From c529fce3ef2f246909cb821bc2319cc5413960d3 Mon Sep 17 00:00:00 2001 From: Giulio Fidente Date: Thu, 2 Jul 2015 11:31:18 +0200 Subject: Remove httpchk option from haproxy listeners To make sure we don't use the ssl-hello-chk option set by the puppet-haproxy module we used to redefine the listener options for all listeners. With this change a default for the options hash is provided to the puppet class instead. This change also configures use of tcpka only where wanted, as documented by [1], removing it from the haproxy defaults section, given it wasn't used anyway by the other listeners which were indeed overriding options. 1. https://github.com/beekhof/osp-ha-deploy/blob/master/pcmk/lb.scenario Change-Id: Ic8deb77533f561cea7ce7db1d20f6be5e2dc0d33 --- manifests/loadbalancer.pp | 64 +++++++---------------------------------------- 1 file changed, 9 insertions(+), 55 deletions(-) (limited to 'manifests') diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp index 6797d9e..1a3c5f6 100644 --- a/manifests/loadbalancer.pp +++ b/manifests/loadbalancer.pp @@ -573,7 +573,6 @@ class tripleo::loadbalancer ( "${public_virtual_ip}:13004" => ['ssl', 'crt', $heat_bind_certificate], } $heat_options = { - 'option' => [ 'httpchk GET /' ], 'rsprep' => "^Location:\\ http://${public_virtual_ip}(.*) Location:\\ https://${public_virtual_ip}\\1", } $heat_cw_bind_opts = { @@ -589,9 +588,7 @@ class tripleo::loadbalancer ( "${heat_api_vip}:8004" => [], "${public_virtual_ip}:8004" => [], } - $heat_options = { - 'option' => [ 'httpchk GET /' ], - } + $heat_options = {} $heat_cw_bind_opts = { "${heat_api_vip}:8003" => [], "${public_virtual_ip}:8003" => [], @@ -644,12 +641,17 @@ class tripleo::loadbalancer ( 'mode' => 'tcp', 'log' => 'global', 'retries' => '3', - 'option' => [ 'tcpka', 'tcplog' ], 'timeout' => [ 'http-request 10s', 'queue 1m', 'connect 10s', 'client 1m', 'server 1m', 'check 10s' ], 'maxconn' => $haproxy_default_maxconn, }, } + Haproxy::Listen { + options => { + 'option' => [], + } + } + haproxy::listen { 'haproxy.stats': ipaddress => $controller_virtual_ip, ports => '1993', @@ -663,9 +665,6 @@ class tripleo::loadbalancer ( if $keystone_admin { haproxy::listen { 'keystone_admin': bind => $keystone_admin_bind_opts, - options => { - 'option' => [ 'httpchk GET /' ], - }, collect_exported => false, } haproxy::balancermember { 'keystone_admin': @@ -680,9 +679,6 @@ class tripleo::loadbalancer ( if $keystone_public { haproxy::listen { 'keystone_public': bind => $keystone_public_bind_opts, - options => { - 'option' => [ 'httpchk GET /' ], - }, collect_exported => false, } haproxy::balancermember { 'keystone_public': @@ -697,9 +693,6 @@ class tripleo::loadbalancer ( if $neutron { haproxy::listen { 'neutron': bind => $neutron_bind_opts, - options => { - 'option' => [ 'httpchk GET /' ], - }, collect_exported => false, } haproxy::balancermember { 'neutron': @@ -714,9 +707,6 @@ class tripleo::loadbalancer ( if $cinder { haproxy::listen { 'cinder': bind => $cinder_bind_opts, - options => { - 'option' => [ 'httpchk GET /' ], - }, collect_exported => false, } haproxy::balancermember { 'cinder': @@ -731,9 +721,6 @@ class tripleo::loadbalancer ( if manila { haproxy::listen { 'manila': bind => $manila_bind_opts, - options => { - 'option' => [ 'httpchk GET /' ], - }, collect_exported => false, } haproxy::balancermember { 'manila': @@ -748,9 +735,6 @@ class tripleo::loadbalancer ( if $glance_api { haproxy::listen { 'glance_api': bind => $glance_bind_opts, - options => { - 'option' => [ 'httpchk GET /' ], - }, collect_exported => false, } haproxy::balancermember { 'glance_api': @@ -765,9 +749,6 @@ class tripleo::loadbalancer ( if $glance_registry { haproxy::listen { 'glance_registry': ipaddress => hiera('glance_registry_vip', $controller_virtual_ip), - options => { - 'option' => [ ], - }, ports => 9191, collect_exported => false, } @@ -783,9 +764,6 @@ class tripleo::loadbalancer ( if $nova_ec2 { haproxy::listen { 'nova_ec2': bind => $nova_ec2_bind_opts, - options => { - 'option' => [ ], - }, collect_exported => false, } haproxy::balancermember { 'nova_ec2': @@ -800,9 +778,6 @@ class tripleo::loadbalancer ( if $nova_osapi { haproxy::listen { 'nova_osapi': bind => $nova_osapi_bind_opts, - options => { - 'option' => [ 'httpchk GET /' ], - }, collect_exported => false, } haproxy::balancermember { 'nova_osapi': @@ -818,9 +793,6 @@ class tripleo::loadbalancer ( haproxy::listen { 'nova_metadata': ipaddress => hiera('nova_metadata_vip', $controller_virtual_ip), ports => 8775, - options => { - 'option' => [ 'httpchk GET /' ], - }, collect_exported => false, } haproxy::balancermember { 'nova_metadata': @@ -835,9 +807,6 @@ class tripleo::loadbalancer ( if $nova_novncproxy { haproxy::listen { 'nova_novncproxy': bind => $nova_novnc_bind_opts, - options => { - 'option' => [ 'httpchk GET /' ], - }, collect_exported => false, } haproxy::balancermember { 'nova_novncproxy': @@ -852,9 +821,6 @@ class tripleo::loadbalancer ( if $ceilometer { haproxy::listen { 'ceilometer': bind => $ceilometer_bind_opts, - options => { - 'option' => [ ], - }, collect_exported => false, } haproxy::balancermember { 'ceilometer': @@ -869,9 +835,6 @@ class tripleo::loadbalancer ( if $swift_proxy_server { haproxy::listen { 'swift_proxy_server': bind => $swift_bind_opts, - options => { - 'option' => [ 'httpchk GET /info' ], - }, collect_exported => false, } haproxy::balancermember { 'swift_proxy_server': @@ -902,9 +865,6 @@ class tripleo::loadbalancer ( if $heat_cloudwatch { haproxy::listen { 'heat_cloudwatch': bind => $heat_cw_bind_opts, - options => { - 'option' => [ 'httpchk GET /' ], - }, collect_exported => false, } haproxy::balancermember { 'heat_cloudwatch': @@ -919,9 +879,6 @@ class tripleo::loadbalancer ( if $heat_cfn { haproxy::listen { 'heat_cfn': bind => $heat_cfn_bind_opts, - options => { - 'option' => [ 'httpchk GET /' ], - }, collect_exported => false, } haproxy::balancermember { 'heat_cfn': @@ -937,7 +894,6 @@ class tripleo::loadbalancer ( haproxy::listen { 'horizon': bind => $horizon_bind_opts, options => { - 'option' => [ 'httpchk GET /' ], 'cookie' => 'SERVERID insert indirect nocache', }, collect_exported => false, @@ -953,7 +909,7 @@ class tripleo::loadbalancer ( if $mysql_clustercheck { $mysql_listen_options = { - 'option' => [ 'httpchk' ], + 'option' => [ 'tcpka', 'httpchk' ], 'timeout' => [ 'client 0', 'server 0' ], 'stick-table' => 'type ip size 1000', 'stick' => 'on dst', @@ -969,9 +925,6 @@ class tripleo::loadbalancer ( if $ironic { haproxy::listen { 'ironic': bind => $ironic_bind_opts, - options => { - 'option' => [ 'httpchk GET /' ], - }, collect_exported => false, } haproxy::balancermember { 'ironic': @@ -1004,6 +957,7 @@ class tripleo::loadbalancer ( ipaddress => [hiera('rabbitmq_vip', $controller_virtual_ip)], ports => 5672, options => { + 'option' => [ 'tcpka' ], 'timeout' => [ 'client 0', 'server 0' ], }, collect_exported => false, -- cgit 1.2.3-korg