-
-
Save evrardjp/24ad4bdf3be0e24fde6b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright 2015, Jean-Philippe Evrard | |
# | |
# Licensed under the Apache License, Version 2.0 (the "License"); | |
# you may not use this file except in compliance with the License. | |
# You may obtain a copy of the License at | |
# | |
# http://www.apache.org/licenses/LICENSE-2.0 | |
# | |
# Unless required by applicable law or agreed to in writing, software | |
# distributed under the License is distributed on an "AS IS" BASIS, | |
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
# See the License for the specific language governing permissions and | |
# limitations under the License. | |
haproxy_ssl: True | |
haproxy_use_extra_config_folder: True | |
galera_monitoring_user: monitoring | |
glance_registry_default_port: 9191 | |
glance_api_default_port: 9292 | |
heat_api_cfn_default_port: 8000 | |
heat_api_cloudwatch_default_port: 8003 | |
heat_api_default_port: 8004 | |
keystone_service_default_port: 5000 | |
keystone_admin_default_port: 35357 | |
neutron_server_default_port: 9696 | |
nova_api_metadata_default_port: 8775 | |
nova_api_os_compute_default_port: 8774 | |
nova_console_default_port: 6082 | |
cinder_api_default_port: 8776 | |
horizon_default_port: 80 | |
horizon_ssl_default_port: 443 | |
repo_all_default_port: 8181 | |
public_bind_v6: '::' | |
public_bind_v4: '<yourpublicipv4LBaddress>' | |
management_bind_v4: '<yourinternalLBaddress>' | |
cloud_nets: "<ips or ranges that can access the cloud at all times>" | |
maintenance_server: "<ip and port of the server which will hold your maintenance page>" | |
spammers_server: "<ip and port of the server which will hold your page to redirect spammers>" | |
haproxy_services: | |
galera: | |
frontends: | |
- name: galera | |
binds: | |
- ip: '*:3306' | |
balance_type: 'tcp' | |
options: | |
- tcplog | |
timeout_client: 5000s | |
default_backend: galera-back | |
backends: | |
- name: galera-back | |
balance_type: tcp | |
balance: leastconn | |
options: | |
- "mysql-check user {{ galera_monitoring_user }}" | |
timeout_server: 5000s | |
servers: | |
- name: "{{groups['galera_all'][0]}}" | |
ip: "{{ hostvars[groups['galera_all'][0]]['ansible_ssh_host'] }}" | |
port: 3306 | |
params: | |
- "check port 3306" | |
- "inter {{haproxy_default_interval}}" | |
- "rise 1" | |
- "fall 1" | |
- name: "{{groups['galera_all'][1]}}" | |
ip: "{{ hostvars[groups['galera_all'][1]]['ansible_ssh_host'] }}" | |
port: 3306 | |
params: | |
- "check port 3306" | |
- "inter {{haproxy_default_interval}}" | |
- "rise 1" | |
- "fall 1" | |
- "backup" | |
- name: "{{groups['galera_all'][2]}}" | |
ip: "{{ hostvars[groups['galera_all'][2]]['ansible_ssh_host'] }}" | |
port: 3306 | |
params: | |
- "check port 3306" | |
- "inter {{haproxy_default_interval}}" | |
- "rise 1" | |
- "fall 1" | |
- "backup" | |
glance_api: | |
frontends: | |
- name: glance_api-front | |
binds: | |
- ip: '{{public_bind_v6}}:{{glance_api_default_port}}' | |
ssl_termination: True | |
transparent: True | |
- ip: '{{public_bind_v4}}:{{glance_api_default_port}}' | |
ssl_termination: True | |
- ip: '{{management_bind_v4}}:{{glance_api_default_port}}' | |
options: | |
- 'httplog' | |
- 'forwardfor except 127.0.0.0/8' | |
- 'http-server-close' | |
balance_type: 'http' | |
default_backend: glance_api-back | |
backends: | |
- name: glance_api-back | |
mode: http | |
balance: leastconn | |
options: "{{ haproxy_default_backend_options_http }}" | |
