blob: 8b03320e11381c6094ca4e421180a5d364e5261a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
|
# this config needs haproxy-1.1.28 or haproxy-1.2.1
global
log 127.0.0.1 local0 warning
# Set this to 4096 + 16384
# 16384 for the fedmsg gateway and 4096 for everybody else.
maxconn 20480
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
stats socket /var/run/haproxy-stat user haproxy group nrpe mode 0664
stats socket /var/run/haproxy-admin level admin user root group sysadmin-main mode 0660
#debug
#quiet
defaults
log global
mode http
option httplog
option dontlognull
option httpclose
option redispatch
retries 3
maxconn 5000
timeout connect 5s
timeout client 500s
timeout server 500s
errorfile 503 /etc/haproxy/503.http
listen stats 0.0.0.0:8080
mode http
balance hdr(appserver)
stats enable
stats uri /
listen fp-wiki 0.0.0.0:10001
balance hdr(appserver)
server wiki01 wiki01:80 check inter 15s rise 2 fall 5
{% if env == "production" %}
server wiki02 wiki02:80 check inter 15s rise 2 fall 5
{% endif %}
option httpchk GET /wiki/Main_Page
listen mirror-lists 0.0.0.0:10002
balance hdr(appserver)
timeout connect 30s
{% if env == "staging" %}
server mirrorlist-local1 localhost:18081 check inter 1s rise 2 fall 3 weight 100
server mirrorlist-local2 localhost:18082 check inter 1s rise 2 fall 3 weight 100
server mirrorlist-phx2 mirrorlist-phx2:80 check inter 5s rise 2 fall 3 backup
{% endif %}
{% if env == "production" %}
{% if 'mirrorlist-proxies' in group_names %}
server mirrorlist-local1 localhost:18081 check inter 1s rise 2 fall 3 weight 100
server mirrorlist-local2 localhost:18082 check inter 1s rise 2 fall 3 weight 100
server mirrorlist-phx2 mirrorlist-phx2:80 check inter 5s rise 2 fall 3 backup
server mirrorlist-dedicatedsolutions mirrorlist-dedicatedsolutions:80 check inter 5s rise 2 fall 3 backup
server mirrorlist-host1plus mirrorlist-host1plus:80 check inter 5s rise 2 fall 3 backup
server mirrorlist-ibiblio02 mirrorlist-ibiblio02:80 check inter 5s rise 2 fall 3 backup
server mirrorlist-osuosl mirrorlist-osuosl:80 check inter 5s rise 2 fall 3 backup
{% else %}
server mirrorlist-phx2 mirrorlist-phx2:80 check inter 5s rise 2 fall 3
server mirrorlist-dedicatedsolutions mirrorlist-dedicatedsolutions:80 check inter 5s rise 2 fall 3
server mirrorlist-ibiblio02 mirrorlist-ibiblio02:80 check inter 5s rise 2 fall 3
server mirrorlist-osuosl mirrorlist-osuosl:80 check inter 5s rise 2 fall 3
server mirrorlist-host1plus mirrorlist-host1plus:80 check inter 5s rise 2 fall 3 backup
{% endif %}
{% endif %}
option httpchk GET /mirrorlist
option allbackups
listen pkgdb 0.0.0.0:10003
balance hdr(appserver)
server pkgdb01 pkgdb01:80 check inter 10s rise 2 fall 3
{% if env == "production" %}
server pkgdb02 pkgdb02:80 check inter 10s rise 2 fall 3
{% endif %}
option httpchk GET /pkgdb/collections/
listen fas 0.0.0.0:10004
# These values are set extremely low so any issues are recovered from very
# quickly. Setting these higher will cause odd behavior in apps that
# depend on fas (like pkgdb, bodhi, etc)
balance hdr(appserver)
server fas01 fas01:80 check inter 5s rise 1 fall 2
{% if env == "production" %}
server fas02 fas02:80 check inter 5s rise 1 fall 2
