Fix HAProxy Configuration

Making our HAProxy settings more consistent and adding in LB Options for http/ssl checks. This makes HAProxy line up more closely with our previous HAProxy automated setup. Fixes #50
2014-09-02 17:06:51 +01:00 · 2014-09-02 17:06:51 +01:00 · 967e729b00
commit 967e729b00
parent 8f7be6fe0c
2 changed files with 57 additions and 3 deletions
--- a/rpc_deployment/roles/haproxy_service/templates/service
+++ b/rpc_deployment/roles/haproxy_service/templates/service
@ -16,7 +16,7 @@ bind {{ item.service.hap_bind|default('*') }}:{{ item.service.hap_port }}
 {% endif %}

 {% if item.service.hap_whitelist_hosts is defined and item.service.hap_whitelist_hosts == true %}
-    acl white_list src 127.0.0.1/8 {{ container_cidr }} {% for host_name in groups['hosts'] %} {{ hostvars[host_name]['ansible_ssh_host'] }} {% endfor %}
+    acl white_list src 127.0.0.1/8 10.0.3.0/24 {{ container_cidr }} {% for host_name in groups['hosts'] %} {{ hostvars[host_name]['ansible_ssh_host'] }} {% endfor %}

    {{ request_option }}-request content accept if white_list
    {{ request_option }}-request content reject
--- a/rpc_deployment/vars/config_vars/haproxy_config.yml
+++ b/rpc_deployment/vars/config_vars/haproxy_config.yml
@ -26,6 +26,10 @@ haproxy_config:
      hap_backend_nodes: "{{ groups['glance_api'] }}"
      hap_port: 9292
      hap_balance_type: http
+      hap_backend_options:
+        - "forwardfor"
+        - "httpchk"
+        - "httplog"
  - service:
      hap_service_name: glance_registry
      hap_backend_nodes: "{{ groups['glance_registry'] }}"
@ -36,31 +40,55 @@ haproxy_config:
      hap_backend_nodes: "{{ groups['heat_api_cfn'] }}"
      hap_port: 8000
      hap_balance_type: http
+      hap_backend_options:
+       - "forwardfor"
+       - "httpchk"
+       - "httplog"
  - service:
      hap_service_name: heat_api_cloudwatch
      hap_backend_nodes: "{{ groups['heat_api_cloudwatch'] }}"
      hap_port: 8003
      hap_balance_type: http
+      hap_backend_options:
+       - "forwardfor"
+       - "httpchk"
+       - "httplog"
  - service:
      hap_service_name: heat_api
      hap_backend_nodes: "{{ groups['heat_api'] }}"
      hap_port: 8004
      hap_balance_type: http
+      hap_backend_options:
+       - "forwardfor"
+       - "httpchk"
+       - "httplog"
  - service:
      hap_service_name: keystone_admin
      hap_backend_nodes: "{{ groups['keystone'] }}"
      hap_port: 35357
      hap_balance_type: http
+      hap_backend_options:
+       - "forwardfor"
+       - "httpchk"
+       - "httplog"
  - service:
      hap_service_name: keystone_service
      hap_backend_nodes: "{{ groups['keystone'] }}"
      hap_port: 5000
      hap_balance_type: http
+      hap_backend_options:
+       - "forwardfor"
+       - "httpchk"
+       - "httplog"
  - service:
      hap_service_name: neutron_server
      hap_backend_nodes: "{{ groups['neutron_server'] }}"
      hap_port: 9696
      hap_balance_type: http
+      hap_backend_options:
+       - "forwardfor"
+       - "httpchk"
+       - "httplog"
  - service:
      hap_service_name: nova_api_ec2
      hap_backend_nodes: "{{ groups['nova_api_ec2'] }}"
@ -71,33 +99,52 @@ haproxy_config:
      hap_backend_nodes: "{{ groups['nova_api_metadata'] }}"
      hap_port: 8775
      hap_balance_type: http
+      hap_backend_options:
+       - "httpchk"
+       - "httplog"
  - service:
      hap_service_name: nova_api_os_compute
      hap_backend_nodes: "{{ groups['nova_api_os_compute'] }}"
      hap_port: 8774
      hap_balance_type: http
+      hap_backend_options:
+       - "forwardfor"
+       - "httpchk"
+       - "httplog"
  - service:
      hap_service_name: nova_spice_console
      hap_backend_nodes: "{{ groups['nova_spice_console'] }}"
      hap_port: 6082
-      hap_balance_type: http
+      hap_balance_type: tcp
      hap_timeout_client: 60m
      hap_timeout_server: 60m
+      hap_balance_alg: source
  - service:
      hap_service_name: cinder_api
      hap_backend_nodes: "{{ groups['cinder_api'] }}"
      hap_port: 8776
      hap_balance_type: http
+      hap_backend_options:
+       - "forwardfor"
+       - "httpchk"
+       - "httplog"
  - service:
      hap_service_name: horizon
      hap_backend_nodes: "{{ groups['horizon'] }}"
      hap_port: 80
      hap_balance_type: http
+      hap_backend_options:
+       - "forwardfor"
+       - "httpchk"
+       - "httplog"
  - service:
      hap_service_name: horizon_ssl
      hap_backend_nodes: "{{ groups['horizon'] }}"
      hap_port: 443
      hap_balance_type: tcp
+      hap_backend_alg: source
+      hap_backend_options:
+       - "ssl-hello-chk"
  - service:
      hap_service_name: memcached
      hap_backend_nodes: "{{ [groups['memcached'][0]] }}"  # list expected
@ -116,9 +163,16 @@ haproxy_config:
      hap_port: 8080
      hap_backend_port: 80
      hap_balance_type: http
+      hap_backend_alg: source
+      hap_backend_options:
+        - "forwardfor"
+        - "httpchk"
+        - "httplog"
  - service:
      hap_service_name: kibana_ssl
      hap_backend_nodes: "{{ [groups['kibana'][0]] }}"
      hap_port: 8443
      hap_balance_type: tcp
-
+      hap_backend_alg: source
+      hap_backend_options:
+        - "ssl-hello-chk"