330 lines
12 KiB
YAML
330 lines
12 KiB
YAML
---
|
|
# Copyright 2016, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
haproxy_bind_on_non_local: "{% if groups.haproxy|length > 1 %}True{% else %}False{% endif %}"
|
|
haproxy_use_keepalived: "{% if groups.haproxy|length > 1 %}True{% else %}False{% endif %}"
|
|
keepalived_selinux_compile_rules:
|
|
- keepalived_ping
|
|
- keepalived_haproxy_pid_file
|
|
|
|
# Ensure that the package state matches the global setting
|
|
haproxy_package_state: "{{ package_state }}"
|
|
|
|
haproxy_whitelist_networks:
|
|
- 192.168.0.0/16
|
|
- 172.16.0.0/12
|
|
- 10.0.0.0/8
|
|
|
|
haproxy_galera_whitelist_networks: "{{ haproxy_whitelist_networks }}"
|
|
haproxy_glance_registry_whitelist_networks: "{{ haproxy_whitelist_networks }}"
|
|
haproxy_keystone_admin_whitelist_networks: "{{ haproxy_whitelist_networks }}"
|
|
haproxy_nova_metadata_whitelist_networks: "{{ haproxy_whitelist_networks }}"
|
|
haproxy_rabbitmq_management_whitelist_networks: "{{ haproxy_whitelist_networks }}"
|
|
haproxy_repo_git_whitelist_networks: "{{ haproxy_whitelist_networks }}"
|
|
haproxy_repo_cache_whitelist_networks: "{{ haproxy_whitelist_networks }}"
|
|
haproxy_octavia_whitelist_networks: "{{ haproxy_whitelist_networks }}"
|
|
haproxy_opendaylight_whitelist_networks: "{{ haproxy_whitelist_networks }}"
|
|
|
|
haproxy_default_services:
|
|
- service:
|
|
haproxy_service_name: galera
|
|
haproxy_backend_nodes: "{{ [groups['galera_all'][0]] | default([]) }}" # list expected
|
|
haproxy_backup_nodes: "{{ groups['galera_all'][1:] | default([]) }}"
|
|
haproxy_bind: "{{ [internal_lb_vip_address] }}"
|
|
haproxy_port: 3306
|
|
haproxy_balance_type: tcp
|
|
haproxy_timeout_client: 5000s
|
|
haproxy_timeout_server: 5000s
|
|
haproxy_backend_options:
|
|
- "mysql-check user {{ galera_monitoring_user }}"
|
|
haproxy_whitelist_networks: "{{ haproxy_galera_whitelist_networks }}"
|
|
- service:
|
|
haproxy_service_name: repo_git
|
|
haproxy_backend_nodes: "{{ groups['repo_all'] | default([]) }}"
|
|
haproxy_bind: "{{ [internal_lb_vip_address] }}"
|
|
haproxy_port: 9418
|
|
haproxy_balance_type: tcp
|
|
haproxy_backend_options:
|
|
- tcp-check
|
|
haproxy_whitelist_networks: "{{ haproxy_repo_git_whitelist_networks }}"
|
|
- service:
|
|
haproxy_service_name: repo_all
|
|
haproxy_backend_nodes: "{{ groups['repo_all'] | default([]) }}"
|
|
haproxy_bind: "{{ [internal_lb_vip_address] }}"
|
|
haproxy_port: 8181
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk HEAD /"
|
|
- service:
|
|
haproxy_service_name: repo_cache
|
|
haproxy_backend_nodes: "{{ [groups['repo_all'][0]] | default([]) }}" # list expected
|
|
haproxy_backup_nodes: "{{ groups['repo_all'][1:] | default([]) }}"
|
|
haproxy_bind: "{{ [internal_lb_vip_address] }}"
|
|
haproxy_port: "{{ repo_pkg_cache_port }}"
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk HEAD /acng-report.html"
|
|
haproxy_whitelist_networks: "{{ haproxy_repo_cache_whitelist_networks }}"
|
|
- service:
|
|
haproxy_service_name: glance_api
|
|
haproxy_backend_nodes: "{{ groups['glance_api'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_port: 9292
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk /healthcheck"
|
|
- service:
|
|
haproxy_service_name: glance_registry
|
|
haproxy_backend_nodes: "{{ groups['glance_registry'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_port: 9191
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk /healthcheck"
|
|
haproxy_whitelist_networks: "{{ haproxy_glance_registry_whitelist_networks }}"
|
|
- service:
|
|
haproxy_service_name: gnocchi
|
|
haproxy_backend_nodes: "{{ groups['gnocchi_all'] | default([]) }}"
