From e8714e037268807d2fcdb735b8df7c958c8570ab Mon Sep 17 00:00:00 2001 From: Ben Nemec Date: Mon, 29 Jun 2015 22:27:00 +0000 Subject: Fix Heat 302 redirects When doing a heat stack-show, Heat initially returns a 302 redirect. With the existing loadbalancer config for SSL, this results in a redirect to an http:// address pointing at the SSL port, which naturally doesn't work. The fix for this is to use the rsprep haproxy option to rewrite the Location header in responses from the Heat api server. This allows us to properly handle redirect traffic as https. Also note that http header rewriting requires "mode http", so that is added here as well. Change-Id: I7e5c5b1877e9aa46c4b88dfba45c1fddf61727fc --- manifests/loadbalancer.pp | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp index f7a4ff8..f9877a6 100644 --- a/manifests/loadbalancer.pp +++ b/manifests/loadbalancer.pp @@ -538,6 +538,10 @@ class tripleo::loadbalancer ( "${heat_api_vip}:8004" => [], "${public_virtual_ip}:13004" => ['ssl', 'crt', $heat_bind_certificate], } + $heat_options = { + 'option' => [ 'httpchk GET /' ], + 'rsprep' => "^Location:\\ http://${public_virtual_ip}(.*) Location:\\ https://${public_virtual_ip}\\1", + } $heat_cw_bind_opts = { "${heat_api_vip}:8003" => [], "${public_virtual_ip}:13003" => ['ssl', 'crt', $heat_bind_certificate], @@ -551,6 +555,9 @@ class tripleo::loadbalancer ( "${heat_api_vip}:8004" => [], "${public_virtual_ip}:8004" => [], } + $heat_options = { + 'option' => [ 'httpchk GET /' ], + } $heat_cw_bind_opts = { "${heat_api_vip}:8003" => [], "${public_virtual_ip}:8003" => [], @@ -824,10 +831,9 @@ class tripleo::loadbalancer ( if $heat_api { haproxy::listen { 'heat_api': bind => $heat_bind_opts, - options => { - 'option' => [ 'httpchk GET /' ], - }, + options => $heat_options, collect_exported => false, + mode => 'http', } haproxy::balancermember { 'heat_api': listening_service => 'heat_api', -- cgit 1.2.3-korg