Return back /healtcheck URI verification
With [1] we have implemented monitoring of helatcheck middleware [2] for services that does support it. However during refactoring [3] URI was missed which potentially might have regression for some services. Due to another bug [4] this could be easily missed previously, since only L4 checks were issued rather then L7. [1] https://review.opendev.org/c/openstack/openstack-ansible/+/864424 [2] https://docs.openstack.org/oslo.middleware/latest/reference/healthcheck_plugins.html [3] https://review.opendev.org/c/openstack/openstack-ansible/+/887285 [4] https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/903463 Change-Id: Ief4e81d6b6708d5830d753408d279bd6dea8fd52
This commit is contained in:
parent
ae6e59d1e5
commit
2a54cef636
@ -21,7 +21,7 @@ haproxy_barbican_service:
|
|||||||
haproxy_port: 9311
|
haproxy_port: 9311
|
||||||
haproxy_balance_type: http
|
haproxy_balance_type: http
|
||||||
haproxy_backend_httpcheck_options:
|
haproxy_backend_httpcheck_options:
|
||||||
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET'
|
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck'
|
||||||
haproxy_backend_ssl: "{{ barbican_backend_ssl | default(openstack_service_backend_ssl) }}"
|
haproxy_backend_ssl: "{{ barbican_backend_ssl | default(openstack_service_backend_ssl) }}"
|
||||||
haproxy_backend_ca: "{{ barbican_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
|
haproxy_backend_ca: "{{ barbican_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
|
||||||
haproxy_accept_both_protocols: "{{ barbican_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"
|
haproxy_accept_both_protocols: "{{ barbican_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"
|
||||||
|
@ -21,7 +21,7 @@ haproxy_cinder_api_service:
|
|||||||
haproxy_port: 8776
|
haproxy_port: 8776
|
||||||
haproxy_balance_type: http
|
haproxy_balance_type: http
|
||||||
haproxy_backend_httpcheck_options:
|
haproxy_backend_httpcheck_options:
|
||||||
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD'
|
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD uri /healthcheck'
|
||||||
haproxy_backend_ssl: "{{ cinder_backend_ssl | default(openstack_service_backend_ssl) }}"
|
haproxy_backend_ssl: "{{ cinder_backend_ssl | default(openstack_service_backend_ssl) }}"
|
||||||
haproxy_backend_ca: "{{ cinder_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
|
haproxy_backend_ca: "{{ cinder_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
|
||||||
haproxy_accept_both_protocols: "{{ cinder_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"
|
haproxy_accept_both_protocols: "{{ cinder_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"
|
||||||
|
@ -22,7 +22,7 @@ haproxy_cloudkitty_api_service:
|
|||||||
haproxy_balance_type: http
|
haproxy_balance_type: http
|
||||||
haproxy_balance_alg: source
|
haproxy_balance_alg: source
|
||||||
haproxy_backend_httpcheck_options:
|
haproxy_backend_httpcheck_options:
|
||||||
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET'
|
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck'
|
||||||
haproxy_backend_ssl: "{{ cloudkitty_backend_ssl | default(openstack_service_backend_ssl) }}"
|
haproxy_backend_ssl: "{{ cloudkitty_backend_ssl | default(openstack_service_backend_ssl) }}"
|
||||||
haproxy_backend_ca: "{{ cloudkitty_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
|
haproxy_backend_ca: "{{ cloudkitty_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
|
||||||
haproxy_accept_both_protocols: "{{ cloudkitty_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"
|
haproxy_accept_both_protocols: "{{ cloudkitty_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"
|
||||||
|
@ -22,7 +22,7 @@ haproxy_glance_api_service:
|
|||||||
haproxy_balance_type: http
|
haproxy_balance_type: http
|
||||||
haproxy_balance_alg: source
|
haproxy_balance_alg: source
|
||||||
haproxy_backend_httpcheck_options:
|
haproxy_backend_httpcheck_options:
|
||||||
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET'
|
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck'
|
||||||
haproxy_backend_ssl: "{{ (glance_use_uwsgi | default(True)) | ternary((glance_backend_ssl | default(openstack_service_backend_ssl)), False) }}"
|
haproxy_backend_ssl: "{{ (glance_use_uwsgi | default(True)) | ternary((glance_backend_ssl | default(openstack_service_backend_ssl)), False) }}"
|
||||||
haproxy_backend_ca: "{{ glance_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
|
