kolla-ansible

Enable HAProxy on single node with multiple interface

Bug #2026354 reported by Ettore Simone on 2023-07-07

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	kolla-ansible	New	Undecided	Unassigned

Bug Description

In some edge environment with a single physical node (all-in-one) where is necessary to use a separated interfaces for internal and public OpenStack API access, HAProxy have to bind only to the external interface to proxy to the internal one, without binding to the internal.

The workaround is to enable keepalived with VIPs on both interface, which is not really needed.

A simple solution is to avoid frontend bindings in HAProxy for internal interface id VIP/keepalived is not enable:

eth0+------eth1
public -----------+ AIO +----------- internal
10.10.10.1+-----+172.16.0.1

# cat /etc/kolla/globals.yml
---
...
kolla_internal_vip_address: "172.16.0.1"
kolla_external_vip_address: "10.10.10.1"
network_interface: "eth1"
kolla_external_vip_interface: "eth0"
enable_haproxy: "yes"
enable_keepalived: "no"
...

This deployment will stuck in haproxy deployment.

Revision history for this message

Ettore Simone (esimone) wrote on 2023-07-07:

A simple solution could be to add a variable that identify if is present a VIP on the API interface in group_vars/all.yml (e.g. e.g. haproxy_enable_internal_vip: "{{ 'no' if kolla_internal_vip_address == api_interface_address else 'yes' }}") and then put a condition in haproxy_single_service_split.cfg.j2 template to avoid internal front-end and back-end bindings.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.