}"
manila-scheduler:
container_name: "manila_scheduler"
group: "manila-scheduler"

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ manila_services }}"
tags: always

@ -13,7 +13,30 @@ mariadb_services:
- "mariadb:/var/lib/mysql"
- "kolla_logs:/var/log/kolla/"
dimensions: "{{ mariadb_dimensions }}"
haproxy:
mariadb:
enabled: "{{ enable_mariadb|bool and not enable_external_mariadb_load_balancer|bool }}"
mode: "tcp"
port: "{{ mariadb_port }}"
frontend_tcp_extra:
- "option clitcpka"
- "timeout client 3600s"
backend_tcp_extra:
- "option srvtcpka"
- "timeout server 3600s"
- "option mysql-check user haproxy post-41"
custom_member_list: "{{ internal_haproxy_members.split(';') }}"
mariadb_external_lb:
enabled: "{{ enable_mariadb|bool and enable_external_mariadb_load_balancer|bool }}"
mode: "tcp"
port: "{{ mariadb_port }}"
frontend_tcp_extra:
- "option clitcpka"
- "timeout client 3600s"
backend_tcp_extra:
- "option srvtcpka"
- "timeout server 3600s"
custom_member_list: "{{ external_haproxy_members.split(';') }}"
####################
# Database
@ -21,6 +44,12 @@ mariadb_services:
database_cluster_name: "openstack"
database_max_timeout: 120
####################
# HAProxy
####################
internal_haproxy_members: "{% for host in groups['mariadb'] %}server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ mariadb_port }} check inter 2000 rise 2 fall 5{% if not loop.first %} backup{% endif %};{% endfor %}"
external_haproxy_members: "{% for host in groups['mariadb'] %}server {{ host }} {{ host }}:{{ mariadb_port }} check inter 2000 rise 2 fall 5{% if not loop.first %} backup{% endif %};{% endfor %}"
####################
# Docker
####################

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ mariadb_services }}"
tags: always

@ -11,7 +11,23 @@ memcached_services:
- "{{ node_config_directory }}/memcached/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
dimensions: "{{ memcached_dimensions }}"
haproxy:
memcached:
enabled: "{{ enable_memcached|bool and enable_haproxy_memcached|bool }}"
mode: "tcp"
port: "{{ memcached_port }}"
frontend_tcp_extra:
- "option clitcpka"
- "timeout client 3600s"
backend_tcp_extra:
- "option srvtcpka"
- "timeout server 3600s"
custom_member_list: "{{ haproxy_members.split(';') }}"
####################
# HAProxy
####################
haproxy_members: "{% for host in groups['memcached'] %}server {{ host }} {{ host }}:{{ memcached_port }} check inter 2000 rise 2 fall 5{% if not loop.first %} backup{% endif %};{% endfor %}"
####################
# Docker

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ memcached_services }}"
tags: always

@ -13,6 +13,17 @@ mistral_services:
- "kolla_logs:/var/log/kolla/"
- "{{ kolla_dev_repos_directory ~ '/mistral/mistral:/var/lib/kolla/venv/lib/python2.7/site-packages/mistral' if mistral_dev_mode | bool else '' }}"
dimensions: "{{ mistral_api_dimensions }}"
haproxy:
mistral_api:
enabled: "{{ enable_mistral }}"
mode: "http"
external: false
port: "{{ mistral_api_port }}"
mistral_api_external:
enabled: "{{ enable_mistral }}"
mode: "http"
external: true
port: "{{ mistral_api_port }}"
mistral-engine:
container_name: mistral_engine
group: mistral-engine

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ mistral_services }}"
tags: always

@ -10,6 +10,17 @@ monasca_services:
- "/etc/localtime:/etc/localtime:ro"
- "kolla_logs:/var/log/kolla"
dimensions: "{{ monasca_api_dimensions }}"
haproxy:
monasca_api:
enabled: "{{ enable_monasca }}"
mode: "http"
external: false
port: "{{ monasca_api_port }}"
monasca_api_external:
enabled: "{{ enable_monasca }}"
mode: "http"
external: true
port: "{{ monasca_api_port }}"
monasca-log-api:
container_name: monasca_log_api
group: monasca-log-api
@ -20,6 +31,17 @@ monasca_services:
- "/etc/localtime:/etc/localtime:ro"
- "kolla_logs:/var/log/kolla"
dimensions: "{{ monasca_log_api_dimensions }}"
haproxy:
monasca_log_api:
enabled: "{{ enable_monasca }}"
mode: "http"
external: false
port: "{{ monasca_log_api_port }}"
monasca_log_api_external:
enabled: "{{ enable_monasca }}"
mode: "http"
external: true
port: "{{ monasca_log_api_port }}"
monasca-log-transformer:
container_name: monasca_log_transformer
group: monasca-log-transformer

