aboutsummaryrefslogtreecommitdiffstats
path: root/manifests/haproxy.pp
diff options
context:
space:
mode:
Diffstat (limited to 'manifests/haproxy.pp')
-rw-r--r--manifests/haproxy.pp73
1 files changed, 38 insertions, 35 deletions
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp
index 6a81731..eab7cc9 100644
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@@ -439,11 +439,14 @@ class tripleo::haproxy (
"${public_virtual_ip}:443" => union($haproxy_listen_bind_param, ['ssl', 'crt', $service_certificate]),
}
$horizon_options = {
- 'cookie' => 'SERVERID insert indirect nocache',
- 'rsprep' => '^Location:\ http://(.*) Location:\ https://\1',
+ 'cookie' => 'SERVERID insert indirect nocache',
+ 'rsprep' => '^Location:\ http://(.*) Location:\ https://\1',
# NOTE(jaosorior): We always redirect to https for the public_virtual_ip.
- 'redirect' => "scheme https code 301 if { hdr(host) -i ${public_virtual_ip} } !{ ssl_fc }",
- 'option' => 'forwardfor',
+ 'redirect' => "scheme https code 301 if { hdr(host) -i ${public_virtual_ip} } !{ ssl_fc }",
+ 'option' => 'forwardfor',
+ 'http-request' => [
+ 'set-header X-Forwarded-Proto https if { ssl_fc }',
+ 'set-header X-Forwarded-Proto http if !{ ssl_fc }'],
}
} else {
$horizon_bind_opts = {
@@ -530,7 +533,7 @@ class tripleo::haproxy (
internal_ip => hiera('keystone_admin_api_vip', $controller_virtual_ip),
service_port => $ports[keystone_admin_api_port],
ip_addresses => hiera('keystone_admin_api_node_ips', $controller_hosts_real),
- server_names => $controller_hosts_names_real,
+ server_names => hiera('keystone_admin_api_node_names', $controller_hosts_names_real),
mode => 'http',
listen_options => {
'http-request' => [
@@ -562,7 +565,7 @@ class tripleo::haproxy (
internal_ip => hiera('keystone_public_api_vip', $controller_virtual_ip),
service_port => $ports[keystone_public_api_port],
ip_addresses => hiera('keystone_public_api_node_ips', $controller_hosts_real),
- server_names => $controller_hosts_names_real,
+ server_names => hiera('keystone_public_api_node_names', $controller_hosts_names_real),
mode => 'http',
listen_options => merge($keystone_listen_opts, $keystone_public_tls_listen_opts),
public_ssl_port => $ports[keystone_public_api_ssl_port],
@@ -575,7 +578,7 @@ class tripleo::haproxy (
internal_ip => hiera('neutron_api_vip', $controller_virtual_ip),
service_port => $ports[neutron_api_port],
ip_addresses => hiera('neutron_api_node_ips', $controller_hosts_real),
- server_names => $controller_hosts_names_real,
+ server_names => hiera('neutron_api_node_names', $controller_hosts_names_real),
public_ssl_port => $ports[neutron_api_ssl_port],
}
}
@@ -586,7 +589,7 @@ class tripleo::haproxy (
internal_ip => hiera('cinder_api_vip', $controller_virtual_ip),
service_port => $ports[cinder_api_port],
ip_addresses => hiera('cinder_api_node_ips', $controller_hosts_real),
- server_names => $controller_hosts_names_real,
+ server_names => hiera('cinder_api_node_names', $controller_hosts_names_real),
mode => 'http',
listen_options => {
'http-request' => [
@@ -603,7 +606,7 @@ class tripleo::haproxy (
internal_ip => hiera('manila_api_vip', $controller_virtual_ip),
service_port => $ports[manila_api_port],
ip_addresses => hiera('manila_api_node_ips', $controller_hosts_real),
- server_names => $controller_hosts_names_real,
+ server_names => hiera('manila_api_node_names', $controller_hosts_names_real),
