multi-arch · werled · Mar 2, 2024
diff --git a/libvirt/haproxy/haproxy_lnxocp10.cfg b/libvirt/haproxy/haproxy_lnxocp10.cfg
@@ -29,7 +29,6 @@ defaults
     mode                    tcp
     log                     global
     option                  dontlognull
-    option forwardfor       except 127.0.0.0/8
     option                  redispatch
     retries                 3
     timeout http-request    10s
@@ -42,34 +41,147 @@ defaults
     maxconn                 3000
 
 #---------------------------------------------------------------------
-# ocpzx.yellowzone
-#---------------------------------------------------------------------
-listen api-server-6443
-    bind 172.16.41.20:6443
-    server bootstrap 172.16.41.22:6443 check inter 1s backup 
-    server master0 172.16.41.23:6443 check inter 1s
-    server master1 172.16.41.24:6443 check inter 1s
-    server master2 172.16.41.25:6443 check inter 1s
-
-listen machine-config-server-22623 
-    bind 172.16.41.20:22623
-    server bootstrap 172.16.41.22:22623 check inter 1s backup 
-    server master0 172.16.41.23:22623 check inter 1s
-    server master1 172.16.41.24:22623 check inter 1s
-    server master2 172.16.41.25:22623 check inter 1s
-
-listen ingress-router-443 
-    bind 172.16.41.20:443
-    balance source
-    server worker0 172.16.41.26:443 check inter 1s
-    server worker1 172.16.41.27:443 check inter 1s
-    server worker2 172.16.41.28:443 check inter 1s
-    server worker3 172.16.41.29:443 check inter 1s
-
-listen ingress-router-80 
-    bind 172.16.41.20:80
-    balance source
-    server worker0 172.16.41.26:80 check inter 1s
-    server worker1 172.16.41.27:80 check inter 1s
-    server worker2 172.16.41.28:80 check inter 1s
-    server worker3 172.16.41.29:80 check inter 1s
+# API frontend which proxys to the created bootstrap and
+# master nodes
+#---------------------------------------------------------------------
+frontend api-all
+    mode        tcp
+    option      tcplog
+    bind        *:6443
+
+    tcp-request inspect-delay 5s
+    tcp-request content accept if { req_ssl_hello_type 1 }
+
+    acl 00-api req_ssl_sni -m end .libvirt-s390x-amd64-0-0.ci
+    use_backend masters-00 if 00-api
+
+    acl 01-api req_ssl_sni -m end .libvirt-amd64-s390x-0-1.ci
+    use_backend masters-01 if 01-api
+
+#---------------------------------------------------------------------
+# Machine config frontend which proxys to the created
+# bootstrap and master nodes
+#---------------------------------------------------------------------
+frontend machine-config
+    mode        tcp
+    option      tcplog
+    bind        *:22623
+
+    tcp-request inspect-delay 5s
+    tcp-request content accept if { req_ssl_hello_type 1 }
+
+    acl 00-api req_ssl_sni -m end .libvirt-s390x-amd64-0-0.ci
+    use_backend masters-22623-00 if 00-api
+
+    acl 01-api req_ssl_sni -m end .libvirt-amd64-s390x-0-1.ci
+    use_backend masters-22623-01 if 01-api
+
+#---------------------------------------------------------------------
+# HTTP frontend which proxys to the created worker nodes
+#---------------------------------------------------------------------
+frontend http-all
+    mode        http
+    bind        *:80
+    option forwardfor except 127.0.0.0/8
+
+    acl 00-http hdr(host) -m end .libvirt-s390x-amd64-0-0.ci
+    use_backend http-workers-00 if 00-http
+
+    acl 01-http hdr(host) -m end .libvirt-amd64-s390x-0-1.ci
+    use_backend http-workers-01 if 01-http
+
+#---------------------------------------------------------------------
+# HTTPS frontend which proxys to the created worker nodes
+#---------------------------------------------------------------------
+frontend https-all
+    mode        tcp
+    option      tcplog
+    bind        *:443
+
+    tcp-request inspect-delay 5s
+    tcp-request content accept if { req_ssl_hello_type 1 }
+
+    acl 00-https req_ssl_sni -m end .libvirt-s390x-amd64-0-0.ci
+    use_backend https-workers-00 if 00-https
+
+    acl 01-https req_ssl_sni -m end .libvirt-amd64-s390x-0-1.ci
+    use_backend https-workers-01 if 01-https
+
+#---------------------------------------------------------------------
+# Master node and bootstrap backends for serving API traffic
+#---------------------------------------------------------------------
+backend masters-00
+    mode        tcp
+    balance     source
+    server      bootstrap 172.16.41.22:6443 check
+    server      master0 172.16.41.23:6443 check
+    server      master1 172.16.41.24:6443 check
+    server      master2 172.16.41.25:6443 check
+
+backend masters-01
+    mode        tcp
+    balance     source
+    server      bootstrap 172.16.41.30:6443 check
+    server      master0 172.16.41.31:6443 check
+    server      master1 172.16.41.32:6443 check
+    server      master2 172.16.41.33:6443 check
+
+#---------------------------------------------------------------------
+# Master node and bootstrap backends for serving internal
+# API traffic (port 22623)
+#---------------------------------------------------------------------
+backend masters-22623-00
+    mode        tcp
+    balance     source
+    server      bootstrap 172.16.41.22:22623 check
+    server      master0 172.16.41.23:22623 check
+    server      master1 172.16.41.24:22623 check
+    server      master2 172.16.41.25:22623 check
+
+backend masters-22623-01
+    mode        tcp
+    balance     source
+    server      bootstrap 172.16.41.30:22623 check
+    server      master0 172.16.41.31:22623 check
+    server      master1 172.16.41.32:22623 check
+    server      master2 172.16.41.33:22623 check
+
+#---------------------------------------------------------------------
+# Worker node backends for serving HTTP service endpoints
+#---------------------------------------------------------------------
+backend http-workers-00
+    mode        http
+    option forwardfor except 127.0.0.0/8
+    balance     source
+    server      worker0 172.16.41.26:80 check
+    server      worker1 172.16.41.27:80 check
+    server      worker2 172.16.41.28:80 check
+    server      worker3 172.16.41.29:80 check
+
+backend http-workers-01
+    mode        http
+    option forwardfor except 127.0.0.0/8
+    balance     source
+    server      worker0 172.16.41.34:80 check
+    server      worker1 172.16.41.35:80 check
+    server      worker2 172.16.41.36:80 check
+    server      worker3 172.16.41.37:80 check
+
+#---------------------------------------------------------------------
+# Worker node backends for serving HTTPS service endpoints
+#---------------------------------------------------------------------
+backend https-workers-00
+    mode        tcp
+    balance     source
+    server      worker0 172.16.41.26:443 check
+    server      worker1 172.16.41.27:443 check
+    server      worker2 172.16.41.28:443 check
+    server      worker3 172.16.41.29:443 check
+
+backend https-workers-01
+    mode        tcp
+    balance     source
+    server      worker0 172.16.41.34:443 check
+    server      worker1 172.16.41.35:443 check
+    server      worker2 172.16.41.36:443 check
+    server      worker3 172.16.41.37:443 check