Infrastructure/ansible
5
0
Fork 0
Code Issues Pull requests 3 Projects Releases Packages Wiki Activity Actions

Start working on the haproxy role

Browse source
This commit is contained in:
Pierre-Yves Chibon 2014-12-07 23:35:44 +00:00
parent a4c0eb93be
commit 7adeb26a4d
5 changed files with 628 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

80
roles/haproxy/files/503.http Normal file
View file

@ -0,0 +1,80 @@
HTTP/1.1 503 Service Temporarily Unavailable
Content-Length: 3476
Connection: close
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<link rel="stylesheet" type="text/css" media="all" href="//fedoraproject.org/static/css/fedora.css">
<link rel="stylesheet" type="text/css" media="print" href="//fedoraproject.org/static/css/print.css">
<link rel="shortcut icon" href="//fedoraproject.org/static/images/favicon.ico" type="image/vnd.microsoft.icon">
<!--[if lt IE 7]>
<style type="text/css">
#wrapper
{
height: 100%;
overflow: visible!important;
}
.download-sidebar a {
background-image: none!important;
}
</style>
<![endif]-->
<title>Fedora Project</title>
</head>
<body class="503">
<div id="wrapper">
<div id="head">
<h1><a href="/en/index">Fedora</a></h1>
</div>
<div id="sidebar">
<div id="nav">
<h2>Navigation</h2>
<ul>
<li id="nav-home"><a href="//fedoraproject.org/index">Home</a></li>
<li id="nav-get"><a href="//fedoraproject.org/get-fedora">Get Fedora</a></li>
<li id="nav-join"><a href="//fedoraproject.org/join-fedora">Join Fedora</a></li>
<li id="nav-help"><a href="//fedoraproject.org/get-help">Get Help</a></li>
</ul>
<h2>Tools</h2>
<ul>
<li><a href="//docs.fedoraproject.org/">Docs</a> Fedora documentation.</li>
<li><a href="//fedoraproject.org/wiki/">Wiki</a> Collaborative knowledge.</li>
<li><a href="//planet.fedoraproject.org/">Planet</a> The voices of the Fedora community.</li>
<li><a href="//fedoraproject.org/wiki/Communicate">Communicate</a> Speak with Fedora.</li>
<li><a href="//fedoraproject.org/wiki/FedoraEvents">Events</a> Meet the Fedora community.</li>
</ul>
</div>
</div>
<div id="content">
<h2>Sorry! This service is currently unavailable.</h2>
<p>The service that you are trying to access is currently unavailable. Please try refreshing this page in a couple of minutes. If you still see this message, then please follow the steps below:</p>
<ol>
<li>Check on <a href="http://status.fedoraproject.org/">the status page</a> if there are any known outages for our services.</li>
<li>Check the <a href="https://fedorahosted.org/fedora-infrastructure/">fedora-infrastructure trac instance</a> for an outage notification.</li>
<li>Ask around in #fedora-admin on irc.freenode.net.</li>
<li>If it is accessible, check the <a href="//fedoraproject.org/wiki/Infrastructure/SOP/Outage">Outage SOP</a> for more information.</li>
</ol>
</div>
</div>
<div id="bottom">
<div id="footer">
<p class="copy">
&copy; 2010 Red Hat, Inc. and others. For comments or queries, please <a href="/en/contact">contact us</a>.
</p>
<p class="disclaimer">
The Fedora Project is maintained and driven by the community and sponsored by Red Hat. This is a community maintained site. Red Hat is not responsible for content.
</p>
<ul>
<li class="first"><a href="//fedoraproject.org/sponsors">Sponsors</a></li>
<li><a href="//fedoraproject.org/wiki/Legal">Legal</a></li>
<li><a href="//fedoraproject.org/wiki/Legal/TrademarkGuidelines">Trademark Guidelines</a></li>
</ul>
</div>
</div>
</body>
</html>

229
roles/haproxy/files/haproxy.cfg Normal file
View file

@ -0,0 +1,229 @@
# this config needs haproxy-1.1.28 or haproxy-1.2.1
global
log 127.0.0.1 local0 warning
# Set this to 4096 + 16384
# 16384 for the fedmsg gateway and 4096 for everybody else.
maxconn 20480
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
stats socket /var/run/haproxy-stat user haproxy group nrpe mode 0664
#debug
#quiet
defaults
log global
mode http
option httplog
option dontlognull
option httpclose
option redispatch
retries 3
maxconn 2000
timeout connect 5s
timeout client 500s
timeout server 500s
errorfile 503 /etc/haproxy/503.http
listen stats 0.0.0.0:8080
mode http
balance hdr(appserver)
stats enable
stats uri /
listen fp-wiki 0.0.0.0:10001
balance hdr(appserver)
server wiki01 wiki01:80 check inter 15s rise 2 fall 5
server wiki02 wiki02:80 check inter 15s rise 2 fall 5
option httpchk GET /wiki/Main_Page
listen mirror-lists 0.0.0.0:10002
balance hdr(appserver)
timeout connect 30s
server mirrorlist-osuosl mirrorlist-osuosl:80 check inter 5s rise 2 fall 3
server mirrorlist-ibiblio mirrorlist-ibiblio:80 check inter 5s rise 2 fall 3
server mirrorlist-phx2 mirrorlist-phx2:80 check inter 5s rise 2 fall 3
server mirrorlist-host1plus mirrorlist-host1plus:80 check inter 5s rise 2 fall 3
option httpchk GET /mirrorlist
option allbackups
listen pkgdb 0.0.0.0:10003
balance hdr(appserver)
server pkgdb01 pkgdb01:80 check inter 10s rise 2 fall 3
server pkgdb02 pkgdb02:80 check inter 10s rise 2 fall 3
option httpchk GET /pkgdb/collections/
listen fas 0.0.0.0:10004
# These values are set extremely low so any issues are recovered from very
# quickly. Setting these higher will cause odd behavior in apps that
# depend on fas (like pkgdb, bodhi, etc)
balance hdr(appserver)
server fas01 fas01:80 check inter 5s rise 1 fall 2
server fas02 fas02:80 check inter 5s rise 1 fall 2
server fas03 fas03:80 check inter 5s rise 1 fall 2
option httpchk GET /accounts/
listen voting 0.0.0.0:10007
balance hdr(appserver)
server elections01 elections01:80 check inter 10s rise 2 fall 4
server elections02 elections02:80 check inter 10s rise 2 fall 4
option httpchk GET /voting/
listen mirrormanager 0.0.0.0:10008
balance hdr(appserver)
server sundries01 sundries01:80 check inter 60s rise 2 fall 3
server sundries02 sundries02:80 check inter 60s rise 2 fall 3
option httpchk GET /mirrormanager/rsync_acl
listen bodhi 0.0.0.0:10009
balance hdr(appserver)
server bodhi01 bodhi01:80 check inter 20s rise 2 fall 3
server bodhi02 bodhi02:80 check inter 20s rise 2 fall 3
option httpchk GET /updates/nagios
listen freemedia 0.0.0.0:10011
balance hdr(appserver)
server sundries01 sundries01:80 check inter 60s rise 2 fall 3
server sundries02 sundries01:80 check inter 60s rise 2 fall 3
option httpchk GET /freemedia/FreeMedia-form.html
listen packages 0.0.0.0:10016
balance hdr(appserver)
server packages03 packages03:80 check inter 5s rise 2 fall 3
server packages04 packages04:80 check inter 5s rise 2 fall 3
option httpchk GET /packages/_heartbeat
listen tagger 0.0.0.0:10017
balance hdr(appserver)
server tagger01 tagger01:80 check inter 60s rise 2 fall 3
server tagger02 tagger02:80 check inter 60s rise 2 fall 3
option httpchk GET /tagger/_heartbeat
listen totpcgiprovision 0.0.0.0:10019
balance hdr(appserver)
http-check expect status 401
server fas01 fas01:8444 check inter 5s rise 1 fall 2
server fas02 fas02:8444 check inter 5s rise 1 fall 2
server fas03 fas03:8444 check inter 5s rise 1 fall 2
option httpchk GET /index.cgi
listen fedoauth 0.0.0.0:10020
balance hdr(appserver)
server fedoauth01 fedoauth01:80 check inter 10s rise 1 fall 2
server fedoauth02 fedoauth02:80 check inter 10s rise 1 fall 2
option httpchk GET /
listen askbot 0.0.0.0:10021
balance hdr(appserver)
server ask01 ask01:80 check inter 10s rise 1 fall 2
server ask02 ask02:80 check inter 10s rise 1 fall 2
option httpchk GET /questions/
listen blockerbugs 0.0.0.0:10022
balance hdr(appserver)
server blockerbugs01 blockerbugs01:80 check inter 10s rise 1 fall 2
server blockerbugs02 blockerbugs02:80 check inter 10s rise 1 fall 2
option httpchk GET /blockerbugs
listen fedocal 0.0.0.0:10023
balance hdr(appserver)
server fedocal01 fedocal01:80 check inter 10s rise 1 fall 2
server fedocal02 fedocal02:80 check inter 10s rise 1 fall 2
option httpchk GET /calendar
# IMPORTANT: 10023-10026 will NOT work because of selinux policies
listen paste 0.0.0.0:10027
balance hdr(appserver)
server paste01 paste01:80 check inter 10s rise 1 fall 2
server paste02 paste02:80 check inter 10s rise 1 fall 2
option httpchk GET /
listen datagrepper 0.0.0.0:10028
balance hdr(appserver)
server datagrepper01 datagrepper01:80 check inter 10s rise 1 fall 2
server datagrepper02 datagrepper02:80 check inter 10s rise 1 fall 2
option httpchk GET /datagrepper/reference/
listen geoip-city 0.0.0.0:10029
balance hdr(appserver)
server sundries01 sundries01:80 check inter 30s rise 2 fall 3
server sundries02 sundries02:80 check inter 30s rise 2 fall 3
option httpchk GET /city?ip=18.0.0.1
# IMPORTANT: 10031 will NOT work because of selinux policies
listen badges 0.0.0.0:10032
balance hdr(appserver)
server badges-web01 badges-web01:80 check inter 10s rise 1 fall 2
server badges-web02 badges-web02:80 check inter 10s rise 1 fall 2
option httpchk GET /heartbeat
# 10033 is list
# 10034 is gallery
listen nuancier 0.0.0.0:10035
balance hdr(appserver)
server nuancier01 nuancier01:80 check inter 10s rise 1 fall 2
server nuancier02 nuancier02:80 check inter 10s rise 1 fall 2
option httpchk GET /nuancier/
listen notifs-web 0.0.0.0:10036
balance hdr(appserver)
server notifs-web01 notifs-web01:80 check inter 10s rise 1 fall 2
server notifs-web02 notifs-web02:80 check inter 10s rise 1 fall 2
option httpchk GET /notifications/_heartbeat
listen github2fedmsg 0.0.0.0:10037
balance hdr(appserver)
server github2fedmsg01 github2fedmsg01:80 check inter 10s rise 1 fall 2
option httpchk GET /github2fedmsg/
listen kerneltest 0.0.0.0:10038
balance hdr(appserver)
server kerneltest01 kerneltest01:80 check inter 10s rise 1 fall 2
option httpchk GET /kerneltest
# Apache doesn't handle the initial connection here like the other proxy
# entries. This proxy also doesn't use the http mode like the others.
# stunnel should be sitting on port 9939 (public) and redirecting
# connections from there to here, port 9938. This then proxies to the
# fedmsg-hub's websocket server on busgateway01, port 9919.
listen fedmsg-websockets 0.0.0.0:9938
mode tcp
balance roundrobin
maxconn 16384
timeout queue 5000
timeout server 86400000
timeout connect 86400000
server busgateway01 busgateway01:9919 weight 1 maxconn 16384
# This, unlike the websockets entry just above, is listening directly to the
# outside world with no stunnel inbetween.
# Simply redirect tcp connections to a local fedmsg-gateway slave. It should be
# forwarding messages from the master gateway on busgateway01.
listen fedmsg-raw-zmq-outbound 0.0.0.0:9940
mode tcp
balance roundrobin
maxconn 16384
timeout queue 5000
timeout server 86400000
timeout connect 86400000
server localhost localhost:9942 weight 1 maxconn 16384
# While the above fedmsg-raw-zmq-outbound forwards incoming connections to an
# instance of the "fedmsg-gateway" daemon (which pushes internal messages out),
# this entry forwards incoming connections to a secondary instance of the
# "fedmsg-relay" daemon (which pushes messages *onto* the internal bus). We
# have a primary instance of fedmsg-relay running on app01 for most internal
# use. Here we forward to a secondary one on busgateway01.
listen fedmsg-raw-zmq-inbound 0.0.0.0:9941
mode tcp
balance roundrobin
maxconn 16384
timeout queue 5000
timeout server 86400000
timeout connect 86400000
server busgateway01 busgateway01:9941 weight 1 maxconn 16384

233
roles/haproxy/files/haproxy.cfg.stg Normal file
View file

@ -0,0 +1,233 @@
# this config needs haproxy-1.1.28 or haproxy-1.2.1
global
log 127.0.0.1 local0 warning
# Set this to 4096 + 16384
# 16384 for the fedmsg gateway and 4096 for everybody else.
maxconn 20480
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
stats socket /var/run/haproxy-stat user haproxy group nrpe mode 0664
#debug
#quiet
defaults
log global
mode http
option httplog
option dontlognull
option httpclose
option redispatch
retries 3
maxconn 2000
timeout connect 5s
timeout client 500s
timeout server 500s
errorfile 503 /etc/haproxy/503.http
listen stats 0.0.0.0:8080
mode http
balance hdr(appserver)
stats enable
stats uri /
listen fp-wiki 0.0.0.0:10001
balance hdr(appserver)
server wiki01 wiki01:80 check inter 15s rise 2 fall 5
option httpchk GET /wiki/Main_Page
listen mirror-lists 0.0.0.0:10002
balance hdr(appserver)
timeout connect 30s
server app1 app1:80 check inter 5s rise 2 fall 3
server app2 app2:80 check inter 5s rise 2 fall 3
server app3 app3:80 check inter 5s rise 2 fall 3
server app4 app4:80 check inter 5s rise 2 fall 3
server app05 app05:80 backup check inter 10s rise 2 fall 3
# server bapp1 bapp1:80 backup check inter 5s rise 2 fall 3
option httpchk GET /mirrorlist
option allbackups
listen pkgdb 0.0.0.0:10003
balance hdr(appserver)
server pkgdb01 pkgdb01:80 check inter 10s rise 2 fall 3
# server app2 app2:80 check inter 10s rise 2 fall 3
# server app3 app3:80 check inter 10s rise 2 fall 3
# server app4 app4:80 check inter 10s rise 2 fall 3
# server app05 app05:80 backup check inter 15s rise 2 fall 3
# server bapp1 bapp1:80 backup check inter 10s rise 2 fall 3
option httpchk GET /pkgdb/collections/
listen fas 0.0.0.0:10004
# These values are set extremely low so any issues are recovered from very
# quickly. Setting these higher will cause odd behavior in apps that
# depend on fas (like pkgdb, bodhi, etc)
balance hdr(appserver)
server fas01 fas01:80 check inter 5s rise 1 fall 2
option httpchk GET /accounts/
listen voting 0.0.0.0:10007
balance hdr(appserver)
server elections01 elections01:80 check inter 10s rise 2 fall 4
option httpchk GET /voting/
listen mirrormanager 0.0.0.0:10008
balance hdr(appserver)
server sundries01 sundries01:80 check inter 60s rise 2 fall 3
option httpchk GET /mirrormanager/rsync_acl
listen bodhi 0.0.0.0:10009
balance hdr(appserver)
server bodhi01 bodhi01:80 check inter 20s rise 2 fall 3
option httpchk GET /updates/nagios
listen freemedia 0.0.0.0:10011
balance hdr(appserver)
server sundries01 sundries01:80 check inter 60s rise 2 fall 3
option httpchk GET /freemedia/FreeMedia-form.html
listen packages 0.0.0.0:10016
balance hdr(appserver)
server packages03 packages03:80 check inter 5s rise 2 fall 3
option httpchk GET /packages/_heartbeat
listen tagger 0.0.0.0:10017
balance hdr(appserver)
server tagger01 tagger01:80 check inter 60s rise 2 fall 3
option httpchk GET /tagger/_heartbeat
listen totpcgiprovision 0.0.0.0:10019
balance hdr(appserver)
http-check expect status 401
server fas01 fas01:8444 check inter 5s rise 1 fall 2
option httpchk GET /index.cgi
listen fedoauth 0.0.0.0:10020
balance hdr(appserver)
server fedoauth01.stg fedoauth01.stg:80 check inter 10s rise 1 fall 2
option httpchk GET /static/fedora/fedora-authn-logo-white.png
listen askbot 0.0.0.0:10021
balance hdr(appserver)
server ask01 ask01:80 check inter 10s rise 1 fall 2
option httpchk GET /questions/
listen blockerbugs 0.0.0.0:10022
balance hdr(appserver)
server blockerbugs01 blockerbugs01:80 check inter 10s rise 1 fall 2
option httpchk GET /blockerbugs
listen fedocal 0.0.0.0:10023
balance hdr(appserver)
server fedocal01 fedocal01:80 check inter 10s rise 1 fall 2
option httpchk GET /calendar
listen geoip-city 0.0.0.0:10029
balance hdr(appserver)
server sundries01 sundries01:80 check inter 30s rise 2 fall 3
option httpchk GET /city?ip=18.0.0.1
# IMPORTANT: 10023-10026 will NOT work because of selinux policies
listen paste 0.0.0.0:10027
balance hdr(appserver)
server paste01 paste01:80 check inter 10s rise 1 fall 2
option httpchk GET /
listen datagrepper 0.0.0.0:10028
balance hdr(appserver)
server datagrepper01 datagrepper01:80 check inter 10s rise 1 fall 2
option httpchk GET /datagrepper
# IMPORTANT: 10031 will NOT work because of selinux policies
listen badges 0.0.0.0:10032
balance hdr(appserver)
server badges-web01 badges-web01:80 check inter 10s rise 1 fall 2
option httpchk GET /heartbeat
listen lists 0.0.0.0:10033
balance hdr(appserver)
server mailman01 mailman01:80 check inter 10s rise 1 fall 2
option httpchk GET /
listen gallery 0.0.0.0:10034
balance hdr(appserver)
server gallery01 gallery01:80 check inter 10s rise 1 fall 2
option httpchk GET /
listen nuancier 0.0.0.0:10035
balance hdr(appserver)
server nuancier01 nuancier01:80 check inter 10s rise 1 fall 2
server nuancier02 nuancier02:80 check inter 10s rise 1 fall 2
option httpchk GET /nuancier/
listen notifs-web 0.0.0.0:10036
balance hdr(appserver)
server notifs-web01 notifs-web01:80 check inter 10s rise 1 fall 2
server notifs-web02 notifs-web02:80 check inter 10s rise 1 fall 2
option httpchk GET /notifications/_heartbeat
listen github2fedmsg 0.0.0.0:10037
balance hdr(appserver)
server github2fedmsg01 github2fedmsg01:80 check inter 10s rise 1 fall 2
option httpchk GET /github2fedmsg/
listen kerneltest 0.0.0.0:10038
balance hdr(appserver)
server kerneltest01 kerneltest01:80 check inter 10s rise 1 fall 2
option httpchk GET /kerneltest
# Apache doesn't handle the initial connection here like the other proxy
# entries. This proxy also doesn't use the http mode like the others.
# stunnel should be sitting on port 9939 (public) and redirecting
# connections from there to here, port 9938. This then proxies to the
# fedmsg-hub's websocket server on busgateway01, port 9919.
listen fedmsg-websockets 0.0.0.0:9938
mode tcp
balance roundrobin
maxconn 16384
timeout queue 5000
timeout server 86400000
timeout connect 86400000
server busgateway01 busgateway01:9919 weight 1 maxconn 16384
# This, unlike the websockets entry just above, is listening directly to the
# outside world with no stunnel inbetween.
# Simply redirect tcp connections to a local fedmsg-gateway slave. It should be
# forwarding messages from the master gateway on busgateway01.
listen fedmsg-raw-zmq-outbound 0.0.0.0:9940
mode tcp
balance roundrobin
maxconn 16384
timeout queue 5000
timeout server 86400000
timeout connect 86400000
server localhost localhost:9942 weight 1 maxconn 16384
# While the above fedmsg-raw-zmq-outbound forwards incoming connections to an
# instance of the "fedmsg-gateway" daemon (which pushes internal messages out),
# this entry forwards incoming connections to a secondary instance of the
# "fedmsg-relay" daemon (which pushes messages *onto* the internal bus). We
# have a primary instance of fedmsg-relay running on app01 for most internal
# use. Here we forward to a secondary one on busgateway01.
listen fedmsg-raw-zmq-inbound 0.0.0.0:9941
mode tcp
balance roundrobin
maxconn 16384
timeout queue 5000
timeout server 86400000
timeout connect 86400000
server busgateway01 busgateway01:9941 weight 1 maxconn 16384
#listen membership-map 0.0.0.0:10001
# balance hdr(appserver)
# server app1 app1:80 check inter 5s rise 2 fall 3
# server app2 app2:80 check inter 5s rise 2 fall 3
# server app3 app3:80 check inter 5s rise 2 fall 3
# server app4 app4:80 check inter 5s rise 2 fall 3
# server app05 app05:80 backup check inter 5s rise 2 fall 3
# server bapp1 bapp1:80 backup check inter 5s rise 2 fall 3
# option httpchk GET /membership-map

53
roles/haproxy/files/limits.conf Normal file
View file

@ -0,0 +1,53 @@
# /etc/security/limits.conf
#
#Each line describes a limit for a user in the form:
#
#<domain> <type> <item> <value>
#
#Where:
#<domain> can be:
# - an user name
# - a group name, with @group syntax
# - the wildcard *, for default entry
# - the wildcard %, can be also used with %group syntax,
# for maxlogin limit
#
#<type> can have the two values:
# - "soft" for enforcing the soft limits
# - "hard" for enforcing hard limits
#
#<item> can be one of the following:
# - core - limits the core file size (KB)
# - data - max data size (KB)
# - fsize - maximum filesize (KB)
# - memlock - max locked-in-memory address space (KB)
# - nofile - max number of open files
# - rss - max resident set size (KB)
# - stack - max stack size (KB)
# - cpu - max CPU time (MIN)
# - nproc - max number of processes
# - as - address space limit (KB)
# - maxlogins - max number of logins for this user
# - maxsyslogins - max number of logins on the system
# - priority - the priority to run user process with
# - locks - max number of file locks the user can hold
# - sigpending - max number of pending signals
# - msgqueue - max memory used by POSIX message queues (bytes)
# - nice - max nice priority allowed to raise to values: [-20, 19]
# - rtprio - max realtime priority
#
#<domain> <type> <item> <value>
#
#* soft core 0
#* hard rss 10000
#@student hard nproc 20
#@faculty soft nproc 20
#@faculty hard nproc 50
#ftp hard nproc 0
#@student - maxlogins 4
@haproxy hard nofile 170000
@haproxy soft nofile 160000
# End of file

33
roles/haproxy/tasks/main.yml Normal file
View file

@ -0,0 +1,33 @@
---
# Tasks to set up haproxy
- name: install needed packages
yum: pkg={{ item }} state=installed
with_items:
- haproxy
tags:
- packages
- name: install haproxy/cfg in prod
copy: src={{ item.file }}
dest={{ item.dest }}
owner=root group=root mode=0600
with_items:
- { file: haproxy.cfg, dest: /etc/haproxy/haproxy.cfg }
when: env != staging
- name: install haproxy.cfg in stg
copy: src={{ item.file }}
dest={{ item.dest }}
owner=root group=root mode=0600
with_items:
- { file: haproxy.cfg.stg, dest: /etc/haproxy/haproxy.cfg }
when: env == staging
- name: install limits.conf and 503.http
copy: src={{ item.file }}
dest={{ item.dest }}
owner=root group=root mode=0600
with_items:
- { file: limits.conf, dest: /etc/security/limits.conf }
- { file: 503.http, dest: /etc/haproxy/503.http }