Adding haproxy and profile for lnxocp05, lnxocp07 and lnxocp08

Author: telpelt

libvirt/haproxy/haproxy_lnxocp05.cfg

@@ -0,0 +1,170 @@
+#---------------------------------------------------------------------
+# Configuration for CI environment.
+#---------------------------------------------------------------------
+
+#---------------------------------------------------------------------
+# Global settings
+#---------------------------------------------------------------------
+global
+    log 127.0.0.1:514  local2 info
+    chroot      /var/lib/haproxy
+    pidfile     /var/run/haproxy.pid
+    maxconn     4000
+    user        haproxy
+    group       haproxy
+    daemon
+
+    # turn on stats unix socket
+    stats socket /var/lib/haproxy/stats
+
+    # utilize system-wide crypto-policies
+    ssl-default-bind-ciphers PROFILE=SYSTEM
+    ssl-default-server-ciphers PROFILE=SYSTEM
+
+#---------------------------------------------------------------------
+# common defaults that all the 'listen' and 'backend' sections will
+# use if not designated in their block
+#---------------------------------------------------------------------
+defaults
+    mode                    http
+    log                     global
+    option                  httplog
+    option http-server-close
+
+    option                  redispatch
+    retries                 3
+    timeout http-request    10s
+    timeout queue           1m
+    timeout connect         10s
+    timeout client          1m
+    timeout server          1m
+    timeout http-keep-alive 10s
+    timeout check           10s
+    maxconn                 3000
+
+#---------------------------------------------------------------------
+# API frontend which proxys to the created master nodes
+#---------------------------------------------------------------------
+frontend api-all
+    mode        tcp
+    option      tcplog
+
+    bind        *:6443
+
+    tcp-request inspect-delay 5s
+    tcp-request content accept if { req_ssl_hello_type 1 }
+
+    acl 00-api req_ssl_sni -m end .libvirt-s390x-4-0
+    use_backend masters-00 if 00-api
+
+    acl 00-api-ci req_ssl_sni -m end .libvirt-s390x-4-0.ci
+    use_backend masters-00 if 00-api-ci
+
+    acl 01-api req_ssl_sni -m end .libvirt-s390x-4-1
+    use_backend masters-01 if 01-api
+
+    acl 01-api-ci req_ssl_sni -m end .libvirt-s390x-4-1.ci
+    use_backend masters-01 if 01-api-ci
+
+#---------------------------------------------------------------------
+# HTTP frontend which proxys to the created worker nodes
+#---------------------------------------------------------------------
+frontend http-all
+    bind *:80
+
+    option forwardfor       except 127.0.0.0/8
+
+    acl 00-http hdr(host) -m end .libvirt-s390x-4-0
+    use_backend http-workers-00 if 00-http
+
+    acl 00-http-ci hdr(host) -m end .libvirt-s390x-4-0.ci
+    use_backend http-workers-00 if 00-http-ci
+
+    acl 01-http hdr(host) -m end .libvirt-s390x-4-1
+    use_backend http-workers-01 if 01-http
+
+    acl 01-http-ci hdr(host) -m end .libvirt-s390x-4-1.ci
+    use_backend http-workers-01 if 01-http-ci
+
+#---------------------------------------------------------------------
+# HTTPS frontend which proxys to the created worker nodes
+#---------------------------------------------------------------------
+frontend https-all
+    mode        tcp
+    option      tcplog
+
+    bind        *:443
+
+    tcp-request inspect-delay 5s
+    tcp-request content accept if { req_ssl_hello_type 1 }
+
+    acl 00-https req_ssl_sni -m end .libvirt-s390x-4-0
+    use_backend https-workers-00 if 00-https
+
+    acl 00-https-ci req_ssl_sni -m end .libvirt-s390x-4-0.ci
+    use_backend https-workers-00 if 00-https-ci
+
+    acl 01-https req_ssl_sni -m end .libvirt-s390x-4-1
+    use_backend https-workers-01 if 01-https
+
+    acl 01-https-ci req_ssl_sni -m end .libvirt-s390x-4-1.ci
+    use_backend https-workers-01 if 01-https-ci
+
+#---------------------------------------------------------------------
+# Master node backends for serving API traffic
+#---------------------------------------------------------------------
+backend masters-00
+    mode        tcp
+    balance     roundrobin
+    server      bootstrap 192.168.126.10:6443 check
+    server      master1 192.168.126.11:6443 check
+    server      master2 192.168.126.12:6443 check
+    server      master3 192.168.126.13:6443 check
+backend masters-01
+    mode        tcp
+    balance     roundrobin
+    server      bootstrap 192.168.1.10:6443 check
+    server      master1 192.168.1.11:6443 check
+    server      master2 192.168.1.12:6443 check
+    server      master3 192.168.1.13:6443 check
+
+#---------------------------------------------------------------------
+# Worker node backends for serving HTTP service endpoints
+#---------------------------------------------------------------------
+backend http-workers-00
+    option forwardfor       except 127.0.0.0/8
+    balance     roundrobin
+    server      master1 192.168.126.11:80 check
+    server      master2 192.168.126.12:80 check
+    server      master3 192.168.126.13:80 check
+    server      worker1 192.168.126.51:80 check
+    server      worker2 192.168.126.52:80 check
+backend http-workers-01
+    option forwardfor       except 127.0.0.0/8
+    balance     roundrobin
+    server      master1 192.168.1.11:80 check
+    server      master2 192.168.1.12:80 check
+    server      master3 192.168.1.13:80 check
+    server      worker1 192.168.1.51:80 check
+    server      worker2 192.168.1.52:80 check
+
+#---------------------------------------------------------------------
+# Worker node backends for serving HTTPS service endpoints
+#---------------------------------------------------------------------
+backend https-workers-00
+    mode        tcp
+    balance     roundrobin
+    server      master1 192.168.126.11:443 check
+    server      master2 192.168.126.12:443 check
+    server      master3 192.168.126.13:443 check
+    server      worker1 192.168.126.51:443 check
+    server      worker2 192.168.126.52:443 check
+backend https-workers-01
+    mode        tcp
+    balance     roundrobin
+    server      master1 192.168.1.11:443 check
+    server      master2 192.168.1.12:443 check
+    server      master3 192.168.1.13:443 check
+    server      worker1 192.168.1.51:443 check
+    server      worker2 192.168.1.52:443 check
+

libvirt/haproxy/haproxy_lnxocp07.cfg

@@ -0,0 +1,170 @@
+#---------------------------------------------------------------------
+# Configuration for CI environment.
+#---------------------------------------------------------------------
+
+#---------------------------------------------------------------------
+# Global settings
+#---------------------------------------------------------------------
+global
+    log 127.0.0.1:514  local2 info
+    chroot      /var/lib/haproxy
+    pidfile     /var/run/haproxy.pid
+    maxconn     4000
+    user        haproxy
+    group       haproxy
+    daemon
+
+    # turn on stats unix socket
+    stats socket /var/lib/haproxy/stats
+
+    # utilize system-wide crypto-policies
+    ssl-default-bind-ciphers PROFILE=SYSTEM
+    ssl-default-server-ciphers PROFILE=SYSTEM
+
+#---------------------------------------------------------------------
+# common defaults that all the 'listen' and 'backend' sections will
+# use if not designated in their block
+#---------------------------------------------------------------------
+defaults
+    mode                    http
+    log                     global
+    option                  httplog
+    option http-server-close
+
+    option                  redispatch
+    retries                 3
+    timeout http-request    10s
+    timeout queue           1m
+    timeout connect         10s
+    timeout client          1m
+    timeout server          1m
+    timeout http-keep-alive 10s
+    timeout check           10s
+    maxconn                 3000
+
+#---------------------------------------------------------------------
+# API frontend which proxys to the created master nodes
+#---------------------------------------------------------------------
+frontend api-all
+    mode        tcp
+    option      tcplog
+
+    bind        *:6443
+
+    tcp-request inspect-delay 5s
+    tcp-request content accept if { req_ssl_hello_type 1 }
+
+    acl 00-api req_ssl_sni -m end .libvirt-s390x-5-0
+    use_backend masters-00 if 00-api
+
+    acl 00-api-ci req_ssl_sni -m end .libvirt-s390x-5-0.ci
+    use_backend masters-00 if 00-api-ci
+
+    acl 01-api req_ssl_sni -m end .libvirt-s390x-5-1
+    use_backend masters-01 if 01-api
+
+    acl 01-api-ci req_ssl_sni -m end .libvirt-s390x-5-1.ci
+    use_backend masters-01 if 01-api-ci
+
+#---------------------------------------------------------------------
+# HTTP frontend which proxys to the created worker nodes
+#---------------------------------------------------------------------
+frontend http-all
+    bind *:80
+
+    option forwardfor       except 127.0.0.0/8
+
+    acl 00-http hdr(host) -m end .libvirt-s390x-5-0
+    use_backend http-workers-00 if 00-http
+
+    acl 00-http-ci hdr(host) -m end .libvirt-s390x-5-0.ci
+    use_backend http-workers-00 if 00-http-ci
+
+    acl 01-http hdr(host) -m end .libvirt-s390x-5-1
+    use_backend http-workers-01 if 01-http
+
+    acl 01-http-ci hdr(host) -m end .libvirt-s390x-5-1.ci
+    use_backend http-workers-01 if 01-http-ci
+
+#---------------------------------------------------------------------
+# HTTPS frontend which proxys to the created worker nodes
+#---------------------------------------------------------------------
+frontend https-all
+    mode        tcp
+    option      tcplog
+
+    bind        *:443
+
+    tcp-request inspect-delay 5s
+    tcp-request content accept if { req_ssl_hello_type 1 }
+
+    acl 00-https req_ssl_sni -m end .libvirt-s390x-5-0
+    use_backend https-workers-00 if 00-https
+
+    acl 00-https-ci req_ssl_sni -m end .libvirt-s390x-5-0.ci
+    use_backend https-workers-00 if 00-https-ci
+
+    acl 01-https req_ssl_sni -m end .libvirt-s390x-5-1
+    use_backend https-workers-01 if 01-https
+
+    acl 01-https-ci req_ssl_sni -m end .libvirt-s390x-5-1.ci
+    use_backend https-workers-01 if 01-https-ci
+
+#---------------------------------------------------------------------
+# Master node backends for serving API traffic
+#---------------------------------------------------------------------
+backend masters-00
+    mode        tcp
+    balance     roundrobin
+    server      bootstrap 192.168.126.10:6443 check
+    server      master1 192.168.126.11:6443 check
+    server      master2 192.168.126.12:6443 check
+    server      master3 192.168.126.13:6443 check
+backend masters-01
+    mode        tcp
+    balance     roundrobin
+    server      bootstrap 192.168.1.10:6443 check
+    server      master1 192.168.1.11:6443 check
+    server      master2 192.168.1.12:6443 check
+    server      master3 192.168.1.13:6443 check
+
+#---------------------------------------------------------------------
+# Worker node backends for serving HTTP service endpoints
+#---------------------------------------------------------------------
+backend http-workers-00
+    option forwardfor       except 127.0.0.0/8
+    balance     roundrobin
+    server      master1 192.168.126.11:80 check
+    server      master2 192.168.126.12:80 check
+    server      master3 192.168.126.13:80 check
+    server      worker1 192.168.126.51:80 check
+    server      worker2 192.168.126.52:80 check
+backend http-workers-01
+    option forwardfor       except 127.0.0.0/8
+    balance     roundrobin
+    server      master1 192.168.1.11:80 check
+    server      master2 192.168.1.12:80 check
+    server      master3 192.168.1.13:80 check
+    server      worker1 192.168.1.51:80 check
+    server      worker2 192.168.1.52:80 check
+
+#---------------------------------------------------------------------
+# Worker node backends for serving HTTPS service endpoints
+#---------------------------------------------------------------------
+backend https-workers-00
+    mode        tcp
+    balance     roundrobin
+    server      master1 192.168.126.11:443 check
+    server      master2 192.168.126.12:443 check
+    server      master3 192.168.126.13:443 check
+    server      worker1 192.168.126.51:443 check
+    server      worker2 192.168.126.52:443 check
+backend https-workers-01
+    mode        tcp
+    balance     roundrobin
+    server      master1 192.168.1.11:443 check
+    server      master2 192.168.1.12:443 check
+    server      master3 192.168.1.13:443 check
+    server      worker1 192.168.1.51:443 check
+    server      worker2 192.168.1.52:443 check
+