diff --git a/deployment/puppet/openstack/manifests/ha/keystone.pp b/deployment/puppet/openstack/manifests/ha/keystone.pp index 612c3b2fd1..dbdd8b4804 100644 --- a/deployment/puppet/openstack/manifests/ha/keystone.pp +++ b/deployment/puppet/openstack/manifests/ha/keystone.pp @@ -72,7 +72,7 @@ class openstack::ha::keystone ( internal_ssl => $internal_ssl, internal_ssl_path => $internal_ssl_path, haproxy_config_options => { - option => ['httpchk', 'httplog', 'httpclose'], + option => ['httpchk', 'httplog', 'httpclose', 'forwardfor'], 'http-request' => 'set-header X-Forwarded-Proto https if { ssl_fc }', }, balancermember_options => 'check inter 10s fastinter 2s downinter 2s rise 30 fall 3', diff --git a/deployment/puppet/openstack/spec/classes/openstack_ha_keystone_spec.rb b/deployment/puppet/openstack/spec/classes/openstack_ha_keystone_spec.rb index 4e1e071da9..0343a337fe 100644 --- a/deployment/puppet/openstack/spec/classes/openstack_ha_keystone_spec.rb +++ b/deployment/puppet/openstack/spec/classes/openstack_ha_keystone_spec.rb @@ -21,7 +21,7 @@ require 'spec_helper' 'public_ssl' => true, 'public_ssl_path' => '/var/lib/fuel/haproxy/public_keystone.pem', 'haproxy_config_options' => { - 'option' => ['httpchk', 'httplog','httpclose'], + 'option' => ['httpchk', 'httplog','httpclose', 'forwardfor'], 'http-request' => 'set-header X-Forwarded-Proto https if { ssl_fc }', }, 'balancermember_options' => 'check inter 10s fastinter 2s downinter 2s rise 30 fall 3', @@ -34,7 +34,7 @@ require 'spec_helper' 'listen_port' => 35357, 'public' => false, 'haproxy_config_options' => { - 'option' => ['httpchk', 'httplog','httpclose'], + 'option' => ['httpchk', 'httplog','httpclose', 'forwardfor'], 'http-request' => 'set-header X-Forwarded-Proto https if { ssl_fc }', }, 'balancermember_options' => 'check inter 10s fastinter 2s downinter 2s rise 30 fall 3', diff --git a/deployment/puppet/osnailyfacter/modular/keystone/keystone.pp b/deployment/puppet/osnailyfacter/modular/keystone/keystone.pp index df5952ba97..645c368391 100644 --- a/deployment/puppet/osnailyfacter/modular/keystone/keystone.pp +++ b/deployment/puppet/osnailyfacter/modular/keystone/keystone.pp @@ -158,7 +158,7 @@ class { 'keystone::wsgi::apache': workers => min($::processorcount, 6), ssl => $ssl, vhost_custom_fragment => $vhost_limit_request_field_size, - access_log_format => '%h %l %u %t \"%r\" %>s %b %D \"%{Referer}i\" \"%{User-Agent}i\"', + access_log_format => '%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b %D \"%{Referer}i\" \"%{User-Agent}i\"', # ports and host should be set for ip_based vhost public_port => $public_port, diff --git a/tests/noop/spec/hosts/openstack-haproxy/openstack-haproxy-keystone_spec.rb b/tests/noop/spec/hosts/openstack-haproxy/openstack-haproxy-keystone_spec.rb index 75ee742389..434ac6406b 100644 --- a/tests/noop/spec/hosts/openstack-haproxy/openstack-haproxy-keystone_spec.rb +++ b/tests/noop/spec/hosts/openstack-haproxy/openstack-haproxy-keystone_spec.rb @@ -15,7 +15,7 @@ describe manifest do 'public' => true, 'public_ssl' => public_ssl_keystone, 'haproxy_config_options' => { - 'option' => ['httpchk', 'httplog', 'httpclose'], + 'option' => ['httpchk', 'httplog', 'httpclose', 'forwardfor'], 'http-request' => 'set-header X-Forwarded-Proto https if { ssl_fc }', }, ) @@ -27,7 +27,7 @@ describe manifest do 'listen_port' => 35357, 'public' => false, 'haproxy_config_options' => { - 'option' => ['httpchk', 'httplog', 'httpclose'], + 'option' => ['httpchk', 'httplog', 'httpclose', 'forwardfor'], 'http-request' => 'set-header X-Forwarded-Proto https if { ssl_fc }', }, )