3daded6242
TLS can be used to encrypt and authenticate the connection with OpenStack endpoints. This patch provides the necessary parameters and changes the resulting service configurations to enable TLS for the Kolla deployed OpenStack cloud. The new input parameters are: kolla_enable_tls_external: "yes" or "no" (default is "no") kolla_external_fqdn_cert: "/etc/kolla/certificates/haproxy.pem" kolla_external_fqdn_cacert: "/etc/kolla/certificates/haproxy-ca.crt" Implements: blueprint kolla-ssl Change-Id: I48ef8a781c3035d58817f9bf6f36d59a488bab41
379 lines
18 KiB
Django/Jinja
379 lines
18 KiB
Django/Jinja
{% set tls_bind_info = 'ssl crt /etc/haproxy/haproxy.pem' if kolla_enable_tls_external | bool else '' %}
|
|
global
|
|
daemon
|
|
log /var/lib/kolla/heka/log local0
|
|
maxconn 4000
|
|
stats socket /var/lib/kolla/haproxy/haproxy.sock
|
|
{% if kolla_enable_tls_external | bool %}
|
|
ssl-default-bind-ciphers DEFAULT:!MEDIUM:!3DES
|
|
ssl-default-bind-options no-sslv3 no-tlsv10
|
|
tune.ssl.default-dh-param 4096
|
|
{% endif %}
|
|
|
|
defaults
|
|
log global
|
|
mode http
|
|
option redispatch
|
|
option httplog
|
|
option forwardfor
|
|
retries 3
|
|
timeout http-request 10s
|
|
timeout queue 1m
|
|
timeout connect 10s
|
|
timeout client 1m
|
|
timeout server 1m
|
|
timeout check 10s
|
|
|
|
listen stats {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}:{{ haproxy_stats_port }}
|
|
mode http
|
|
stats enable
|
|
stats uri /
|
|
stats refresh 15s
|
|
stats realm Haproxy\ Stats
|
|
stats auth {{ haproxy_user }}:{{ haproxy_password }}
|
|
|
|
{% if enable_mariadb | bool %}
|
|
listen mariadb
|
|
mode tcp
|
|
option tcplog
|
|
option tcpka
|
|
option mysql-check user haproxy
|
|
bind {{ kolla_internal_vip_address }}:{{ mariadb_port }}
|
|
{% for host in groups['mariadb'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ mariadb_port }} check inter 2000 rise 2 fall 5 {% if not loop.first %}backup{% endif %}
|
|
|
|
{% endfor %}
|
|
{% endif %}
|
|
|
|
{% if enable_rabbitmq | bool %}
|
|
listen rabbitmq_management
|
|
bind {{ kolla_internal_vip_address }}:{{ rabbitmq_management_port }}
|
|
{% for host in groups['rabbitmq'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rabbitmq_management_port }} check inter 2000 rise 2 fall 5
|
|
{% endfor %}
|
|
{% endif %}
|
|
|
|
{% if enable_mongodb | bool %}
|
|
listen mongodb
|
|
bind {{ kolla_internal_vip_address }}:{{ mongodb_port }}
|
|
{% for host in groups['mongodb'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ mongodb_port }} check inter 2000 rise 2 fall 5
|
|
{% endfor %}
|
|
{% endif %}
|
|
|
|
{% if enable_keystone | bool %}
|
|
listen keystone_internal
|
|
bind {{ kolla_internal_vip_address }}:{{ keystone_public_port }}
|
|
http-request del-header X-Forwarded-Proto
|
|
{% for host in groups['keystone'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ keystone_public_port }} check inter 2000 rise 2 fall 5
|
|
{% endfor %}
|
|
{% if haproxy_enable_external_vip | bool %}
|
|
|
|
listen keystone_external
|
|
bind {{ kolla_external_vip_address }}:{{ keystone_public_port }} {{ tls_bind_info }}
|
|
http-request del-header X-Forwarded-Proto
|
|
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
|
{% for host in groups['keystone'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ keystone_public_port }} check inter 2000 rise 2 fall 5
|
|
{% endfor %}
|
|
{% endif %}
|
|
|
|
listen keystone_admin
|
|
bind {{ kolla_internal_vip_address }}:{{ keystone_admin_port }}
|
|
http-request del-header X-Forwarded-Proto
|
|
{% for host in groups['keystone'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ keystone_admin_port }} check inter 2000 rise 2 fall 5
|
|
{% endfor %}
|
|
{% endif %}
|
|
|
|
{% if enable_glance | bool %}
|
|
listen glance_registry
|
|
bind {{ kolla_internal_vip_address }}:{{ glance_registry_port }}
|
|
{% for host in groups['glance-registry'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ glance_registry_port }} check inter 2000 rise 2 fall 5
