tripleo

HAproxy configuration cannot generate frontend/backend sections

Bug #1941617 reported by Damien Ciabrini on 2021-08-25

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	tripleo	Fix Released	Medium	Damien Ciabrini	tripleo xena-rc1

Bug Description

HAproxy has two means of configuring a proxy traffic: either using the
"listen" section, or a "frontend"/"backend" pair of sections.

Currently we generate HAproxy configurations which make use of the
"listen" keyword: a proxied service is represented in the config by a
a "listen" section, which describes both 1) how HAproxy "frontend"
binds to ports and listen to incoming connections; and 2) how HAproxy
proxies incoming traffic to a list of available "backends".

The "listen" keyword is a concise way of describing a proxy, instead of
declaring explicitely a "frontend" section tied to a "backend" section
in the HAproxy configuration.

However, the "listen" keyword is not suited to express complex routing
scenarios, such as proxying traffic from a frontend to different backends
based on ACL (e.g. for locality optimization). For those use cases, we
need to generate configs that use both a "frontend" section and one or
more associated "backend" sections.

Tags:

OpenStack Infra (hudson-openstack) on 2021-08-25

Changed in tripleo:
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-09-03: Fix merged to puppet-tripleo (master)

Reviewed: https://review.opendev.org/c/openstack/puppet-tripleo/+/801075
Committed: https://opendev.org/openstack/puppet-tripleo/commit/7a6c5281e0d75c54e298ce68b2a8b54eefc5f0f9
Submitter: "Zuul (22348)"
Branch: master

commit 7a6c5281e0d75c54e298ce68b2a8b54eefc5f0f9
Author: Damien Ciabrini <email address hidden>
Date: Fri Jul 16 14:22:39 2021 +0000

haproxy: frontend/backend syntax in config

    Ability to generate haproxy config with the frontend/backend
    sections rather than the old listen section. This allows
    the generation of complex configs, such as for example giving
    priority to local backends when routing traffic.

    Make the new syntax configurable via a new hiera key
    `haproxy_backend_syntax`. The frontend and backend config of
    each service can be further tweaked via additional keys
    tripleo::haproxy::<service>::frontend_options and
    tripleo::haproxy::<service>::backend_options

By default, keep the current 'listen' syntax.

    Tested with capability disabled, the haproxy config generated
    for undercloud and ha overcloud doesn't change.
    Tested with capability enabled, tempest smoke test passed.

Closes-Bug: #1941617

Change-Id: Ieb36f90c6709934aa3aa6668d3929bff872c30f5

Changed in tripleo:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-09-06: Fix proposed to puppet-tripleo (stable/wallaby)

Fix proposed to branch: stable/wallaby
Review: https://review.opendev.org/c/openstack/puppet-tripleo/+/807587

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-09-20: Fix merged to puppet-tripleo (stable/wallaby)

Reviewed: https://review.opendev.org/c/openstack/puppet-tripleo/+/807587
Committed: https://opendev.org/openstack/puppet-tripleo/commit/419606b2592a552745b5a5c1929d2d2f2e6eb52e
Submitter: "Zuul (22348)"
Branch: stable/wallaby

commit 419606b2592a552745b5a5c1929d2d2f2e6eb52e
Author: Damien Ciabrini <email address hidden>
Date: Fri Jul 16 14:22:39 2021 +0000

haproxy: frontend/backend syntax in config

By default, keep the current 'listen' syntax.

    Tested with capability disabled, the haproxy config generated
    for undercloud and ha overcloud doesn't change.
    Tested with capability enabled, tempest smoke test passed.

(Note: manually adapted healthcheck tests for neutron, cinder
and ironic to match stable/wallaby)

Closes-Bug: #1941617

    Change-Id: Ieb36f90c6709934aa3aa6668d3929bff872c30f5
    (cherry picked from commit 7a6c5281e0d75c54e298ce68b2a8b54eefc5f0f9)
    (manually fixed conflicts for manifests/haproxy.pp)

tags:

added: in-stable-wallaby

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-09-29: Related fix proposed to tripleo-heat-templates (master)

Related fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/811723

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-10-04: Related fix merged to tripleo-heat-templates (master)

Reviewed: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/811723
Committed: https://opendev.org/openstack/tripleo-heat-templates/commit/c354d21131e9c254e611ef6ba31e6e51611b4043
Submitter: "Zuul (22348)"
Branch: master

commit c354d21131e9c254e611ef6ba31e6e51611b4043
Author: Damien Ciabrini <email address hidden>
Date: Wed Sep 29 14:21:17 2021 +0200

Use frontend/backend sections in HAProxy config

    Now that HAProxy configurations can leverage
    frontend/backend statements [1], make this the new default
    for this cycle, as it allows more complex proxying
    scenario that are a prerequisite for optimizing the routing
    of API calls in a HA control plane.

[1] Ieb36f90c6709934aa3aa6668d3929bff872c30f5

Change-Id: Ic25c258895872210e7cf2d760769b492842f0048
Related-Bug: #1941617

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-10-18: Fix included in openstack/puppet-tripleo 16.0.0

This issue was fixed in the openstack/puppet-tripleo 16.0.0 release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.