diff options
| author |   Tim Rozet <trozet@redhat.com> | 2016-12-20 15:45:00 -0500 |
|---|---|---|
| committer | Tim Rozet <trozet@redhat.com> | 2017-01-04 10:36:03 -0500 |
| commit | 0f002c65147e6148636b87395548e5406c5601bc (patch) | |
| tree | 96fd93f4ce75d698309bfc2ba03c9f62c0313e7d /manifests | |
| parent | 48eef39ca35fda6e544cb43f0ee974f600608fd2 (diff) | |
Fixes missing haproxy firewall rules for OpenDaylight
This migrates the haproxy config for ODL to use the
tripleo::haproxy::endpoint class. This class automatically configures
firewall rules for each haproxy endpoint. Also removes listening on
public network for IP and adds listening on ctlplane network for admin
access.
Partial-Bug: 1651476
Change-Id: I1f2af2793d040fda17bf73252afe59434d99f31f
Signed-off-by: Tim Rozet <trozet@redhat.com>
Diffstat (limited to 'manifests')
| -rw-r--r-- | manifests/haproxy.pp | 26 |
1 files changed, 9 insertions, 17 deletions
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index 58b73e0..57d2d8f 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -439,6 +439,7 @@ # 'nova_metadata_port' (Defaults to 8775) # 'nova_novnc_port' (Defaults to 6080) # 'nova_novnc_ssl_port' (Defaults to 13080) +# 'opendaylight_api_port' (Defaults to 8081) # 'panko_api_port' (Defaults to 8779) # 'panko_api_ssl_port' (Defaults to 13779) # 'sahara_api_port' (Defaults to 8386) @@ -588,6 +589,7 @@ class tripleo::haproxy ( nova_metadata_port => 8775, nova_novnc_port => 6080, nova_novnc_ssl_port => 13080, + opendaylight_api_port => 8081, panko_api_port => 8779, panko_api_ssl_port => 13779, sahara_api_port => 8386, @@ -1295,26 +1297,16 @@ class tripleo::haproxy ( } } - $opendaylight_api_vip = hiera('opendaylight_api_vip', $controller_virtual_ip) - $opendaylight_bind_opts = { - "${opendaylight_api_vip}:8081" => $haproxy_listen_bind_param, - "${public_virtual_ip}:8081" => $haproxy_listen_bind_param, - } - if $opendaylight { - haproxy::listen { 'opendaylight': - bind => $opendaylight_bind_opts, - options => { + ::tripleo::haproxy::endpoint { 'opendaylight': + internal_ip => unique([hiera('opendaylight_api_vip', $controller_virtual_ip), $controller_virtual_ip]), + service_port => $ports[opendaylight_api_port], + ip_addresses => hiera('opendaylight_api_node_ips', $controller_hosts_real), + server_names => hiera('opendaylight_api_node_names', $controller_hosts_names_real), + mode => 'http', + listen_options => { 'balance' => 'source', }, - collect_exported => false, - } - haproxy::balancermember { 'opendaylight': - listening_service => 'opendaylight', - ports => '8081', - ipaddresses => hiera('opendaylight_api_node_ips', $controller_hosts_real), - server_names => hiera('opendaylight_api_node_names', $controller_hosts_names_real), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], } } |