servers: | |
- name: "{{ groups['glance_api'][0] }}" | |
ip: "{{ hostvars[groups['glance_api'][0]]['ansible_ssh_host'] }}:{{glance_api_default_port}}" | |
params: [ 'check port {{glance_api_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['glance_api']|count}}", "fall {{groups['glance_api']|count}}" ] | |
- name: "{{ groups['glance_api'][1] }}" | |
ip: "{{ hostvars[groups['glance_api'][1]]['ansible_ssh_host'] }}:{{glance_api_default_port}}" | |
params: [ 'check port {{glance_api_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['glance_api']|count}}", "fall {{groups['glance_api']|count}}" ] | |
- name: "{{ groups['glance_api'][2] }}" | |
ip: "{{ hostvars[groups['glance_api'][2]]['ansible_ssh_host'] }}:{{glance_api_default_port}}" | |
params: [ 'check port {{glance_api_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['glance_api']|count}}", "fall {{groups['glance_api']|count}}" ] | |
glance_registry: | |
frontends: | |
- name: glance_registry-front | |
binds: | |
- ip: '{{public_bind_v6}}:{{glance_registry_default_port}}' | |
ssl_termination: True | |
transparent: True | |
- ip: '{{public_bind_v4}}:{{glance_registry_default_port}}' | |
ssl_termination: True | |
- ip: '{{management_bind_v4}}:{{glance_registry_default_port}}' | |
options: | |
- 'httplog' | |
- 'forwardfor except 127.0.0.0/8' | |
- 'http-server-close' | |
balance_type: 'http' | |
default_backend: glance_registry-back | |
backends: | |
- name: glance_registry-back | |
mode: http | |
balance: leastconn | |
servers: | |
- name: "{{ groups['glance_registry'][0] }}" | |
ip: "{{ hostvars[groups['glance_registry'][0]]['ansible_ssh_host'] }}:{{glance_registry_default_port}}" | |
params: [ 'check port {{glance_registry_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['glance_registry']|count}}", "fall {{groups['glance_registry']|count}}" ] | |
- name: "{{ groups['glance_registry'][1] }}" | |
ip: "{{ hostvars[groups['glance_registry'][1]]['ansible_ssh_host'] }}:{{glance_registry_default_port}}" | |
params: [ 'check port {{glance_registry_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['glance_registry']|count}}", "fall {{groups['glance_registry']|count}}" ] | |
- name: "{{ groups['glance_registry'][2] }}" | |
ip: "{{ hostvars[groups['glance_registry'][2]]['ansible_ssh_host'] }}:{{glance_registry_default_port}}" | |
params: [ 'check port {{glance_registry_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['glance_registry']|count}}", "fall {{groups['glance_registry']|count}}" ] | |
heat_api_cfn: | |
frontends: | |
- name: heat_api_cfn-front | |
binds: | |
- ip: '{{public_bind_v6}}:{{heat_api_cfn_default_port}}' | |
ssl_termination: True | |
transparent: True | |
- ip: '{{public_bind_v4}}:{{heat_api_cfn_default_port}}' | |
ssl_termination: True | |
- ip: '{{management_bind_v4}}:{{heat_api_cfn_default_port}}' | |
options: | |
- 'httplog' | |
- 'forwardfor except 127.0.0.0/8' | |
- 'http-server-close' | |
balance_type: 'http' | |
default_backend: heat_api_cfn-back | |
backends: | |
- name: heat_api_cfn-back | |
mode: http | |
balance: leastconn | |
options: "{{ haproxy_default_backend_options_http }}" | |
servers: | |
- name: "{{ groups['heat_api_cfn'][0] }}" | |
ip: "{{ hostvars[groups['heat_api_cfn'][0]]['ansible_ssh_host'] }}:{{heat_api_cfn_default_port}}" | |
params: [ 'check port {{heat_api_cfn_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['heat_api_cfn']|count}}", "fall {{groups['heat_api_cfn']|count}}" ] | |