|
|
{% endfor %}
|
|
|
|
listen glance_api
|
|
bind {{ kolla_internal_vip_address }}:{{ glance_api_port }}
|
|
{% for host in groups['glance-api'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ glance_api_port }} check inter 2000 rise 2 fall 5
|
|
{% endfor %}
|
|
{% if haproxy_enable_external_vip | bool %}
|
|
|
|
listen glance_registry_external
|
|
bind {{ kolla_external_vip_address }}:{{ glance_registry_port }} {{ tls_bind_info }}
|
|
{% for host in groups['glance-registry'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ glance_registry_port }} check inter 2000 rise 2 fall 5
|
|
{% endfor %}
|
|
|
|
listen glance_api_external
|
|
bind {{ kolla_external_vip_address }}:{{ glance_api_port }} {{ tls_bind_info }}
|
|
{% for host in groups['glance-api'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ glance_api_port }} check inter 2000 rise 2 fall 5
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
{% if enable_nova | bool %}
|
|
listen nova_api
|
|
bind {{ kolla_internal_vip_address }}:{{ nova_api_port }}
|
|
http-request del-header X-Forwarded-Proto
|
|
{% for host in groups['nova-api'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_api_port }} check inter 2000 rise 2 fall 5
|
|
{% endfor %}
|
|
|
|
listen nova_api_ec2
|
|
bind {{ kolla_internal_vip_address }}:{{ nova_api_ec2_port }}
|
|
http-request del-header X-Forwarded-Proto
|
|
{% for host in groups['nova-api'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_api_ec2_port }} check inter 2000 rise 2 fall 5
|
|
{% endfor %}
|
|
|
|
listen nova_metadata
|
|
bind {{ kolla_internal_vip_address }}:{{ nova_metadata_port }}
|
|
http-request del-header X-Forwarded-Proto
|
|
{% for host in groups['nova-api'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_metadata_port }} check inter 2000 rise 2 fall 5
|
|
{% endfor %}
|
|
|
|
{% if nova_console == 'novnc' %}
|
|
listen nova_novncproxy
|
|
bind {{ kolla_internal_vip_address }}:{{ nova_novncproxy_port }}
|
|
http-request del-header X-Forwarded-Proto
|
|
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
|
{% for host in groups['nova-novncproxy'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_novncproxy_port }} check inter 2000 rise 2 fall 5
|
|
{% endfor %}
|
|
{% elif nova_console == 'spice' %}
|
|
listen nova_spicehtml5proxy
|
|
bind {{ kolla_internal_vip_address }}:{{ nova_spicehtml5proxy_port }}
|
|
{% for host in groups['nova-spicehtml5proxy'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_spicehtml5proxy_port }} check inter 2000 rise 2 fall 5
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% if haproxy_enable_external_vip | bool %}
|
|
|
|
listen nova_api_external
|
|
bind {{ kolla_external_vip_address }}:{{ nova_api_port }} {{ tls_bind_info }}
|
|
http-request del-header X-Forwarded-Proto
|
|
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
|
{% for host in groups['nova-api'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_api_port }} check inter 2000 rise 2 fall 5
|
|
{% endfor %}
|
|
|
|
listen nova_api_ec2_external
|
|
bind {{ kolla_external_vip_address }}:{{ nova_api_ec2_port }} {{ tls_bind_info }}
|
|
http-request del-header X-Forwarded-Proto
|
|
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
|
{% for host in groups['nova-api'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_api_ec2_port }} check inter 2000 rise 2 fall 5
|
|
{% endfor %}
|
|
|
|
listen nova_metadata_external
|
|
bind {{ kolla_external_vip_address }}:{{ nova_metadata_port }} {{ tls_bind_info }}
|
|
http-request del-header X-Forwarded-Proto
|
|
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
|
{% for host in groups['nova-api'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_metadata_port }} check inter 2000 rise 2 fall 5
|
|
{% endfor %}
|
|
|
|
{% if nova_console == 'novnc' %}
|
|
listen nova_novncproxy_external
|
|
bind {{ kolla_external_vip_address }}:{{ nova_novncproxy_port }} {{ tls_bind_info }}
|
|
http-request del-header X-Forwarded-Proto
