opendev/system-config
Code Issues Proposed changes

Do more robust checks against zuul-web with haproxy

Browse Source 
Switch the port 80 and 443 endpoints over to doing http checks instead
of tcp checks. This ensures that both apache and the zuul-web backend
are functional before balancing to them.

The fingergw remains a tcp check.

Change-Id: Iabe2d7822c9ef7e4514b9a0eb627f15b93ad48e2
This commit is contained in:
Clark Boylan 2022-03-04 12:49:38 -08:00
parent 3f8acefbe1
commit f24bbf97a7
3 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
inventory/service/group_vars/zuul-lb.yaml
View File

@ -2,27 +2,36 @@ zuul_lb_listeners:
- name: balance_zuul_http - name: balance_zuul_http
bind: bind:
- ':::80' - ':::80'
check_option: 'httpchk'
servers: servers:
- name: 'zuul01.opendev.org' - name: 'zuul01.opendev.org'
address: '104.130.246.57:80' address: '104.130.246.57:80'
check_method: 'check'
- name: 'zuul02.opendev.org' - name: 'zuul02.opendev.org'
address: '104.130.246.31:80' address: '104.130.246.31:80'
check_method: 'check'
- name: balance_zuul_https - name: balance_zuul_https
bind: bind:
- ':::443' - ':::443'
check_option: 'httpchk'
servers: servers:
- name: 'zuul01.opendev.org' - name: 'zuul01.opendev.org'
address: '104.130.246.57:443' address: '104.130.246.57:443'
check_method: 'check-ssl verify none'
- name: 'zuul02.opendev.org' - name: 'zuul02.opendev.org'
address: '104.130.246.31:443' address: '104.130.246.31:443'
check_method: 'check-ssl verify none'
- name: balance_zuul_finger - name: balance_zuul_finger
bind: bind:
- ':::79' - ':::79'
check_option: 'tcp-check'
servers: servers:
- name: 'zuul01.opendev.org' - name: 'zuul01.opendev.org'
address: '104.130.246.57:79' address: '104.130.246.57:79'
check_method: 'check'
- name: 'zuul02.opendev.org' - name: 'zuul02.opendev.org'
address: '104.130.246.31:79' address: '104.130.246.31:79'
check_method: 'check'
iptables_extra_public_tcp_ports: iptables_extra_public_tcp_ports:
- 443 - 443
- 80 - 80

4
playbooks/roles/zuul-lb/templates/zuul-haproxy.cfg.j2
View File

@ -27,10 +27,10 @@ listen {{ listener.name }}
{% endfor %} {% endfor %}
mode tcp mode tcp
balance source balance source
option tcp-check option {{ listener.check_option }}
{% for server in listener.servers %} {% for server in listener.servers %}
server {{ server.name }} {{ server.address }} check server {{ server.name }} {{ server.address }} {{ server.check_method }}
{% endfor %} {% endfor %}
{% endfor %} {% endfor %}

6
playbooks/zuul/templates/group_vars/zuul-lb.yaml.j2
View File

@ -2,18 +2,24 @@ zuul_lb_listeners:
- name: balance_zuul_http - name: balance_zuul_http
bind: bind:
- ":::80" - ":::80"
check_option: "httpchk"
servers: servers:
- name: "zuul02.opendev.org" - name: "zuul02.opendev.org"
address: "{{ (hostvars['zuul02.opendev.org'] | default({})).get('nodepool', {}).get('public_ipv4', '') }}:80" address: "{{ (hostvars['zuul02.opendev.org'] | default({})).get('nodepool', {}).get('public_ipv4', '') }}:80"
check_method: "check"
- name: balance_zuul_https - name: balance_zuul_https
bind: bind:
- ":::443" - ":::443"
check_option: "httpchk"
servers: servers:
- name: "zuul02.opendev.org" - name: "zuul02.opendev.org"
address: "{{ (hostvars['zuul02.opendev.org'] | default({})).get('nodepool', {}).get('public_ipv4', '') }}:443" address: "{{ (hostvars['zuul02.opendev.org'] | default({})).get('nodepool', {}).get('public_ipv4', '') }}:443"
check_method: 'check-ssl verify none'
- name: balance_zuul_finger - name: balance_zuul_finger
bind: bind:
- ":::79" - ":::79"
check_option: "tcp-check"
servers: servers:
- name: "zuul02.opendev.org" - name: "zuul02.opendev.org"
address: "{{ (hostvars['zuul02.opendev.org'] | default({})).get('nodepool', {}).get('public_ipv4', '') }}:79" address: "{{ (hostvars['zuul02.opendev.org'] | default({})).get('nodepool', {}).get('public_ipv4', '') }}:79"
check_method: "check"