Skip to content
Snippets Groups Projects
main.yml 9.07 KiB
Newer Older
loadbalancer_services:
  haproxy:
    container_name: haproxy
    group: loadbalancer
    enabled: true
    image: "{{ haproxy_image_full }}"
    privileged: True
    volumes: "{{ haproxy_default_volumes + haproxy_extra_volumes }}"
    dimensions: "{{ haproxy_dimensions }}"
    healthcheck: "{{ haproxy_healthcheck }}"
  proxysql:
    container_name: proxysql
    group: loadbalancer
    enabled: "{{ enable_proxysql | bool }}"
    image: "{{ proxysql_image_full }}"
    privileged: False
    volumes: "{{ proxysql_default_volumes + proxysql_extra_volumes }}"
    dimensions: "{{ proxysql_dimensions }}"
    healthcheck: "{{ proxysql_healthcheck }}"
  keepalived:
    container_name: keepalived
    group: loadbalancer
    enabled: "{{ enable_keepalived | bool }}"
    image: "{{ keepalived_image_full }}"
    privileged: True
    volumes: "{{ keepalived_default_volumes + keepalived_extra_volumes }}"
    dimensions: "{{ keepalived_dimensions }}"
  haproxy-ssh:
    container_name: "haproxy_ssh"
    group: loadbalancer
    enabled: "{{ enable_letsencrypt | bool }}"
    image: "{{ haproxy_ssh_image_full }}"
    volumes: "{{ haproxy_ssh_default_volumes }}"
    dimensions: "{{ haproxy_ssh_dimensions }}"
    healthcheck: "{{ haproxy_ssh_healthcheck }}"

####################
# Docker
####################
keepalived_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ docker_image_name_prefix }}keepalived"
keepalived_tag: "{{ openstack_tag }}"
keepalived_image_full: "{{ keepalived_image }}:{{ keepalived_tag }}"
haproxy_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ docker_image_name_prefix }}haproxy"
haproxy_tag: "{{ openstack_tag }}"
haproxy_image_full: "{{ haproxy_image }}:{{ haproxy_tag }}"
proxysql_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ docker_image_name_prefix }}proxysql"
proxysql_tag: "{{ openstack_tag }}"
proxysql_image_full: "{{ proxysql_image }}:{{ proxysql_tag }}"

haproxy_ssh_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ docker_image_name_prefix }}haproxy-ssh"
haproxy_ssh_tag: "{{ haproxy_tag }}"
haproxy_ssh_image_full: "{{ haproxy_ssh_image }}:{{ haproxy_ssh_tag }}"

syslog_server: "{{ api_interface_address }}"
syslog_haproxy_facility: "local1"

# Traffic mode. Valid options are [ multicast, unicast ]
keepalived_traffic_mode: "multicast"
# Extended global configuration, optimization options.
haproxy_max_connections: 40000
haproxy_thread_cpu_map: "no"
# Matches the mariadb 10000 max connections limit
haproxy_defaults_max_connections: 10000

haproxy_dimensions: "{{ default_container_dimensions }}"
proxysql_dimensions: "{{ default_container_dimensions }}"
keepalived_dimensions: "{{ default_container_dimensions }}"
haproxy_ssh_dimensions: "{{ default_container_dimensions }}"
haproxy_enable_healthchecks: "{{ enable_container_healthchecks }}"
haproxy_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
haproxy_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
haproxy_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
haproxy_healthcheck_test: ["CMD-SHELL", "healthcheck_curl http://{{ api_interface_address | put_address_in_context('url') }}:{{ haproxy_monitor_port }}"]
haproxy_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
haproxy_healthcheck:
  interval: "{{ haproxy_healthcheck_interval }}"
  retries: "{{ haproxy_healthcheck_retries }}"
  start_period: "{{ haproxy_healthcheck_start_period }}"
  test: "{% if haproxy_enable_healthchecks | bool %}{{ haproxy_healthcheck_test }}{% else %}NONE{% endif %}"
  timeout: "{{ haproxy_healthcheck_timeout }}"

proxysql_enable_healthchecks: "{{ enable_container_healthchecks }}"
proxysql_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
proxysql_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
proxysql_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
proxysql_healthcheck_test: ["CMD-SHELL", "healthcheck_listen proxysql {{ proxysql_admin_port }}"]
proxysql_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
proxysql_healthcheck:
  interval: "{{ proxysql_healthcheck_interval }}"
  retries: "{{ proxysql_healthcheck_retries }}"
  start_period: "{{ proxysql_healthcheck_start_period }}"
  test: "{% if proxysql_enable_healthchecks | bool %}{{ proxysql_healthcheck_test }}{% else %}NONE{% endif %}"
  timeout: "{{ proxysql_healthcheck_timeout }}"

haproxy_ssh_enable_healthchecks: "{{ enable_container_healthchecks }}"
haproxy_ssh_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
haproxy_ssh_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
haproxy_ssh_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
haproxy_ssh_healthcheck_test: ["CMD-SHELL", "healthcheck_listen sshd {{ haproxy_ssh_port }}"]
haproxy_ssh_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
haproxy_ssh_healthcheck:
  interval: "{{ haproxy_ssh_healthcheck_interval }}"
  retries: "{{ haproxy_ssh_healthcheck_retries }}"
  start_period: "{{ haproxy_ssh_healthcheck_start_period }}"
  test: "{% if haproxy_ssh_enable_healthchecks | bool %}{{ haproxy_ssh_healthcheck_test }}{% else %}NONE{% endif %}"
  timeout: "{{ haproxy_ssh_healthcheck_timeout }}"


haproxy_default_volumes:
  - "{{ node_config_directory }}/haproxy/:{{ container_config_directory }}/:ro"
  - "/etc/localtime:/etc/localtime:ro"
  - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
  - "haproxy_socket:/var/lib/kolla/haproxy/"
  - "letsencrypt_certificates:/etc/haproxy/certificates"

proxysql_default_volumes:
  - "{{ node_config_directory }}/proxysql/:{{ container_config_directory }}/:ro"
  - "/etc/localtime:/etc/localtime:ro"
  - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
  - "kolla_logs:/var/log/kolla/"
  - "proxysql:/var/lib/proxysql/"
  - "proxysql_socket:/var/lib/kolla/proxysql/"
keepalived_default_volumes:
  - "{{ node_config_directory }}/keepalived/:{{ container_config_directory }}/:ro"
  - "/etc/localtime:/etc/localtime:ro"
  - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
  - "/lib/modules:/lib/modules:ro"
  - "{{ 'haproxy_socket:/var/lib/kolla/haproxy/' if enable_haproxy | bool else '' }}"
  - "{{ 'proxysql_socket:/var/lib/kolla/proxysql/' if enable_proxysql | bool else '' }}"
haproxy_ssh_default_volumes:
  - "{{ node_config_directory }}/haproxy-ssh/:{{ container_config_directory }}/:ro"
  - "/etc/localtime:/etc/localtime:ro"
  - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
  - "haproxy_socket:/var/lib/kolla/haproxy/"
  - "{{ 'letsencrypt:/etc/letsencrypt' if enable_letsencrypt | bool else omit }}"
  - "{{ 'letsencrypt_certificates:/etc/haproxy/certificates' if enable_letsencrypt | bool else omit }}"

haproxy_extra_volumes: "{{ default_extra_volumes }}"
proxysql_extra_volumes: "{{ default_extra_volumes }}"
keepalived_extra_volumes: "{{ default_extra_volumes }}"

# Default proxysql values
proxysql_workers: "{{ openstack_service_workers }}"

# The maximum number of client connections that the proxy can handle.
# After this number is reached, new connections will be rejected with
# the #HY000 error, and the error message Too many connections.
#
# As proxysql can route queries to several mariadb clusters, this
# value is set to 4x {{ proxysql_backend_max_connections }}
proxysql_max_connections: 40000
# The maximum number of connections to mariadb backends.
proxysql_backend_max_connections: 10000
proxysql_backend_max_replication_lag: "0"
proxysql_admin_user: "kolla-admin"
proxysql_stats_user: "kolla-stats"

# Proxysql prometheus exporter
proxysql_prometheus_exporter_memory_metrics_interval: "60"

# Default timeout values
haproxy_http_request_timeout: "10s"
haproxy_http_keep_alive_timeout: "10s"
haproxy_queue_timeout: "1m"
haproxy_connect_timeout: "10s"
haproxy_client_timeout: "1m"
haproxy_server_timeout: "1m"
haproxy_check_timeout: "10s"

# Check http://www.haproxy.org/download/1.5/doc/configuration.txt for available options
haproxy_defaults_balance: "roundrobin"
# Avoid TCP connections refusing to die after VIP switch
# https://bugs.launchpad.net/kolla-ansible/+bug/1917068
haproxy_host_ipv4_tcp_retries2: "KOLLA_UNSET"

# HAProxy socket admin permissions enable
haproxy_socket_level_admin: "{{ enable_letsencrypt | bool }}"
kolla_externally_managed_cert: False

# Allow to disable keepalived tracking script (e.g. for single node environments
# where this proves problematic in some cases)
keepalived_track_script_enabled: True

# Default backend for single external frontend (for missing mappings)
haproxy_external_single_frontend_default_backend: "horizon_external_back"

haproxy_external_single_frontend_public_port: "443"

haproxy_external_single_frontend_options:
  - option httplog
  - option forwardfor
  - "timeout client {{ haproxy_glance_api_client_timeout }}"

haproxy_glance_api_client_timeout: "6h"

################
# ProxySQL
################
mariadb_monitor_read_only_interval: ""