+++ /dev/null
-# Copyright 2014 Red Hat, Inc.
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-# == Class: tripleo::loadbalancer
-#
-# Configure an HAProxy/keepalived loadbalancer for TripleO.
-#
-# === Parameters:
-#
-# [*manage_vip*]
-# Whether to configure keepalived to manage the VIPs or not.
-# Defaults to true
-#
-# [*haproxy_service_manage*]
-# Will be passed as value for service_manage to HAProxy module.
-# Defaults to true
-#
-# [*haproxy_global_maxconn*]
-# The value to use as maxconn in the HAProxy global config section.
-# Defaults to 20480
-#
-# [*haproxy_default_maxconn*]
-# The value to use as maxconn in the HAProxy default config section.
-# Defaults to 4096
-#
-# [*haproxy_default_timeout*]
-# The value to use as timeout in the HAProxy default config section.
-# Defaults to [ 'http-request 10s', 'queue 1m', 'connect 10s', 'client 1m', 'server 1m', 'check 10s' ]
-#
-# [*haproxy_listen_bind_param*]
-# A list of params to be added to the HAProxy listener bind directive. By
-# default the 'transparent' param is added but it should be cleared if
-# one of the *_virtual_ip addresses is a wildcard, eg. 0.0.0.0
-# Defaults to [ 'transparent' ]
-#
-# [*haproxy_member_options*]
-# The default options to use for the HAProxy balancer members.
-# Defaults to [ 'check', 'inter 2000', 'rise 2', 'fall 5' ]
-#
-# [*haproxy_log_address*]
-# The IPv4, IPv6 or filesystem socket path of the syslog server.
-# Defaults to '/dev/log'
-#
-# [*controller_host*]
-# (Deprecated)Host or group of hosts to load-balance the services
-# Can be a string or an array.
-# Defaults to undef
-#
-# [*controller_hosts*]
-# IPs of host or group of hosts to load-balance the services
-# Can be a string or an array.
-# Defaults to undef
-#
-# [*controller_hosts_names*]
-# Names of host or group of hosts to load-balance the services
-# Can be a string or an array.
-# Defaults to undef
-#
-# [*controller_virtual_ip*]
-# Control IP or group of IPs to bind the pools
-# Can be a string or an array.
-# Defaults to undef
-#
-# [*control_virtual_interface*]
-# Interface to bind the control VIP
-# Can be a string or an array.
-# Defaults to undef
-#
-# [*public_virtual_interface*]
-# Interface to bind the public VIP
-# Can be a string or an array.
-# Defaults to undef
-#
-# [*public_virtual_ip*]
-# Public IP or group of IPs to bind the pools
-# Can be a string or an array.
-# Defaults to undef
-#
-# [*internal_api_virtual_ip*]
-# Virtual IP on the internal API network.
-# A string.
-# Defaults to false
-#
-# [*storage_virtual_ip*]
-# Virtual IP on the storage network.
-# A string.
-# Defaults to false
-#
-# [*storage_mgmt_virtual_ip*]
-# Virtual IP on the storage mgmt network.
-# A string.
-# Defaults to false
-#
-# [*haproxy_stats_user*]
-# Username for haproxy stats authentication.
-# A string.
-# Defaults to 'admin'
-#
-# [*haproxy_stats_password*]
-# Password for haproxy stats authentication. When set, authentication is
-# enabled on the haproxy stats endpoint.
-# A string.
-# Defaults to undef
-#
-# [*service_certificate*]
-# Filename of an HAProxy-compatible certificate and key file
-# When set, enables SSL on the public API endpoints using the specified file.
-# Defaults to undef
-#
-# [*internal_certificate*]
-# Filename of an HAProxy-compatible certificate and key file
-# When set, enables SSL on the internal API endpoints using the specified file.
-# Defaults to undef
-#
-# [*ssl_cipher_suite*]
-# The default string describing the list of cipher algorithms ("cipher suite")
-# that are negotiated during the SSL/TLS handshake for all "bind" lines. This
-# value comes from the Fedora system crypto policy.
-# Defaults to '!SSLv2:kEECDH:kRSA:kEDH:kPSK:+3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES'
-#
-# [*ssl_options*]
-# String that sets the default ssl options to force on all "bind" lines.
