-
-
Save evrardjp/24ad4bdf3be0e24fde6b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright 2015, Jean-Philippe Evrard | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # http://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| haproxy_ssl: True | |
| haproxy_use_extra_config_folder: True | |
| galera_monitoring_user: monitoring | |
| glance_registry_default_port: 9191 | |
| glance_api_default_port: 9292 | |
| heat_api_cfn_default_port: 8000 | |
| heat_api_cloudwatch_default_port: 8003 | |
| heat_api_default_port: 8004 | |
| keystone_service_default_port: 5000 | |
| keystone_admin_default_port: 35357 | |
| neutron_server_default_port: 9696 | |
| nova_api_metadata_default_port: 8775 | |
| nova_api_os_compute_default_port: 8774 | |
| nova_console_default_port: 6082 | |
| cinder_api_default_port: 8776 | |
| horizon_default_port: 80 | |
| horizon_ssl_default_port: 443 | |
| repo_all_default_port: 8181 | |
| public_bind_v6: '::' | |
| public_bind_v4: '<yourpublicipv4LBaddress>' | |
| management_bind_v4: '<yourinternalLBaddress>' | |
| cloud_nets: "<ips or ranges that can access the cloud at all times>" | |
| maintenance_server: "<ip and port of the server which will hold your maintenance page>" | |
| spammers_server: "<ip and port of the server which will hold your page to redirect spammers>" | |
| haproxy_services: | |
| galera: | |
| frontends: | |
| - name: galera | |
| binds: | |
| - ip: '*:3306' | |
| balance_type: 'tcp' | |
| options: | |
| - tcplog | |
| timeout_client: 5000s | |
| default_backend: galera-back | |
| backends: | |
| - name: galera-back | |
| balance_type: tcp | |
| balance: leastconn | |
| options: | |
| - "mysql-check user {{ galera_monitoring_user }}" | |
| timeout_server: 5000s | |
| servers: | |
| - name: "{{groups['galera_all'][0]}}" | |
| ip: "{{ hostvars[groups['galera_all'][0]]['ansible_ssh_host'] }}" | |
| port: 3306 | |
| params: | |
| - "check port 3306" | |
| - "inter {{haproxy_default_interval}}" | |
| - "rise 1" | |
| - "fall 1" | |
| - name: "{{groups['galera_all'][1]}}" | |
| ip: "{{ hostvars[groups['galera_all'][1]]['ansible_ssh_host'] }}" | |
| port: 3306 | |
| params: | |
| - "check port 3306" | |
| - "inter {{haproxy_default_interval}}" | |
| - "rise 1" | |
| - "fall 1" | |
| - "backup" | |
| - name: "{{groups['galera_all'][2]}}" | |
| ip: "{{ hostvars[groups['galera_all'][2]]['ansible_ssh_host'] }}" | |
| port: 3306 | |
| params: | |
| - "check port 3306" | |
| - "inter {{haproxy_default_interval}}" | |
| - "rise 1" | |
| - "fall 1" | |
| - "backup" | |
| glance_api: | |
| frontends: | |
| - name: glance_api-front | |
| binds: | |
| - ip: '{{public_bind_v6}}:{{glance_api_default_port}}' | |
| ssl_termination: True | |
| transparent: True | |
| - ip: '{{public_bind_v4}}:{{glance_api_default_port}}' | |
| ssl_termination: True | |
| - ip: '{{management_bind_v4}}:{{glance_api_default_port}}' | |
| options: | |
| - 'httplog' | |
| - 'forwardfor except 127.0.0.0/8' | |
| - 'http-server-close' | |
| balance_type: 'http' | |
| default_backend: glance_api-back | |
| backends: | |
| - name: glance_api-back | |
| mode: http | |
| balance: leastconn | |
| options: "{{ haproxy_default_backend_options_http }}" | |
| servers: | |
| - name: "{{ groups['glance_api'][0] }}" | |
| ip: "{{ hostvars[groups['glance_api'][0]]['ansible_ssh_host'] }}:{{glance_api_default_port}}" | |
| params: [ 'check port {{glance_api_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['glance_api']|count}}", "fall {{groups['glance_api']|count}}" ] | |
