summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBen Nemec <bnemec@redhat.com>2016-01-15 18:45:11 +0000
committerBen Nemec <bnemec@redhat.com>2016-02-11 17:30:28 +0000
commit55b24a306d8ab6f71fa2b82f49d928dc72f8a3b0 (patch)
treeaec824d11b9c310df72e959876e422f4233ceaca
parent86d9064317ff6ae1a50bfbebd146d14370dad57b (diff)
Handle redirects for Horizon
As for Heat, we need to be able to handle 30X redirects from Horizon when configured to use SSL. Because Horizon's redirects are handled directly by Apache, we can't use middleware to handle the X-Forwarded-Proto header like we are planning to do for the other services. However, in this case we don't need to worry about rewriting urls in the payload like we do for the other services because Horizon is just serving standard web pages, not custom HTTP bodies with JSON contents. One other change from the previous Heat patch is to drop the IP from the rewrite regex. This is because Horizon will generally be accessed via a DNS name, so the IP won't appear in the Location header. The heat regex should probably be changed as well since we now support registering endpoints with DNS names, but since we plan to move all the other services to the X-Forwarded-Proto header middleware anyway we can probably just wait until that happens and then remove the Heat rule entirely. Change-Id: I039a3036be17eeabe3cff68e0ef24f70907cc568
-rw-r--r--manifests/loadbalancer.pp11
1 files changed, 8 insertions, 3 deletions
diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp
index a37ecff..f883264 100644
--- a/manifests/loadbalancer.pp
+++ b/manifests/loadbalancer.pp
@@ -758,11 +758,18 @@ class tripleo::loadbalancer (
"${horizon_vip}:80" => $haproxy_listen_bind_param,
"${public_virtual_ip}:443" => union($haproxy_listen_bind_param, ['ssl', 'crt', $horizon_bind_certificate]),
}
+ $horizon_options = {
+ 'cookie' => 'SERVERID insert indirect nocache',
+ 'rsprep' => '^Location:\ http://(.*) Location:\ https://\1',
+ }
} else {
$horizon_bind_opts = {
"${horizon_vip}:80" => $haproxy_listen_bind_param,
"${public_virtual_ip}:80" => $haproxy_listen_bind_param,
}
+ $horizon_options = {
+ 'cookie' => 'SERVERID insert indirect nocache',
+ }
}
$ironic_api_vip = hiera('ironic_api_vip', $controller_virtual_ip)
@@ -1131,9 +1138,7 @@ class tripleo::loadbalancer (
if $horizon {
haproxy::listen { 'horizon':
bind => $horizon_bind_opts,
- options => {
- 'cookie' => 'SERVERID insert indirect nocache',
- },
+ options => $horizon_options,
mode => 'http',
collect_exported => false,
}