diff options
| author | Andrew Butcher <abutcher@redhat.com> | 2016-05-16 11:45:32 -0400 |
|---|---|---|
| committer | Andrew Butcher <abutcher@redhat.com> | 2016-05-26 13:45:09 -0400 |
| commit | 57abf26c30e306d1527e92a61a94088e542bb006 (patch) | |
| tree | ab2f4d9f5e675e9e02ff05a22412878b5f9b9550 | |
| parent | 643b9b30066f0130f35e9ce7b1a8a7c24a244cc7 (diff) | |
| download | openshift-57abf26c30e306d1527e92a61a94088e542bb006.tar.gz openshift-57abf26c30e306d1527e92a61a94088e542bb006.tar.bz2 openshift-57abf26c30e306d1527e92a61a94088e542bb006.tar.xz openshift-57abf26c30e306d1527e92a61a94088e542bb006.zip | |
Separate master and haproxy config playbooks.
* Move haproxy configuration to a separate openshift-loadbalancer play.
* Move the haproxy role to openshift_loadbalancer.
* Add openshift_loadbalancer* facts which drive haproxy configuration.
16 files changed, 123 insertions, 82 deletions
diff --git a/filter_plugins/oo_filters.py b/filter_plugins/oo_filters.py index e7409bf22..b81c3bf7f 100644 --- a/filter_plugins/oo_filters.py +++ b/filter_plugins/oo_filters.py @@ -306,7 +306,7 @@ class FilterModule(object): return string.split(separator) @staticmethod - def oo_haproxy_backend_masters(hosts): + def oo_haproxy_backend_masters(hosts, port): """ This takes an array of dicts and returns an array of dicts to be used as a backend for the haproxy role """ @@ -314,8 +314,7 @@ class FilterModule(object): for idx, host_info in enumerate(hosts): server = dict(name="master%s" % idx) server_ip = host_info['openshift']['common']['ip'] - server_port = host_info['openshift']['master']['api_port'] - server['address'] = "%s:%s" % (server_ip, server_port) + server['address'] = "%s:%s" % (server_ip, port) server['opts'] = 'check' servers.append(server) return servers diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml index 903babc45..5fec11541 100644 --- a/playbooks/common/openshift-cluster/config.yml +++ b/playbooks/common/openshift-cluster/config.yml @@ -31,6 +31,8 @@ - include: ../openshift-nfs/config.yml +- include: ../openshift-loadbalancer/config.yml + - include: ../openshift-master/config.yml - include: additional_config.yml diff --git a/playbooks/common/openshift-loadbalancer/config.yml b/playbooks/common/openshift-loadbalancer/config.yml new file mode 100644 index 000000000..f4392173a --- /dev/null +++ b/playbooks/common/openshift-loadbalancer/config.yml @@ -0,0 +1,5 @@ +--- +- name: Configure load balancers + hosts: oo_lb_to_config + roles: + - role: openshift_loadbalancer diff --git a/playbooks/common/openshift-loadbalancer/filter_plugins b/playbooks/common/openshift-loadbalancer/filter_plugins new file mode 120000 index 000000000..99a95e4ca --- /dev/null +++ b/playbooks/common/openshift-loadbalancer/filter_plugins @@ -0,0 +1 @@ +../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/common/openshift-loadbalancer/lookup_plugins b/playbooks/common/openshift-loadbalancer/lookup_plugins new file mode 120000 index 000000000..ac79701db --- /dev/null +++ b/playbooks/common/openshift-loadbalancer/lookup_plugins @@ -0,0 +1 @@ +../../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/common/openshift-loadbalancer/roles b/playbooks/common/openshift-loadbalancer/roles new file mode 120000 index 000000000..e2b799b9d --- /dev/null +++ b/playbooks/common/openshift-loadbalancer/roles @@ -0,0 +1 @@ +../../../roles/
\ No newline at end of file diff --git a/playbooks/common/openshift-loadbalancer/service.yml b/playbooks/common/openshift-loadbalancer/service.yml new file mode 100644 index 000000000..19fffd5e9 --- /dev/null +++ b/playbooks/common/openshift-loadbalancer/service.yml @@ -0,0 +1,20 @@ +--- +- name: Populate g_service_nodes host group if needed + hosts: localhost + connection: local + become: no + gather_facts: no + tasks: + - fail: msg="new_cluster_state is required to be injected in this playbook" + when: new_cluster_state is not defined + + - name: Evaluate g_service_lb + add_host: name={{ item }} groups=g_service_lb + with_items: oo_host_group_exp | default([]) + +- name: Change state on lb instance(s) + hosts: g_service_lb + connection: ssh + gather_facts: no + tasks: + - service: name=hapoxy state="{{ new_cluster_state }}" diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index fe0e2e666..e9337270b 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -156,33 +156,6 @@ - master.etcd-ca.crt when: etcd_client_certs_missing is defined and etcd_client_certs_missing -- name: Configure load balancers - hosts: oo_lb_to_config - vars: - sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}" - haproxy_limit_nofile: 100000 - haproxy_global_maxconn: 20000 - haproxy_default_maxconn: 20000 - haproxy_frontend_port: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_port }}" - haproxy_frontends: - - name: atomic-openshift-api - mode: tcp - options: - - tcplog - binds: - - "*:{{ hostvars[groups.oo_first_master.0].openshift.master.api_port }}" - default_backend: atomic-openshift-api - haproxy_backends: - - name: atomic-openshift-api - mode: tcp - option: tcplog - balance: source - servers: "{{ hostvars | oo_select_keys(groups['oo_masters']) | oo_haproxy_backend_masters }}" - roles: - - role: openshift_facts - - role: haproxy - when: hostvars[groups.oo_first_master.0].openshift.master.ha | bool - - name: Check for cached session secrets hosts: oo_first_master roles: diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml deleted file mode 100644 index 837fa67db..000000000 --- a/roles/haproxy/tasks/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -- name: Install haproxy - action: "{{ ansible_pkg_mgr }} name=haproxy state=present" - when: not openshift.common.is_containerized | bool - -- name: Configure systemd service directory for haproxy - file: - path: /etc/systemd/system/haproxy.service.d - state: directory - when: haproxy_limit_nofile is defined - -- name: Configure the nofile limits for haproxy - ini_file: - dest: /etc/systemd/system/haproxy.service.d/limits.conf - section: Service - option: LimitNOFILE - value: "{{ haproxy_limit_nofile }}" - when: haproxy_limit_nofile is defined - notify: restart haproxy - register: nofile_limit_result - -- name: Reload systemd if needed - command: systemctl daemon-reload - when: nofile_limit_result | changed - -- name: Configure haproxy - template: - src: haproxy.cfg.j2 - dest: /etc/haproxy/haproxy.cfg - owner: root - group: root - mode: 0644 - notify: restart haproxy - -- name: Enable and start haproxy - service: - name: haproxy - state: started - enabled: yes - register: start_result - -- set_fact: - haproxy_start_result_changed: "{{ start_result | changed }}" diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index b13343776..11203de17 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -1554,6 +1554,7 @@ class OpenShiftFacts(object): 'docker', 'etcd', 'hosted', + 'loadbalancer', 'master', 'node'] @@ -1763,6 +1764,13 @@ class OpenShiftFacts(object): router=dict() ) + if 'loadbalancer' in roles: + loadbalancer = dict(frontend_port='8443', + default_maxconn='20000', + global_maxconn='20000', + limit_nofile='100000') + defaults['loadbalancer'] = loadbalancer + return defaults def guess_host_provider(self): diff --git a/roles/haproxy/README.md b/roles/openshift_loadbalancer/README.md index 5bc415066..81fc282be 100644 --- a/roles/haproxy/README.md +++ b/roles/openshift_loadbalancer/README.md @@ -1,5 +1,5 @@ -HAProxy -======= +OpenShift HAProxy Loadbalancer +============================== TODO diff --git a/roles/haproxy/defaults/main.yml b/roles/openshift_loadbalancer/defaults/main.yml index a1524cfe1..a1524cfe1 100644 --- a/roles/haproxy/defaults/main.yml +++ b/roles/openshift_loadbalancer/defaults/main.yml diff --git a/roles/haproxy/handlers/main.yml b/roles/openshift_loadbalancer/handlers/main.yml index 5b8691b26..5b8691b26 100644 --- a/roles/haproxy/handlers/main.yml +++ b/roles/openshift_loadbalancer/handlers/main.yml diff --git a/roles/haproxy/meta/main.yml b/roles/openshift_loadbalancer/meta/main.yml index 0fad106a9..fe336acf7 100644 --- a/roles/haproxy/meta/main.yml +++ b/roles/openshift_loadbalancer/meta/main.yml @@ -1,7 +1,7 @@ --- galaxy_info: author: Jason DeTiberus - description: HAProxy + description: OpenShift haproxy loadbalancer company: Red Hat, Inc. license: Apache License, Version 2.0 min_ansible_version: 1.9 @@ -10,5 +10,6 @@ galaxy_info: versions: - 7 dependencies: -- { role: os_firewall } -- { role: openshift_repos } +- role: openshift_facts +- role: os_firewall +- role: openshift_repos diff --git a/roles/openshift_loadbalancer/tasks/main.yml b/roles/openshift_loadbalancer/tasks/main.yml new file mode 100644 index 000000000..5514aa70b --- /dev/null +++ b/roles/openshift_loadbalancer/tasks/main.yml @@ -0,0 +1,73 @@ +--- +- name: Set haproxy frontend port + openshift_facts: + role: loadbalancer + local_facts: + frontend_port: "{{ openshift_master_api_port | default(None) }}" + +- name: Set loadbalancer facts + openshift_facts: + role: loadbalancer + local_facts: + limit_nofile: "{{ openshift_loadbalancer_limit_nofile | default(None) }}" + default_maxconn: "{{ openshift_loadbalancer_default_maxconn | default(None) }}" + global_maxconn: "{{ openshift_loadbalancer_global_maxconn | default(None) }}" + frontends: + - name: atomic-openshift-api + mode: tcp + options: + - tcplog + binds: + - "*:{{ openshift.loadbalancer.frontend_port }}" + default_backend: atomic-openshift-api + backends: + - name: atomic-openshift-api + mode: tcp + option: tcplog + balance: source + servers: "{{ hostvars + | oo_select_keys(groups['oo_masters']) + | oo_haproxy_backend_masters(openshift.loadbalancer.frontend_port) }}" + +- name: Install haproxy + action: "{{ ansible_pkg_mgr }} name=haproxy state=present" + when: not openshift.common.is_containerized | bool + +- name: Configure systemd service directory for haproxy + file: + path: /etc/systemd/system/haproxy.service.d + state: directory + when: "'limit_nofile' in openshift.loadbalancer" + +- name: Configure the nofile limits for haproxy + ini_file: + dest: /etc/systemd/system/haproxy.service.d/limits.conf + section: Service + option: LimitNOFILE + value: "{{ openshift.loadbalancer.limit_nofile }}" + when: "'limit_nofile' in openshift.loadbalancer" + notify: restart haproxy + register: nofile_limit_result + +- name: Reload systemd if needed + command: systemctl daemon-reload + when: nofile_limit_result | changed + +- name: Configure haproxy + template: + src: haproxy.cfg.j2 + dest: /etc/haproxy/haproxy.cfg + owner: root + group: root + mode: 0644 + notify: restart haproxy + +- name: Enable and start haproxy + service: + name: haproxy + state: started + enabled: yes + register: start_result + +- set_fact: + haproxy_start_result_changed: "{{ start_result | changed }}" diff --git a/roles/haproxy/templates/haproxy.cfg.j2 b/roles/openshift_loadbalancer/templates/haproxy.cfg.j2 index cb4380971..05e360d3b 100644 --- a/roles/haproxy/templates/haproxy.cfg.j2 +++ b/roles/openshift_loadbalancer/templates/haproxy.cfg.j2 @@ -3,7 +3,7 @@ global chroot /var/lib/haproxy pidfile /var/run/haproxy.pid - maxconn {{ haproxy_global_maxconn | default('4000') }} + maxconn {{ openshift.loadbalancer.global_maxconn }} user haproxy group haproxy daemon @@ -31,14 +31,14 @@ defaults timeout server 300s timeout http-keep-alive 10s timeout check 10s - maxconn {{ haproxy_default_maxconn | default('3000') }} + maxconn {{ openshift.loadbalancer.default_maxconn }} listen stats :9000 mode http stats enable stats uri / -{% for frontend in haproxy_frontends %} +{% for frontend in openshift.loadbalancer.frontends %} frontend {{ frontend.name }} {% for bind in frontend.binds %} bind {{ bind }} @@ -59,7 +59,7 @@ frontend {{ frontend.name }} {% endif %} {% endfor %} -{% for backend in haproxy_backends %} +{% for backend in openshift.loadbalancer.backends %} backend {{ backend.name }} balance {{ backend.balance }} {% if 'mode' in backend %} |