openstack/openstack-ansible-haproxy_server
Code Issues Proposed changes
400 Commits 7 Branches 115 Tags
d30bb2e6d12233a5a20a9b739c46e40cbabc5bf9
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
JamesGibo d30bb2e6d1 Add functionality to accept both HTTP and HTTPS during upgrade 
Enable TLS on internal communication has 2 parts
* Enabling TLS on the internal VIPs for haproxy frontends
* Enabling TLS on the service backends
Haproxy has support for enabling TLS on frontends and backends,
but doing so would cause downtime.

In the case of upgrading frontends, enabling TLS would prevent
openstack services from working until their config is changed
from http to https, as they do not follow redirects.

In the case of backends haproxy would mark each backend as down
because if could not initiate a HTTPS connection to the backend
until the backend is updated.

This patch fixes this and allows haproxy to accept both HTTP and
HTTPS on the same well known port for each service. It also
allows for both HTTP and HTTPS backends.

Support for HTTP and HTTPS on the frontend is enabled by setting
haproxy_tcp_upgrade_frontend: true

Support for HTTP and HTTPS on the backend is enabled by setting
haproxy_tcp_upgrade_backend: true

This is a temporary patch and will be removed once instances have
been upgraded to HTTPS for internal communications in a future
release of OSA.

Change-Id: I4279005d5b4e6133cf85ba43379b51149c838f17
2022-02-18 14:40:14 +00:00
defaults
Adjust default configuration to support TLS v1.3
2022-01-10 08:57:40 +00:00
doc
Merge "Add default CA store to use when haproxy_backend_ca is true"
2022-01-11 22:54:54 +00:00
examples
Trivial: Fix the pep8 warning
2018-06-20 16:29:56 +08:00
files
Use systemd-journald instead of log files
2019-07-22 19:53:01 +03:00
handlers
Generate self-signed SSL per listen IP
2021-06-25 13:30:25 +00:00
meta
Remove references to unsupported operating systems
2021-03-21 20:48:54 +01:00
releasenotes
Adjust default configuration to support TLS v1.3
2022-01-10 08:57:40 +00:00
tasks
Refactor use of include_vars
2022-01-12 08:48:25 +00:00
templates
Add functionality to accept both HTTP and HTTPS during upgrade
2022-02-18 14:40:14 +00:00
tests
remove ansible_python_interpreter
2020-06-16 10:26:56 +00:00
vars
Add default CA store to use when haproxy_backend_ca is true
2021-12-15 14:06:25 +00:00
zuul.d
Use integrated tests for haproxy_server
2021-05-12 06:36:13 +00:00
.gitignore
Updated from OpenStack Ansible Tests
2019-08-20 03:05:03 +00:00
.gitreview
OpenDev Migration Patch
2019-04-19 19:45:03 +00:00
bindep.txt
Updated from OpenStack Ansible Tests
2021-03-12 22:16:01 +00:00
CONTRIBUTING.rst
[ussuri][goal] Update contributor documentation
2020-05-18 08:19:01 +00:00
LICENSE
Add scaffolding for OpenStack-CI tests
2016-08-21 17:00:50 +01:00
manual-test.rc
Use centralised test scripts
2016-09-27 16:02:41 +00:00
README.rst
Update invalid link for README
2019-08-19 01:43:26 -07:00
run_tests.sh
Updated from OpenStack Ansible Tests
2021-03-12 22:16:01 +00:00
setup.cfg
Cleanup py27 support
2020-04-14 20:50:38 +08:00
setup.py
Cleanup py27 support
2020-04-14 20:50:38 +08:00
tox.ini
Replace deprecated UPPER_CONSTRAINTS_FILE variable
2020-11-10 13:11:23 +08:00
Vagrantfile
Updated from OpenStack Ansible Tests
2021-12-17 16:44:40 +00:00

README.rst

Team and repository tags

image

OpenStack-Ansible HAProxy server

Documentation for the project can be found at:

https://docs.openstack.org/openstack-ansible-haproxy_server/latest

Release notes for the project can be found at:

https://docs.openstack.org/releasenotes/openstack-ansible-haproxy_server/

The project source code repository is located at:

https://opendev.org/openstack/openstack-ansible-haproxy_server/

The project home is at:

https://launchpad.net/openstack-ansible

The project bug tracker is located at:

https://bugs.launchpad.net/openstack-ansible

View Git Blame Copy Permalink
Description
Role haproxy_server for OpenStack-Ansible
Readme 5 MiB
Languages
Jinja 69%
Python 31%