WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-03-20 03:57:02 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
7925576c331d68d6ec855e54967db90f4ffd00f2
fedora-infra_ansible/roles/haproxy/templates/haproxy.cfg
Kevin Fenzi 7925576c33 haproxy: Also retry oci-registry connections 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2025-11-08 15:04:18 -08:00

317 lines
10 KiB
INI
Raw Blame History

global
log 127.0.0.1:514 local0 warning
maxconn 5000
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
stats socket /var/run/haproxy-stat user haproxy group nrpe mode 0664
stats socket /var/run/haproxy-admin level admin user root group root mode 0660
#debug
#quiet
defaults
log global
mode http
option httplog
option dontlognull
option httpclose
option redispatch
retries 3
timeout connect 5s
timeout client 500s
timeout server 500s
errorfile 503 /etc/haproxy/503.http
frontend stats-frontend
bind 0.0.0.0:8080
default_backend stats-backend
backend stats-backend
balance hdr(appserver)
stats enable
stats uri /
{% if env == "production" and 'rdu3' in inventory_hostname %}
frontend ocp-masters-kapi
mode tcp
option tcplog
bind 0.0.0.0:6443
default_backend ocp-masters-backend-kapi
backend ocp-masters-backend-kapi
mode tcp
server ocp01.ocp.rdu3.fedoraproject.org ocp01.ocp.rdu3.fedoraproject.org:6443 weight 1 maxconn 16384 check
server ocp02.ocp.rdu3.fedoraproject.org ocp02.ocp.rdu3.fedoraproject.org:6443 weight 1 maxconn 16384 check
server ocp03.ocp.rdu3.fedoraproject.org ocp03.ocp.rdu3.fedoraproject.org:6443 weight 1 maxconn 16384 check
# temp bootstrap node
# server bootstrap.ocp.rdu3.fedoraproject.org bootstrap.ocp.rdu3.fedoraproject.org:6443 weight 1 maxconn 16384 check
frontend ocp-masters-machineconfig
mode tcp
option tcplog
bind 0.0.0.0:22623
default_backend ocp-masters-backend-machineconfig
backend ocp-masters-backend-machineconfig
mode tcp
server ocp01.ocp.rdu3.fedoraproject.org ocp01.ocp.rdu3.fedoraproject.org:22623 weight 1 maxconn 16384 check
server ocp02.ocp.rdu3.fedoraproject.org ocp02.ocp.rdu3.fedoraproject.org:22623 weight 1 maxconn 16384 check
server ocp03.ocp.rdu3.fedoraproject.org ocp03.ocp.rdu3.fedoraproject.org:22623 weight 1 maxconn 16384 check
# temp bootstrap node
# server bootstrap.ocp.rdu3.fedoraproject.org bootstrap.ocp.rdu3.fedoraproject.org:22623 weight 1 maxconn 16384 check
{% endif %}
{% if env != "production" and 'rdu3' in inventory_hostname %}
frontend ocp-masters-kapi
mode tcp
option tcplog
bind 0.0.0.0:6443
default_backend ocp-masters-backend-kapi
backend ocp-masters-backend-kapi
mode tcp
server ocp01.ocp.stg.rdu3.fedoraproject.org ocp01.ocp.stg.rdu3.fedoraproject.org:6443 weight 1 maxconn 16384 check
server ocp02.ocp.stg.rdu3.fedoraproject.org ocp02.ocp.stg.rdu3.fedoraproject.org:6443 weight 1 maxconn 16384 check
server ocp03.ocp.stg.rdu3.fedoraproject.org ocp03.ocp.stg.rdu3.fedoraproject.org:6443 weight 1 maxconn 16384 check
# temp bootstrap node
server bootstrap.ocp.stg.rdu3.fedoraproject.org bootstrap.ocp.stg.rdu3.fedoraproject.org:6443 weight 1 maxconn 16384 check
frontend ocp-masters-machineconfig
mode tcp
option tcplog
bind 0.0.0.0:22623
default_backend ocp-masters-backend-machineconfig
backend ocp-masters-backend-machineconfig
mode tcp
server ocp01.ocp.stg.rdu3.fedoraproject.org ocp01.ocp.stg.rdu3.fedoraproject.org:22623 weight 1 maxconn 16384 check
server ocp02.ocp.stg.rdu3.fedoraproject.org ocp02.ocp.stg.rdu3.fedoraproject.org:22623 weight 1 maxconn 16384 check
server ocp03.ocp.stg.rdu3.fedoraproject.org ocp03.ocp.stg.rdu3.fedoraproject.org:22623 weight 1 maxconn 16384 check
# temp bootstrap node
server bootstrap.ocp.stg.rdu3.fedoraproject.org bootstrap.ocp.stg.rdu3.fedoraproject.org:22623 weight 1 maxconn 16384 check
{% endif %}
frontend fp-wiki-frontend
bind 0.0.0.0:10001
default_backend fp-wiki-backend
backend fp-wiki-backend
balance hdr(appserver)
server wiki01 wiki01:80 check inter 15s rise 2 fall 5
{% if env == "production" %}
server wiki02 wiki02:80 check inter 15s rise 2 fall 5
{% endif %}
option httpchk GET /wiki/Main_Page
frontend mirror-lists-frontend
bind 0.0.0.0:10002
default_backend mirror-lists-backend
backend mirror-lists-backend
balance hdr(appserver)
timeout connect 30s
server mirrorlist-local1 127.0.0.1:18081 check inter 1s rise 2 fall 3 weight 100
server mirrorlist-local2 127.0.0.1:18082 check inter 1s rise 2 fall 3 weight 100
option httpchk GET /metalink?repo=epel-9&arch=x86_64
option allbackups
frontend freemedia-frontend
bind 0.0.0.0:10011
default_backend freemedia-backend
backend freemedia-backend
balance hdr(appserver)
server sundries01 sundries01:80 check inter 60s rise 2 fall 3
{% if env == "production" %}
server sundries02 sundries01:80 check inter 60s rise 2 fall 3
{% endif %}
option httpchk GET /freemedia/FreeMedia-form.html
# IMPORTANT: 10023-10026 will NOT work because of selinux policies
frontend geoip-city-frontend
bind 0.0.0.0:10029
default_backend geoip-city-backend
backend geoip-city-backend
balance hdr(appserver)
server sundries01 sundries01:80 check inter 30s rise 2 fall 3
{% if env == "production" %}
server sundries02 sundries02:80 check inter 30s rise 2 fall 3
{% endif %}
option httpchk GET /city?ip=18.0.0.1 HTTP/1.1
http-check send hdr Host haproxy
# IMPORTANT: 10031 will NOT work because of selinux policies
frontend oci-registry-frontend
bind 0.0.0.0:10048
default_backend oci-registry-backend
backend oci-registry-backend
balance hdr(appserver)
server oci-registry01 oci-registry01:5000 check inter 10s rise 1 fall 2
{% if env == "production" %}
server oci-registry02 oci-registry02:5000 check inter 10s rise 1 fall 2
{% endif %}
retries 5
retry-on all-retryable-errors
frontend ipsilon-frontend
bind 0.0.0.0:10020
{% if env == "staging" %}
option http-buffer-request
# Define ipsilon OpenID only instance
acl path_openidc path_beg /openidc
acl path_openid path_beg /openid
acl is_openid_cookie req.cook(OPENID) true
acl host_is_id_sub hdr(host) -m reg -i ^.+\.id\{{ env_suffix }}\.fedoraproject\.org$
use_backend ipsilon-backend if path_openidc
use_backend ipsilon-backend-openid if path_openid
use_backend ipsilon-backend-openid if is_openid_cookie
use_backend ipsilon-backend-openid if host_is_id_sub
{% endif %}
default_backend ipsilon-backend
{% if env == "staging" %}
backend ipsilon-backend-openid
balance hdr(appserver)
cookie OPENID insert indirect nocache attr Max-Age=300
server ipsilon02 ipsilon02:80 cookie true check inter 10s rise 1 fall 3
option httpchk GET /
{% endif %}
backend ipsilon-backend
balance hdr(appserver)
server ipsilon01 ipsilon01:80 check inter 10s rise 1 fall 3
{% if env == "staging" %}
http-response set-header x-xrds-location "https://id{{ env_suffix }}.fedoraproject.org/openid/XRDS"
{% endif %}
{% if env == "production" %}
server ipsilon02 ipsilon02:80 check inter 10s rise 1 fall 3
{% endif %}
option httpchk GET /
frontend ipa-frontend
