feat: add haproxy2 role (#322)
- add basic haproxy2 role - add peers and resolvers - add haproxy2+ metrics frontend Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/322
This commit was merged in pull request #322.
This commit is contained in:
@@ -1,7 +1,6 @@
|
||||
# profiles::haproxy::dns
|
||||
class profiles::haproxy::dns (
|
||||
Stdlib::IP::Address $vrrp_ipaddr,
|
||||
Boolean $vrrp_master = false,
|
||||
Stdlib::IP::Address $ipaddr,
|
||||
Array[Stdlib::Fqdn] $vrrp_cnames = [],
|
||||
Array[Stdlib::Fqdn] $cnames = [],
|
||||
Integer $order = 10,
|
||||
@@ -28,24 +27,37 @@ class profiles::haproxy::dns (
|
||||
}
|
||||
}
|
||||
|
||||
# export a/cnames for haproxy applications
|
||||
if $vrrp_master {
|
||||
profiles::dns::record { "${facts['networking']['fqdn']}_vrrp_${location_environment}-halb-vrrp":
|
||||
value => $vrrp_ipaddr,
|
||||
type => 'A',
|
||||
record => "${location_environment}-halb-vrrp",
|
||||
zone => $::facts['networking']['domain'],
|
||||
order => $order,
|
||||
}
|
||||
# if it is, find hosts, sort them so they dont cause changes every run
|
||||
$servers_array = sort(query_nodes(
|
||||
"enc_role='${facts['enc_role']}' and
|
||||
country='${facts['country']}' and
|
||||
region='${facts['region']}' and
|
||||
environment='${facts['environment']}'",
|
||||
'networking.fqdn'
|
||||
))
|
||||
|
||||
$vrrp_cnames.each |$cname| {
|
||||
profiles::dns::record { "${::facts['networking']['fqdn']}_${cname}_CNAME":
|
||||
value => "${location_environment}-halb-vrrp",
|
||||
type => 'CNAME',
|
||||
record => "${cname}.",
|
||||
# give enough time for a few hosts to be provisioned
|
||||
if length($servers_array) >= 3 {
|
||||
|
||||
# if this is the first host in the returned filter, export a/cnames for haproxy applications
|
||||
if $servers_array[0] == $trusted['certname'] {
|
||||
profiles::dns::record { "${facts['networking']['fqdn']}_vrrp_${location_environment}-halb-vrrp":
|
||||
value => $ipaddr,
|
||||
type => 'A',
|
||||
record => "${location_environment}-halb-vrrp",
|
||||
zone => $::facts['networking']['domain'],
|
||||
order => $order,
|
||||
}
|
||||
|
||||
$vrrp_cnames.each |$cname| {
|
||||
profiles::dns::record { "${::facts['networking']['fqdn']}_${cname}_CNAME":
|
||||
value => "${location_environment}-halb-vrrp",
|
||||
type => 'CNAME',
|
||||
record => "${cname}.",
|
||||
zone => $::facts['networking']['domain'],
|
||||
order => $order,
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,24 @@
|
||||
# profiles::haproxy::peers
|
||||
class profiles::haproxy::peers (
|
||||
Boolean $enable = false,
|
||||
){
|
||||
|
||||
if $enable {
|
||||
|
||||
$peer_tag = "${facts['country']}-${facts['region']}-${facts['environment']}"
|
||||
|
||||
@@haproxy::peer { "${peer_tag}_${facts['networking']['fqdn']}":
|
||||
peers_name => $facts['networking']['fqdn'],
|
||||
port => 10000,
|
||||
tag => $peer_tag,
|
||||
}
|
||||
|
||||
# collect exported resources
|
||||
Haproxy::Peer <<| tag == $peer_tag |>>
|
||||
|
||||
haproxy::peers { $peer_tag:
|
||||
collect_exported => true
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,20 @@
|
||||
# profiles::haproxy::resolvers
|
||||
class profiles::haproxy::resolvers (
|
||||
Boolean $enable = false,
|
||||
) {
|
||||
|
||||
haproxy::resolver { 'internal':
|
||||
nameservers => {
|
||||
'dns1' => '198.18.19.16:53',
|
||||
},
|
||||
hold => {
|
||||
'nx' => '30s',
|
||||
'valid' => '10s'
|
||||
},
|
||||
resolve_retries => 3,
|
||||
timeout => {
|
||||
'retry' => '1s'
|
||||
},
|
||||
accepted_payload_size => 512,
|
||||
}
|
||||
}
|
||||
@@ -36,16 +36,21 @@ class profiles::haproxy::server (
|
||||
$merged_default_options = merge($default_options, $defaults)
|
||||
|
||||
# wait until enc_role matches haproxy enc_role
|
||||
if $facts['enc_role'] == 'roles::infra::halb::haproxy' {
|
||||
if $facts['enc_role'] in [
|
||||
'roles::infra::halb::haproxy',
|
||||
'roles::infra::halb::haproxy2'
|
||||
] {
|
||||
|
||||
# manage selinux
|
||||
include profiles::haproxy::selinux
|
||||
if $facts['virtual'] != 'lxc' {
|
||||
include profiles::haproxy::selinux
|
||||
}
|
||||
|
||||
# create the haproxy service/instance
|
||||
class { 'haproxy':
|
||||
global_options => $merged_global_options,
|
||||
defaults_options => $merged_default_options,
|
||||
require => Class['profiles::haproxy::selinux']
|
||||
#require => Class['profiles::haproxy::selinux']
|
||||
}
|
||||
|
||||
include certbot::client # download certbot certs
|
||||
@@ -53,9 +58,11 @@ class profiles::haproxy::server (
|
||||
include profiles::haproxy::mappings # manage the domain to backend mappings
|
||||
include profiles::haproxy::ls_stats # default status listener
|
||||
include profiles::haproxy::dns # manage dns for haproxy
|
||||
include profiles::haproxy::resolvers # manage resolvers
|
||||
include profiles::haproxy::frontends # create frontends
|
||||
include profiles::haproxy::backends # create backends
|
||||
include profiles::haproxy::listeners # create listeners
|
||||
include profiles::haproxy::peers # create peers
|
||||
include prometheus::haproxy_exporter # generate metrics
|
||||
|
||||
Class['profiles::haproxy::certlist']
|
||||
|
||||
@@ -0,0 +1,10 @@
|
||||
# a role to deploy an anycast haproxy2 node
|
||||
class roles::infra::halb::haproxy2 {
|
||||
if $facts['firstrun'] {
|
||||
include profiles::defaults
|
||||
include profiles::firstrun::init
|
||||
}else{
|
||||
include profiles::defaults
|
||||
include profiles::base
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user