From 55b24a306d8ab6f71fa2b82f49d928dc72f8a3b0 Mon Sep 17 00:00:00 2001
From: Ben Nemec <bnemec@redhat.com>
Date: Fri, 15 Jan 2016 18:45:11 +0000
Subject: Handle redirects for Horizon

As for Heat, we need to be able to handle 30X redirects from Horizon
when configured to use SSL.  Because Horizon's redirects are
handled directly by Apache, we can't use middleware to handle the
X-Forwarded-Proto header like we are planning to do for the other
services.  However, in this case we don't need to worry about
rewriting urls in the payload like we do for the other services
because Horizon is just serving standard web pages, not custom
HTTP bodies with JSON contents.

One other change from the previous Heat patch is to drop the IP
from the rewrite regex.  This is because Horizon will generally be
accessed via a DNS name, so the IP won't appear in the Location
header.  The heat regex should probably be changed as well since
we now support registering endpoints with DNS names, but since we
plan to move all the other services to the X-Forwarded-Proto header
middleware anyway we can probably just wait until that happens and
then remove the Heat rule entirely.

Change-Id: I039a3036be17eeabe3cff68e0ef24f70907cc568
---
 manifests/loadbalancer.pp | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

(limited to 'manifests')

diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp
index a37ecff..f883264 100644
--- a/manifests/loadbalancer.pp
+++ b/manifests/loadbalancer.pp
@@ -758,11 +758,18 @@ class tripleo::loadbalancer (
       "${horizon_vip}:80" => $haproxy_listen_bind_param,
       "${public_virtual_ip}:443" => union($haproxy_listen_bind_param, ['ssl', 'crt', $horizon_bind_certificate]),
     }
+    $horizon_options = {
+      'cookie' => 'SERVERID insert indirect nocache',
+      'rsprep' => '^Location:\ http://(.*) Location:\ https://\1',
+    }
   } else {
     $horizon_bind_opts = {
       "${horizon_vip}:80" => $haproxy_listen_bind_param,
       "${public_virtual_ip}:80" => $haproxy_listen_bind_param,
     }
+    $horizon_options = {
+      'cookie' => 'SERVERID insert indirect nocache',
+    }
   }
 
   $ironic_api_vip = hiera('ironic_api_vip', $controller_virtual_ip)
@@ -1131,9 +1138,7 @@ class tripleo::loadbalancer (
   if $horizon {
     haproxy::listen { 'horizon':
       bind             => $horizon_bind_opts,
-      options          => {
-        'cookie' => 'SERVERID insert indirect nocache',
-      },
+      options          => $horizon_options,
       mode             => 'http',
       collect_exported => false,
     }
-- 
cgit 1.2.3-korg