dev-scripts/external_loadbalancer.sh at master · openshift-metal3/dev-scripts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
#!/bin/bash

set -ex -o pipefail

source common.sh
source network.sh
source utils.sh


sudo firewall-cmd --zone=libvirt --add-port=6443/tcp
sudo firewall-cmd --zone=libvirt --add-port=8080/tcp
sudo firewall-cmd --zone=libvirt --add-port=22623/tcp

haproxy_config="${WORKING_DIR}/haproxy.cfg"
echo $haproxy_config


if [ "$IP_STACK" = "v6" ]
then
     master0=$(nth_ip $EXTERNAL_SUBNET_V6 20)
     master1=$(nth_ip $EXTERNAL_SUBNET_V6 21)
     master2=$(nth_ip $EXTERNAL_SUBNET_V6 22)
     worker0=$(nth_ip $EXTERNAL_SUBNET_V6 23)
     worker1=$(nth_ip $EXTERNAL_SUBNET_V6 24)
     bootstrap=$(nth_ip $EXTERNAL_SUBNET_V6 9)
else

     master0=$(nth_ip $EXTERNAL_SUBNET_V4 20)
     master1=$(nth_ip $EXTERNAL_SUBNET_V4 21)
     master2=$(nth_ip $EXTERNAL_SUBNET_V4 22)
     worker0=$(nth_ip $EXTERNAL_SUBNET_V4 23)
     worker1=$(nth_ip $EXTERNAL_SUBNET_V4 24)
     bootstrap=$(nth_ip $EXTERNAL_SUBNET_V4 9)
fi

cat << EOF > "$haproxy_config"
defaults
    mode                    tcp
    log                     global
    timeout connect         10s
    timeout client          1m
    timeout server          1m
frontend main
    bind :::6443 v4v6
    default_backend api
frontend ingress
    bind :::8080  v4v6
    default_backend ingress
frontend https
    bind :::443 v4v6
    default_backend https
frontend mcs
    bind :::22623 v4v6
    default_backend mcs
frontend ironic
    bind :::6385 v4v6
    default_backend ironic
backend api
    option  httpchk GET /readyz HTTP/1.0
    option  log-health-checks
    balance roundrobin
    server master-0 ${master0}:6443 check check-ssl inter 1s fall 2 rise 3 verify none
    server master-1 ${master1}:6443 check check-ssl inter 1s fall 2 rise 3 verify none
    server master-2 ${master2}:6443 check check-ssl inter 1s fall 2 rise 3 verify none
    server bootstrap ${bootstrap}:6443 check check-ssl inter 1s fall 2 rise 3 verify none
backend ingress
    option  httpchk GET /healthz/ready  HTTP/1.0
    option  log-health-checks
    balance roundrobin
    server master-0 ${master0}:80 check check-ssl port 1936 inter 1s fall 2 rise 3 verify none
    server master-1 ${master1}:80 check check-ssl port 1936 inter 1s fall 2 rise 3 verify none
    server master-2 ${master2}:80 check check-ssl port 1936 inter 1s fall 2 rise 3 verify none
    server w-0 ${worker0}:80 check check-ssl port 1936 inter 1s fall 2 rise 3 verify none
    server w-1 ${worker1}:80 check check-ssl port 1936 inter 1s fall 2 rise 3 verify none
backend https
    option  httpchk GET /healthz/ready  HTTP/1.0
    option  log-health-checks
    balance roundrobin
    server master-0 ${master0}:443 check check-ssl port 1936 inter 1s fall 2 rise 3 verify none
    server master-1 ${master1}:443 check check-ssl port 1936 inter 1s fall 2 rise 3 verify none
    server master-2 ${master2}:443 check check-ssl port 1936 inter 1s fall 2 rise 3 verify none
    server w-0 ${worker0}:443 check check-ssl port 1936 inter 1s fall 2 rise 3 verify none
    server w-1 ${worker1}:443 check check-ssl port 1936 inter 1s fall 2 rise 3 verify none
    server bootstrap ${bootstrap}:443 check check-ssl port 1936 inter 1s fall 2 rise 3 verify none
backend mcs
    option  httpchk GET /config/master  HTTP/1.0
    option  log-health-checks
    balance roundrobin
    server master-0 ${master0}:22623 check check-ssl inter 1s fall 2 rise 3 verify none
    server master-1 ${master1}:22623 check check-ssl inter 1s fall 2 rise 3 verify none
    server master-2 ${master2}:22623 check check-ssl inter 1s fall 2 rise 3 verify none
    server w-0 ${worker0}:22623 check check-ssl inter 1s fall 2 rise 3 verify none
    server w-1 ${worker1}:22623 check check-ssl inter 1s fall 2 rise 3 verify none
    server bootstrap ${bootstrap}:22623 check check-ssl inter 1s fall 2 rise 3 verify none
backend ironic
    option  httpchk GET /v1  HTTP/1.0
    option  log-health-checks
    balance roundrobin
    server master-0 ${master0}:6385 check check-ssl inter 30s fall 2 rise 3 verify none
    server master-1 ${master1}:6385 check check-ssl inter 30s fall 2 rise 3 verify none
    server master-2 ${master2}:6385 check check-ssl inter 30s fall 2 rise 3 verify none
    server w-0 ${worker0}:6385 check check-ssl inter 1s fall 2 rise 3 verify none
    server w-1 ${worker1}:6385 check check-ssl inter 1s fall 2 rise 3 verify none
    server bootstrap ${bootstrap}:6385 check check-ssl inter 30s fall 2 rise 3 verify none
EOF

sudo podman run -d  --net host -v "${WORKING_DIR}":/etc/haproxy/:z --entrypoint bash --name extlb quay.io/openshift/origin-haproxy-router  -c 'haproxy -f /etc/haproxy/haproxy.cfg'

sleep 5

if [ "$(curl  --fail  https://$(wrap_if_ipv6 ${PROVISIONING_HOST_EXTERNAL_IP}):6443/version --insecure)" ]; then
    echo " API is available through LB"
else
    echo " Can't access API through  LB"
fi


if [ "$(curl  --fail  --header "Host: console-openshift-console.apps.ostest.test.metalkube.org" http://$(wrap_if_ipv6 ${PROVISIONING_HOST_EXTERNAL_IP}):8080  -I -L --insecure)" ]; then
    echo " Ingress is available through LB"
else
    echo " Can't access Ingress through LB"
fi