- name: "{{ groups['heat_api_cfn'][1] }}" | |
ip: "{{ hostvars[groups['heat_api_cfn'][1]]['ansible_ssh_host'] }}:{{heat_api_cfn_default_port}}" | |
params: [ 'check port {{heat_api_cfn_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['heat_api_cfn']|count}}", "fall {{groups['heat_api_cfn']|count}}" ] | |
- name: "{{ groups['heat_api_cfn'][2] }}" | |
ip: "{{ hostvars[groups['heat_api_cfn'][2]]['ansible_ssh_host'] }}:{{heat_api_cfn_default_port}}" | |
params: [ 'check port {{heat_api_cfn_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['heat_api_cfn']|count}}", "fall {{groups['heat_api_cfn']|count}}" ] | |
heat_api_cloudwatch: | |
frontends: | |
- name: heat_api_cloudwatch-front | |
binds: | |
- ip: '{{public_bind_v6}}:{{heat_api_cloudwatch_default_port}}' | |
ssl_termination: True | |
transparent: True | |
- ip: '{{public_bind_v4}}:{{heat_api_cloudwatch_default_port}}' | |
ssl_termination: True | |
- ip: '{{management_bind_v4}}:{{heat_api_cloudwatch_default_port}}' | |
options: | |
- 'httplog' | |
- 'forwardfor except 127.0.0.0/8' | |
- 'http-server-close' | |
balance_type: 'http' | |
default_backend: heat_api_cloudwatch-back | |
backends: | |
- name: heat_api_cloudwatch-back | |
mode: http | |
balance: leastconn | |
options: "{{ haproxy_default_backend_options_http }}" | |
servers: | |
- name: "{{ groups['heat_api_cloudwatch'][0] }}" | |
ip: "{{ hostvars[groups['heat_api_cloudwatch'][0]]['ansible_ssh_host'] }}:{{heat_api_cloudwatch_default_port}}" | |
params: [ 'check port {{heat_api_cloudwatch_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['heat_api_cloudwatch']|count}}", "fall {{groups['heat_api_cloudwatch']|count}}" ] | |
- name: "{{ groups['heat_api_cloudwatch'][1] }}" | |
ip: "{{ hostvars[groups['heat_api_cloudwatch'][1]]['ansible_ssh_host'] }}:{{heat_api_cloudwatch_default_port}}" | |
params: [ 'check port {{heat_api_cloudwatch_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['heat_api_cloudwatch']|count}}", "fall {{groups['heat_api_cloudwatch']|count}}" ] | |
- name: "{{ groups['heat_api_cloudwatch'][2] }}" | |
ip: "{{ hostvars[groups['heat_api_cloudwatch'][2]]['ansible_ssh_host'] }}:{{heat_api_cloudwatch_default_port}}" | |
params: [ 'check port {{heat_api_cloudwatch_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['heat_api_cloudwatch']|count}}", "fall {{groups['heat_api_cloudwatch']|count}}" ] | |
heat_api: | |
frontends: | |
- name: heat_api-front | |
binds: | |
- ip: '{{public_bind_v6}}:{{heat_api_default_port}}' | |
ssl_termination: True | |
transparent: True | |
- ip: '{{public_bind_v4}}:{{heat_api_default_port}}' | |
ssl_termination: True | |
- ip: '{{management_bind_v4}}:{{heat_api_default_port}}' | |
options: | |
- 'httplog' | |
- 'forwardfor except 127.0.0.0/8' | |
- 'http-server-close' | |
balance_type: 'http' | |
default_backend: heat_api-back | |
backends: | |
- name: heat_api-back | |
mode: http | |
balance: leastconn | |
options: "{{ haproxy_default_backend_options_http }}" | |
servers: | |
- name: "{{ groups['heat_api'][0] }}" | |
ip: "{{ hostvars[groups['heat_api'][0]]['ansible_ssh_host'] }}:{{heat_api_default_port}}" | |
params: [ 'check port {{heat_api_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['heat_api']|count}}", "fall {{groups['heat_api']|count}}" ] | |
- name: "{{ groups['heat_api'][1] }}" | |
ip: "{{ hostvars[groups['heat_api'][1]]['ansible_ssh_host'] }}:{{heat_api_default_port}}" | |
