From f16da6b9387899b0a5d79aaaf7cce21c5fd5a802 Mon Sep 17 00:00:00 2001 From: Guillaume Thouvenin Date: Tue, 8 Mar 2016 15:29:23 +0100 Subject: [PATCH] Remove dependency on cluster-haproxy.pp from osnailyfacter This patch adds a new manifest to replace the one that is used from osnailyfacter. We cannot use the manifest provided by fuel-library because it has been rewritten and it is not compatible with our deployment because it requires specific VIP that are tied to the management and public VIP addresses of the controllers. Partial-Bug: #1554521 Change-Id: I2e70a19bc1699c61c9fa130e2f4a852e545b1060 --- .../puppet/manifests/cluster-haproxy.pp | 162 ++++++++++++++++++ deployment_tasks.yaml | 15 +- 2 files changed, 174 insertions(+), 3 deletions(-) create mode 100644 deployment_scripts/puppet/manifests/cluster-haproxy.pp diff --git a/deployment_scripts/puppet/manifests/cluster-haproxy.pp b/deployment_scripts/puppet/manifests/cluster-haproxy.pp new file mode 100644 index 0000000..81fb88d --- /dev/null +++ b/deployment_scripts/puppet/manifests/cluster-haproxy.pp @@ -0,0 +1,162 @@ +$fuel_version = 0 + hiera('fuel_version') + +$network_scheme = hiera_hash('network_scheme', {}) +$haproxy_hash = hiera_hash('haproxy', {}) + +$haproxy_maxconn = '16000' +$haproxy_bufsize = '32768' +$other_networks = direct_networks($network_scheme['endpoints']) +$haproxy_maxrewrite = '1024' +$haproxy_log_file = '/var/log/haproxy.log' +$haproxy_ssl_default_dh_param = '2048' +$primary_controller = false +$debug = false +$spread_checks = '3' + +#FIXME(mattymo): Replace with only VIPs for roles assigned to this node +include ::concat::setup +include ::haproxy::params +include ::rsyslog::params + +package { 'haproxy': + name => $::haproxy::params::package_name, +} + +#NOTE(bogdando) we want defaults w/o chroot +# and this override looks the only possible if +# upstream manifests must be kept intact +$global_options = { + 'log' => '/dev/log local0', + 'pidfile' => '/var/run/haproxy.pid', + 'maxconn' => $haproxy_maxconn, + 'user' => 'haproxy', + 'group' => 'haproxy', + 'daemon' => '', + 'stats' => 'socket /var/lib/haproxy/stats', + 'spread-checks' => $spread_checks, + 'tune.bufsize' => $haproxy_bufsize, + 'tune.maxrewrite' => $haproxy_maxrewrite, + 'tune.ssl.default-dh-param' => $haproxy_ssl_default_dh_param, +} + +$defaults_options = { + 'log' => 'global', + 'maxconn' => '8000', + 'mode' => 'http', + 'retries' => '3', + 'option' => [ + 'redispatch', + 'http-server-close', + 'splice-auto', + 'dontlognull', + ], + 'timeout' => [ + 'http-request 20s', + 'queue 1m', + 'connect 10s', + 'client 1m', + 'server 1m', + 'check 10s', + ], +} + +$service_name = 'p_haproxy' + +class { 'haproxy::base': + global_options => $global_options, + defaults_options => $defaults_options, + stats_ipaddresses => ['127.0.0.1'], + use_include => true, +} + +sysctl::value { 'net.ipv4.ip_nonlocal_bind': + value => '1' +} + +service { 'haproxy' : + ensure => 'running', + name => $service_name, + enable => true, + hasstatus => true, + hasrestart => true, +} + +tweaks::ubuntu_service_override { 'haproxy' : + service_name => 'haproxy', + package_name => $haproxy::params::package_name, +} + +class { 'cluster::haproxy::rsyslog': + log_file => $haproxy_log_file, +} + +Package['haproxy'] -> +Class['haproxy::base'] + +Class['haproxy::base'] ~> +Service['haproxy'] + +Package['haproxy'] ~> +Service['haproxy'] + +Sysctl::Value['net.ipv4.ip_nonlocal_bind'] ~> +Service['haproxy'] + +# Pacemaker +$primitive_type = 'ns_haproxy' +$complex_type = 'clone' +$metadata = { + 'migration-threshold' => '3', + 'failure-timeout' => '120', +} +$parameters = { + 'ns' => 'haproxy', + 'debug' => $debug, + 'other_networks' => $other_networks, +} +$operations = { + 'monitor' => { + 'interval' => '30', + 'timeout' => '60' + }, + 'start' => { + 'timeout' => '60' + }, + 'stop' => { + 'timeout' => '60' + }, +} + +if $fuel_version < 9.0 { + + pacemaker_wrappers::service { $service_name : + primitive_type => $primitive_type, + parameters => $parameters, + metadata => $metadata, + operations => $operations, + ms_metadata => { + 'interleave' => true, + }, + complex_type => $complex_type, + prefix => false, + } + + Cs_resource[$service_name] -> + Service[$service_name] +} else { + + pacemaker::service { $service_name : + primitive_type => $primitive_type, + parameters => $parameters, + metadata => $metadata, + operations => $operations, + complex_metadata => { + 'interleave' => true, + }, + complex_type => $complex_type, + prefix => false, + } + + Pcmk_resource[$service_name] -> + Service[$service_name] +} diff --git a/deployment_tasks.yaml b/deployment_tasks.yaml index dde0a69..062ec37 100644 --- a/deployment_tasks.yaml +++ b/deployment_tasks.yaml @@ -10,7 +10,6 @@ - logging - netconfig - hosts - - cluster-haproxy required_for: [deploy_end] requires: [deploy_start] parameters: @@ -54,7 +53,6 @@ - id: lma-es-cluster type: puppet groups: [primary-elasticsearch_kibana, elasticsearch_kibana] - required_for: [cluster-haproxy] requires: [lma-es-firewall] parameters: puppet_manifest: "puppet/manifests/cluster.pp" @@ -63,6 +61,17 @@ reexecute_on: - deploy_changes +- id: lma-es-cluster-haproxy + type: puppet + groups: [primary-elasticsearch_kibana, elasticsearch_kibana] + requires: [lma-es-cluster] + parameters: + puppet_manifest: "puppet/manifests/cluster-haproxy.pp" + puppet_modules: puppet/modules:/etc/puppet/modules + timeout: 3600 + reexecute_on: + - deploy_changes + - id: lma-es-virtual-ip type: puppet groups: [primary-elasticsearch_kibana, elasticsearch_kibana] @@ -91,7 +100,7 @@ - id: lma-es-kibana-haproxy type: puppet groups: [primary-elasticsearch_kibana, elasticsearch_kibana] - requires: [cluster-haproxy, lma-es-virtual-ip] + requires: [lma-es-cluster-haproxy, lma-es-virtual-ip] required_for: [deploy_end] parameters: puppet_manifest: "puppet/manifests/haproxy.pp"