1 files changed, 82 insertions, 5 deletions

diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp
index e3e48ce..e2b2cc9 100644
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@@ -169,6 +169,10 @@
 #  (optional) Enable or not Gnocchi API binding
 #  Defaults to false
 #
+# [*mistral*]
+#  (optional) Enable or not Mistral API binding
+#  Defaults to false
+#
 # [*swift_proxy_server*]
 #  (optional) Enable or not Swift API binding
 #  Defaults to false
@@ -193,6 +197,10 @@
 #  (optional) Enable or not Ironic API binding
 #  Defaults to false
 #
+# [*ironic_inspector*]
+#  (optional) Enable or not Ironic Inspector API binding
+#  Defaults to false
+#
 # [*mysql*]
 #  (optional) Enable or not MySQL Galera binding
 #  Defaults to false
@@ -218,6 +226,10 @@
 #  (optional) Enable or not MidoNet API binding
 #  Defaults to false
 #
+# [*zaqar_api*]
+#  (optional) Enable or not Zaqar Api binding
+#  Defaults to false
+#
 # [*service_ports*]
 #  (optional) Hash that contains the values to override from the service ports
 #  The available keys to modify the services' ports are:
@@ -232,6 +244,8 @@
 #    'glance_registry_port' (Defaults to 9191)
 #    'gnocchi_api_port' (Defaults to 8041)
 #    'gnocchi_api_ssl_port' (Defaults to 13041)
+#    'mistral_api_port' (Defaults to 8989)
+#    'mistral_api_ssl_port' (Defaults to 13989)
 #    'heat_api_port' (Defaults to 8004)
 #    'heat_api_ssl_port' (Defaults to 13004)
 #    'heat_cfn_port' (Defaults to 8000)
@@ -240,6 +254,8 @@
 #    'heat_cw_ssl_port' (Defaults to 13003)
 #    'ironic_api_port' (Defaults to 6385)
 #    'ironic_api_ssl_port' (Defaults to 13385)
+#    'ironic_inspector_port' (Defaults to 5050)
+#    'ironic_inspector_ssl_port' (Defaults to 13050)
 #    'keystone_admin_api_port' (Defaults to 35357)
 #    'keystone_admin_api_ssl_port' (Defaults to 13357)
 #    'keystone_public_api_port' (Defaults to 5000)
@@ -259,6 +275,8 @@
 #    'swift_proxy_ssl_port' (Defaults to 13808)
 #    'trove_api_port' (Defaults to 8779)
 #    'trove_api_ssl_port' (Defaults to 13779)
+#    'zaqar_api_port' (Defaults to 8888)
+#    'zaqar_api_ssl_port' (Defaults to 13888)
 #  Defaults to {}
 #
 class tripleo::haproxy (
@@ -296,18 +314,21 @@ class tripleo::haproxy (
   $ceilometer                = false,
   $aodh                      = false,
   $gnocchi                   = false,
+  $mistral                   = false,
   $swift_proxy_server        = false,
   $heat_api                  = false,
   $heat_cloudwatch           = false,
   $heat_cfn                  = false,
   $horizon                   = false,
   $ironic                    = false,
+  $ironic_inspector          = false,
   $mysql                     = false,
   $mysql_clustercheck        = false,
   $rabbitmq                  = false,
   $redis                     = false,
   $redis_password            = undef,
   $midonet_api               = false,
+  $zaqar_api                 = false,
   $service_ports             = {}
 ) {
   $default_service_ports = {
@@ -322,6 +343,8 @@ class tripleo::haproxy (
     glance_registry_port => 9191,
     gnocchi_api_port => 8041,
     gnocchi_api_ssl_port => 13041,
+    mistral_api_port => 8989,
+    mistral_api_ssl_port => 13989,
     heat_api_port => 8004,
     heat_api_ssl_port => 13004,
     heat_cfn_port => 8000,
@@ -330,6 +353,8 @@ class tripleo::haproxy (
     heat_cw_ssl_port => 13003,
     ironic_api_port => 6385,
     ironic_api_ssl_port => 13385,
+    ironic_inspector_port => 5050,
+    ironic_inspector_ssl_port => 13050,
     keystone_admin_api_port => 35357,
     keystone_admin_api_ssl_port => 13357,
     keystone_public_api_port => 5000,
@@ -349,6 +374,8 @@ class tripleo::haproxy (
     swift_proxy_ssl_port => 13808,
     trove_api_port => 8779,
     trove_api_ssl_port => 13779,
+    zaqar_api_port => 8888,
+    zaqar_api_ssl_port => 13888,
   }
   $ports = merge($default_service_ports, $service_ports)
 
@@ -490,6 +517,21 @@ class tripleo::haproxy (
   }
 
   if $keystone_public {
+    $keystone_listen_opts = {
+      'http-request' => [
+        'set-header X-Forwarded-Proto https if { ssl_fc }',
+        'set-header X-Forwarded-Proto http if !{ ssl_fc }'],
+    }
+    if $service_certificate {
+      $keystone_public_tls_listen_opts = {
+        'rsprep'       => '^Location:\ http://(.*) Location:\ https://\1',
+        # NOTE(jaosorior): We always redirect to https for the public_virtual_ip.
+        'redirect'     => "scheme https code 301 if { hdr(host) -i ${public_virtual_ip} } !{ ssl_fc }",
+        'option'       => 'forwardfor',
+      }
+    } else {
+      $keystone_public_tls_listen_opts = {}
+    }
     ::tripleo::haproxy::endpoint { 'keystone_public':
       public_virtual_ip => $public_virtual_ip,
       internal_ip       => hiera('keystone_public_api_vip', $controller_virtual_ip),
@@ -497,11 +539,7 @@ class tripleo::haproxy (
       ip_addresses      => hiera('keystone_public_api_node_ips', $controller_hosts_real),
       server_names      => $controller_hosts_names_real,
       mode              => 'http',
-      listen_options    => {
-          'http-request' => [
-            'set-header X-Forwarded-Proto https if { ssl_fc }',
-            'set-header X-Forwarded-Proto http if !{ ssl_fc }'],
-      },
+      listen_options    => merge($keystone_listen_opts, $keystone_public_tls_listen_opts),
       public_ssl_port   => $ports[keystone_public_api_ssl_port],
     }
   }
@@ -575,6 +613,12 @@ class tripleo::haproxy (
       ip_addresses      => hiera('glance_api_node_ips', $controller_hosts_real),
       server_names      => $controller_hosts_names_real,
       public_ssl_port   => $ports[glance_api_ssl_port],
+      mode              => 'http',
+      listen_options    => {
+          'http-request' => [
+            'set-header X-Forwarded-Proto https if { ssl_fc }',
+            'set-header X-Forwarded-Proto http if !{ ssl_fc }'],
+      },
     }
   }
 
@@ -662,6 +706,17 @@ class tripleo::haproxy (
     }
   }
 
+  if $mistral {
+    ::tripleo::haproxy::endpoint { 'mistral':
+      public_virtual_ip => $public_virtual_ip,
+      internal_ip       => hiera('mistral_api_vip', $controller_virtual_ip),
+      service_port      => $ports[mistral_api_port],
+      ip_addresses      => hiera('mistral_api_node_ips', $controller_hosts_real),
+      server_names      => $controller_hosts_names_real,
+      public_ssl_port   => $ports[mistral_api_ssl_port],
+    }
+  }
+
   if $swift_proxy_server {
     ::tripleo::haproxy::endpoint { 'swift_proxy_server':
       public_virtual_ip => $public_virtual_ip,
@@ -754,6 +809,17 @@ class tripleo::haproxy (
     }
   }
 
+  if $ironic_inspector {
+    ::tripleo::haproxy::endpoint { 'ironic-inspector':
+      public_virtual_ip => $public_virtual_ip,
+      internal_ip       => hiera('ironic_inspector_vip', $controller_virtual_ip),
+      service_port      => $ports[ironic_inspector_port],
+      ip_addresses      => hiera('ironic_inspector_node_ips', $controller_hosts_real),
+      server_names      => $controller_hosts_names_real,
+      public_ssl_port   => $ports[ironic_inspector_ssl_port],
+    }
+  }
+
   if $mysql_clustercheck {
     $mysql_listen_options = {
       'option'         => [ 'tcpka', 'httpchk' ],
@@ -847,4 +913,15 @@ class tripleo::haproxy (
       options           => $haproxy_member_options,
     }
   }
+  if $zaqar_api {
+    ::tripleo::haproxy::endpoint { 'zaqar_api':
+      public_virtual_ip => $public_virtual_ip,
+      internal_ip       => hiera('zaqar_api_vip', $controller_virtual_ip),
+      service_port      => $ports[zaqar_api_port],
+      ip_addresses      => hiera('zaqar_api_node_ips', $controller_hosts_real),
+      server_names      => $controller_hosts_names_real,
+      mode              => 'http',
+      public_ssl_port   => $ports[zaqar_api_ssl_port],
+    }
+  }
 }