summaryrefslogtreecommitdiffstats
path: root/roles/openshift_loadbalancer
diff options
context:
space:
mode:
Diffstat (limited to 'roles/openshift_loadbalancer')
-rw-r--r--roles/openshift_loadbalancer/README.md34
-rw-r--r--roles/openshift_loadbalancer/defaults/main.yml22
-rw-r--r--roles/openshift_loadbalancer/handlers/main.yml6
-rw-r--r--roles/openshift_loadbalancer/meta/main.yml15
-rw-r--r--roles/openshift_loadbalancer/tasks/main.yml73
-rw-r--r--roles/openshift_loadbalancer/templates/haproxy.cfg.j276
6 files changed, 226 insertions, 0 deletions
diff --git a/roles/openshift_loadbalancer/README.md b/roles/openshift_loadbalancer/README.md
new file mode 100644
index 000000000..81fc282be
--- /dev/null
+++ b/roles/openshift_loadbalancer/README.md
@@ -0,0 +1,34 @@
+OpenShift HAProxy Loadbalancer
+==============================
+
+TODO
+
+Requirements
+------------
+
+TODO
+
+Role Variables
+--------------
+
+TODO
+
+Dependencies
+------------
+
+TODO
+
+Example Playbook
+----------------
+
+TODO
+
+License
+-------
+
+Apache License, Version 2.0
+
+Author Information
+------------------
+
+Jason DeTiberus (jdetiber@redhat.com)
diff --git a/roles/openshift_loadbalancer/defaults/main.yml b/roles/openshift_loadbalancer/defaults/main.yml
new file mode 100644
index 000000000..a1524cfe1
--- /dev/null
+++ b/roles/openshift_loadbalancer/defaults/main.yml
@@ -0,0 +1,22 @@
+---
+haproxy_frontend_port: 80
+
+haproxy_frontends:
+- name: main
+ binds:
+ - "*:80"
+ default_backend: default
+
+haproxy_backends:
+- name: default
+ balance: roundrobin
+ servers:
+ - name: web01
+ address: 127.0.0.1:9000
+ opts: check
+
+os_firewall_allow:
+- service: haproxy stats
+ port: "9000/tcp"
+- service: haproxy balance
+ port: "{{ haproxy_frontend_port }}/tcp"
diff --git a/roles/openshift_loadbalancer/handlers/main.yml b/roles/openshift_loadbalancer/handlers/main.yml
new file mode 100644
index 000000000..5b8691b26
--- /dev/null
+++ b/roles/openshift_loadbalancer/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+- name: restart haproxy
+ service:
+ name: haproxy
+ state: restarted
+ when: not (haproxy_start_result_changed | default(false) | bool)
diff --git a/roles/openshift_loadbalancer/meta/main.yml b/roles/openshift_loadbalancer/meta/main.yml
new file mode 100644
index 000000000..fe336acf7
--- /dev/null
+++ b/roles/openshift_loadbalancer/meta/main.yml
@@ -0,0 +1,15 @@
+---
+galaxy_info:
+ author: Jason DeTiberus
+ description: OpenShift haproxy loadbalancer
+ company: Red Hat, Inc.
+ license: Apache License, Version 2.0
+ min_ansible_version: 1.9
+ platforms:
+ - name: EL
+ versions:
+ - 7
+dependencies:
+- role: openshift_facts
+- role: os_firewall
+- role: openshift_repos
diff --git a/roles/openshift_loadbalancer/tasks/main.yml b/roles/openshift_loadbalancer/tasks/main.yml
new file mode 100644
index 000000000..5514aa70b
--- /dev/null
+++ b/roles/openshift_loadbalancer/tasks/main.yml
@@ -0,0 +1,73 @@
+---
+- name: Set haproxy frontend port
+ openshift_facts:
+ role: loadbalancer
+ local_facts:
+ frontend_port: "{{ openshift_master_api_port | default(None) }}"
+
+- name: Set loadbalancer facts
+ openshift_facts:
+ role: loadbalancer
+ local_facts:
+ limit_nofile: "{{ openshift_loadbalancer_limit_nofile | default(None) }}"
+ default_maxconn: "{{ openshift_loadbalancer_default_maxconn | default(None) }}"
+ global_maxconn: "{{ openshift_loadbalancer_global_maxconn | default(None) }}"
+ frontends:
+ - name: atomic-openshift-api
+ mode: tcp
+ options:
+ - tcplog
+ binds:
+ - "*:{{ openshift.loadbalancer.frontend_port }}"
+ default_backend: atomic-openshift-api
+ backends:
+ - name: atomic-openshift-api
+ mode: tcp
+ option: tcplog
+ balance: source
+ servers: "{{ hostvars
+ | oo_select_keys(groups['oo_masters'])
+ | oo_haproxy_backend_masters(openshift.loadbalancer.frontend_port) }}"
+
+- name: Install haproxy
+ action: "{{ ansible_pkg_mgr }} name=haproxy state=present"
+ when: not openshift.common.is_containerized | bool
+
+- name: Configure systemd service directory for haproxy
+ file:
+ path: /etc/systemd/system/haproxy.service.d
+ state: directory
+ when: "'limit_nofile' in openshift.loadbalancer"
+
+- name: Configure the nofile limits for haproxy
+ ini_file:
+ dest: /etc/systemd/system/haproxy.service.d/limits.conf
+ section: Service
+ option: LimitNOFILE
+ value: "{{ openshift.loadbalancer.limit_nofile }}"
+ when: "'limit_nofile' in openshift.loadbalancer"
+ notify: restart haproxy
+ register: nofile_limit_result
+
+- name: Reload systemd if needed
+ command: systemctl daemon-reload
+ when: nofile_limit_result | changed
+
+- name: Configure haproxy
+ template:
+ src: haproxy.cfg.j2
+ dest: /etc/haproxy/haproxy.cfg
+ owner: root
+ group: root
+ mode: 0644
+ notify: restart haproxy
+
+- name: Enable and start haproxy
+ service:
+ name: haproxy
+ state: started
+ enabled: yes
+ register: start_result
+
+- set_fact:
+ haproxy_start_result_changed: "{{ start_result | changed }}"
diff --git a/roles/openshift_loadbalancer/templates/haproxy.cfg.j2 b/roles/openshift_loadbalancer/templates/haproxy.cfg.j2
new file mode 100644
index 000000000..05e360d3b
--- /dev/null
+++ b/roles/openshift_loadbalancer/templates/haproxy.cfg.j2
@@ -0,0 +1,76 @@
+# Global settings
+#---------------------------------------------------------------------
+global
+ chroot /var/lib/haproxy
+ pidfile /var/run/haproxy.pid
+ maxconn {{ openshift.loadbalancer.global_maxconn }}
+ user haproxy
+ group haproxy
+ daemon
+
+ # turn on stats unix socket
+ stats socket /var/lib/haproxy/stats
+
+#---------------------------------------------------------------------
+# common defaults that all the 'listen' and 'backend' sections will
+# use if not designated in their block
+#---------------------------------------------------------------------
+defaults
+ mode http
+ log global
+ option httplog
+ option dontlognull
+# option http-server-close
+ option forwardfor except 127.0.0.0/8
+ option redispatch
+ retries 3
+ timeout http-request 10s
+ timeout queue 1m
+ timeout connect 10s
+ timeout client 300s
+ timeout server 300s
+ timeout http-keep-alive 10s
+ timeout check 10s
+ maxconn {{ openshift.loadbalancer.default_maxconn }}
+
+listen stats :9000
+ mode http
+ stats enable
+ stats uri /
+
+{% for frontend in openshift.loadbalancer.frontends %}
+frontend {{ frontend.name }}
+{% for bind in frontend.binds %}
+ bind {{ bind }}
+{% endfor %}
+ default_backend {{ frontend.default_backend }}
+{% if 'mode' in frontend %}
+ mode {{ frontend.mode }}
+{% endif %}
+{% if 'options' in frontend %}
+{% for option in frontend.options %}
+ option {{ option }}
+{% endfor %}
+{% endif %}
+{% if 'redirects' in frontend %}
+{% for redirect in frontend.redirects %}
+ redirect {{ redirect }}
+{% endfor %}
+{% endif %}
+{% endfor %}
+
+{% for backend in openshift.loadbalancer.backends %}
+backend {{ backend.name }}
+ balance {{ backend.balance }}
+{% if 'mode' in backend %}
+ mode {{ backend.mode }}
+{% endif %}
+{% if 'options' in backend %}
+{% for option in backend.options %}
+ option {{ option }}
+{% endfor %}
+{% endif %}
+{% for server in backend.servers %}
+ server {{ server.name }} {{ server.address }} {{ server.opts }}
+{% endfor %}
+{% endfor %}