Hi all,
Could I get +1s for the below patch?
Thanks,
Patrick
>From 46dc8281edb9b874075525b1756ed0cfa0f91575 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <patrick@xxxxxxxxxxxxxx>
Date: Wed, 6 Mar 2019 21:11:12 +0100
Subject: [PATCH] Add rabbitmq proxying to the proxies
Signed-off-by: Patrick Uiterwijk <patrick@xxxxxxxxxxxxxx>
---
inventory/group_vars/proxies | 5 +++++
inventory/group_vars/proxies-stg | 5 +++++
roles/haproxy/templates/haproxy.cfg | 28 ++++++++++++++++++++++++++++
3 files changed, 38 insertions(+)
diff --git a/inventory/group_vars/proxies b/inventory/group_vars/proxies
index 4b97c2ae3..8901de118 100644
--- a/inventory/group_vars/proxies
+++ b/inventory/group_vars/proxies
@@ -17,6 +17,11 @@ tcp_ports: [
# This is for TCP krb5
1088,
+ # This is for RabbitMQ public access
+ 5671,
+ # This is for RabbitMQ internal-public access
+ 15671,
+
# This is for the haproxy HTML stats page
# TODO -- there's no need for this to be wide open to the world. With this
# in place, you can visit https://apps.fedoraproject.org:8080 and get the
diff --git a/inventory/group_vars/proxies-stg b/inventory/group_vars/proxies-stg
index 7aeb745e7..f5590beff 100644
--- a/inventory/group_vars/proxies-stg
+++ b/inventory/group_vars/proxies-stg
@@ -17,6 +17,11 @@ tcp_ports: [
# This is for TCP krb5
1088,
+ # This is for RabbitMQ public access
+ 5671,
+ # This is for RabbitMQ internal-public access
+ 15671,
+
# This is for the haproxy HTML stats page
# TODO -- there's no need for this to be wide open to the world. With this
# in place, you can visit https://apps.fedoraproject.org:8080 and get the
diff --git a/roles/haproxy/templates/haproxy.cfg b/roles/haproxy/templates/haproxy.cfg
index 29bb567b7..0b4835fcd 100644
--- a/roles/haproxy/templates/haproxy.cfg
+++ b/roles/haproxy/templates/haproxy.cfg
@@ -565,6 +565,34 @@ backend copr-backend
option httpchk GET /api_3/
{% endif %}
+{% if datacenter == "phx2" %}
+# These ports are for proxying rabbitmq (AMQP) protocol through.
+# At this moment, internal- and public-rabbitmq both point to the exact same set of
+# brokers on the backend, but the internal- is intended for applications we directly control.
+# This allows us to move to a separate cluster for public access if that became necessary
+# on just the infra side, with no need to ask users to change anything.
+frontend internal-rabbitmq
+ mode tcp
+ bind 0.0.0.0:15671
+ default_backend rabbitmq
+
+frontend public-rabbitmq
+ mode tcp
+ bind 0.0.0.0:5671
+ default_backend rabbitmq
+
+backend rabbitmq
+ mode tcp
+ option tcplog
+ balance roundrobin
+ maxconn 16384
+ server rabbitmq01 rabbitmq01:5671 weight 1 maxconn 16384
+{% if env == "production %}
+ server rabbitmq02 rabbitmq02:5671 weight 1 maxconn 16384
+ server rabbitmq03 rabbitmq03:5671 weight 1 maxconn 16384
+{% endif %}
+{% endif %}
+
# Apache doesn't handle the initial connection here like the other proxy
# entries. This proxy also doesn't use the http mode like the others.
# stunnel should be sitting on port 9939 (public) and redirecting
--
2.20.1
_______________________________________________
infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