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ monasca_services }}"
tags: always

@ -14,6 +14,12 @@ mongodb_services:
- "kolla_logs:/var/log/kolla/"
- "mongodb:/var/lib/mongodb"
dimensions: "{{ mongodb_dimensions }}"
haproxy:
mongodb:
enabled: "{{ enable_mongodb }}"
mode: "http"
external: false
port: "{{ mongodb_port }}"
####################

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ mongodb_services }}"
tags: always

@ -13,6 +13,17 @@ murano_services:
- "/etc/localtime:/etc/localtime:ro"
- "kolla_logs:/var/log/kolla/"
dimensions: "{{ murano_api_dimensions }}"
haproxy:
murano_api:
enabled: "{{ enable_murano }}"
mode: "http"
external: false
port: "{{ murano_api_port }}"
murano_api_external:
enabled: "{{ enable_murano }}"
mode: "http"
external: true
port: "{{ murano_api_port }}"
murano-engine:
container_name: murano_engine
group: murano-engine

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ murano_services }}"
tags: always

@ -13,6 +13,19 @@ neutron_services:
- "/etc/localtime:/etc/localtime:ro"
- "kolla_logs:/var/log/kolla/"
dimensions: "{{ neutron_server_dimensions }}"
haproxy:
neutron_server:
enabled: "{{ enable_neutron }}"
mode: "http"
external: false
port: "{{ neutron_server_port }}"
frontend_http_extra:
- "option http-tunnel"
neutron_server_external:
enabled: "{{ enable_neutron }}"
mode: "http"
external: true
port: "{{ neutron_server_port }}"
neutron-openvswitch-agent:
container_name: "neutron_openvswitch_agent"
image: "{{ neutron_openvswitch_agent_image_full }}"

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ neutron_services }}"
tags: always

@ -47,6 +47,17 @@ nova_services:
- "kolla_logs:/var/log/kolla/"
- "{{ kolla_dev_repos_directory ~ '/nova/nova:/var/lib/kolla/venv/lib/python2.7/site-packages/nova' if nova_dev_mode | bool else '' }}"
dimensions: "{{ placement_api_dimensions }}"
haproxy:
placement_api:
enabled: "{{ enable_nova }}"
mode: "http"
external: false
port: "{{ placement_api_port }}"
placement_api_external:
enabled: "{{ enable_nova }}"
mode: "http"
external: true
port: "{{ placement_api_port }}"
nova-api:
container_name: "nova_api"
group: "nova-api"
@ -60,6 +71,33 @@ nova_services:
- "kolla_logs:/var/log/kolla/"
- "{{ kolla_dev_repos_directory ~ '/nova/nova:/var/lib/kolla/venv/lib/python2.7/site-packages/nova' if nova_dev_mode | bool else '' }}"
dimensions: "{{ nova_api_dimensions }}"
haproxy:
nova_api:
enabled: "{{ enable_nova }}"
mode: "http"
external: false
port: "{{ nova_api_port }}"
nova_api_external:
enabled: "{{ enable_nova }}"
mode: "http"
external: true
port: "{{ nova_api_port }}"
nova_metadata:
enabled: "{{ enable_nova }}"
mode: "http"
external: false
port: "{{ nova_metadata_port }}"
nova_metadata_external:
enabled: "{{ enable_nova }}"
mode: "http"
external: true
port: "{{ nova_metadata_port }}"
nova_rdp:
enabled: "{{ enable_nova|bool and nova_console == 'rdp' }}"
mode: "http"
external: false
port: "{{ rdp_port }}"
host_group: "hyperv"
nova-consoleauth:
container_name: "nova_consoleauth"
group: "nova-consoleauth"
@ -82,6 +120,19 @@ nova_services:
- "kolla_logs:/var/log/kolla/"
- "{{ kolla_dev_repos_directory ~ '/nova/nova:/var/lib/kolla/venv/lib/python2.7/site-packages/nova' if nova_dev_mode | bool else '' }}"
dimensions: "{{ nova_novncproxy_dimensions }}"
haproxy:
nova_novncproxy:
enabled: "{{ enable_nova|bool and nova_console == 'novnc' }}"
mode: "http"
external: false
port: "{{ nova_novncproxy_port }}"
backend_http_extra:
- "timeout tunnel 1h"
nova_novncproxy_external:
enabled: "{{ enable_nova|bool and nova_console == 'novnc' }}"
mode: "http"
external: true
port: "{{ nova_novncproxy_port }}"
nova-scheduler:
container_name: "nova_scheduler"
group: "nova-scheduler"
@ -104,6 +155,17 @@ nova_services:
- "kolla_logs:/var/log/kolla/"
- "{{ kolla_dev_repos_directory ~ '/nova/nova:/var/lib/kolla/venv/lib/python2.7/site-packages/nova' if nova_dev_mode | bool else '' }}"
dimensions: "{{ nova_spicehtml5proxy_dimensions }}"
haproxy:
nova_spicehtml5proxy:
enabled: "{{ enable_nova|bool and nova_console == 'spice' }}"
mode: "http"
external: false
port: "{{ nova_spicehtml5proxy_port }}"
nova_spicehtml5proxy_external:
enabled: "{{ enable_nova|bool and nova_console == 'spice' }}"
mode: "http"
external: true
port: "{{ nova_spicehtml5proxy_port }}"
nova-serialproxy:
container_name: "nova_serialproxy"
group: "nova-serialproxy"
@ -115,6 +177,17 @@ nova_services:
- "kolla_logs:/var/log/kolla/"
- "{{ kolla_dev_repos_directory ~ '/nova/nova:/var/lib/kolla/venv/lib/python2.7/site-packages/nova' if nova_dev_mode | bool else '' }}"
dimensions: "{{ nova_serialproxy_dimensions }}"
haproxy:
nova_serialconsole_proxy:
enabled: "{{ enable_nova|bool and enable_nova_serialconsole_proxy|bool }}"
mode: "http"
external: false
port: "{{ nova_serialproxy_port }}"
nova_serialconsole_proxy_external:
enabled: "{{ enable_nova|bool and enable_nova_serialconsole_proxy|bool }}"
mode: "http"
external: true
port: "{{ nova_serialproxy_port }}"
nova-conductor:
container_name: "nova_conductor"
group: "nova-conductor"