params: [ 'check port {{heat_api_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['heat_api']|count}}", "fall {{groups['heat_api']|count}}" ] | |
- name: "{{ groups['heat_api'][2] }}" | |
ip: "{{ hostvars[groups['heat_api'][2]]['ansible_ssh_host'] }}:{{heat_api_default_port}}" | |
params: [ 'check port {{heat_api_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['heat_api']|count}}", "fall {{groups['heat_api']|count}}" ] | |
keystone_service: | |
frontends: | |
- name: keystone_service-front | |
binds: | |
- ip: '{{public_bind_v6}}:{{keystone_service_default_port}}' | |
ssl_termination: True | |
transparent: True | |
- ip: '{{public_bind_v4}}:{{keystone_service_default_port}}' | |
ssl_termination: True | |
x_forwarded_proto: 'https' | |
options: | |
- 'httplog' | |
- 'forwardfor except 127.0.0.0/8' | |
- 'http-server-close' | |
#Update balance_type to 'tcp' for passthrough | |
balance_type: 'http' | |
default_backend: keystone_service-back | |
- name: keystone_internal_front | |
binds: | |
- ip: '{{management_bind_v4}}:{{keystone_service_default_port}}' | |
options: | |
- 'httplog' | |
- 'forwardfor except 127.0.0.0/8' | |
- 'http-server-close' | |
balance_type: 'http' | |
default_backend: keystone_service-back | |
backends: | |
- name: keystone_service-back | |
mode: http | |
balance: leastconn | |
options: "{{ haproxy_default_backend_options_http }}" | |
servers: | |
- name: "{{ groups['keystone_all'][0] }}" | |
ip: "{{ hostvars[groups['keystone_all'][0]]['ansible_ssh_host'] }}:{{keystone_service_default_port}}" | |
params: [ 'check port {{keystone_service_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['keystone_all']|count}}", "fall {{groups['keystone_all']|count}}" ] | |
- name: "{{ groups['keystone_all'][1] }}" | |
ip: "{{ hostvars[groups['keystone_all'][1]]['ansible_ssh_host'] }}:{{keystone_service_default_port}}" | |
params: [ 'check port {{keystone_service_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['keystone_all']|count}}", "fall {{groups['keystone_all']|count}}" ] | |
- name: "{{ groups['keystone_all'][2] }}" | |
ip: "{{ hostvars[groups['keystone_all'][2]]['ansible_ssh_host'] }}:{{keystone_service_default_port}}" | |
params: [ 'check port {{keystone_service_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['keystone_all']|count}}", "fall {{groups['keystone_all']|count}}" ] | |
keystone_admin: | |
frontends: | |
- name: keystone_admin-front | |
binds: | |
- ip: '{{public_bind_v6}}:{{keystone_admin_default_port}}' | |
transparent: True | |
- ip: '{{public_bind_v4}}:{{keystone_admin_default_port}}' | |
- ip: '{{management_bind_v4}}:{{keystone_admin_default_port}}' | |
options: | |
- 'httplog' | |
- 'forwardfor except 127.0.0.0/8' | |
- 'http-server-close' | |
balance_type: 'http' | |
default_backend: keystone_admin-back | |
backends: | |
- name: keystone_admin-back | |
mode: http | |
balance: leastconn | |
options: "{{ haproxy_default_backend_options_http }}" | |
servers: | |
- name: "{{ groups['keystone_all'][0] }}" | |
ip: "{{ hostvars[groups['keystone_all'][0]]['ansible_ssh_host'] }}:{{keystone_admin_default_port}}" | |
params: [ 'check port {{keystone_admin_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['keystone_all']|count}}", "fall {{groups['keystone_all']|count}}" ] | |
- name: "{{ groups['keystone_all'][1] }}" | |
ip: "{{ hostvars[groups['keystone_all'][1]]['ansible_ssh_host'] }}:{{keystone_admin_default_port}}" | |