bind 0.0.0.0:10053
default_backend ipa-backend
backend ipa-backend
balance hdr(appserver)
server ipa01 ipa01:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem
{% if env != "staging" %}
server ipa02 ipa02:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem backup
server ipa03 ipa03:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem backup
{% endif %}
option httpchk GET /ipa/ui/
frontend krb5-frontend
mode tcp
option tcplog
bind 0.0.0.0:1088
default_backend krb5-backend
backend krb5-backend
mode tcp
balance roundrobin
fullconn 16384
timeout queue 5000
timeout server 86400000
timeout connect 86400000
server ipa01 ipa01:88 weight 1 maxconn 16384
{% if env == "production" %}
server ipa02 ipa02:88 weight 1 maxconn 16384
server ipa03 ipa03:88 weight 1 maxconn 16384
{% endif %}
frontend oci-candidate-registry-frontend
bind 0.0.0.0:10054
default_backend oci-candidate-registry-backend
backend oci-candidate-registry-backend
balance hdr(appserver)
server oci-candidate-registry01 oci-candidate-registry01:5000 check inter 10s rise 1 fall 2
{% if 'rdu3' in inventory_hostname %}
# Only enable this on rdu3 proxies
frontend src-frontend
bind 0.0.0.0:10057
default_backend src-backend
backend src-backend
balance hdr(appserver)
{% if env == "staging" or datacenter == 'rdu3' %}
server pkgs01 pkgs01:80 check inter 10s rise 1 fall 2
{% endif %}
option httpchk GET /
retries 5
retry-on all-retryable-errors
{% endif %}
# This is an endpoint using only ipa01. This is used for API access, since sessions
# are not synchronized.
frontend ipa01-frontend
bind 0.0.0.0:10061
default_backend ipa01-backend
backend ipa01-backend
balance hdr(appserver)
server ipa01 ipa01:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem
option httpchk GET /ipa/ui/
{% if env == "production" and 'rdu3' in inventory_hostname %}
frontend kojipkgs-frontend
bind 0.0.0.0:10062
default_backend kojipkgs-backend
backend kojipkgs-backend
balance uri
server kojipkgs01.{{ datacenter }}.fedoraproject.org kojipkgs01.{{ datacenter }}.fedoraproject.org:8080 check inter 30s rise 1 fall 3
server kojipkgs02.{{ datacenter }}.fedoraproject.org kojipkgs02.{{ datacenter }}.fedoraproject.org:8080 check inter 30s rise 1 fall 3
option httpchk GET /
retries 5
retry-on all-retryable-errors
option redispatch 1
{% endif %}
{% if datacenter == "rdu3" %}
# These ports are for proxying rabbitmq (AMQP) protocol through.
# At this moment, internal- and public-rabbitmq both point to the exact same set of
# brokers on the backend, but the internal- is intended for applications we directly control.
# This allows us to move to a separate cluster for public access if that became necessary
# on just the infra side, with no need to ask users to change anything.
frontend internal-rabbitmq
mode tcp
option tcplog
bind 0.0.0.0:15671
default_backend rabbitmq
frontend public-rabbitmq
mode tcp
option tcplog
bind 0.0.0.0:5671
default_backend rabbitmq
backend rabbitmq
mode tcp
balance roundrobin
fullconn 16384
server rabbitmq01 rabbitmq01:5671 weight 1 maxconn 16384
server rabbitmq02 rabbitmq02:5671 weight 1 maxconn 16384
server rabbitmq03 rabbitmq03:5671 weight 1 maxconn 16384
{% endif %}
{% if 'rdu3' in inventory_hostname %}
frontend zabbix-frontend
bind 0.0.0.0:10068
default_backend zabbix-backend
backend zabbix-backend
balance hdr(appserver)
server zabbix01 zabbix01:80 check inter 10s rise 1 fall 2
{% endif %}
Reference in New Issue View Git Blame Copy Permalink