Puppet Class: profile::openstack::eqiad1::haproxy

Defined in:
modules/profile/manifests/openstack/eqiad1/haproxy.pp

Overview

Parameters:

  • acme_chief_cert_name (Optional[String]) (defaults to: lookup('profile::openstack::eqiad1::haproxy::acme_chief_cert_name', {default_value => undef}))
  • openstack_controllers (Array[Stdlib::Fqdn]) (defaults to: lookup('profile::openstack::eqiad1::openstack_controllers'))
  • designate_hosts (Array[Stdlib::Fqdn]) (defaults to: lookup('profile::openstack::eqiad1::designate_hosts'))
  • glance_api_bind_port (Stdlib::Port) (defaults to: lookup('profile::openstack::eqiad1::glance::api_bind_port'))
  • placement_api_bind_port (Stdlib::Port) (defaults to: lookup('profile::openstack::eqiad1::placement::api_bind_port'))
  • cinder_api_bind_port (Stdlib::Port) (defaults to: lookup('profile::openstack::eqiad1::cinder::api_bind_port'))
  • trove_api_bind_port (Stdlib::Port) (defaults to: lookup('profile::openstack::base::trove::api_bind_port'))
  • heat_bind_port (Stdlib::Port) (defaults to: lookup('profile::openstack::eqiad1::heat::api_bind_port'))
  • magnum_bind_port (Stdlib::Port) (defaults to: lookup('profile::openstack::eqiad1::magnum::api_bind_port'))
  • cloudformation_bind_port (Stdlib::Port) (defaults to: lookup('profile::openstack::eqiad1::heat::cfn_api_bind_port'))
  • keystone_admin_bind_port (Stdlib::Port) (defaults to: lookup('profile::openstack::eqiad1::keystone::admin_bind_port'))
  • keystone_public_bind_port (Stdlib::Port) (defaults to: lookup('profile::openstack::eqiad1::keystone::public_bind_port'))
  • neutron_bind_port (Stdlib::Port) (defaults to: lookup('profile::openstack::eqiad1::neutron::bind_port'))
  • nova_metadata_listen_port (Stdlib::Port) (defaults to: lookup('profile::openstack::eqiad1::nova::metadata_listen_port'))
  • galera_listen_port (Stdlib::Port) (defaults to: lookup('profile::openstack::eqiad1::galera::listen_port'))
  • galera_primary_host (Stdlib::Fqdn) (defaults to: lookup('profile::openstack::eqiad1::galera::primary_host'))
  • nova_osapi_compute_listen_port (Stdlib::Port) (defaults to: lookup('profile::openstack::eqiad1::nova::osapi_compute_listen_port'))
  • public_apis (Boolean) (defaults to: lookup('profile::openstack::eqiad1::public_apis'))


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
# File 'modules/profile/manifests/openstack/eqiad1/haproxy.pp', line 1

class profile::openstack::eqiad1::haproxy(
    Optional[String] $acme_chief_cert_name = lookup('profile::openstack::eqiad1::haproxy::acme_chief_cert_name', {default_value => undef}),
    Array[Stdlib::Fqdn] $openstack_controllers = lookup('profile::openstack::eqiad1::openstack_controllers'),
    Array[Stdlib::Fqdn] $designate_hosts = lookup('profile::openstack::eqiad1::designate_hosts'),
    Stdlib::Port $glance_api_bind_port = lookup('profile::openstack::eqiad1::glance::api_bind_port'),
    Stdlib::Port $placement_api_bind_port = lookup('profile::openstack::eqiad1::placement::api_bind_port'),
    Stdlib::Port $cinder_api_bind_port = lookup('profile::openstack::eqiad1::cinder::api_bind_port'),
    Stdlib::Port $trove_api_bind_port = lookup('profile::openstack::base::trove::api_bind_port'),
    Stdlib::Port $heat_bind_port = lookup('profile::openstack::eqiad1::heat::api_bind_port'),
    Stdlib::Port $magnum_bind_port = lookup('profile::openstack::eqiad1::magnum::api_bind_port'),
    Stdlib::Port $cloudformation_bind_port = lookup('profile::openstack::eqiad1::heat::cfn_api_bind_port'),
    Stdlib::Port $keystone_admin_bind_port = lookup('profile::openstack::eqiad1::keystone::admin_bind_port'),
    Stdlib::Port $keystone_public_bind_port = lookup('profile::openstack::eqiad1::keystone::public_bind_port'),
    Stdlib::Port $neutron_bind_port = lookup('profile::openstack::eqiad1::neutron::bind_port'),
    Stdlib::Port $nova_metadata_listen_port = lookup('profile::openstack::eqiad1::nova::metadata_listen_port'),
    Stdlib::Port $galera_listen_port = lookup('profile::openstack::eqiad1::galera::listen_port'),
    Stdlib::Fqdn $galera_primary_host = lookup('profile::openstack::eqiad1::galera::primary_host'),
    Stdlib::Port $nova_osapi_compute_listen_port = lookup('profile::openstack::eqiad1::nova::osapi_compute_listen_port'),
    Boolean      $public_apis                    = lookup('profile::openstack::eqiad1::public_apis')
) {
    if $public_apis {
        $firewall = 'public'
    } else {
        $firewall = 'internal'
    }

