openstack/openstack-ansible-haproxy_server
Code Issues Proposed changes

Allow do disable SSL only for stats frontend

Browse Source 
Currently there is no way of disabling SSL connection for stats frontend
as it implies more global variable. However, for some systems consuming
self-signed root certificate might be not an option and disabling
SSL verification tricky. Thus, we introduce new variable that allows to
nicely control if SSL should be served for stats frontend or not.

Change-Id: Ic4bc4393ec89469876e9e95b12bb9c4069972713
This commit is contained in:
Dmitriy Rabotyagov
2022-09-22 16:06:41 +02:00
committed by Dmitriy Rabotyagov
parent a502817a89
commit 6025eaac36
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
defaults/main.yml
View File

@@ -30,6 +30,7 @@ haproxy_interval: 12000
haproxy_stats_enabled: False
haproxy_stats_bind_address: 127.0.0.1
haproxy_stats_port: 1936
haproxy_stats_ssl: "{{ haproxy_ssl }}"
haproxy_username: admin
haproxy_stats_password: secrete
haproxy_stats_refresh_interval: 60

2
templates/haproxy.cfg.j2
View File

@@ -42,7 +42,7 @@ defaults
{% if haproxy_stats_enabled | bool %}
listen stats
bind {{ haproxy_stats_bind_address }}:{{ haproxy_stats_port }} {% if haproxy_ssl | bool %}ssl crt {{ haproxy_ssl_cert_path }}/haproxy_{{ ansible_facts['hostname'] }}-{{ haproxy_bind_internal_lb_vip_address }}.pem{% endif %}
bind {{ haproxy_stats_bind_address }}:{{ haproxy_stats_port }} {% if haproxy_stats_ssl | bool %}ssl crt {{ haproxy_ssl_cert_path }}/haproxy_{{ ansible_facts['hostname'] }}-{{ haproxy_bind_internal_lb_vip_address }}.pem{% endif %}
{% if haproxy_stats_process is defined %}
bind-process {{ haproxy_stats_process }}