WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-03-31 01:11:36 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
75cebd40ebabe22377b48ba714d4ad402cbb64cc
fedora-infra_ansible/roles/haproxy/templates/haproxy.cfg
Adam Williamson 64ffac4caf haproxy: only proxy rabbitmq on rdu3 proxies 
Prior to 38d138e this condition existed with 'iad2' instead of
'rdu3'. @abompard took it out entirely, but that was wrong, it
makes the external proxies include this block. We need to put the
condition back with the correct data center name.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
2025-07-03 12:05:00 -07:00

296 lines
9.7 KiB
INI
Raw Blame History

# this config needs haproxy-1.1.28 or haproxy-1.2.1
global
log 127.0.0.1 local0 warning
maxconn 4096
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
stats socket /var/run/haproxy-stat user haproxy group nrpe mode 0664
stats socket /var/run/haproxy-admin level admin user root group root mode 0660
#debug
#quiet
defaults
log global
mode http
option httplog
option dontlognull
option httpclose
option redispatch
retries 3
maxconn 5000
timeout connect 5s
timeout client 500s
timeout server 500s
errorfile 503 /etc/haproxy/503.http
frontend stats-frontend
bind 0.0.0.0:8080
default_backend stats-backend
backend stats-backend
balance hdr(appserver)
stats enable
stats uri /
{% if env == "production" and 'rdu3' in inventory_hostname %}
frontend ocp-masters-kapi
mode tcp
bind 0.0.0.0:6443
default_backend ocp-masters-backend-kapi
backend ocp-masters-backend-kapi
mode tcp
server ocp01.ocp.rdu3.fedoraproject.org ocp01.ocp.rdu3.fedoraproject.org:6443 weight 1 maxconn 16384 check
server ocp02.ocp.rdu3.fedoraproject.org ocp02.ocp.rdu3.fedoraproject.org:6443 weight 1 maxconn 16384 check
server ocp03.ocp.rdu3.fedoraproject.org ocp03.ocp.rdu3.fedoraproject.org:6443 weight 1 maxconn 16384 check
# temp bootstrap node
# server bootstrap.ocp.rdu3.fedoraproject.org bootstrap.ocp.rdu3.fedoraproject.org:6443 weight 1 maxconn 16384 check
frontend ocp-masters-machineconfig
mode tcp
bind 0.0.0.0:22623
default_backend ocp-masters-backend-machineconfig
backend ocp-masters-backend-machineconfig
mode tcp
server ocp01.ocp.rdu3.fedoraproject.org ocp01.ocp.rdu3.fedoraproject.org:22623 weight 1 maxconn 16384 check
server ocp02.ocp.rdu3.fedoraproject.org ocp02.ocp.rdu3.fedoraproject.org:22623 weight 1 maxconn 16384 check
server ocp03.ocp.rdu3.fedoraproject.org ocp03.ocp.rdu3.fedoraproject.org:22623 weight 1 maxconn 16384 check
# temp bootstrap node
# server bootstrap.ocp.rdu3.fedoraproject.org bootstrap.ocp.rdu3.fedoraproject.org:22623 weight 1 maxconn 16384 check
{% endif %}
{% if env != "production" and 'rdu3' in inventory_hostname %}
frontend ocp-masters-kapi
mode tcp
bind 0.0.0.0:6443
default_backend ocp-masters-backend-kapi
backend ocp-masters-backend-kapi
mode tcp
server ocp01.ocp.stg.rdu3.fedoraproject.org ocp01.ocp.stg.rdu3.fedoraproject.org:6443 weight 1 maxconn 16384 check
server ocp02.ocp.stg.rdu3.fedoraproject.org ocp02.ocp.stg.rdu3.fedoraproject.org:6443 weight 1 maxconn 16384 check
server ocp03.ocp.stg.rdu3.fedoraproject.org ocp03.ocp.stg.rdu3.fedoraproject.org:6443 weight 1 maxconn 16384 check
# temp bootstrap node
server bootstrap.ocp.stg.rdu3.fedoraproject.org bootstrap.ocp.stg.rdu3.fedoraproject.org:6443 weight 1 maxconn 16384 check
frontend ocp-masters-machineconfig
mode tcp
bind 0.0.0.0:22623
default_backend ocp-masters-backend-machineconfig
backend ocp-masters-backend-machineconfig
mode tcp
server ocp01.ocp.stg.rdu3.fedoraproject.org ocp01.ocp.stg.rdu3.fedoraproject.org:22623 weight 1 maxconn 16384 check
server ocp02.ocp.stg.rdu3.fedoraproject.org ocp02.ocp.stg.rdu3.fedoraproject.org:22623 weight 1 maxconn 16384 check
server ocp03.ocp.stg.rdu3.fedoraproject.org ocp03.ocp.stg.rdu3.fedoraproject.org:22623 weight 1 maxconn 16384 check
# temp bootstrap node
server bootstrap.ocp.stg.rdu3.fedoraproject.org bootstrap.ocp.stg.rdu3.fedoraproject.org:22623 weight 1 maxconn 16384 check
{% endif %}
frontend fp-wiki-frontend
bind 0.0.0.0:10001
default_backend fp-wiki-backend
backend fp-wiki-backend
balance hdr(appserver)
server wiki01 wiki01:80 check inter 15s rise 2 fall 5
{% if env == "production" %}
server wiki02 wiki02:80 check inter 15s rise 2 fall 5
{% endif %}
option httpchk GET /wiki/Main_Page
frontend mirror-lists-frontend
bind 0.0.0.0:10002
default_backend mirror-lists-backend
backend mirror-lists-backend
balance hdr(appserver)
timeout connect 30s
server mirrorlist-local1 127.0.0.1:18081 check inter 1s rise 2 fall 3 weight 100
server mirrorlist-local2 127.0.0.1:18082 check inter 1s rise 2 fall 3 weight 100
option httpchk GET /metalink?repo=epel-9&arch=x86_64
option allbackups
frontend freemedia-frontend
bind 0.0.0.0:10011
default_backend freemedia-backend
backend freemedia-backend
balance hdr(appserver)
server sundries01 sundries01:80 check inter 60s rise 2 fall 3
{% if env == "production" %}
server sundries02 sundries01:80 check inter 60s rise 2 fall 3
{% endif %}
option httpchk GET /freemedia/FreeMedia-form.html
# IMPORTANT: 10023-10026 will NOT work because of selinux policies
frontend geoip-city-frontend
bind 0.0.0.0:10029
default_backend geoip-city-backend
backend geoip-city-backend
balance hdr(appserver)
server sundries01 sundries01:80 check inter 30s rise 2 fall 3
{% if env == "production" %}
server sundries02 sundries02:80 check inter 30s rise 2 fall 3
{% endif %}
option httpchk GET /city?ip=18.0.0.1
# IMPORTANT: 10031 will NOT work because of selinux policies
{% if env == "production" %}
frontend openqa-frontend
bind 0.0.0.0:10044
default_backend openqa-backend
backend openqa-backend
balance hdr(appserver)
server openqa01 openqa01:80 check inter 10s rise 1 fall 2
option httpchk GET /api/v1/job_groups/1
{% endif %}
option httpchk GET /rest_api/v1/
timeout server 3600000
timeout connect 3600000
frontend oci-registry-frontend
bind 0.0.0.0:10048
default_backend oci-registry-backend
backend oci-registry-backend
balance hdr(appserver)
server oci-registry01 oci-registry01:5000 check inter 10s rise 1 fall 2
{% if env == "production" %}
server oci-registry02 oci-registry02:5000 check inter 10s rise 1 fall 2
{% endif %}
frontend ipsilon-frontend
bind 0.0.0.0:10020
default_backend ipsilon-backend
backend ipsilon-backend
balance hdr(appserver)
server ipsilon01 ipsilon01:80 check inter 10s rise 1 fall 3
{% if env == "production" %}
server ipsilon02 ipsilon02:80 check inter 10s rise 1 fall 3
{% endif %}
option httpchk GET /
frontend ipa-frontend
bind 0.0.0.0:10053
default_backend ipa-backend
