1 files changed, 47 insertions, 6 deletions

diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp
index e1f5d50..2cac604 100644
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@@ -155,7 +155,7 @@
 #
 # [*nova_novncproxy*]
 #  (optional) Enable or not Nova novncproxy binding
-#  Defaults to hiera('nova_vncproxy_enabled', false)
+#  Defaults to hiera('nova_vnc_proxy_enabled', false)
 #
 # [*ceilometer*]
 #  (optional) Enable or not Ceilometer API binding
@@ -238,6 +238,10 @@
 #  (optional) Enable or not OpenDaylight binding
 #  Defaults to hiera('opendaylight_api_enabled', false)
 #
+# [*zaqar_ws*]
+#  (optional) Enable or not Zaqar Websockets binding
+#  Defaults to false
+#
 # [*service_ports*]
 #  (optional) Hash that contains the values to override from the service ports
 #  The available keys to modify the services' ports are:
@@ -287,6 +291,10 @@
 #    'zaqar_api_ssl_port' (Defaults to 13888)
 #    'ceph_rgw_port' (Defaults to 8080)
 #    'ceph_rgw_ssl_port' (Defaults to 13808)
+#    'zaqar_ws_port' (Defaults to 9000)
+#    'zaqar_ws_ssl_port' (Defaults to 9000)
+#  * Note that for zaqar's websockets we don't support having a different
+#  port for SSL, because it ignores the handshake.
 #  Defaults to {}
 #
 class tripleo::haproxy (
@@ -320,7 +328,7 @@ class tripleo::haproxy (
   $glance_registry           = hiera('glance_registry_enabled', false),
   $nova_osapi                = hiera('nova_api_enabled', false),
   $nova_metadata             = hiera('nova_api_enabled', false),
-  $nova_novncproxy           = hiera('nova_vncproxy_enabled', false),
+  $nova_novncproxy           = hiera('nova_vnc_proxy_enabled', false),
   $ceilometer                = hiera('ceilometer_api_enabled', false),
   $aodh                      = hiera('aodh_api_enabled', false),
   $gnocchi                   = hiera('gnocchi_api_enabled', false),
@@ -341,6 +349,7 @@ class tripleo::haproxy (
   $zaqar_api                 = hiera('zaqar_api_enabled', false),
   $ceph_rgw                  = hiera('ceph_rgw_enabled', false),
   $opendaylight              = hiera('opendaylight_api_enabled', false),
+  $zaqar_ws                  = hiera('zaqar_api_enabled', false),
   $service_ports             = {}
 ) {
   $default_service_ports = {
@@ -390,6 +399,8 @@ class tripleo::haproxy (
     zaqar_api_ssl_port => 13888,
     ceph_rgw_port => 8080,
     ceph_rgw_ssl_port => 13808,
+    zaqar_ws_port => 9000,
+    zaqar_ws_ssl_port => 9000,
   }
   $ports = merge($default_service_ports, $service_ports)
 
@@ -428,11 +439,14 @@ class tripleo::haproxy (
       "${public_virtual_ip}:443" => union($haproxy_listen_bind_param, ['ssl', 'crt', $service_certificate]),
     }
     $horizon_options = {
-      'cookie'   => 'SERVERID insert indirect nocache',
-      'rsprep'   => '^Location:\ http://(.*) Location:\ https://\1',
+      'cookie'       => 'SERVERID insert indirect nocache',
+      'rsprep'       => '^Location:\ http://(.*) Location:\ https://\1',
       # NOTE(jaosorior): We always redirect to https for the public_virtual_ip.
-      'redirect' => "scheme https code 301 if { hdr(host) -i ${public_virtual_ip} } !{ ssl_fc }",
-      'option'   => 'forwardfor',
+      'redirect'     => "scheme https code 301 if { hdr(host) -i ${public_virtual_ip} } !{ ssl_fc }",
+      'option'       => 'forwardfor',
+      'http-request' => [
+          'set-header X-Forwarded-Proto https if { ssl_fc }',
+          'set-header X-Forwarded-Proto http if !{ ssl_fc }'],
     }
   } else {
     $horizon_bind_opts = {
@@ -593,6 +607,11 @@ class tripleo::haproxy (
       service_port      => $ports[manila_api_port],
       ip_addresses      => hiera('manila_api_node_ips', $controller_hosts_real),
       server_names      => $controller_hosts_names_real,
+      listen_options    => {
+          'http-request' => [
+            'set-header X-Forwarded-Proto https if { ssl_fc }',
+            'set-header X-Forwarded-Proto http if !{ ssl_fc }'],
+      },
       public_ssl_port   => $ports[manila_api_ssl_port],
     }
   }
@@ -977,4 +996,26 @@ class tripleo::haproxy (
       options           => ['check', 'inter 2000', 'rise 2', 'fall 5'],
     }
   }
+
+  if $zaqar_ws {
+    ::tripleo::haproxy::endpoint { 'zaqar_ws':
+      public_virtual_ip         => $public_virtual_ip,
+      internal_ip               => hiera('zaqar_ws_vip', $controller_virtual_ip),
+      service_port              => $ports[zaqar_ws_port],
+      ip_addresses              => hiera('zaqar_ws_node_ips', $controller_hosts_real),
+      server_names              => $controller_hosts_names_real,
+      mode                      => 'http',
+      haproxy_listen_bind_param => [],  # We don't use a transparent proxy here
+      listen_options            => {
+        # NOTE(jaosorior): Websockets have more overhead in establishing
+        # connections than regular HTTP connections. Also, since it begins
+        # as an HTTP connection and then "upgrades" to a TCP connection, some
+        # timeouts get overriden by others at certain times of the connection.
+        # The following values were taken from the following site:
+        # http://blog.haproxy.com/2012/11/07/websockets-load-balancing-with-haproxy/
+        'timeout' => ['connect 5s', 'client 25s', 'server 25s', 'tunnel 3600s'],
+      },
+      public_ssl_port           => $ports[zaqar_ws_ssl_port],
+    }
+  }
 }