- Jan 08, 2025
-
-
Michal Nasiadka authored
It's needed to be configured on environments like our CI, because of low cpu/network resources proxysql marks healthy nodes as OFFLINE_HARD Change-Id: I6d1e9e77abc48d82ffd6ade33997c83bb601b0eb (cherry picked from commit 1fbb299d)
-
- Sep 17, 2024
-
-
Michal Arbet authored
From version 2.1, ProxySQL has a built-in ProxySQL Prometheus exporter. This patch adds an option to easily enable this exporter [1]. [1] https://proxysql.com/documentation/prometheus-exporter Change-Id: I8776cdc0a6ec9e4e35a2424dd0984488514a711f
-
- Jul 19, 2024
-
-
Michal Arbet authored
The Kolla project supports building images with user-defined prefixes. However, Kolla-ansible is unable to use those images for installation. This patch fixes that issue. Closes-Bug: #2073541 Change-Id: Ia8140b289aa76fcd584e0e72686e3786215c5a99
-
- Nov 07, 2023
-
-
James Kirsch authored
Add support for automatic provisioning and renewal of HTTPS certificates via LetsEncrypt. Spec is available at: https://etherpad.opendev.org/p/kolla-ansible-letsencrypt-https Depends-On: https://review.opendev.org/c/openstack/kolla/+/887347 Co-Authored-By:
Michal Arbet <michal.arbet@ultimum.io> Implements: blueprint letsencrypt-https Change-Id: I35317ea0343f0db74ddc0e587862e95408e9e106
-
- Aug 18, 2023
-
-
Léo Gillot-Lamure authored
Threads are the recommended way to scale CPU performance since HAProxy 1.8. Official documentation says: « While "nbproc" historically used to be the only way to use multiple processors, it also involved a number of shortcomings related to the lack of synchronization between processes (health-checks, peers, stick-tables, stats, ...) which do not affect threads. As such, any modern configuration is strongly encouraged to migrate away from "nbproc" to "nbthread". ». Change-Id: I6f2e9d74e68703c8e0827e495945a75f020e1561
-
- Aug 02, 2023
-
-
Léo Gillot-Lamure authored
Threads are the recommended way to scale CPU performance since HAProxy 1.8. Official documentation says: « While "nbproc" historically used to be the only way to use multiple processors, it also involved a number of shortcomings related to the lack of synchronization between processes (health-checks, peers, stick-tables, stats, ...) which do not affect threads. As such, any modern configuration is strongly encouraged to migrate away from "nbproc" to "nbthread". ». While more recent versions of HAProxy automatically detect the number of available CPU and enable threads for them, it can be useful to explicitely set the value. In this patch, setting cpu-map for threads is not supported. Change-Id: Id917c70f3dbe52f24f25d9403ba8151729e8966b
-
- Jun 28, 2023
-
-
Michal Nasiadka authored
Use case: exposing single external https frontend and load balancing services using FQDNs. Support different ports for internal and external endpoints. Introduced kolla_url filter to normalize urls like: - https://magnum.external:443/v1 - http://magnum.external:80/v1 Change-Id: I9fb03fe1cebce5c7198d523e015280c69f139cd0 Co-Authored-By:
Jakub Darmach <jakub@stackhpc.com>
-
Michal Nasiadka authored
We've seen issues in CI when keepalived haproxy check script returns an error and keepalived is switching to backup and then again to primary on a single node environment. Closes-Bug: #2025219 Change-Id: Iba62e76b3cf83f3ade6df81288d2d77129ffc725
-
- Oct 20, 2022
-
-
Michal Arbet authored
By default ProxySQL's default value of max_replication_lag is 0 which is in fact disabling this feature [1]. If it is greater than 0, ProxySQL will regularly monitor replication lag and if it goes beyond the configured threshold it will temporary shun the host until replication catches up. This should be configurable via kolla-ansible as every openstack deployment can be different in terms of network delays, database load etc.. , so user should have option to configure when database backend will be shunned. [1] https://proxysql.com/documentation/main-runtime/ Change-Id: I66171638abc712cb84b380042f1d29f54c499e73
