Separate master and haproxy config playbooks.

* Move haproxy configuration to a separate openshift-loadbalancer play.
* Move the haproxy role to openshift_loadbalancer.
* Add openshift_loadbalancer* facts which drive haproxy configuration.

filter_plugins/oo_filters.py

@@ -306,7 +306,7 @@ class FilterModule(object):
         return string.split(separator)
 
     @staticmethod
-    def oo_haproxy_backend_masters(hosts):
+    def oo_haproxy_backend_masters(hosts, port):
         """ This takes an array of dicts and returns an array of dicts
             to be used as a backend for the haproxy role
         """
@@ -314,8 +314,7 @@ class FilterModule(object):
         for idx, host_info in enumerate(hosts):
             server = dict(name="master%s" % idx)
             server_ip = host_info['openshift']['common']['ip']
-            server_port = host_info['openshift']['master']['api_port']
-            server['address'] = "%s:%s" % (server_ip, server_port)
+            server['address'] = "%s:%s" % (server_ip, port)
             server['opts'] = 'check'
             servers.append(server)
         return servers

playbooks/common/openshift-cluster/config.yml

@@ -31,6 +31,8 @@
 
 - include: ../openshift-nfs/config.yml
 
+- include: ../openshift-loadbalancer/config.yml
+
 - include: ../openshift-master/config.yml
 
 - include: additional_config.yml

playbooks/common/openshift-loadbalancer/config.yml

@@ -0,0 +1,5 @@
+---
+- name: Configure load balancers
+  hosts: oo_lb_to_config
+  roles:
+  - role: openshift_loadbalancer

playbooks/common/openshift-loadbalancer/filter_plugins

@@ -0,0 +1 @@
+../../../filter_plugins

playbooks/common/openshift-loadbalancer/lookup_plugins

@@ -0,0 +1 @@
+../../../lookup_plugins

playbooks/common/openshift-loadbalancer/roles

@@ -0,0 +1 @@
+../../../roles/

playbooks/common/openshift-loadbalancer/service.yml

@@ -0,0 +1,20 @@
+---
+- name: Populate g_service_nodes host group if needed
+  hosts: localhost
+  connection: local
+  become: no
+  gather_facts: no
+  tasks:
+  - fail: msg="new_cluster_state is required to be injected in this playbook"
+    when: new_cluster_state is not defined
+
+  - name: Evaluate g_service_lb
+    add_host: name={{ item }} groups=g_service_lb
+    with_items: oo_host_group_exp | default([])
+
+- name: Change state on lb instance(s)
+  hosts: g_service_lb
+  connection: ssh
+  gather_facts: no
+  tasks:
+    - service: name=hapoxy state="{{ new_cluster_state }}"

playbooks/common/openshift-master/config.yml

@@ -156,33 +156,6 @@
     - master.etcd-ca.crt
     when: etcd_client_certs_missing is defined and etcd_client_certs_missing
 
-- name: Configure load balancers
-  hosts: oo_lb_to_config
-  vars:
-    sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}"
-    haproxy_limit_nofile: 100000
-    haproxy_global_maxconn: 20000
-    haproxy_default_maxconn: 20000
-    haproxy_frontend_port: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_port }}"
-    haproxy_frontends:
-    - name: atomic-openshift-api
-      mode: tcp
-      options:
-      - tcplog
-      binds:
-      - "*:{{ hostvars[groups.oo_first_master.0].openshift.master.api_port }}"
-      default_backend: atomic-openshift-api
-    haproxy_backends:
-    - name: atomic-openshift-api
-      mode: tcp
-      option: tcplog
-      balance: source
-      servers: "{{ hostvars | oo_select_keys(groups['oo_masters']) | oo_haproxy_backend_masters }}"
-  roles:
-  - role: openshift_facts
-  - role: haproxy
-    when: hostvars[groups.oo_first_master.0].openshift.master.ha | bool
-
 - name: Check for cached session secrets
   hosts: oo_first_master
   roles:

roles/haproxy/tasks/main.yml

@@ -1,43 +0,0 @@
----
-- name: Install haproxy
-  action: "{{ ansible_pkg_mgr }} name=haproxy state=present"
-  when: not openshift.common.is_containerized | bool
-
-- name: Configure systemd service directory for haproxy
-  file:
-    path: /etc/systemd/system/haproxy.service.d
-    state: directory
-  when: haproxy_limit_nofile is defined
-
-- name: Configure the nofile limits for haproxy
-  ini_file:
-    dest: /etc/systemd/system/haproxy.service.d/limits.conf
-    section: Service
-    option: LimitNOFILE
-    value: "{{ haproxy_limit_nofile }}"
-  when: haproxy_limit_nofile is defined
-  notify: restart haproxy
-  register: nofile_limit_result
-
-- name: Reload systemd if needed
-  command: systemctl daemon-reload
-  when: nofile_limit_result | changed
-
-- name: Configure haproxy
-  template:
-    src: haproxy.cfg.j2
-    dest: /etc/haproxy/haproxy.cfg
-    owner: root
-    group: root
-    mode: 0644
-  notify: restart haproxy
-
-- name: Enable and start haproxy
-  service:
-    name: haproxy
-    state: started
-    enabled: yes
-  register: start_result
-
-- set_fact:
-    haproxy_start_result_changed: "{{ start_result | changed }}"

roles/openshift_facts/library/openshift_facts.py

@@ -1554,6 +1554,7 @@ class OpenShiftFacts(object):
                    'docker',
                    'etcd',
                    'hosted',
+                   'loadbalancer',
                    'master',
                    'node']
 
@@ -1763,6 +1764,13 @@ class OpenShiftFacts(object):
                 router=dict()
             )
 
+        if 'loadbalancer' in roles:
+            loadbalancer = dict(frontend_port='8443',
+                                default_maxconn='20000',
+                                global_maxconn='20000',
+                                limit_nofile='100000')
+            defaults['loadbalancer'] = loadbalancer
+
         return defaults
 
     def guess_host_provider(self):

roles/haproxy/README.md

@@ -1,5 +1,5 @@
-HAProxy
-=======
+OpenShift HAProxy Loadbalancer
+==============================
 
 TODO
 

roles/haproxy/meta/main.yml

@@ -1,7 +1,7 @@
 ---
 galaxy_info:
   author: Jason DeTiberus
-  description: HAProxy
+  description: OpenShift haproxy loadbalancer
   company: Red Hat, Inc.
   license: Apache License, Version 2.0
   min_ansible_version: 1.9
@@ -10,5 +10,6 @@ galaxy_info:
     versions:
     - 7
 dependencies:
-- { role: os_firewall }
-- { role: openshift_repos }
+- role: openshift_facts
+- role: os_firewall
+- role: openshift_repos

roles/openshift_loadbalancer/tasks/main.yml

@@ -0,0 +1,73 @@
+---
+- name: Set haproxy frontend port
+  openshift_facts:
+    role: loadbalancer
+    local_facts:
+      frontend_port: "{{ openshift_master_api_port | default(None) }}"
+
+- name: Set loadbalancer facts
+  openshift_facts:
+    role: loadbalancer
+    local_facts:
+      limit_nofile: "{{ openshift_loadbalancer_limit_nofile | default(None) }}"
+      default_maxconn: "{{ openshift_loadbalancer_default_maxconn | default(None) }}"
+      global_maxconn: "{{ openshift_loadbalancer_global_maxconn | default(None) }}"
+      frontends:
+      - name: atomic-openshift-api
+        mode: tcp
+        options:
+        - tcplog
+        binds:
+        - "*:{{ openshift.loadbalancer.frontend_port }}"
+        default_backend: atomic-openshift-api
+      backends:
+      - name: atomic-openshift-api
+        mode: tcp
+        option: tcplog
+        balance: source
+        servers: "{{ hostvars
+                     | oo_select_keys(groups['oo_masters'])
+                     | oo_haproxy_backend_masters(openshift.loadbalancer.frontend_port) }}"
+
+- name: Install haproxy
+  action: "{{ ansible_pkg_mgr }} name=haproxy state=present"
+  when: not openshift.common.is_containerized | bool
+
+- name: Configure systemd service directory for haproxy
+  file:
+    path: /etc/systemd/system/haproxy.service.d
+    state: directory
+  when: "'limit_nofile' in openshift.loadbalancer"
+
+- name: Configure the nofile limits for haproxy
+  ini_file:
+    dest: /etc/systemd/system/haproxy.service.d/limits.conf
+    section: Service
+    option: LimitNOFILE
+    value: "{{ openshift.loadbalancer.limit_nofile }}"
+  when: "'limit_nofile' in openshift.loadbalancer"
+  notify: restart haproxy
+  register: nofile_limit_result
+
+- name: Reload systemd if needed
+  command: systemctl daemon-reload
+  when: nofile_limit_result | changed
+
+- name: Configure haproxy
+  template:
+    src: haproxy.cfg.j2
+    dest: /etc/haproxy/haproxy.cfg
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart haproxy
+
+- name: Enable and start haproxy
+  service:
+    name: haproxy
+    state: started
+    enabled: yes
+  register: start_result
+
+- set_fact:
+    haproxy_start_result_changed: "{{ start_result | changed }}"

roles/haproxy/templates/haproxy.cfg.j2

@@ -3,7 +3,7 @@
 global
     chroot      /var/lib/haproxy
     pidfile     /var/run/haproxy.pid
-    maxconn     {{ haproxy_global_maxconn | default('4000') }}
+    maxconn     {{ openshift.loadbalancer.global_maxconn }}
     user        haproxy
     group       haproxy
     daemon
@@ -31,14 +31,14 @@ defaults
     timeout server          300s
     timeout http-keep-alive 10s
     timeout check           10s
-    maxconn                 {{ haproxy_default_maxconn | default('3000') }}
+    maxconn                 {{ openshift.loadbalancer.default_maxconn }}
 
 listen stats :9000
     mode http
     stats enable
     stats uri /
 
-{% for frontend in haproxy_frontends %}
+{% for frontend in openshift.loadbalancer.frontends %}
 frontend  {{ frontend.name }}
 {% for bind in frontend.binds %}
     bind {{ bind }}
@@ -59,7 +59,7 @@ frontend  {{ frontend.name }}
 {% endif %}
 {% endfor %}
 
-{% for backend in haproxy_backends %}
+{% for backend in openshift.loadbalancer.backends %}
 backend {{ backend.name }}
     balance {{ backend.balance }}
 {% if 'mode' in backend %}