# this config needs haproxy-1.1.28 or haproxy-1.2.1 global log 127.0.0.1 local0 warning maxconn 4096 chroot /var/lib/haproxy user haproxy group haproxy daemon stats socket /var/run/haproxy-stat user haproxy group nrpe mode 0664 stats socket /var/run/haproxy-admin level admin user root group root mode 0660 #debug #quiet defaults log global mode http option httplog option dontlognull option httpclose option redispatch retries 3 maxconn 5000 timeout connect 5s timeout client 500s timeout server 500s errorfile 503 /etc/haproxy/503.http frontend stats-frontend bind 0.0.0.0:8080 default_backend stats-backend backend stats-backend balance hdr(appserver) stats enable stats uri / {% if env == "production" and 'iad2' in inventory_hostname %} frontend ocp-masters-kapi mode tcp bind 0.0.0.0:6443 default_backend ocp-masters-backend-kapi backend ocp-masters-backend-kapi mode tcp server ocp01.ocp.iad2.fedoraproject.org ocp01.ocp.iad2.fedoraproject.org:6443 weight 1 maxconn 16384 check server ocp02.ocp.iad2.fedoraproject.org ocp02.ocp.iad2.fedoraproject.org:6443 weight 1 maxconn 16384 check server ocp03.ocp.iad2.fedoraproject.org ocp03.ocp.iad2.fedoraproject.org:6443 weight 1 maxconn 16384 check # temp bootstrap node # server bootstrap.ocp.iad2.fedoraproject.org bootstrap.ocp.iad2.fedoraproject.org:6443 weight 1 maxconn 16384 check frontend ocp-masters-machineconfig mode tcp bind 0.0.0.0:22623 default_backend ocp-masters-backend-machineconfig backend ocp-masters-backend-machineconfig mode tcp server ocp01.ocp.iad2.fedoraproject.org ocp01.ocp.iad2.fedoraproject.org:22623 weight 1 maxconn 16384 check server ocp02.ocp.iad2.fedoraproject.org ocp02.ocp.iad2.fedoraproject.org:22623 weight 1 maxconn 16384 check server ocp03.ocp.iad2.fedoraproject.org ocp03.ocp.iad2.fedoraproject.org:22623 weight 1 maxconn 16384 check # temp bootstrap node # server bootstrap.ocp.iad2.fedoraproject.org bootstrap.ocp.iad2.fedoraproject.org:22623 weight 1 maxconn 16384 check {% endif %} {% if env == "production" and 'rdu3' in inventory_hostname %} frontend ocp-masters-kapi mode tcp bind 0.0.0.0:6443 default_backend ocp-masters-backend-kapi backend ocp-masters-backend-kapi mode tcp server ocp01.ocp.rdu3.fedoraproject.org ocp01.ocp.rdu3.fedoraproject.org:6443 weight 1 maxconn 16384 check server ocp02.ocp.rdu3.fedoraproject.org ocp02.ocp.rdu3.fedoraproject.org:6443 weight 1 maxconn 16384 check server ocp03.ocp.rdu3.fedoraproject.org ocp03.ocp.rdu3.fedoraproject.org:6443 weight 1 maxconn 16384 check # temp bootstrap node # server bootstrap.ocp.rdu3.fedoraproject.org bootstrap.ocp.rdu3.fedoraproject.org:6443 weight 1 maxconn 16384 check frontend ocp-masters-machineconfig mode tcp bind 0.0.0.0:22623 default_backend ocp-masters-backend-machineconfig backend ocp-masters-backend-machineconfig mode tcp server ocp01.ocp.rdu3.fedoraproject.org ocp01.ocp.rdu3.fedoraproject.org:22623 weight 1 maxconn 16384 check server ocp02.ocp.rdu3.fedoraproject.org ocp02.ocp.rdu3.fedoraproject.org:22623 weight 1 maxconn 16384 check server ocp03.ocp.rdu3.fedoraproject.org ocp03.ocp.rdu3.fedoraproject.org:22623 weight 1 maxconn 16384 check # temp bootstrap node # server bootstrap.ocp.rdu3.fedoraproject.org bootstrap.ocp.rdu3.fedoraproject.org:22623 weight 1 maxconn 16384 check {% endif %} {% if env != "production" and 'iad2' in inventory_hostname %} frontend ocp-masters-kapi mode tcp bind 0.0.0.0:6443 default_backend ocp-masters-backend-kapi backend ocp-masters-backend-kapi mode tcp server ocp01.ocp.stg.iad2.fedoraproject.org ocp01.ocp.stg.iad2.fedoraproject.org:6443 weight 1 maxconn 16384 check server ocp02.ocp.stg.iad2.fedoraproject.org ocp02.ocp.stg.iad2.fedoraproject.org:6443 weight 1 maxconn 16384 check server ocp03.ocp.stg.iad2.fedoraproject.org ocp03.ocp.stg.iad2.fedoraproject.org:6443 weight 1 maxconn 16384 check # temp bootstrap node # server bootstrap.ocp.stg.iad2.fedoraproject.org bootstrap.ocp.stg.iad2.fedoraproject.org:6443 weight 1 maxconn 16384 check frontend ocp-masters-machineconfig mode tcp bind 0.0.0.0:22623 default_backend ocp-masters-backend-machineconfig backend ocp-masters-backend-machineconfig mode tcp server ocp01.ocp.stg.iad2.fedoraproject.org ocp01.ocp.stg.iad2.fedoraproject.org:22623 weight 1 maxconn 16384 check server ocp02.ocp.stg.iad2.fedoraproject.org ocp02.ocp.stg.iad2.fedoraproject.org:22623 weight 1 maxconn 16384 check server ocp03.ocp.stg.iad2.fedoraproject.org ocp03.ocp.stg.iad2.fedoraproject.org:22623 weight 1 maxconn 16384 check # temp bootstrap node # server bootstrap.ocp.stg.iad2.fedoraproject.org bootstrap.ocp.stg.iad2.fedoraproject.org:22623 weight 1 maxconn 16384 check {% endif %} {% if env != "production" and 'rdu3' in inventory_hostname %} frontend ocp-masters-kapi mode tcp bind 0.0.0.0:6443 default_backend ocp-masters-backend-kapi backend ocp-masters-backend-kapi mode tcp server ocp01.ocp.stg.rdu3.fedoraproject.org ocp01.ocp.stg.rdu3.fedoraproject.org:6443 weight 1 maxconn 16384 check server ocp02.ocp.stg.rdu3.fedoraproject.org ocp02.ocp.stg.rdu3.fedoraproject.org:6443 weight 1 maxconn 16384 check server ocp03.ocp.stg.rdu3.fedoraproject.org ocp03.ocp.stg.rdu3.fedoraproject.org:6443 weight 1 maxconn 16384 check # temp bootstrap node server bootstrap.ocp.stg.rdu3.fedoraproject.org bootstrap.ocp.stg.rdu3.fedoraproject.org:6443 weight 1 maxconn 16384 check frontend ocp-masters-machineconfig mode tcp bind 0.0.0.0:22623 default_backend ocp-masters-backend-machineconfig backend ocp-masters-backend-machineconfig mode tcp server ocp01.ocp.stg.rdu3.fedoraproject.org ocp01.ocp.stg.rdu3.fedoraproject.org:22623 weight 1 maxconn 16384 check server ocp02.ocp.stg.rdu3.fedoraproject.org ocp02.ocp.stg.rdu3.fedoraproject.org:22623 weight 1 maxconn 16384 check server ocp03.ocp.stg.rdu3.fedoraproject.org ocp03.ocp.stg.rdu3.fedoraproject.org:22623 weight 1 maxconn 16384 check # temp bootstrap node server bootstrap.ocp.stg.rdu3.fedoraproject.org bootstrap.ocp.stg.rdu3.fedoraproject.org:22623 weight 1 maxconn 16384 check {% endif %} frontend fp-wiki-frontend bind 0.0.0.0:10001 default_backend fp-wiki-backend backend fp-wiki-backend balance hdr(appserver) server wiki01 wiki01:80 check inter 15s rise 2 fall 5 {% if env == "production" %} server wiki02 wiki02:80 check inter 15s rise 2 fall 5 {% endif %} option httpchk GET /wiki/Main_Page frontend mirror-lists-frontend bind 0.0.0.0:10002 default_backend mirror-lists-backend backend mirror-lists-backend balance hdr(appserver) timeout connect 30s server mirrorlist-local1 127.0.0.1:18081 check inter 1s rise 2 fall 3 weight 100 server mirrorlist-local2 127.0.0.1:18082 check inter 1s rise 2 fall 3 weight 100 option httpchk GET /metalink?repo=epel-9&arch=x86_64 option allbackups frontend freemedia-frontend bind 0.0.0.0:10011 default_backend freemedia-backend backend freemedia-backend balance hdr(appserver) server sundries01 sundries01:80 check inter 60s rise 2 fall 3 {% if env == "production" %} server sundries02 sundries01:80 check inter 60s rise 2 fall 3 {% endif %} option httpchk GET /freemedia/FreeMedia-form.html # IMPORTANT: 10023-10026 will NOT work because of selinux policies frontend geoip-city-frontend bind 0.0.0.0:10029 default_backend geoip-city-backend backend geoip-city-backend balance hdr(appserver) server sundries01 sundries01:80 check inter 30s rise 2 fall 3 {% if env == "production" %} server sundries02 sundries02:80 check inter 30s rise 2 fall 3 {% endif %} option httpchk GET /city?ip=18.0.0.1 # IMPORTANT: 10031 will NOT work because of selinux policies {% if env == "production" %} frontend openqa-frontend bind 0.0.0.0:10044 default_backend openqa-backend backend openqa-backend balance hdr(appserver) server openqa01 openqa01:80 check inter 10s rise 1 fall 2 option httpchk GET /api/v1/job_groups/1 {% endif %} option httpchk GET /rest_api/v1/ timeout server 3600000 timeout connect 3600000 frontend oci-registry-frontend bind 