-
- Sep 21, 2022
-
-
Michal Nasiadka authored
mainly jinja spacing and jinja[invalid] related Change-Id: I6f52f2b0c1ef76de626657d79486d31e0f47f384
-
- Jul 29, 2022
-
-
Michal Arbet authored
Kolla environment currently uses haproxy to fullfill HA in mariadb. This patch is switching haproxy to proxysql if enabled. This patch is also replacing mariadb's user 'haproxy' with user 'monitor'. This replacement has two reasons: - Use better name to "monitor" galera claster as there are two services using this user (HAProxy, ProxySQL) - Set password for monitor user as it's always better to use password then not use. Previous haproxy user didn't use password as it was historically not possible with haproxy and mariadb-clustercheck wasn't implemented. Depends-On: https://review.opendev.org/c/openstack/kolla/+/769385 Depends-On: https://review.opendev.org/c/openstack/kolla/+/765781 Depends-On: https://review.opendev.org/c/openstack/kolla/+/850656 Change-Id: I0edae33d982c2e3f3b5f34b3d5ad07a431162844
-
- May 23, 2022
-
-
Radosław Piliszek authored
Change-Id: Ib4b15ed4feac82d8492b1c0f0238a752eac668e6
-
- Apr 20, 2022
-
-
Marcin Juszkiewicz authored
We have only one value for install_type now and it gets removed from image names. Change-Id: I8bf95fd7aa9dd26b80d618ca0fcb097003b4cb0a
-
- Feb 09, 2022
-
-
Imran Hussain authored
Allow operators to set haproxy socket to admin level. This is done via the flag haproxy_socket_level_admin which is set to "no" by default. Closes-Bug: 1960215 Signed-off-by:
Imran Hussain <ih@imranh.co.uk> Change-Id: Ia0da89288d68f5803ace1934c013053f12343195
-
- Dec 31, 2021
-
-
Pierre Riteau authored
Role vars have a higher precedence than role defaults. This allows to import default vars from another role via vars_files without overriding project_name (see related bug for details). Change-Id: I3d919736e53d6f3e1a70d1267cf42c8d2c0ad221 Related-Bug: #1951785
-
- Sep 16, 2021
-
-
Michal Arbet authored
Haproxy was renamed in [1]. [1] https://review.opendev.org/c/openstack/kolla-ansible/+/770618 Change-Id: Ib2d7f0774fede570a8c4c315d83afd420c31da0b
-
- Aug 19, 2021
-
-
Michal Arbet authored
For now role haproxy is maintaining haproxy and keepalived. In follow-up changes there is also proxysql added. This patch is *only* renaming/moving stuff to more prominent role loadbalancer, and moving also specific templates to subdirectory. This was done only to better diff in follow-up changes. Change-Id: I1d39d5bcaefc4016983bf267a2736b742cc3a555
-
- Jun 23, 2021
-
-
Michal Arbet authored
This patch is adding configuration option to manipulate with kernel option sysctl_net_ipv4_tcp_retries2. More informations about kernel option in [1][2] and RedHat suggestion [3] to set for DBs and HA. [1]: https://pracucci.com/linux-tcp-rto-min-max-and-tcp-retries2.html [2]: https://blog.cloudflare.com/when-tcp-sockets-refuse-to-die/ [3]: https://access.redhat.com/solutions/726753 Closes-Bug: #1917068 Change-Id: Ia0decbbfa4e33b1889b635f8bb1c9094567a2ce6
-
Mark Goddard authored
