openstack/openstack-ansible
Code Issues Proposed changes

haproxy: decrease check interval for letsencrypt back ends

Browse Source 
When HTTP challenges are used, the HAProxy letsencrypt integration
allows a short timeout for the back end to be recognised as up
before the challenge is performed. The role default for this is 5
seconds.

The default interval to check an HAProxy back end is 12 seconds,
which means that the challenge response can frequently return
an HTTP 503 error. This change reduces the check interval to be
below 5 seconds to improve this reliability.

Change-Id: I1297965a2031eb49b4f048e09a2a6bb119921e24
This commit is contained in:
Andrew Bonney
2021-07-28 15:19:11 +01:00
parent de64a324e3
commit 17f92b0f59
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
inventory/group_vars/haproxy/haproxy.yml
View File

@@ -236,6 +236,7 @@ haproxy_letsencrypt_service:
haproxy_backend_nodes: "{{ groups['haproxy_all'] }}"
backend_rise: 1
backend_fall: 5
interval: 4000
haproxy_bind:
- 127.0.0.1
haproxy_port: "{{ haproxy_ssl_letsencrypt_certbot_backend_port }}"