openstack/kolla-ansible
Code Issues Proposed changes

Revert "Update Keystone haproxy config to balance based on source ip"

Browse Source 
This reverts commit 91321ac8ff342ad8276c6874f85b7ad3a823a444.

The reasoning given in this commit is incorrect. Keystone/oslo.cache
uses memcached hosts based on a hashing of the key to determine which
memcached host to check. If you have different configured memcached
servers per keystone deployment you have a mis-configured deployment.

Any RESTapi should be capable of roundrobin load-balancing. I am not
familiar with the Murano case with uploading a package, but this change
also does not address Murano at all.

As far as Horizon goes, that hasn't had a problem with shared backends
since the beginning because we use memcached servers with a shared
secret key [1].

All this change has done is lowered the efficiency of loadbalancing
keystone.

[1] https://github.com/openstack/kolla-ansible/blob/master/ansible/roles/horizon/templates/local_settings.j2#L149

Change-Id: Ic0b550e7c96d67c39153933b527ab3edf7d90f27
This commit is contained in:
Sam Yaple 2017-08-19 18:07:07 +00:00
parent 91321ac8ff
commit 0fc512e0fe
1 changed files with 0 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ansible/roles/haproxy/templates/haproxy.cfg.j2
View File

@ -57,7 +57,6 @@ listen mongodb
{% if enable_keystone | bool %}
listen keystone_internal
bind {{ kolla_internal_vip_address }}:{{ keystone_public_port }}
balance source
http-request del-header X-Forwarded-Proto if { ssl_fc }
{% for host in groups['keystone'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ keystone_public_port }} check inter 2000 rise 2 fall 5
@ -66,7 +65,6 @@ listen keystone_internal
listen keystone_external
bind {{ kolla_external_vip_address }}:{{ keystone_public_port }} {{ tls_bind_info }}
balance source
http-request del-header X-Forwarded-Proto if { ssl_fc }
http-request set-header X-Forwarded-Proto https if { ssl_fc }
{% for host in groups['keystone'] %}
@ -76,7 +74,6 @@ listen keystone_external
listen keystone_admin
bind {{ kolla_internal_vip_address }}:{{ keystone_admin_port }}
balance source
http-request del-header X-Forwarded-Proto if { ssl_fc }
{% for host in groups['keystone'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ keystone_admin_port }} check inter 2000 rise 2 fall 5