|
|
haproxy_port: 8041
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk /healthcheck"
|
|
- service:
|
|
haproxy_service_name: heat_api_cfn
|
|
haproxy_backend_nodes: "{{ groups['heat_api_cfn'] | default([]) }}"
|
|
haproxy_port: 8000
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk HEAD /"
|
|
- service:
|
|
haproxy_service_name: heat_api_cloudwatch
|
|
haproxy_backend_nodes: "{{ groups['heat_api_cloudwatch'] | default([]) }}"
|
|
haproxy_port: 8003
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk HEAD /"
|
|
- service:
|
|
haproxy_service_name: heat_api
|
|
haproxy_backend_nodes: "{{ groups['heat_api'] | default([]) }}"
|
|
haproxy_port: 8004
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk HEAD /"
|
|
- service:
|
|
haproxy_service_name: keystone_service
|
|
haproxy_backend_nodes: "{{ groups['keystone_all'] | default([]) }}"
|
|
haproxy_port: 5000
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_balance_type: "http"
|
|
haproxy_backend_options:
|
|
- "httpchk HEAD /"
|
|
- service:
|
|
haproxy_service_name: keystone_admin
|
|
haproxy_backend_nodes: "{{ groups['keystone_all'] | default([]) }}"
|
|
haproxy_port: 35357
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_balance_type: "http"
|
|
haproxy_backend_options:
|
|
- "httpchk HEAD /"
|
|
haproxy_whitelist_networks: "{{ haproxy_keystone_admin_whitelist_networks }}"
|
|
- service:
|
|
haproxy_service_name: neutron_server
|
|
haproxy_backend_nodes: "{{ groups['neutron_server'] | default([]) }}"
|
|
haproxy_port: 9696
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk GET /"
|
|
- service:
|
|
haproxy_service_name: nova_api_metadata
|
|
haproxy_backend_nodes: "{{ groups['nova_api_metadata'] | default([]) }}"
|
|
haproxy_port: 8775
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk HEAD /"
|
|
haproxy_whitelist_networks: "{{ haproxy_nova_metadata_whitelist_networks }}"
|
|
- service:
|
|
haproxy_service_name: nova_api_os_compute
|
|
haproxy_backend_nodes: "{{ groups['nova_api_os_compute'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_port: 8774
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk HEAD /"
|
|
- service:
|
|
haproxy_service_name: nova_api_placement
|
|
haproxy_backend_nodes: "{{ groups['nova_api_placement'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_port: 8780
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk HEAD /"
|
|
haproxy_backend_httpcheck_options:
|
|
- "expect status 401"
|
|
- service:
|
|
haproxy_service_name: nova_console
|
|
haproxy_backend_nodes: "{{ groups['nova_console'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_port: "{{ hostvars[groups['nova_console'][0]]['nova_console_port'] }}"
|
|
haproxy_balance_type: http
|
|
haproxy_timeout_client: 60m
|
|
haproxy_timeout_server: 60m
|
|
haproxy_balance_alg: source
|
|
haproxy_backend_options:
|
|
- "httpchk HEAD /"
|
|
haproxy_backend_httpcheck_options:
|
|
- "expect status 404"
|
|
- service:
|
|
haproxy_service_name: cinder_api
|
|
haproxy_backend_nodes: "{{ groups['cinder_api'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_port: 8776
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk HEAD /"
|
|
- service:
|
|
haproxy_service_name: horizon
|
|
haproxy_backend_nodes: "{{ groups['horizon_all'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_ssl_all_vips: true
|
|
haproxy_port: "{{ haproxy_ssl | ternary(443,80) }}"
|
|
haproxy_backend_port: 80
|
|
haproxy_redirect_http_port: 80
|
|
haproxy_balance_type: http
|
|
haproxy_balance_alg: source
|
|
haproxy_backend_options:
|
|
- "httpchk HEAD /"
|
|
- service:
|
|
haproxy_service_name: sahara_api
|
|