By default, Ansible injects a variable for every fact, prefixed with ansible_. This can result in a large number of variables for each host, which at scale can incur a performance penalty. Ansible provides a configuration option [0] that can be set to False to prevent this injection of facts. In this case, facts should be referenced via ansible_facts.<fact>. This change updates all references to Ansible facts within Kolla Ansible from using individual fact variables to using the items in the ansible_facts dictionary. This allows users to disable fact variable injection in their Ansible configuration, which may provide some performance improvement. This change disables fact variable injection in the ansible configuration used in CI, to catch any attempts to use the injected variables. [0] https://docs.ansible.com/ansible/latest/reference_appendices/config.html#inject-facts-as-vars Change-Id: I7e9d5c9b8b9164d4aee3abb4e37c8f28d98ff5d1 Partially-Implements: blueprint performance-improvements
-
- Mar 13, 2021
-
-
LinPeiWen authored
This change enables the use of Docker healthchecks for haproxy services. Implements: blueprint container-health-check Change-Id: I4b486e9c78e9a01a0f5983b83aca00ea3a001dcc
-
- Mar 02, 2021
-
-
Arthur Outhenin-Chalandre authored
This option disables copy of certificates from the operator host to kolla-ansible managed hosts. This is especially useful if you already have some mechanisms to handle your certificates directly on your hosts. Co-Authored-By:
Marc 'risson' Schmitt <marc.schmitt@risson.space> Change-Id: Ie18b2464cb5a65a88c4ac191a921b8074a14f504
-
- Aug 23, 2020
-
-
Radosław Piliszek authored
Change-Id: Iffadcddfb70650cdf4c6c4d9ec3b7471d63f5ff8 Closes-Bug: #1892622
-
- Aug 10, 2020
-
-
Mark Goddard authored
Previously we mounted /etc/timezone if the kolla_base_distro is debian or ubuntu. This would fail prechecks if debian or ubuntu images were deployed on CentOS. While this is not a supported combination, for correctness we should fix the condition to reference the host OS rather than the container OS, since that is where the /etc/timezone file is located. Change-Id: Ifc252ae793e6974356fcdca810b373f362d24ba5 Closes-Bug: #1882553
-
- Apr 09, 2020
-
-
Dincer Celik authored
Some services look for /etc/timezone on Debian/Ubuntu, so we should introduce it to the containers. In addition, added prechecks for /etc/localtime and /etc/timezone. Closes-Bug: #1821592 Change-Id: I9fef14643d1bcc7eee9547eb87fa1fb436d8a6b3
-
- Jan 10, 2020
-
-
Mark Goddard authored
For the CentOS 7 to 8 transition, we will have a period where both CentOS 7 and 8 images are available. We differentiate these images via a tag - the CentOS 8 images will have a tag of train-centos8 (or master-centos8 temporarily). To achieve this, and maintain backwards compatibility for the openstack_release variable, we introduce a new 'openstack_tag' variable. This variable is based on openstack_release, but has a suffix of 'openstack_tag_suffix', which is empty except on CentOS 8 where it has a value of '-centos8'. Change-Id: I12ce4661afb3c255136cdc1aabe7cbd25560d625 Partially-Implements: blueprint centos-rhel-8
-
- Sep 23, 2019
-
-
Mark Goddard authored
This allows the install type for the project to be different than kolla_install_type This can be used to avoid hitting bug 1786238, since kuryr only supports the source type. Change-Id: I2b6fc85bac092b1614bccfd22bee48442c55dda4 Closes-Bug: #1786238
-
- Aug 14, 2019
-
-
Scott Solkhon authored
The default connection limits for backends is 2000 however, mariadb defaults to a max of 10000 conections, therefore changing this limit to match the mariadb limit. 'haproxy_max_connections' also needs to be bumped for this to work. Change-Id: I5ded328485855f3f3d4390282040b0d89d08d997
-
- May 17, 2019
-
-
binhong.hua authored
When integrating 3rd party component into openstack with kolla-ansible, maybe have to mount some extra volumes to container. Change-Id: I69108209320edad4c4ffa37dabadff62d7340939 Implements: blueprint support-extra-volumes
-
- Sep 26, 2018
-
-
Adam Harwell authored
