tripleo_haproxy

About The Role

An Ansible role to check if the HAProxy configuration has recommended values.

Requirements

This role requires and Up and Running Overcloud.

Dependencies

None.

Example Playbook

- hosts: undercloud
  roles:
    - { role: tripleo_haproxy }

License

Apache

Author Information

Red Hat Tripleo DFG:PIDONE

Full Description

Role Documentation

Welcome to the “tripleo_haproxy” role documentation.

Role Defaults

This section highlights all of the defaults and variables set within the “tripleo_haproxy” role.

# Path to the haproxy.cfg file
haproxy_config_file: /var/lib/config-data/puppet-generated/haproxy/etc/haproxy/haproxy.cfg

# Global mininum per-process number of concurrent connections
global_maxconn_min: 20480

# Defaults mininum per-process number of concurrent connections
defaults_maxconn_min: 4096

# Time to wait in the queue for a connection slot to be free
defaults_timeout_queue: 2m

# Inactivity time on the client side
defaults_timeout_client: 2m

# Inactivity time on the server side
defaults_timeout_server: 2m

# Additional check timeout
defaults_timeout_check: 10s

Molecule Scenarios

Molecule is being used to test the “tripleo_haproxy” role. The following section highlights the drivers in service and provides an example playbook showing how the role is leveraged.

Scenario: default

Driver: podman

Molecule Platform(s)

- name: centos
  hostname: centos
  image: centos/centos:stream8
  registry:
    url: quay.io
  dockerfile: ../../../../.config/molecule/Dockerfile
  pkg_extras: python*-setuptools python*-pyyaml
  volumes:
  - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
  privileged: true
  environment:
    http_proxy: "{{ lookup('env', 'http_proxy') }}"
    https_proxy: "{{ lookup('env', 'https_proxy') }}"
  ulimits:
  - host

Molecule Inventory

hosts:
  all:
    hosts:
      centos:
        ansible_python_interpreter: /usr/bin/python3

Example default playbook

- name: Converge
  hosts: all
  gather_facts: false

  vars:
    haproxy_config_file: /haproxy.cfg

  tasks:
  - name: create haproxy config file
    copy:
      dest: /haproxy.cfg
      content: |
        # This file managed by Puppet
        global
          daemon
          group  haproxy
          log  /dev/log local0
          maxconn  100
          pidfile  /var/run/haproxy.pid
          ssl-default-bind-ciphers  !SSLv2:kEECDH:kRSA:kEDH:kPSK:+3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES
          ssl-default-bind-options  no-sslv3 no-tlsv10
          stats  socket /var/lib/haproxy/stats mode 600 level user
          stats  timeout 1s
          user  haproxy

        defaults
          log  global
          maxconn  100
          mode  tcp
          retries  1
          timeout  http-request 1s
          timeout  queue 1s
          timeout  connect 1s
          timeout  client 1s
          timeout  server 2m
          timeout  check 10s
  - block:
    - include_role:
        name: tripleo_haproxy
    rescue:
    - name: Clear host errors
      meta: clear_host_errors

    - debug:
        msg: The validation works! End the playbook run

    - name: End play
      meta: end_play

  - name: Fail the test
    fail:
      msg: |
        The haproxy role should have detected issues within haproxy
        configuration file!