WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-29 21:10:20 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
1dc01d036eea003fea59ebd8bbfb70e16e55f8ae
fedora-infra_ansible/roles/haproxy/templates/haproxy.cfg
Kevin Fenzi f23fd1b7a1 totpcgi / 2fa: remove old totpci and files and roles. 
Note: there are still some calls here in old fas in openshift, but we
will remove those when we remove old fas (likely as soon as zodbot is
ported over to noggin).

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-05-17 13:00:56 -07:00

467 lines
14 KiB
INI
Raw Blame History

# this config needs haproxy-1.1.28 or haproxy-1.2.1
global
log 127.0.0.1 local0 warning
# Set this to 4096 + 16384
# 16384 for the fedmsg gateway and 4096 for everybody else.
maxconn 20480
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
stats socket /var/run/haproxy-stat user haproxy group nrpe mode 0664
stats socket /var/run/haproxy-admin level admin user root group root mode 0660
#debug
#quiet
defaults
log global
mode http
option httplog
option dontlognull
option httpclose
option redispatch
retries 3
maxconn 5000
timeout connect 5s
timeout client 500s
timeout server 500s
errorfile 503 /etc/haproxy/503.http
frontend stats-frontend
bind 0.0.0.0:8080
default_backend stats-backend
backend stats-backend
balance hdr(appserver)
stats enable
stats uri /
frontend fp-wiki-frontend
bind 0.0.0.0:10001
default_backend fp-wiki-backend
backend fp-wiki-backend
balance hdr(appserver)
server wiki01 wiki01:80 check inter 15s rise 2 fall 5
{% if env == "production" %}
server wiki02 wiki02:80 check inter 15s rise 2 fall 5
{% endif %}
option httpchk GET /wiki/Main_Page
frontend mirror-lists-frontend
bind 0.0.0.0:10002
default_backend mirror-lists-backend
backend mirror-lists-backend
balance hdr(appserver)
timeout connect 30s
server mirrorlist-local1 127.0.0.1:18081 check inter 1s rise 2 fall 3 weight 100
server mirrorlist-local2 127.0.0.1:18082 check inter 1s rise 2 fall 3 weight 100
option httpchk GET /metalink?repo=epel-7&arch=x86_64
option allbackups
frontend mirrormanager-frontend
bind 0.0.0.0:10008
default_backend mirrormanager-backend
backend mirrormanager-backend
balance hdr(appserver)
server mm-frontend01 mm-frontend01:80 check inter 60s rise 2 fall 3
option httpchk GET /mirrormanager/static/mirrormanager2.css
frontend freemedia-frontend
bind 0.0.0.0:10011
default_backend freemedia-backend
backend freemedia-backend
balance hdr(appserver)
server sundries01 sundries01:80 check inter 60s rise 2 fall 3
{% if env == "production" %}
server sundries02 sundries01:80 check inter 60s rise 2 fall 3
{% endif %}
option httpchk GET /freemedia/FreeMedia-form.html
#frontend packages-frontend
# bind 0.0.0.0:10016
# default_backend packages-backend
#
#backend packages-backend
# balance hdr(appserver)
# server packages03 packages03:80 check inter 5s rise 2 fall 3
#{% if env == "production" %}
# server packages04 packages04:80 check inter 5s rise 2 fall 3
#{% endif %}