|
|
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
|
{% for host in groups['nova-novncproxy'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_novncproxy_port }} check inter 2000 rise 2 fall 5
|
|
{% endfor %}
|
|
{% elif nova_console == 'spice' %}
|
|
listen nova_spicehtml5proxy_external
|
|
bind {{ kolla_external_vip_address }}:{{ nova_spicehtml5proxy_port }} {{ tls_bind_info }}
|
|
http-request del-header X-Forwarded-Proto
|
|
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
|
{% for host in groups['nova-spicehtml5proxy'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_spicehtml5proxy_port }} check inter 2000 rise 2 fall 5
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
{% if enable_neutron | bool %}
|
|
listen neutron_server
|
|
bind {{ kolla_internal_vip_address }}:{{ neutron_server_port }}
|
|
{% for host in groups['neutron-server'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ neutron_server_port }} check inter 2000 rise 2 fall 5
|
|
{% endfor %}
|
|
{% if haproxy_enable_external_vip | bool %}
|
|
|
|
listen neutron_server_external
|
|
bind {{ kolla_external_vip_address }}:{{ neutron_server_port }} {{ tls_bind_info }}
|
|
{% for host in groups['neutron-server'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ neutron_server_port }} check inter 2000 rise 2 fall 5
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
{% if enable_horizon | bool %}
|
|
listen horizon
|
|
bind {{ kolla_internal_vip_address }}:80
|
|
http-request del-header X-Forwarded-Proto
|
|
{% for host in groups['horizon'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:80 check inter 2000 rise 2 fall 5
|
|
{% endfor %}
|
|
|
|
{% if haproxy_enable_external_vip | bool %}
|
|
{% if kolla_enable_tls_external | bool %}
|
|
listen horizon_external
|
|
bind {{ kolla_external_vip_address }}:443 {{ tls_bind_info }}
|
|
http-request del-header X-Forwarded-Proto
|
|
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
|
{% for host in groups['horizon'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:80 check inter 2000 rise 2 fall 5
|
|
{% endfor %}
|
|
|
|
frontend horizon_external_redirect {{ kolla_external_vip_address }}:80
|
|
redirect scheme https code 301 if !{ ssl_fc }
|
|
{% else %}
|
|
listen horizon_external
|
|
bind {{ kolla_external_vip_address }}:80
|
|
{% for host in groups['horizon'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:80 check inter 2000 rise 2 fall 5
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
{% if enable_cinder | bool %}
|
|
listen cinder_api
|
|
bind {{ kolla_internal_vip_address }}:{{ cinder_api_port }}
|
|
http-request del-header X-Forwarded-Proto
|
|
{% for host in groups['cinder-api'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ cinder_api_port }} check inter 2000 rise 2 fall 5
|
|
{% endfor %}
|
|
{% if haproxy_enable_external_vip | bool %}
|
|
|
|
listen cinder_api_external
|
|
bind {{ kolla_external_vip_address }}:{{ cinder_api_port }} {{ tls_bind_info }}
|
|
http-request del-header X-Forwarded-Proto
|
|
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
|
{% for host in groups['cinder-api'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ cinder_api_port }} check inter 2000 rise 2 fall 5
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
{% if enable_heat | bool %}
|
|
listen heat_api
|
|
bind {{ kolla_internal_vip_address }}:{{ heat_api_port }}
|
|
http-request del-header X-Forwarded-Proto
|
|
{% for host in groups['heat-api'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ heat_api_port }} check inter 2000 rise 2 fall 5
|
|
{% endfor %}
|
|
|
|
listen heat_api_cfn
|
|
bind {{ kolla_internal_vip_address }}:{{ heat_api_cfn_port }}
|
|
http-request del-header X-Forwarded-Proto
|
|
{% for host in groups['heat-api-cfn'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ heat_api_cfn_port }} check inter 2000 rise 2 fall 5
|
|
{% endfor %}
|
|
{% if haproxy_enable_external_vip | bool %}
|
|
|
|
listen heat_api_external
|
|