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ nova_services }}"
tags: always

@ -12,6 +12,17 @@ octavia_services:
- "/etc/localtime:/etc/localtime:ro"
- "kolla_logs:/var/log/kolla/"
dimensions: "{{ octavia_api_dimensions }}"
haproxy:
octavia_api:
enabled: "{{ enable_octavia }}"
mode: "http"
external: false
port: "{{ octavia_api_port }}"
octavia_api_external:
enabled: "{{ enable_octavia }}"
mode: "http"
external: true
port: "{{ octavia_api_port }}"
octavia-health-manager:
container_name: octavia_health_manager
group: octavia-health-manager

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ octavia_services }}"
tags: always

@ -14,6 +14,33 @@ opendaylight_services:
- "/etc/localtime:/etc/localtime:ro"
- "kolla_logs:/var/log/kolla/"
dimensions: "{{ opendaylight_dimensions }}"
haproxy:
opendaylight_api:
enabled: "{{ enable_opendaylight }}"
mode: "http"
port: "{{ opendaylight_haproxy_restconf_port }}"
backend_http_extra:
- "balance source"
custom_member_list: "{{ api_haproxy_members.split(';') }}"
opendaylight_api_backup:
enabled: "{{ enable_opendaylight }}"
mode: "http"
port: "{{ opendaylight_haproxy_restconf_port_backup }}"
backend_http_extra:
- "balance source"
custom_member_list: "{{ backup_api_haproxy_members.split(';') }}"
opendaylight_websocket:
enabled: "{{ enable_opendaylight }}"
mode: "http"
port: "{{ opendaylight_websocket_port }}"
backend_http_extra:
- "balance source"
####################
# HAProxy
####################
api_haproxy_members: "{% for host in groups['opendaylight'] %}server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ opendaylight_restconf_port }} check inter 2000 rise 2 fall 5;{% endfor %}"
backup_api_haproxy_members: "{% for host in groups['opendaylight'] %}server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ opendaylight_restconf_port_backup }} check inter 2000 rise 2 fall 5;{% endfor %}"
####################
# Docker

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ opendaylight_services }}"
tags: always