| - name: "{{ groups['glance_api'][1] }}" | |
| ip: "{{ hostvars[groups['glance_api'][1]]['ansible_ssh_host'] }}:{{glance_api_default_port}}" | |
| params: [ 'check port {{glance_api_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['glance_api']|count}}", "fall {{groups['glance_api']|count}}" ] | |
| - name: "{{ groups['glance_api'][2] }}" | |
| ip: "{{ hostvars[groups['glance_api'][2]]['ansible_ssh_host'] }}:{{glance_api_default_port}}" | |
| params: [ 'check port {{glance_api_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['glance_api']|count}}", "fall {{groups['glance_api']|count}}" ] | |
| glance_registry: | |
| frontends: | |
| - name: glance_registry-front | |
| binds: | |
| - ip: '{{public_bind_v6}}:{{glance_registry_default_port}}' | |
| ssl_termination: True | |
| transparent: True | |
| - ip: '{{public_bind_v4}}:{{glance_registry_default_port}}' | |
| ssl_termination: True | |
| - ip: '{{management_bind_v4}}:{{glance_registry_default_port}}' | |
| options: | |
| - 'httplog' | |
| - 'forwardfor except 127.0.0.0/8' | |
| - 'http-server-close' | |
| balance_type: 'http' | |
| default_backend: glance_registry-back | |
| backends: | |
| - name: glance_registry-back | |
| mode: http | |
| balance: leastconn | |
| servers: | |
| - name: "{{ groups['glance_registry'][0] }}" | |
| ip: "{{ hostvars[groups['glance_registry'][0]]['ansible_ssh_host'] }}:{{glance_registry_default_port}}" | |
| params: [ 'check port {{glance_registry_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['glance_registry']|count}}", "fall {{groups['glance_registry']|count}}" ] | |
| - name: "{{ groups['glance_registry'][1] }}" | |
| ip: "{{ hostvars[groups['glance_registry'][1]]['ansible_ssh_host'] }}:{{glance_registry_default_port}}" | |
| params: [ 'check port {{glance_registry_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['glance_registry']|count}}", "fall {{groups['glance_registry']|count}}" ] | |
| - name: "{{ groups['glance_registry'][2] }}" | |
| ip: "{{ hostvars[groups['glance_registry'][2]]['ansible_ssh_host'] }}:{{glance_registry_default_port}}" | |
| params: [ 'check port {{glance_registry_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['glance_registry']|count}}", "fall {{groups['glance_registry']|count}}" ] | |
| heat_api_cfn: | |
| frontends: | |
| - name: heat_api_cfn-front | |
| binds: | |
| - ip: '{{public_bind_v6}}:{{heat_api_cfn_default_port}}' | |
| ssl_termination: True | |
| transparent: True | |
| - ip: '{{public_bind_v4}}:{{heat_api_cfn_default_port}}' | |
| ssl_termination: True | |
| - ip: '{{management_bind_v4}}:{{heat_api_cfn_default_port}}' | |
| options: | |
| - 'httplog' | |
| - 'forwardfor except 127.0.0.0/8' | |
| - 'http-server-close' | |
| balance_type: 'http' | |
| default_backend: heat_api_cfn-back | |
| backends: | |
| - name: heat_api_cfn-back | |
| mode: http | |
| balance: leastconn | |
| options: "{{ haproxy_default_backend_options_http }}" | |
| servers: | |
| - name: "{{ groups['heat_api_cfn'][0] }}" | |
| ip: "{{ hostvars[groups['heat_api_cfn'][0]]['ansible_ssh_host'] }}:{{heat_api_cfn_default_port}}" | |
| params: [ 'check port {{heat_api_cfn_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['heat_api_cfn']|count}}", "fall {{groups['heat_api_cfn']|count}}" ] | |
| - name: "{{ groups['heat_api_cfn'][1] }}" | |
| ip: "{{ hostvars[groups['heat_api_cfn'][1]]['ansible_ssh_host'] }}:{{heat_api_cfn_default_port}}" | |
| params: [ 'check port {{heat_api_cfn_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['heat_api_cfn']|count}}", "fall {{groups['heat_api_cfn']|count}}" ] | |
