Return back /healtcheck URI verification

With [1] we have implemented monitoring of helatcheck middleware [2] for services that does support it. However during refactoring [3] URI was missed which potentially might have regression for some services. Due to another bug [4] this could be easily missed previously, since only L4 checks were issued rather then L7. [1] https://review.opendev.org/c/openstack/openstack-ansible/+/864424 [2] https://docs.openstack.org/oslo.middleware/latest/reference/healthcheck_plugins.html [3] https://review.opendev.org/c/openstack/openstack-ansible/+/887285 [4] https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/903463 Change-Id: Ief4e81d6b6708d5830d753408d279bd6dea8fd52
2024-01-08 09:55:29 +01:00 · 2024-01-08 09:55:29 +01:00 · 2a54cef636
commit 2a54cef636
parent ae6e59d1e5
16 changed files with 18 additions and 18 deletions
--- a/inventory/group_vars/barbican_all/haproxy_service.yml
+++ b/inventory/group_vars/barbican_all/haproxy_service.yml
@ -21,7 +21,7 @@ haproxy_barbican_service:
  haproxy_port: 9311
  haproxy_balance_type: http
  haproxy_backend_httpcheck_options:
-    - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET'
+    - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck'
  haproxy_backend_ssl: "{{ barbican_backend_ssl | default(openstack_service_backend_ssl) }}"
  haproxy_backend_ca: "{{ barbican_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
  haproxy_accept_both_protocols: "{{ barbican_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"
--- a/inventory/group_vars/cinder_all/haproxy_service.yml
+++ b/inventory/group_vars/cinder_all/haproxy_service.yml
@ -21,7 +21,7 @@ haproxy_cinder_api_service:
  haproxy_port: 8776
  haproxy_balance_type: http
  haproxy_backend_httpcheck_options:
-    - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD'
+    - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD uri /healthcheck'
  haproxy_backend_ssl: "{{ cinder_backend_ssl | default(openstack_service_backend_ssl) }}"
  haproxy_backend_ca: "{{ cinder_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
  haproxy_accept_both_protocols: "{{ cinder_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"
--- a/inventory/group_vars/cloudkitty_all/haproxy_service.yml
+++ b/inventory/group_vars/cloudkitty_all/haproxy_service.yml
@ -22,7 +22,7 @@ haproxy_cloudkitty_api_service:
  haproxy_balance_type: http
  haproxy_balance_alg: source
  haproxy_backend_httpcheck_options:
-    - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET'
+    - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck'
  haproxy_backend_ssl: "{{ cloudkitty_backend_ssl | default(openstack_service_backend_ssl) }}"
  haproxy_backend_ca: "{{ cloudkitty_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
  haproxy_accept_both_protocols: "{{ cloudkitty_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"
--- a/inventory/group_vars/glance_all/haproxy_service.yml
+++ b/inventory/group_vars/glance_all/haproxy_service.yml
@ -22,7 +22,7 @@ haproxy_glance_api_service:
  haproxy_balance_type: http
  haproxy_balance_alg: source
  haproxy_backend_httpcheck_options:
-    - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET'
+    - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck'
  haproxy_backend_ssl: "{{ (glance_use_uwsgi | default(True)) | ternary((glance_backend_ssl | default(openstack_service_backend_ssl)), False) }}"
  haproxy_backend_ca: "{{ glance_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
  haproxy_accept_both_protocols: "{{ glance_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"
--- a/inventory/group_vars/gnocchi_all/haproxy_services.yml
+++ b/inventory/group_vars/gnocchi_all/haproxy_services.yml
@ -21,7 +21,7 @@ haproxy_gnocchi_service:
  haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
  haproxy_balance_type: http
  haproxy_backend_httpcheck_options:
-    - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET'
+    - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck'
  haproxy_backend_ssl: "{{ gnocchi_backend_ssl | default(openstack_service_backend_ssl) }}"
  haproxy_backend_ca: "{{ gnocchi_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