haproxy_backend_ca: "{{ glance_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
|
||||||
haproxy_accept_both_protocols: "{{ glance_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"
|
haproxy_accept_both_protocols: "{{ glance_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"
|
||||||
|
@ -21,7 +21,7 @@ haproxy_gnocchi_service:
|
|||||||
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
||||||
haproxy_balance_type: http
|
haproxy_balance_type: http
|
||||||
haproxy_backend_httpcheck_options:
|
haproxy_backend_httpcheck_options:
|
||||||
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET'
|
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck'
|
||||||
haproxy_backend_ssl: "{{ gnocchi_backend_ssl | default(openstack_service_backend_ssl) }}"
|
haproxy_backend_ssl: "{{ gnocchi_backend_ssl | default(openstack_service_backend_ssl) }}"
|
||||||
haproxy_backend_ca: "{{ gnocchi_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
|
haproxy_backend_ca: "{{ gnocchi_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
|
||||||
haproxy_service_enabled: "{{ groups['gnocchi_all'] is defined and groups['gnocchi_all'] | length > 0 }}"
|
haproxy_service_enabled: "{{ groups['gnocchi_all'] is defined and groups['gnocchi_all'] | length > 0 }}"
|
||||||
|
@ -21,7 +21,7 @@ haproxy_heat_api_service:
|
|||||||
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
||||||
haproxy_balance_type: http
|
haproxy_balance_type: http
|
||||||
haproxy_backend_httpcheck_options:
|
haproxy_backend_httpcheck_options:
|
||||||
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD'
|
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD uri /healthcheck'
|
||||||
haproxy_backend_ssl: "{{ heat_backend_ssl | default(openstack_service_backend_ssl) }}"
|
haproxy_backend_ssl: "{{ heat_backend_ssl | default(openstack_service_backend_ssl) }}"
|
||||||
haproxy_backend_ca: "{{ heat_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
|
haproxy_backend_ca: "{{ heat_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
|
||||||
haproxy_accept_both_protocols: "{{ heat_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"
|
haproxy_accept_both_protocols: "{{ heat_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"
|
||||||
@ -35,7 +35,7 @@ haproxy_heat_api_cfn_service:
|
|||||||
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
||||||
haproxy_balance_type: http
|
haproxy_balance_type: http
|
||||||
haproxy_backend_httpcheck_options:
|
haproxy_backend_httpcheck_options:
|
||||||
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD'
|
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD uri /healthcheck'
|
||||||
haproxy_backend_ssl: "{{ heat_backend_ssl | default(openstack_service_backend_ssl) }}"
|
haproxy_backend_ssl: "{{ heat_backend_ssl | default(openstack_service_backend_ssl) }}"
|
||||||
haproxy_backend_ca: "{{ heat_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
|
haproxy_backend_ca: "{{ heat_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
|
||||||
haproxy_accept_both_protocols: "{{ heat_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"
|
haproxy_accept_both_protocols: "{{ heat_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"
|
||||||
|
@ -31,7 +31,7 @@ haproxy_horizon_service:
|
|||||||
haproxy_balance_type: http
|
haproxy_balance_type: http
|
||||||
haproxy_balance_alg: source
|
haproxy_balance_alg: source
|
||||||
haproxy_backend_httpcheck_options:
|
haproxy_backend_httpcheck_options:
|
||||||
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD'
|
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD uri /auth/login/'
|
||||||
haproxy_service_enabled: "{{ groups['horizon_all'] is defined and groups['horizon_all'] | length > 0 }}"
|
haproxy_service_enabled: "{{ groups['horizon_all'] is defined and groups['horizon_all'] | length > 0 }}"
|
||||||
haproxy_backend_ssl: "{{ horizon_backend_ssl | default(openstack_service_backend_ssl) }}"
|
haproxy_backend_ssl: "{{ horizon_backend_ssl | default(openstack_service_backend_ssl) }}"
|
||||||
haproxy_backend_ca: "{{ horizon_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
|
haproxy_backend_ca: "{{ horizon_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
|
||||||
|
@ -24,7 +24,7 @@ haproxy_ironic_api_service:
|
|||||||
haproxy_port: 6385
|
haproxy_port: 6385
|
||||||
haproxy_balance_type: http
|
haproxy_balance_type: http
|
||||||
haproxy_backend_httpcheck_options:
|
haproxy_backend_httpcheck_options:
|
||||||
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET'
|