server fas03 fas03:80 check inter 5s rise 1 fall 2
{% endif %}
option httpchk GET /accounts/
listen voting 0.0.0.0:10007
balance hdr(appserver)
server elections01 elections01:80 check inter 10s rise 2 fall 4
{% if env == "production" %}
server elections02 elections02:80 check inter 10s rise 2 fall 4
{% endif %}
option httpchk GET /voting/
listen mirrormanager 0.0.0.0:10008
balance hdr(appserver)
server mm-frontend01 mm-frontend01:80 check inter 60s rise 2 fall 3
{% if env == "production" %}
server mm-frontend02 mm-frontend02:80 check inter 60s rise 2 fall 3
{% endif %}
option httpchk GET /mirrormanager/static/mirrormanager2.css
listen darkserver 0.0.0.0:10009
balance hdr(appserver)
{% if env == "production" %}
server darkserver02 darkserver02:80 check inter 20s rise 2 fall 3
{% else %}
server darkserver-web01 darkserver-web01:80 check inter 20s rise 2 fall 3
server darkserver-web02 darkserver-web02:80 check inter 20s rise 2 fall 3
{% endif %}
option httpchk GET /darkserver/
listen bodhi2 0.0.0.0:10010
balance hdr(appserver)
{% if env == "production" %}
server bodhi03 bodhi03:80 check inter 20s rise 2 fall 3
server bodhi04 bodhi04:80 check inter 20s rise 2 fall 3
{% else %}
server bodhi01 bodhi01:80 check inter 20s rise 2 fall 3
{% endif %}
option httpchk GET /
listen freemedia 0.0.0.0:10011
balance hdr(appserver)
server sundries01 sundries01:80 check inter 60s rise 2 fall 3
{% if env == "production" %}
server sundries02 sundries01:80 check inter 60s rise 2 fall 3
{% endif %}
option httpchk GET /freemedia/FreeMedia-form.html
listen packages 0.0.0.0:10016
balance hdr(appserver)
server packages03 packages03:80 check inter 5s rise 2 fall 3
{% if env == "production" %}
server packages04 packages04:80 check inter 5s rise 2 fall 3
{% endif %}
option httpchk GET /packages/_heartbeat
listen tagger 0.0.0.0:10017
balance hdr(appserver)
server tagger01 tagger01:80 check inter 60s rise 2 fall 3
{% if env == "production" %}
server tagger02 tagger02:80 check inter 60s rise 2 fall 3
{% endif %}
option httpchk GET /tagger/_heartbeat
listen totpcgiprovision 0.0.0.0:10019
balance hdr(appserver)
http-check expect status 401
server fas01 fas01:8444 check inter 5s rise 1 fall 2
{% if env == "production" %}
server fas02 fas02:8444 check inter 5s rise 1 fall 2
server fas03 fas03:8444 check inter 5s rise 1 fall 2
{% endif %}
option httpchk GET /index.cgi
listen ipsilon 0.0.0.0:10020
balance hdr(appserver)
server ipsilon01 ipsilon01:80 check inter 10s rise 1 fall 2
{% if env == "production" %}
server ipsilon02 ipsilon02:80 check inter 10s rise 1 fall 2
{% endif %}
option httpchk GET /
listen askbot 0.0.0.0:10021
balance hdr(appserver)
server ask01 ask01:80 check inter 10s rise 1 fall 2
{% if env == "production" %}
server ask02 ask02:80 check inter 10s rise 1 fall 2
{% endif %}
option httpchk GET /questions/
listen blockerbugs 0.0.0.0:10022
balance hdr(appserver)
server blockerbugs01 blockerbugs01:80 check inter 10s rise 1 fall 2
{% if env == "production" %}
server blockerbugs02 blockerbugs02:80 check inter 10s rise 1 fall 2
{% endif %}
option httpchk GET /blockerbugs
listen fedocal 0.0.0.0:10023
balance hdr(appserver)