# option httpchk GET /packages/_heartbeat
frontend blockerbugs-frontend
bind 0.0.0.0:10022
default_backend blockerbugs-backend
backend blockerbugs-backend
balance hdr(appserver)
server blockerbugs01 blockerbugs01:80 check inter 10s rise 1 fall 2
option httpchk GET /blockerbugs
frontend fedocal-frontend
bind 0.0.0.0:10023
default_backend fedocal-backend
backend fedocal-backend
balance hdr(appserver)
server fedocal01 fedocal01:80 check inter 10s rise 1 fall 2
option httpchk GET /calendar
# IMPORTANT: 10023-10026 will NOT work because of selinux policies
frontend datagrepper-frontend
bind 0.0.0.0:10028
default_backend datagrepper-backend
backend datagrepper-backend
balance hdr(appserver)
server datagrepper01 datagrepper01:80 check inter 10s rise 1 fall 2
{% if env == "production" %}
server datagrepper02 datagrepper02:80 check inter 10s rise 1 fall 2
{% endif %}
option httpchk GET /datagrepper/reference/
frontend geoip-city-frontend
bind 0.0.0.0:10029
default_backend geoip-city-backend
backend geoip-city-backend
balance hdr(appserver)
server sundries01 sundries01:80 check inter 30s rise 2 fall 3
{% if env == "production" %}
server sundries02 sundries02:80 check inter 30s rise 2 fall 3
{% endif %}
option httpchk GET /city?ip=18.0.0.1
# IMPORTANT: 10031 will NOT work because of selinux policies
frontend badges-frontend
bind 0.0.0.0:10032
default_backend badges-backend
backend badges-backend
balance hdr(appserver)
server badges-web01 badges-web01:80 check inter 10s rise 1 fall 2
option httpchk GET /heartbeat
frontend nuancier-frontend
bind 0.0.0.0:10035
default_backend nuancier-backend
backend nuancier-backend
balance hdr(appserver)
server nuancier01 nuancier01:80 check inter 10s rise 1 fall 2
server nuancier02 nuancier02:80 check inter 10s rise 1 fall 2
option httpchk GET /nuancier/
frontend notifs-web-frontend
bind 0.0.0.0:10036
default_backend notifs-web-backend
backend notifs-web-backend
balance hdr(appserver)
server notifs-web01 notifs-web01:80 check inter 10s rise 1 fall 2
{% if env == "production" %}
# server notifs-web02 notifs-web02:80 check inter 10s rise 1 fall 2
{% endif %}
option httpchk GET /notifications/_heartbeat
frontend github2fedmsg-frontend
bind 0.0.0.0:10037
default_backend github2fedmsg-backend
backend github2fedmsg-backend
balance hdr(appserver)
server github2fedmsg01 github2fedmsg01:80 check inter 10s rise 1 fall 2
option httpchk GET /github2fedmsg/
frontend kerneltest-frontend
bind 0.0.0.0:10038
default_backend kerneltest-backend
backend kerneltest-backend
balance hdr(appserver)
server kerneltest01 kerneltest01:80 check inter 10s rise 1 fall 2
option httpchk GET /kerneltest
{% if env == "production" %}
frontend openqa-frontend
bind 0.0.0.0:10044
default_backend openqa-backend
backend openqa-backend
balance hdr(appserver)
server openqa01 openqa01:80 check inter 10s rise 1 fall 2
option httpchk GET /api/v1/job_groups/1
{% endif %}
frontend pdc-frontend
bind 0.0.0.0:10045
default_backend pdc-backend
backend pdc-backend
balance hdr(appserver)