@ -12,6 +12,17 @@ panko_services:
- "/etc/localtime:/etc/localtime:ro"
- "kolla_logs:/var/log/kolla/"
dimensions: "{{ panko_api_dimensions }}"
haproxy:
panko_api:
enabled: "{{ enable_panko }}"
mode: "http"
external: false
port: "{{ panko_api_port }}"
panko_api_external:
enabled: "{{ enable_panko }}"
mode: "http"
external: true
port: "{{ panko_api_port }}"
####################

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ panko_services }}"
tags: always

@ -13,6 +13,12 @@ prometheus_services:
- "prometheus:/var/lib/prometheus"
- "kolla_logs:/var/log/kolla/"
dimensions: "{{ prometheus_server_dimensions }}"
haproxy:
prometheus_server:
enabled: "{{ enable_prometheus }}"
mode: "http"
external: false
port: "{{ prometheus_port }}"
prometheus-node-exporter:
container_name: prometheus_node_exporter
group: prometheus-node-exporter
@ -83,6 +89,21 @@ prometheus_services:
- "kolla_logs:/var/log/kolla/"
- "prometheus:/var/lib/prometheus"
dimensions: "{{ prometheus_alertmanager_dimensions }}"
haproxy:
prometheus_alertmanager:
enabled: "{{ enable_prometheus_alertmanager }}"
mode: "http"
external: false
port: "{{ prometheus_alertmanager_port }}"
auth_user: "{{ prometheus_alertmanager_user }}"
auth_pass: "{{ prometheus_alertmanager_password }}"
prometheus_alertmanager_external:
enabled: "{{ enable_prometheus_alertmanager }}"
mode: "http"
external: true
port: "{{ prometheus_alertmanager_port }}"
auth_user: "{{ prometheus_alertmanager_user }}"
auth_pass: "{{ prometheus_alertmanager_password }}"
####################
# Database

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ prometheus_services }}"
tags: always

@ -22,6 +22,34 @@ rabbitmq_services:
- "{{ project_name }}:/var/lib/rabbitmq/"
- "kolla_logs:/var/log/kolla/"
dimensions: "{{ rabbitmq_dimensions }}"
haproxy:
rabbitmq_management:
enabled: "{{ enable_rabbitmq }}"
mode: "http"
port: "{{ rabbitmq_management_port }}"
host_group: "rabbitmq"
rabbitmq_outward_management:
enabled: "{{ enable_outward_rabbitmq }}"
mode: "http"
port: "{{ outward_rabbitmq_management_port }}"
host_group: "outward-rabbitmq"
rabbitmq_outward_external:
enabled: "{{ enable_outward_rabbitmq }}"
mode: "tcp"
external: true
port: "{{ outward_rabbitmq_port }}"
host_group: "outward-rabbitmq"
frontend_tcp_extra:
- "timeout client {{ haproxy_outward_rabbitmq_client_timeout }}"
backend_tcp_extra:
- "timeout server {{ haproxy_outward_rabbitmq_server_timeout }}"
####################
# HAProxy
####################
haproxy_outward_rabbitmq_client_timeout: "1h"
haproxy_outward_rabbitmq_server_timeout: "1h"
####################

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ rabbitmq_services }}"
tags: always

@ -14,6 +14,17 @@ sahara_services:
- "kolla_logs:/var/log/kolla/"
- "{{ kolla_dev_repos_directory ~ '/sahara/sahara:/var/lib/kolla/venv/lib/python2.7/site-packages/sahara' if sahara_dev_mode | bool else '' }}"
dimensions: "{{ sahara_api_dimensions }}"
haproxy:
sahara_api:
enabled: "{{ enable_sahara }}"
mode: "http"
external: false
port: "{{ sahara_api_port }}"
sahara_api_external:
enabled: "{{ enable_sahara }}"
mode: "http"
external: true
port: "{{ sahara_api_port }}"
sahara-engine:
container_name: sahara_engine
group: sahara-engine

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ sahara_services }}"
tags: always

@ -12,6 +12,17 @@ searchlight_services:
- "/etc/localtime:/etc/localtime:ro"
- "kolla_logs:/var/log/kolla/"
dimensions: "{{ searchlight_api_dimensions }}"
haproxy:
searchlight_api:
enabled: "{{ enable_searchlight }}"
mode: "http"
external: false
port: "{{ searchlight_api_port }}"
searchlight_api_external:
enabled: "{{ enable_searchlight }}"
mode: "http"
external: true
port: "{{ searchlight_api_port }}"
searchlight-listener:
container_name: searchlight_listener
group: searchlight-listener