server fedocal01 fedocal01:80 check inter 10s rise 1 fall 2
{% if env == "production" %}
server fedocal02 fedocal02:80 check inter 10s rise 1 fall 2
{% endif %}
option httpchk GET /calendar
# IMPORTANT: 10023-10026 will NOT work because of selinux policies
listen paste 0.0.0.0:10027
balance hdr(appserver)
server paste01 paste01:80 check inter 10s rise 1 fall 2
{% if env == "production" %}
server paste02 paste02:80 check inter 10s rise 1 fall 2
{% endif %}
option httpchk GET /
listen datagrepper 0.0.0.0:10028
balance hdr(appserver)
server datagrepper01 datagrepper01:80 check inter 10s rise 1 fall 2
{% if env == "production" %}
server datagrepper02 datagrepper02:80 check inter 10s rise 1 fall 2
{% endif %}
option httpchk GET /datagrepper/reference/
listen geoip-city 0.0.0.0:10029
balance hdr(appserver)
server sundries01 sundries01:80 check inter 30s rise 2 fall 3
{% if env == "production" %}
server sundries02 sundries02:80 check inter 30s rise 2 fall 3
{% endif %}
option httpchk GET /city?ip=18.0.0.1
# IMPORTANT: 10031 will NOT work because of selinux policies
listen badges 0.0.0.0:10032
balance hdr(appserver)
server badges-web01 badges-web01:80 check inter 10s rise 1 fall 2
{% if env == "production" %}
server badges-web02 badges-web02:80 check inter 10s rise 1 fall 2
{% endif %}
option httpchk GET /heartbeat
listen nuancier 0.0.0.0:10035
balance hdr(appserver)
server nuancier01 nuancier01:80 check inter 10s rise 1 fall 2
server nuancier02 nuancier02:80 check inter 10s rise 1 fall 2
option httpchk GET /nuancier/
listen notifs-web 0.0.0.0:10036
balance hdr(appserver)
server notifs-web01 notifs-web01:80 check inter 10s rise 1 fall 2
server notifs-web02 notifs-web02:80 check inter 10s rise 1 fall 2
option httpchk GET /notifications/_heartbeat
listen github2fedmsg 0.0.0.0:10037
balance hdr(appserver)
server github2fedmsg01 github2fedmsg01:80 check inter 10s rise 1 fall 2
option httpchk GET /github2fedmsg/
listen kerneltest 0.0.0.0:10038
balance hdr(appserver)
server kerneltest01 kerneltest01:80 check inter 10s rise 1 fall 2
option httpchk GET /kerneltest
listen koschei 0.0.0.0:10040
balance hdr(appserver)
server koschei-web01 koschei-web01:80 check inter 10s rise 1 fall 2
option httpchk GET /koschei/
listen autocloud 0.0.0.0:10041
balance hdr(appserver)
server autocloud-web01 autocloud-web01:80 check inter 10s rise 1 fall 2
server autocloud-web02 autocloud-web02:80 check inter 10s rise 1 fall 2
option httpchk GET /autocloud/
listen statscache 0.0.0.0:10042
balance hdr(appserver)
server statscache-web01 statscache-web01:80 check inter 10s rise 1 fall 2
server statscache-web02 statscache-web02:80 check inter 10s rise 1 fall 2
option httpchk GET /statscache/
listen mdapi 0.0.0.0:10043
balance hdr(appserver)
server mdapi01 mdapi01:8080 check inter 10s rise 1 fall 2
option httpchk GET /mdapi
listen openqa 0.0.0.0:10044
balance hdr(appserver)
{% if env == "production" %}
server openqa01 openqa01:80 check inter 10s rise 1 fall 2
{% else %}
server openqa-stg01.qa.fedoraproject.org openqa-stg01.qa.fedoraproject.org:80 check inter 10s rise 1 fall 2
{% endif %}
option httpchk GET /api/v1/job_groups/1
listen pdc 0.0.0.0:10045
balance hdr(appserver)