Having all services in one giant haproxy file makes altering configuration for a service both painful and dangerous. Each service should be configured with a simple set of variables and rendered with a single unified template. Available are two new templates: * haproxy_single_service_listen.cfg.j2: close to the original style, but only one service per file * haproxy_single_service_split.cfg.j2: using the newer haproxy syntax for separated frontend and backend For now the default will be the single listen block, for ease of transition. Change-Id: I6e237438fbc0aa3c89a3c8bd706a53b74e71904b
-
- Sep 17, 2018
-
-
Clint Byrum authored
In some cases a deployer may want to use haproxy for SSL termination but has external infrastructure for load balancing, and thus no need for keepalived to manage the VIP. Co-Authored-By:
Adam Harwell <flux.adam@gmail.com> Change-Id: I451d7e33f1e631038a8d198dbc33c9a8850571b7
-
- Jul 25, 2018
-
-
Lakshmi Prasanna Goutham Pratapa authored
This commit is to apply resource-constraints only to few OpenStack services. Commit to apply constraints to other services will be made in coming commits. Partially-Implements: blueprint resource-constraints Change-Id: Icafa54baca24d2de64238222a5677b9d8b90e2aa
-
- Jun 19, 2018
-
-
Vladislav Belogrudov authored
Some Murano applications require much longer time than default 1 hour to be deployed. Change-Id: I395e9e3e8cccf70f316f313847648841822e639a Closes-Bug: #1777670
-
- May 24, 2018
-
-
Nikita Gerasimov authored
Introduce new option "haproxy_defaults_balance" to set balance in defaults section. Change-Id: Iaf12717ffac94ac2308758bd8ec87f088af26b69 Closes-Bug: #1773178
-
- May 11, 2018
-
-
Jorge Niedbalski authored
This patch enables 3 new configuration options for haproxy.cfg global section. - haproxy_processes: number of haproxy processes (default:1). - haproxy_max_connections: number of concurrent connections (default:4000) - haproxy_process_cpu_map: enforces 1:1 mapping/affinity between process and core. (default: no). Closes-Bug: #1770060 Change-Id: I33fc499b083c7bcc548133498e44406a479389f1 Signed-off-by:
Jorge Niedbalski <jorge.niedbalski@linaro.org>
-
- Apr 03, 2018
-
-
Nick Jones authored
This commit provides operators with the ability to specify additional options per HTTP or TCP listener stanza. Change-Id: I66cc5372f2a686213b6748a8260cfe84f789ad8e Implements: blueprint haproxy-listener-extra-options
-
- Feb 27, 2018
-
-
Pavel Glushchak authored
In some data centers multicast traffic is prohibited. Additionally VRRP id needs to be unique within broadcast domain when keepalived operates in multicast mode, otherwise it fails to start. However keepalived can be configured to use unicast traffic [1]. In unicast mode VRRP id doesn't make sense, but needs to be the same among peers. [1] http://manpages.ubuntu.com/manpages/zesty/man5/keepalived.conf.5.html Change-Id: I692ecbb0aa750baf20c013b53b57f88b474b63cc Signed-off-by:
Pavel Glushchak <pglushchak@virtuozzo.com>
-
- Sep 28, 2017
-
-
Tatsuma Matsuki authored
This change adds enable_fluentd option and enables some other log shippers to be integrated. When enable_fluentd is "no", syslog server is also disabled. Then, this change also adds syslog parameters to use a syslog server prepared by users. Change-Id: I7c83ef7fe30a6b9ab7385bcee953ad07e96b0a83 Implements: blueprint fluentd-enable-option
-
- Mar 30, 2017
-
-
Mauricio Lima authored
Co-Authored-By:
caoyuan <cao.yuan@99cloud.net> Change-Id: Iddde03760ff85af5263868ebc47b8b9438e92e8e Partially-implements: blueprint better-reconfigure
-
- Mar 24, 2017
-
-
jimmygc authored
Change-Id: I1a4d5ae561a944a138512d7573fe16b5197050af Closes-Bug: #1675637
-
- Feb 07, 2017
-
-
Vladislav Belogrudov authored
With this fix operator can tune client/server timeouts of HAProxy to avoid receiving '504' for lengthy requests by API clients. Change-Id: I12611b34f99759e6b6527fea3768a971c9fbdd71 Closes-Bug: #1662506
-