def _configure_haproxy(env, state): x("cp {0}haproxy.cfg {0}org.haproxy.cfg".format(HAPROXY_CONF_DIR)) for path in app.get_syco_plugin_paths("/var/haproxy/"): app.print_verbose("Copy config files from %s" % path) x("cp {0}/{1}.haproxy.cfg {2}haproxy.cfg".format(path, env, HAPROXY_CONF_DIR)) x("cp {0}/error.html {1}error.html".format(path, HAPROXY_CONF_DIR)) ifname = get_front_nic_name() scopen.scOpen(HAPROXY_CONF).replace("${ENV_IP}", get_first_ip_from_nic(ifname)) if '${ENV_IP_ALIAS' in open(HAPROXY_CONF).read(): scopen.scOpen(HAPROXY_CONF).replace("${ENV_IP_ALIAS}", get_first_ip_from_nic('{0}:1'.format(ifname))) _configure_haproxy_state(state) _configure_credentials(env) _chkconfig("haproxy", "on") _service("haproxy", "restart") _setup_monitoring()
def add_iptables_chain(): """ * Keepalived uses multicast and VRRP protocol to talk to the nodes and need to be opened. So first we remove the multicast blocks and then open them up. * VRRP is known as Protocol 112 in iptables. """ app.print_verbose("Add iptables chain for keepalived") iptables("-N keepalived_output") iptables("-A syco_output -p ALL -j keepalived_output") iptables("-N keepalived_input") iptables("-A syco_input -p ALL -j keepalived_input") front_nic = get_front_nic_name() iptables("-A keepalived_input -p 112 -i {0} -j ACCEPT".format(front_nic)) iptables("-A keepalived_output -p 112 -o {0} -j ACCEPT".format(front_nic)) iptables("-D multicast_packets -s 224.0.0.0/4 -j DROP", general.X_OUTPUT_CMD) iptables("-D multicast_packets -d 224.0.0.0/4 -j DROP", general.X_OUTPUT_CMD) iptables("-A multicast_packets -d 224.0.0.0/8 -j ACCEPT") iptables("-A multicast_packets -s 224.0.0.0/8 -j ACCEPT")
def _configure_haproxy(env, state): x("cp {0}haproxy.cfg {0}org.haproxy.cfg".format(HAPROXY_CONF_DIR)) for path in app.get_syco_plugin_paths("/var/haproxy/"): app.print_verbose("Copy config files from %s" % path) x("cp {0}/{1}.haproxy.cfg {2}haproxy.cfg".format( path, env, HAPROXY_CONF_DIR)) x("cp {0}/error.html {1}".format(path, HAPROXY_CONF_DIR)) x("cp -R {0}/errors.xml {1}".format(path, HAPROXY_CONF_DIR)) ifname = get_front_nic_name() scopen.scOpen(HAPROXY_CONF).replace("${ENV_IP}", get_first_ip_from_nic(ifname)) if '${ENV_IP_ALIAS' in open(HAPROXY_CONF).read(): scopen.scOpen(HAPROXY_CONF).replace( "${ENV_IP_ALIAS}", get_first_ip_from_nic('{0}:1'.format(ifname))) _configure_haproxy_state(state) _configure_credentials(env) _chkconfig("haproxy", "on") _service("haproxy", "restart") _setup_monitoring() # chroot jail should not be accessible by anyone. x("chmod 000 /var/lib/haproxy")