-# Defaults to 'no-sslv3'
-#
-# [*haproxy_stats_certificate*]
-# Filename of an HAProxy-compatible certificate and key file
-# When set, enables SSL on the haproxy stats endpoint using the specified file.
-# Defaults to undef
-#
-# [*keystone_admin*]
-# (optional) Enable or not Keystone Admin API binding
-# Defaults to false
-#
-# [*keystone_public*]
-# (optional) Enable or not Keystone Public API binding
-# Defaults to false
-#
-# [*neutron*]
-# (optional) Enable or not Neutron API binding
-# Defaults to false
-#
-# [*cinder*]
-# (optional) Enable or not Cinder API binding
-# Defaults to false
-#
-# [*manila*]
-# (optional) Enable or not Manila API binding
-# Defaults to false
-#
-# [*sahara*]
-# (optional) Enable or not Sahara API binding
-# defaults to false
-#
-# [*trove*]
-# (optional) Enable or not Trove API binding
-# defaults to false
-#
-# [*glance_api*]
-# (optional) Enable or not Glance API binding
-# Defaults to false
-#
-# [*glance_registry*]
-# (optional) Enable or not Glance registry binding
-# Defaults to false
-#
-# [*nova_osapi*]
-# (optional) Enable or not Nova API binding
-# Defaults to false
-#
-# [*nova_metadata*]
-# (optional) Enable or not Nova metadata binding
-# Defaults to false
-#
-# [*nova_novncproxy*]
-# (optional) Enable or not Nova novncproxy binding
-# Defaults to false
-#
-# [*ceilometer*]
-# (optional) Enable or not Ceilometer API binding
-# Defaults to false
-#
-# [*aodh*]
-# (optional) Enable or not Aodh API binding
-# Defaults to false
-#
-# [*gnocchi*]
-# (optional) Enable or not Gnocchi API binding
-# Defaults to false
-#
-# [*swift_proxy_server*]
-# (optional) Enable or not Swift API binding
-# Defaults to false
-#
-# [*heat_api*]
-# (optional) Enable or not Heat API binding
-# Defaults to false
-#
-# [*heat_cloudwatch*]
-# (optional) Enable or not Heat Cloudwatch API binding
-# Defaults to false
-#
-# [*heat_cfn*]
-# (optional) Enable or not Heat CFN API binding
-# Defaults to false
-#
-# [*horizon*]
-# (optional) Enable or not Horizon dashboard binding
-# Defaults to false
-#
-# [*ironic*]
-# (optional) Enable or not Ironic API binding
-# Defaults to false
-#
-# [*mysql*]
-# (optional) Enable or not MySQL Galera binding
-# Defaults to false
-#
-# [*mysql_clustercheck*]
-# (optional) Enable check via clustercheck for mysql
-# Defaults to false
-#
-# [*rabbitmq*]
-# (optional) Enable or not RabbitMQ binding
-# Defaults to false
-#
-# [*redis*]
-# (optional) Enable or not Redis binding
-# Defaults to false
-#
-# [*redis_password*]
-# (optional) Password for Redis authentication, eventually needed by the
-# specific monitoring we do from HAProxy for Redis
-# Defaults to undef
-#
-# [*midonet_api*]
-# (optional) Enable or not MidoNet API binding
-# Defaults to false
-#
-# [*service_ports*]
-# (optional) Hash that contains the values to override from the service ports
-# The available keys to modify the services' ports are:
-# 'aodh_api_port' (Defaults to 8042)
-# 'aodh_api_ssl_port' (Defaults to 13042)
-# 'ceilometer_api_port' (Defaults to 8777)
-# 'ceilometer_api_ssl_port' (Defaults to 13777)
-# 'cinder_api_port' (Defaults to 8776)
-# 'cinder_api_ssl_port' (Defaults to 13776)
-# 'glance_api_port' (Defaults to 9292)
-# 'glance_api_ssl_port' (Defaults to 13292)
-# 'glance_registry_port' (Defaults to 9191)
-# 'gnocchi_api_port' (Defaults to 8041)
-# 'gnocchi_api_ssl_port' (Defaults to 13041)
-# 'heat_api_port' (Defaults to 8004)
-# 'heat_api_ssl_port' (Defaults to 13004)
-# 'heat_cfn_port' (Defaults to 8000)
-# 'heat_cfn_ssl_port' (Defaults to 13005)
-# 'heat_cw_port' (Defaults to 8003)
-# 'heat_cw_ssl_port' (Defaults to 13003)
-# 'ironic_api_port' (Defaults to 6385)
-# 'ironic_api_ssl_port' (Defaults to 13385)
-# 'keystone_admin_api_port' (Defaults to 35357)
-# 'keystone_admin_api_ssl_port' (Defaults to 13357)
-# 'keystone_public_api_port' (Defaults to 5000)
-# 'keystone_public_api_ssl_port' (Defaults to 13000)
-# 'manila_api_port' (Defaults to 8786)
-# 'manila_api_ssl_port' (Defaults to 13786)
-# 'neutron_api_port' (Defaults to 9696)
-# 'neutron_api_ssl_port' (Defaults to 13696)
-# 'nova_api_port' (Defaults to 8774)
-# 'nova_api_ssl_port' (Defaults to 13774)
-# 'nova_metadata_port' (Defaults to 8775)
-# 'nova_novnc_port' (Defaults to 6080)
-# 'nova_novnc_ssl_port' (Defaults to 13080)
-# 'sahara_api_port' (Defaults to 8386)
-# 'sahara_api_ssl_port' (Defaults to 13386)
-# 'swift_proxy_port' (Defaults to 8080)
-# 'swift_proxy_ssl_port' (Defaults to 13808)
-# 'trove_api_port' (Defaults to 8779)
-# 'trove_api_ssl_port' (Defaults to 13779)
-# Defaults to {}
-#
-class tripleo::loadbalancer (
- $controller_virtual_ip,
- $control_virtual_interface,
- $public_virtual_interface,
- $public_virtual_ip,
- $internal_api_virtual_ip = false,
- $storage_virtual_ip = false,
- $storage_mgmt_virtual_ip = false,
- $manage_vip = true,
- $haproxy_service_manage = true,
- $haproxy_global_maxconn = 20480,
- $haproxy_default_maxconn = 4096,
- $haproxy_default_timeout = [ 'http-request 10s', 'queue 1m', 'connect 10s', 'client 1m', 'server 1m', 'check 10s' ],
- $haproxy_listen_bind_param = [ 'transparent' ],
- $haproxy_member_options = [ 'check', 'inter 2000', 'rise 2', 'fall 5' ],
- $haproxy_log_address = '/dev/log',
- $haproxy_stats_user = 'admin',
- $haproxy_stats_password = undef,
- $controller_host = undef,
- $controller_hosts = undef,
- $controller_hosts_names = undef,
- $service_certificate = undef,
- $internal_certificate = undef,
- $ssl_cipher_suite = '!SSLv2:kEECDH:kRSA:kEDH:kPSK:+3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES',
- $ssl_options = 'no-sslv3',
- $haproxy_stats_certificate = undef,
- $keystone_admin = false,
- $keystone_public = false,
- $neutron = false,
- $cinder = false,
- $sahara = false,
- $trove = false,
- $manila = false,
- $glance_api = false,
- $glance_registry = false,
- $nova_osapi = false,
- $nova_metadata = false,
- $nova_novncproxy = false,
- $ceilometer = false,
- $aodh = false,
- $gnocchi = false,
- $swift_proxy_server = false,
- $heat_api = false,
- $heat_cloudwatch = false,
- $heat_cfn = false,
- $horizon = false,
- $ironic = false,
- $mysql = false,
- $mysql_clustercheck = false,
- $rabbitmq = false,
- $redis = false,
- $redis_password = undef,
- $midonet_api = false,
- $service_ports = {}
-) {
- warning('This class is going to be dropped during Newton cycle, replaced by tripleo::haproxy and tripleo::keepalived.')
- class { '::tripleo::haproxy':
- controller_virtual_ip => $controller_virtual_ip,
- public_virtual_ip => $public_virtual_ip,
- # Force to false because we already declare ::tripleo::keepalived later in this manifest to kep
- # old hieradata binding.
