summaryrefslogtreecommitdiff
path: root/global/overlay
diff options
context:
space:
mode:
authorLeif Johansson <leifj@sunet.se>2015-04-16 22:17:39 +0200
committerLeif Johansson <leifj@sunet.se>2015-04-16 22:17:39 +0200
commit9f64c5737b4c57944bb33d78409cded63d07351a (patch)
tree32aa41f2a4c75e4ff741a2fdcf0ce3a9e850a845 /global/overlay
parentf94d6450abfa20d3e855216eb094abdfedae0b29 (diff)
proxy nodes
Diffstat (limited to 'global/overlay')
-rw-r--r--global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp42
1 files changed, 32 insertions, 10 deletions
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
index e9ae803..4eb9776 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
@@ -1,22 +1,44 @@
define sunet::etcd_node(
$disco_url = undef,
- $etcd_version = 'v2.0.8'
-)
+ $etcd_version = 'v2.0.8',
+ $proxy = true
+)
{
+ include stdlib
+
file { ["/data","/data/${name}","/data/${name}/${::hostname}"]: ensure => 'directory' }
+ $args = ["--discovery ${disco_url}",
+ "--name ${::hostname}",
+ "--key-file /etc/ssl/private/${::fqdn}_infra.key",
+ "--ca-file /etc/ssl/certs/infra.crt",
+ "--cert-file /etc/ssl/certs/${::fqdn}_infra.crt"]
+ if ($proxy) {
+ $args = concat($args,["--proxy on","--listen-client-urls http://${::ipaddress_docker0}:2379,http://127.0.0.1:4001,http://127.0.0.1:2379"])
+ } else {
+ $args = concat($args,
+ "--initial-advertise-peer-urls http://${::ipaddress_eth1}:2380",
+ "--advertise-client-urls http://${::ipaddress_eth1}:2379",
+ "--listen-peer-urls http://0.0.0.0:2380",
+ "--listen-client-urls http://0.0.0.0:2379,http://${::ipaddress_docker0}:2379",
+ "--peer-key-file /etc/ssl/private/${::fqdn}_infra.key",
+ "--peer-ca-file /etc/ssl/certs/infra.crt",
+ "--peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt"])
+ }
sunet::docker_run { "etcd_${name}":
image => 'quay.io/coreos/etcd',
imagetag => $etcd_version,
volumes => ["/data/${name}:/var/lib/etcd","/etc/ssl:/etc/ssl"],
- command => "--initial-advertise-peer-urls http://${::ipaddress_eth1}:2380 --advertise-client-urls http://${::ipaddress_eth1}:2379 --listen-peer-urls http://0.0.0.0:2380 --listen-client-urls http://0.0.0.0:2379 --discovery ${disco_url} --name ${::hostname} --key-file /etc/ssl/private/${::fqdn}_infra.key --peer-key-file /etc/ssl/private/${::fqdn}_infra.key --ca-file /etc/ssl/certs/infra.crt --peer-ca-file /etc/ssl/certs/infra.crt --cert-file /etc/ssl/certs/${::fqdn}_infra.crt --peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt",
+ command => join($args," "),
ports => ["${::ipaddress_eth1}:2380:2380","${::ipaddress_eth1}:2379:2379"]
}
- ufw::allow { "allow-etcd-peer":
- ip => "${::ipaddress_eth1}",
- port => 2380
- }
- ufw::allow { "allow-etcd-client":
- ip => "${::ipaddress_eth1}",
- port => 2379
+ if (not $proxy) {
+ ufw::allow { "allow-etcd-peer":
+ ip => "${::ipaddress_eth1}",
+ port => 2380
+ }
+ ufw::allow { "allow-etcd-client":
+ ip => "${::ipaddress_eth1}",
+ port => 2379
+ }
}
}