From 9df04fed70eb9f9e84f6da2ac5bb4d94df037fe6 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Evrard Date: Fri, 21 Aug 2015 12:56:30 +0200 Subject: [PATCH] Fixing haproxy-playbook fails when installing on multiple hosts This bug is triggered when haproxy is deployed on multiple hosts and external_lb_vip is different than the internal one. As all host receive the same configuration, and are expected to restart the haproxy service more than once (once during role and once post_tasks), the playbook will fail, because the restart of the service fails. The restart of the service fails on some hosts because haproxy tries to start/bind to an ip the host doesn't have (avoiding ip conflicts) This allows haproxy to bind on non_local addresses by addng a sysctl change in the playbook: net.ipv4.ip_nonlocal_bind = 1 The sysctl is changed for the containers/systems when external_lb_vip is different than internal address and the number of haproxy hosts is more than one thanks to a group_var. Side-effect: other services are able to bind on non-local addresses if the sysctl is changed. This could be overriden by setting the variable haproxy_bind_on_non_local in your user_* variables. If set to false, then the ip_non_local_bind sysctl won't be changed. Closes-Bug: #1487409 Change-Id: I41b3a5a4ba2d48192b505e3720456a77484aa92b --- playbooks/inventory/group_vars/hosts.yml | 3 +++ playbooks/roles/haproxy_server/defaults/main.yml | 1 + playbooks/roles/haproxy_server/tasks/haproxy_install.yml | 2 +- .../roles/haproxy_server/tasks/haproxy_post_install.yml | 8 ++++++++ 4 files changed, 13 insertions(+), 1 deletion(-) diff --git a/playbooks/inventory/group_vars/hosts.yml b/playbooks/inventory/group_vars/hosts.yml index 83998996a6..ef6639191b 100644 --- a/playbooks/inventory/group_vars/hosts.yml +++ b/playbooks/inventory/group_vars/hosts.yml @@ -226,3 +226,6 @@ swift_system_shell: /bin/bash swift_system_comment: swift system user swift_system_home_folder: "/var/lib/{{ swift_system_user_name }}" swift_service_region: "{{ service_region }}" + +## HAProxy +haproxy_bind_on_non_local: "{% if groups.haproxy_hosts[1] is defined and internal_lb_vip_address != external_lb_vip_address %}True{% else %}False{% endif %}" diff --git a/playbooks/roles/haproxy_server/defaults/main.yml b/playbooks/roles/haproxy_server/defaults/main.yml index bab6861a15..161dab0ac2 100644 --- a/playbooks/roles/haproxy_server/defaults/main.yml +++ b/playbooks/roles/haproxy_server/defaults/main.yml @@ -67,6 +67,7 @@ haproxy_backup_nodes: [] # - "httplog" galera_monitoring_user: monitoring +haproxy_bind_on_non_local: False ## haproxy SSL haproxy_ssl: no diff --git a/playbooks/roles/haproxy_server/tasks/haproxy_install.yml b/playbooks/roles/haproxy_server/tasks/haproxy_install.yml index 4226bdde56..9e78269ce1 100644 --- a/playbooks/roles/haproxy_server/tasks/haproxy_install.yml +++ b/playbooks/roles/haproxy_server/tasks/haproxy_install.yml @@ -24,7 +24,7 @@ tags: - haproxy-apt-packages -- name: Install HAPRoxy Packages +- name: Install HAProxy Packages apt: pkg: "{{ item }}" state: latest diff --git a/playbooks/roles/haproxy_server/tasks/haproxy_post_install.yml b/playbooks/roles/haproxy_server/tasks/haproxy_post_install.yml index 7bf26033f8..5105021aa7 100644 --- a/playbooks/roles/haproxy_server/tasks/haproxy_post_install.yml +++ b/playbooks/roles/haproxy_server/tasks/haproxy_post_install.yml @@ -13,6 +13,14 @@ # See the License for the specific language governing permissions and # limitations under the License. +- name: Make haproxy bindable on non local addresses + sysctl: + name: net.ipv4.ip_nonlocal_bind + value: 1 + sysctl_set: yes + state: present + when: haproxy_bind_on_non_local | bool + - name: Drop base haproxy config template: src: "{{ item }}"