params: [ 'check port {{keystone_admin_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['keystone_all']|count}}", "fall {{groups['keystone_all']|count}}" ] | |
- name: "{{ groups['keystone_all'][2] }}" | |
ip: "{{ hostvars[groups['keystone_all'][2]]['ansible_ssh_host'] }}:{{keystone_admin_default_port}}" | |
params: [ 'check port {{keystone_admin_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['keystone_all']|count}}", "fall {{groups['keystone_all']|count}}" ] | |
neutron_server: | |
frontends: | |
- name: neutron_server-front | |
binds: | |
- ip: '{{public_bind_v6}}:{{neutron_server_default_port}}' | |
ssl_termination: True | |
transparent: True | |
- ip: '{{public_bind_v4}}:{{neutron_server_default_port}}' | |
ssl_termination: True | |
- ip: '{{management_bind_v4}}:{{neutron_server_default_port}}' | |
options: | |
- 'httplog' | |
- 'forwardfor except 127.0.0.0/8' | |
- 'http-server-close' | |
balance_type: 'http' | |
default_backend: neutron_server-back | |
backends: | |
- name: neutron_server-back | |
mode: http | |
balance: leastconn | |
options: "{{ haproxy_default_backend_options_http }}" | |
servers: | |
- name: "{{ groups['neutron_server'][0] }}" | |
ip: "{{ hostvars[groups['neutron_server'][0]]['ansible_ssh_host'] }}:{{neutron_server_default_port}}" | |
params: [ 'check port {{neutron_server_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['neutron_server']|count}}", "fall {{groups['neutron_server']|count}}" ] | |
- name: "{{ groups['neutron_server'][1] }}" | |
ip: "{{ hostvars[groups['neutron_server'][1]]['ansible_ssh_host'] }}:{{neutron_server_default_port}}" | |
params: [ 'check port {{neutron_server_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['neutron_server']|count}}", "fall {{groups['neutron_server']|count}}" ] | |
- name: "{{ groups['neutron_server'][2] }}" | |
ip: "{{ hostvars[groups['neutron_server'][2]]['ansible_ssh_host'] }}:{{neutron_server_default_port}}" | |
params: [ 'check port {{neutron_server_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['neutron_server']|count}}", "fall {{groups['neutron_server']|count}}" ] | |
nova_api_metadata: | |
frontends: | |
- name: nova_api_metadata-front | |
binds: | |
- ip: '{{public_bind_v6}}:{{nova_api_metadata_default_port}}' | |
transparent: True | |
- ip: '{{public_bind_v4}}:{{nova_api_metadata_default_port}}' | |
- ip: '{{management_bind_v4}}:{{nova_api_metadata_default_port}}' | |
options: | |
- 'httplog' | |
- 'http-server-close' | |
balance_type: 'http' | |
default_backend: nova_api_metadata-back | |
backends: | |
- name: nova_api_metadata-back | |
mode: http | |
balance: leastconn | |
options: "{{ haproxy_default_backend_options_http }}" | |
servers: | |
- name: "{{ groups['nova_api_metadata'][0] }}" | |
ip: "{{ hostvars[groups['nova_api_metadata'][0]]['ansible_ssh_host'] }}:{{nova_api_metadata_default_port}}" | |
params: [ 'check port {{nova_api_metadata_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['nova_api_metadata']|count}}", "fall {{groups['nova_api_metadata']|count}}" ] | |
- name: "{{ groups['nova_api_metadata'][1] }}" | |
ip: "{{ hostvars[groups['nova_api_metadata'][1]]['ansible_ssh_host'] }}:{{nova_api_metadata_default_port}}" | |
params: [ 'check port {{nova_api_metadata_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['nova_api_metadata']|count}}", "fall {{groups['nova_api_metadata']|count}}" ] | |
- name: "{{ groups['nova_api_metadata'][2] }}" | |
ip: "{{ hostvars[groups['nova_api_metadata'][2]]['ansible_ssh_host'] }}:{{nova_api_metadata_default_port}}" | |
