Fuel for OpenStack

HAproxy configuration options hardcode

Bug #1612820 reported by Sergii Shevchenko
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Fuel for OpenStack
Fix Committed
Wishlist
Maksim Malchuk
Fuel for OpenStack 10.0
Mitaka
Fix Released
Wishlist
Maksim Malchuk
Fuel for OpenStack 9.1

Bug Description

There is an issue with current implementation of HAproxy configuration for OpenStack services/
At the moment per-service manifests contain hardcoded sets of options, for example

https://github.com/openstack/fuel-library/blob/master/deployment/puppet/openstack/manifests/ha/keystone.pp#L70

https://github.com/openstack/fuel-library/blob/master/deployment/puppet/openstack/manifests/ha/neutron.pp#L69

and so on.

Problem:

On environments with big number of users query to keystone service may take long time. HAProxy terminates connection to keystone after one minute. It's a default timeout and there is no way provided to modify this timeout in HAProxy.

Workaround

we're modifying haproxy_service manifest to read haproxy options for services from additional hiera hash and merge them with default hardcodes from upstream manifest

https://github.com/openstack/fuel-library/blob/master/deployment/puppet/openstack/manifests/ha/haproxy_service.pp

  # Get additional haproxy configuration options from hiera
  # Fetch configuration mathcing resource name from hiera
  $settings_hash = hiera_hash('haproxy_config_options', {})
  # Get haproxy_config_options hash
  $hiera_haproxy_config_options = pick($settings_hash[$name], {})
  # Merge hashes from hiera and one from upstream resource
  $merged_config_options = merge($haproxy_config_options, $hiera_haproxy_config_options)

resulting hash then supplied to haproxy::listen

  # Configure HAProxy to listen
  haproxy::listen { $name:
    order => $order,
    bind => merge($public_bind, $internal_bind),
    options => $merged_config_options,
    mode => $mode,
    use_include => true,
    notify => Exec['haproxy-restart'],
  }

an example of config yaml to get hiera hash from:

haproxy_config_options:
  keystone-1:
    'timeout server': '660s'
    option:
      - httpchk
      - httplog
      - httpclose
  keystone-2:
    'timeout server': '660s'
    option:
      - httpchk
      - httplog
      - httpclose

Impact: Fuel 9 and previous

Nikita Koshikov (nkoshikov)
tags: added: customer-found
Oleksiy Molchanov (omolchanov)
tags: added: area-library
Maksim Malchuk (mmalchuk)
no longer affects: fuel
Revision history for this message
Maksim Malchuk (mmalchuk) wrote :

We already implemented some enhancements in the:
1. https://review.openstack.org/#/q/I5e5784521641ea3bbe3c4aa40c581f996b268aad
2. https://review.openstack.org/#/q/I01a07e325bc5b9df8c1ce31cd5ac8e36eb5d5859
and move some options to the global settings.
It is the good idea to use hiera for some options.
Also, this is actually not a bug but wishlist.

no longer affects: fuel/newton
Changed in fuel:
status: New → Confirmed
importance: Undecided → Medium
assignee: nobody → Maksim Malchuk (mmalchuk)
milestone: none → 10.0
importance: Medium → Wishlist
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to fuel-library (master)

Fix proposed to branch: master
Review: https://review.openstack.org/356783

Changed in fuel:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to fuel-library (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/356785

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to fuel-library (stable/mitaka)

Reviewed: https://review.openstack.org/356785
Committed: https://git.openstack.org/cgit/openstack/fuel-library/commit/?id=1d6eff209c676a3ea17e5ecce4fc307aa195e3c1
Submitter: Jenkins
Branch: stable/mitaka

commit 1d6eff209c676a3ea17e5ecce4fc307aa195e3c1
Author: Maksim Malchuk <email address hidden>
Date: Thu Aug 18 01:16:35 2016 +0300

    Extend openstack::ha::haproxy_service to use hiera

    This change adds an ability to override hardcoded options for each
    HAProxy backend with settings from hiera. Now for big deployments we
    able to tune backend options (keystone 'timeout server' value for
    example) on the fly.

    DocImpact
    Change-Id: I6e4ed5ce0d43d64fecf9da640132886ed7b03ac9
    Closes-Bug: #1612820
    (cherry picked from commit fd81f635325c30ef9eb50b32a896a06e81782ddc)
    Signed-off-by: Maksim Malchuk <email address hidden>

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to fuel-library (master)

Reviewed: https://review.openstack.org/356783
Committed: https://git.openstack.org/cgit/openstack/fuel-library/commit/?id=fd81f635325c30ef9eb50b32a896a06e81782ddc
Submitter: Jenkins
Branch: master

commit fd81f635325c30ef9eb50b32a896a06e81782ddc
Author: Maksim Malchuk <email address hidden>
Date: Thu Aug 18 01:16:35 2016 +0300

    Extend openstack::ha::haproxy_service to use hiera

    This change adds an ability to override hardcoded options for each
    HAProxy backend with settings from hiera. Now for big deployments we
    able to tune backend options (keystone 'timeout server' value for
    example) on the fly.

    DocImpact
    Change-Id: I6e4ed5ce0d43d64fecf9da640132886ed7b03ac9
    Closes-Bug: #1612820
    Signed-off-by: Maksim Malchuk <email address hidden>

Changed in fuel:
status: In Progress → Fix Committed
TatyanaGladysheva (tgladysheva)
tags: added: on-verification
Revision history for this message
TatyanaGladysheva (tgladysheva) wrote :

Verified on 9.1 snapshot #296.

tags: removed: on-verification
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/fuel-library 10.0.0rc1

This issue was fixed in the openstack/fuel-library 10.0.0rc1 release candidate.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/fuel-library 10.0.0

This issue was fixed in the openstack/fuel-library 10.0.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.