{% if env != "staging" %}
# Set session persistence with a cookie.
# https://jdennis.fedorapeople.org/doc/rhsso-tripleo-federation/html/rhsso-tripleo-federation.html#step-18-use-proxy-persistence-for-keystone-on-each-controller
cookie SERVERID insert indirect nocache
{% endif %}
server pdc-web01 pdc-web01:80 check inter 10s rise 1 fall 2 cookie pdc-web01
{% if env != "staging" %}
server pdc-web02 pdc-web02:80 check inter 10s rise 1 fall 2 cookie pdc-web02
{% endif %}
option httpchk GET /rest_api/v1/
timeout server 3600000
timeout connect 3600000
frontend osbs-frontend
bind 0.0.0.0:10047
default_backend osbs-backend
backend osbs-backend
balance hdr(appserver)
server osbs-master01 osbs-master01:8443 check inter 10s rise 1 fall 2 check ssl verify none
frontend oci-registry-frontend
bind 0.0.0.0:10048
default_backend oci-registry-backend
backend oci-registry-backend
balance hdr(appserver)
server oci-registry01 oci-registry01:5000 check inter 10s rise 1 fall 2
{% if env == "production" %}
server oci-registry02 oci-registry02:5000 check inter 10s rise 1 fall 2
{% endif %}
{% if env == "staging" %}
frontend pps-frontend
bind 0.0.0.0:10051
default_backend pps-backend
backend pps-backend
balance hdr(appserver)
server mdapi01 mdapi01:80 check inter 10s rise 1 fall 2
option httpchk GET /pps
{% endif %}
frontend ipsilon-frontend
bind 0.0.0.0:10020
default_backend ipsilon-backend
backend ipsilon-backend
balance hdr(appserver)
server ipsilon01 ipsilon01:80 check inter 10s rise 1 fall 3
{% if env == "production" %}
server ipsilon02 ipsilon02:80 check inter 10s rise 1 fall 3
{% endif %}
option httpchk GET /
frontend ipa-frontend
bind 0.0.0.0:10053
default_backend ipa-backend
backend ipa-backend
balance hdr(appserver)
server ipa01 ipa01:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem
{% if env != "staging" %}
server ipa02 ipa02:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem backup
server ipa03 ipa03:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem backup
{% endif %}
option httpchk GET /ipa/ui/
frontend krb5-frontend
mode tcp
bind 0.0.0.0:1088
default_backend krb5-backend
backend krb5-backend
mode tcp
option tcplog
balance roundrobin
maxconn 16384
timeout queue 5000
timeout server 86400000
timeout connect 86400000
server ipa01 ipa01:88 weight 1 maxconn 16384
{% if env == "production" %}
server ipa02 ipa02:88 weight 1 maxconn 16384
server ipa03 ipa03:88 weight 1 maxconn 16384
{% endif %}
frontend oci-candidate-registry-frontend
bind 0.0.0.0:10054
default_backend oci-candidate-registry-backend
backend oci-candidate-registry-backend
balance hdr(appserver)
server oci-candidate-registry01 oci-candidate-registry01:5000 check inter 10s rise 1 fall 2
{% if 'iad2' in inventory_hostname %}
# Only enable this on iad2 proxies
frontend src-frontend
bind 0.0.0.0:10057
default_backend src-backend
backend src-backend
balance hdr(appserver)
{% if env == "staging" %}
server pkgs01 pkgs01:80 check inter 10s rise 1 fall 2
{% elif datacenter == 'iad2' %}
server pkgs01 pkgs01:80 check inter 10s rise 1 fall 2
{% endif %}
option httpchk GET /
{% endif %}
# This is an endpoint using only ipa01. This is used for API access, since sessions
# are not synchronized.
frontend ipa01-frontend
bind 0.0.0.0:10061
default_backend ipa01-backend
backend ipa01-backend
balance hdr(appserver)
server ipa01 ipa01:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem
option httpchk GET /ipa/ui/
{% if env == "production" and 'iad2' in inventory_hostname %}
frontend kojipkgs-frontend
bind 0.0.0.0:10062
default_backend kojipkgs-backend
backend kojipkgs-backend
balance uri
server kojipkgs01.{{ datacenter }}.fedoraproject.org kojipkgs01.{{ datacenter }}.fedoraproject.org:80 check inter 10s rise 1 fall 2
server kojipkgs02.{{ datacenter }}.fedoraproject.org kojipkgs02.{{ datacenter }}.fedoraproject.org:80 check inter 10s rise 1 fall 2
option httpchk GET /
{% endif %}
frontend mbs-frontend
bind 0.0.0.0:10063
default_backend mbs-backend
backend mbs-backend
balance hdr(appserver)
server mbs-frontend01 mbs-frontend01:80 check inter 20s rise 2 fall 3
{% if env == "production" %}
server mbs-frontend02 mbs-frontend02:80 check inter 20s rise 2 fall 3
{% endif %}
option httpchk GET /module-build-service/1/component-builds/
frontend odcs-frontend
bind 0.0.0.0:10066
default_backend odcs-backend
backend odcs-backend
balance hdr(appserver)
