From 2a54cef63686496b4cdb735337bee7cb7a3cee48 Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Mon, 8 Jan 2024 09:55:29 +0100 Subject: [PATCH] Return back /healtcheck URI verification With [1] we have implemented monitoring of helatcheck middleware [2] for services that does support it. However during refactoring [3] URI was missed which potentially might have regression for some services. Due to another bug [4] this could be easily missed previously, since only L4 checks were issued rather then L7. [1] https://review.opendev.org/c/openstack/openstack-ansible/+/864424 [2] https://docs.openstack.org/oslo.middleware/latest/reference/healthcheck_plugins.html [3] https://review.opendev.org/c/openstack/openstack-ansible/+/887285 [4] https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/903463 Change-Id: Ief4e81d6b6708d5830d753408d279bd6dea8fd52 --- inventory/group_vars/barbican_all/haproxy_service.yml | 2 +- inventory/group_vars/cinder_all/haproxy_service.yml | 2 +- inventory/group_vars/cloudkitty_all/haproxy_service.yml | 2 +- inventory/group_vars/glance_all/haproxy_service.yml | 2 +- inventory/group_vars/gnocchi_all/haproxy_services.yml | 2 +- inventory/group_vars/heat_all/haproxy_service.yml | 4 ++-- inventory/group_vars/horizon_all/haproxy_service.yml | 2 +- inventory/group_vars/ironic_all/haproxy_service.yml | 4 ++-- inventory/group_vars/keystone_all/haproxy_service.yml | 2 +- inventory/group_vars/magnum_all/haproxy_service.yml | 2 +- inventory/group_vars/manila_all/haproxy_service.yml | 2 +- inventory/group_vars/murano_all/haproxy_service.yml | 2 +- inventory/group_vars/neutron_all/haproxy_service.yml | 2 +- inventory/group_vars/octavia_all/haproxy_service.yml | 2 +- inventory/group_vars/swift_all/haproxy_service.yml | 2 +- inventory/group_vars/zun_all/haproxy_service.yml | 2 +- 16 files changed, 18 insertions(+), 18 deletions(-) diff --git a/inventory/group_vars/barbican_all/haproxy_service.yml b/inventory/group_vars/barbican_all/haproxy_service.yml index f0b9275d16..c39733bf25 100644 --- a/inventory/group_vars/barbican_all/haproxy_service.yml +++ b/inventory/group_vars/barbican_all/haproxy_service.yml @@ -21,7 +21,7 @@ haproxy_barbican_service: haproxy_port: 9311 haproxy_balance_type: http haproxy_backend_httpcheck_options: - - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck' haproxy_backend_ssl: "{{ barbican_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ barbican_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_accept_both_protocols: "{{ barbican_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" diff --git a/inventory/group_vars/cinder_all/haproxy_service.yml b/inventory/group_vars/cinder_all/haproxy_service.yml index 00ced16009..2c269eb3cb 100644 --- a/inventory/group_vars/cinder_all/haproxy_service.yml +++ b/inventory/group_vars/cinder_all/haproxy_service.yml @@ -21,7 +21,7 @@ haproxy_cinder_api_service: haproxy_port: 8776 haproxy_balance_type: http haproxy_backend_httpcheck_options: - - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD' + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD uri /healthcheck' haproxy_backend_ssl: "{{ cinder_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ cinder_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_accept_both_protocols: "{{ cinder_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" diff --git a/inventory/group_vars/cloudkitty_all/haproxy_service.yml b/inventory/group_vars/cloudkitty_all/haproxy_service.yml index fc11f0b9cf..d4d19d03fb 100644 --- a/inventory/group_vars/cloudkitty_all/haproxy_service.yml +++ b/inventory/group_vars/cloudkitty_all/haproxy_service.yml @@ -22,7 +22,7 @@ haproxy_cloudkitty_api_service: haproxy_balance_type: http haproxy_balance_alg: source haproxy_backend_httpcheck_options: - - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck' haproxy_backend_ssl: "{{ cloudkitty_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ cloudkitty_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_accept_both_protocols: "{{ cloudkitty_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" diff --git a/inventory/group_vars/glance_all/haproxy_service.yml b/inventory/group_vars/glance_all/haproxy_service.yml index 33d192138b..aa766f8894 100644 --- a/inventory/group_vars/glance_all/haproxy_service.yml +++ b/inventory/group_vars/glance_all/haproxy_service.yml @@ -22,7 +22,7 @@ haproxy_glance_api_service: haproxy_balance_type: http haproxy_balance_alg: source haproxy_backend_httpcheck_options: - - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck' haproxy_backend_ssl: "{{ (glance_use_uwsgi | default(True)) | ternary((glance_backend_ssl | default(openstack_service_backend_ssl)), False) }}" haproxy_backend_ca: "{{ glance_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_accept_both_protocols: "{{ glance_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" diff --git a/inventory/group_vars/gnocchi_all/haproxy_services.yml b/inventory/group_vars/gnocchi_all/haproxy_services.yml index 38a8f61400..ac52b9f667 100644 --- a/inventory/group_vars/gnocchi_all/haproxy_services.yml +++ b/inventory/group_vars/gnocchi_all/haproxy_services.yml @@ -21,7 +21,7 @@ haproxy_gnocchi_service: haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" haproxy_balance_type: http haproxy_backend_httpcheck_options: - - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck' haproxy_backend_ssl: "{{ gnocchi_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ gnocchi_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_service_enabled: "{{ groups['gnocchi_all'] is defined and groups['gnocchi_all'] | length > 0 }}" diff --git a/inventory/group_vars/heat_all/haproxy_service.yml b/inventory/group_vars/heat_all/haproxy_service.yml index 957df73e4d..937e0dfbf3 100644 --- a/inventory/group_vars/heat_all/haproxy_service.yml +++ b/inventory/group_vars/heat_all/haproxy_service.yml @@ -21,7 +21,7 @@ haproxy_heat_api_service: haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" haproxy_balance_type: http haproxy_backend_httpcheck_options: - - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD' + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD uri /healthcheck' haproxy_backend_ssl: "{{ heat_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ heat_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_accept_both_protocols: "{{ heat_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" @@ -35,7 +35,7 @@ haproxy_heat_api_cfn_service: haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" haproxy_balance_type: http haproxy_backend_httpcheck_options: - - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD' + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD uri /healthcheck' haproxy_backend_ssl: "{{ heat_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ heat_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_accept_both_protocols: "{{ heat_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" diff --git a/inventory/group_vars/horizon_all/haproxy_service.yml b/inventory/group_vars/horizon_all/haproxy_service.yml index 18f55057d7..cb09df2cb8 100644 --- a/inventory/group_vars/horizon_all/haproxy_service.yml +++ b/inventory/group_vars/horizon_all/haproxy_service.yml @@ -31,7 +31,7 @@ haproxy_horizon_service: haproxy_balance_type: http haproxy_balance_alg: source haproxy_backend_httpcheck_options: - - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD' + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD uri /auth/login/' haproxy_service_enabled: "{{ groups['horizon_all'] is defined and groups['horizon_all'] | length > 0 }}" haproxy_backend_ssl: "{{ horizon_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ horizon_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" diff --git a/inventory/group_vars/ironic_all/haproxy_service.yml b/inventory/group_vars/ironic_all/haproxy_service.yml index 47c00c4d4b..1740a7f5b4 100644 --- a/inventory/group_vars/ironic_all/haproxy_service.yml +++ b/inventory/group_vars/ironic_all/haproxy_service.yml @@ -24,7 +24,7 @@ haproxy_ironic_api_service: haproxy_port: 6385 haproxy_balance_type: http haproxy_backend_httpcheck_options: - - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck' haproxy_backend_arguments: - "http-request deny if { path_beg /v1/lookup } !{ src {{ haproxy_ironic_allowlist_networks | join(' } !{ src ') }} }" - "http-request deny if { path_beg /v1/heartbeat } !{ src {{ haproxy_ironic_allowlist_networks | join(' } !{ src ') }} }" @@ -41,7 +41,7 @@ haproxy_ironic_inspector_service: haproxy_port: 5050 haproxy_balance_type: http haproxy_backend_httpcheck_options: - - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck' haproxy_backend_arguments: - "http-request deny if { path_beg /v1/continue } !{ src {{ haproxy_ironic_inspector_allowlist_networks | join(' } !{ src ') }} }" haproxy_backend_ssl: "{{ ironic_backend_ssl | default(openstack_service_backend_ssl) }}" diff --git a/inventory/group_vars/keystone_all/haproxy_service.yml b/inventory/group_vars/keystone_all/haproxy_service.yml index c887489235..c6d650b8bb 100644 --- a/inventory/group_vars/keystone_all/haproxy_service.yml +++ b/inventory/group_vars/keystone_all/haproxy_service.yml @@ -21,7 +21,7 @@ haproxy_keystone_service: haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" haproxy_balance_type: "http" haproxy_backend_httpcheck_options: - - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD' + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD uri /healthcheck' haproxy_backend_ssl: "{{ keystone_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ keystone_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_accept_both_protocols: "{{ keystone_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" diff --git