Add support for extra VIPs with TLS enabled
The existing extra_lb_vip_addresses parameter will add extra haproxy VIPs without TLS. This patch adds a new extra_lb_tls_vip_addresses parameter for adding VIPs with TLS enabled. Change-Id: Ib6f38200775d31633d57a680fae475dbf7abc6c9
This commit is contained in:
parent
826741f1f1
commit
b7834dd051
|
@ -124,6 +124,9 @@ haproxy_maxconn: 4096
|
|||
# ssl_cachesize: 20000
|
||||
# ssl_lifetime: 300
|
||||
|
||||
# Add extra TLS VIPs to all servics
|
||||
extra_lb_tls_vip_addresses: []
|
||||
|
||||
# Make the log socket available to the chrooted filesystem
|
||||
haproxy_log_socket: "/dev/log"
|
||||
haproxy_log_mount_point: "/var/lib/haproxy/dev/log"
|
||||
|
|
|
@ -210,14 +210,13 @@ in the Ansible inventory by manually specifying their hostnames/IP Addresses:
|
|||
haproxy_port: 10001
|
||||
haproxy_balance_type: http
|
||||
|
||||
|
||||
Adding additional global VIP addresses
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
In some cases, you might need to add additional internal VIP addresses
|
||||
to the load balancer front end. You can use the HAProxy role to add
|
||||
additional VIPs to all front ends by setting them in the
|
||||
``extra_lb_vip_addresses`` variable.
|
||||
``extra_lb_vip_addresses`` or ``extra_lb_tls_vip_addresses`` variables.
|
||||
|
||||
The following example shows extra VIP addresses defined in the
|
||||
``user_variables.yml`` file:
|
||||
|
@ -228,6 +227,15 @@ The following example shows extra VIP addresses defined in the
|
|||
- 10.0.0.10
|
||||
- 192.168.0.10
|
||||
|
||||
The following example shows extra VIP addresses with TLS enabled
|
||||
defined in the ``user_variables.yml`` file:
|
||||
|
||||
.. code-block:: yaml
|
||||
|
||||
extra_lb_tls_vip_addresses:
|
||||
- 10.0.0.10
|
||||
- 192.168.0.10
|
||||
|
||||
Adding Access Control Lists to HAProxy front end
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
|
|
|
@ -23,6 +23,10 @@
|
|||
{% endfor %}
|
||||
{% endif -%}
|
||||
|
||||
{% for vip_address in extra_lb_tls_vip_addresses %}
|
||||
{% set _ = vip_binds.append(vip_address) %}
|
||||
{% endfor %}
|
||||
|
||||
{%- if item.service.haproxy_bind is defined %}
|
||||
{% set vip_binds = item.service.haproxy_bind %}
|
||||
{% endif -%}
|
||||
|
@ -39,7 +43,7 @@ bind {{ vip_bind }}:{{ item.service.haproxy_redirect_http_port }}
|
|||
{% endif %}
|
||||
|
||||
frontend {{ item.service.haproxy_service_name }}-front-{{ loop.index }}
|
||||
bind {{ vip_bind }}:{{ item.service.haproxy_port }} {% if (item.service.haproxy_ssl | default(false) | bool) and (loop.index == 1 or item.service.haproxy_ssl_all_vips | default(false) | bool) %}ssl crt {{ haproxy_ssl_pem }} ciphers {{ haproxy_ssl_cipher_suite }}{% endif %}
|
||||
bind {{ vip_bind }}:{{ item.service.haproxy_port }} {% if (item.service.haproxy_ssl | default(false) | bool) and (loop.index == 1 or vip_bind in extra_lb_tls_vip_addresses or item.service.haproxy_ssl_all_vips | default(false) | bool) %}ssl crt {{ haproxy_ssl_pem }} ciphers {{ haproxy_ssl_cipher_suite }}{% endif %}
|
||||
|
||||
{% if request_option == "http" %}
|
||||
option httplog
|
||||
|
|
Loading…
Reference in New Issue