Enable HAProxy on single node with multiple interface
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kolla-ansible |
New
|
Undecided
|
Unassigned |
Bug Description
In some edge environment with a single physical node (all-in-one) where is necessary to use a separated interfaces for internal and public OpenStack API access, HAProxy have to bind only to the external interface to proxy to the internal one, without binding to the internal.
The workaround is to enable keepalived with VIPs on both interface, which is not really needed.
A simple solution is to avoid frontend bindings in HAProxy for internal interface id VIP/keepalived is not enable:
public -----------+ AIO +----------- internal
# cat /etc/kolla/
---
...
kolla_internal_
kolla_external_
network_interface: "eth1"
kolla_external_
enable_haproxy: "yes"
enable_keepalived: "no"
...
This deployment will stuck in haproxy deployment.
A simple solution could be to add a variable that identify if is present a VIP on the API interface in group_vars/all.yml (e.g. e.g. haproxy_ enable_ internal_ vip: "{{ 'no' if kolla_internal_ vip_address == api_interface_ address else 'yes' }}") and then put a condition in haproxy_ single_ service_ split.cfg. j2 template to avoid internal front-end and back-end bindings.