diff options
Diffstat (limited to 'manifests/haproxy.pp')
-rw-r--r-- | manifests/haproxy.pp | 73 |
1 files changed, 38 insertions, 35 deletions
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index 6a81731..eab7cc9 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -439,11 +439,14 @@ class tripleo::haproxy ( "${public_virtual_ip}:443" => union($haproxy_listen_bind_param, ['ssl', 'crt', $service_certificate]), } $horizon_options = { - 'cookie' => 'SERVERID insert indirect nocache', - 'rsprep' => '^Location:\ http://(.*) Location:\ https://\1', + 'cookie' => 'SERVERID insert indirect nocache', + 'rsprep' => '^Location:\ http://(.*) Location:\ https://\1', # NOTE(jaosorior): We always redirect to https for the public_virtual_ip. - 'redirect' => "scheme https code 301 if { hdr(host) -i ${public_virtual_ip} } !{ ssl_fc }", - 'option' => 'forwardfor', + 'redirect' => "scheme https code 301 if { hdr(host) -i ${public_virtual_ip} } !{ ssl_fc }", + 'option' => 'forwardfor', + 'http-request' => [ + 'set-header X-Forwarded-Proto https if { ssl_fc }', + 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], } } else { $horizon_bind_opts = { @@ -530,7 +533,7 @@ class tripleo::haproxy ( internal_ip => hiera('keystone_admin_api_vip', $controller_virtual_ip), service_port => $ports[keystone_admin_api_port], ip_addresses => hiera('keystone_admin_api_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('keystone_admin_api_node_names', $controller_hosts_names_real), mode => 'http', listen_options => { 'http-request' => [ @@ -562,7 +565,7 @@ class tripleo::haproxy ( internal_ip => hiera('keystone_public_api_vip', $controller_virtual_ip), service_port => $ports[keystone_public_api_port], ip_addresses => hiera('keystone_public_api_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('keystone_public_api_node_names', $controller_hosts_names_real), mode => 'http', listen_options => merge($keystone_listen_opts, $keystone_public_tls_listen_opts), public_ssl_port => $ports[keystone_public_api_ssl_port], @@ -575,7 +578,7 @@ class tripleo::haproxy ( internal_ip => hiera('neutron_api_vip', $controller_virtual_ip), service_port => $ports[neutron_api_port], ip_addresses => hiera('neutron_api_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('neutron_api_node_names', $controller_hosts_names_real), public_ssl_port => $ports[neutron_api_ssl_port], } } @@ -586,7 +589,7 @@ class tripleo::haproxy ( internal_ip => hiera('cinder_api_vip', $controller_virtual_ip), service_port => $ports[cinder_api_port], ip_addresses => hiera('cinder_api_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('cinder_api_node_names', $controller_hosts_names_real), mode => 'http', listen_options => { 'http-request' => [ @@ -603,7 +606,7 @@ class tripleo::haproxy ( internal_ip => hiera('manila_api_vip', $controller_virtual_ip), service_port => $ports[manila_api_port], ip_addresses => hiera('manila_api_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('manila_api_node_names', $controller_hosts_names_real), listen_options => { 'http-request' => [ 'set-header X-Forwarded-Proto https if { ssl_fc }', @@ -619,7 +622,7 @@ class tripleo::haproxy ( internal_ip => hiera('sahara_api_vip', $controller_virtual_ip), service_port => $ports[sahara_api_port], ip_addresses => hiera('sahara_api_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('sahara_api_node_names', $controller_hosts_names_real), public_ssl_port => $ports[sahara_api_ssl_port], } } @@ -630,7 +633,7 @@ class tripleo::haproxy ( internal_ip => hiera('trove_api_vip', $controller_virtual_ip), service_port => $ports[trove_api_port], ip_addresses => hiera('trove_api_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('trove_api_node_names', $controller_hosts_names_real), public_ssl_port => $ports[trove_api_ssl_port], } } @@ -641,7 +644,7 @@ class tripleo::haproxy ( internal_ip => hiera('glance_api_vip', $controller_virtual_ip), service_port => $ports[glance_api_port], ip_addresses => hiera('glance_api_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('glance_api_node_names', $controller_hosts_names_real), public_ssl_port => $ports[glance_api_ssl_port], mode => 'http', listen_options => { @@ -657,7 +660,7 @@ class tripleo::haproxy ( internal_ip => hiera('glance_registry_vip', $controller_virtual_ip), service_port => $ports[glance_registry_port], ip_addresses => hiera('glance_registry_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('glance_registry_node_names', $controller_hosts_names_real), } } @@ -668,7 +671,7 @@ class tripleo::haproxy ( internal_ip => $nova_api_vip, service_port => $ports[nova_api_port], ip_addresses => hiera('nova_api_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('nova_api_node_names', $controller_hosts_names_real), mode => 'http', listen_options => { 'http-request' => [ @@ -684,7 +687,7 @@ class tripleo::haproxy ( internal_ip => hiera('nova_metadata_vip', $controller_virtual_ip), service_port => $ports[nova_metadata_port], ip_addresses => hiera('nova_metadata_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('nova_metadata_node_names', $controller_hosts_names_real), } } @@ -694,7 +697,7 @@ class tripleo::haproxy ( internal_ip => $nova_api_vip, service_port => $ports[nova_novnc_port], ip_addresses => hiera('nova_api_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('nova_api_node_names', $controller_hosts_names_real), listen_options => { 'balance' => 'source', 'timeout' => [ 'tunnel 1h' ], @@ -709,7 +712,7 @@ class tripleo::haproxy ( internal_ip => hiera('ceilometer_api_vip', $controller_virtual_ip), service_port => $ports[ceilometer_api_port], ip_addresses => hiera('ceilometer_api_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('ceilometer_api_node_names', $controller_hosts_names_real), public_ssl_port => $ports[ceilometer_api_ssl_port], } } @@ -720,7 +723,7 @@ class tripleo::haproxy ( internal_ip => hiera('aodh_api_vip', $controller_virtual_ip), service_port => $ports[aodh_api_port], ip_addresses => hiera('aodh_api_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('aodh_api_node_names', $controller_hosts_names_real), public_ssl_port => $ports[aodh_api_ssl_port], } } @@ -731,7 +734,7 @@ class tripleo::haproxy ( internal_ip => hiera('gnocchi_api_vip', $controller_virtual_ip), service_port => $ports[gnocchi_api_port], ip_addresses => hiera('gnocchi_api_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('gnocchi_api_node_names', $controller_hosts_names_real), public_ssl_port => $ports[gnocchi_api_ssl_port], } } @@ -742,7 +745,7 @@ class tripleo::haproxy ( internal_ip => hiera('mistral_api_vip', $controller_virtual_ip), service_port => $ports[mistral_api_port], ip_addresses => hiera('mistral_api_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('mistral_api_node_names', $controller_hosts_names_real), public_ssl_port => $ports[mistral_api_ssl_port], } } @@ -753,7 +756,7 @@ class tripleo::haproxy ( internal_ip => hiera('swift_proxy_vip', $controller_virtual_ip), service_port => $ports[swift_proxy_port], ip_addresses => hiera('swift_proxy_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('swift_proxy_node_names', $controller_hosts_names_real), public_ssl_port => $ports[swift_proxy_ssl_port], } } @@ -779,7 +782,7 @@ class tripleo::haproxy ( internal_ip => $heat_api_vip, service_port => $ports[heat_api_port], ip_addresses => $heat_ip_addresses, - server_names => $controller_hosts_names_real, + server_names => hiera('heat_api_node_names', $controller_hosts_names_real), mode => 'http', listen_options => $heat_options, public_ssl_port => $ports[heat_api_ssl_port], @@ -792,7 +795,7 @@ class tripleo::haproxy ( internal_ip => $heat_api_vip, service_port => $ports[heat_cw_port], ip_addresses => $heat_ip_addresses, - server_names => $controller_hosts_names_real, + server_names => hiera('heat_api_node_names', $controller_hosts_names_real), mode => 'http', listen_options => $heat_options, public_ssl_port => $ports[heat_cw_ssl_port], @@ -805,7 +808,7 @@ class tripleo::haproxy ( internal_ip => $heat_api_vip, service_port => $ports[heat_cfn_port], ip_addresses => $heat_ip_addresses, - server_names => $controller_hosts_names_real, + server_names => hiera('heat_api_node_names', $controller_hosts_names_real), mode => 'http', listen_options => $heat_options, public_ssl_port => $ports[heat_cfn_ssl_port], @@ -823,7 +826,7 @@ class tripleo::haproxy ( listening_service => 'horizon', ports => '80', ipaddresses => hiera('horizon_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('horizon_node_names', $controller_hosts_names_real), options => union($haproxy_member_options, ["cookie ${::hostname}"]), } } @@ -834,7 +837,7 @@ class tripleo::haproxy ( internal_ip => hiera('ironic_api_vip', $controller_virtual_ip), service_port => $ports[ironic_api_port], ip_addresses => hiera('ironic_api_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('ironic_api_node_names', $controller_hosts_names_real), public_ssl_port => $ports[ironic_api_ssl_port], } } @@ -845,7 +848,7 @@ class tripleo::haproxy ( internal_ip => hiera('ironic_inspector_vip', $controller_virtual_ip), service_port => $ports[ironic_inspector_port], ip_addresses => hiera('ironic_inspector_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('ironic_inspector_node_names', $controller_hosts_names_real), public_ssl_port => $ports[ironic_inspector_ssl_port], } } @@ -877,7 +880,7 @@ class tripleo::haproxy ( listening_service => 'mysql', ports => '3306', ipaddresses => hiera('mysql_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('mysql_node_names', $controller_hosts_names_real), options => $mysql_member_options, } } @@ -895,7 +898,7 @@ class tripleo::haproxy ( listening_service => 'rabbitmq', ports => '5672', ipaddresses => hiera('rabbitmq_network', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('rabbitmq_node_names', $controller_hosts_names_real), options => $haproxy_member_options, } } @@ -924,7 +927,7 @@ class tripleo::haproxy ( listening_service => 'redis', ports => '6379', ipaddresses => hiera('redis_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('redis_node_names', $controller_hosts_names_real), options => $haproxy_member_options, } } @@ -944,7 +947,7 @@ class tripleo::haproxy ( listening_service => 'midonet_api', ports => '8081', ipaddresses => hiera('midonet_api_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('midonet_api_node_names', $controller_hosts_names_real), options => $haproxy_member_options, } } @@ -954,7 +957,7 @@ class tripleo::haproxy ( internal_ip => hiera('zaqar_api_vip', $controller_virtual_ip), service_port => $ports[zaqar_api_port], ip_addresses => hiera('zaqar_api_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('zaqar_api_node_names', $controller_hosts_names_real), mode => 'http', public_ssl_port => $ports[zaqar_api_ssl_port], } @@ -966,7 +969,7 @@ class tripleo::haproxy ( internal_ip => hiera('ceph_rgw_vip', $controller_virtual_ip), service_port => $ports[ceph_rgw_port], ip_addresses => hiera('ceph_rgw_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('ceph_rgw_node_names', $controller_hosts_names_real), public_ssl_port => $ports[ceph_rgw_ssl_port], } } @@ -989,7 +992,7 @@ class tripleo::haproxy ( listening_service => 'opendaylight', ports => '8081', ipaddresses => hiera('opendaylight_api_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('opendaylight_api_node_names', $controller_hosts_names_real), options => ['check', 'inter 2000', 'rise 2', 'fall 5'], } } @@ -1000,7 +1003,7 @@ class tripleo::haproxy ( internal_ip => hiera('zaqar_ws_vip', $controller_virtual_ip), service_port => $ports[zaqar_ws_port], ip_addresses => hiera('zaqar_ws_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('zaqar_ws_node_names', $controller_hosts_names_real), mode => 'http', haproxy_listen_bind_param => [], # We don't use a transparent proxy here listen_options => { |