listen_options => {
'http-request' => [
'set-header X-Forwarded-Proto https if { ssl_fc }',
@@ -619,7 +622,7 @@ class tripleo::haproxy (
internal_ip => hiera('sahara_api_vip', $controller_virtual_ip),
service_port => $ports[sahara_api_port],
ip_addresses => hiera('sahara_api_node_ips', $controller_hosts_real),
- server_names => $controller_hosts_names_real,
+ server_names => hiera('sahara_api_node_names', $controller_hosts_names_real),
public_ssl_port => $ports[sahara_api_ssl_port],
}
}
@@ -630,7 +633,7 @@ class tripleo::haproxy (
internal_ip => hiera('trove_api_vip', $controller_virtual_ip),
service_port => $ports[trove_api_port],
ip_addresses => hiera('trove_api_node_ips', $controller_hosts_real),
- server_names => $controller_hosts_names_real,
+ server_names => hiera('trove_api_node_names', $controller_hosts_names_real),
public_ssl_port => $ports[trove_api_ssl_port],
}
}
@@ -641,7 +644,7 @@ class tripleo::haproxy (
internal_ip => hiera('glance_api_vip', $controller_virtual_ip),
service_port => $ports[glance_api_port],
ip_addresses => hiera('glance_api_node_ips', $controller_hosts_real),
- server_names => $controller_hosts_names_real,
+ server_names => hiera('glance_api_node_names', $controller_hosts_names_real),
public_ssl_port => $ports[glance_api_ssl_port],
mode => 'http',
listen_options => {
@@ -657,7 +660,7 @@ class tripleo::haproxy (
internal_ip => hiera('glance_registry_vip', $controller_virtual_ip),
service_port => $ports[glance_registry_port],
ip_addresses => hiera('glance_registry_node_ips', $controller_hosts_real),
- server_names => $controller_hosts_names_real,
+ server_names => hiera('glance_registry_node_names', $controller_hosts_names_real),
}
}
@@ -668,7 +671,7 @@ class tripleo::haproxy (
internal_ip => $nova_api_vip,
service_port => $ports[nova_api_port],
ip_addresses => hiera('nova_api_node_ips', $controller_hosts_real),
- server_names => $controller_hosts_names_real,
+ server_names => hiera('nova_api_node_names', $controller_hosts_names_real),
mode => 'http',
listen_options => {
'http-request' => [
@@ -684,7 +687,7 @@ class tripleo::haproxy (
internal_ip => hiera('nova_metadata_vip', $controller_virtual_ip),
service_port => $ports[nova_metadata_port],
ip_addresses => hiera('nova_metadata_node_ips', $controller_hosts_real),
- server_names => $controller_hosts_names_real,
+ server_names => hiera('nova_metadata_node_names', $controller_hosts_names_real),
}
}
@@ -694,7 +697,7 @@ class tripleo::haproxy (
internal_ip => $nova_api_vip,
service_port => $ports[nova_novnc_port],
ip_addresses => hiera('nova_api_node_ips', $controller_hosts_real),
- server_names => $controller_hosts_names_real,
+ server_names => hiera('nova_api_node_names', $controller_hosts_names_real),
listen_options => {
'balance' => 'source',
'timeout' => [ 'tunnel 1h' ],
@@ -709,7 +712,7 @@ class tripleo::haproxy (
internal_ip => hiera('ceilometer_api_vip', $controller_virtual_ip),
service_port => $ports[ceilometer_api_port],
ip_addresses => hiera('ceilometer_api_node_ips', $controller_hosts_real),
- server_names => $controller_hosts_names_real,
+ server_names => hiera('ceilometer_api_node_names', $controller_hosts_names_real),
public_ssl_port => $ports[ceilometer_api_ssl_port],
}
}
@@ -720,7 +723,7 @@ class tripleo::haproxy (
internal_ip => hiera('aodh_api_vip', $controller_virtual_ip),
