def _set_global_config(config, sock_path):
global_custom_attributes = validator(config, 'global')
maxconn = global_custom_attributes.pop('max_conn', None) \
if 'max_conn' in global_custom_attributes else 65000
ssl_ciphers = global_custom_attributes.pop('ssl_ciphers', None) \
if 'ssl_ciphers' in global_custom_attributes else \
'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:' \
'ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:' \
'RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS'
conf = [
'global',
'daemon',
'user nobody',
'group nogroup',
'log /dev/log local0',
'log /dev/log local1 notice',
'tune.ssl.default-dh-param 2048',
'ssl-default-bind-ciphers %s' % ssl_ciphers,
'ulimit-n 200000',
'maxconn %d' % maxconn
]
conf.append('stats socket %s mode 0666 level user' % sock_path)
return _construct_config_block(config, conf, "global", global_custom_attributes)
def _set_frontend(config, conf_dir, keystone_auth_conf_file):
port = config['vip']['port']
vip_custom_attributes = validator(config, 'vip', keystone_auth_conf_file)
ssl = ''
if 'tls_container' in vip_custom_attributes:
data = vip_custom_attributes.pop('tls_container', None)
crt_file = _populate_pem_file(data, conf_dir)
else:
crt_file = config['ssl-crt']
if config['vip']['protocol'] == PROTO_HTTPS:
ssl = 'ssl crt %s no-sslv3' % crt_file
conf = [
'frontend %s' % config['vip']['id'],
'option tcplog',
'bind %s:%d %s' % (config['vip']['address'], port, ssl),
'mode %s' % PROTO_MAP[config['vip']['protocol']],
'default_backend %s' % config['pool']['id']
]
if config['vip']['connection-limit'] >= 0:
conf.append('maxconn %s' % config['vip']['connection-limit'])
if config['vip']['protocol'] == PROTO_HTTP or \
config['vip']['protocol'] == PROTO_HTTPS:
conf.append('option forwardfor')
return _construct_config_block(config, conf, "vip", vip_custom_attributes)
def _set_backend(config):
pool_custom_attributes = validator(config, 'pool')
conf = [
'backend %s' % config['pool']['id'],
'mode %s' % PROTO_MAP[config['pool']['protocol']],
'balance %s' % LB_METHOD_MAP[config['pool']['method']]
]
if config['pool']['protocol'] == PROTO_HTTP:
conf.append('option forwardfor')
server_suffix, monitor_conf = _set_health_monitor(config)
conf.extend(monitor_conf)
session_conf = _set_session_persistence(config)
conf.extend(session_conf)
for member in config['members']:
if not member['admin-state']:
continue
server = (('server %(id)s %(address)s:%(port)s '
'weight %(weight)s') % member) + server_suffix
if (config['vip']['persistence-type'] == PERSISTENCE_HTTP_COOKIE):
server += ' cookie %d' % config['members'].index(member)
conf.append(server)
return _construct_config_block(config, conf, "pool", pool_custom_attributes)
def _set_global_config(config, sock_path):
global_custom_attributes = validator(config, 'global')
maxconn = global_custom_attributes.pop('maxconn', None) \
if 'maxconn' in global_custom_attributes else 65000
ssl_ciphers = global_custom_attributes.pop('ssl_ciphers', None) \
if 'ssl_ciphers' in global_custom_attributes else \
'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:' \
'ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:' \
'RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS'
conf = [
'global',
'daemon',
'user nobody',
'group nogroup',
'log /dev/log local0',
'log /dev/log local1 notice',
'tune.ssl.default-dh-param 2048',
'ssl-default-bind-ciphers %s' % ssl_ciphers,
'ulimit-n 200000',
'maxconn %d' % maxconn
]
conf.append('stats socket %s mode 0666 level user' % sock_path)
for key, value in global_custom_attributes.iteritems():
cmd = custom_attributes_dict['global'][key]['cmd']
conf.append(cmd % value)
return ("\n\t".join(conf))
def _set_global_config(config, sock_path):
global_custom_attributes = validator(config, 'global')
maxconn = global_custom_attributes.pop('max_conn', None) \
if 'max_conn' in global_custom_attributes else 65000
ssl_ciphers = global_custom_attributes.pop('ssl_ciphers', None) \
if 'ssl_ciphers' in global_custom_attributes else \
'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:' \
'ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:' \
'RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS'
conf = [
'global',
'daemon',
'user nobody',
'group nogroup',
'log /dev/log local0',
'log /dev/log local1 notice',
'tune.ssl.default-dh-param 2048',
'ssl-default-bind-ciphers %s' % ssl_ciphers,
'ulimit-n 200000',
'maxconn %d' % maxconn
]
conf.append('stats socket %s mode 0666 level user' % sock_path)
return _construct_config_block(config, conf, "global", global_custom_attributes)
def _set_backend(config):
if 'loadbalancer' in config:
return _set_backend_v2(config)
pool_custom_attributes = validator(config, 'pool')
conf = [
'backend %s' % config['pool']['id'],
'mode %s' % PROTO_MAP[config['pool']['protocol']],
'balance %s' % LB_METHOD_MAP[config['pool']['method']]