server pdc-web01 pdc-web01:80 check inter 10s rise 1 fall 2
## pdc-web02 is commented out because we don't currently know how to configure
## mod_auth_mellon to work when distributed across more than one app node. It
## expects to be able to share some state between requests in-process. Boo.
# server pdc-web02 pdc-web02:80 check inter 10s rise 1 fall 2
option httpchk GET /rest_api/v1/
timeout server 3600000
timeout connect 3600000
listen zanata2fedmsg 0.0.0.0:10046
balance hdr(appserver)
server zanata2fedmsg01 zanata2fedmsg01:80 check inter 10s rise 1 fall 2
listen osbs 0.0.0.0:10047
balance hdr(appserver)
server osbs-master01 osbs-master01:8443 check inter 10s rise 1 fall 2 check ssl verify none
listen docker-registry 0.0.0.0:10048
balance hdr(appserver)
server docker-registry01 docker-registry01:5000 check inter 10s rise 1 fall 2
{% if env == "staging" %}
server docker-registry02 docker-registry02:5000 check inter 10s rise 1 fall 2
{% endif %}
{% if env == "staging" %}
listen retrace 0.0.0.0:10049
balance hdr(appserver)
server retrace01 retrace01:80 check inter 10s rise 1 fall 2
{% endif %}
{% if env == "staging" %}
listen faf 0.0.0.0:10050
balance hdr(appserver)
server faf01 faf01:80 check inter 10s rise 1 fall 2
{% endif %}
{% if env == "staging" %}
listen pps 0.0.0.0:10051
balance hdr(appserver)
server mdapi01 mdapi01:80 check inter 10s rise 1 fall 2
option httpchk GET /pps
{% endif %}
{% if env == "staging" %}
listen fas3 0.0.0.0:10052
# These values are set extremely low so any issues are recovered from very
# quickly. Setting these higher will cause odd behavior in apps that
# depend on fas (like pkgdb, bodhi, etc)
balance hdr(appserver)
server fas3-01.stg fas3-01.stg:80 check inter 5s rise 1 fall 2
option httpchk GET /fas3/
{% endif %}
listen ipa 0.0.0.0:10053
balance hdr(appserver)
server ipa01 ipa01:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem
{% if env != "staging" %}
server ipa02 ipa02:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem
{% endif %}
option httpchk GET /ipa/ui/
listen krb5 0.0.0.0:1088
mode tcp
option tcplog
balance roundrobin
maxconn 16384
timeout queue 5000
timeout server 86400000
timeout connect 86400000
server ipa01 ipa01:88 weight 1 maxconn 16384
{% if env == "production" %}
server ipa02 ipa02:88 weight 1 maxconn 16384
{% endif %}
listen docker-candidate-registry 0.0.0.0:10054
balance hdr(appserver)
server docker-candidate-registry01 docker-candidate-registry01:5000 check inter 10s rise 1 fall 2
listen modernpaste 0.0.0.0:10055
balance hdr(appserver)
server modernpaste01 modernpaste01:80 check inter 10s rise 1 fall 2
{% if env == "production" %}
server modernpaste02 modernpaste02:80 check inter 10s rise 1 fall 2
{% endif %}
option httpchk GET /
{% if inventory_hostname_short == 'proxy01' or inventory_hostname_short == 'proxy10' %}
listen koji 0.0.0.0:10056
# This needs to be massive due to koji's completeBuild with texlive (https://pagure.io/koji/issue/259)
timeout server 3h
balance hdr(appserver)
server koji01 koji01:80 check inter 10s rise 1 fall 2
option httpchk GET /
# Only enable this on proxy01 or proxy10
listen src 0.0.0.0:10057
balance hdr(appserver)
{% if env == "staging" %}
server pkgs01 pkgs01:80 check inter 10s rise 1 fall 2
{% else %}
server pkgs02 pkgs02:80 check inter 10s rise 1 fall 2
{% endif %}
option httpchk GET /
{% endif %}
{% if env == "production" and 'phx2' in inventory_hostname %}
listen ppckoji 0.0.0.0:10058
balance hdr(appserver)
server ppc-koji01.ppc.fedoraproject.org ppc-koji01.ppc.fedoraproject.org:80 check inter 10s rise 1 fall 2
option httpchk GET /
listen s390koji 0.0.0.0:10059
balance hdr(appserver)
server s390-koji01.s390.fedoraproject.org s390-koji01.s390.fedoraproject.org:80 check inter 10s rise 1 fall 2
option httpchk GET /
listen armkoji 0.0.0.0:10060
balance hdr(appserver)
server arm-koji01.qa.fedoraproject.org arm-koji01.qa.fedoraproject.org:80 check inter 10s rise 1 fall 2