service_port => $ports[aodh_api_port],
ip_addresses => hiera('aodh_api_node_ips', $controller_hosts_real),
- server_names => $controller_hosts_names_real,
+ server_names => hiera('aodh_api_node_names', $controller_hosts_names_real),
public_ssl_port => $ports[aodh_api_ssl_port],
}
}
@@ -731,7 +734,7 @@ class tripleo::haproxy (
internal_ip => hiera('gnocchi_api_vip', $controller_virtual_ip),
service_port => $ports[gnocchi_api_port],
ip_addresses => hiera('gnocchi_api_node_ips', $controller_hosts_real),
- server_names => $controller_hosts_names_real,
+ server_names => hiera('gnocchi_api_node_names', $controller_hosts_names_real),
public_ssl_port => $ports[gnocchi_api_ssl_port],
}
}
@@ -742,7 +745,7 @@ class tripleo::haproxy (
internal_ip => hiera('mistral_api_vip', $controller_virtual_ip),
service_port => $ports[mistral_api_port],
ip_addresses => hiera('mistral_api_node_ips', $controller_hosts_real),
- server_names => $controller_hosts_names_real,
+ server_names => hiera('mistral_api_node_names', $controller_hosts_names_real),
public_ssl_port => $ports[mistral_api_ssl_port],
}
}
@@ -753,7 +756,7 @@ class tripleo::haproxy (
internal_ip => hiera('swift_proxy_vip', $controller_virtual_ip),
service_port => $ports[swift_proxy_port],
ip_addresses => hiera('swift_proxy_node_ips', $controller_hosts_real),
- server_names => $controller_hosts_names_real,
+ server_names => hiera('swift_proxy_node_names', $controller_hosts_names_real),
public_ssl_port => $ports[swift_proxy_ssl_port],
}
}
@@ -779,7 +782,7 @@ class tripleo::haproxy (
internal_ip => $heat_api_vip,
service_port => $ports[heat_api_port],
ip_addresses => $heat_ip_addresses,
- server_names => $controller_hosts_names_real,
+ server_names => hiera('heat_api_node_names', $controller_hosts_names_real),
mode => 'http',
listen_options => $heat_options,
public_ssl_port => $ports[heat_api_ssl_port],
@@ -792,7 +795,7 @@ class tripleo::haproxy (
internal_ip => $heat_api_vip,
service_port => $ports[heat_cw_port],
ip_addresses => $heat_ip_addresses,
- server_names => $controller_hosts_names_real,
+ server_names => hiera('heat_api_node_names', $controller_hosts_names_real),
mode => 'http',
listen_options => $heat_options,
public_ssl_port => $ports[heat_cw_ssl_port],
@@ -805,7 +808,7 @@ class tripleo::haproxy (
internal_ip => $heat_api_vip,
service_port => $ports[heat_cfn_port],
ip_addresses => $heat_ip_addresses,
- server_names => $controller_hosts_names_real,
+ server_names => hiera('heat_api_node_names', $controller_hosts_names_real),
mode => 'http',
listen_options => $heat_options,
public_ssl_port => $ports[heat_cfn_ssl_port],
@@ -823,7 +826,7 @@ class tripleo::haproxy (
listening_service => 'horizon',
ports => '80',
ipaddresses => hiera('horizon_node_ips', $controller_hosts_real),
- server_names => $controller_hosts_names_real,
+ server_names => hiera('horizon_node_names', $controller_hosts_names_real),
options => union($haproxy_member_options, ["cookie ${::hostname}"]),
}
}
@@ -834,7 +837,7 @@ class tripleo::haproxy (
internal_ip => hiera('ironic_api_vip', $controller_virtual_ip),
service_port => $ports[ironic_api_port],
ip_addresses => hiera('ironic_api_node_ips', $controller_hosts_real),
- server_names => $controller_hosts_names_real,
+ server_names => hiera('ironic_api_node_names', $controller_hosts_names_real),
public_ssl_port => $ports[ironic_api_ssl_port],