]
if config['pool']['protocol'] == PROTO_HTTP:
conf.append('option forwardfor')
server_suffix, monitor_conf = _set_health_monitor(config)
conf.extend(monitor_conf)
session_conf = _set_session_persistence(config)
conf.extend(session_conf)
for member in config['members']:
if not member['admin-state']:
continue
server = (('server %(id)s %(address)s:%(port)s '
'weight %(weight)s') % member) + server_suffix
if (config['vip']['persistence-type'] == PERSISTENCE_HTTP_COOKIE):
server += ' cookie %d' % config['members'].index(member)
conf.append(server)
return _construct_config_block(config, conf, "pool", pool_custom_attributes)
def _set_frontend(config, conf_dir, keystone_auth_conf_file):
if 'loadbalancer' in config:
return _set_frontend_v2(config, conf_dir, keystone_auth_conf_file)
port = config['vip']['port']
vip_custom_attributes = validator(config, 'vip', keystone_auth_conf_file)
ssl = ''
if 'tls_container' in vip_custom_attributes:
data = vip_custom_attributes.pop('tls_container', None)
crt_file = _populate_pem_file(data, conf_dir)
else:
crt_file = config['ssl-crt']
if config['vip']['protocol'] == PROTO_HTTPS:
ssl = 'ssl crt %s no-sslv3' % crt_file
conf = [
'frontend %s' % config['vip']['id'],
'option tcplog',
'bind %s:%d %s' % (config['vip']['address'], port, ssl),
'mode %s' % PROTO_MAP[config['vip']['protocol']],
'default_backend %s' % config['pool']['id']
]
if config['vip']['connection-limit'] >= 0:
conf.append('maxconn %s' % config['vip']['connection-limit'])
if config['vip']['protocol'] == PROTO_HTTP or \
config['vip']['protocol'] == PROTO_HTTPS:
conf.append('option forwardfor')
return _construct_config_block(config, conf, "vip", vip_custom_attributes)
def _set_defaults(config):
default_custom_attributes = validator(config, 'default')
client_timeout = default_custom_attributes.pop('client_timeout', None) \
if 'client_timeout' in default_custom_attributes else 300000
server_timeout = default_custom_attributes.pop('server_timeout', None) \
if 'server_timeout' in default_custom_attributes else 300000
connect_timeout = default_custom_attributes.pop('connect_timeout', None) \
if 'connect_timeout' in default_custom_attributes else 5000
conf = [
'defaults',
'log global',
'retries 3',
'option redispatch',
'timeout connect %d' % connect_timeout,
'timeout client %d' % client_timeout,
'timeout server %d' % server_timeout,
]
return _construct_config_block(config, conf, "default", default_custom_attributes)
def _set_defaults(config):
default_custom_attributes = validator(config, 'default')
client_timeout = default_custom_attributes.pop('client_timeout', None) \
if 'client_timeout' in default_custom_attributes else 300000
server_timeout = default_custom_attributes.pop('server_timeout', None) \
if 'server_timeout' in default_custom_attributes else 300000
connect_timeout = default_custom_attributes.pop('connect_timeout', None) \
if 'connect_timeout' in default_custom_attributes else 5000
conf = [
'defaults',
'log global',
'retries 3',
'option redispatch',
'timeout connect %d' % connect_timeout,
'timeout client %d' % client_timeout,
'timeout server %d' % server_timeout,
]
return _construct_config_block(config, conf, "default", default_custom_attributes)
def _set_defaults(config):
default_custom_attributes = validator(config, 'default')
client_timeout = default_custom_attributes.pop('client_timeout', None) \
if 'client_timeout' in default_custom_attributes else 300000
server_timeout = default_custom_attributes.pop('server_timeout', None) \
if 'server_timeout' in default_custom_attributes else 300000
connect_timeout = default_custom_attributes.pop('connect_timeout', None) \
if 'connect_timeout' in default_custom_attributes else 5000
conf = [
'defaults',
'log global',
'retries 3',
'option redispatch',
'timeout connect %d' % connect_timeout,
'timeout client %d' % client_timeout,
'timeout server %d' % server_timeout,
]
for key, value in default_custom_attributes.iteritems():
cmd = custom_attributes_dict['default'][key]['cmd']
conf.append(cmd % value)
return ("\n\t".join(conf))
def _set_frontend(config):
port = config['vip']['port']
vip_custom_attributes = validator(config, 'vip')
ssl = ''
if config['vip']['protocol'] == PROTO_HTTPS:
ssl = 'ssl crt %s no-sslv3' % config['ssl-crt']
conf = [
'frontend %s' % config['vip']['id'],
'option tcplog',
'bind %s:%d %s' % (config['vip']['address'], port, ssl),
'mode %s' % PROTO_MAP[config['vip']['protocol']],
'default_backend %s' % config['pool']['id']
]
if config['vip']['connection-limit'] >= 0:
conf.append('maxconn %s' % config['vip']['connection-limit'])
if config['vip']['protocol'] == PROTO_HTTP or \
config['vip']['protocol'] == PROTO_HTTPS:
conf.append('option forwardfor')
for key, value in vip_custom_attributes.iteritems():
cmd = custom_attributes_dict['vip'][key]['cmd']
conf.append(cmd % value)
return ("\n\t".join(conf))