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck'
|
||||||
haproxy_backend_arguments:
|
haproxy_backend_arguments:
|
||||||
- "http-request deny if { path_beg /v1/lookup } !{ src {{ haproxy_ironic_allowlist_networks | join(' } !{ src ') }} }"
|
- "http-request deny if { path_beg /v1/lookup } !{ src {{ haproxy_ironic_allowlist_networks | join(' } !{ src ') }} }"
|
||||||
- "http-request deny if { path_beg /v1/heartbeat } !{ src {{ haproxy_ironic_allowlist_networks | join(' } !{ src ') }} }"
|
- "http-request deny if { path_beg /v1/heartbeat } !{ src {{ haproxy_ironic_allowlist_networks | join(' } !{ src ') }} }"
|
||||||
@ -41,7 +41,7 @@ haproxy_ironic_inspector_service:
|
|||||||
haproxy_port: 5050
|
haproxy_port: 5050
|
||||||
haproxy_balance_type: http
|
haproxy_balance_type: http
|
||||||
haproxy_backend_httpcheck_options:
|
haproxy_backend_httpcheck_options:
|
||||||
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET'
|
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck'
|
||||||
haproxy_backend_arguments:
|
haproxy_backend_arguments:
|
||||||
- "http-request deny if { path_beg /v1/continue } !{ src {{ haproxy_ironic_inspector_allowlist_networks | join(' } !{ src ') }} }"
|
- "http-request deny if { path_beg /v1/continue } !{ src {{ haproxy_ironic_inspector_allowlist_networks | join(' } !{ src ') }} }"
|
||||||
haproxy_backend_ssl: "{{ ironic_backend_ssl | default(openstack_service_backend_ssl) }}"
|
haproxy_backend_ssl: "{{ ironic_backend_ssl | default(openstack_service_backend_ssl) }}"
|
||||||
|
@ -21,7 +21,7 @@ haproxy_keystone_service:
|
|||||||
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
||||||
haproxy_balance_type: "http"
|
haproxy_balance_type: "http"
|
||||||
haproxy_backend_httpcheck_options:
|
haproxy_backend_httpcheck_options:
|
||||||
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD'
|
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD uri /healthcheck'
|
||||||
haproxy_backend_ssl: "{{ keystone_backend_ssl | default(openstack_service_backend_ssl) }}"
|
haproxy_backend_ssl: "{{ keystone_backend_ssl | default(openstack_service_backend_ssl) }}"
|
||||||
haproxy_backend_ca: "{{ keystone_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
|
haproxy_backend_ca: "{{ keystone_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
|
||||||
haproxy_accept_both_protocols: "{{ keystone_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"
|
haproxy_accept_both_protocols: "{{ keystone_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"
|
||||||
|
@ -21,7 +21,7 @@ haproxy_magnum_service:
|
|||||||
haproxy_port: 9511
|
haproxy_port: 9511
|
||||||
haproxy_balance_type: http
|
haproxy_balance_type: http
|
||||||
haproxy_backend_httpcheck_options:
|
haproxy_backend_httpcheck_options:
|
||||||
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET'
|
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck'
|
||||||
haproxy_backend_ssl: "{{ magnum_backend_ssl | default(openstack_service_backend_ssl) }}"
|
haproxy_backend_ssl: "{{ magnum_backend_ssl | default(openstack_service_backend_ssl) }}"
|
||||||
haproxy_backend_ca: "{{ magnum_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
|
haproxy_backend_ca: "{{ magnum_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
|
||||||
haproxy_accept_both_protocols: "{{ magnum_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"
|
haproxy_accept_both_protocols: "{{ magnum_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"
|
||||||
|
@ -21,7 +21,7 @@ haproxy_manila_service:
|
|||||||
haproxy_port: 8786
|
haproxy_port: 8786
|
||||||
haproxy_balance_type: http
|
haproxy_balance_type: http
|
||||||
haproxy_backend_httpcheck_options:
|
haproxy_backend_httpcheck_options:
|
||||||
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD'
|
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD uri /healthcheck'
|
||||||
haproxy_backend_ssl: "{{ manila_backend_ssl | default(openstack_service_backend_ssl) }}"
|
haproxy_backend_ssl: "{{ manila_backend_ssl | default(openstack_service_backend_ssl) }}"
|
||||||
haproxy_backend_ca: "{{ manila_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
|
haproxy_backend_ca: "{{ manila_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
|
||||||
haproxy_accept_both_protocols: "{{ manila_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"
|
haproxy_accept_both_protocols: "{{ manila_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"
|
||||||
|
@ -21,7 +21,7 @@ haproxy_murano_service:
|
|||||||
haproxy_port: 8082
|
haproxy_port: 8082