| - name: "{{ groups['heat_api_cfn'][2] }}" | |
| ip: "{{ hostvars[groups['heat_api_cfn'][2]]['ansible_ssh_host'] }}:{{heat_api_cfn_default_port}}" | |
| params: [ 'check port {{heat_api_cfn_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['heat_api_cfn']|count}}", "fall {{groups['heat_api_cfn']|count}}" ] | |
| heat_api_cloudwatch: | |
| frontends: | |
| - name: heat_api_cloudwatch-front | |
| binds: | |
| - ip: '{{public_bind_v6}}:{{heat_api_cloudwatch_default_port}}' | |
| ssl_termination: True | |
| transparent: True | |
| - ip: '{{public_bind_v4}}:{{heat_api_cloudwatch_default_port}}' | |
| ssl_termination: True | |
| - ip: '{{management_bind_v4}}:{{heat_api_cloudwatch_default_port}}' | |
| options: | |
| - 'httplog' | |
| - 'forwardfor except 127.0.0.0/8' | |
| - 'http-server-close' | |
| balance_type: 'http' | |
| default_backend: heat_api_cloudwatch-back | |
| backends: | |
| - name: heat_api_cloudwatch-back | |
| mode: http | |
| balance: leastconn | |
| options: "{{ haproxy_default_backend_options_http }}" | |
| servers: | |
| - name: "{{ groups['heat_api_cloudwatch'][0] }}" | |
| ip: "{{ hostvars[groups['heat_api_cloudwatch'][0]]['ansible_ssh_host'] }}:{{heat_api_cloudwatch_default_port}}" | |
| params: [ 'check port {{heat_api_cloudwatch_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['heat_api_cloudwatch']|count}}", "fall {{groups['heat_api_cloudwatch']|count}}" ] | |
| - name: "{{ groups['heat_api_cloudwatch'][1] }}" | |
| ip: "{{ hostvars[groups['heat_api_cloudwatch'][1]]['ansible_ssh_host'] }}:{{heat_api_cloudwatch_default_port}}" | |
| params: [ 'check port {{heat_api_cloudwatch_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['heat_api_cloudwatch']|count}}", "fall {{groups['heat_api_cloudwatch']|count}}" ] | |
| - name: "{{ groups['heat_api_cloudwatch'][2] }}" | |
| ip: "{{ hostvars[groups['heat_api_cloudwatch'][2]]['ansible_ssh_host'] }}:{{heat_api_cloudwatch_default_port}}" | |
| params: [ 'check port {{heat_api_cloudwatch_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['heat_api_cloudwatch']|count}}", "fall {{groups['heat_api_cloudwatch']|count}}" ] | |
| heat_api: | |
| frontends: | |
| - name: heat_api-front | |
| binds: | |
| - ip: '{{public_bind_v6}}:{{heat_api_default_port}}' | |
| ssl_termination: True | |
| transparent: True | |
| - ip: '{{public_bind_v4}}:{{heat_api_default_port}}' | |
| ssl_termination: True | |
| - ip: '{{management_bind_v4}}:{{heat_api_default_port}}' | |
| options: | |
| - 'httplog' | |
| - 'forwardfor except 127.0.0.0/8' | |
| - 'http-server-close' | |
| balance_type: 'http' | |
| default_backend: heat_api-back | |
| backends: | |
| - name: heat_api-back | |
| mode: http | |
| balance: leastconn | |
| options: "{{ haproxy_default_backend_options_http }}" | |
| servers: | |
| - name: "{{ groups['heat_api'][0] }}" | |
| ip: "{{ hostvars[groups['heat_api'][0]]['ansible_ssh_host'] }}:{{heat_api_default_port}}" | |
| params: [ 'check port {{heat_api_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['heat_api']|count}}", "fall {{groups['heat_api']|count}}" ] | |
| - name: "{{ groups['heat_api'][1] }}" | |
| ip: "{{ hostvars[groups['heat_api'][1]]['ansible_ssh_host'] }}:{{heat_api_default_port}}" | |
| params: [ 'check port {{heat_api_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['heat_api']|count}}", "fall {{groups['heat_api']|count}}" ] | |
| - name: "{{ groups['heat_api'][2] }}" | |
| ip: "{{ hostvars[groups['heat_api'][2]]['ansible_ssh_host'] }}:{{heat_api_default_port}}" | |
