Infrastructure/ansible
5
0
Fork 0
Code Issues Pull requests 3 Projects Releases Packages Wiki Activity Actions
ansible/roles/haproxy/templates/haproxy.cfg
Kevin Fenzi e3e2cb1d93 odcs: retire service ( infra 12192 ) 
Time to retire ODCS. ELN is moved off and that was the last thing using
it. Thanks for all the service ODCS!

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2024-09-24 18:21:51 +00:00

430 lines
14 KiB
INI
Raw Blame History

# this config needs haproxy-1.1.28 or haproxy-1.2.1
global
log 127.0.0.1 local0 warning
# Set this to 4096 + 16384
# 16384 for the fedmsg gateway and 4096 for everybody else.
maxconn 20480
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
stats socket /var/run/haproxy-stat user haproxy group nrpe mode 0664
stats socket /var/run/haproxy-admin level admin user root group root mode 0660
#debug
#quiet
defaults
log global
mode http
option httplog
option dontlognull
option httpclose
option redispatch
retries 3
maxconn 5000
timeout connect 5s
timeout client 500s
timeout server 500s
errorfile 503 /etc/haproxy/503.http
frontend stats-frontend
bind 0.0.0.0:8080
default_backend stats-backend
backend stats-backend
balance hdr(appserver)
stats enable
stats uri /
{% if env == "production" and 'iad2' in inventory_hostname %}
frontend ocp-masters-kapi
mode tcp
bind 0.0.0.0:6443
default_backend ocp-masters-backend-kapi
backend ocp-masters-backend-kapi
mode tcp
server ocp01.ocp.iad2.fedoraproject.org ocp01.ocp.iad2.fedoraproject.org:6443 weight 1 maxconn 16384 check
server ocp02.ocp.iad2.fedoraproject.org ocp02.ocp.iad2.fedoraproject.org:6443 weight 1 maxconn 16384 check
server ocp03.ocp.iad2.fedoraproject.org ocp03.ocp.iad2.fedoraproject.org:6443 weight 1 maxconn 16384 check
# temp bootstrap node
# server bootstrap.ocp.iad2.fedoraproject.org bootstrap.ocp.iad2.fedoraproject.org:6443 weight 1 maxconn 16384 check
frontend ocp-masters-machineconfig
mode tcp
bind 0.0.0.0:22623
default_backend ocp-masters-backend-machineconfig
backend ocp-masters-backend-machineconfig
mode tcp
server ocp01.ocp.iad2.fedoraproject.org ocp01.ocp.iad2.fedoraproject.org:22623 weight 1 maxconn 16384 check
server ocp02.ocp.iad2.fedoraproject.org ocp02.ocp.iad2.fedoraproject.org:22623 weight 1 maxconn 16384 check
server ocp03.ocp.iad2.fedoraproject.org ocp03.ocp.iad2.fedoraproject.org:22623 weight 1 maxconn 16384 check
# temp bootstrap node
# server bootstrap.ocp.iad2.fedoraproject.org bootstrap.ocp.iad2.fedoraproject.org:22623 weight 1 maxconn 16384 check
{% endif %}
{% if env != "production" and 'iad2' in inventory_hostname %}
frontend ocp-masters-kapi
mode tcp
bind 0.0.0.0:6443
default_backend ocp-masters-backend-kapi
backend ocp-masters-backend-kapi
mode tcp
server ocp01.ocp.stg.iad2.fedoraproject.org ocp01.ocp.stg.iad2.fedoraproject.org:6443 weight 1 maxconn 16384 check
server ocp02.ocp.stg.iad2.fedoraproject.org ocp02.ocp.stg.iad2.fedoraproject.org:6443 weight 1 maxconn 16384 check
server ocp03.ocp.stg.iad2.fedoraproject.org ocp03.ocp.stg.iad2.fedoraproject.org:6443 weight 1 maxconn 16384 check
# temp bootstrap node
# server bootstrap.ocp.stg.iad2.fedoraproject.org bootstrap.ocp.stg.iad2.fedoraproject.org:6443 weight 1 maxconn 16384 check
frontend ocp-masters-machineconfig
mode tcp
bind 0.0.0.0:22623
default_backend ocp-masters-backend-machineconfig
backend ocp-masters-backend-machineconfig
mode tcp
server ocp01.ocp.stg.iad2.fedoraproject.org ocp01.ocp.stg.iad2.fedoraproject.org:22623 weight 1 maxconn 16384 check
server ocp02.ocp.stg.iad2.fedoraproject.org ocp02.ocp.stg.iad2.fedoraproject.org:22623 weight 1 maxconn 16384 check
server ocp03.ocp.stg.iad2.fedoraproject.org ocp03.ocp.stg.iad2.fedoraproject.org:22623 weight 1 maxconn 16384 check
# temp bootstrap node
# server bootstrap.ocp.stg.iad2.fedoraproject.org bootstrap.ocp.stg.iad2.fedoraproject.org:22623 weight 1 maxconn 16384 check
{% endif %}
frontend fp-wiki-frontend
bind 0.0.0.0:10001
default_backend fp-wiki-backend
backend fp-wiki-backend
balance hdr(appserver)
server wiki01 wiki01:80 check inter 15s rise 2 fall 5
{% if env == "production" %}
server wiki02 wiki02:80 check inter 15s rise 2 fall 5
{% endif %}
option httpchk GET /wiki/Main_Page
frontend mirror-lists-frontend
bind 0.0.0.0:10002
default_backend mirror-lists-backend
backend mirror-lists-backend
balance hdr(appserver)
timeout connect 30s
server mirrorlist-local1 127.0.0.1:18081 check inter 1s rise 2 fall 3 weight 100
server mirrorlist-local2 127.0.0.1:18082 check inter 1s rise 2 fall 3 weight 100
option httpchk GET /metalink?repo=epel-9&arch=x86_64
option allbackups
frontend mirrormanager-frontend
bind 0.0.0.0:10008
default_backend mirrormanager-backend
backend mirrormanager-backend
balance hdr(appserver)
server mm-frontend01 mm-frontend01:80 check inter 60s rise 2 fall 3
option httpchk GET /mirrormanager/static/mirrormanager2.css
frontend freemedia-frontend
bind 0.0.0.0:10011
default_backend freemedia-backend
backend freemedia-backend
balance hdr(appserver)
server sundries01 sundries01:80 check inter 60s rise 2 fall 3
{% if env == "production" %}
server sundries02 sundries01:80 check inter 60s rise 2 fall 3
{% endif %}
option httpchk GET /freemedia/FreeMedia-form.html
#frontend packages-frontend
# bind 0.0.0.0:10016
# default_backend packages-backend
#
#backend packages-backend
# balance hdr(appserver)
# server packages03 packages03:80 check inter 5s rise 2 fall 3
#{% if env == "production" %}
# server packages04 packages04:80 check inter 5s rise 2 fall 3
#{% endif %}
# option httpchk GET /packages/_heartbeat
frontend blockerbugs-frontend
bind 0.0.0.0:10022
default_backend blockerbugs-backend
backend blockerbugs-backend
balance hdr(appserver)
server blockerbugs01 blockerbugs01:80 check inter 10s rise 1 fall 2
option httpchk GET /blockerbugs
# IMPORTANT: 10023-10026 will NOT work because of selinux policies
frontend geoip-city-frontend
bind 0.0.0.0:10029
default_backend geoip-city-backend
backend geoip-city-backend
balance hdr(appserver)
server sundries01 sundries01:80 check inter 30s rise 2 fall 3
{% if env == "production" %}
server sundries02 sundries02:80 check inter 30s rise 2 fall 3
{% endif %}
option httpchk GET /city?ip=18.0.0.1
# IMPORTANT: 10031 will NOT work because of selinux policies
frontend badges-frontend
bind 0.0.0.0:10032
default_backend badges-backend
backend badges-backend
balance hdr(appserver)
server badges-web01 badges-web01:80 check inter 10s rise 1 fall 2
option httpchk GET /heartbeat
frontend github2fedmsg-frontend
bind 0.0.0.0:10037
default_backend github2fedmsg-backend
backend github2fedmsg-backend
balance hdr(appserver)
server github2fedmsg01 github2fedmsg01:80 check inter 10s rise 1 fall 2
option httpchk GET /github2fedmsg/
frontend kerneltest-frontend
bind 0.0.0.0:10038
default_backend kerneltest-backend
backend kerneltest-backend
balance hdr(appserver)
server kerneltest01 kerneltest01:80 check inter 10s rise 1 fall 2
option httpchk GET /kerneltest
{% if env == "production" %}
frontend openqa-frontend
bind 0.0.0.0:10044
default_backend openqa-backend
backend openqa-backend
balance hdr(appserver)
server openqa01 openqa01:80 check inter 10s rise 1 fall 2
option httpchk GET /api/v1/job_groups/1
{% endif %}
option httpchk GET /rest_api/v1/
timeout server 3600000
timeout connect 3600000
frontend oci-registry-frontend
bind 0.0.0.0:10048
default_backend oci-registry-backend
backend oci-registry-backend
balance hdr(appserver)
server oci-registry01 oci-registry01:5000 check inter 10s rise 1 fall 2
{% if env == "production" %}
server oci-registry02 oci-registry02:5000 check inter 10s rise 1 fall 2
{% endif %}
{% if env == "staging" %}
frontend pps-frontend
bind 0.0.0.0:10051
default_backend pps-backend
backend pps-backend
balance hdr(appserver)
server mdapi01 mdapi01:80 check inter 10s rise 1 fall 2
option httpchk GET /pps
{% endif %}
frontend ipsilon-frontend
bind 0.0.0.0:10020
default_backend ipsilon-backend
backend ipsilon-backend
balance hdr(appserver)
server ipsilon01 ipsilon01:80 check inter 10s rise 1 fall 3
{% if env == "production" %}
server ipsilon02 ipsilon02:80 check inter 10s rise 1 fall 3
{% endif %}
option httpchk GET /
frontend ipa-frontend
bind 0.0.0.0:10053
default_backend ipa-backend
backend ipa-backend
balance hdr(appserver)
server ipa01 ipa01:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem
{% if env != "staging" %}
server ipa02 ipa02:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem backup
server ipa03 ipa03:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem backup
{% endif %}
option httpchk GET /ipa/ui/
frontend krb5-frontend
mode tcp
bind 0.0.0.0:1088
default_backend krb5-backend
backend krb5-backend
mode tcp
option tcplog
balance roundrobin
maxconn 16384
timeout queue 5000
timeout server 86400000
timeout connect 86400000
server ipa01 ipa01:88 weight 1 maxconn 16384
{% if env == "production" %}
server ipa02 ipa02:88 weight 1 maxconn 16384
server ipa03 ipa03:88 weight 1 maxconn 16384
{% endif %}
frontend oci-candidate-registry-frontend
bind 0.0.0.0:10054
default_backend oci-candidate-registry-backend
backend oci-candidate-registry-backend
balance hdr(appserver)
server oci-candidate-registry01 oci-candidate-registry01:5000 check inter 10s rise 1 fall 2
{% if 'iad2' in inventory_hostname %}
# Only enable this on iad2 proxies
frontend src-frontend
bind 0.0.0.0:10057
default_backend src-backend
backend src-backend
balance hdr(appserver)
{% if env == "staging" %}
server pkgs01 pkgs01:80 check inter 10s rise 1 fall 2
{% elif datacenter == 'iad2' %}
server pkgs01 pkgs01:80 check inter 10s rise 1 fall 2
{% endif %}
option httpchk GET /
{% endif %}
# This is an endpoint using only ipa01. This is used for API access, since sessions
# are not synchronized.
frontend ipa01-frontend
bind 0.0.0.0:10061
default_backend ipa01-backend
backend ipa01-backend
balance hdr(appserver)
server ipa01 ipa01:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem
option httpchk GET /ipa/ui/
{% if env == "production" and 'iad2' in inventory_hostname %}
frontend kojipkgs-frontend
bind 0.0.0.0:10062
default_backend kojipkgs-backend
backend kojipkgs-backend
balance uri
server kojipkgs01.{{ datacenter }}.fedoraproject.org kojipkgs01.{{ datacenter }}.fedoraproject.org:80 check inter 10s rise 1 fall 2
server kojipkgs02.{{ datacenter }}.fedoraproject.org kojipkgs02.{{ datacenter }}.fedoraproject.org:80 check inter 10s rise 1 fall 2
option httpchk GET /
{% endif %}
{% if datacenter == "iad2" %}
# These ports are for proxying rabbitmq (AMQP) protocol through.
# At this moment, internal- and public-rabbitmq both point to the exact same set of
# brokers on the backend, but the internal- is intended for applications we directly control.
# This allows us to move to a separate cluster for public access if that became necessary
# on just the infra side, with no need to ask users to change anything.
frontend internal-rabbitmq
mode tcp
bind 0.0.0.0:15671
default_backend rabbitmq
frontend public-rabbitmq
mode tcp
bind 0.0.0.0:5671
default_backend rabbitmq
backend rabbitmq
mode tcp
option tcplog
balance roundrobin
maxconn 16384
server rabbitmq01 rabbitmq01:5671 weight 1 maxconn 16384
server rabbitmq02 rabbitmq02:5671 weight 1 maxconn 16384
server rabbitmq03 rabbitmq03:5671 weight 1 maxconn 16384
{% endif %}
# Apache doesn't handle the initial connection here like the other proxy
# entries. This proxy also doesn't use the http mode like the others.
# stunnel should be sitting on port 9939 (public) and redirecting
# connections from there to here, port 9938. This then proxies to the
# fedmsg-hub's websocket server on busgateway01, port 9919.
frontend fedmsg-websockets-frontend
mode tcp
bind 0.0.0.0:9938
default_backend fedmsg-websockets-backend
backend fedmsg-websockets-backend
mode tcp
option tcplog
balance roundrobin
maxconn 16384
timeout queue 5000
timeout server 86400000
timeout connect 86400000
server busgateway01 busgateway01:9919 weight 1 maxconn 16384
# This, unlike the websockets entry just above, is listening directly to the
# outside world with no stunnel inbetween.
# Simply redirect tcp connections to a local fedmsg-gateway slave. It should be
# forwarding messages from the master gateway on busgateway01.
frontend fedmsg-raw-zmq-outbound-frontend
mode tcp
bind 0.0.0.0:9940
default_backend fedmsg-raw-zmq-outbound-backend
backend fedmsg-raw-zmq-outbound-backend
mode tcp
option tcplog
balance roundrobin
maxconn 16384
timeout queue 5000
timeout server 86400000
timeout connect 86400000
server localhost 127.0.0.1:9942 weight 1 maxconn 16384
# While the above fedmsg-raw-zmq-outbound forwards incoming connections to an
# instance of the "fedmsg-gateway" daemon (which pushes internal messages out),
# this entry forwards incoming connections to a secondary instance of the
# "fedmsg-relay" daemon (which pushes messages *onto* the internal bus). We
# have a primary instance of fedmsg-relay running on app01 for most internal
# use. Here we forward to a secondary one on busgateway01.
frontend fedmsg-raw-zmq-inbound-frontend
mode tcp
bind 0.0.0.0:9941
default_backend fedmsg-raw-zmq-inbound-backend
backend fedmsg-raw-zmq-inbound-backend
mode tcp
option tcplog
balance roundrobin
maxconn 16384
timeout queue 5000
timeout server 86400000
timeout connect 86400000
server busgateway01 busgateway01:9941 weight 1 maxconn 16384
{% if 'iad2' in inventory_hostname %}
frontend zabbix-frontend
bind 0.0.0.0:10068
default_backend zabbix-backend
backend zabbix-backend
balance hdr(appserver)
server zabbix01 zabbix01:80 check inter 10s rise 1 fall 2
{% endif %}
Reference in a new issue View git blame Copy permalink