diff --git a/libvirt/haproxy/haproxy_lnxocp10.cfg b/libvirt/haproxy/haproxy_lnxocp10.cfg index 0de506b..8bbf298 100644 --- a/libvirt/haproxy/haproxy_lnxocp10.cfg +++ b/libvirt/haproxy/haproxy_lnxocp10.cfg @@ -29,7 +29,6 @@ defaults mode tcp log global option dontlognull - option forwardfor except 127.0.0.0/8 option redispatch retries 3 timeout http-request 10s @@ -42,34 +41,147 @@ defaults maxconn 3000 #--------------------------------------------------------------------- -# ocpzx.yellowzone -#--------------------------------------------------------------------- -listen api-server-6443 - bind 172.16.41.20:6443 - server bootstrap 172.16.41.22:6443 check inter 1s backup - server master0 172.16.41.23:6443 check inter 1s - server master1 172.16.41.24:6443 check inter 1s - server master2 172.16.41.25:6443 check inter 1s - -listen machine-config-server-22623 - bind 172.16.41.20:22623 - server bootstrap 172.16.41.22:22623 check inter 1s backup - server master0 172.16.41.23:22623 check inter 1s - server master1 172.16.41.24:22623 check inter 1s - server master2 172.16.41.25:22623 check inter 1s - -listen ingress-router-443 - bind 172.16.41.20:443 - balance source - server worker0 172.16.41.26:443 check inter 1s - server worker1 172.16.41.27:443 check inter 1s - server worker2 172.16.41.28:443 check inter 1s - server worker3 172.16.41.29:443 check inter 1s - -listen ingress-router-80 - bind 172.16.41.20:80 - balance source - server worker0 172.16.41.26:80 check inter 1s - server worker1 172.16.41.27:80 check inter 1s - server worker2 172.16.41.28:80 check inter 1s - server worker3 172.16.41.29:80 check inter 1s \ No newline at end of file +# API frontend which proxys to the created bootstrap and +# master nodes +#--------------------------------------------------------------------- +frontend api-all + mode tcp + option tcplog + bind *:6443 + + tcp-request inspect-delay 5s + tcp-request content accept if { req_ssl_hello_type 1 } + + acl 00-api req_ssl_sni -m end .libvirt-s390x-amd64-0-0.ci + use_backend masters-00 if 00-api + + acl 01-api req_ssl_sni -m end .libvirt-amd64-s390x-0-1.ci + use_backend masters-01 if 01-api + +#--------------------------------------------------------------------- +# Machine config frontend which proxys to the created +# bootstrap and master nodes +#--------------------------------------------------------------------- +frontend machine-config + mode tcp + option tcplog + bind *:22623 + + tcp-request inspect-delay 5s + tcp-request content accept if { req_ssl_hello_type 1 } + + acl 00-api req_ssl_sni -m end .libvirt-s390x-amd64-0-0.ci + use_backend masters-22623-00 if 00-api + + acl 01-api req_ssl_sni -m end .libvirt-amd64-s390x-0-1.ci + use_backend masters-22623-01 if 01-api + +#--------------------------------------------------------------------- +# HTTP frontend which proxys to the created worker nodes +#--------------------------------------------------------------------- +frontend http-all + mode http + bind *:80 + option forwardfor except 127.0.0.0/8 + + acl 00-http hdr(host) -m end .libvirt-s390x-amd64-0-0.ci + use_backend http-workers-00 if 00-http + + acl 01-http hdr(host) -m end .libvirt-amd64-s390x-0-1.ci + use_backend http-workers-01 if 01-http + +#--------------------------------------------------------------------- +# HTTPS frontend which proxys to the created worker nodes +#--------------------------------------------------------------------- +frontend https-all + mode tcp + option tcplog + bind *:443 + + tcp-request inspect-delay 5s + tcp-request content accept if { req_ssl_hello_type 1 } + + acl 00-https req_ssl_sni -m end .libvirt-s390x-amd64-0-0.ci + use_backend https-workers-00 if 00-https + + acl 01-https req_ssl_sni -m end .libvirt-amd64-s390x-0-1.ci + use_backend https-workers-01 if 01-https + +#--------------------------------------------------------------------- +# Master node and bootstrap backends for serving API traffic +#--------------------------------------------------------------------- +backend masters-00 + mode tcp + balance source + server bootstrap 172.16.41.22:6443 check + server master0 172.16.41.23:6443 check + server master1 172.16.41.24:6443 check + server master2 172.16.41.25:6443 check + +backend masters-01 + mode tcp + balance source + server bootstrap 172.16.41.30:6443 check + server master0 172.16.41.31:6443 check + server master1 172.16.41.32:6443 check + server master2 172.16.41.33:6443 check + +#--------------------------------------------------------------------- +# Master node and bootstrap backends for serving internal +# API traffic (port 22623) +#--------------------------------------------------------------------- +backend masters-22623-00 + mode tcp + balance source + server bootstrap 172.16.41.22:22623 check + server master0 172.16.41.23:22623 check + server master1 172.16.41.24:22623 check + server master2 172.16.41.25:22623 check + +backend masters-22623-01 + mode tcp + balance source + server bootstrap 172.16.41.30:22623 check + server master0 172.16.41.31:22623 check + server master1 172.16.41.32:22623 check + server master2 172.16.41.33:22623 check + +#--------------------------------------------------------------------- +# Worker node backends for serving HTTP service endpoints +#--------------------------------------------------------------------- +backend http-workers-00 + mode http + option forwardfor except 127.0.0.0/8 + balance source + server worker0 172.16.41.26:80 check + server worker1 172.16.41.27:80 check + server worker2 172.16.41.28:80 check + server worker3 172.16.41.29:80 check + +backend http-workers-01 + mode http + option forwardfor except 127.0.0.0/8 + balance source + server worker0 172.16.41.34:80 check + server worker1 172.16.41.35:80 check + server worker2 172.16.41.36:80 check + server worker3 172.16.41.37:80 check + +#--------------------------------------------------------------------- +# Worker node backends for serving HTTPS service endpoints +#--------------------------------------------------------------------- +backend https-workers-00 + mode tcp + balance source + server worker0 172.16.41.26:443 check + server worker1 172.16.41.27:443 check + server worker2 172.16.41.28:443 check + server worker3 172.16.41.29:443 check + +backend https-workers-01 + mode tcp + balance source + server worker0 172.16.41.34:443 check + server worker1 172.16.41.35:443 check + server worker2 172.16.41.36:443 check + server worker3 172.16.41.37:443 check