diff --git a/ansible/roles/glance/defaults/main.yml b/ansible/roles/glance/defaults/main.yml index 9de1584531..a15ecc895e 100644 --- a/ansible/roles/glance/defaults/main.yml +++ b/ansible/roles/glance/defaults/main.yml @@ -270,8 +270,8 @@ syslog_server: "{{ api_interface_address }}" syslog_glance_tls_proxy_facility: "local2" glance_tls_proxy_max_connections: 40000 -glance_tls_proxy_processes: 1 -glance_tls_proxy_process_cpu_map: "no" +glance_tls_proxy_threads: 1 +glance_tls_proxy_thread_cpu_map: "no" glance_tls_proxy_defaults_max_connections: 10000 # Glance TLS proxy timeout values diff --git a/ansible/roles/glance/templates/glance-tls-proxy.cfg.j2 b/ansible/roles/glance/templates/glance-tls-proxy.cfg.j2 index 18e29e94d9..a6b3aa0613 100644 --- a/ansible/roles/glance/templates/glance-tls-proxy.cfg.j2 +++ b/ansible/roles/glance/templates/glance-tls-proxy.cfg.j2 @@ -6,11 +6,9 @@ global daemon log {{ syslog_server }}:{{ syslog_udp_port }} {{ syslog_glance_tls_proxy_facility }} maxconn {{ glance_tls_proxy_max_connections }} - nbproc {{ glance_tls_proxy_processes }} - {% if (glance_tls_proxy_processes | int > 1) and (glance_tls_proxy_process_cpu_map | bool) %} - {% for cpu_idx in range(0, glance_tls_proxy_processes) %} - cpu-map {{ cpu_idx + 1 }} {{ cpu_idx }} - {% endfor %} + nbthread {{ glance_tls_proxy_threads }} + {% if (glance_tls_proxy_threads | int > 1) and (glance_tls_proxy_thread_cpu_map | bool) %} + cpu-map auto:1/all 0-63 {% endif %} ssl-default-bind-ciphers DEFAULT:!MEDIUM:!3DES ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 diff --git a/ansible/roles/neutron/defaults/main.yml b/ansible/roles/neutron/defaults/main.yml index 540cd5c29b..00cb2a368d 100644 --- a/ansible/roles/neutron/defaults/main.yml +++ b/ansible/roles/neutron/defaults/main.yml @@ -899,8 +899,8 @@ syslog_server: "{{ api_interface_address }}" syslog_neutron_tls_proxy_facility: "local4" neutron_tls_proxy_max_connections: 40000 -neutron_tls_proxy_processes: 1 -neutron_tls_proxy_process_cpu_map: "no" +neutron_tls_proxy_threads: 1 +neutron_tls_proxy_thread_cpu_map: "no" neutron_tls_proxy_defaults_max_connections: 10000 neutron_tls_proxy_http_request_timeout: "10s" neutron_tls_proxy_http_keep_alive_timeout: "10s" diff --git a/ansible/roles/neutron/templates/neutron-tls-proxy.cfg.j2 b/ansible/roles/neutron/templates/neutron-tls-proxy.cfg.j2 index cd0a1358ed..5e11d43465 100644 --- a/ansible/roles/neutron/templates/neutron-tls-proxy.cfg.j2 +++ b/ansible/roles/neutron/templates/neutron-tls-proxy.cfg.j2 @@ -6,11 +6,9 @@ global daemon log {{ syslog_server }}:{{ syslog_udp_port }} {{ syslog_neutron_tls_proxy_facility }} maxconn {{ neutron_tls_proxy_max_connections }} - nbproc {{ neutron_tls_proxy_processes }} - {% if (neutron_tls_proxy_processes | int > 1) and (neutron_tls_proxy_process_cpu_map | bool) %} - {% for cpu_idx in range(0, neutron_tls_proxy_processes) %} - cpu-map {{ cpu_idx + 1 }} {{ cpu_idx }} - {% endfor %} + nbthread {{ neutron_tls_proxy_threads }} + {% if (neutron_tls_proxy_threads | int > 1) and (neutron_tls_proxy_thread_cpu_map | bool) %} + cpu-map auto:1/all 0-63 {% endif %} ssl-default-bind-ciphers DEFAULT:!MEDIUM:!3DES ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 diff --git a/releasenotes/notes/haproxy-drop-processes-f6951f7b995e0694.yaml b/releasenotes/notes/haproxy-drop-processes-f6951f7b995e0694.yaml index 9b5269dde6..52af39bcb3 100644 --- a/releasenotes/notes/haproxy-drop-processes-f6951f7b995e0694.yaml +++ b/releasenotes/notes/haproxy-drop-processes-f6951f7b995e0694.yaml @@ -4,4 +4,8 @@ upgrade: Configuring HAProxy nbproc setting via ``haproxy_processes`` and ``haproxy_process_cpu_map`` variables has been dropped since threads are the recommended way to scale CPU performance since 1.8. - Please use ``haproxy_threads`` and ``haproxy_thread_cpu_map`` instead. + This covers ``haproxy``, ``glance-tls-proxy`` and ``neutron-tls-proxy``. + Please use ``haproxy_threads`` and ``haproxy_thread_cpu_map`` instead + (or ``glance_tls_proxy_threads`` and ``glance_tls_proxy_thread_cpu_map`` + for Glance TLS proxy and ``neutron_tls_proxy_threads`` and + ``neutron_tls_proxy_thread_cpu_map`` for Neutron TLS proxy).