fixed haproxy to support OpenStack H/A

Change-Id: I02a6a024dc57f491555616529c20324cb3b1bfce
2014-11-19 16:33:33 -08:00 · 2014-11-19 16:33:33 -08:00 · dd3256e188
commit dd3256e188
parent 116364c29a
4 changed files with 18 additions and 13 deletions
--- a/chef/cookbooks/haproxy/attributes/default.rb
+++ b/chef/cookbooks/haproxy/attributes/default.rb
@ -50,8 +50,8 @@ default['haproxy']['ssl_incoming_port'] = 443
 default['haproxy']['ssl_member_port'] = 8443
 default['haproxy']['httpchk'] = nil
 default['haproxy']['ssl_httpchk'] = nil
-default['haproxy']['enable_admin'] = true
-default['haproxy']['admin']['address_bind'] = "10.145.88.152"
+default['haproxy']['enable_admin'] = false
+default['haproxy']['admin']['address_bind'] = "127.0.0.1"
 default['haproxy']['admin']['port'] = 22002
 default['haproxy']['enable_stats_socket'] = false
 default['haproxy']['stats_socket_path'] = "/var/run/haproxy.sock"
@ -97,6 +97,7 @@ default['haproxy']['enabled_services'] = [
  "dashboard_http",
  "dashboard_https",
  "glance_api",
+  "glance_registry_cluster",
  "keystone_admin",
  "keystone_public_internal",
  "nova_compute_api",
@ -127,7 +128,8 @@ default['haproxy']['roles'] = {
    "neutron_api"
  ],
  "os-image" => [
-    "glance_api"
+    "glance_api",
+    "glance_registry_cluster"
  ]
 }

@ -145,10 +147,12 @@ default['haproxy']['services'] = {
    "options" => [ "capture  cookie vgnvisitor= len 32", \
                   "cookie  SERVERID insert indirect nocache", \
                   "mode  http", \
+                   "balance source", \
                   "option  forwardfor", \
-                   "option  httpchk", \
+                   "option  httpchk OPTIONS / HTTP/1.1", \
+                   "http-check expect status 400", \
                   "option  http-server-close", \
-                   'rspidel  ^Set-cookie:\ IP='
+                   "rspidel  ^Set-cookie:\ IP="
                  # "appsession csrftoken len 42  timeout 1h"
                 ]
  },
@ -169,7 +173,7 @@ default['haproxy']['services'] = {
    "role" => "os-image-registry",
    "frontend_port" => "9191",
    "backend_port" => "9191",
-    "options" => [ "option tcpka", "option  httpchk", "option  tcplog", "balance leastconn" ]
+    "options" => [ "option tcpka", "option  httpchk", "option  tcplog", "balance leastconn", "http-check expect status 401" ]
  },
  "keystone_admin" => {
    "role" => "os-identity",
--- a/chef/cookbooks/haproxy/recipes/tcp_lb.rb
+++ b/chef/cookbooks/haproxy/recipes/tcp_lb.rb
@ -35,7 +35,7 @@ node['haproxy']['services'].each do |name, service|

  if node['haproxy']['choose_backend'].eql?("prefeed")
    pool_members = []
-    if node['haproxy'].has_attribute?(:node_mapping)
+    if node['haproxy'].attribute?("node_mapping")
      node['haproxy']['node_mapping'].each do |nodename, nodeinfo|
        if nodeinfo['roles'].include?(service['role'])
          pool_members << nodename
--- a/chef/cookbooks/openstack-dashboard/recipes/server.rb
+++ b/chef/cookbooks/openstack-dashboard/recipes/server.rb
@ -90,7 +90,7 @@ if node['openstack']['dashboard']['session_backend'] == 'memcached'
  end
 end

-memcached = memcached_servers
+memcached = memcached_servers('os-ops-caching')

 # delete the openstack-dashboard.conf before reload apache2 service on fedora, redhat and centos
 # since this file is not valid on those platforms for the apache2 service.
--- a/chef/cookbooks/openstack-identity/recipes/server.rb
+++ b/chef/cookbooks/openstack-identity/recipes/server.rb
@ -108,9 +108,6 @@ if node['openstack']['auth']['strategy'] == 'pki'

  if certfile_url.nil? || keyfile_url.nil? || ca_certs_url.nil?
    keygen_node = node_election('os-identity', 'keystone_keygen')
-    if keygen_node.nil?
-      keygen_node = node
-    end
    if node.name.eql?(keygen_node.name)
      execute 'keystone-manage pki_setup' do
        user  node['openstack']['identity']['user']
@ -130,7 +127,7 @@ if node['openstack']['auth']['strategy'] == 'pki'
      end

    else
-      if keygen_node['openstack']['identity']['signing'].attribute?("#{name}_data")
+      if keygen_node['openstack']['identity']['signing'].attribute?("ca_certs_data")
        %w{certfile keyfile ca_certs}.each do |name|
          file node['openstack']['identity']['signing']["#{name}"] do
            content keygen_node['openstack']['identity']['signing']["#{name}_data"]
@ -196,7 +193,11 @@ if node['openstack']['identity']['token']['backend'].eql?('memcache')
  memcache_servers = memcached_servers('os-ops-caching').join ','  # from openstack-common lib
  # number of seconds to wait before sockets timeout when the memcached server is down
  # the default number is 3, here is going to set it as 0.1
-  `sed -i "s/_SOCKET_TIMEOUT = 3/_SOCKET_TIMEOUT = 0.1/g" /usr/lib/python[0-9].[0-9]/site-packages/memcache.py`
+  ruby_block "Set memcache socket timeout" do
+    block do
+      `sed -i "s/_SOCKET_TIMEOUT = 3/_SOCKET_TIMEOUT = 0.1/g" /usr/lib/python[0-9].[0-9]/site-packages/memcache.py`
+    end
+  end
 end

 # These configuration endpoints must not have the path (v2.0, etc)