bind {{ kolla_external_vip_address }}:{{ heat_api_port }} {{ tls_bind_info }}
|
|
http-request del-header X-Forwarded-Proto
|
|
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
|
{% for host in groups['heat-api'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ heat_api_port }} check inter 2000 rise 2 fall 5
|
|
{% endfor %}
|
|
|
|
listen heat_api_cfn_external
|
|
bind {{ kolla_external_vip_address }}:{{ heat_api_cfn_port }} {{ tls_bind_info }}
|
|
http-request del-header X-Forwarded-Proto
|
|
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
|
{% for host in groups['heat-api-cfn'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ heat_api_cfn_port }} check inter 2000 rise 2 fall 5
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
{% if enable_ironic | bool %}
|
|
listen ironic_api
|
|
bind {{ kolla_internal_vip_address }}:{{ ironic_api_port }}
|
|
{% for host in groups['ironic-api'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ ironic_api_port }} check inter 2000 rise 2 fall 5
|
|
{% endfor %}
|
|
{% if haproxy_enable_external_vip | bool %}
|
|
|
|
listen ironic_api_external
|
|
bind {{ kolla_external_vip_address }}:{{ ironic_api_port }} {{ tls_bind_info }}
|
|
{% for host in groups['ironic-api'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ ironic_api_port }} check inter 2000 rise 2 fall 5
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
{% if enable_swift | bool %}
|
|
listen swift_api
|
|
bind {{ kolla_internal_vip_address }}:{{ swift_proxy_server_port }}
|
|
{% for host in groups['swift-proxy-server'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ swift_proxy_server_port }} check inter 2000 rise 2 fall 5
|
|
{% endfor %}
|
|
{% if haproxy_enable_external_vip | bool %}
|
|
|
|
listen swift_api_external
|
|
bind {{ kolla_external_vip_address }}:{{ swift_proxy_server_port }} {{ tls_bind_info }}
|
|
{% for host in groups['swift-proxy-server'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ swift_proxy_server_port }} check inter 2000 rise 2 fall 5
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
{% if enable_murano | bool %}
|
|
listen murano_api
|
|
bind {{ kolla_internal_vip_address }}:{{ murano_api_port }}
|
|
{% for host in groups['murano-api'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ murano_api_port }} check inter 2000 rise 2 fall 5
|
|
{% endfor %}
|
|
{% if haproxy_enable_external_vip | bool %}
|
|
|
|
listen murano_api_external
|
|
bind {{ kolla_external_vip_address }}:{{ murano_api_port }} {{ tls_bind_info }}
|
|
{% for host in groups['murano-api'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ murano_api_port }} check inter 2000 rise 2 fall 5
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
{% if enable_magnum | bool %}
|
|
listen magnum_api
|
|
bind {{ kolla_internal_vip_address }}:{{ magnum_api_port }}
|
|
{% for host in groups['magnum-api'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ magnum_api_port }} check inter 2000 rise 2 fall 5
|
|
{% endfor %}
|
|
{% if haproxy_enable_external_vip | bool %}
|
|
|
|
listen magnum_api_external
|
|
bind {{ kolla_external_vip_address }}:{{ magnum_api_port }} {{ tls_bind_info }}
|
|
{% for host in groups['magnum-api'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ magnum_api_port }} check inter 2000 rise 2 fall 5
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
{% if enable_ceph | bool and enable_ceph_rgw | bool %}
|
|
listen radosgw
|
|
bind {{ kolla_internal_vip_address }}:{{ rgw_port }}
|
|
{% for host in groups['ceph-rgw'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rgw_port }} check inter 2000 rise 2 fall 5
|
|
{% endfor %}
|
|
{% if haproxy_enable_external_vip | bool %}
|
|
|
|
listen radosgw_external
|
|
bind {{ kolla_external_vip_address }}:{{ rgw_port }} {{ tls_bind_info }}
|
|
{% for host in groups['ceph-rgw'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rgw_port }} check inter 2000 rise 2 fall 5
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% endif %}
|