- keepalived => false,
- haproxy_service_manage => $haproxy_service_manage,
- haproxy_global_maxconn => $haproxy_global_maxconn,
- haproxy_default_maxconn => $haproxy_default_maxconn,
- haproxy_default_timeout => $haproxy_default_timeout,
- haproxy_listen_bind_param => $haproxy_listen_bind_param,
- haproxy_member_options => $haproxy_member_options,
- haproxy_log_address => $haproxy_log_address,
- haproxy_stats_user => $haproxy_stats_user,
- haproxy_stats_password => $haproxy_stats_password,
- controller_host => $controller_host,
- controller_hosts => $controller_hosts,
- controller_hosts_names => $controller_hosts_names,
- service_certificate => $service_certificate,
- internal_certificate => $internal_certificate,
- ssl_cipher_suite => $ssl_cipher_suite,
- ssl_options => $ssl_options,
- haproxy_stats_certificate => $haproxy_stats_certificate,
- keystone_admin => $keystone_admin,
- keystone_public => $keystone_public,
- neutron => $neutron,
- cinder => $cinder,
- sahara => $sahara,
- trove => $trove,
- manila => $manila,
- glance_api => $glance_api,
- glance_registry => $glance_registry,
- nova_osapi => $nova_osapi,
- nova_metadata => $nova_metadata,
- nova_novncproxy => $nova_novncproxy,
- ceilometer => $ceilometer,
- aodh => $aodh,
- gnocchi => $gnocchi,
- swift_proxy_server => $swift_proxy_server,
- heat_api => $heat_api,
- heat_cloudwatch => $heat_cloudwatch,
- heat_cfn => $heat_cfn,
- horizon => $horizon,
- ironic => $ironic,
- mysql => $mysql,
- mysql_clustercheck => $mysql_clustercheck,
- rabbitmq => $rabbitmq,
- redis => $redis,
- redis_password => $redis_password,
- midonet_api => $midonet_api,
- service_ports => $service_ports,
- }
-
- if $manage_vip {
- class { '::tripleo::keepalived':
- controller_virtual_ip => $controller_virtual_ip,
- control_virtual_interface => $public_virtual_interface,
- public_virtual_interface => $public_virtual_interface,
- public_virtual_ip => $public_virtual_ip,
- internal_api_virtual_ip => $internal_api_virtual_ip,
- storage_virtual_ip => $storage_virtual_ip,
- storage_mgmt_virtual_ip => $storage_mgmt_virtual_ip,
- }
- }
-}
+++ /dev/null
-# Copyright 2014 Red Hat, Inc.
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-# == Class: tripleo::loadbalancer::endpoint
-#
-# Configure a HAProxy listen endpoint
-#
-# [*internal_ip*]
-# The IP in which the proxy endpoint will be listening in the internal
-# network.
-#
-# [*service_port*]
-# The default port on which the endpoint will be listening.
-#
-# [*ip_addresses*]
-# The ordered list of IPs to be used to contact the balancer member.
-#
-# [*server_names*]
-# The names of the balancer members, which usually should be the hostname.
-#
-# [*member_options*]
-# Options for the balancer member, specified after the server declaration.
-# These should go in the member's configuration block.
-#
-# [*public_virtual_ip*]
-# Address in which the proxy endpoint will be listening in the public network.
-# If this service is internal only this should be ommited.
-# Defaults to undef.
-#
-# [*mode*]
-# HAProxy mode in which the endpoint will be listening. This can be undef,
-# tcp, http or health.
-# Defaults to undef.
-#
-# [*haproxy_listen_bind_param*]
-# A list of params to be added to the HAProxy listener bind directive.
-# Defaults to undef.
-#
-# [*listen_options*]
-# Options specified for the listening service's configuration block (in
-# HAproxy terms, the frontend).
-# defaults to {'option' => []}
-#
-# [*public_ssl_port*]
-# The port used for the public proxy endpoint if it differs from the default
-# one. This is used only if SSL is enabled, and it's used in order to avoid
-# overriding with the internal proxy endpoint (which could happen if they were
-# in the same network).
-# Defaults to undef.
-#
-# [*public_certificate*]
-# Certificate path used to enable TLS for the public proxy endpoint.
-# Defaults to undef.
-#
-# [*internal_certificate*]
-# Certificate path used to enable TLS for the internal proxy endpoint.
-# Defaults to undef.