| params: [ 'check port {{heat_api_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['heat_api']|count}}", "fall {{groups['heat_api']|count}}" ] | |
| keystone_service: | |
| frontends: | |
| - name: keystone_service-front | |
| binds: | |
| - ip: '{{public_bind_v6}}:{{keystone_service_default_port}}' | |
| ssl_termination: True | |
| transparent: True | |
| - ip: '{{public_bind_v4}}:{{keystone_service_default_port}}' | |
| ssl_termination: True | |
| x_forwarded_proto: 'https' | |
| options: | |
| - 'httplog' | |
| - 'forwardfor except 127.0.0.0/8' | |
| - 'http-server-close' | |
| #Update balance_type to 'tcp' for passthrough | |
| balance_type: 'http' | |
| default_backend: keystone_service-back | |
| - name: keystone_internal_front | |
| binds: | |
| - ip: '{{management_bind_v4}}:{{keystone_service_default_port}}' | |
| options: | |
| - 'httplog' | |
| - 'forwardfor except 127.0.0.0/8' | |
| - 'http-server-close' | |
| balance_type: 'http' | |
| default_backend: keystone_service-back | |
| backends: | |
| - name: keystone_service-back | |
| mode: http | |
| balance: leastconn | |
| options: "{{ haproxy_default_backend_options_http }}" | |
| servers: | |
| - name: "{{ groups['keystone_all'][0] }}" | |
| ip: "{{ hostvars[groups['keystone_all'][0]]['ansible_ssh_host'] }}:{{keystone_service_default_port}}" | |
| params: [ 'check port {{keystone_service_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['keystone_all']|count}}", "fall {{groups['keystone_all']|count}}" ] | |
| - name: "{{ groups['keystone_all'][1] }}" | |
| ip: "{{ hostvars[groups['keystone_all'][1]]['ansible_ssh_host'] }}:{{keystone_service_default_port}}" | |
| params: [ 'check port {{keystone_service_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['keystone_all']|count}}", "fall {{groups['keystone_all']|count}}" ] | |
| - name: "{{ groups['keystone_all'][2] }}" | |
| ip: "{{ hostvars[groups['keystone_all'][2]]['ansible_ssh_host'] }}:{{keystone_service_default_port}}" | |
| params: [ 'check port {{keystone_service_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['keystone_all']|count}}", "fall {{groups['keystone_all']|count}}" ] | |
| keystone_admin: | |
| frontends: | |
| - name: keystone_admin-front | |
| binds: | |
| - ip: '{{public_bind_v6}}:{{keystone_admin_default_port}}' | |
| transparent: True | |
| - ip: '{{public_bind_v4}}:{{keystone_admin_default_port}}' | |
| - ip: '{{management_bind_v4}}:{{keystone_admin_default_port}}' | |
| options: | |
| - 'httplog' | |
| - 'forwardfor except 127.0.0.0/8' | |
| - 'http-server-close' | |
| balance_type: 'http' | |
| default_backend: keystone_admin-back | |
| backends: | |
| - name: keystone_admin-back | |
| mode: http | |
| balance: leastconn | |
| options: "{{ haproxy_default_backend_options_http }}" | |
| servers: | |
| - name: "{{ groups['keystone_all'][0] }}" | |
| ip: "{{ hostvars[groups['keystone_all'][0]]['ansible_ssh_host'] }}:{{keystone_admin_default_port}}" | |
| params: [ 'check port {{keystone_admin_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['keystone_all']|count}}", "fall {{groups['keystone_all']|count}}" ] | |
| - name: "{{ groups['keystone_all'][1] }}" | |
| ip: "{{ hostvars[groups['keystone_all'][1]]['ansible_ssh_host'] }}:{{keystone_admin_default_port}}" | |
| params: [ 'check port {{keystone_admin_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['keystone_all']|count}}", "fall {{groups['keystone_all']|count}}" ] | |
| - name: "{{ groups['keystone_all'][2] }}" | |
