openstack/kolla-ansible
Code Issues Proposed changes

Update Keystone haproxy config to balance based on source ip

Browse Source 
Source based routing is necessary for some services where we want the
same clients land to the same servers.

For exanmple, Keystone uses one of many memcached servers - if a client
gets a token from one but then lands on another api server on the next
request, that will bind to another cache and we get failed
authentication.

Other examples are horizon/murano where we upload a package in several
steps. If we don't balance client connections to the same host we will
end up with the package downloaded to one host but unsuccessfully
unpacked/imported on another host.

This option is commonly used in the official OpenStack docs [0]

[0] https://docs.openstack.org/ha-guide/controller-ha-haproxy.html

Co-Authored-By: James McCarthy <james.m.mccarthy@oracle.com>

Change-Id: I56f1e48f6dbe457e776a474222073bbefc48c92a
This commit is contained in:
Mick Thompson 2017-03-29 12:12:56 +01:00 committed by Paul Bourke (pbourke)
parent b46144573d
commit 91321ac8ff
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ansible/roles/haproxy/templates/haproxy.cfg.j2
View File

@ -57,6 +57,7 @@ listen mongodb
{% if enable_keystone | bool %}
listen keystone_internal
bind {{ kolla_internal_vip_address }}:{{ keystone_public_port }}
balance source
http-request del-header X-Forwarded-Proto if { ssl_fc }
{% for host in groups['keystone'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ keystone_public_port }} check inter 2000 rise 2 fall 5
@ -65,6 +66,7 @@ listen keystone_internal
listen keystone_external
bind {{ kolla_external_vip_address }}:{{ keystone_public_port }} {{ tls_bind_info }}
balance source
http-request del-header X-Forwarded-Proto if { ssl_fc }
http-request set-header X-Forwarded-Proto https if { ssl_fc }
{% for host in groups['keystone'] %}
@ -74,6 +76,7 @@ listen keystone_external
listen keystone_admin
bind {{ kolla_internal_vip_address }}:{{ keystone_admin_port }}
balance source
http-request del-header X-Forwarded-Proto if { ssl_fc }
{% for host in groups['keystone'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ keystone_admin_port }} check inter 2000 rise 2 fall 5