a/inventory/group_vars/magnum_all/haproxy_service.yml b/inventory/group_vars/magnum_all/haproxy_service.yml index f80d4d0a00..70bb6d5567 100644 --- a/inventory/group_vars/magnum_all/haproxy_service.yml +++ b/inventory/group_vars/magnum_all/haproxy_service.yml @@ -21,7 +21,7 @@ haproxy_magnum_service: haproxy_port: 9511 haproxy_balance_type: http haproxy_backend_httpcheck_options: - - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck' haproxy_backend_ssl: "{{ magnum_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ magnum_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_accept_both_protocols: "{{ magnum_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" diff --git a/inventory/group_vars/manila_all/haproxy_service.yml b/inventory/group_vars/manila_all/haproxy_service.yml index b30ce3a8b6..ea51867e27 100644 --- a/inventory/group_vars/manila_all/haproxy_service.yml +++ b/inventory/group_vars/manila_all/haproxy_service.yml @@ -21,7 +21,7 @@ haproxy_manila_service: haproxy_port: 8786 haproxy_balance_type: http haproxy_backend_httpcheck_options: - - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD' + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD uri /healthcheck' haproxy_backend_ssl: "{{ manila_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ manila_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_accept_both_protocols: "{{ manila_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" diff --git a/inventory/group_vars/murano_all/haproxy_service.yml b/inventory/group_vars/murano_all/haproxy_service.yml index f1bc1b1ff2..7bbc27195d 100644 --- a/inventory/group_vars/murano_all/haproxy_service.yml +++ b/inventory/group_vars/murano_all/haproxy_service.yml @@ -21,7 +21,7 @@ haproxy_murano_service: haproxy_port: 8082 haproxy_balance_type: http haproxy_backend_httpcheck_options: - - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /v1' - "expect status 401" haproxy_backend_ssl: "{{ murano_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ murano_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" diff --git a/inventory/group_vars/neutron_all/haproxy_service.yml b/inventory/group_vars/neutron_all/haproxy_service.yml index f2496b2580..55dd505ee1 100644 --- a/inventory/group_vars/neutron_all/haproxy_service.yml +++ b/inventory/group_vars/neutron_all/haproxy_service.yml @@ -21,7 +21,7 @@ haproxy_neutron_server_service: haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" haproxy_balance_type: http haproxy_backend_httpcheck_options: - - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck' haproxy_backend_ssl: "{{ neutron_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ neutron_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_accept_both_protocols: "{{ neutron_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" diff --git a/inventory/group_vars/octavia_all/haproxy_service.yml b/inventory/group_vars/octavia_all/haproxy_service.yml index ce8a534c9d..4f1a67cf2b 100644 --- a/inventory/group_vars/octavia_all/haproxy_service.yml +++ b/inventory/group_vars/octavia_all/haproxy_service.yml @@ -21,7 +21,7 @@ haproxy_octavia_service: haproxy_port: 9876 haproxy_balance_type: http haproxy_backend_httpcheck_options: - - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck' haproxy_backend_ssl: "{{ octavia_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ octavia_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_accept_both_protocols: "{{ octavia_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" diff --git a/inventory/group_vars/swift_all/haproxy_service.yml b/inventory/group_vars/swift_all/haproxy_service.yml index f7581b7451..87b50f6f10 100644 --- a/inventory/group_vars/swift_all/haproxy_service.yml +++ b/inventory/group_vars/swift_all/haproxy_service.yml @@ -22,7 +22,7 @@ haproxy_swift_proxy_service: haproxy_port: 8080 haproxy_balance_type: http haproxy_backend_httpcheck_options: - - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck' # `openstack_service_backend_ssl` is not taken into account # because TLS in swift-proxy is only for testing purposes: # https://opendev.org/openstack/swift/src/commit/c78a5962b5f6c9e75f154cac924a226815236e98/etc/proxy-server.conf-sample diff --git a/inventory/group_vars/zun_all/haproxy_service.yml b/inventory/group_vars/zun_all/haproxy_service.yml index da905d1cbf..4afba56bb5 100644 --- a/inventory/group_vars/zun_all/haproxy_service.yml +++ b/inventory/group_vars/zun_all/haproxy_service.yml @@ -21,7 +21,7 @@ haproxy_zun_api_service: haproxy_port: 9517 haproxy_balance_type: http haproxy_backend_httpcheck_options: - - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck' haproxy_backend_ssl: "{{ zun_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ zun_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_service_enabled: "{{ groups['zun_api'] is defined and groups['zun_api'] | length > 0 }}"