1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
|
# File 'modules/profile/manifests/openstack/eqiad1/haproxy.pp', line 1
class profile::openstack::eqiad1::haproxy(
Optional[String] $acme_chief_cert_name = lookup('profile::openstack::eqiad1::haproxy::acme_chief_cert_name', {default_value => undef}),
Array[Stdlib::Fqdn] $openstack_controllers = lookup('profile::openstack::eqiad1::openstack_controllers'),
Array[Stdlib::Fqdn] $designate_hosts = lookup('profile::openstack::eqiad1::designate_hosts'),
Stdlib::Port $glance_api_bind_port = lookup('profile::openstack::eqiad1::glance::api_bind_port'),
Stdlib::Port $placement_api_bind_port = lookup('profile::openstack::eqiad1::placement::api_bind_port'),
Stdlib::Port $cinder_api_bind_port = lookup('profile::openstack::eqiad1::cinder::api_bind_port'),
Stdlib::Port $trove_api_bind_port = lookup('profile::openstack::base::trove::api_bind_port'),
Stdlib::Port $keystone_admin_bind_port = lookup('profile::openstack::eqiad1::keystone::admin_bind_port'),
Stdlib::Port $keystone_public_bind_port = lookup('profile::openstack::eqiad1::keystone::public_bind_port'),
Stdlib::Port $neutron_bind_port = lookup('profile::openstack::eqiad1::neutron::bind_port'),
Stdlib::Port $nova_metadata_listen_port = lookup('profile::openstack::eqiad1::nova::metadata_listen_port'),
Stdlib::Port $galera_listen_port = lookup('profile::openstack::eqiad1::galera::listen_port'),
Stdlib::Fqdn $galera_primary_host = lookup('profile::openstack::eqiad1::galera::primary_host'),
Stdlib::Port $nova_osapi_compute_listen_port = lookup('profile::openstack::eqiad1::nova::osapi_compute_listen_port'),
) {
if $acme_chief_cert_name != undef {
acme_chief::cert { $acme_chief_cert_name:
puppet_svc => 'haproxy',
}
}
include profile::openstack::base::haproxy
openstack::haproxy::site { 'designate':
servers => $designate_hosts,
healthcheck_method => 'HEAD',
healthcheck_path => '/',
port_backend => 9001,
frontends => [
{
port => 9001,
},
{
port => 29001,
acme_chief_cert_name => $acme_chief_cert_name,
},
],
}
openstack::haproxy::site { 'keystone_admin':
servers => $openstack_controllers,
healthcheck_method => 'GET',
healthcheck_path => '/',
port_backend => $keystone_admin_bind_port,
frontends => [
{
port => 35357,
},
{
port => 25357,
acme_chief_cert_name => $acme_chief_cert_name,
},
],
}
openstack::haproxy::site { 'keystone_public':
servers => $openstack_controllers,
healthcheck_method => 'GET',
healthcheck_path => '/',
port_backend => $keystone_public_bind_port,
frontends => [
{
port => 5000,
},
{
port => 25000,
acme_chief_cert_name => $acme_chief_cert_name,
},
],
}
openstack::haproxy::site { 'glance_api':
servers => $openstack_controllers,
healthcheck_method => 'GET',
healthcheck_path => '/',
port_backend => $glance_api_bind_port,
frontends => [
{
port => 9292,
},
{
port => 29292,
acme_chief_cert_name => $acme_chief_cert_name,
},
],
}
openstack::haproxy::site { 'cinder_api':
servers => $openstack_controllers,
healthcheck_method => 'GET',
healthcheck_path => '/',
port_backend => $cinder_api_bind_port,
frontends => [
{
port => 8776,
},
{
port => 28776,
acme_chief_cert_name => $acme_chief_cert_name,
},
],
}
openstack::haproxy::site { 'trove_api':
servers => $openstack_controllers,
healthcheck_method => 'GET',
healthcheck_path => '/',
port_backend => $trove_api_bind_port,
frontends => [
{
port => 8779,
},
{
port => 28779,
acme_chief_cert_name => $acme_chief_cert_name,
},
],
}
openstack::haproxy::site { 'neutron':
servers => $openstack_controllers,
healthcheck_method => 'GET',
healthcheck_path => '/',
port_backend => $neutron_bind_port,
frontends => [
{
port => 9696,
},
{
port => 29696,
acme_chief_cert_name => $acme_chief_cert_name,
},
],
}
openstack::haproxy::site { 'nova_api':
servers => $openstack_controllers,
healthcheck_method => 'HEAD',
healthcheck_path => '/',
port_backend => $nova_osapi_compute_listen_port,
frontends => [
{
port => 8774,
},
{
port => 28774,
acme_chief_cert_name => $acme_chief_cert_name,
},
],
}
openstack::haproxy::site { 'placement_api':
servers => $openstack_controllers,
healthcheck_method => 'GET',
healthcheck_path => '/',
port_backend => $placement_api_bind_port,
frontends => [
{
port => 8778,
},
{
port => 28778,
acme_chief_cert_name => $acme_chief_cert_name,
},
],
}
openstack::haproxy::site { 'nova_metadata':
servers => $openstack_controllers,
healthcheck_method => 'HEAD',
healthcheck_path => '/',
port_backend => $nova_metadata_listen_port,
frontends => [
{
port => 8775,
},
],
}
openstack::haproxy::site { 'mysql':
servers => $openstack_controllers,
port_backend => $galera_listen_port,
primary_host => $galera_primary_host,
healthcheck_options => [
'option httpchk',
'http-check connect',
'http-check send meth GET uri /',
'http-check expect status 200',
],
type => 'tcp',
frontends => [
{
port => 3306,
},
],
}
}
|