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ searchlight_services }}"
tags: always

@ -13,6 +13,17 @@ senlin_services:
- "kolla_logs:/var/log/kolla/"
- "{{ kolla_dev_repos_directory ~ '/senlin/senlin:/var/lib/kolla/venv/lib/python2.7/site-packages/senlin' if senlin_dev_mode | bool else '' }}"
dimensions: "{{ senlin_api_dimensions }}"
haproxy:
senlin_api:
enabled: "{{ enable_senlin }}"
mode: "http"
external: false
port: "{{ senlin_api_port }}"
senlin_api_external:
enabled: "{{ enable_senlin }}"
mode: "http"
external: true
port: "{{ senlin_api_port }}"
senlin-engine:
container_name: senlin_engine
group: senlin-engine

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ senlin_services }}"
tags: always

@ -12,6 +12,17 @@ skydive_services:
- "/etc/localtime:/etc/localtime:ro"
- "kolla_logs:/var/log/kolla/"
dimensions: "{{ skydive_analyzer_dimensions }}"
haproxy:
skydive_server:
enabled: "{{ enable_skydive }}"
mode: "http"
external: false
port: "{{ skydive_analyzer_port }}"
skydive_server_external:
enabled: "{{ enable_skydive }}"
mode: "http"
external: true
port: "{{ skydive_analyzer_port }}"
skydive-agent:
container_name: skydive_agent
group: skydive-agent

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ skydive_services }}"
tags: always

@ -35,6 +35,31 @@ solum_services:
- "kolla_logs:/var/log/kolla/"
- "{{ kolla_dev_repos_directory ~ '/solum/solum:/var/lib/kolla/venv/lib/python2.7/site-packages/solum' if solum_dev_mode | bool else '' }}"
dimensions: "{{ solum_deployer_dimensions }}"
haproxy:
solum_application_deployment:
enabled: "{{ enable_solum }}"
mode: "http"
external: false
port: "{{ solum_application_deployment_port }}"
host_group: "solum-application-deployment"
solum_application_deployment_external:
enabled: "{{ enable_solum }}"
mode: "http"
external: true
port: "{{ solum_application_deployment_port }}"
host_group: "solum-application-deployment"
solum_image_builder:
enabled: "{{ enable_solum }}"
mode: "http"
external: false
port: "{{ solum_image_builder_port }}"
host_group: "solum-image-builder"
solum_image_builder_external:
enabled: "{{ enable_solum }}"
mode: "http"
external: true
port: "{{ solum_image_builder_port }}"
host_group: "solum-image-builder"
solum-conductor:
container_name: solum_conductor
group: solum-conductor
@ -47,7 +72,6 @@ solum_services:
- "{{ kolla_dev_repos_directory ~ '/solum/solum:/var/lib/kolla/venv/lib/python2.7/site-packages/solum' if solum_dev_mode | bool else '' }}"
dimensions: "{{ solum_conductor_dimensions }}"
####################
# Database
####################

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ solum_services }}"
tags: always

@ -1,6 +1,22 @@
---
project_name: "swift"
swift_services:
swift-api:
group: swift-proxy-server
enabled: true
haproxy:
swift_api:
enabled: "{{ enable_swift }}"
mode: "http"
external: false
port: "{{ swift_proxy_server_port }}"
swift_api_external:
enabled: "{{ enable_swift }}"
mode: "http"
external: true
port: "{{ swift_proxy_server_port }}"
####################
# Docker
####################

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ swift_services }}"
tags: always

@ -13,6 +13,17 @@ tacker_services:
- "/etc/localtime:/etc/localtime:ro"
- "kolla_logs:/var/log/kolla/"
dimensions: "{{ tacker_server_dimensions }}"
haproxy:
tacker_server:
enabled: "{{ enable_tacker }}"
mode: "http"
external: false
port: "{{ tacker_server_port }}"
tacker_server_external:
enabled: "{{ enable_tacker }}"
mode: "http"
external: true
port: "{{ tacker_server_port }}"
tacker-conductor:
container_name: "tacker_conductor"
group: "tacker-conductor"

@ -0,0 +1,7 @@
---
- name: "Configure haproxy for {{ project_name }}"
import_role:
role: haproxy-config
vars:
project_services: "{{ tacker_services }}"
tags: always

Some files were not shown because too many files have changed in this diff Show More