| ip: "{{ hostvars[groups['keystone_all'][2]]['ansible_ssh_host'] }}:{{keystone_admin_default_port}}" | |
| params: [ 'check port {{keystone_admin_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['keystone_all']|count}}", "fall {{groups['keystone_all']|count}}" ] | |
| neutron_server: | |
| frontends: | |
| - name: neutron_server-front | |
| binds: | |
| - ip: '{{public_bind_v6}}:{{neutron_server_default_port}}' | |
| ssl_termination: True | |
| transparent: True | |
| - ip: '{{public_bind_v4}}:{{neutron_server_default_port}}' | |
| ssl_termination: True | |
| - ip: '{{management_bind_v4}}:{{neutron_server_default_port}}' | |
| options: | |
| - 'httplog' | |
| - 'forwardfor except 127.0.0.0/8' | |
| - 'http-server-close' | |
| balance_type: 'http' | |
| default_backend: neutron_server-back | |
| backends: | |
| - name: neutron_server-back | |
| mode: http | |
| balance: leastconn | |
| options: "{{ haproxy_default_backend_options_http }}" | |
| servers: | |
| - name: "{{ groups['neutron_server'][0] }}" | |
| ip: "{{ hostvars[groups['neutron_server'][0]]['ansible_ssh_host'] }}:{{neutron_server_default_port}}" | |
| params: [ 'check port {{neutron_server_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['neutron_server']|count}}", "fall {{groups['neutron_server']|count}}" ] | |
| - name: "{{ groups['neutron_server'][1] }}" | |
| ip: "{{ hostvars[groups['neutron_server'][1]]['ansible_ssh_host'] }}:{{neutron_server_default_port}}" | |
| params: [ 'check port {{neutron_server_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['neutron_server']|count}}", "fall {{groups['neutron_server']|count}}" ] | |
| - name: "{{ groups['neutron_server'][2] }}" | |
| ip: "{{ hostvars[groups['neutron_server'][2]]['ansible_ssh_host'] }}:{{neutron_server_default_port}}" | |
| params: [ 'check port {{neutron_server_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['neutron_server']|count}}", "fall {{groups['neutron_server']|count}}" ] | |
| nova_api_metadata: | |
| frontends: | |
| - name: nova_api_metadata-front | |
| binds: | |
| - ip: '{{public_bind_v6}}:{{nova_api_metadata_default_port}}' | |
| transparent: True | |
| - ip: '{{public_bind_v4}}:{{nova_api_metadata_default_port}}' | |
| - ip: '{{management_bind_v4}}:{{nova_api_metadata_default_port}}' | |
| options: | |
| - 'httplog' | |
| - 'http-server-close' | |
| balance_type: 'http' | |
| default_backend: nova_api_metadata-back | |
| backends: | |
| - name: nova_api_metadata-back | |
| mode: http | |
| balance: leastconn | |
| options: "{{ haproxy_default_backend_options_http }}" | |
| servers: | |
| - name: "{{ groups['nova_api_metadata'][0] }}" | |
| ip: "{{ hostvars[groups['nova_api_metadata'][0]]['ansible_ssh_host'] }}:{{nova_api_metadata_default_port}}" | |
| params: [ 'check port {{nova_api_metadata_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['nova_api_metadata']|count}}", "fall {{groups['nova_api_metadata']|count}}" ] | |
| - name: "{{ groups['nova_api_metadata'][1] }}" | |
| ip: "{{ hostvars[groups['nova_api_metadata'][1]]['ansible_ssh_host'] }}:{{nova_api_metadata_default_port}}" | |
| params: [ 'check port {{nova_api_metadata_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['nova_api_metadata']|count}}", "fall {{groups['nova_api_metadata']|count}}" ] | |
| - name: "{{ groups['nova_api_metadata'][2] }}" | |
| ip: "{{ hostvars[groups['nova_api_metadata'][2]]['ansible_ssh_host'] }}:{{nova_api_metadata_default_port}}" | |
| params: [ 'check port {{nova_api_metadata_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['nova_api_metadata']|count}}", "fall {{groups['nova_api_metadata']|count}}" ] | |