option httpchk GET /
{% endif %}
# This is an endpoint using only ipa01. This is used for API access, since sessions
# are not synchronized.
listen ipa01 0.0.0.0:10061
balance hdr(appserver)
server ipa01 ipa01:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem
option httpchk GET /ipa/ui/
{% if env == "production" and 'phx2' in inventory_hostname %}
listen kojipkgs 0.0.0.0:10062
balance hdr(appserver)
server kojipkgs01.phx2.fedoraproject.org kojipkgs01.phx2.fedoraproject.org:80 check inter 10s rise 1 fall 2
#server kojipkgs02.phx2.fedoraproject.org kojipkgs02.phx2.fedoraproject.org:80 check inter 10s rise 1 fall 2
option httpchk GET /
{% endif %}
listen mbs 0.0.0.0:10063
balance hdr(appserver)
server mbs-frontend01 mbs-frontend01:80 check inter 20s rise 2 fall 3
server mbs-frontend02 mbs-frontend02:80 check inter 20s rise 2 fall 3
option httpchk GET /module-build-service/1/module-builds/
# Apache doesn't handle the initial connection here like the other proxy
# entries. This proxy also doesn't use the http mode like the others.
# stunnel should be sitting on port 9939 (public) and redirecting
# connections from there to here, port 9938. This then proxies to the
# fedmsg-hub's websocket server on busgateway01, port 9919.
listen fedmsg-websockets 0.0.0.0:9938
mode tcp
option tcplog
balance roundrobin
maxconn 16384
timeout queue 5000
timeout server 86400000
timeout connect 86400000
server busgateway01 busgateway01:9919 weight 1 maxconn 16384
# This, unlike the websockets entry just above, is listening directly to the
# outside world with no stunnel inbetween.
# Simply redirect tcp connections to a local fedmsg-gateway slave. It should be
# forwarding messages from the master gateway on busgateway01.
listen fedmsg-raw-zmq-outbound 0.0.0.0:9940
mode tcp
option tcplog
balance roundrobin
maxconn 16384
timeout queue 5000
timeout server 86400000
timeout connect 86400000
server localhost localhost:9942 weight 1 maxconn 16384
# While the above fedmsg-raw-zmq-outbound forwards incoming connections to an
# instance of the "fedmsg-gateway" daemon (which pushes internal messages out),
# this entry forwards incoming connections to a secondary instance of the
# "fedmsg-relay" daemon (which pushes messages *onto* the internal bus). We
# have a primary instance of fedmsg-relay running on app01 for most internal
# use. Here we forward to a secondary one on busgateway01.
listen fedmsg-raw-zmq-inbound 0.0.0.0:9941
mode tcp
option tcplog
balance roundrobin
maxconn 16384
timeout queue 5000
timeout server 86400000
timeout connect 86400000
server busgateway01 busgateway01:9941 weight 1 maxconn 16384
|
