diff --git a/chef/cookbooks/haproxy/attributes/default.rb b/chef/cookbooks/haproxy/attributes/default.rb
index 3b56215..e062d54 100644
--- a/chef/cookbooks/haproxy/attributes/default.rb
+++ b/chef/cookbooks/haproxy/attributes/default.rb
@@ -79,12 +79,15 @@ default['haproxy']['source']['use_pcre'] = false
default['haproxy']['source']['use_openssl'] = false
default['haproxy']['source']['use_zlib'] = false
+default['haproxy']['enable_services'] = []
+
default['haproxy']['listeners'] = {
'listen' => {},
'frontend' => {},
'backend' => {}
}
+
default['haproxy']['services'] = {
"dashboard_http" => {
"role" => "os-compute-single-controller",
@@ -96,8 +99,9 @@ default['haproxy']['services'] = {
"mode http", \
"option forwardfor", \
"option httpchk", \
- "option httpclose", \
- "rspidel ^Set-cookie:\ IP="]
+ "option httpclose"
+ # "rspidel ^Set-cookie:\ IP="
+ ]
},
"dashboard_https" => {
"role" => "os-compute-single-controller",
diff --git a/chef/cookbooks/haproxy/recipes/install_package.rb b/chef/cookbooks/haproxy/recipes/install_package.rb
index 09d3f0a..bbb8d94 100644
--- a/chef/cookbooks/haproxy/recipes/install_package.rb
+++ b/chef/cookbooks/haproxy/recipes/install_package.rb
@@ -19,16 +19,19 @@
package "haproxy"
-directory node['haproxy']['conf_dir']
-template "/etc/init.d/haproxy" do
- source "haproxy-init.erb"
- owner "root"
- group "root"
- mode 00755
- variables(
- :hostname => node['hostname'],
- :conf_dir => node['haproxy']['conf_dir'],
- :prefix => "/usr"
- )
+case node['platform_family']
+when "debian"
+ directory node['haproxy']['conf_dir']
+ template "/etc/init.d/haproxy" do
+ source "haproxy-init.erb"
+ owner "root"
+ group "root"
+ mode 00755
+ variables(
+ :hostname => node['hostname'],
+ :conf_dir => node['haproxy']['conf_dir'],
+ :prefix => "/usr"
+ )
+ end
end
diff --git a/chef/cookbooks/haproxy/recipes/tcp_lb.rb b/chef/cookbooks/haproxy/recipes/tcp_lb.rb
index a8975da..74f797a 100644
--- a/chef/cookbooks/haproxy/recipes/tcp_lb.rb
+++ b/chef/cookbooks/haproxy/recipes/tcp_lb.rb
@@ -17,7 +17,38 @@
# limitations under the License.
#
+defaultbag = "openstack"
+if !Chef::DataBag.list.key?(defaultbag)
+ Chef::Application.fatal!("databag '#{defaultbag}' doesn't exist.")
+ return
+end
+
+myitem = node.attribute?('cluster')? node['cluster']:"env_default"
+
+if !search(defaultbag, "id:#{myitem}")
+ Chef::Application.fatal!("databagitem '#{myitem}' doesn't exist.")
+ return
+end
+
+mydata = data_bag_item(defaultbag, myitem)
+
+if mydata['ha']['status'].eql?('enable')
+ node.set['haproxy']['incoming_address'] = mydata['ha']['haproxy']['vip']
+ mydata['ha']['haproxy']['roles'].each do |role, services|
+ services.each do |service|
+ node.set['haproxy']['services'][service]['role'] = role
+ unless node['haproxy']['enable_services'].include?(service)
+ node.set['haproxy']['enable_services'] << service
+ end
+ end
+ end
+end
+
node['haproxy']['services'].each do |name, service|
+ unless node['haproxy']['enable_services'].include?(name)
+ next
+ end
+
pool_members = search("node", "role:#{service['role']} AND chef_environment:#{node.chef_environment}") || []
# load balancer may be in the pool
@@ -44,7 +75,7 @@ node['haproxy']['services'].each do |name, service|
pool = ["options httpchk #{node['haproxy']['httpchk']}"] if node['haproxy']['httpchk']
pool = service[:options]
servers = pool_members.uniq.map do |s|
- "#{s[:hostrame]} #{s[:ipaddress]}:#{service[:backend_port]} check inter 2000 rise 2 fall 5"
+ "#{s[:hostname]} #{s[:ipaddress]}:#{service[:backend_port]} check inter 2000 rise 2 fall 5"
end
haproxy_lb name do
@@ -72,4 +103,3 @@ service "haproxy" do
supports :restart => true, :status => true, :reload => true
action [:enable, :start]
end
-
diff --git a/chef/cookbooks/keepalived/attributes/default.rb b/chef/cookbooks/keepalived/attributes/default.rb