params: [ 'check port {{nova_api_metadata_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['nova_api_metadata']|count}}", "fall {{groups['nova_api_metadata']|count}}" ] | |
nova_api_os_compute: | |
frontends: | |
- name: nova_api_os_compute-front | |
binds: | |
- ip: '{{public_bind_v6}}:{{nova_api_os_compute_default_port}}' | |
ssl_termination: True | |
transparent: True | |
- ip: '{{public_bind_v4}}:{{nova_api_os_compute_default_port}}' | |
ssl_termination: True | |
- ip: '{{management_bind_v4}}:{{nova_api_os_compute_default_port}}' | |
options: | |
- 'httplog' | |
- 'http-server-close' | |
balance_type: 'http' | |
default_backend: nova_api_os_compute-back | |
backends: | |
- name: nova_api_os_compute-back | |
mode: http | |
balance: leastconn | |
options: "{{ haproxy_default_backend_options_http }}" | |
servers: | |
- name: "{{ groups['nova_api_os_compute'][0] }}" | |
ip: "{{ hostvars[groups['nova_api_os_compute'][0]]['ansible_ssh_host'] }}:{{nova_api_os_compute_default_port}}" | |
params: [ 'check port {{nova_api_os_compute_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['nova_api_os_compute']|count}}", "fall {{groups['nova_api_os_compute']|count}}" ] | |
- name: "{{ groups['nova_api_os_compute'][1] }}" | |
ip: "{{ hostvars[groups['nova_api_os_compute'][1]]['ansible_ssh_host'] }}:{{nova_api_os_compute_default_port}}" | |
params: [ 'check port {{nova_api_os_compute_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['nova_api_os_compute']|count}}", "fall {{groups['nova_api_os_compute']|count}}" ] | |
- name: "{{ groups['nova_api_os_compute'][2] }}" | |
ip: "{{ hostvars[groups['nova_api_os_compute'][2]]['ansible_ssh_host'] }}:{{nova_api_os_compute_default_port}}" | |
params: [ 'check port {{nova_api_os_compute_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['nova_api_os_compute']|count}}", "fall {{groups['nova_api_os_compute']|count}}" ] | |
nova_console: | |
frontends: | |
- name: nova_console-front | |
binds: | |
- ip: '{{public_bind_v6}}:{{nova_console_default_port}}' | |
ssl_termination: "{% if haproxy_ssl | bool and nova_spice_html5proxy_base_proto == 'https' %}true{% else %}false{% endif %}" | |
transparent: True | |
- ip: '{{public_bind_v4}}:{{nova_console_default_port}}' | |
ssl_termination: "{% if haproxy_ssl | bool and nova_spice_html5proxy_base_proto == 'https' %}true{% else %}false{% endif %}" | |
- ip: '{{management_bind_v4}}:{{nova_console_default_port}}' | |
ssl_termination: "{% if haproxy_ssl | bool and nova_spice_html5proxy_base_proto == 'https' %}true{% else %}false{% endif %}" | |
balance_type: 'tcp' | |
timeout_client: '60m' | |
default_backend: nova_console-back | |
backends: | |
- name: nova_console-back | |
mode: tcp | |
balance: source | |
timeout_server: '60m' | |
servers: | |
- name: "{{ groups['nova_console'][0] }}" | |
ip: "{{ hostvars[groups['nova_console'][0]]['ansible_ssh_host'] }}:{{nova_console_default_port}}" | |
params: [ 'check port {{nova_console_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['nova_console']|count}}", "fall {{groups['nova_console']|count}}" ] | |
- name: "{{ groups['nova_console'][1] }}" | |
ip: "{{ hostvars[groups['nova_console'][1]]['ansible_ssh_host'] }}:{{nova_console_default_port}}" | |
params: [ 'check port {{nova_console_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['nova_console']|count}}", "fall {{groups['nova_console']|count}}" ] | |