| nova_api_os_compute: | |
| frontends: | |
| - name: nova_api_os_compute-front | |
| binds: | |
| - ip: '{{public_bind_v6}}:{{nova_api_os_compute_default_port}}' | |
| ssl_termination: True | |
| transparent: True | |
| - ip: '{{public_bind_v4}}:{{nova_api_os_compute_default_port}}' | |
| ssl_termination: True | |
| - ip: '{{management_bind_v4}}:{{nova_api_os_compute_default_port}}' | |
| options: | |
| - 'httplog' | |
| - 'http-server-close' | |
| balance_type: 'http' | |
| default_backend: nova_api_os_compute-back | |
| backends: | |
| - name: nova_api_os_compute-back | |
| mode: http | |
| balance: leastconn | |
| options: "{{ haproxy_default_backend_options_http }}" | |
| servers: | |
| - name: "{{ groups['nova_api_os_compute'][0] }}" | |
| ip: "{{ hostvars[groups['nova_api_os_compute'][0]]['ansible_ssh_host'] }}:{{nova_api_os_compute_default_port}}" | |
| params: [ 'check port {{nova_api_os_compute_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['nova_api_os_compute']|count}}", "fall {{groups['nova_api_os_compute']|count}}" ] | |
| - name: "{{ groups['nova_api_os_compute'][1] }}" | |
| ip: "{{ hostvars[groups['nova_api_os_compute'][1]]['ansible_ssh_host'] }}:{{nova_api_os_compute_default_port}}" | |
| params: [ 'check port {{nova_api_os_compute_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['nova_api_os_compute']|count}}", "fall {{groups['nova_api_os_compute']|count}}" ] | |
| - name: "{{ groups['nova_api_os_compute'][2] }}" | |
| ip: "{{ hostvars[groups['nova_api_os_compute'][2]]['ansible_ssh_host'] }}:{{nova_api_os_compute_default_port}}" | |
| params: [ 'check port {{nova_api_os_compute_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['nova_api_os_compute']|count}}", "fall {{groups['nova_api_os_compute']|count}}" ] | |
| nova_console: | |
| frontends: | |
| - name: nova_console-front | |
| binds: | |
| - ip: '{{public_bind_v6}}:{{nova_console_default_port}}' | |
| ssl_termination: "{% if haproxy_ssl | bool and nova_spice_html5proxy_base_proto == 'https' %}true{% else %}false{% endif %}" | |
| transparent: True | |
| - ip: '{{public_bind_v4}}:{{nova_console_default_port}}' | |
| ssl_termination: "{% if haproxy_ssl | bool and nova_spice_html5proxy_base_proto == 'https' %}true{% else %}false{% endif %}" | |
| - ip: '{{management_bind_v4}}:{{nova_console_default_port}}' | |
| ssl_termination: "{% if haproxy_ssl | bool and nova_spice_html5proxy_base_proto == 'https' %}true{% else %}false{% endif %}" | |
| balance_type: 'tcp' | |
| timeout_client: '60m' | |
| default_backend: nova_console-back | |
| backends: | |
| - name: nova_console-back | |
| mode: tcp | |
| balance: source | |
| timeout_server: '60m' | |
| servers: | |
| - name: "{{ groups['nova_console'][0] }}" | |
| ip: "{{ hostvars[groups['nova_console'][0]]['ansible_ssh_host'] }}:{{nova_console_default_port}}" | |
| params: [ 'check port {{nova_console_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['nova_console']|count}}", "fall {{groups['nova_console']|count}}" ] | |
| - name: "{{ groups['nova_console'][1] }}" | |
| ip: "{{ hostvars[groups['nova_console'][1]]['ansible_ssh_host'] }}:{{nova_console_default_port}}" | |
| params: [ 'check port {{nova_console_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['nova_console']|count}}", "fall {{groups['nova_console']|count}}" ] | |
| - name: "{{ groups['nova_console'][2] }}" | |
| ip: "{{ hostvars[groups['nova_console'][2]]['ansible_ssh_host'] }}:{{nova_console_default_port}}" | |
