OpenStack-Ansible HAProxy server

OpenStack-Ansible HAProxy server

This Ansible role installs the HAProxy Load Balancer service.

To clone or view the source code for this repository, visit the role repository for haproxy_server.

Default variables

# Validate Certificates when downloading hatop. May be set to "no" when proxy server
# is intercepting the certificates.
haproxy_hatop_download_validate_certs: yes

# Set the package install state for distribution packages
# Options are 'present' and 'latest'
haproxy_package_state: "latest"

## Haproxy Configuration
haproxy_rise: 3
haproxy_fall: 3
haproxy_interval: 12000

## Haproxy Stats
haproxy_stats_enabled: False
haproxy_stats_bind_address: 127.0.0.1
haproxy_stats_port: 1936
haproxy_username: admin
haproxy_stats_password: secrete

# Default haproxy backup nodes to empty list so this doesn't have to be
# defined for each service.
haproxy_backup_nodes: []

# haproxy_service_configs:
#   - service:
#       hap_service_name: haproxy_all
#       hap_backend_nodes: "{{ groups['haproxy_all'][0] }}"
#       # hap_backup_nodes: "{{ groups['haproxy_all'][1:] }}"
#       hap_port: 80
#       hap_balance_type: http
#       hap_backend_options:
#         - "forwardfor"
#         - "httpchk"
#         - "httplog"
#       haproxy_acls:
#         white_list:
#           rule: "src 127.0.0.1/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8"
#           backend_name: "mybackend"
galera_monitoring_user: monitoring
haproxy_bind_on_non_local: False

## haproxy SSL
haproxy_ssl: true
haproxy_ssl_dh_param: 2048
haproxy_ssl_self_signed_regen: no
haproxy_ssl_cert: /etc/ssl/certs/haproxy.cert
haproxy_ssl_key: /etc/ssl/private/haproxy.key
haproxy_ssl_pem: /etc/ssl/private/haproxy.pem
haproxy_ssl_ca_cert: /etc/ssl/certs/haproxy-ca.pem
haproxy_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ external_lb_vip_address }}/subjectAltName=IP.1={{ external_lb_vip_address }}"
haproxy_ssl_cipher_suite: "{{ ssl_cipher_suite | default('ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS') }}"
haproxy_ssl_bind_options: "no-sslv3"

haproxy_hatop_download_url: "https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/hatop/hatop-0.7.7.tar.gz"

## haproxy default
# Set the number of retries to perform on a server after a connection failure
haproxy_retries: "3"
# Set the maximum inactivity time on the client side
haproxy_client_timeout: "50s"
# Set the maximum time to wait for a connection attempt to a server to succeed
haproxy_connect_timeout: "10s"
# Set the maximum allowed time to wait for a complete HTTP request
haproxy_http_request_timeout: "5s"
# Set the maximum inactivity time on the server side
haproxy_server_timeout: "50s"


## haproxy tuning params
haproxy_maxconn: 4096

# Parameters below should only be specified if necessary, defaults are programmed in the template
#haproxy_tuning_params:
#  nbproc: 1
#  bufsize: 384000
#  chksize: 16384
#  comp_maxlevel: 1
#  http_maxhdr: 101
#  maxaccept: 64
#  ssl_cachesize: 20000
#  ssl_lifetime: 300

Required variables

None.

Dependencies

None.

Example playbook

- name: Install haproxy
  hosts: haproxy
  user: root
  roles:
    - { role: "haproxy_server", tags: [ "haproxy-server" ] }
  vars:
    haproxy_service_configs:
      - service:
          haproxy_service_name: group_name
          haproxy_backend_nodes: "{{ groups['group_name'][0] }}"
          haproxy_backup_nodes: "{{ groups['group_name'][1:] }}"
          haproxy_port: 80
          haproxy_balance_type: http
          haproxy_backend_options:
            - "forwardfor"
            - "httpchk"
            - "httplog"
          haproxy_backend_arguments:
            - 'http-check expect string OK'
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.