openstack/kolla-ansible
Code Issues Proposed changes
7186f960d9
kolla-ansible/ansible/roles/nova-cell/tasks/loadbalancer.yml
Michal Nasiadka 4bc410c6ca haproxy: support single external frontend 
Use case: exposing single external https frontend and
load balancing services using FQDNs.

Support different ports for internal and external endpoints.

Introduced kolla_url filter to normalize urls like:
- https://magnum.external:443/v1
- http://magnum.external:80/v1

Change-Id: I9fb03fe1cebce5c7198d523e015280c69f139cd0
Co-Authored-By: Jakub Darmach <jakub@stackhpc.com>
2023-06-29 01:44:00 +02:00

131 lines
6.6 KiB
YAML
Raw Blame History

---
# NOTE(mgoddard): Load balancer configuration for this role works a little
# differently than usual. We need to configure an HAProxy frontend for each
# enabled console proxy service (novnc, spicehtml5, serial), in each cell. We
# do this by configuring a unique port for each service in each cell, and
# proxying traffic on that port to the set of console proxies in the cell.
#
# We currently don't have a global list of all cells, so we are using the
# group membership as a guide. We'll take novncproxy as an example. We find the
# set of unique values of the 'nova_cell_novncproxy_group' variable for hosts
# in the global 'nova-novncproxy' group - there should be one for each cell.
# Then for each of those groups, we run the loadbalancer-config role, using the
# proxy configuration for a host in that group. This allows us to have
# different ports for each cell, and potentially a different console type
# (nova_console) also.
#
# Here we depend on the lazy nature of Jinja, referencing the variable
# 'cell_proxy_group' in 'cell_proxy_project_services' that will be the loop_var
# in proxy_loadbalancer.yml.
- import_tasks: proxy_loadbalancer.yml
vars:
# Default is necessary because this play may not be targetting the hosts in
# the nova-novncproxy group, and therefore they would not have role
# defaults defined. If we put these variables in group_vars, then they
# cannot be overridden by the inventory.
cell_proxy_groups: >-
{{ groups['nova-novncproxy'] |
map('extract', hostvars, 'nova_cell_novncproxy_group') |
map('default', 'nova-novncproxy') |
unique |
list }}
cell_proxy_service_name: nova-novncproxy
cell_proxy_project_services:
nova-novncproxy:
group: "{{ cell_proxy_group }}"
enabled: "{{ hostvars[groups[cell_proxy_group][0]]['nova_console'] == 'novnc' }}"
haproxy:
nova_novncproxy:
enabled: "{{ hostvars[groups[cell_proxy_group][0]]['nova_console'] == 'novnc' }}"
mode: "http"
external: false
port: "{{ hostvars[groups[cell_proxy_group][0]]['nova_novncproxy_port'] }}"
listen_port: "{{ hostvars[groups[cell_proxy_group][0]]['nova_novncproxy_listen_port'] }}"
backend_http_extra:
- "timeout tunnel 1h"
nova_novncproxy_external:
enabled: "{{ hostvars[groups[cell_proxy_group][0]]['nova_console'] == 'novnc' }}"
mode: "http"
external: true
external_fqdn: "{{ hostvars[groups[cell_proxy_group][0]]['nova_novncproxy_fqdn'] }}"
port: "{{ hostvars[groups[cell_proxy_group][0]]['nova_novncproxy_public_port'] }}"
listen_port: "{{ hostvars[groups[cell_proxy_group][0]]['nova_novncproxy_listen_port'] }}"
backend_http_extra:
- "timeout tunnel 1h"
tags: always
- import_tasks: proxy_loadbalancer.yml
vars:
