From 005bf64e4a4f7ef1de161ebe6363d7f5369028e4 Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Date: Tue, 8 Nov 2016 13:22:13 +0200
Subject: Pass X-Forwarded-Proto for missing services

aodh, ceilometer, gnocchi and neutron need the X-Forwarded-Proto in
order to return links with the correct protocol when SSL is enabled.
This enables it in HAProxy

Change-Id: Icceab92f86b1cc40d42195fa4ba0c75f302795b8
Closes-Bug: #1640126
---
 manifests/haproxy.pp | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

(limited to 'manifests')

diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp
index 7c5ff39..28bd896 100644
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@@ -773,6 +773,11 @@ class tripleo::haproxy (
       service_port      => $ports[neutron_api_port],
       ip_addresses      => hiera('neutron_api_node_ips', $controller_hosts_real),
       server_names      => hiera('neutron_api_node_names', $controller_hosts_names_real),
+      listen_options    => {
+          'http-request' => [
+            'set-header X-Forwarded-Proto https if { ssl_fc }',
+            'set-header X-Forwarded-Proto http if !{ ssl_fc }'],
+      },
       public_ssl_port   => $ports[neutron_api_ssl_port],
       service_network   => $neutron_network,
     }
@@ -917,6 +922,11 @@ class tripleo::haproxy (
       service_port      => $ports[ceilometer_api_port],
       ip_addresses      => hiera('ceilometer_api_node_ips', $controller_hosts_real),
       server_names      => hiera('ceilometer_api_node_names', $controller_hosts_names_real),
+      listen_options    => {
+          'http-request' => [
+            'set-header X-Forwarded-Proto https if { ssl_fc }',
+            'set-header X-Forwarded-Proto http if !{ ssl_fc }'],
+      },
       public_ssl_port   => $ports[ceilometer_api_ssl_port],
       service_network   => $ceilometer_network,
       member_options    => union($haproxy_member_options, $internal_tls_member_options),
@@ -930,6 +940,11 @@ class tripleo::haproxy (
       service_port      => $ports[aodh_api_port],
       ip_addresses      => hiera('aodh_api_node_ips', $controller_hosts_real),
       server_names      => hiera('aodh_api_node_names', $controller_hosts_names_real),
+      listen_options    => {
+          'http-request' => [
+            'set-header X-Forwarded-Proto https if { ssl_fc }',
+            'set-header X-Forwarded-Proto http if !{ ssl_fc }'],
+      },
       public_ssl_port   => $ports[aodh_api_ssl_port],
       service_network   => $aodh_network,
       member_options    => union($haproxy_member_options, $internal_tls_member_options),
@@ -955,6 +970,11 @@ class tripleo::haproxy (
       service_port      => $ports[gnocchi_api_port],
       ip_addresses      => hiera('gnocchi_api_node_ips', $controller_hosts_real),
       server_names      => hiera('gnocchi_api_node_names', $controller_hosts_names_real),
+      listen_options    => {
+          'http-request' => [
+            'set-header X-Forwarded-Proto https if { ssl_fc }',
+            'set-header X-Forwarded-Proto http if !{ ssl_fc }'],
+      },
       public_ssl_port   => $ports[gnocchi_api_ssl_port],
       service_network   => $gnocchi_network,
     }
-- 
cgit 1.2.3-korg