}
}
@@ -845,7 +848,7 @@ class tripleo::haproxy (
internal_ip => hiera('ironic_inspector_vip', $controller_virtual_ip),
service_port => $ports[ironic_inspector_port],
ip_addresses => hiera('ironic_inspector_node_ips', $controller_hosts_real),
- server_names => $controller_hosts_names_real,
+ server_names => hiera('ironic_inspector_node_names', $controller_hosts_names_real),
public_ssl_port => $ports[ironic_inspector_ssl_port],
}
}
@@ -877,7 +880,7 @@ class tripleo::haproxy (
listening_service => 'mysql',
ports => '3306',
ipaddresses => hiera('mysql_node_ips', $controller_hosts_real),
- server_names => $controller_hosts_names_real,
+ server_names => hiera('mysql_node_names', $controller_hosts_names_real),
options => $mysql_member_options,
}
}
@@ -895,7 +898,7 @@ class tripleo::haproxy (
listening_service => 'rabbitmq',
ports => '5672',
ipaddresses => hiera('rabbitmq_network', $controller_hosts_real),
- server_names => $controller_hosts_names_real,
+ server_names => hiera('rabbitmq_node_names', $controller_hosts_names_real),
options => $haproxy_member_options,
}
}
@@ -924,7 +927,7 @@ class tripleo::haproxy (
listening_service => 'redis',
ports => '6379',
ipaddresses => hiera('redis_node_ips', $controller_hosts_real),
- server_names => $controller_hosts_names_real,
+ server_names => hiera('redis_node_names', $controller_hosts_names_real),
options => $haproxy_member_options,
}
}
@@ -944,7 +947,7 @@ class tripleo::haproxy (
listening_service => 'midonet_api',
ports => '8081',
ipaddresses => hiera('midonet_api_node_ips', $controller_hosts_real),
- server_names => $controller_hosts_names_real,
+ server_names => hiera('midonet_api_node_names', $controller_hosts_names_real),
options => $haproxy_member_options,
}
}
@@ -954,7 +957,7 @@ class tripleo::haproxy (
internal_ip => hiera('zaqar_api_vip', $controller_virtual_ip),
service_port => $ports[zaqar_api_port],
ip_addresses => hiera('zaqar_api_node_ips', $controller_hosts_real),
- server_names => $controller_hosts_names_real,
+ server_names => hiera('zaqar_api_node_names', $controller_hosts_names_real),
mode => 'http',
public_ssl_port => $ports[zaqar_api_ssl_port],
}
@@ -966,7 +969,7 @@ class tripleo::haproxy (
internal_ip => hiera('ceph_rgw_vip', $controller_virtual_ip),
service_port => $ports[ceph_rgw_port],
ip_addresses => hiera('ceph_rgw_node_ips', $controller_hosts_real),
- server_names => $controller_hosts_names_real,
+ server_names => hiera('ceph_rgw_node_names', $controller_hosts_names_real),
public_ssl_port => $ports[ceph_rgw_ssl_port],
}
}
@@ -989,7 +992,7 @@ class tripleo::haproxy (
listening_service => 'opendaylight',
ports => '8081',
ipaddresses => hiera('opendaylight_api_node_ips', $controller_hosts_real),
- server_names => $controller_hosts_names_real,
+ server_names => hiera('opendaylight_api_node_names', $controller_hosts_names_real),
options => ['check', 'inter 2000', 'rise 2', 'fall 5'],
}
}
@@ -1000,7 +1003,7 @@ class tripleo::haproxy (
internal_ip => hiera('zaqar_ws_vip', $controller_virtual_ip),
service_port => $ports[zaqar_ws_port],
ip_addresses => hiera('zaqar_ws_node_ips', $controller_hosts_real),
- server_names => $controller_hosts_names_real,
+ server_names => hiera('zaqar_ws_node_names', $controller_hosts_names_real),
mode => 'http',
haproxy_listen_bind_param => [], # We don't use a transparent proxy here
listen_options => {