HAproxy configuration options hardcode
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Fuel for OpenStack |
Fix Committed
|
Wishlist
|
Maksim Malchuk | ||
Mitaka |
Fix Released
|
Wishlist
|
Maksim Malchuk |
Bug Description
There is an issue with current implementation of HAproxy configuration for OpenStack services/
At the moment per-service manifests contain hardcoded sets of options, for example
and so on.
Problem:
On environments with big number of users query to keystone service may take long time. HAProxy terminates connection to keystone after one minute. It's a default timeout and there is no way provided to modify this timeout in HAProxy.
Workaround
we're modifying haproxy_service manifest to read haproxy options for services from additional hiera hash and merge them with default hardcodes from upstream manifest
# Get additional haproxy configuration options from hiera
# Fetch configuration mathcing resource name from hiera
$settings_hash = hiera_hash(
# Get haproxy_
$hiera_
# Merge hashes from hiera and one from upstream resource
$merged_
resulting hash then supplied to haproxy::listen
# Configure HAProxy to listen
haproxy::listen { $name:
order => $order,
bind => merge($public_bind, $internal_bind),
options => $merged_
mode => $mode,
use_include => true,
notify => Exec['haproxy-
}
an example of config yaml to get hiera hash from:
haproxy_
keystone-1:
'timeout server': '660s'
option:
- httpchk
- httplog
- httpclose
keystone-2:
'timeout server': '660s'
option:
- httpchk
- httplog
- httpclose
Impact: Fuel 9 and previous
tags: | added: customer-found |
tags: | added: area-library |
no longer affects: | fuel |
tags: | added: on-verification |
We already implemented some enhancements in the: /review. openstack. org/#/q/ I5e5784521641ea 3bbe3c4aa40c581 f996b268aad /review. openstack. org/#/q/ I01a07e325bc5b9 df8c1ce31cd5ac8 e36eb5d5859
1. https:/
2. https:/
and move some options to the global settings.
It is the good idea to use hiera for some options.
Also, this is actually not a bug but wishlist.