- name: "{{ groups['nova_console'][2] }}" | |
ip: "{{ hostvars[groups['nova_console'][2]]['ansible_ssh_host'] }}:{{nova_console_default_port}}" | |
params: [ 'check port {{nova_console_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['nova_console']|count}}", "fall {{groups['nova_console']|count}}" ] | |
cinder_api: | |
frontends: | |
- name: cinder_api-front | |
binds: | |
- ip: '{{public_bind_v6}}:{{cinder_api_default_port}}' | |
ssl_termination: True | |
transparent: True | |
- ip: '{{public_bind_v4}}:{{cinder_api_default_port}}' | |
ssl_termination: True | |
- ip: '{{management_bind_v4}}:{{cinder_api_default_port}}' | |
options: | |
- 'httplog' | |
- 'forwardfor except 127.0.0.0/8' | |
- 'http-server-close' | |
balance_type: 'http' | |
default_backend: cinder_api-back | |
backends: | |
- name: cinder_api-back | |
mode: http | |
balance: leastconn | |
options: "{{ haproxy_default_backend_options_http }}" | |
servers: | |
- name: "{{ groups['cinder_api'][0] }}" | |
ip: "{{ hostvars[groups['cinder_api'][0]]['ansible_ssh_host'] }}:{{cinder_api_default_port}}" | |
params: [ 'check port {{cinder_api_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['cinder_api']|count}}", "fall {{groups['cinder_api']|count}}" ] | |
- name: "{{ groups['cinder_api'][1] }}" | |
ip: "{{ hostvars[groups['cinder_api'][1]]['ansible_ssh_host'] }}:{{cinder_api_default_port}}" | |
params: [ 'check port {{cinder_api_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['cinder_api']|count}}", "fall {{groups['cinder_api']|count}}" ] | |
- name: "{{ groups['cinder_api'][2] }}" | |
ip: "{{ hostvars[groups['cinder_api'][2]]['ansible_ssh_host'] }}:{{cinder_api_default_port}}" | |
params: [ 'check port {{cinder_api_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['cinder_api']|count}}", "fall {{groups['cinder_api']|count}}" ] | |
utilities: | |
backends: | |
- name: maintenance | |
mode: http | |
servers: | |
- name: maintenance-server | |
ip: "{{maintenance_server}}" | |
- name: spammers | |
mode: http | |
servers: | |
- name: spammers-server | |
ip: "{{spammers_server}}" | |
horizon: | |
frontends: | |
- name: horizon-front | |
binds: | |
- ip: '{{public_bind_v6}}:{{horizon_default_port}}' | |
transparent: True | |
- ip: '{{public_bind_v4}}:{{horizon_default_port}}' | |
- ip: '{{management_bind_v4}}:{{horizon_default_port}}' | |
options: | |
- 'httplog' | |
- 'forwardfor except 127.0.0.0/8' | |
- 'http-server-close' | |
balance_type: 'http' | |
acls: | |
- name: "cloud_internal" | |
condition: "src {{ cloud_nets }}" | |
- name: "spammers" | |
condition: "src --" | |
- name: "maintenance" | |
condition: "src --" | |
use_backends: | |
- name: horizon-back | |
condition: "if cloud_internal" | |
- name: spammers | |
condition: "if spammers" | |
- name: maintenance | |
condition: "if maintenance" | |
default_backend: horizon-back | |
backends: | |
- name: horizon-back | |
mode: http | |
balance: leastconn | |
options: "{{ haproxy_default_backend_options_http }}" | |
servers: | |
- name: "{{ groups['horizon_all'][0] }}" | |
ip: "{{ hostvars[groups['horizon_all'][0]]['ansible_ssh_host'] }}:{{horizon_default_port}}" | |
params: [ 'check port {{horizon_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['horizon_all']|count}}", "fall {{groups['horizon_all']|count}}" ] | |
- name: "{{ groups['horizon_all'][1] }}" | |
ip: "{{ hostvars[groups['horizon_all'][1]]['ansible_ssh_host'] }}:{{horizon_default_port}}" | |