  haproxy_service_enabled: "{{ groups['gnocchi_all'] is defined and groups['gnocchi_all'] | length > 0 }}"
--- a/inventory/group_vars/heat_all/haproxy_service.yml
+++ b/inventory/group_vars/heat_all/haproxy_service.yml
@ -21,7 +21,7 @@ haproxy_heat_api_service:
  haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
  haproxy_balance_type: http
  haproxy_backend_httpcheck_options:
-    - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD'
+    - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD uri /healthcheck'
  haproxy_backend_ssl: "{{ heat_backend_ssl | default(openstack_service_backend_ssl) }}"
  haproxy_backend_ca: "{{ heat_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
  haproxy_accept_both_protocols: "{{ heat_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"
@ -35,7 +35,7 @@ haproxy_heat_api_cfn_service:
  haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
  haproxy_balance_type: http
  haproxy_backend_httpcheck_options:
-    - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD'
+    - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD uri /healthcheck'
  haproxy_backend_ssl: "{{ heat_backend_ssl | default(openstack_service_backend_ssl) }}"
  haproxy_backend_ca: "{{ heat_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
  haproxy_accept_both_protocols: "{{ heat_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"
--- a/inventory/group_vars/horizon_all/haproxy_service.yml
+++ b/inventory/group_vars/horizon_all/haproxy_service.yml
@ -31,7 +31,7 @@ haproxy_horizon_service:
  haproxy_balance_type: http
  haproxy_balance_alg: source
  haproxy_backend_httpcheck_options:
-    - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD'
+    - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD uri /auth/login/'
  haproxy_service_enabled: "{{ groups['horizon_all'] is defined and groups['horizon_all'] | length > 0 }}"
  haproxy_backend_ssl: "{{ horizon_backend_ssl | default(openstack_service_backend_ssl) }}"
  haproxy_backend_ca: "{{ horizon_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
--- a/inventory/group_vars/ironic_all/haproxy_service.yml
+++ b/inventory/group_vars/ironic_all/haproxy_service.yml
@ -24,7 +24,7 @@ haproxy_ironic_api_service:
  haproxy_port: 6385
  haproxy_balance_type: http
  haproxy_backend_httpcheck_options:
-    - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET'
+    - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck'
  haproxy_backend_arguments:
    - "http-request deny if { path_beg /v1/lookup } !{ src {{ haproxy_ironic_allowlist_networks | join(' } !{ src ') }} }"
    - "http-request deny if { path_beg /v1/heartbeat } !{ src {{ haproxy_ironic_allowlist_networks | join(' } !{ src ') }} }"
@ -41,7 +41,7 @@ haproxy_ironic_inspector_service:
  haproxy_port: 5050
  haproxy_balance_type: http
  haproxy_backend_httpcheck_options:
-    - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET'
+    - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck'
  haproxy_backend_arguments:
    - "http-request deny if { path_beg /v1/continue } !{ src {{ haproxy_ironic_inspector_allowlist_networks | join(' } !{ src ') }} }"
  haproxy_backend_ssl: "{{ ironic_backend_ssl | default(openstack_service_backend_ssl) }}"
--- a/inventory/group_vars/keystone_all/haproxy_service.yml
+++ b/inventory/group_vars/keystone_all/haproxy_service.yml
@ -21,7 +21,7 @@ haproxy_keystone_service:
  haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
  haproxy_balance_type: "http"
  haproxy_backend_httpcheck_options:
-    - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD'
+    - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD uri /healthcheck'
  haproxy_backend_ssl: "{{ keystone_backend_ssl | default(openstack_service_backend_ssl) }}"
  haproxy_backend_ca: "{{ keystone_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
  haproxy_accept_both_protocols: "{{ keystone_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"
--- a/inventory/group_vars/magnum_all/haproxy_service.yml
+++ b/inventory/group_vars/magnum_all/haproxy_service.yml
@ -21,7 +21,7 @@ haproxy_magnum_service:
  haproxy_port: 9511
  haproxy_balance_type: http
  haproxy_backend_httpcheck_options:
-    - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET'
