summaryrefslogtreecommitdiffstats
path: root/roles/openshift_loadbalancer
diff options
context:
space:
mode:
Diffstat (limited to 'roles/openshift_loadbalancer')
-rw-r--r--roles/openshift_loadbalancer/README.md53
-rw-r--r--roles/openshift_loadbalancer/handlers/main.yml2
-rw-r--r--roles/openshift_loadbalancer/meta/main.yml11
-rw-r--r--roles/openshift_loadbalancer/tasks/main.yml28
-rw-r--r--roles/openshift_loadbalancer/templates/haproxy.cfg.j28
5 files changed, 78 insertions, 24 deletions
diff --git a/roles/openshift_loadbalancer/README.md b/roles/openshift_loadbalancer/README.md
index 81fc282be..bea4c509b 100644
--- a/roles/openshift_loadbalancer/README.md
+++ b/roles/openshift_loadbalancer/README.md
@@ -1,27 +1,70 @@
OpenShift HAProxy Loadbalancer
==============================
-TODO
+OpenShift HaProxy Loadbalancer Configuration
Requirements
------------
-TODO
+* Ansible 2.2
+
+This role is intended to be applied to the [lb] host group which is
+separate from OpenShift infrastructure components.
+
+This role is not re-entrant. All haproxy configuration lives in a single file.
Role Variables
--------------
-TODO
+From this role:
+
+| Name | Default value | |
+|----------------------------------------|---------------|-------------------------------------------------------|
+| openshift_loadbalancer_limit_nofile | 100000 | Limit number of open files. |
+| openshift_loadbalancer_global_maxconn | 20000 | Maximum per-process number of concurrent connections. |
+| openshift_loadbalancer_default_maxconn | 20000 | Maximum per-process number of concurrent connections. |
+| openshift_loadbalancer_frontends | none | List of frontends. See example below. |
+| openshift_loadbalancer_backends | none | List of backends. See example below. |
Dependencies
------------
-TODO
+* openshift_facts
+* os_firewall
+* openshift_repos
Example Playbook
----------------
-TODO
+```
+- name: Configure loadbalancer hosts
+ hosts: lb
+ roles:
+ - role: openshift_loadbalancer
+ openshift_loadbalancer_frontends:
+ - name: atomic-openshift-api
+ mode: tcp
+ options:
+ - tcplog
+ binds:
+ - "*:8443"
+ default_backend: atomic-openshift-api
+ openshift_loadbalancer_backends:
+ - name: atomic-openshift-api
+ mode: tcp
+ option: tcplog
+ balance: source
+ servers:
+ - name: master1
+ address: "192.168.122.221:8443"
+ opts: check
+ - name: master2
+ address: "192.168.122.222:8443"
+ opts: check
+ - name: master3
+ address: "192.168.122.223:8443"
+ opts: check
+```
License
-------
diff --git a/roles/openshift_loadbalancer/handlers/main.yml b/roles/openshift_loadbalancer/handlers/main.yml
index 5b8691b26..3bf052460 100644
--- a/roles/openshift_loadbalancer/handlers/main.yml
+++ b/roles/openshift_loadbalancer/handlers/main.yml
@@ -1,6 +1,6 @@
---
- name: restart haproxy
- service:
+ systemd:
name: haproxy
state: restarted
when: not (haproxy_start_result_changed | default(false) | bool)
diff --git a/roles/openshift_loadbalancer/meta/main.yml b/roles/openshift_loadbalancer/meta/main.yml
index ed846a1ba..0dffb545f 100644
--- a/roles/openshift_loadbalancer/meta/main.yml
+++ b/roles/openshift_loadbalancer/meta/main.yml
@@ -4,17 +4,22 @@ galaxy_info:
description: OpenShift haproxy loadbalancer
company: Red Hat, Inc.
