### LETSENCRYPT
letsencrypt:
domainsets:
- __BALANCER_NODENAME__.__DOMAIN__:
+ __BALANCER_NODENAME__:
- __DOMAIN__
{%- import_yaml "ssl_key_encrypted.sls" as ssl_key_encrypted_pillar %}
{%- set domain = "__DOMAIN__" %}
-{%- set enable_balancer = ("__ENABLE_BALANCER__"|to_bool) %}
-{%- set balancer_backends = "__BALANCER_BACKENDS__".split(",") if enable_balancer else [] %}
+{%- set balancer_backends = "__CONTROLLER_NODES__".split(",") %}
### NGINX
nginx:
'__CLUSTER_INT_CIDR__': 0
upstream controller_upstream:
{%- for backend in balancer_backends %}
- 'server {{ backend }}.{{ domain }}:80': ''
+ 'server {{ backend }}:80': ''
{%- endfor %}
### SNIPPETS
# SPDX-License-Identifier: AGPL-3.0
{%- set domain = "__DOMAIN__" %}
-{%- set enable_balancer = ("__ENABLE_BALANCER__"|to_bool) %}
-{%- set balancer_backends = "__BALANCER_BACKENDS__".split(",") if enable_balancer else [] %}
+{%- set controller_nodes = "__CONTROLLER_NODES__".split(",") %}
{%- set dispatcher_ip = "__DISPATCHER_INT_IP__" %}
+{%- set keepbalance_ip = "__KEEPBALANCE_INT_IP__" %}
### POSTGRESQL
postgres:
- ['host', 'all', 'all', '::1/128', 'md5']
- ['host', '__CLUSTER___arvados', '__CLUSTER___arvados', '127.0.0.1/32']
- ['host', '__CLUSTER___arvados', '__CLUSTER___arvados', '{{ dispatcher_ip }}/32']
- {%- if enable_balancer %}
- {%- for backend in balancer_backends %}
- {%- set controller_ip = salt['cmd.run']("getent hosts "+backend+"."+domain+" | awk '{print $1 ; exit}'", python_shell=True) %}
+ - ['host', '__CLUSTER___arvados', '__CLUSTER___arvados', '{{ keepbalance_ip }}/32']
+ {%- for controller_hostname in controller_nodes %}
+ {%- set controller_ip = salt['cmd.run']("getent hosts "+controller_hostname+" | awk '{print $1 ; exit}'", python_shell=True) %}
- ['host', '__CLUSTER___arvados', '__CLUSTER___arvados', '{{ controller_ip }}/32']
{%- endfor %}
- {%- else %}
- - ['host', '__CLUSTER___arvados', '__CLUSTER___arvados', '__CONTROLLER_INT_IP__/32']
- {%- endif %}
users:
__CLUSTER___arvados:
ensure: present
# Load balancing settings
ENABLE_BALANCER="no"
-BALANCER_BACKENDS="controller1,controller2"
-BALANCER_NODENAME="controller"
# Performance tuning parameters
#CONTROLLER_NGINX_WORKERS=
s#__MONITORING_PASSWORD__#${MONITORING_PASSWORD}#g;
s#__DISPATCHER_SSH_PRIVKEY__#${DISPATCHER_SSH_PRIVKEY//$'\n'/\\n}#g;
s#__ENABLE_BALANCER__#${ENABLE_BALANCER}#g;
- s#__BALANCER_NODENAME__#${BALANCER_NODENAME}#g;
- s#__BALANCER_BACKENDS__#${BALANCER_BACKENDS}#g;
+ s#__BALANCER_NODENAME__#${ROLES['balancer']}#g;
+ s#__CONTROLLER_NODES__#${ROLES['controller']}#g;
s#__NODELIST__#${NODELIST}#g;
s#__DISPATCHER_INT_IP__#${DISPATCHER_INT_IP}#g;
s#__KEEPBALANCE_INT_IP__#${KEEPBALANCE_INT_IP}#g;
s#__MONITORING_PASSWORD__#${MONITORING_PASSWORD}#g;
s#__DISPATCHER_SSH_PRIVKEY__#${DISPATCHER_SSH_PRIVKEY//$'\n'/\\n}#g;
s#__ENABLE_BALANCER__#${ENABLE_BALANCER}#g;
- s#__BALANCER_NODENAME__#${BALANCER_NODENAME}#g;
- s#__BALANCER_BACKENDS__#${BALANCER_BACKENDS}#g;
+ s#__BALANCER_NODENAME__#${ROLES['balancer']}#g;
+ s#__CONTROLLER_NODES__#${ROLES['controller']}#g;
s#__NODELIST__#${NODELIST}#g;
s#__DISPATCHER_INT_IP__#${DISPATCHER_INT_IP}#g;
s#__KEEPBALANCE_INT_IP__#${KEEPBALANCE_INT_IP}#g;
grep -q "letsencrypt" ${P_DIR}/top.sls || echo " - letsencrypt" >> ${P_DIR}/top.sls
grep -q "letsencrypt_${R}_configuration" ${P_DIR}/top.sls || echo " - letsencrypt_${R}_configuration" >> ${P_DIR}/top.sls
- sed -i "s/__CERT_REQUIRES__/cmd: create-initial-cert-${BALANCER_NODENAME}.${DOMAIN}*/g;
- s#__CERT_PEM__#/etc/letsencrypt/live/${BALANCER_NODENAME}.${DOMAIN}/fullchain.pem#g;
- s#__CERT_KEY__#/etc/letsencrypt/live/${BALANCER_NODENAME}.${DOMAIN}/privkey.pem#g" \
+ sed -i "s/__CERT_REQUIRES__/cmd: create-initial-cert-${ROLES["balancer"]}*/g;
+ s#__CERT_PEM__#/etc/letsencrypt/live/${ROLES["balancer"]}/fullchain.pem#g;
+ s#__CERT_KEY__#/etc/letsencrypt/live/${ROLES["balancer"]}/privkey.pem#g" \
${P_DIR}/nginx_${R}_configuration.sls
if [ "${USE_LETSENCRYPT_ROUTE53}" = "yes" ]; then