roles/haproxy/templates/haproxy.cfg


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231

# this config needs haproxy-1.1.28 or haproxy-1.2.1

global
    log 127.0.0.1   local0 warning
    # Set this to 4096 + 16384
    # 16384 for the fedmsg gateway and 4096 for everybody else.
    maxconn 20480
    chroot /var/lib/haproxy
    user haproxy
    group haproxy
    daemon
    stats socket /var/run/haproxy-stat user haproxy group nrpe mode 0664
    #debug
    #quiet

defaults
    log     global
    mode    http
    option  httplog
    option  dontlognull
    option  httpclose
    option  redispatch
    retries 3
    maxconn 5000
    timeout connect 5s
    timeout client 500s
    timeout server 500s
    errorfile 503 /etc/haproxy/503.http

listen stats 0.0.0.0:8080
    mode http
    balance hdr(appserver)
    stats enable
    stats uri /

listen  fp-wiki 0.0.0.0:10001
    balance hdr(appserver)
    server  wiki01 wiki01:80 check inter 15s rise 2 fall 5
    server  wiki02 wiki02:80 check inter 15s rise 2 fall 5
    option  httpchk GET /wiki/Main_Page

listen  mirror-lists 0.0.0.0:10002
    balance hdr(appserver)
    timeout connect 30s
    server  mirrorlist-dedicatedsolutions mirrorlist-dedicatedsolutions:80 check inter 5s rise 2 fall 3
    server  mirrorlist-host1plus mirrorlist-host1plus:80 check inter 5s rise 2 fall 3
    server  mirrorlist-ibiblio mirrorlist-ibiblio:80 check inter 5s rise 2 fall 3
    server  mirrorlist-osuosl mirrorlist-osuosl:80 check inter 5s rise 2 fall 3
    server  mirrorlist-phx2 mirrorlist-phx2:80 check inter 5s rise 2 fall 3
    option  httpchk GET /mirrorlist
    option  allbackups

listen  pkgdb 0.0.0.0:10003
    balance hdr(appserver)
    server  pkgdb01 pkgdb01:80 check inter 10s rise 2 fall 3
    server  pkgdb02 pkgdb02:80 check inter 10s rise 2 fall 3
    option  httpchk GET /pkgdb/collections/

listen  fas 0.0.0.0:10004
    # These values are set extremely low so any issues are recovered from very
    # quickly.  Setting these higher will cause odd behavior in apps that
    # depend on fas (like pkgdb, bodhi, etc)
    balance hdr(appserver)
    server  fas01 fas01:80 check inter 5s rise 1 fall 2
    server  fas02 fas02:80 check inter 5s rise 1 fall 2
    server  fas03 fas03:80 check inter 5s rise 1 fall 2
    option  httpchk GET /accounts/

listen  voting 0.0.0.0:10007
    balance hdr(appserver)
    server  elections01 elections01:80 check inter 10s rise 2 fall 4
    server  elections02 elections02:80 check inter 10s rise 2 fall 4
    option  httpchk GET /voting/

listen  mirrormanager 0.0.0.0:10008
    balance hdr(appserver)
    server  mm-frontend01 mm-frontend01:80 check inter 60s rise 2 fall 3
    option  httpchk GET /mirrormanager/static/mirrormanager2.css

listen  bodhi 0.0.0.0:10009
    balance hdr(appserver)
    server  bodhi01 bodhi01:80 check inter 20s rise 2 fall 3
    server  bodhi02 bodhi02:80 check inter 20s rise 2 fall 3
    option  httpchk GET /updates/nagios

listen  freemedia 0.0.0.0:10011
    balance hdr(appserver)
    server  sundries01 sundries01:80 check inter 60s rise 2 fall 3
    server  sundries02 sundries01:80 check inter 60s rise 2 fall 3
    option  httpchk GET /freemedia/FreeMedia-form.html

listen  packages 0.0.0.0:10016
    balance hdr(appserver)
    server  packages03 packages03:80 check inter 5s rise 2 fall 3
    server  packages04 packages04:80 check inter 5s rise 2 fall 3
    option  httpchk GET /packages/_heartbeat

listen  tagger 0.0.0.0:10017
    balance hdr(appserver)
    server  tagger01 tagger01:80 check inter 60s rise 2 fall 3
    server  tagger02 tagger02:80 check inter 60s rise 2 fall 3
    option  httpchk GET /tagger/_heartbeat

listen  totpcgiprovision 0.0.0.0:10019
    balance hdr(appserver)
    http-check expect status 401
    server  fas01 fas01:8444 check inter 5s rise 1 fall 2
    server  fas02 fas02:8444 check inter 5s rise 1 fall 2
    server  fas03 fas03:8444 check inter 5s rise 1 fall 2
    option httpchk GET /index.cgi

listen  fedoauth 0.0.0.0:10020
    balance hdr(appserver)
    server  fedoauth01 fedoauth01:80 check inter 10s rise 1 fall 2
    server  fedoauth02 fedoauth02:80 check inter 10s rise 1 fall 2
    option httpchk GET /