license: Apache License, Version 2.0
- min_ansible_version: 1.9
+ min_ansible_version: 2.2
platforms:
- name: EL
versions:
- 7
dependencies:
-- role: openshift_loadbalancer_facts
+- role: openshift_facts
- role: os_firewall
os_firewall_allow:
- service: haproxy stats
port: "9000/tcp"
- service: haproxy balance
- port: "{{ openshift.loadbalancer.frontend_port }}/tcp"
+ port: "{{ openshift_master_api_port | default(8443) }}/tcp"
+- role: os_firewall
+ os_firewall_allow:
+ - service: nuage mon
+ port: "{{ nuage_mon_rest_server_port | default(9443) }}/tcp"
+ when: openshift_use_nuage | default(false) | bool
- role: openshift_repos
diff --git a/roles/openshift_loadbalancer/tasks/main.yml b/roles/openshift_loadbalancer/tasks/main.yml
index 03a7c0e4a..400f80715 100644
--- a/roles/openshift_loadbalancer/tasks/main.yml
+++ b/roles/openshift_loadbalancer/tasks/main.yml
@@ -1,27 +1,32 @@
---
+- fail: msg="Cannot use containerized=true for load balancer hosts."
+ when: openshift.common.is_containerized | bool
+
- name: Install haproxy
- action: "{{ ansible_pkg_mgr }} name=haproxy state=present"
- when: not openshift.common.is_containerized | bool
+ package: name=haproxy state=present
- name: Configure systemd service directory for haproxy
file:
path: /etc/systemd/system/haproxy.service.d
state: directory
- when: "'limit_nofile' in openshift.loadbalancer"
+
+# Work around ini_file create option in 2.2 which defaults to no
+- name: Create limits.conf file
+ file:
+ dest: /etc/systemd/system/haproxy.service.d/limits.conf
+ state: touch
+ mode: 0660
+ owner: root
+ group: root
+ changed_when: false
- name: Configure the nofile limits for haproxy
ini_file:
dest: /etc/systemd/system/haproxy.service.d/limits.conf
section: Service
option: LimitNOFILE
- value: "{{ openshift.loadbalancer.limit_nofile }}"
- when: "'limit_nofile' in openshift.loadbalancer"
+ value: "{{ openshift_loadbalancer_limit_nofile | default(100000) }}"
notify: restart haproxy
- register: nofile_limit_result
-
-- name: Reload systemd if needed
- command: systemctl daemon-reload
- when: nofile_limit_result | changed
- name: Configure haproxy
template:
@@ -33,10 +38,11 @@
notify: restart haproxy
- name: Enable and start haproxy
- service:
+ systemd:
name: haproxy
state: started
enabled: yes
+ daemon_reload: yes
register: start_result
- set_fact:
diff --git a/roles/openshift_loadbalancer/templates/haproxy.cfg.j2 b/roles/openshift_loadbalancer/templates/haproxy.cfg.j2
index b9a279f5f..79e695001 100644
--- a/roles/openshift_loadbalancer/templates/haproxy.cfg.j2
+++ b/roles/openshift_loadbalancer/templates/haproxy.cfg.j2
@@ -3,7 +3,7 @@
global
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
- maxconn {{ openshift.loadbalancer.global_maxconn }}
+ maxconn {{ openshift_loadbalancer_global_maxconn | default(20000) }}
user haproxy
group haproxy
daemon
@@ -32,14 +32,14 @@ defaults
timeout server 300s
timeout http-keep-alive 10s
timeout check 10s
- maxconn {{ openshift.loadbalancer.default_maxconn }}
+ maxconn {{ openshift_loadbalancer_default_maxconn | default(20000) }}
listen stats :9000
mode http
stats enable
stats uri /
-{% for frontend in openshift.loadbalancer.frontends %}
+{% for frontend in openshift_loadbalancer_frontends %}
frontend {{ frontend.name }}
{% for bind in frontend.binds %}
bind {{ bind }}
@@ -60,7 +60,7 @@ frontend {{ frontend.name }}
{% endif %}
{% endfor %}
-{% for backend in openshift.loadbalancer.backends %}
+{% for backend in openshift_loadbalancer_backends %}
backend {{ backend.name }}
balance {{ backend.balance }}
{% if 'mode' in backend %}
generated by cgit v1.2.1 (git 2.18.0) at 2024-05-19 22:03:56 +0000