This repository was archived by the owner on Aug 29, 2018. It is now read-only.
forked from mojolingo/puppet-openshift
-
Notifications
You must be signed in to change notification settings - Fork 128
/
Copy pathload_balancer.pp
122 lines (109 loc) · 3.43 KB
/
load_balancer.pp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
# Introduction
# Class used to load-balance brokers in a
# high-availability OpenShift deployment.
#
# Module Dependencies
# duritong/sysctl
# arioch/keepalived
# puppetlabs/haproxy
#
# Example Usage
# class { 'openshift_origin' :
# broker_cluster_members => ['broker01.example.com','broker02.example.com','broker03.example.com'],
# broker_cluster_ip_addresses => ['10.10.10.11','10.10.10.12','10.10.10.13'],
# broker_virtual_ip_address => '10.10.10.10',
# broker_virtual_hostname => 'broker.example.com',
# load_balancer_master => true,
# }
#
class openshift_origin::load_balancer(
$enable = true,
$manage_service = true,
$state_master = $::openshift_origin::load_balancer_master,
$virtual_ipaddress = $::openshift_origin::broker_virtual_ip_address,
$server_names = $::openshift_origin::broker_cluster_members,
$ipaddresses = $::openshift_origin::broker_cluster_ip_addresses,
$interface = $::openshift_origin::conf_node_external_eth_dev,
$http_port = '80',
$ssl_port = '443',
$virtual_router_id = '50',
$auth_pass = $::openshift_origin::load_balancer_auth_password,
) {
include keepalived
if 'broker' and 'load_balancer' in $::openshift_origin::roles {
Class[openshift_origin::plugins::frontend::apache] -> Class['haproxy']
}
if ($state_master == true) {
$priority = '101'
} else {
$priority = '100'
}
# Required by sysctl module
Exec { path => '/usr/bin:/usr/sbin:/bin:/sbin' }
sysctl::value { 'net.ipv4.ip_nonlocal_bind':
value => '1',
}
keepalived::vrrp::instance { $virtual_router_id:
interface => $interface,
priority => $priority,
state => $state_master,
virtual_ipaddress => [$virtual_ipaddress],
virtual_router_id => $virtual_router_id,
auth_type => 'PASS',
auth_pass => $auth_pass,
track_script => ['haproxy'],
}
keepalived::vrrp::script { 'haproxy':
script => '/usr/bin/killall -0 haproxy',
}
class { 'haproxy':
manage_service => $manage_service,
enable => $enable,
defaults_options => {
'log' => 'global',
'option' => 'redispatch',
'retries' => '3',
'timeout' => [
'http-request 10s',
'queue 1m',
'connect 10s',
'client 1m',
'server 1m',
'check 10s',
],
'maxconn' => '8000',
}
}
haproxy::listen { 'broker_http_cluster':
ipaddress => $virtual_ipaddress,
ports => $http_port,
options => {
'option' => ['tcpka', 'tcplog'],
'mode' => 'tcp',
'balance' => 'source',
},
}
haproxy::balancermember { 'http_brokers':
listening_service => 'broker_http_cluster',
server_names => $server_names,
ipaddresses => $ipaddresses,
ports => $http_port,
options => 'check inter 2000 rise 2 fall 5',
}
haproxy::listen { 'broker_ssl_cluster':
ipaddress => $virtual_ipaddress,
ports => $ssl_port,
options => {
'option' => ['tcpka', 'tcplog'],
'mode' => 'tcp',
'balance' => 'source',
},
}
haproxy::balancermember { 'ssl_brokers':
listening_service => 'broker_ssl_cluster',
server_names => $server_names,
ipaddresses => $ipaddresses,
ports => $ssl_port,
options => 'check inter 2000 rise 2 fall 5',
}
}