haproxy_backend_nodes: "{{ groups['sahara_api'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_balance_alg: source
|
|
haproxy_port: 8386
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk /healthcheck"
|
|
- service:
|
|
haproxy_service_name: swift_proxy
|
|
haproxy_backend_nodes: "{{ groups['swift_proxy'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_balance_alg: source
|
|
haproxy_port: 8080
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk /healthcheck"
|
|
- service:
|
|
haproxy_service_name: aodh_api
|
|
haproxy_backend_nodes: "{{ groups['aodh_api'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_port: 8042
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk HEAD /"
|
|
- service:
|
|
haproxy_service_name: ironic_api
|
|
haproxy_backend_nodes: "{{ groups['ironic_api'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_port: 6385
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk GET /"
|
|
- service:
|
|
haproxy_service_name: rabbitmq_mgmt
|
|
haproxy_backend_nodes: "{{ groups['rabbitmq'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_port: 15672
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk HEAD /"
|
|
haproxy_whitelist_networks: "{{ haproxy_rabbitmq_management_whitelist_networks }}"
|
|
- service:
|
|
haproxy_service_name: magnum
|
|
haproxy_backend_nodes: "{{ groups['magnum_all'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_port: 9511
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk GET /"
|
|
- service:
|
|
haproxy_service_name: trove
|
|
haproxy_backend_nodes: "{{ groups['trove_api'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_port: 8779
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk HEAD /"
|
|
- service:
|
|
haproxy_service_name: barbican
|
|
haproxy_backend_nodes: "{{ groups['barbican_api'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_port: 9311
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk GET /"
|
|
- service:
|
|
haproxy_service_name: designate_api
|
|
haproxy_backend_nodes: "{{ groups['designate_api'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_port: 9001
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "forwardfor"
|
|
- "httpchk /versions"
|
|
- "httplog"
|
|
- service:
|
|
haproxy_service_name: octavia
|
|
haproxy_backend_nodes: "{{ groups['octavia_all'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_port: 9876
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk GET /"
|
|
haproxy_whitelist_networks: "{{ haproxy_octavia_whitelist_networks }}"
|
|
- service:
|
|
haproxy_service_name: tacker
|
|
haproxy_backend_nodes: "{{ groups['tacker_all'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_port: 9890
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "forwardfor"
|
|
- "httpchk"
|
|
- "httplog"
|
|
- service:
|
|
haproxy_service_name: opendaylight
|
|
haproxy_backend_nodes: "{{ groups['neutron_server'] | default([]) }}"
|
|
haproxy_bind: "{{ [internal_lb_vip_address] }}"
|
|
haproxy_port: 8181
|
|
haproxy_balance_type: tcp
|
|
haproxy_timeout_client: 5000s
|
|
haproxy_timeout_server: 5000s
|
|
haproxy_whitelist_networks: "{{ haproxy_opendaylight_whitelist_networks }}"
|
|
haproxy_service_enabled: "{{ neutron_plugin_type == 'ml2.opendaylight' }}"
|
|
- service:
|
|
haproxy_service_name: opendaylight-neutron
|
|
haproxy_backend_nodes: "{{ groups['neutron_server'] | default([]) }}"
|
|
haproxy_bind: "{{ [internal_lb_vip_address] }}"
|
|
haproxy_port: 8080
|
|
haproxy_balance_type: tcp
|
|
haproxy_timeout_client: 5000s
|
|
haproxy_timeout_server: 5000s
|
|
haproxy_whitelist_networks: "{{ haproxy_opendaylight_whitelist_networks }}"
|
|
haproxy_service_enabled: "{{ neutron_plugin_type == 'ml2.opendaylight' }}"
|