params: [ 'check port {{horizon_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['horizon_all']|count}}", "fall {{groups['horizon_all']|count}}" ] | |
- name: "{{ groups['horizon_all'][2] }}" | |
ip: "{{ hostvars[groups['horizon_all'][2]]['ansible_ssh_host'] }}:{{horizon_default_port}}" | |
params: [ 'check port {{horizon_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['horizon_all']|count}}", "fall {{groups['horizon_all']|count}}" ] | |
horizon_ssl: | |
frontends: | |
- name: horizon_ssl-front | |
binds: | |
- ip: '{{public_bind_v6}}:{{horizon_ssl_default_port}}' | |
transparent: True | |
- ip: '{{public_bind_v4}}:{{horizon_ssl_default_port}}' | |
- ip: '{{management_bind_v4}}:{{horizon_ssl_default_port}}' | |
balance_type: 'tcp' | |
acls: | |
- name: "cloud_internal" | |
condition: "src {{ cloud_nets }}" | |
- name: "spammers" | |
condition: "src --" | |
- name: "maintenance" | |
condition: "src --" | |
use_backends: | |
- name: horizon_ssl-back | |
condition: "if cloud_internal" | |
- name: spammers | |
condition: "if spammers" | |
- name: maintenance | |
condition: "if maintenance" | |
default_backend: horizon_ssl-back | |
backends: | |
- name: horizon_ssl-back | |
mode: tcp | |
balance: 'source' | |
options: "{{ haproxy_default_backend_options_https }}" | |
servers: | |
- name: "{{ groups['horizon_all'][0] }}" | |
ip: "{{ hostvars[groups['horizon_all'][0]]['ansible_ssh_host'] }}:{{horizon_ssl_default_port}}" | |
params: [ 'check port {{horizon_ssl_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['horizon_all']|count}}", "fall {{groups['horizon_all']|count}}" ] | |
- name: "{{ groups['horizon_all'][1] }}" | |
ip: "{{ hostvars[groups['horizon_all'][1]]['ansible_ssh_host'] }}:{{horizon_ssl_default_port}}" | |
params: [ 'check port {{horizon_ssl_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['horizon_all']|count}}", "fall {{groups['horizon_all']|count}}" ] | |
- name: "{{ groups['horizon_all'][2] }}" | |
ip: "{{ hostvars[groups['horizon_all'][2]]['ansible_ssh_host'] }}:{{horizon_ssl_default_port}}" | |
params: [ 'check port {{horizon_ssl_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['horizon_all']|count}}", "fall {{groups['horizon_all']|count}}" ] | |
repo_all: | |
frontends: | |
- name: repo_all-front | |
binds: | |
- ip: '*:{{repo_all_default_port}}' | |
options: | |
- 'httplog' | |
- 'forwardfor except 127.0.0.0/8' | |
- 'http-server-close' | |
balance_type: 'http' | |
default_backend: repo_all-back | |
backends: | |
- name: repo_all-back | |
mode: http | |
balance: leastconn | |
servers: | |
- name: "{{ groups['pkg_repo'][0] }}" | |
ip: "{{ hostvars[groups['pkg_repo'][0]]['ansible_ssh_host'] }}:{{repo_all_default_port}}" | |
params: [ 'check port {{repo_all_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['pkg_repo']|count}}", "fall {{groups['pkg_repo']|count}}" ] | |
- name: "{{ groups['pkg_repo'][1] }}" | |
ip: "{{ hostvars[groups['pkg_repo'][1]]['ansible_ssh_host'] }}:{{repo_all_default_port}}" | |
params: [ 'check port {{repo_all_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['pkg_repo']|count}}", "fall {{groups['pkg_repo']|count}}" ] | |
- name: "{{ groups['pkg_repo'][2] }}" | |
ip: "{{ hostvars[groups['pkg_repo'][2]]['ansible_ssh_host'] }}:{{repo_all_default_port}}" | |
params: [ 'check port {{repo_all_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['pkg_repo']|count}}", "fall {{groups['pkg_repo']|count}}" ] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment