Manual failover

  • Although HAProxy runs on multiple nodes, the virtual IP addresses can only be assigned to one node. That means that only one HAProxy instance is used at the same time.

  • Keepalived manages the virtual IP addresses and initiates an automatic failover if one node fails. There is no official way to manually tell keepalived to failover the VIP. But if you restart the keepalived container on the active node, the VIP will be moved to another node.

$ docker restart keepalived

Change certificate

  • Update the certificate in the file environments/kolla/secrets.yml (kolla_external_fqdn_cert) The order of certificates is important:

    • Add server private key

    • Add server public key

    • Add intermediate CA certificates (if any)

    • Add CA root certificate

  • Reconfigure HAProxy with osism-kolla reconfigure loadbalancer

Validate configuration

$ osism-kolla config loadbalancer
$ docker exec -it haproxy haproxy -c -V -f /etc/haproxy/haproxy.cfg
Configuration file is valid

Restart HAProxy to load new certificate

osism-ansible generic all -m shell -a 'docker restart haproxy' -l control