Having all services in one giant haproxy file makes altering
configuration for a service both painful and dangerous. Each service
should be configured with a simple set of variables and rendered with a
single unified template.
Available are two new templates:
* haproxy_single_service_listen.cfg.j2: close to the original style, but
only one service per file
* haproxy_single_service_split.cfg.j2: using the newer haproxy syntax
for separated frontend and backend
For now the default will be the single listen block, for ease of
transition.
Change-Id: I6e237438fbc0aa3c89a3c8bd706a53b74e71904b
Since glance_api only start one container when using file
backend, the haproxy should follow this rule.
See: https://review.openstack.org/#/c/448654
Closes-Bug: #1722422
Change-Id: Id3519581e0f54509dacd24d0dd542c630342c771
This commit is to apply resource-constraints only to few OpenStack services.
Commit to apply constraints to other services will be made in coming commits.
Partially-Implements: blueprint resource-constraints
Change-Id: Icafa54baca24d2de64238222a5677b9d8b90e2aa
This patch extends the prometheus role for being able
to deploy the prometheus-alertmanager[0] container.
The variable enable_prometheus_alertmanager
decides if the container should be deployed and enabled.
If enabled, the following configuration and actions are performed:
- The alerting section on the prometheus-server configuration
is added pointing the prometheus-alertmanager host group as targets.
- HAProxy is configured to load-balance over the prometheus-alertmanager
host group. (external/internal).
Please note that a default (dummy) configuration is provided, that
allows the service to start, the operator should extend it via a node custom config
[0] https://github.com/openstack/kolla/tree/master/docker/prometheus/prometheus-alertmanager
Change-Id: I3a13342c67744a278cc8d52900a913c3ccc452ae
Closes-Bug: 1774725
Signed-off-by: Jorge Niedbalski <jorge.niedbalski@linaro.org>
Some Murano applications require much longer time than default
1 hour to be deployed.
Change-Id: I395e9e3e8cccf70f316f313847648841822e639a
Closes-Bug: #1777670
Add become to all tasks that use the module "kolla_docker"
Change-Id: I4309c4011687b88ec31d739fd8f834fe2326ff10
Partial-Implements: blueprint ansible-specific-task-become
Introduce new option "haproxy_defaults_balance" to set balance in
defaults section.
Change-Id: Iaf12717ffac94ac2308758bd8ec87f088af26b69
Closes-Bug: #1773178
Deploys the Monasca API with mod_wsgi + Apache.
Co-Authored-By: Mark Goddard <mark@stackhpc.com>
Partially-Implements: blueprint monasca-roles
Change-Id: I3e03762217fbef1fb0cbff6239abb109cbec226b
This patch enables 3 new configuration options for haproxy.cfg
global section.
- haproxy_processes: number of haproxy processes (default:1).
- haproxy_max_connections: number of concurrent connections (default:4000)
- haproxy_process_cpu_map: enforces 1:1 mapping/affinity between
process and core. (default: no).
Closes-Bug: #1770060
Change-Id: I33fc499b083c7bcc548133498e44406a479389f1
Signed-off-by: Jorge Niedbalski <jorge.niedbalski@linaro.org>
- rename action and serial to kolla_ansible and kolla_serial
- use become instead of "sudo <command>" in shell
- Remove quota for failed_when and changed_when in rabbitmq tasks
Change-Id: I78cb60168aaa40bb6439198283546b7faf33917c
Implements: blueprint migrate-to-ansible-2-2-0
If user enables TLS it also is necessary to create
a certificate. This precheck ensures the certificate
file exists before starting deployment.
Change-Id: I772d52e228ed012b9f8ccb5b616f9b188d3d340c
Closes-Bug: #1765677
This patch adds the ansible role to deploy the prometheus service which
can be used to collect performance metrics accross the environment
Partially-Implements: blueprint prometheus
Change-Id: I908b9c9dad63ab5c9b80be1e3a80a4fc8191cb9e
If SSL is enabled, api of multiple services returns
wrong external URL without https prefix.
Removal of condition for deletion of http header.
Change-Id: I4264e04d0d6b9a3e11ef7dd7add6c5e166cf9fb4
Closes-Bug: #1749155
Closes-Bug: #1717491
This change allows access to InfluxDB via HAProxy on the internal
network.
If HA is required the Enterprise version of InfluxDB will need to
be installed. This could be implemented by customising the InfluxDB
Docker file.
There are other alternatives to HA, such as the InfluxDB Relay [1].
Support for this is considered to be outside of the scope of this
bugfix.
[1] https://docs.openstack.org/developer/performance-docs/
methodologies/monitoring/influxha.html
Closes-Bug: #1751283
Change-Id: I4624efbd99c0cddd1361f2438866ad3a82e5557b
This commit provides operators with the ability to specify additional
options per HTTP or TCP listener stanza.
Change-Id: I66cc5372f2a686213b6748a8260cfe84f789ad8e
Implements: blueprint haproxy-listener-extra-options
timeout tunnel is use for WebSocket and CONNECT protocol. Need use a
larger number for it. Otherwise, novnc will be auto disconnected if no
action happend in a short time on browser.
Change-Id: If37623e8fda5260ab0b38d2203f5266777dba063
Closes-Bug: #1759774
Clients usually have sophisticated logic for handling
key redistribution on node failure; so going under the
covers and messing with that is bad (because then the
clients and their sophisticated logic is unaware of
what is going on).
Change-Id: Ica12240440d28f930b917d5d6202f4f9e6675b2a
This patchset implements yamllint test to all *.yml
files.
Also fixes syntax errors to make jobs to pass.
Change-Id: I3186adf9835b4d0cada272d156b17d1bc9c2b799
In some data centers multicast traffic is prohibited. Additionally
VRRP id needs to be unique within broadcast domain when keepalived
operates in multicast mode, otherwise it fails to start.
However keepalived can be configured to use unicast traffic [1].
In unicast mode VRRP id doesn't make sense, but needs to be
the same among peers.
[1] http://manpages.ubuntu.com/manpages/zesty/man5/keepalived.conf.5.html
Change-Id: I692ecbb0aa750baf20c013b53b57f88b474b63cc
Signed-off-by: Pavel Glushchak <pglushchak@virtuozzo.com>
This PS does:
1) Let haproxy to be ODL websocket's frontend and listen on port 8185.
2) Add 10-rest-connector.xml config file template for ODL container.
3) ODL websocket backend listen only on api interface, port is also
8185.
Closes-Bug: #1745323
Change-Id: Id330d610c7cd8a239b0f77c8f5f47422d48b9977
Signed-off-by: Zhijiang Hu <hu.zhijiang@zte.com.cn>
otherwise, if the jinja2 blocks at the end of the line, it will remove
the last newline character and join two lines into one.
Change-Id: Ie710342fb034e477ff854eba3915dd845bddd257
This change allows the following use cases:
1. Using an already-configured MariaDB / MySQL server / Cluster
2. Using already-created DB users, without requiring root DB access.
Update: added external mariadb precheck
Change-Id: I78b0d178306d7c5293b0bf53e445f19f18b4b824
Implements: blueprint external-mariadb-support.
Closes-Bug: #1603121
Haproxy keeps restarting due memcached servers
are writen in a single line. adds a empty line
in the for so each server is in its line
Change-Id: I763a23de7f70e9ebe543b935b175e675ec774f9a
Memcached do not support cluster. Then make it work in active-standby
mode. This will be helpful to implement high available when using memcached
as tooz backend.
Change-Id: I13722111d8b8d5b066e9a85d4c8d1679704c8caa