listen  askbot 0.0.0.0:10021
    balance hdr(appserver)
    server  ask01 ask01:80 check inter 10s rise 1 fall 2
    server  ask02 ask02:80 check inter 10s rise 1 fall 2
    option httpchk GET /questions/

listen  blockerbugs 0.0.0.0:10022
    balance hdr(appserver)
    server  blockerbugs01 blockerbugs01:80 check inter 10s rise 1 fall 2
    server  blockerbugs02 blockerbugs02:80 check inter 10s rise 1 fall 2
    option httpchk GET /blockerbugs

listen  fedocal 0.0.0.0:10023
    balance hdr(appserver)
    server  fedocal01 fedocal01:80 check inter 10s rise 1 fall 2
    server  fedocal02 fedocal02:80 check inter 10s rise 1 fall 2
    option httpchk GET /calendar

# IMPORTANT: 10023-10026 will NOT work because of selinux policies

listen  paste 0.0.0.0:10027
    balance hdr(appserver)
    server  paste01 paste01:80 check inter 10s rise 1 fall 2
    server  paste02 paste02:80 check inter 10s rise 1 fall 2
    option httpchk GET /

listen  datagrepper 0.0.0.0:10028
    balance hdr(appserver)
    server  datagrepper01 datagrepper01:80 check inter 10s rise 1 fall 2
    server  datagrepper02 datagrepper02:80 check inter 10s rise 1 fall 2
    option httpchk GET /datagrepper/reference/

listen  geoip-city 0.0.0.0:10029
    balance hdr(appserver)
    server  sundries01 sundries01:80 check inter 30s rise 2 fall 3
    server  sundries02 sundries02:80 check inter 30s rise 2 fall 3
    option  httpchk GET /city?ip=18.0.0.1

# IMPORTANT: 10031 will NOT work because of selinux policies

listen  badges 0.0.0.0:10032
    balance hdr(appserver)
    server  badges-web01 badges-web01:80 check inter 10s rise 1 fall 2
    server  badges-web02 badges-web02:80 check inter 10s rise 1 fall 2
    option httpchk GET /heartbeat

# 10033 is list
# 10034 is gallery

listen  nuancier 0.0.0.0:10035
    balance hdr(appserver)
    server  nuancier01 nuancier01:80 check inter 10s rise 1 fall 2
    server  nuancier02 nuancier02:80 check inter 10s rise 1 fall 2
    option  httpchk GET /nuancier/

listen  notifs-web 0.0.0.0:10036
    balance hdr(appserver)
    server  notifs-web01 notifs-web01:80 check inter 10s rise 1 fall 2
    server  notifs-web02 notifs-web02:80 check inter 10s rise 1 fall 2
    option  httpchk GET /notifications/_heartbeat

listen  github2fedmsg 0.0.0.0:10037
    balance hdr(appserver)
    server  github2fedmsg01 github2fedmsg01:80 check inter 10s rise 1 fall 2
    option  httpchk GET /github2fedmsg/

listen  kerneltest 0.0.0.0:10038
    balance hdr(appserver)
    server  kerneltest01 kerneltest01:80 check inter 10s rise 1 fall 2
    option httpchk GET /kerneltest

# 10040 is reserved for koschei

# Apache doesn't handle the initial connection here like the other proxy
# entries.  This proxy also doesn't use the http mode like the others.
# stunnel should be sitting on port 9939 (public) and redirecting
# connections from there to here, port 9938.  This then proxies to the
# fedmsg-hub's websocket server on busgateway01, port 9919.
listen fedmsg-websockets 0.0.0.0:9938
    mode tcp
    balance roundrobin
    maxconn 16384
    timeout queue 5000
    timeout server 86400000
    timeout connect 86400000
    server  busgateway01 busgateway01:9919 weight 1 maxconn 16384

# This, unlike the websockets entry just above, is listening directly to the
# outside world with no stunnel inbetween.
# Simply redirect tcp connections to a local fedmsg-gateway slave.  It should be
# forwarding messages from the master gateway on busgateway01.
listen fedmsg-raw-zmq-outbound 0.0.0.0:9940
    mode tcp
    balance roundrobin
    maxconn 16384
    timeout queue 5000
    timeout server 86400000
    timeout connect 86400000
    server  localhost localhost:9942 weight 1 maxconn 16384

# While the above fedmsg-raw-zmq-outbound forwards incoming connections to an
# instance of the "fedmsg-gateway" daemon (which pushes internal messages out),
# this entry forwards incoming connections to a secondary instance of the
# "fedmsg-relay" daemon (which pushes messages *onto* the internal bus).  We
# have a primary instance of fedmsg-relay running on app01 for most internal
# use.  Here we forward to a secondary one on busgateway01.
listen fedmsg-raw-zmq-inbound 0.0.0.0:9941
    mode tcp
    balance roundrobin
    maxconn 16384
    timeout queue 5000
    timeout server 86400000
    timeout connect 86400000
    server  busgateway01 busgateway01:9941 weight 1 maxconn 16384