# Default is necessary because this play may not be targetting the hosts in
# the nova-spicehtml5proxy group, and therefore they would not have role
# defaults defined. If we put these variables in group_vars, then they
# cannot be overridden by the inventory.
cell_proxy_groups: >-
{{ groups['nova-spicehtml5proxy'] |
map('extract', hostvars, 'nova_cell_spicehtml5proxy_group') |
map('default', 'nova-spicehtml5proxy') |
unique |
list }}
cell_proxy_service_name: nova-spicehtml5proxy
cell_proxy_project_services:
nova-spicehtml5proxy:
group: "{{ nova_cell_spicehtml5proxy_group }}"
enabled: "{{ hostvars[groups[cell_proxy_group][0]]['nova_console'] == 'spice' }}"
haproxy:
nova_spicehtml5proxy:
enabled: "{{ hostvars[groups[cell_proxy_group][0]]['nova_console'] == 'spice' }}"
mode: "http"
external: false
port: "{{ hostvars[groups[cell_proxy_group][0]]['nova_spicehtml5proxy_port'] }}"
listen_port: "{{ hostvars[groups[cell_proxy_group][0]]['nova_spicehtml5proxy_listen_port'] }}"
backend_http_extra:
- "timeout tunnel {{ haproxy_nova_spicehtml5_proxy_tunnel_timeout }}"
nova_spicehtml5proxy_external:
enabled: "{{ hostvars[groups[cell_proxy_group][0]]['nova_console'] == 'spice' }}"
mode: "http"
external: true
external_fqdn: "{{ hostvars[groups[cell_proxy_group][0]]['nova_spicehtml5proxy_fqdn'] }}"
port: "{{ hostvars[groups[cell_proxy_group][0]]['nova_spicehtml5proxy_public_port'] }}"
listen_port: "{{ hostvars[groups[cell_proxy_group][0]]['nova_spicehtml5proxy_listen_port'] }}"
backend_http_extra:
- "timeout tunnel {{ haproxy_nova_spicehtml5_proxy_tunnel_timeout }}"
tags: always
- import_tasks: proxy_loadbalancer.yml
vars:
# Default is necessary because this play may not be targetting the hosts in
# the nova-serialproxy group, and therefore they would not have role
# defaults defined. If we put these variables in group_vars, then they
# cannot be overridden by the inventory.
cell_proxy_groups: >-
{{ groups['nova-serialproxy'] |
map('extract', hostvars, 'nova_cell_serialproxy_group') |
map('default', 'nova-serialproxy') |
unique |
list }}
cell_proxy_service_name: nova-serialproxy
cell_proxy_project_services:
nova-serialproxy:
group: "{{ nova_cell_serialproxy_group }}"
enabled: "{{ hostvars[groups[cell_proxy_group][0]]['enable_nova_serialconsole_proxy'] | bool }}"
haproxy:
nova_serialconsole_proxy:
enabled: "{{ hostvars[groups[cell_proxy_group][0]]['enable_nova_serialconsole_proxy'] | bool }}"
mode: "http"
external: false
port: "{{ hostvars[groups[cell_proxy_group][0]]['nova_serialproxy_port'] }}"
listen_port: "{{ hostvars[groups[cell_proxy_group][0]]['nova_serialproxy_listen_port'] }}"
backend_http_extra:
- "timeout tunnel {{ haproxy_nova_serialconsole_proxy_tunnel_timeout }}"
nova_serialconsole_proxy_external:
enabled: "{{ hostvars[groups[cell_proxy_group][0]]['enable_nova_serialconsole_proxy'] | bool }}"
mode: "http"
external: true
external_fqdn: "{{ hostvars[groups[cell_proxy_group][0]]['nova_serialproxy_fqdn'] }}"
port: "{{ hostvars[groups[cell_proxy_group][0]]['nova_serialproxy_public_port'] }}"
listen_port: "{{ hostvars[groups[cell_proxy_group][0]]['nova_serialproxy_listen_port'] }}"
backend_http_extra:
- "timeout tunnel {{ haproxy_nova_serialconsole_proxy_tunnel_timeout }}"
tags: always
View Git Blame Copy Permalink