1 files changed, 44 insertions, 5 deletions
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp
index c979295..b2cc264 100644
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@@ -228,6 +228,10 @@
 #
 # [*zaqar_api*]
 #  (optional) Enable or not Zaqar Api binding
+# Defaults to false
+#
+# [*opendaylight*]
+#  (optional) Enable or not OpenDaylight binding
 #  Defaults to false
 #
 # [*service_ports*]
@@ -329,6 +333,7 @@ class tripleo::haproxy (
   $redis_password            = undef,
   $midonet_api               = false,
   $zaqar_api                 = false,
+  $opendaylight              = false,
   $service_ports             = {}
 ) {
   $default_service_ports = {
@@ -517,6 +522,21 @@ class tripleo::haproxy (
   }
 
   if $keystone_public {
+    $keystone_listen_opts = {
+      'http-request' => [
+        'set-header X-Forwarded-Proto https if { ssl_fc }',
+        'set-header X-Forwarded-Proto http if !{ ssl_fc }'],
+    }
+    if $service_certificate {
+      $keystone_public_tls_listen_opts = {
+        'rsprep'       => '^Location:\ http://(.*) Location:\ https://\1',
+        # NOTE(jaosorior): We always redirect to https for the public_virtual_ip.
+        'redirect'     => "scheme https code 301 if { hdr(host) -i ${public_virtual_ip} } !{ ssl_fc }",
+        'option'       => 'forwardfor',
+      }
+    } else {
+      $keystone_public_tls_listen_opts = {}
+    }
     ::tripleo::haproxy::endpoint { 'keystone_public':
       public_virtual_ip => $public_virtual_ip,
       internal_ip       => hiera('keystone_public_api_vip', $controller_virtual_ip),
@@ -524,11 +544,7 @@ class tripleo::haproxy (
       ip_addresses      => hiera('keystone_public_api_node_ips', $controller_hosts_real),
       server_names      => $controller_hosts_names_real,
       mode              => 'http',
-      listen_options    => {
-          'http-request' => [
-            'set-header X-Forwarded-Proto https if { ssl_fc }',
-            'set-header X-Forwarded-Proto http if !{ ssl_fc }'],
-      },
+      listen_options    => merge($keystone_listen_opts, $keystone_public_tls_listen_opts),
       public_ssl_port   => $ports[keystone_public_api_ssl_port],
     }
   }
@@ -918,4 +934,27 @@ class tripleo::haproxy (
       public_ssl_port   => $ports[zaqar_api_ssl_port],
     }
   }
+
+  $opendaylight_api_vip = hiera('opendaylight_api_vip', $controller_virtual_ip)
+  $opendaylight_bind_opts = {
+    "${opendaylight_api_vip}:8081" => [],
+    "${public_virtual_ip}:8081" => [],
+  }
+
+  if $opendaylight {
+    haproxy::listen { 'opendaylight':
+      bind             => $opendaylight_bind_opts,
+      options          => {
+        'balance' => 'source',
+      },
+      collect_exported => false,
+    }
+    haproxy::balancermember { 'opendaylight':
+      listening_service => 'opendaylight',
+      ports             => '8081',
+      ipaddresses       => hiera('opendaylight_api_node_ips', $controller_hosts_real),
+      server_names      => $controller_hosts_names_real,
+      options           => ['check', 'inter 2000', 'rise 2', 'fall 5'],
+    }
+  }
 }