diff options
Diffstat (limited to 'manifests/haproxy.pp')
-rw-r--r-- | manifests/haproxy.pp | 49 |
1 files changed, 44 insertions, 5 deletions
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index c979295..b2cc264 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -228,6 +228,10 @@ # # [*zaqar_api*] # (optional) Enable or not Zaqar Api binding +# Defaults to false +# +# [*opendaylight*] +# (optional) Enable or not OpenDaylight binding # Defaults to false # # [*service_ports*] @@ -329,6 +333,7 @@ class tripleo::haproxy ( $redis_password = undef, $midonet_api = false, $zaqar_api = false, + $opendaylight = false, $service_ports = {} ) { $default_service_ports = { @@ -517,6 +522,21 @@ class tripleo::haproxy ( } if $keystone_public { + $keystone_listen_opts = { + 'http-request' => [ + 'set-header X-Forwarded-Proto https if { ssl_fc }', + 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], + } + if $service_certificate { + $keystone_public_tls_listen_opts = { + 'rsprep' => '^Location:\ http://(.*) Location:\ https://\1', + # NOTE(jaosorior): We always redirect to https for the public_virtual_ip. + 'redirect' => "scheme https code 301 if { hdr(host) -i ${public_virtual_ip} } !{ ssl_fc }", + 'option' => 'forwardfor', + } + } else { + $keystone_public_tls_listen_opts = {} + } ::tripleo::haproxy::endpoint { 'keystone_public': public_virtual_ip => $public_virtual_ip, internal_ip => hiera('keystone_public_api_vip', $controller_virtual_ip), @@ -524,11 +544,7 @@ class tripleo::haproxy ( ip_addresses => hiera('keystone_public_api_node_ips', $controller_hosts_real), server_names => $controller_hosts_names_real, mode => 'http', - listen_options => { - 'http-request' => [ - 'set-header X-Forwarded-Proto https if { ssl_fc }', - 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], - }, + listen_options => merge($keystone_listen_opts, $keystone_public_tls_listen_opts), public_ssl_port => $ports[keystone_public_api_ssl_port], } } @@ -918,4 +934,27 @@ class tripleo::haproxy ( public_ssl_port => $ports[zaqar_api_ssl_port], } } + + $opendaylight_api_vip = hiera('opendaylight_api_vip', $controller_virtual_ip) + $opendaylight_bind_opts = { + "${opendaylight_api_vip}:8081" => [], + "${public_virtual_ip}:8081" => [], + } + + if $opendaylight { + haproxy::listen { 'opendaylight': + bind => $opendaylight_bind_opts, + options => { + 'balance' => 'source', + }, + collect_exported => false, + } + haproxy::balancermember { 'opendaylight': + listening_service => 'opendaylight', + ports => '8081', + ipaddresses => hiera('opendaylight_api_node_ips', $controller_hosts_real), + server_names => $controller_hosts_names_real, + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } } |