diff --git a/files/communishift/haproxy.cfg b/files/communishift/haproxy.cfg new file mode 100644 index 0000000000..ef4078b69d --- /dev/null +++ b/files/communishift/haproxy.cfg @@ -0,0 +1,85 @@ +# this config needs haproxy-1.1.28 or haproxy-1.2.1 + +global + log 127.0.0.1 local0 warning + # Set this to 4096 + 16384 + # 16384 for the fedmsg gateway and 4096 for everybody else. + maxconn 20480 + chroot /var/lib/haproxy + user haproxy + group haproxy + daemon + stats socket /var/run/haproxy-stat user haproxy group nrpe mode 0664 + stats socket /var/run/haproxy-admin level admin user root group root mode 0660 + #debug + #quiet + +defaults + log global + mode http + option httplog + option dontlognull + option httpclose + option redispatch + retries 3 + maxconn 5000 + timeout connect 5s + timeout client 500s + timeout server 500s + errorfile 503 /etc/haproxy/503.http + +frontend os-masters-kapi + mode tcp + bind 38.145.48.40:6443 + default_backend os-masters-backend-kapi + +backend os-masters-backend-kapi + mode tcp + server os-node01 os-node01:6443 weight 1 maxconn 16384 + server os-node02 os-node02:6443 weight 1 maxconn 16384 + server os-node09 os-node09:6443 weight 1 maxconn 16384 +# temp bootstrap node + server os-node11 os-node11:6443 weight 1 maxconn 16384 + +frontend os-masters-machineconfig + mode tcp + bind 38.145.48.40:22623 + default_backend os-masters-backend-machineconfig + +backend os-masters-backend-machineconfig + mode tcp + server os-node01 os-node01:22623 weight 1 maxconn 16384 + server os-node02 os-node02:22623 weight 1 maxconn 16384 + server os-node09 os-node09:22623 weight 1 maxconn 16384 +# temp bootstrap node + server os-node11 os-node11:22623 weight 1 maxconn 16384 + +frontend os-routers-https + mode tcp + bind 38.145.48.41:443 + default_backend os-routers-https + +backend os-routers-https + server os-node03 os-node03:443 weight 1 maxconn 16384 + server os-node04 os-node04:443 weight 1 maxconn 16384 + server os-node05 os-node05:443 weight 1 maxconn 16384 + server os-node06 os-node06:443 weight 1 maxconn 16384 + server os-node07 os-node07:443 weight 1 maxconn 16384 + server os-node08 os-node08:443 weight 1 maxconn 16384 + server os-node10 os-node10:443 weight 1 maxconn 16384 + server os-node10 os-node11:443 weight 1 maxconn 16384 + +frontend os-routers-http + mode tcp + bind 38.145.48.41:80 + default_backend os-routers-http + +backend os-routers-http + server os-node03 os-node03:80 weight 1 maxconn 16384 + server os-node04 os-node04:80 weight 1 maxconn 16384 + server os-node05 os-node05:80 weight 1 maxconn 16384 + server os-node06 os-node06:80 weight 1 maxconn 16384 + server os-node07 os-node07:80 weight 1 maxconn 16384 + server os-node08 os-node08:80 weight 1 maxconn 16384 + server os-node10 os-node10:80 weight 1 maxconn 16384 + server os-node10 os-node11:80 weight 1 maxconn 16384 diff --git a/inventory/group_vars/os-proxies b/inventory/group_vars/os-proxies index 2ea0c2f46a..56ba6d05cf 100644 --- a/inventory/group_vars/os-proxies +++ b/inventory/group_vars/os-proxies @@ -3,3 +3,15 @@ datacenter: cloud lvm_size: 20000 mem_size: 8192 num_cpus: 4 + +tcp_ports: [ + # For os routers + 80, + 443, + # For ks8 api + 6443, + # For machinectl api + 22623, + # 9941 is closed generally, is for the inbound fedmsg and is covered in + # custom_rules + ] diff --git a/playbooks/groups/os-proxies.yml b/playbooks/groups/os-proxies.yml index 57d3037315..cb225120ae 100644 --- a/playbooks/groups/os-proxies.yml +++ b/playbooks/groups/os-proxies.yml @@ -27,3 +27,16 @@ tasks: - import_tasks: "{{ tasks_path }}/2fa_client.yml" - import_tasks: "{{ tasks_path }}/motd.yml" + + - name: install haproxy + package: name=haproxy state=present + + - name: install haproxy config + copy: src="{{ files }}/communishift/haproxy.cfg" dest=/etc/haproxy/haproxy.cfg + + - name: Turn on certain selinux booleans so haproxy can bind to ports + seboolean: name=haproxy_connect_any state=true persistent=true + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" +