+    - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck'
  haproxy_backend_ssl: "{{ magnum_backend_ssl | default(openstack_service_backend_ssl) }}"
  haproxy_backend_ca: "{{ magnum_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
  haproxy_accept_both_protocols: "{{ magnum_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"
--- a/inventory/group_vars/manila_all/haproxy_service.yml
+++ b/inventory/group_vars/manila_all/haproxy_service.yml
@ -21,7 +21,7 @@ haproxy_manila_service:
  haproxy_port: 8786
  haproxy_balance_type: http
  haproxy_backend_httpcheck_options:
-    - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD'
+    - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD uri /healthcheck'
  haproxy_backend_ssl: "{{ manila_backend_ssl | default(openstack_service_backend_ssl) }}"
  haproxy_backend_ca: "{{ manila_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
  haproxy_accept_both_protocols: "{{ manila_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"
--- a/inventory/group_vars/murano_all/haproxy_service.yml
+++ b/inventory/group_vars/murano_all/haproxy_service.yml
@ -21,7 +21,7 @@ haproxy_murano_service:
  haproxy_port: 8082
  haproxy_balance_type: http
  haproxy_backend_httpcheck_options:
-    - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET'
+    - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /v1'
    - "expect status 401"
  haproxy_backend_ssl: "{{ murano_backend_ssl | default(openstack_service_backend_ssl) }}"
  haproxy_backend_ca: "{{ murano_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
--- a/inventory/group_vars/neutron_all/haproxy_service.yml
+++ b/inventory/group_vars/neutron_all/haproxy_service.yml
@ -21,7 +21,7 @@ haproxy_neutron_server_service:
  haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
  haproxy_balance_type: http
  haproxy_backend_httpcheck_options:
-    - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET'
+    - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck'
  haproxy_backend_ssl: "{{ neutron_backend_ssl | default(openstack_service_backend_ssl) }}"
  haproxy_backend_ca: "{{ neutron_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
  haproxy_accept_both_protocols: "{{ neutron_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"
--- a/inventory/group_vars/octavia_all/haproxy_service.yml
+++ b/inventory/group_vars/octavia_all/haproxy_service.yml
@ -21,7 +21,7 @@ haproxy_octavia_service:
  haproxy_port: 9876
  haproxy_balance_type: http
  haproxy_backend_httpcheck_options:
-    - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET'
+    - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck'
  haproxy_backend_ssl: "{{ octavia_backend_ssl | default(openstack_service_backend_ssl) }}"
  haproxy_backend_ca: "{{ octavia_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
  haproxy_accept_both_protocols: "{{ octavia_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"
--- a/inventory/group_vars/swift_all/haproxy_service.yml
+++ b/inventory/group_vars/swift_all/haproxy_service.yml
@ -22,7 +22,7 @@ haproxy_swift_proxy_service:
  haproxy_port: 8080
  haproxy_balance_type: http
  haproxy_backend_httpcheck_options:
-    - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET'
+    - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck'
  # `openstack_service_backend_ssl` is not taken into account
  # because TLS in swift-proxy is only for testing purposes:
  # https://opendev.org/openstack/swift/src/commit/c78a5962b5f6c9e75f154cac924a226815236e98/etc/proxy-server.conf-sample
--- a/inventory/group_vars/zun_all/haproxy_service.yml
+++ b/inventory/group_vars/zun_all/haproxy_service.yml
@ -21,7 +21,7 @@ haproxy_zun_api_service:
  haproxy_port: 9517
  haproxy_balance_type: http
  haproxy_backend_httpcheck_options:
-    - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET'
+    - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck'
  haproxy_backend_ssl: "{{ zun_backend_ssl | default(openstack_service_backend_ssl) }}"
  haproxy_backend_ca: "{{ zun_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
  haproxy_service_enabled: "{{ groups['zun_api'] is defined and groups['zun_api'] | length > 0 }}"