Merge branch 't40084-comment-haproxy-configuration' into 'main'

Comment HAProxy configuration, Refs #40084 See merge request sys/ansible-public!105

Merge branch 't40084-comment-haproxy-configuration' into 'main'
516bc17d · Baptiste DE RENZO · 132e5c79 · cc34ea18 · 516bc17d
Commit 516bc17d authored 5 months ago by Baptiste DE RENZO
--- a/roles/nudgis/haproxy/templates/haproxy.cfg.j2
+++ b/roles/nudgis/haproxy/templates/haproxy.cfg.j2
+# HAProxy configuration for Nudgis HA-DB
 global
  log /dev/log    local0 warning
  log /dev/log    local1 warning
+  daemon
  chroot /var/lib/haproxy
-  stats socket /run/haproxy/admin.sock mode 664 level admin
-  stats timeout 30s
  user haproxy
  group haproxy
-  daemon
+  # Enable haproxy admin socket for supervision purpose (hatop)
+  stats socket /run/haproxy/admin.sock mode 664 level admin
+  stats timeout 30s
+  # See RM#39942
+  # Global maximum connections authorized (processed + pending) 
  maxconn 2000

 defaults
  log global
  mode tcp
+  option tcplog
  balance leastconn
  retries 2
-  timeout tunnel 30m
-  timeout client 30m
-  timeout connect 5s
-  timeout server 30m
-  timeout check 15s
-  option tcplog
+  # Enable TCP KeepAlive
  option tcpka
  option clitcpka
  option srvtcpka
+  # Set connection timeout
+  timeout connect 5s
+  timeout check 15s
+  # See RM#40075
+  # Set timeout on established connections without data transfer
+  # Warning: TCP KeepAlive maintain established connecions but does not transfer data
+  #          Treatments taking more than 30m with no data transfer have no chance of success
+  timeout client 30m
+  timeout server 30m
+  timeout tunnel 30m

+# See RM#39952
+# Enable status page for supervision purpose
 frontend stats
  mode http
  bind 127.0.0.1:8404
@@ -31,12 +43,22 @@ frontend stats
  stats uri /stats
  stats refresh 10s

+# Database HA load-balancing
 listen pgsql-primary
  bind 127.0.0.1:54321
-  default-server inter 2s fall 3 rise 2 on-marked-down shutdown-sessions
-  option tcp-check
-  tcp-check expect string primary
+  # See RM#39942
+  # Maximum connections allowed, surplus will be put on hold
  maxconn 1000
-  server {{ groups['postgres'][0] }} {{ hostvars[groups['postgres'][0]]['ansible_default_ipv4']['address'] }}:5432 maxconn 1000 check port 8543
-  server {{ groups['postgres'][1] }} {{ hostvars[groups['postgres'][1]]['ansible_default_ipv4']['address'] }}:5432 maxconn 1000 check port 8543 backup
+
+  # Database server availability test
+  # Database server have to be primary to receive traffic
+  # Use rephacheck binary for this check (listening on 8543)
+  option tcp-check
+  tcp-check connect port 8543
+  tcp-check expect string 'primary'
+
+  # Set failover and backend servers
+  default-server inter 2s fall 3 rise 2 on-marked-down shutdown-sessions
+  server {{ groups['postgres'][0] }} {{ hostvars[groups['postgres'][0]]['ansible_default_ipv4']['address'] }}:5432 maxconn 1000 check
+  server {{ groups['postgres'][1] }} {{ hostvars[groups['postgres'][1]]['ansible_default_ipv4']['address'] }}:5432 maxconn 1000 check backup