From c37c7b52eb0b57f1a412c780a1dc40f901ac0793 Mon Sep 17 00:00:00 2001 From: Yanis Guenane Date: Mon, 21 Jul 2014 10:41:38 -0400 Subject: [PATCH] loadbalancer: Allow user to bind multiple public/private ips Currently, a deployer can only bind on the loadbalancer 1 ip per network (be it public, internal, admin, etc...). If a deployer wants to bind to the ipv6 and ipv4 at the same time he couldn't. This patch aims to fix that. --- .fixtures.yml | 2 +- Puppetfile | 4 +++- manifests/loadbalancer.pp | 12 ++++++------ manifests/loadbalancer/binding.pp | 2 +- manifests/loadbalancer/listen_http.pp | 2 +- spec/classes/cloud_loadbalancer_spec.rb | 17 +++++++++++++++++ 6 files changed, 29 insertions(+), 10 deletions(-) diff --git a/.fixtures.yml b/.fixtures.yml index 95e82ac1..bc768264 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -101,7 +101,7 @@ fixtures: ref: '4592bfd59cd5d4795069798a14b483e16c98c1ff' 'stdlib': repo: 'git://github.com/enovance/puppetlabs-stdlib.git' - ref: '224b8f9a191f635b03ee900a9bf87bfdb0f1a6ed' + ref: '8a9b2dfc0e463bec39c00c82c30e0a8a8b7867f3' 'xinetd': repo: 'git://github.com/enovance/puppetlabs-xinetd.git' ref: '7557af0e418d1a587df04fe7d01322ff2473c32e' diff --git a/Puppetfile b/Puppetfile index 8a028903..8ba8330b 100644 --- a/Puppetfile +++ b/Puppetfile @@ -143,9 +143,11 @@ mod 'ssh', mod 'rsyslog', :git => 'git://github.com/enovance/puppet-rsyslog.git', :ref => '67c7c501b916ebd1a27a8a218d49602339526c4f' +#TODO(Spredzy) come back to upstream after +# https://github.com/puppetlabs/puppetlabs-stdlib/pull/319 mod 'stdlib', :git => 'git://github.com/enovance/puppetlabs-stdlib.git', - :ref => '224b8f9a191f635b03ee900a9bf87bfdb0f1a6ed' + :ref => '8a9b2dfc0e463bec39c00c82c30e0a8a8b7867f3' mod 'sysctl', :git => 'git://github.com/enovance/puppet-sysctl.git', :ref => '4a463384e844f51b270428643a5b8beb3628e854' diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp index ec0b3c55..7c74e58e 100644 --- a/manifests/loadbalancer.pp +++ b/manifests/loadbalancer.pp @@ -192,7 +192,7 @@ class cloud::loadbalancer( $keepalived_public_interface = 'eth0', $keepalived_public_ipvs = ['127.0.0.1'], $keepalived_internal_interface = 'eth1', - $keepalived_internal_ipvs = false, + $keepalived_internal_ipvs = [], $ceilometer_bind_options = [], $cinder_bind_options = [], $ec2_bind_options = [], @@ -259,13 +259,13 @@ class cloud::loadbalancer( # end of deprecation support # Fail if OpenStack and Galera VIP are not in the VIP list - if $vip_public_ip and !($vip_public_ip in $keepalived_public_ipvs_real) { + if $vip_public_ip and !(member(any2array($keepalived_public_ipvs_real), $vip_public_ip)) { fail('vip_public_ip should be part of keepalived_public_ipvs.') } - if $vip_internal_ip and !($vip_internal_ip in $keepalived_internal_ipvs) { + if $vip_internal_ip and !(member(any2array($keepalived_internal_ipvs),$vip_internal_ip)) { fail('vip_internal_ip should be part of keepalived_internal_ipvs.') } - if $galera_ip and !(($galera_ip in $keepalived_public_ipvs_real) or ($galera_ip in $keepalived_internal_ipvs)) { + if $galera_ip and !((member(any2array($keepalived_public_ipvs_real),$galera_ip)) or (member(any2array($keepalived_internal_ipvs),$galera_ip))) { fail('galera_ip should be part of keepalived_public_ipvs or keepalived_internal_ipvs.') } @@ -289,7 +289,7 @@ class cloud::loadbalancer( notify_backup => '"/etc/init.d/haproxy stop"', } - if $keepalived_internal_ipvs { + if !empty($keepalived_internal_ipvs) { if ! $keepalived_vrrp_interface { $keepalived_vrrp_interface_internal = $keepalived_internal_interface } else { @@ -484,7 +484,7 @@ class cloud::loadbalancer( bind_options => $horizon_ssl_bind_options, } - if ($galera_ip in $keepalived_public_ipvs_real) { + if (member(any2array($keepalived_public_ipvs_real), $galera_ip)) { warning('Exposing Galera cluster to public network is a security issue.') } haproxy::listen { 'galera_cluster': diff --git a/manifests/loadbalancer/binding.pp b/manifests/loadbalancer/binding.pp index d24fc195..c315b537 100644 --- a/manifests/loadbalancer/binding.pp +++ b/manifests/loadbalancer/binding.pp @@ -49,7 +49,7 @@ define cloud::loadbalancer::binding ( $listen_ip_real = $all_vip_array } else { # when binding is specified in parameter - if ($ip in $all_vip_array) { + if (member($all_vip_array, $ip)) { $listen_ip_real = $ip } else { fail("${ip} is not part of VIP pools.") diff --git a/manifests/loadbalancer/listen_http.pp b/manifests/loadbalancer/listen_http.pp index e03980ba..bb1a26da 100644 --- a/manifests/loadbalancer/listen_http.pp +++ b/manifests/loadbalancer/listen_http.pp @@ -22,7 +22,7 @@ define cloud::loadbalancer::listen_http( $httpchk = 'httpchk', $options = {}, $bind_options = [], - $listen_ip = '0.0.0.0') { + $listen_ip = ['0.0.0.0']) { $options_basic = {'mode' => 'http', 'balance' => 'roundrobin', diff --git a/spec/classes/cloud_loadbalancer_spec.rb b/spec/classes/cloud_loadbalancer_spec.rb index 9e2eb05c..dc5f3ad0 100644 --- a/spec/classes/cloud_loadbalancer_spec.rb +++ b/spec/classes/cloud_loadbalancer_spec.rb @@ -247,6 +247,23 @@ describe 'cloud::loadbalancer' do )} end + context 'configure OpenStack binding on IPv4 and IPv6 public ip' do + before do + params.merge!( + :nova_api => true, + :galera_ip => '172.16.0.1', + :vip_public_ip => ['172.16.0.1', '2001:0db8:85a3:0000:0000:8a2e:0370:7334'], + :vip_internal_ip => '192.168.0.1', + :keepalived_public_ipvs => ['172.16.0.1', '172.16.0.2', '2001:0db8:85a3:0000:0000:8a2e:0370:7334'], + :keepalived_internal_ipvs => ['192.168.0.1', '192.168.0.2'] + ) + end + it { should contain_haproxy__listen('nova_api_cluster').with( + :ipaddress => ['172.16.0.1', '2001:0db8:85a3:0000:0000:8a2e:0370:7334', '192.168.0.1'], + :ports => '8774' + )} + end + context 'disable an OpenStack service binding' do before do params.merge!(:metadata_api => false)