diff options
Diffstat (limited to 'roles/openshift_loadbalancer')
-rw-r--r-- | roles/openshift_loadbalancer/README.md | 53 | ||||
-rw-r--r-- | roles/openshift_loadbalancer/handlers/main.yml | 2 | ||||
-rw-r--r-- | roles/openshift_loadbalancer/meta/main.yml | 11 | ||||
-rw-r--r-- | roles/openshift_loadbalancer/tasks/main.yml | 28 | ||||
-rw-r--r-- | roles/openshift_loadbalancer/templates/haproxy.cfg.j2 | 8 |
5 files changed, 78 insertions, 24 deletions
diff --git a/roles/openshift_loadbalancer/README.md b/roles/openshift_loadbalancer/README.md index 81fc282be..bea4c509b 100644 --- a/roles/openshift_loadbalancer/README.md +++ b/roles/openshift_loadbalancer/README.md @@ -1,27 +1,70 @@ OpenShift HAProxy Loadbalancer ============================== -TODO +OpenShift HaProxy Loadbalancer Configuration Requirements ------------ -TODO +* Ansible 2.2 + +This role is intended to be applied to the [lb] host group which is +separate from OpenShift infrastructure components. + +This role is not re-entrant. All haproxy configuration lives in a single file. Role Variables -------------- -TODO +From this role: + +| Name | Default value | | +|----------------------------------------|---------------|-------------------------------------------------------| +| openshift_loadbalancer_limit_nofile | 100000 | Limit number of open files. | +| openshift_loadbalancer_global_maxconn | 20000 | Maximum per-process number of concurrent connections. | +| openshift_loadbalancer_default_maxconn | 20000 | Maximum per-process number of concurrent connections. | +| openshift_loadbalancer_frontends | none | List of frontends. See example below. | +| openshift_loadbalancer_backends | none | List of backends. See example below. | Dependencies ------------ -TODO +* openshift_facts +* os_firewall +* openshift_repos Example Playbook ---------------- -TODO +``` +- name: Configure loadbalancer hosts + hosts: lb + roles: + - role: openshift_loadbalancer + openshift_loadbalancer_frontends: + - name: atomic-openshift-api + mode: tcp + options: + - tcplog + binds: + - "*:8443" + default_backend: atomic-openshift-api + openshift_loadbalancer_backends: + - name: atomic-openshift-api + mode: tcp + option: tcplog + balance: source + servers: + - name: master1 + address: "192.168.122.221:8443" + opts: check + - name: master2 + address: "192.168.122.222:8443" + opts: check + - name: master3 + address: "192.168.122.223:8443" + opts: check +``` License ------- diff --git a/roles/openshift_loadbalancer/handlers/main.yml b/roles/openshift_loadbalancer/handlers/main.yml index 5b8691b26..3bf052460 100644 --- a/roles/openshift_loadbalancer/handlers/main.yml +++ b/roles/openshift_loadbalancer/handlers/main.yml @@ -1,6 +1,6 @@ --- - name: restart haproxy - service: + systemd: name: haproxy state: restarted when: not (haproxy_start_result_changed | default(false) | bool) diff --git a/roles/openshift_loadbalancer/meta/main.yml b/roles/openshift_loadbalancer/meta/main.yml index ed846a1ba..0dffb545f 100644 --- a/roles/openshift_loadbalancer/meta/main.yml +++ b/roles/openshift_loadbalancer/meta/main.yml @@ -4,17 +4,22 @@ galaxy_info: description: OpenShift haproxy loadbalancer company: Red Hat, Inc. license: Apache License, Version 2.0 - min_ansible_version: 1.9 + min_ansible_version: 2.2 platforms: - name: EL versions: - 7 dependencies: -- role: openshift_loadbalancer_facts +- role: openshift_facts - role: os_firewall os_firewall_allow: - service: haproxy stats port: "9000/tcp" - service: haproxy balance - port: "{{ openshift.loadbalancer.frontend_port }}/tcp" + port: "{{ openshift_master_api_port | default(8443) }}/tcp" +- role: os_firewall + os_firewall_allow: + - service: nuage mon + port: "{{ nuage_mon_rest_server_port | default(9443) }}/tcp" + when: openshift_use_nuage | default(false) | bool - role: openshift_repos diff --git a/roles/openshift_loadbalancer/tasks/main.yml b/roles/openshift_loadbalancer/tasks/main.yml index 03a7c0e4a..400f80715 100644 --- a/roles/openshift_loadbalancer/tasks/main.yml +++ b/roles/openshift_loadbalancer/tasks/main.yml @@ -1,27 +1,32 @@ --- +- fail: msg="Cannot use containerized=true for load balancer hosts." + when: openshift.common.is_containerized | bool + - name: Install haproxy - action: "{{ ansible_pkg_mgr }} name=haproxy state=present" - when: not openshift.common.is_containerized | bool + package: name=haproxy state=present - name: Configure systemd service directory for haproxy file: path: /etc/systemd/system/haproxy.service.d state: directory - when: "'limit_nofile' in openshift.loadbalancer" + +# Work around ini_file create option in 2.2 which defaults to no +- name: Create limits.conf file + file: + dest: /etc/systemd/system/haproxy.service.d/limits.conf + state: touch + mode: 0660 + owner: root + group: root + changed_when: false - name: Configure the nofile limits for haproxy ini_file: dest: /etc/systemd/system/haproxy.service.d/limits.conf section: Service option: LimitNOFILE - value: "{{ openshift.loadbalancer.limit_nofile }}" - when: "'limit_nofile' in openshift.loadbalancer" + value: "{{ openshift_loadbalancer_limit_nofile | default(100000) }}" notify: restart haproxy - register: nofile_limit_result - -- name: Reload systemd if needed - command: systemctl daemon-reload - when: nofile_limit_result | changed - name: Configure haproxy template: @@ -33,10 +38,11 @@ notify: restart haproxy - name: Enable and start haproxy - service: + systemd: name: haproxy state: started enabled: yes + daemon_reload: yes register: start_result - set_fact: diff --git a/roles/openshift_loadbalancer/templates/haproxy.cfg.j2 b/roles/openshift_loadbalancer/templates/haproxy.cfg.j2 index b9a279f5f..79e695001 100644 --- a/roles/openshift_loadbalancer/templates/haproxy.cfg.j2 +++ b/roles/openshift_loadbalancer/templates/haproxy.cfg.j2 @@ -3,7 +3,7 @@ global chroot /var/lib/haproxy pidfile /var/run/haproxy.pid - maxconn {{ openshift.loadbalancer.global_maxconn }} + maxconn {{ openshift_loadbalancer_global_maxconn | default(20000) }} user haproxy group haproxy daemon @@ -32,14 +32,14 @@ defaults timeout server 300s timeout http-keep-alive 10s timeout check 10s - maxconn {{ openshift.loadbalancer.default_maxconn }} + maxconn {{ openshift_loadbalancer_default_maxconn | default(20000) }} listen stats :9000 mode http stats enable stats uri / -{% for frontend in openshift.loadbalancer.frontends %} +{% for frontend in openshift_loadbalancer_frontends %} frontend {{ frontend.name }} {% for bind in frontend.binds %} bind {{ bind }} @@ -60,7 +60,7 @@ frontend {{ frontend.name }} {% endif %} {% endfor %} -{% for backend in openshift.loadbalancer.backends %} +{% for backend in openshift_loadbalancer_backends %} backend {{ backend.name }} balance {{ backend.balance }} {% if 'mode' in backend %} |