-#
-define tripleo::loadbalancer::endpoint (
- $internal_ip,
- $service_port,
- $ip_addresses,
- $server_names,
- $member_options,
- $public_virtual_ip = undef,
- $mode = undef,
- $haproxy_listen_bind_param = undef,
- $listen_options = {
- 'option' => [],
- },
- $public_ssl_port = undef,
- $public_certificate = undef,
- $internal_certificate = undef,
-) {
- ::tripleo::haproxy::endpoint { $name:
- internal_ip => $internal_ip,
- service_port => $service_port,
- ip_addresses => $ip_addresses,
- server_names => $server_names,
- member_options => $member_options,
- public_virtual_ip => $public_virtual_ip,
- mode => $mode,
- haproxy_listen_bind_param => $haproxy_listen_bind_param,
- listen_options => $listen_options,
- public_ssl_port => $public_ssl_port,
- public_certificate => $public_certificate,
- internal_certificate => $internal_certificate
- }
-}
clone_params => true,
}
- # TODO(emilien): clean-up old parameter references when
- # https://review.openstack.org/#/c/320411/ is merged.
- if hiera('tripleo::loadbalancer::controller_virtual_ip', undef) {
- $control_vip_real = hiera('tripleo::loadbalancer::controller_virtual_ip')
- } else {
- $control_vip_real = hiera('controller_virtual_ip')
- }
+ $control_vip = hiera('controller_virtual_ip')
tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_control_vip':
vip_name => 'control',
- ip_address => $control_vip_real,
+ ip_address => $control_vip,
}
- if hiera('tripleo::loadbalancer::public_virtual_ip', undef) {
- $public_vip_real = hiera('tripleo::loadbalancer::public_virtual_ip')
- } else {
- $public_vip_real = hiera('public_virtual_ip')
- }
+ $public_vip = hiera('public_virtual_ip')
tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_public_vip':
- ensure => $public_vip_real and $public_vip_real != $control_vip_real,
+ ensure => $public_vip and $public_vip != $control_vip,
vip_name => 'public',
- ip_address => $public_vip_real,
+ ip_address => $public_vip,
}
$redis_vip = hiera('redis_vip')
tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_redis_vip':
- ensure => $redis_vip and $redis_vip != $control_vip_real,
+ ensure => $redis_vip and $redis_vip != $control_vip,
vip_name => 'redis',
ip_address => $redis_vip,
}
- if hiera('tripleo::loadbalancer::internal_api_virtual_ip', undef) {
- $internal_api_vip_real = hiera('tripleo::loadbalancer::internal_api_virtual_ip')
- } else {
- $internal_api_vip_real = hiera('internal_api_virtual_ip')
- }
+ $internal_api_vip = hiera('internal_api_virtual_ip')
tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_internal_api_vip':
- ensure => $internal_api_vip_real and $internal_api_vip_real != $control_vip_real,
+ ensure => $internal_api_vip and $internal_api_vip != $control_vip,
vip_name => 'internal_api',
- ip_address => $internal_api_vip_real,
+ ip_address => $internal_api_vip,
}
- if hiera('tripleo::loadbalancer::storage_virtual_ip', undef) {
- $storage_vip_real = hiera('tripleo::loadbalancer::storage_virtual_ip')
- } else {
- $storage_vip_real = hiera('storage_virtual_ip')
- }
+ $storage_vip = hiera('storage_virtual_ip')
tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_storage_vip':
- ensure => $storage_vip_real and $storage_vip_real != $control_vip_real,
+ ensure => $storage_vip and $storage_vip != $control_vip,
vip_name => 'storage',
- ip_address => $storage_vip_real,
+ ip_address => $storage_vip,
}
- if hiera('tripleo::loadbalancer::storage_mgmt_virtual_ip', undef) {
- $storage_mgmt_vip_real = hiera('tripleo::loadbalancer::storage_mgmt_virtual_ip')
- } else {
- $storage_mgmt_vip_real = hiera('storage_mgmt_virtual_ip')
- }
+ $storage_mgmt_vip = hiera('storage_mgmt_virtual_ip')
tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_storage_mgmt_vip':
- ensure => $storage_mgmt_vip_real and $storage_mgmt_vip_real != $control_vip_real,
+ ensure => $storage_mgmt_vip and $storage_mgmt_vip != $control_vip,
vip_name => 'storage_mgmt',
- ip_address => $storage_mgmt_vip_real,
+ ip_address => $storage_mgmt_vip,
}
}
Code Review / apex-puppet-tripleo.git / commitdiff