Age | Commit message (Collapse) | Author | Files | Lines |
|
The service profile in HAProxy has the capability of creating
certificates based on a map. The idea is to standardize this, as
some of those certificates should match certain networks the services
are listening on (with the exception of the external network which is
handled differently and the tenant network which doesn't need a
certificate). So, based on which network a certain service is
listening on, we fetch the appropriate certificate.
bp tls-via-certmonger
Change-Id: I89001ae32f46c9682aecc118753ef6cd647baa62
|
|
Right now we're hardcoding the server names for the services to be
the controllers. This is problematic if we start using custom roles
for services, which listen on nodes that are not controllers.
We already have the server names for each service, so using this
mapping instead fixes the issue.
Change-Id: Ic4b65edb3dc1b75abbc3421a87cab97425b058c4
Closes-Bug: #1629098
|
|
|
|
|
|
Note that there was a need to modify different timeouts due
to the nature of how websockets work. The source where the
reasoning and value came from is listed as a comment in the
code.
Related-Bug: #1625448
Co-Authored-By: Brad P. Crochet <brad@redhat.com>
Change-Id: I9de77d5f692c1c9d04e3c59c5de5312e63f81aed
|
|
The name was wrong, and so fixing it will actually enable VNC Proxy
when the service is enabled.
Change-Id: I65e90479fd33844b4dcd70c19cec3cd838aeff69
Closes-Bug: #1623796
|
|
This is necessary so the middleware in manila can set the protocol
correctly in case we're terminating SSL in HAProxy.
Depends-On: Ice78b0abceb6a956bb8c1dc6212ee1b56b62b43f
Change-Id: Iedaabaf1379466c22e3b9bb2307e940459d26de7
|
|
Shares the same (ssl)port with Swift Proxy
Change-Id: I2e1de1a3fa6ad62895a1e972e43858f23c08bbea
|
|
Change-Id: I5c620ba717f782b39c599aff24b4ac56fb695a04
|
|
profiles"
|
|
When enabling federated authentication with keystone, and then enabling websso
in horizon, the URL horizon constructs for the redirect is done internally, and
django needs to be able to know if it has to construct the url with http or
https. By setting this header at the haproxy level, horizon can make the correct
decision.
Change-Id: I0281fe1e5efa0d3f5983342dec70752246d9fca8
|
|
Partially-Implements: blueprint opendaylight-integration
Note this patch only adds support for a single ODL instance.
- neutron/opendaylight.pp handles installing ODL to control nodes
- ml2/opendaylight.pp handles configuring ML2 to work with ODL
- ovs/opendaylight.pp handles configuring OVS to connect to ODL
Change-Id: I666dc0874f1d11a72a62d796f4f6d41f7aa87a3f
Signed-off-by: Tim Rozet <trozet@redhat.com>
|
|
Some lint checks are returning:
WARNING: line has more than 140 characters in puppet-tripleo profiles
This patch will remove those warnings by adding \'s
Change-Id: I19b56c93db82948fb0498a4c9851b522c81946f8
|
|
If keystone sends a redirect and we have TLS enabled, we need to
modify the response in order to indicate https.
Change-Id: Icd61f527473bfe5153e058e94f9ed141cf13812d
|
|
|
|
Glance supports the http_proxy_to_wsgi middlware, and it was recently
enabled in the overcloud [1]. However, for it to work properly, we
need to add the X-Forwarded-Proto header which was missing from the
HAProxy configuration.
[1] I4a8f7fc079ca93c50aa0ef7b0548dc64f6c5cfa0
Change-Id: I82e2db1145b0476cec27676fdfbb97e86cbd8182
|
|
This will enable us to terminate SSL connections for Zaqar's API.
Change-Id: If75e2947a2dca95b3e53e1b1ffd93f36fc7fb1cc
|
|
Add Mistral profiles for non-ha and ha scenarios
Change-Id: I1a072326091fd3b0c21d2f78041e3532b67c60eb
Implements: blueprint refactor-puppet-manifests
Depends-On: I6ce61054384c15876c498ba8cf582f88d9f7f54c
|
|
This is needed for the undercloud, as it's in HAProxy where we make
the SSL terminations.
Change-Id: Ie4d652b4e5a95849c2fa32a5ce5ecec09ccb6bd9
Related-Bug: #1595047
|
|
The split has been done on both undercloud & overcloud, they now use
tripleo::haproxy and tripleo::keepalived. We can move forward with
removing tripleo::loadbalancer and tripleo::loadbalancer::endpoint, not
used anymore.
Simplify tripleo::profile::base::loadbalancer to just include
tripleo::haproxy and rely on Hiera for parameters.
Change-Id: Ieeb1e94117ae9cb8b11320306de3a9b236bd989a
|
|
controller_host was deprecated and is not used anymore anywhere.
Let's drop it.
Also make controller_hosts really required, by not setting a default
paramter, so Puppet catalog will fail if no value is given.
Change-Id: Iad760115f925e848e4b72009db5177f88ceb4ad8
|
|
Split loadbalancer role into 2 sub-roles:
- HAproxy
- Keepalived
Change-Id: I84dfa9d409d390c6f549d62cb3634931e4cb432c
|