Deploy the proxies in production

quentinmit · quentinmit · commit 6e9d89c897f5 · 2020-03-03T23:55:34.000-05:00
diff --git a/ansible/roles/lvs-iptables/files/scripts-iptables.rules.v4 b/ansible/roles/lvs-iptables/files/scripts-iptables.rules.v4
@@ -73,10 +73,7 @@
 
 # Clear external DSCP bits
 -A test -j DSCP --set-dscp 0
-# send web traffic to HAProxy and everything else to f20
--A test -m tcp -m multiport -p tcp --dports 80,443,444 -j MARK --set-mark 92
--A test -m tcp -p tcp --dport 25 -j MARK --set-mark 23
--A test -m tcp -p tcp --dport 78:79 -j RETURN
--A test -m mark --mark 0 -j MARK --set-mark 21
+# Handle test traffic exactly the same as f30 traffic
+-A test -j f30
 
 COMMIT
diff --git a/ansible/roles/lvs-ldirectord/templates/ldirectord.cf.j2 b/ansible/roles/lvs-ldirectord/templates/ldirectord.cf.j2
@@ -30,23 +30,17 @@ virtual=3
         checktype=negotiate
 	checkport=80
 
+# The proxy servers get only web traffic
 # Apache (80, 443, and 444) uses FWM 2
 virtual=2
-	#real=18.4.86.53  gate 4096 # old-faithful
-	#real=18.4.86.57  gate 4096 # better-mousetrap
-	real=18.4.86.167 gate 4096 # bees-knees
-	real=18.4.86.228 gate 1024 # cats-whiskers
-	real=18.4.86.234 gate 4096 # busy-beaver
-	#real=18.4.86.235 gate 4096 # real-mccoy
-	real=18.4.86.237 gate 4096 # pancake-bunny
-	#real=18.4.86.236 gate 1024 # whole-enchilada
-	real=18.4.86.135 gate 4096 # shining-armor
-	#real=18.4.86.141 gate 4096 # golden-egg
-	#real=18.4.86.203 gate 4096 # miracle-cure
-	#real=18.4.86.204 gate 4096 # lucky-star
+{% for hostname in groups['scripts-proxy-prod']|sort %}
+{% with info = hostvars[hostname] %}
+	real={{ info['ip'] }} gate 4096 # {{ hostname }}
+{% endwith %}
+{% endfor %}
 	fallback=127.0.0.1 gate
 	service=http
-	request="heartbeat/http"
+	request="heartbeat/http?codename=ANY"
 	virtualhost="scripts.mit.edu"
 	receive="1"
 	checktype=negotiate
@@ -55,26 +49,6 @@ virtual=2
 	persistent=600
 	protocol=fwm
 
-# Everything else uses FWM 1 and gets sent only to the primary
-virtual=1
-	#real=18.4.86.53  gate "heartbeat/services", "1"  # old-faithful
-	#real=18.4.86.57  gate "heartbeat/services", "2"  # better-mousetrap
-	real=18.4.86.167 gate "heartbeat/services", "3"  # bees-knees
-	real=18.4.86.228 gate "heartbeat/services", "4"  # cats-whiskers
-	real=18.4.86.234 gate "heartbeat/services", "5"  # busy-beaver
-	#real=18.4.86.235 gate "heartbeat/services", "6"  # real-mccoy
-	real=18.4.86.237 gate "heartbeat/services", "7"  # pancake-bunny
-	#real=18.4.86.236 gate "heartbeat/services", "8"  # whole-enchilada
-	real=18.4.86.135 gate "heartbeat/services", "9"  # shining-armor
-	#real=18.4.86.141 gate "heartbeat/services", "10" # golden-egg
-	#real=18.4.86.203 gate "heartbeat/services", "11" # miracle-cure
-	#real=18.4.86.204 gate "heartbeat/services", "12" # lucky-star
-	service=http
-        scheduler=wrr
-        protocol=fwm
-        checktype=negotiate
-	checkport=80
-
 ## sipb.mit.edu needs an FTP server
 #virtual=4
 #	real=18.181.2.75 gate 1
@@ -122,21 +96,3 @@ virtual={{ offset + 1 }}
 	checktype=negotiate
 	checkport=80
 {% endfor %}
-
-# The proxy servers get only web traffic
-virtual=92
-{% for hostname in groups['scripts-proxy-prod']|sort %}
-{% with info = hostvars[hostname] %}
-	real={{ info['ip'] }} gate 4096 # {{ hostname }}
-{% endwith %}
-{% endfor %}
-	fallback=127.0.0.1 gate
-	service=http
-	request="heartbeat/http?codename=ANY"
-	virtualhost="scripts.mit.edu"
-	receive="1"
-	checktype=negotiate
-	checkport=80
-	scheduler=wlc
-	persistent=600
-	protocol=fwm