|
||||||
haproxy_balance_type: http
|
haproxy_balance_type: http
|
||||||
haproxy_backend_httpcheck_options:
|
haproxy_backend_httpcheck_options:
|
||||||
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET'
|
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /v1'
|
||||||
- "expect status 401"
|
- "expect status 401"
|
||||||
haproxy_backend_ssl: "{{ murano_backend_ssl | default(openstack_service_backend_ssl) }}"
|
haproxy_backend_ssl: "{{ murano_backend_ssl | default(openstack_service_backend_ssl) }}"
|
||||||
haproxy_backend_ca: "{{ murano_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
|
haproxy_backend_ca: "{{ murano_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
|
||||||
|
@ -21,7 +21,7 @@ haproxy_neutron_server_service:
|
|||||||
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
|
||||||
haproxy_balance_type: http
|
haproxy_balance_type: http
|
||||||
haproxy_backend_httpcheck_options:
|
haproxy_backend_httpcheck_options:
|
||||||
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET'
|
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck'
|
||||||
haproxy_backend_ssl: "{{ neutron_backend_ssl | default(openstack_service_backend_ssl) }}"
|
haproxy_backend_ssl: "{{ neutron_backend_ssl | default(openstack_service_backend_ssl) }}"
|
||||||
haproxy_backend_ca: "{{ neutron_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
|
haproxy_backend_ca: "{{ neutron_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
|
||||||
haproxy_accept_both_protocols: "{{ neutron_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"
|
haproxy_accept_both_protocols: "{{ neutron_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"
|
||||||
|
@ -21,7 +21,7 @@ haproxy_octavia_service:
|
|||||||
haproxy_port: 9876
|
haproxy_port: 9876
|
||||||
haproxy_balance_type: http
|
haproxy_balance_type: http
|
||||||
haproxy_backend_httpcheck_options:
|
haproxy_backend_httpcheck_options:
|
||||||
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET'
|
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck'
|
||||||
haproxy_backend_ssl: "{{ octavia_backend_ssl | default(openstack_service_backend_ssl) }}"
|
haproxy_backend_ssl: "{{ octavia_backend_ssl | default(openstack_service_backend_ssl) }}"
|
||||||
haproxy_backend_ca: "{{ octavia_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
|
haproxy_backend_ca: "{{ octavia_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
|
||||||
haproxy_accept_both_protocols: "{{ octavia_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"
|
haproxy_accept_both_protocols: "{{ octavia_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"
|
||||||
|
@ -22,7 +22,7 @@ haproxy_swift_proxy_service:
|
|||||||
haproxy_port: 8080
|
haproxy_port: 8080
|
||||||
haproxy_balance_type: http
|
haproxy_balance_type: http
|
||||||
haproxy_backend_httpcheck_options:
|
haproxy_backend_httpcheck_options:
|
||||||
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET'
|
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck'
|
||||||
# `openstack_service_backend_ssl` is not taken into account
|
# `openstack_service_backend_ssl` is not taken into account
|
||||||
# because TLS in swift-proxy is only for testing purposes:
|
# because TLS in swift-proxy is only for testing purposes:
|
||||||
# https://opendev.org/openstack/swift/src/commit/c78a5962b5f6c9e75f154cac924a226815236e98/etc/proxy-server.conf-sample
|
# https://opendev.org/openstack/swift/src/commit/c78a5962b5f6c9e75f154cac924a226815236e98/etc/proxy-server.conf-sample
|
||||||
|
@ -21,7 +21,7 @@ haproxy_zun_api_service:
|
|||||||
haproxy_port: 9517
|
haproxy_port: 9517
|
||||||
haproxy_balance_type: http
|
haproxy_balance_type: http
|
||||||
haproxy_backend_httpcheck_options:
|
haproxy_backend_httpcheck_options:
|
||||||
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET'
|
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck'
|
||||||
haproxy_backend_ssl: "{{ zun_backend_ssl | default(openstack_service_backend_ssl) }}"
|
haproxy_backend_ssl: "{{ zun_backend_ssl | default(openstack_service_backend_ssl) }}"
|
||||||
haproxy_backend_ca: "{{ zun_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
|
haproxy_backend_ca: "{{ zun_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
|
||||||
haproxy_service_enabled: "{{ groups['zun_api'] is defined and groups['zun_api'] | length > 0 }}"
|
haproxy_service_enabled: "{{ groups['zun_api'] is defined and groups['zun_api'] | length > 0 }}"
|
||||||
|
Loading…
Reference in New Issue
Block a user