From 57abf26c30e306d1527e92a61a94088e542bb006 Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Mon, 16 May 2016 11:45:32 -0400 Subject: Separate master and haproxy config playbooks. * Move haproxy configuration to a separate openshift-loadbalancer play. * Move the haproxy role to openshift_loadbalancer. * Add openshift_loadbalancer* facts which drive haproxy configuration. --- roles/openshift_loadbalancer/README.md | 34 ++++++++++ roles/openshift_loadbalancer/defaults/main.yml | 22 +++++++ roles/openshift_loadbalancer/handlers/main.yml | 6 ++ roles/openshift_loadbalancer/meta/main.yml | 15 +++++ roles/openshift_loadbalancer/tasks/main.yml | 73 +++++++++++++++++++++ .../templates/haproxy.cfg.j2 | 76 ++++++++++++++++++++++ 6 files changed, 226 insertions(+) create mode 100644 roles/openshift_loadbalancer/README.md create mode 100644 roles/openshift_loadbalancer/defaults/main.yml create mode 100644 roles/openshift_loadbalancer/handlers/main.yml create mode 100644 roles/openshift_loadbalancer/meta/main.yml create mode 100644 roles/openshift_loadbalancer/tasks/main.yml create mode 100644 roles/openshift_loadbalancer/templates/haproxy.cfg.j2 (limited to 'roles/openshift_loadbalancer') diff --git a/roles/openshift_loadbalancer/README.md b/roles/openshift_loadbalancer/README.md new file mode 100644 index 000000000..81fc282be --- /dev/null +++ b/roles/openshift_loadbalancer/README.md @@ -0,0 +1,34 @@ +OpenShift HAProxy Loadbalancer +============================== + +TODO + +Requirements +------------ + +TODO + +Role Variables +-------------- + +TODO + +Dependencies +------------ + +TODO + +Example Playbook +---------------- + +TODO + +License +------- + +Apache License, Version 2.0 + +Author Information +------------------ + +Jason DeTiberus (jdetiber@redhat.com) diff --git a/roles/openshift_loadbalancer/defaults/main.yml b/roles/openshift_loadbalancer/defaults/main.yml new file mode 100644 index 000000000..a1524cfe1 --- /dev/null +++ b/roles/openshift_loadbalancer/defaults/main.yml @@ -0,0 +1,22 @@ +--- +haproxy_frontend_port: 80 + +haproxy_frontends: +- name: main + binds: + - "*:80" + default_backend: default + +haproxy_backends: +- name: default + balance: roundrobin + servers: + - name: web01 + address: 127.0.0.1:9000 + opts: check + +os_firewall_allow: +- service: haproxy stats + port: "9000/tcp" +- service: haproxy balance + port: "{{ haproxy_frontend_port }}/tcp" diff --git a/roles/openshift_loadbalancer/handlers/main.yml b/roles/openshift_loadbalancer/handlers/main.yml new file mode 100644 index 000000000..5b8691b26 --- /dev/null +++ b/roles/openshift_loadbalancer/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: restart haproxy + service: + name: haproxy + state: restarted + when: not (haproxy_start_result_changed | default(false) | bool) diff --git a/roles/openshift_loadbalancer/meta/main.yml b/roles/openshift_loadbalancer/meta/main.yml new file mode 100644 index 000000000..fe336acf7 --- /dev/null +++ b/roles/openshift_loadbalancer/meta/main.yml @@ -0,0 +1,15 @@ +--- +galaxy_info: + author: Jason DeTiberus + description: OpenShift haproxy loadbalancer + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 1.9 + platforms: + - name: EL + versions: + - 7 +dependencies: +- role: openshift_facts +- role: os_firewall +- role: openshift_repos diff --git a/roles/openshift_loadbalancer/tasks/main.yml b/roles/openshift_loadbalancer/tasks/main.yml new file mode 100644 index 000000000..5514aa70b --- /dev/null +++ b/roles/openshift_loadbalancer/tasks/main.yml @@ -0,0 +1,73 @@ +--- +- name: Set haproxy frontend port + openshift_facts: + role: loadbalancer + local_facts: + frontend_port: "{{ openshift_master_api_port | default(None) }}" + +- name: Set loadbalancer facts + openshift_facts: + role: loadbalancer + local_facts: + limit_nofile: "{{ openshift_loadbalancer_limit_nofile | default(None) }}" + default_maxconn: "{{ openshift_loadbalancer_default_maxconn | default(None) }}" + global_maxconn: "{{ openshift_loadbalancer_global_maxconn | default(None) }}" + frontends: + - name: atomic-openshift-api + mode: tcp + options: + - tcplog + binds: + - "*:{{ openshift.loadbalancer.frontend_port }}" + default_backend: atomic-openshift-api + backends: + - name: atomic-openshift-api + mode: tcp + option: tcplog + balance: source + servers: "{{ hostvars + | oo_select_keys(groups['oo_masters']) + | oo_haproxy_backend_masters(openshift.loadbalancer.frontend_port) }}" + +- name: Install haproxy + action: "{{ ansible_pkg_mgr }} name=haproxy state=present" + when: not openshift.common.is_containerized | bool + +- name: Configure systemd service directory for haproxy + file: + path: /etc/systemd/system/haproxy.service.d + state: directory + when: "'limit_nofile' in openshift.loadbalancer" + +- name: Configure the nofile limits for haproxy + ini_file: + dest: /etc/systemd/system/haproxy.service.d/limits.conf + section: Service + option: LimitNOFILE + value: "{{ openshift.loadbalancer.limit_nofile }}" + when: "'limit_nofile' in openshift.loadbalancer" + notify: restart haproxy + register: nofile_limit_result + +- name: Reload systemd if needed + command: systemctl daemon-reload + when: nofile_limit_result | changed + +- name: Configure haproxy + template: + src: haproxy.cfg.j2 + dest: /etc/haproxy/haproxy.cfg + owner: root + group: root + mode: 0644 + notify: restart haproxy + +- name: Enable and start haproxy + service: + name: haproxy + state: started + enabled: yes + register: start_result + +- set_fact: + haproxy_start_result_changed: "{{ start_result | changed }}" diff --git a/roles/openshift_loadbalancer/templates/haproxy.cfg.j2 b/roles/openshift_loadbalancer/templates/haproxy.cfg.j2 new file mode 100644 index 000000000..05e360d3b --- /dev/null +++ b/roles/openshift_loadbalancer/templates/haproxy.cfg.j2 @@ -0,0 +1,76 @@ +# Global settings +#--------------------------------------------------------------------- +global + chroot /var/lib/haproxy + pidfile /var/run/haproxy.pid + maxconn {{ openshift.loadbalancer.global_maxconn }} + user haproxy + group haproxy + daemon + + # turn on stats unix socket + stats socket /var/lib/haproxy/stats + +#--------------------------------------------------------------------- +# common defaults that all the 'listen' and 'backend' sections will +# use if not designated in their block +#--------------------------------------------------------------------- +defaults + mode http + log global + option httplog + option dontlognull +# option http-server-close + option forwardfor except 127.0.0.0/8 + option redispatch + retries 3 + timeout http-request 10s + timeout queue 1m + timeout connect 10s + timeout client 300s + timeout server 300s + timeout http-keep-alive 10s + timeout check 10s + maxconn {{ openshift.loadbalancer.default_maxconn }} + +listen stats :9000 + mode http + stats enable + stats uri / + +{% for frontend in openshift.loadbalancer.frontends %} +frontend {{ frontend.name }} +{% for bind in frontend.binds %} + bind {{ bind }} +{% endfor %} + default_backend {{ frontend.default_backend }} +{% if 'mode' in frontend %} + mode {{ frontend.mode }} +{% endif %} +{% if 'options' in frontend %} +{% for option in frontend.options %} + option {{ option }} +{% endfor %} +{% endif %} +{% if 'redirects' in frontend %} +{% for redirect in frontend.redirects %} + redirect {{ redirect }} +{% endfor %} +{% endif %} +{% endfor %} + +{% for backend in openshift.loadbalancer.backends %} +backend {{ backend.name }} + balance {{ backend.balance }} +{% if 'mode' in backend %} + mode {{ backend.mode }} +{% endif %} +{% if 'options' in backend %} +{% for option in backend.options %} + option {{ option }} +{% endfor %} +{% endif %} +{% for server in backend.servers %} + server {{ server.name }} {{ server.address }} {{ server.opts }} +{% endfor %} +{% endfor %} -- cgit v1.2.1