15 Commits

Author SHA1 Message Date
Eduardo Gonzalez
4c27bd0d41 Fix Haproxy reconfigure
HAproxy always restart containers when doing reconfigure.
compare_container not evaluate privileged while the containers
are privileged.
compare_container always evaluates true because of this.

Closes-Bug: #1678122
Change-Id: Iaea80c1e09ef16a6d2530a75e6f37e6259bb4ca7
2017-03-31 12:48:28 +00:00
Mauricio Lima
a836033e14 Optimize reconfiguration for haproxy
Co-Authored-By: caoyuan <cao.yuan@99cloud.net>
Change-Id: Iddde03760ff85af5263868ebc47b8b9438e92e8e
Partially-implements: blueprint better-reconfigure
2017-03-30 18:36:31 +08:00
Jenkins
62c3643f4a Merge "Allow a custom haproxy configuration file" 2016-09-22 07:48:16 +00:00
Christian Berendt
4e30d0f405 Allow a custom keepalived configuration file
TrivialFix

Change-Id: If63053d707e0e6642883745c702d13b63093131a
2016-09-20 16:43:47 +02:00
Christian Berendt
19ed74d638 Allow a custom haproxy configuration file
TrivialFix

Change-Id: I5ebb8bc42fa9483adfb397ba1856c750a3b70a7b
2016-09-20 16:41:52 +02:00
SamYaple
22fe11840b Move sysctl out of haproxy container
sysctl was improperly set in the contaienr itself which is not correct

TrivialFix

Change-Id: If2ffca6d2a40e86db4af2f103a27b280bc5fa2ff
2016-03-15 14:56:38 +00:00
SamYaple
dd8e1cb2ee Fix horizon with ssl
Ubuntu did not have mod_headers enabled by default

Remove unused variable and adjust 'when' conditional positioning

TrivialFix

Change-Id: I82b8724526c24f4481a80165520d624f6a02c336
2016-03-04 14:51:50 +00:00
Dave McCowan
3daded6242 Add TLS protection on external API endpoints
TLS can be used to encrypt and authenticate the connection with
OpenStack endpoints.  This patch provides the necessary
parameters and changes the resulting service configurations to
enable TLS for the Kolla deployed OpenStack cloud.

The new input parameters are:

kolla_enable_tls_external: "yes" or "no" (default is "no")
kolla_external_fqdn_cert: "/etc/kolla/certificates/haproxy.pem"
kolla_external_fqdn_cacert: "/etc/kolla/certificates/haproxy-ca.crt"

Implements: blueprint kolla-ssl

Change-Id: I48ef8a781c3035d58817f9bf6f36d59a488bab41
2016-03-03 14:44:37 -05:00
Maciej Szankin
57fdb0ceed Consistency changes in configs
TrivialFix

Change-Id: Iafd92e4e962dec5a225582ff058ab3603e5a50bb
2016-01-19 14:58:11 +01:00
SamYaple
9be1799beb Fix file permissions
Throughout the project overtime some of these file permissions have
changed to have an executable bit. They should not have this bit set.

TrivialFix

Change-Id: I1748b5bde813a0fcac36aeecdfd83245b8ee5be3
2015-12-26 17:36:38 +00:00
SamYaple
ed82afa8e9 Simplify config creation
Convert config creation from a playbook to an action_plugin. This
reduces the complexity and confusion while retaining the same augment
structure and flexibility.

This allows us to remove the 0-byte files as requirements. They will
still be used if they are present (this means we require additional
documentation around them).

DocImpact
Closes-Bug: #1528430
Change-Id: I2c789f6be9f195c7771ca093a6d59499564b4740
2015-12-22 04:28:53 +00:00
Sam Yaple
1efdf4574d Allow disabling of sysctl values
The main reason for this change is to allow the DinD stuff to work. It
has limited use outside of that use case, but it may still be useful
to others in the future.

Change-Id: Ib3a4639cfb3fc0d378d33fc8b9ff8eb597f818ab
Partially-Implements: blueprint multinode-gate
2015-11-05 16:29:25 +00:00
Sam Yaple
89ecfc164e Replace config-external - haproxy keepalived
Change-Id: I668c31401305713e720f0f0ae8ec18e320ea1c76
Partially-Implements: blueprint replace-config-external
2015-09-25 11:06:27 +00:00
Sam Yaple
ab9f652113 Add keepalived to ansible
Adds the needed ansible bits to support keepalived

Closes-Bug: #1479934
Change-Id: Iace29b23a0e923b1f5dc9a4f5bc0f88afce3ae62
Partially-Implements: blueprint ansible-service
2015-07-30 19:08:22 +00:00
Michal Jastrzebski (inc0)
2d920745a4 Ansible install of HAProxy
This commit consists HAProxy ansible bits including config generation,
container deployment and hot reloads.

Closes-Bug: #1477915
Co-Authored-By: Sam Yaple <sam@yaple.net>
Change-Id: Ie93fa68fdb6b2885889c992ff1267d38b68e0cbc
Partially-implements: blueprint ansible-service
2015-07-28 15:46:42 +00:00