server odcs-frontend01 odcs-frontend01:80 check inter 20s rise 2 fall 3
option httpchk GET /api/1/composes/
{% if datacenter == "iad2" %}
# These ports are for proxying rabbitmq (AMQP) protocol through.
# At this moment, internal- and public-rabbitmq both point to the exact same set of
# brokers on the backend, but the internal- is intended for applications we directly control.
# This allows us to move to a separate cluster for public access if that became necessary
# on just the infra side, with no need to ask users to change anything.
frontend internal-rabbitmq
mode tcp
bind 0.0.0.0:15671
default_backend rabbitmq
frontend public-rabbitmq
mode tcp
bind 0.0.0.0:5671
default_backend rabbitmq
backend rabbitmq
mode tcp
option tcplog
balance roundrobin
maxconn 16384
server rabbitmq01 rabbitmq01:5671 weight 1 maxconn 16384
server rabbitmq02 rabbitmq02:5671 weight 1 maxconn 16384
server rabbitmq03 rabbitmq03:5671 weight 1 maxconn 16384
{% endif %}
# Apache doesn't handle the initial connection here like the other proxy
# entries. This proxy also doesn't use the http mode like the others.
# stunnel should be sitting on port 9939 (public) and redirecting
# connections from there to here, port 9938. This then proxies to the
# fedmsg-hub's websocket server on busgateway01, port 9919.
frontend fedmsg-websockets-frontend
mode tcp
bind 0.0.0.0:9938
default_backend fedmsg-websockets-backend
backend fedmsg-websockets-backend
mode tcp
option tcplog
balance roundrobin
maxconn 16384
timeout queue 5000
timeout server 86400000
timeout connect 86400000
server busgateway01 busgateway01:9919 weight 1 maxconn 16384
# This, unlike the websockets entry just above, is listening directly to the
# outside world with no stunnel inbetween.
# Simply redirect tcp connections to a local fedmsg-gateway slave. It should be
# forwarding messages from the master gateway on busgateway01.
frontend fedmsg-raw-zmq-outbound-frontend
mode tcp
bind 0.0.0.0:9940
default_backend fedmsg-raw-zmq-outbound-backend
backend fedmsg-raw-zmq-outbound-backend
mode tcp
option tcplog
balance roundrobin
maxconn 16384
timeout queue 5000
timeout server 86400000
timeout connect 86400000
server localhost 127.0.0.1:9942 weight 1 maxconn 16384
# While the above fedmsg-raw-zmq-outbound forwards incoming connections to an
# instance of the "fedmsg-gateway" daemon (which pushes internal messages out),
# this entry forwards incoming connections to a secondary instance of the
# "fedmsg-relay" daemon (which pushes messages *onto* the internal bus). We
# have a primary instance of fedmsg-relay running on app01 for most internal
# use. Here we forward to a secondary one on busgateway01.
frontend fedmsg-raw-zmq-inbound-frontend
mode tcp
bind 0.0.0.0:9941
default_backend fedmsg-raw-zmq-inbound-backend
backend fedmsg-raw-zmq-inbound-backend
mode tcp
option tcplog
balance roundrobin
maxconn 16384
timeout queue 5000
timeout server 86400000
timeout connect 86400000
server busgateway01 busgateway01:9941 weight 1 maxconn 16384
{% if env == "staging" %}
frontend zabbix-frontend
bind 0.0.0.0:10068
default_backend zabbix-backend
backend zabbix-backend
balance hdr(appserver)
server zabbix01 zabbix01:80 check inter 10s rise 1 fall 2
# option httpchk GET /
# http-check expect status 200,401,302
{% endif %}
Reference in New Issue View Git Blame Copy Permalink