feat: sydney haproxy cluster

- add au-syd1 halb cluster
- add http-response to frontends
- manage haproxy after enc_role is correct
This commit is contained in:
2024-04-28 19:27:32 +10:00
parent a141de8b74
commit 220ac182f4
9 changed files with 160 additions and 28 deletions
@@ -8,7 +8,7 @@ define profiles::haproxy::balancemember (
$location_environment = "${facts['country']}-${facts['region']}-${facts['environment']}"
$balancemember_tag = "${service}_${location_environment}"
@@haproxy::balancermember { $balancemember_tag:
@@haproxy::balancermember { $title:
listening_service => $service,
ports => $ports,
server_names => $facts['networking']['hostname'],
+6 -4
View File
@@ -5,16 +5,18 @@ class profiles::haproxy::fe_http (
Array $bind_opts = ['transparent'],
Array $acls = [],
Array $http_request = [],
Array $http_response = [],
) {
haproxy::frontend { 'fe_http':
description => 'Default HTTP Frontend',
bind => { "${bind_addr}:${bind_port}" => $bind_opts },
mode => 'http',
options => {
'acl' => $acls,
'http-request' => $http_request,
'use_backend' => [
'%[req.hdr(host),lower,map(/etc/haproxy/domains-to-backends.map,be_default)]',
'acl' => $acls,
'http-request' => $http_request,
'http-response' => $http_response,
'use_backend' => [
'%[req.hdr(host),lower,map(/etc/haproxy/fe_http.map,be_default)]',
],
},
}
+6 -4
View File
@@ -5,16 +5,18 @@ class profiles::haproxy::fe_https (
Array $bind_opts = [],
Array $acls = [],
Array $http_request = [],
Array $http_response = [],
) {
haproxy::frontend { 'fe_https':
description => 'Default HTTPS Frontend',
bind => { "${bind_addr}:${bind_port}" => $bind_opts },
mode => 'http',
options => {
'acl' => $acls,
'http-request' => $http_request,
'use_backend' => [
'%[req.hdr(host),lower,map(/etc/haproxy/domains-to-backends.map,be_default)]',
'acl' => $acls,
'http-request' => $http_request,
'http-response' => $http_response,
'use_backend' => [
'%[req.hdr(host),lower,map(/etc/haproxy/fe_https.map,be_default)]',
],
},
}
+25 -18
View File
@@ -35,24 +35,31 @@ class profiles::haproxy::server (
$merged_global_options = merge($global_options, $globals)
$merged_default_options = merge($default_options, $defaults)
# manage selinux
include profiles::haproxy::selinux
# wait until enc_role matches haproxy enc_role
if $facts['enc_role'] == 'roles::infra::halb::haproxy' {
# create the haproxy service/instance
class { 'haproxy':
global_options => $merged_global_options,
defaults_options => $merged_default_options,
require => Class['profiles::haproxy::selinux']
# manage selinux
include profiles::haproxy::selinux
# create the haproxy service/instance
class { 'haproxy':
global_options => $merged_global_options,
defaults_options => $merged_default_options,
require => Class['profiles::haproxy::selinux']
}
include profiles::haproxy::certlist # manage the certificate list file
include profiles::haproxy::mappings # manage the domain to backend mappings
include profiles::haproxy::ls_stats # default status listener
include profiles::haproxy::fe_http # default http frontend
include profiles::haproxy::fe_https # default https frontend
include profiles::haproxy::dns # manage dns for haproxy
include profiles::haproxy::frontends # create frontends
include profiles::haproxy::backends # create backends
include profiles::haproxy::listeners # create listeners
Class['profiles::haproxy::certlist']
-> Class['profiles::haproxy::dns']
-> Class['profiles::haproxy::mappings']
}
include profiles::haproxy::certlist # manage the certificate list file
include profiles::haproxy::mappings # manage the domain to backend mappings
include profiles::haproxy::ls_stats # default status listener
include profiles::haproxy::fe_http # default http frontend
include profiles::haproxy::fe_https # default https frontend
include profiles::haproxy::dns # manage dns for haproxy
include profiles::haproxy::frontends # create frontends
include profiles::haproxy::backends # create backends
include profiles::haproxy::listeners # create listeners
}
+1
View File
@@ -7,6 +7,7 @@ class profiles::proxmox::init {
include profiles::proxmox::clusterjoin
include profiles::proxmox::ceph
include profiles::proxmox::config
include profiles::proxmox::weblb
Class['profiles::proxmox::repos']
-> Class['profiles::proxmox::install']
+2 -1
View File
@@ -38,6 +38,7 @@ class profiles::proxmox::params (
'ceph-volume',
'gdisk',
'nvme-cli'
]
],
Stdlib::Port $pve_webport = 8006,
){
}
+21
View File
@@ -0,0 +1,21 @@
# profiles::proxmox::weblb
class profiles::proxmox::weblb {
# include params class
include profiles::proxmox::params
# export haproxy balancemember
profiles::haproxy::balancemember { "${facts['networking']['fqdn']}_${profiles::proxmox::params::pve_webport}}":
service => "be_${facts['country']}${facts['region']}pve",
ports => [$profiles::proxmox::params::pve_webport],
options => [
"cookie ${facts['networking']['hostname']}",
'ssl',
'verify none',
'check',
'inter 2s',
'rise 3',
'fall 2',
]
}
}