{% set tls_bind_info = 'ssl crt /etc/haproxy/haproxy.pem' if kolla_enable_tls_external | bool else '' %} global chroot /var/lib/haproxy user haproxy group haproxy daemon log /var/lib/kolla/heka/log local0 maxconn 4000 stats socket /var/lib/kolla/haproxy/haproxy.sock {% if kolla_enable_tls_external | bool %} ssl-default-bind-ciphers DEFAULT:!MEDIUM:!3DES ssl-default-bind-options no-sslv3 no-tlsv10 tune.ssl.default-dh-param 4096 {% endif %} defaults log global mode http option redispatch option httplog option forwardfor retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout check 10s listen stats bind {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}:{{ haproxy_stats_port }} mode http stats enable stats uri / stats refresh 15s stats realm Haproxy\ Stats stats auth {{ haproxy_user }}:{{ haproxy_password }} {% if enable_mariadb | bool %} listen mariadb mode tcp option tcplog option tcpka option mysql-check user haproxy bind {{ kolla_internal_vip_address }}:{{ mariadb_port }} {% for host in groups['mariadb'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ mariadb_port }} check inter 2000 rise 2 fall 5 {% if not loop.first %}backup{% endif %} {% endfor %} {% endif %} {% if enable_rabbitmq | bool %} listen rabbitmq_management bind {{ kolla_internal_vip_address }}:{{ rabbitmq_management_port }} {% for host in groups['rabbitmq'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rabbitmq_management_port }} check inter 2000 rise 2 fall 5 {% endfor %} {% endif %} {% if enable_mongodb | bool %} listen mongodb bind {{ kolla_internal_vip_address }}:{{ mongodb_port }} {% for host in groups['mongodb'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ mongodb_port }} check inter 2000 rise 2 fall 5 {% endfor %} {% endif %} {% if enable_keystone | bool %} listen keystone_internal bind {{ kolla_internal_vip_address }}:{{ keystone_public_port }} http-request del-header X-Forwarded-Proto {% for host in groups['keystone'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ keystone_public_port }} check inter 2000 rise 2 fall 5 {% endfor %} {% if haproxy_enable_external_vip | bool %} listen keystone_external bind {{ kolla_external_vip_address }}:{{ keystone_public_port }} {{ tls_bind_info }} http-request del-header X-Forwarded-Proto http-request set-header X-Forwarded-Proto https if { ssl_fc } {% for host in groups['keystone'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ keystone_public_port }} check inter 2000 rise 2 fall 5 {% endfor %} {% endif %} listen keystone_admin bind {{ kolla_internal_vip_address }}:{{ keystone_admin_port }} http-request del-header X-Forwarded-Proto {% for host in groups['keystone'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ keystone_admin_port }} check inter 2000 rise 2 fall 5 {% endfor %} {% endif %} {% if enable_glance | bool %} listen glance_registry bind {{ kolla_internal_vip_address }}:{{ glance_registry_port }} {% for host in groups['glance-registry'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ glance_registry_port }} check inter 2000 rise 2 fall 5 {% endfor %} listen glance_api bind {{ kolla_internal_vip_address }}:{{ glance_api_port }} {% for host in groups['glance-api'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ glance_api_port }} check inter 2000 rise 2 fall 5 {% endfor %} {% if haproxy_enable_external_vip | bool %} listen glance_api_external bind {{ kolla_external_vip_address }}:{{ glance_api_port }} {{ tls_bind_info }} {% for host in groups['glance-api'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ glance_api_port }} check inter 2000 rise 2 fall 5 {% endfor %} {% endif %} {% endif %} {% if enable_nova | bool %} listen nova_api bind {{ kolla_internal_vip_address }}:{{ nova_api_port }} http-request del-header X-Forwarded-Proto {% for host in groups['nova-api'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_api_port }} check inter 2000 rise 2 fall 5 {% endfor %} listen nova_metadata bind {{ kolla_internal_vip_address }}:{{ nova_metadata_port }} http-request del-header X-Forwarded-Proto {% for host in groups['nova-api'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_metadata_port }} check inter 2000 rise 2 fall 5 {% endfor %} {% if nova_console == 'novnc' %} listen nova_novncproxy bind {{ kolla_internal_vip_address }}:{{ nova_novncproxy_port }} http-request del-header X-Forwarded-Proto http-request set-header X-Forwarded-Proto https if { ssl_fc } {% for host in groups['nova-novncproxy'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_novncproxy_port }} check inter 2000 rise 2 fall 5 {% endfor %} {% elif nova_console == 'spice' %} listen nova_spicehtml5proxy bind {{ kolla_internal_vip_address }}:{{ nova_spicehtml5proxy_port }} {% for host in groups['nova-spicehtml5proxy'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_spicehtml5proxy_port }} check inter 2000 rise 2 fall 5 {% endfor %} {% endif %} {% if haproxy_enable_external_vip | bool %} listen nova_api_external bind {{ kolla_external_vip_address }}:{{ nova_api_port }} {{ tls_bind_info }} http-request del-header X-Forwarded-Proto http-request set-header X-Forwarded-Proto https if { ssl_fc } {% for host in groups['nova-api'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_api_port }} check inter 2000 rise 2 fall 5 {% endfor %} listen nova_metadata_external bind {{ kolla_external_vip_address }}:{{ nova_metadata_port }} {{ tls_bind_info }} http-request del-header X-Forwarded-Proto http-request set-header X-Forwarded-Proto https if { ssl_fc } {% for host in groups['nova-api'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_metadata_port }} check inter 2000 rise 2 fall 5 {% endfor %} {% if nova_console == 'novnc' %} listen nova_novncproxy_external bind {{ kolla_external_vip_address }}:{{ nova_novncproxy_port }} {{ tls_bind_info }} http-request del-header X-Forwarded-Proto http-request set-header X-Forwarded-Proto https if { ssl_fc } {% for host in groups['nova-novncproxy'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_novncproxy_port }} check inter 2000 rise 2 fall 5 {% endfor %} {% elif nova_console == 'spice' %} listen nova_spicehtml5proxy_external bind {{ kolla_external_vip_address }}:{{ nova_spicehtml5proxy_port }} {{ tls_bind_info }} http-request del-header X-Forwarded-Proto http-request set-header X-Forwarded-Proto https if { ssl_fc } {% for host in groups['nova-spicehtml5proxy'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_spicehtml5proxy_port }} check inter 2000 rise 2 fall 5 {% endfor %} {% endif %} {% endif %} {% endif %} {% if enable_neutron | bool %} listen neutron_server bind {{ kolla_internal_vip_address }}:{{ neutron_server_port }} {% for host in groups['neutron-server'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ neutron_server_port }} check inter 2000 rise 2 fall 5 {% endfor %} {% if haproxy_enable_external_vip | bool %} listen neutron_server_external bind {{ kolla_external_vip_address }}:{{ neutron_server_port }} {{ tls_bind_info }} {% for host in groups['neutron-server'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ neutron_server_port }} check inter 2000 rise 2 fall 5 {% endfor %} {% endif %} {% endif %} {% if enable_horizon | bool %} listen horizon bind {{ kolla_internal_vip_address }}:80 http-request del-header X-Forwarded-Proto {% for host in groups['horizon'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:80 check inter 2000 rise 2 fall 5 {% endfor %} {% if haproxy_enable_external_vip | bool %} {% if kolla_enable_tls_external | bool %} listen horizon_external bind {{ kolla_external_vip_address }}:443 {{ tls_bind_info }} http-request del-header X-Forwarded-Proto http-request set-header X-Forwarded-Proto https if { ssl_fc } {% for host in groups['horizon'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:80 check inter 2000 rise 2 fall 5 {% endfor %} frontend horizon_external_redirect bind {{ kolla_external_vip_address }}:80 redirect scheme https code 301 if !{ ssl_fc } {% else %} listen horizon_external bind {{ kolla_external_vip_address }}:80 {% for host in groups['horizon'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:80 check inter 2000 rise 2 fall 5 {% endfor %} {% endif %} {% endif %} {% endif %} {% if enable_cinder | bool %} listen cinder_api bind {{ kolla_internal_vip_address }}:{{ cinder_api_port }} http-request del-header X-Forwarded-Proto {% for host in groups['cinder-api'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ cinder_api_port }} check inter 2000 rise 2 fall 5 {% endfor %} {% if haproxy_enable_external_vip | bool %} listen cinder_api_external bind {{ kolla_external_vip_address }}:{{ cinder_api_port }} {{ tls_bind_info }} http-request del-header X-Forwarded-Proto http-request set-header X-Forwarded-Proto https if { ssl_fc } {% for host in groups['cinder-api'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ cinder_api_port }} check inter 2000 rise 2 fall 5 {% endfor %} {% endif %} {% endif %} {% if enable_heat | bool %} listen heat_api bind {{ kolla_internal_vip_address }}:{{ heat_api_port }} http-request del-header X-Forwarded-Proto {% for host in groups['heat-api'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ heat_api_port }} check inter 2000 rise 2 fall 5 {% endfor %} listen heat_api_cfn bind {{ kolla_internal_vip_address }}:{{ heat_api_cfn_port }} http-request del-header X-Forwarded-Proto {% for host in groups['heat-api-cfn'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ heat_api_cfn_port }} check inter 2000 rise 2 fall 5 {% endfor %} {% if haproxy_enable_external_vip | bool %} listen heat_api_external bind {{ kolla_external_vip_address }}:{{ heat_api_port }} {{ tls_bind_info }} http-request del-header X-Forwarded-Proto http-request set-header X-Forwarded-Proto https if { ssl_fc } {% for host in groups['heat-api'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ heat_api_port }} check inter 2000 rise 2 fall 5 {% endfor %} listen heat_api_cfn_external bind {{ kolla_external_vip_address }}:{{ heat_api_cfn_port }} {{ tls_bind_info }} http-request del-header X-Forwarded-Proto http-request set-header X-Forwarded-Proto https if { ssl_fc } {% for host in groups['heat-api-cfn'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ heat_api_cfn_port }} check inter 2000 rise 2 fall 5 {% endfor %} {% endif %} {% endif %} {% if enable_ironic | bool %} listen ironic_api bind {{ kolla_internal_vip_address }}:{{ ironic_api_port }} {% for host in groups['ironic-api'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ ironic_api_port }} check inter 2000 rise 2 fall 5 {% endfor %} {% if haproxy_enable_external_vip | bool %} listen ironic_api_external bind {{ kolla_external_vip_address }}:{{ ironic_api_port }} {{ tls_bind_info }} {% for host in groups['ironic-api'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ ironic_api_port }} check inter 2000 rise 2 fall 5 {% endfor %} {% endif %} {% endif %} {% if enable_swift | bool %} listen swift_api bind {{ kolla_internal_vip_address }}:{{ swift_proxy_server_port }} {% for host in groups['swift-proxy-server'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ swift_proxy_server_port }} check inter 2000 rise 2 fall 5 {% endfor %} {% if haproxy_enable_external_vip | bool %} listen swift_api_external bind {{ kolla_external_vip_address }}:{{ swift_proxy_server_port }} {{ tls_bind_info }} {% for host in groups['swift-proxy-server'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ swift_proxy_server_port }} check inter 2000 rise 2 fall 5 {% endfor %} {% endif %} {% endif %} {% if enable_murano | bool %} listen murano_api bind {{ kolla_internal_vip_address }}:{{ murano_api_port }} {% for host in groups['murano-api'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ murano_api_port }} check inter 2000 rise 2 fall 5 {% endfor %} {% if haproxy_enable_external_vip | bool %} listen murano_api_external bind {{ kolla_external_vip_address }}:{{ murano_api_port }} {{ tls_bind_info }} {% for host in groups['murano-api'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ murano_api_port }} check inter 2000 rise 2 fall 5 {% endfor %} {% endif %} {% endif %} {% if enable_magnum | bool %} listen magnum_api bind {{ kolla_internal_vip_address }}:{{ magnum_api_port }} {% for host in groups['magnum-api'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ magnum_api_port }} check inter 2000 rise 2 fall 5 {% endfor %} {% if haproxy_enable_external_vip | bool %} listen magnum_api_external bind {{ kolla_external_vip_address }}:{{ magnum_api_port }} {{ tls_bind_info }} {% for host in groups['magnum-api'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ magnum_api_port }} check inter 2000 rise 2 fall 5 {% endfor %} {% endif %} {% endif %} {% if enable_ceph | bool and enable_ceph_rgw | bool %} listen radosgw bind {{ kolla_internal_vip_address }}:{{ rgw_port }} {% for host in groups['ceph-rgw'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rgw_port }} check inter 2000 rise 2 fall 5 {% endfor %} {% if haproxy_enable_external_vip | bool %} listen radosgw_external bind {{ kolla_external_vip_address }}:{{ rgw_port }} {{ tls_bind_info }} {% for host in groups['ceph-rgw'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rgw_port }} check inter 2000 rise 2 fall 5 {% endfor %} {% endif %} {% endif %} {% if enable_central_logging | bool %} userlist kibanauser user {{ kibana_user }} insecure-password {{ kibana_password }} listen kibana bind {{ kolla_internal_vip_address }}:{{ kibana_server_port }} acl auth_acl http_auth(kibanauser) http-request auth realm basicauth unless auth_acl {% for host in groups['kibana'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ kibana_server_port }} check inter 2000 rise 2 fall 5 {% endfor %} {% if haproxy_enable_external_vip | bool %} listen kibana_external bind {{ kolla_external_vip_address }}:{{ kibana_server_port }} {{ tls_bind_info }} http-request del-header X-Forwarded-Proto http-request set-header X-Forwarded-Proto https if { ssl_fc } acl auth_acl http_auth(kibanauser) http-request auth realm basicauth unless auth_acl {% for host in groups['kibana'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ kibana_server_port }} check inter 2000 rise 2 fall 5 {% endfor %} {% endif %} listen elasticsearch option dontlog-normal bind {{ kolla_internal_vip_address }}:{{ elasticsearch_port }} {% for host in groups['elasticsearch'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ elasticsearch_port }} check inter 2000 rise 2 fall 5 {% endfor %} {% endif %}