| params: [ 'check port {{nova_console_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['nova_console']|count}}", "fall {{groups['nova_console']|count}}" ] | |
| cinder_api: | |
| frontends: | |
| - name: cinder_api-front | |
| binds: | |
| - ip: '{{public_bind_v6}}:{{cinder_api_default_port}}' | |
| ssl_termination: True | |
| transparent: True | |
| - ip: '{{public_bind_v4}}:{{cinder_api_default_port}}' | |
| ssl_termination: True | |
| - ip: '{{management_bind_v4}}:{{cinder_api_default_port}}' | |
| options: | |
| - 'httplog' | |
| - 'forwardfor except 127.0.0.0/8' | |
| - 'http-server-close' | |
| balance_type: 'http' | |
| default_backend: cinder_api-back | |
| backends: | |
| - name: cinder_api-back | |
| mode: http | |
| balance: leastconn | |
| options: "{{ haproxy_default_backend_options_http }}" | |
| servers: | |
| - name: "{{ groups['cinder_api'][0] }}" | |
| ip: "{{ hostvars[groups['cinder_api'][0]]['ansible_ssh_host'] }}:{{cinder_api_default_port}}" | |
| params: [ 'check port {{cinder_api_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['cinder_api']|count}}", "fall {{groups['cinder_api']|count}}" ] | |
| - name: "{{ groups['cinder_api'][1] }}" | |
| ip: "{{ hostvars[groups['cinder_api'][1]]['ansible_ssh_host'] }}:{{cinder_api_default_port}}" | |
| params: [ 'check port {{cinder_api_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['cinder_api']|count}}", "fall {{groups['cinder_api']|count}}" ] | |
| - name: "{{ groups['cinder_api'][2] }}" | |
| ip: "{{ hostvars[groups['cinder_api'][2]]['ansible_ssh_host'] }}:{{cinder_api_default_port}}" | |
| params: [ 'check port {{cinder_api_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['cinder_api']|count}}", "fall {{groups['cinder_api']|count}}" ] | |
| utilities: | |
| backends: | |
| - name: maintenance | |
| mode: http | |
| servers: | |
| - name: maintenance-server | |
| ip: "{{maintenance_server}}" | |
| - name: spammers | |
| mode: http | |
| servers: | |
| - name: spammers-server | |
| ip: "{{spammers_server}}" | |
| horizon: | |
| frontends: | |
| - name: horizon-front | |
| binds: | |
| - ip: '{{public_bind_v6}}:{{horizon_default_port}}' | |
| transparent: True | |
| - ip: '{{public_bind_v4}}:{{horizon_default_port}}' | |
| - ip: '{{management_bind_v4}}:{{horizon_default_port}}' | |
| options: | |
| - 'httplog' | |
| - 'forwardfor except 127.0.0.0/8' | |
| - 'http-server-close' | |
| balance_type: 'http' | |
| acls: | |
| - name: "cloud_internal" | |
| condition: "src {{ cloud_nets }}" | |
| - name: "spammers" | |
| condition: "src --" | |
| - name: "maintenance" | |
| condition: "src --" | |
| use_backends: | |
| - name: horizon-back | |
| condition: "if cloud_internal" | |
| - name: spammers | |
| condition: "if spammers" | |
| - name: maintenance | |
| condition: "if maintenance" | |
| default_backend: horizon-back | |
| backends: | |
| - name: horizon-back | |
| mode: http | |
| balance: leastconn | |
| options: "{{ haproxy_default_backend_options_http }}" | |
| servers: | |
| - name: "{{ groups['horizon_all'][0] }}" | |
| ip: "{{ hostvars[groups['horizon_all'][0]]['ansible_ssh_host'] }}:{{horizon_default_port}}" | |
| params: [ 'check port {{horizon_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['horizon_all']|count}}", "fall {{groups['horizon_all']|count}}" ] | |
| - name: "{{ groups['horizon_all'][1] }}" | |
| ip: "{{ hostvars[groups['horizon_all'][1]]['ansible_ssh_host'] }}:{{horizon_default_port}}" | |
| params: [ 'check port {{horizon_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['horizon_all']|count}}", "fall {{groups['horizon_all']|count}}" ] | |