0.0.0.0:10048 default_backend oci-registry-backend backend oci-registry-backend balance hdr(appserver) server oci-registry01 oci-registry01:5000 check inter 10s rise 1 fall 2 {% if env == "production" %} server oci-registry02 oci-registry02:5000 check inter 10s rise 1 fall 2 {% endif %} frontend ipsilon-frontend bind 0.0.0.0:10020 default_backend ipsilon-backend backend ipsilon-backend balance hdr(appserver) server ipsilon01 ipsilon01:80 check inter 10s rise 1 fall 3 {% if env == "production" %} server ipsilon02 ipsilon02:80 check inter 10s rise 1 fall 3 {% endif %} option httpchk GET / frontend ipa-frontend bind 0.0.0.0:10053 default_backend ipa-backend backend ipa-backend balance hdr(appserver) server ipa01 ipa01:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem {% if env != "staging" %} server ipa02 ipa02:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem backup server ipa03 ipa03:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem backup {% endif %} option httpchk GET /ipa/ui/ frontend krb5-frontend mode tcp bind 0.0.0.0:1088 default_backend krb5-backend backend krb5-backend mode tcp option tcplog balance roundrobin maxconn 16384 timeout queue 5000 timeout server 86400000 timeout connect 86400000 server ipa01 ipa01:88 weight 1 maxconn 16384 {% if env == "production" %} server ipa02 ipa02:88 weight 1 maxconn 16384 server ipa03 ipa03:88 weight 1 maxconn 16384 {% endif %} frontend oci-candidate-registry-frontend bind 0.0.0.0:10054 default_backend oci-candidate-registry-backend backend oci-candidate-registry-backend balance hdr(appserver) server oci-candidate-registry01 oci-candidate-registry01:5000 check inter 10s rise 1 fall 2 {% if 'iad2' in inventory_hostname %} # Only enable this on iad2 proxies frontend src-frontend bind 0.0.0.0:10057 default_backend src-backend backend src-backend balance hdr(appserver) {% if env == "staging" %} server pkgs01 pkgs01:80 check inter 10s rise 1 fall 2 {% elif datacenter == 'iad2' %} server pkgs01 pkgs01:80 check inter 10s rise 1 fall 2 {% endif %} option httpchk GET / {% endif %} # This is an endpoint using only ipa01. This is used for API access, since sessions # are not synchronized. frontend ipa01-frontend bind 0.0.0.0:10061 default_backend ipa01-backend backend ipa01-backend balance hdr(appserver) server ipa01 ipa01:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem option httpchk GET /ipa/ui/ {% if env == "production" and 'iad2' in inventory_hostname %} frontend kojipkgs-frontend bind 0.0.0.0:10062 default_backend kojipkgs-backend backend kojipkgs-backend balance uri server kojipkgs01.{{ datacenter }}.fedoraproject.org kojipkgs01.{{ datacenter }}.fedoraproject.org:80 check inter 10s rise 1 fall 2 server kojipkgs02.{{ datacenter }}.fedoraproject.org kojipkgs02.{{ datacenter }}.fedoraproject.org:80 check inter 10s rise 1 fall 2 option httpchk GET / {% endif %} {% if datacenter == "iad2" %} # These ports are for proxying rabbitmq (AMQP) protocol through. # At this moment, internal- and public-rabbitmq both point to the exact same set of # brokers on the backend, but the internal- is intended for applications we directly control. # This allows us to move to a separate cluster for public access if that became necessary # on just the infra side, with no need to ask users to change anything. frontend internal-rabbitmq mode tcp bind 0.0.0.0:15671 default_backend rabbitmq frontend public-rabbitmq mode tcp bind 0.0.0.0:5671 default_backend rabbitmq backend rabbitmq mode tcp option tcplog balance roundrobin maxconn 16384 server rabbitmq01 rabbitmq01:5671 weight 1 maxconn 16384 server rabbitmq02 rabbitmq02:5671 weight 1 maxconn 16384 server rabbitmq03 rabbitmq03:5671 weight 1 maxconn 16384 {% endif %} {% if 'iad2' in inventory_hostname %} frontend zabbix-frontend bind 0.0.0.0:10068 default_backend zabbix-backend backend zabbix-backend balance hdr(appserver) server zabbix01 zabbix01:80 check inter 10s rise 1 fall 2 {% endif %}