feat: sydney haproxy cluster
- add au-syd1 halb cluster - add http-response to frontends - manage haproxy after enc_role is correct
This commit is contained in:
@@ -8,7 +8,7 @@ define profiles::haproxy::balancemember (
|
||||
$location_environment = "${facts['country']}-${facts['region']}-${facts['environment']}"
|
||||
$balancemember_tag = "${service}_${location_environment}"
|
||||
|
||||
@@haproxy::balancermember { $balancemember_tag:
|
||||
@@haproxy::balancermember { $title:
|
||||
listening_service => $service,
|
||||
ports => $ports,
|
||||
server_names => $facts['networking']['hostname'],
|
||||
|
||||
@@ -5,16 +5,18 @@ class profiles::haproxy::fe_http (
|
||||
Array $bind_opts = ['transparent'],
|
||||
Array $acls = [],
|
||||
Array $http_request = [],
|
||||
Array $http_response = [],
|
||||
) {
|
||||
haproxy::frontend { 'fe_http':
|
||||
description => 'Default HTTP Frontend',
|
||||
bind => { "${bind_addr}:${bind_port}" => $bind_opts },
|
||||
mode => 'http',
|
||||
options => {
|
||||
'acl' => $acls,
|
||||
'http-request' => $http_request,
|
||||
'use_backend' => [
|
||||
'%[req.hdr(host),lower,map(/etc/haproxy/domains-to-backends.map,be_default)]',
|
||||
'acl' => $acls,
|
||||
'http-request' => $http_request,
|
||||
'http-response' => $http_response,
|
||||
'use_backend' => [
|
||||
'%[req.hdr(host),lower,map(/etc/haproxy/fe_http.map,be_default)]',
|
||||
],
|
||||
},
|
||||
}
|
||||
|
||||
@@ -5,16 +5,18 @@ class profiles::haproxy::fe_https (
|
||||
Array $bind_opts = [],
|
||||
Array $acls = [],
|
||||
Array $http_request = [],
|
||||
Array $http_response = [],
|
||||
) {
|
||||
haproxy::frontend { 'fe_https':
|
||||
description => 'Default HTTPS Frontend',
|
||||
bind => { "${bind_addr}:${bind_port}" => $bind_opts },
|
||||
mode => 'http',
|
||||
options => {
|
||||
'acl' => $acls,
|
||||
'http-request' => $http_request,
|
||||
'use_backend' => [
|
||||
'%[req.hdr(host),lower,map(/etc/haproxy/domains-to-backends.map,be_default)]',
|
||||
'acl' => $acls,
|
||||
'http-request' => $http_request,
|
||||
'http-response' => $http_response,
|
||||
'use_backend' => [
|
||||
'%[req.hdr(host),lower,map(/etc/haproxy/fe_https.map,be_default)]',
|
||||
],
|
||||
},
|
||||
}
|
||||
|
||||
@@ -35,24 +35,31 @@ class profiles::haproxy::server (
|
||||
$merged_global_options = merge($global_options, $globals)
|
||||
$merged_default_options = merge($default_options, $defaults)
|
||||
|
||||
# manage selinux
|
||||
include profiles::haproxy::selinux
|
||||
# wait until enc_role matches haproxy enc_role
|
||||
if $facts['enc_role'] == 'roles::infra::halb::haproxy' {
|
||||
|
||||
# create the haproxy service/instance
|
||||
class { 'haproxy':
|
||||
global_options => $merged_global_options,
|
||||
defaults_options => $merged_default_options,
|
||||
require => Class['profiles::haproxy::selinux']
|
||||
# manage selinux
|
||||
include profiles::haproxy::selinux
|
||||
|
||||
# create the haproxy service/instance
|
||||
class { 'haproxy':
|
||||
global_options => $merged_global_options,
|
||||
defaults_options => $merged_default_options,
|
||||
require => Class['profiles::haproxy::selinux']
|
||||
}
|
||||
|
||||
include profiles::haproxy::certlist # manage the certificate list file
|
||||
include profiles::haproxy::mappings # manage the domain to backend mappings
|
||||
include profiles::haproxy::ls_stats # default status listener
|
||||
include profiles::haproxy::fe_http # default http frontend
|
||||
include profiles::haproxy::fe_https # default https frontend
|
||||
include profiles::haproxy::dns # manage dns for haproxy
|
||||
include profiles::haproxy::frontends # create frontends
|
||||
include profiles::haproxy::backends # create backends
|
||||
include profiles::haproxy::listeners # create listeners
|
||||
|
||||
Class['profiles::haproxy::certlist']
|
||||
-> Class['profiles::haproxy::dns']
|
||||
-> Class['profiles::haproxy::mappings']
|
||||
}
|
||||
|
||||
include profiles::haproxy::certlist # manage the certificate list file
|
||||
include profiles::haproxy::mappings # manage the domain to backend mappings
|
||||
include profiles::haproxy::ls_stats # default status listener
|
||||
include profiles::haproxy::fe_http # default http frontend
|
||||
include profiles::haproxy::fe_https # default https frontend
|
||||
include profiles::haproxy::dns # manage dns for haproxy
|
||||
include profiles::haproxy::frontends # create frontends
|
||||
include profiles::haproxy::backends # create backends
|
||||
include profiles::haproxy::listeners # create listeners
|
||||
|
||||
}
|
||||
|
||||
@@ -7,6 +7,7 @@ class profiles::proxmox::init {
|
||||
include profiles::proxmox::clusterjoin
|
||||
include profiles::proxmox::ceph
|
||||
include profiles::proxmox::config
|
||||
include profiles::proxmox::weblb
|
||||
|
||||
Class['profiles::proxmox::repos']
|
||||
-> Class['profiles::proxmox::install']
|
||||
|
||||
@@ -38,6 +38,7 @@ class profiles::proxmox::params (
|
||||
'ceph-volume',
|
||||
'gdisk',
|
||||
'nvme-cli'
|
||||
]
|
||||
],
|
||||
Stdlib::Port $pve_webport = 8006,
|
||||
){
|
||||
}
|
||||
|
||||
@@ -0,0 +1,21 @@
|
||||
# profiles::proxmox::weblb
|
||||
class profiles::proxmox::weblb {
|
||||
|
||||
# include params class
|
||||
include profiles::proxmox::params
|
||||
|
||||
# export haproxy balancemember
|
||||
profiles::haproxy::balancemember { "${facts['networking']['fqdn']}_${profiles::proxmox::params::pve_webport}}":
|
||||
service => "be_${facts['country']}${facts['region']}pve",
|
||||
ports => [$profiles::proxmox::params::pve_webport],
|
||||
options => [
|
||||
"cookie ${facts['networking']['hostname']}",
|
||||
'ssl',
|
||||
'verify none',
|
||||
'check',
|
||||
'inter 2s',
|
||||
'rise 3',
|
||||
'fall 2',
|
||||
]
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user