index 54d004c..710afd2 100644
--- a/chef/cookbooks/keepalived/attributes/default.rb
+++ b/chef/cookbooks/keepalived/attributes/default.rb
@@ -1,4 +1,4 @@
-default['keepalived']['shared_address'] = false
+default['keepalived']['shared_address'] = true
default['keepalived']['global']['notification_emails'] = 'admin@example.com'
default['keepalived']['global']['notification_email_from'] = "keepalived@#{node['domain'] || 'example.com'}"
default['keepalived']['global']['smtp_server'] = '127.0.0.1'
@@ -18,20 +18,23 @@ default['keepalived']['check_scripts'] = {
default['keepalived']['instance_defaults']['state'] = 'MASTER'
default['keepalived']['instance_defaults']['priority'] = 100
default['keepalived']['instance_defaults']['virtual_router_id'] = 10
+default['keepalived']['vip'] = {
+ "eth0" => "10.145.88.161"
+ }
default['keepalived']['instances'] = {
"openstack" => {
"virtual_router_id" => "50",
"advert_int" => "1",
"priorities" => {
- "centos-10-145-88-152" => "110",
- "centos-10-145-88-153" => "101"
+ "centos-10-145-88-152" => 110,
+ "centos-10-145-88-153" => 101
},
"states" => {
"centos-10-145-88-152" => "BACKUP",
"centos-10-145-88-153" => "MASTER"
},
"interface" => "eth0",
- "ip_addresses" => ["192.168.220.40 dev eth0"],
+ "ip_addresses" => ["#{node['keepalived']['vip']['eth0']} dev eth0"],
"track_script" => "haproxy"
}
}
diff --git a/chef/cookbooks/keepalived/recipes/default.rb b/chef/cookbooks/keepalived/recipes/default.rb
index 5143d8e..0b4ef47 100644
--- a/chef/cookbooks/keepalived/recipes/default.rb
+++ b/chef/cookbooks/keepalived/recipes/default.rb
@@ -17,16 +17,73 @@
# limitations under the License.
#
+require 'chef/util/file_edit'
+
+defaultbag = "openstack"
+if !Chef::DataBag.list.key?(defaultbag)
+ Chef::Application.fatal!("databag '#{defaultbag}' doesn't exist.")
+ return
+end
+
+myitem = node.attribute?('cluster')? node['cluster']:"env_default"
+
+if !search(defaultbag, "id:#{myitem}")
+ Chef::Application.fatal!("databagitem '#{myitem}' doesn't exist.")
+ return
+end
+
+mydata = data_bag_item(defaultbag, myitem)
+
+if mydata['ha']['status'].eql?('enable')
+ mydata['ha']['keepalived']['router_ids'].each do |nodename, routerid|
+ node.override['keepalived']['global']['router_ids']["#{nodename}"] = routerid
+ end
+
+ mydata['ha']['keepalived']['instance_name']['priorities'].each do |nodename, priority|
+ node.override['keepalived']['instances']['openstack']['priorities']["#{nodename}"] = priority
+ end
+
+ mydata['ha']['keepalived']['instance_name']['states'].each do |nodename, status|
+ node.override['keepalived']['instances']['openstack']['states']["#{nodename}"] = status
+ end
+
+ interface = node['keepalived']['instances']['openstack']['interface']
+ node.override['keepalived']['instances']['openstack']['ip_addresses'] = [
+ "#{mydata['ha']['keepalived']['instance_name']['vip']} dev #{interface}" ]
+end
+
package "keepalived"
if node['keepalived']['shared_address']
- file '/etc/sysctl.d/60-ip-nonlocal-bind.conf' do
- mode 0644
- content "net.ipv4.ip_nonlocal_bind=1\n"
- end
+ case node['platform_family']
+ when "debian"
+ file '/etc/sysctl.d/60-ip-nonlocal-bind.conf' do
+ mode 0644
+ content "net.ipv4.ip_nonlocal_bind=1\n"
+ end
- service 'procps' do
- action :start
+ service 'procps' do
+ action :start
+ end
+
+ when "rhel"
+ ruby_block "update sysctl" do
+ block do
+ fe = Chef::Util::FileEdit.new('/etc/sysctl.conf')
+ fe.search_file_delete_line(/^net.ipv4.ip_nonlocal_bind\s*=\s*0/)
+ fe.write_file
+ fe.insert_line_if_no_match(/^net.ipv4.ip_nonlocal_bind\s*=s*1/,
+ "net.ipv4.ip_nonlocal_bind = 1")
+ fe.write_file
+ end
+ not_if %Q|grep "^net.ipv4.ip_nonlocal_bind[[:space:]]*=[[:space:]]*1" /etc/sysctl.conf|
+ notifies :run, "execute[apply sysctl]", :immediately
+ end
+
+ execute "apply sysctl" do
+ command "sysctl -p"
+ action :nothing
+ end
end
end