backend ipa-backend
balance hdr(appserver)
server ipa01 ipa01:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem
{% if env != "staging" %}
server ipa02 ipa02:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem backup
server ipa03 ipa03:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem backup
{% endif %}
option httpchk GET /ipa/ui/
frontend krb5-frontend
mode tcp
bind 0.0.0.0:1088
default_backend krb5-backend
backend krb5-backend
mode tcp
option tcplog
balance roundrobin
maxconn 16384
timeout queue 5000
timeout server 86400000
timeout connect 86400000
server ipa01 ipa01:88 weight 1 maxconn 16384
{% if env == "production" %}
server ipa02 ipa02:88 weight 1 maxconn 16384
server ipa03 ipa03:88 weight 1 maxconn 16384
{% endif %}
frontend oci-candidate-registry-frontend
bind 0.0.0.0:10054
default_backend oci-candidate-registry-backend
backend oci-candidate-registry-backend
balance hdr(appserver)
server oci-candidate-registry01 oci-candidate-registry01:5000 check inter 10s rise 1 fall 2
{% if 'rdu3' in inventory_hostname %}
# Only enable this on rdu3 proxies
frontend src-frontend
bind 0.0.0.0:10057
default_backend src-backend
backend src-backend
balance hdr(appserver)
{% if env == "staging" or datacenter == 'rdu3' %}
server pkgs01 pkgs01:80 check inter 10s rise 1 fall 2
{% endif %}
option httpchk GET /
{% endif %}
# This is an endpoint using only ipa01. This is used for API access, since sessions
# are not synchronized.
frontend ipa01-frontend
bind 0.0.0.0:10061
default_backend ipa01-backend
backend ipa01-backend
balance hdr(appserver)
server ipa01 ipa01:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem
option httpchk GET /ipa/ui/
{% if env == "production" and 'rdu3' in inventory_hostname %}
frontend kojipkgs-frontend
bind 0.0.0.0:10062
default_backend kojipkgs-backend
backend kojipkgs-backend
balance uri
server kojipkgs01.{{ datacenter }}.fedoraproject.org kojipkgs01.{{ datacenter }}.fedoraproject.org:80 check inter 10s rise 1 fall 2
server kojipkgs02.{{ datacenter }}.fedoraproject.org kojipkgs02.{{ datacenter }}.fedoraproject.org:80 check inter 10s rise 1 fall 2
option httpchk GET /
{% endif %}
{% if datacenter == "rdu3" %}
# These ports are for proxying rabbitmq (AMQP) protocol through.
# At this moment, internal- and public-rabbitmq both point to the exact same set of
# brokers on the backend, but the internal- is intended for applications we directly control.
# This allows us to move to a separate cluster for public access if that became necessary
# on just the infra side, with no need to ask users to change anything.
frontend internal-rabbitmq
mode tcp
bind 0.0.0.0:15671
default_backend rabbitmq
frontend public-rabbitmq
mode tcp
bind 0.0.0.0:5671
default_backend rabbitmq
backend rabbitmq
mode tcp
option tcplog
balance roundrobin
maxconn 16384
server rabbitmq01 rabbitmq01:5671 weight 1 maxconn 16384
server rabbitmq02 rabbitmq02:5671 weight 1 maxconn 16384
server rabbitmq03 rabbitmq03:5671 weight 1 maxconn 16384
{% endif %}
{% if 'rdu3' in inventory_hostname %}
frontend zabbix-frontend
bind 0.0.0.0:10068
default_backend zabbix-backend
backend zabbix-backend
balance hdr(appserver)
server zabbix01 zabbix01:80 check inter 10s rise 1 fall 2
{% endif %}
Reference in New Issue View Git Blame Copy Permalink