- global
- log /dev/log local0
- log /dev/log local1 notice
- chroot /var/lib/haproxy
- stats socket /run/haproxy/admin.sock mode 660 level admin
- stats timeout 30s
- maxconn 5000
- user haproxy
- group haproxy
- daemon
- ca-base /etc/ssl/certs
- crt-base /etc/ssl/private
- ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
- ssl-default-bind-options no-sslv3
- defaults
- log global
- mode http
- option tcpka
- option tcplog
- option dontlognull
- timeout connect 10s
- timeout client 60s
- timeout server 120s
- errorfile 400 /etc/haproxy/errors/400.http
- errorfile 403 /etc/haproxy/errors/403.http
- errorfile 408 /etc/haproxy/errors/408.http
- errorfile 500 /etc/haproxy/errors/500.http
- errorfile 502 /etc/haproxy/errors/502.http
- errorfile 503 /etc/haproxy/errors/503.http
- errorfile 504 /etc/haproxy/errors/504.http
- listen stats
- bind *:1993
- stats enable
- stats uri /stats
- stats auth root:{{ openstack_password }}
- stats refresh 30s
- stats show-node
- stats hide-version
- log global
- listen galera
- bind *:3306
- mode tcp
- balance first
- maxconn 2000
- option httpchk
- default-server check port 9200 inter 3s fall 1 rise 1
- {% for host in groups["controller"] %}
- server galera-{{ loop.index }} {{ hostvars[host]["ansible_default_ipv4"]["address"] }}:3306 check
- {% endfor %}
- listen glance_api
- bind *:9292
- balance first
- option httpchk
- option forwardfor
- default-server inter 3s fall 1 rise 1
- {% for host in groups["controller"] %}
- server controller-{{ loop.index }} {{ hostvars[host]["ansible_default_ipv4"]["address"] }}:9292 check
- {% endfor %}
- listen glance_registry
- bind *:9191
- balance first
- option httpchk
- option forwardfor
- http-check expect status 401
- default-server inter 3s fall 1 rise 1
- {% for host in groups["controller"] %}
- server controller-{{ loop.index }} {{ hostvars[host]["ansible_default_ipv4"]["address"] }}:9191 check
- {% endfor %}
- listen keystone_public_internal
- bind *:5000
- balance first
- option httpchk
- option forwardfor
- default-server inter 3s fall 1 rise 1
- {% for host in groups["controller"] %}
- server controller-{{ loop.index }} {{ hostvars[host]["ansible_default_ipv4"]["address"] }}:5000 check
- {% endfor %}
- listen nova_compute_api
- bind *:8774
- balance first
- option httpchk
- option forwardfor
- default-server inter 3s fall 1 rise 1
- {% for host in groups["controller"] %}
- server controller-{{ loop.index }} {{ hostvars[host]["ansible_default_ipv4"]["address"] }}:8774 check
- {% endfor %}
- listen nova_placement_api
- bind *:8778
- balance first
- option tcplog
- http-request del-header X-Forwarded-Proto
- default-server inter 3s fall 1 rise 1
- {% for host in groups["controller"] %}
- server controller-{{ loop.index }} {{ hostvars[host]["ansible_default_ipv4"]["address"] }}:8778 check
- {% endfor %}
- listen nova_metadata_api
- bind *:8775
- balance first
- option httpchk
- option forwardfor
- default-server inter 3s fall 1 rise 1
- {% for host in groups["controller"] %}
- server controller-{{ loop.index }} {{ hostvars[host]["ansible_default_ipv4"]["address"] }}:8775 check
- {% endfor %}
- listen nova_vncproxy
- bind *:6080
- balance first
- option forwardfor
- option httpchk GET /vnc_auto.html HTTP/1.1\r\nUser-Agent:\ curl/7.35.0\r\nAccept:\ */*
- default-server inter 3s fall 1 rise 1
- {% for host in groups["controller"] %}
- server controller-{{ loop.index }} {{ hostvars[host]["ansible_default_ipv4"]["address"] }}:6080 check
- {% endfor %}
- listen cinder_api
- bind *:8776
- balance first
- option httpchk
- option forwardfor
- default-server inter 3s fall 1 rise 1
- {% for host in groups["controller"] %}
- server controller-{{ loop.index }} {{ hostvars[host]["ansible_default_ipv4"]["address"] }}:8776 check
- {% endfor %}
- listen neutron_api
- bind *:9696
- balance first
- option httpchk
- option forwardfor
- default-server inter 3s fall 1 rise 1
- {% for host in groups["controller"] %}
- server controller-{{ loop.index }} {{ hostvars[host]["ansible_default_ipv4"]["address"] }}:9696 check
- {% endfor %}
- listen memcached
- bind *:11211
- balance first
- mode tcp
- default-server inter 3s fall 1 rise 1
- {% for host in groups["controller"] %}
- server controller-{{ loop.index }} {{ hostvars[host]["ansible_default_ipv4"]["address"] }}:11211 check
- {% endfor %}
- listen rabbitmq
- bind *:5672
- balance first
- mode tcp
- default-server inter 3s fall 1 rise 1
- {% for host in groups["controller"] %}
- server controller-{{ loop.index }} {{ hostvars[host]["ansible_default_ipv4"]["address"] }}:5672 check
- {% endfor %}
- listen rabbitmq:ui
- bind *:15672
- balance first
- option httpchk
- option forwardfor
- default-server inter 3s fall 1 rise 1
- {% for host in groups["controller"] %}
- server controller-{{ loop.index }} {{ hostvars[host]["ansible_default_ipv4"]["address"] }}:15672 check
- {% endfor %}