    if $acme_chief_cert_name != undef {
        acme_chief::cert { $acme_chief_cert_name:
            puppet_svc => 'haproxy',
        }
    }

    include profile::openstack::base::haproxy

    openstack::haproxy::site { 'designate':
        servers            => $designate_hosts,
        healthcheck_method => 'HEAD',
        healthcheck_path   => '/',
        port_backend       => 9001,
        frontends          => [
            {
                port                 => 29001,
                acme_chief_cert_name => $acme_chief_cert_name,
            },
        ],
        firewall           => $firewall,
    }

    openstack::haproxy::site { 'keystone_admin':
        servers            => $openstack_controllers,
        healthcheck_method => 'GET',
        healthcheck_path   => '/',
        port_backend       => $keystone_admin_bind_port,
        frontends          => [
            {
                port                 => 25357,
                acme_chief_cert_name => $acme_chief_cert_name,
            },
        ],
    }

    openstack::haproxy::site { 'keystone_public':
        servers            => $openstack_controllers,
        healthcheck_method => 'GET',
        healthcheck_path   => '/',
        port_backend       => $keystone_public_bind_port,
        frontends          => [
            {
                port => 5000,
            },
            {
                port                 => 25000,
                acme_chief_cert_name => $acme_chief_cert_name,
            },
        ],
        firewall           => $firewall,
    }

    openstack::haproxy::site { 'glance_api':
        servers            => $openstack_controllers,
        healthcheck_method => 'GET',
        healthcheck_path   => '/',
        port_backend       => $glance_api_bind_port,
        frontends          => [
            {
                port                 => 29292,
                acme_chief_cert_name => $acme_chief_cert_name,
            },
        ],
        firewall           => $firewall,
    }

    openstack::haproxy::site { 'cinder_api':
        servers            => $openstack_controllers,
        healthcheck_method => 'GET',
        healthcheck_path   => '/',
        port_backend       => $cinder_api_bind_port,
        frontends          => [
            {
                port                 => 28776,
                acme_chief_cert_name => $acme_chief_cert_name,
            },
        ],
        firewall           => $firewall,
    }

    openstack::haproxy::site { 'trove_api':
        servers            => $openstack_controllers,
        healthcheck_method => 'GET',
        healthcheck_path   => '/',
        port_backend       => $trove_api_bind_port,
        frontends          => [
            {
                port                 => 28779,
                acme_chief_cert_name => $acme_chief_cert_name,
            },
        ],
        firewall           => $firewall,
    }

    openstack::haproxy::site { 'heat':
        servers            => $openstack_controllers,
        healthcheck_method => 'GET',
        healthcheck_path   => '/',
        port_backend       => $heat_bind_port,
        frontends          => [
            {
                port                 => 28004,
                acme_chief_cert_name => $acme_chief_cert_name,
            },
        ],
    }

    openstack::haproxy::site { 'magnum':
        servers            => $openstack_controllers,
        healthcheck_method => 'GET',
        healthcheck_path   => '/',
        port_backend       => $magnum_bind_port,
        frontends          => [
            {
                port                 => 29511,
                acme_chief_cert_name => $acme_chief_cert_name,
            },
        ],
    }

    openstack::haproxy::site { 'neutron':
        servers            => $openstack_controllers,
        healthcheck_method => 'GET',
        healthcheck_path   => '/',
        port_backend       => $neutron_bind_port,
        frontends          => [
            {
                port                 => 29696,
                acme_chief_cert_name => $acme_chief_cert_name,
            },
        ],
        firewall           => $firewall,
    }

    openstack::haproxy::site { 'nova_api':
        servers            => $openstack_controllers,
        healthcheck_method => 'HEAD',
        healthcheck_path   => '/',
        port_backend       => $nova_osapi_compute_listen_port,
        frontends          => [
            {
                port                 => 28774,
                acme_chief_cert_name => $acme_chief_cert_name,
            },
        ],
        firewall           => $firewall,
    }

    openstack::haproxy::site { 'placement_api':
        servers            => $openstack_controllers,
        healthcheck_method => 'GET',
        healthcheck_path   => '/',
        port_backend       => $placement_api_bind_port,
        frontends          => [
            {
                port                 => 28778,
                acme_chief_cert_name => $acme_chief_cert_name,
            },
        ],
    }

    openstack::haproxy::site { 'nova_metadata':
        servers            => $openstack_controllers,
        healthcheck_method => 'GET',
        healthcheck_path   => '/healthcheck',
        port_backend       => $nova_metadata_listen_port,
        frontends          => [
            {
                port => 8775,
            },
        ],
    }

    openstack::haproxy::site { 'mysql':
        servers             => $openstack_controllers,
        port_backend        => $galera_listen_port,
        primary_host        => $galera_primary_host,
        healthcheck_options => [
            'option httpchk',
            'http-check connect',
            'http-check send meth GET uri /',
            'http-check expect status 200',
        ],
        type                => 'tcp',
        frontends           => [
            {
                port => 3306,
            },
        ],
    }
}