| - name: "{{ groups['horizon_all'][2] }}" | |
| ip: "{{ hostvars[groups['horizon_all'][2]]['ansible_ssh_host'] }}:{{horizon_default_port}}" | |
| params: [ 'check port {{horizon_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['horizon_all']|count}}", "fall {{groups['horizon_all']|count}}" ] | |
| horizon_ssl: | |
| frontends: | |
| - name: horizon_ssl-front | |
| binds: | |
| - ip: '{{public_bind_v6}}:{{horizon_ssl_default_port}}' | |
| transparent: True | |
| - ip: '{{public_bind_v4}}:{{horizon_ssl_default_port}}' | |
| - ip: '{{management_bind_v4}}:{{horizon_ssl_default_port}}' | |
| balance_type: 'tcp' | |
| acls: | |
| - name: "cloud_internal" | |
| condition: "src {{ cloud_nets }}" | |
| - name: "spammers" | |
| condition: "src --" | |
| - name: "maintenance" | |
| condition: "src --" | |
| use_backends: | |
| - name: horizon_ssl-back | |
| condition: "if cloud_internal" | |
| - name: spammers | |
| condition: "if spammers" | |
| - name: maintenance | |
| condition: "if maintenance" | |
| default_backend: horizon_ssl-back | |
| backends: | |
| - name: horizon_ssl-back | |
| mode: tcp | |
| balance: 'source' | |
| options: "{{ haproxy_default_backend_options_https }}" | |
| servers: | |
| - name: "{{ groups['horizon_all'][0] }}" | |
| ip: "{{ hostvars[groups['horizon_all'][0]]['ansible_ssh_host'] }}:{{horizon_ssl_default_port}}" | |
| params: [ 'check port {{horizon_ssl_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['horizon_all']|count}}", "fall {{groups['horizon_all']|count}}" ] | |
| - name: "{{ groups['horizon_all'][1] }}" | |
| ip: "{{ hostvars[groups['horizon_all'][1]]['ansible_ssh_host'] }}:{{horizon_ssl_default_port}}" | |
| params: [ 'check port {{horizon_ssl_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['horizon_all']|count}}", "fall {{groups['horizon_all']|count}}" ] | |
| - name: "{{ groups['horizon_all'][2] }}" | |
| ip: "{{ hostvars[groups['horizon_all'][2]]['ansible_ssh_host'] }}:{{horizon_ssl_default_port}}" | |
| params: [ 'check port {{horizon_ssl_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['horizon_all']|count}}", "fall {{groups['horizon_all']|count}}" ] | |
| repo_all: | |
| frontends: | |
| - name: repo_all-front | |
| binds: | |
| - ip: '*:{{repo_all_default_port}}' | |
| options: | |
| - 'httplog' | |
| - 'forwardfor except 127.0.0.0/8' | |
| - 'http-server-close' | |
| balance_type: 'http' | |
| default_backend: repo_all-back | |
| backends: | |
| - name: repo_all-back | |
| mode: http | |
| balance: leastconn | |
| servers: | |
| - name: "{{ groups['pkg_repo'][0] }}" | |
| ip: "{{ hostvars[groups['pkg_repo'][0]]['ansible_ssh_host'] }}:{{repo_all_default_port}}" | |
| params: [ 'check port {{repo_all_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['pkg_repo']|count}}", "fall {{groups['pkg_repo']|count}}" ] | |
| - name: "{{ groups['pkg_repo'][1] }}" | |
| ip: "{{ hostvars[groups['pkg_repo'][1]]['ansible_ssh_host'] }}:{{repo_all_default_port}}" | |
| params: [ 'check port {{repo_all_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['pkg_repo']|count}}", "fall {{groups['pkg_repo']|count}}" ] | |
| - name: "{{ groups['pkg_repo'][2] }}" | |
| ip: "{{ hostvars[groups['pkg_repo'][2]]['ansible_ssh_host'] }}:{{repo_all_default_port}}" | |
| params: [ 'check port {{repo_all_default_port}}', 'inter {{haproxy_default_interval}}', "rise {{groups['pkg_repo']|count}}", "fall {{groups['pkg_repo']|count}}" ] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment