communishift: Setup simple haproxy config and add firewall rules

Note that we don't use the haproxy rule because it's very proxy specific. Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2019-05-11 20:13:36 +00:00 · 2019-05-11 20:13:36 +00:00 · 261648a5c4
commit 261648a5c4
parent 077960163e
3 changed files with 110 additions and 0 deletions
--- a/files/communishift/haproxy.cfg
+++ b/files/communishift/haproxy.cfg
@ -0,0 +1,85 @@
+# this config needs haproxy-1.1.28 or haproxy-1.2.1
+
+global
+    log 127.0.0.1   local0 warning
+    # Set this to 4096 + 16384
+    # 16384 for the fedmsg gateway and 4096 for everybody else.
+    maxconn 20480
+    chroot /var/lib/haproxy
+    user haproxy
+    group haproxy
+    daemon
+    stats socket /var/run/haproxy-stat user haproxy group nrpe mode 0664
+    stats socket /var/run/haproxy-admin level admin user root group root mode 0660
+    #debug
+    #quiet
+
+defaults
+    log     global
+    mode    http
+    option  httplog
+    option  dontlognull
+    option  httpclose
+    option  redispatch
+    retries 3
+    maxconn 5000
+    timeout connect 5s
+    timeout client 500s
+    timeout server 500s
+    errorfile 503 /etc/haproxy/503.http
+
+frontend os-masters-kapi
+    mode tcp
+    bind 38.145.48.40:6443
+    default_backend os-masters-backend-kapi
+
+backend os-masters-backend-kapi
+    mode tcp
+    server  os-node01 os-node01:6443 weight 1 maxconn 16384
+    server  os-node02 os-node02:6443 weight 1 maxconn 16384
+    server  os-node09 os-node09:6443 weight 1 maxconn 16384
+# temp bootstrap node
+    server  os-node11 os-node11:6443 weight 1 maxconn 16384
+
+frontend os-masters-machineconfig
+    mode tcp
+    bind 38.145.48.40:22623
+    default_backend os-masters-backend-machineconfig
+
+backend os-masters-backend-machineconfig
+    mode tcp
+    server  os-node01 os-node01:22623 weight 1 maxconn 16384
+    server  os-node02 os-node02:22623 weight 1 maxconn 16384
+    server  os-node09 os-node09:22623 weight 1 maxconn 16384
+# temp bootstrap node
+    server  os-node11 os-node11:22623 weight 1 maxconn 16384
+
+frontend os-routers-https
+    mode tcp
+    bind 38.145.48.41:443
+    default_backend os-routers-https
+
+backend os-routers-https
+    server  os-node03 os-node03:443 weight 1 maxconn 16384
+    server  os-node04 os-node04:443 weight 1 maxconn 16384
+    server  os-node05 os-node05:443 weight 1 maxconn 16384
+    server  os-node06 os-node06:443 weight 1 maxconn 16384
+    server  os-node07 os-node07:443 weight 1 maxconn 16384
+    server  os-node08 os-node08:443 weight 1 maxconn 16384
+    server  os-node10 os-node10:443 weight 1 maxconn 16384
+    server  os-node10 os-node11:443 weight 1 maxconn 16384
+
+frontend os-routers-http
+    mode tcp
+    bind 38.145.48.41:80
+    default_backend os-routers-http
+
+backend os-routers-http
+    server  os-node03 os-node03:80 weight 1 maxconn 16384
+    server  os-node04 os-node04:80 weight 1 maxconn 16384
+    server  os-node05 os-node05:80 weight 1 maxconn 16384
+    server  os-node06 os-node06:80 weight 1 maxconn 16384
+    server  os-node07 os-node07:80 weight 1 maxconn 16384
+    server  os-node08 os-node08:80 weight 1 maxconn 16384
+    server  os-node10 os-node10:80 weight 1 maxconn 16384
+    server  os-node10 os-node11:80 weight 1 maxconn 16384