Return back /healtcheck URI verification

With [1] we have implemented monitoring of helatcheck middleware [2]
for services that does support it. However during refactoring [3] URI was missed
which potentially might have regression for some services. Due to another bug [4] this could be easily missed previously, since only L4 checks
were issued rather then L7.

[1] https://review.opendev.org/c/openstack/openstack-ansible/+/864424
[2] https://docs.openstack.org/oslo.middleware/latest/reference/healthcheck_plugins.html
[3] https://review.opendev.org/c/openstack/openstack-ansible/+/887285
[4] https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/903463

Change-Id: Ief4e81d6b6708d5830d753408d279bd6dea8fd52
This commit is contained in:
Dmitriy Rabotyagov 2024-01-08 09:55:29 +01:00 committed by Dmitriy Rabotyagov
parent ae6e59d1e5
commit 2a54cef636
16 changed files with 18 additions and 18 deletions

View File

@ -21,7 +21,7 @@ haproxy_barbican_service:
haproxy_port: 9311 haproxy_port: 9311
haproxy_balance_type: http haproxy_balance_type: http
haproxy_backend_httpcheck_options: haproxy_backend_httpcheck_options:
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck'
haproxy_backend_ssl: "{{ barbican_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ssl: "{{ barbican_backend_ssl | default(openstack_service_backend_ssl) }}"
haproxy_backend_ca: "{{ barbican_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_backend_ca: "{{ barbican_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
haproxy_accept_both_protocols: "{{ barbican_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" haproxy_accept_both_protocols: "{{ barbican_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"

View File

@ -21,7 +21,7 @@ haproxy_cinder_api_service:
haproxy_port: 8776 haproxy_port: 8776
haproxy_balance_type: http haproxy_balance_type: http
haproxy_backend_httpcheck_options: haproxy_backend_httpcheck_options:
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD' - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD uri /healthcheck'
haproxy_backend_ssl: "{{ cinder_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ssl: "{{ cinder_backend_ssl | default(openstack_service_backend_ssl) }}"
haproxy_backend_ca: "{{ cinder_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_backend_ca: "{{ cinder_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
haproxy_accept_both_protocols: "{{ cinder_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" haproxy_accept_both_protocols: "{{ cinder_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"

View File

@ -22,7 +22,7 @@ haproxy_cloudkitty_api_service:
haproxy_balance_type: http haproxy_balance_type: http
haproxy_balance_alg: source haproxy_balance_alg: source
haproxy_backend_httpcheck_options: haproxy_backend_httpcheck_options:
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck'
haproxy_backend_ssl: "{{ cloudkitty_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ssl: "{{ cloudkitty_backend_ssl | default(openstack_service_backend_ssl) }}"
haproxy_backend_ca: "{{ cloudkitty_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_backend_ca: "{{ cloudkitty_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
haproxy_accept_both_protocols: "{{ cloudkitty_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" haproxy_accept_both_protocols: "{{ cloudkitty_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"

View File

@ -22,7 +22,7 @@ haproxy_glance_api_service:
haproxy_balance_type: http haproxy_balance_type: http
haproxy_balance_alg: source haproxy_balance_alg: source
haproxy_backend_httpcheck_options: haproxy_backend_httpcheck_options:
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck'
haproxy_backend_ssl: "{{ (glance_use_uwsgi | default(True)) | ternary((glance_backend_ssl | default(openstack_service_backend_ssl)), False) }}" haproxy_backend_ssl: "{{ (glance_use_uwsgi | default(True)) | ternary((glance_backend_ssl | default(openstack_service_backend_ssl)), False) }}"
haproxy_backend_ca: "{{ glance_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_backend_ca: "{{ glance_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
haproxy_accept_both_protocols: "{{ glance_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" haproxy_accept_both_protocols: "{{ glance_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"

View File

@ -21,7 +21,7 @@ haproxy_gnocchi_service:
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
haproxy_balance_type: http haproxy_balance_type: http
haproxy_backend_httpcheck_options: haproxy_backend_httpcheck_options:
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck'
haproxy_backend_ssl: "{{ gnocchi_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ssl: "{{ gnocchi_backend_ssl | default(openstack_service_backend_ssl) }}"
haproxy_backend_ca: "{{ gnocchi_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_backend_ca: "{{ gnocchi_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
haproxy_service_enabled: "{{ groups['gnocchi_all'] is defined and groups['gnocchi_all'] | length > 0 }}" haproxy_service_enabled: "{{ groups['gnocchi_all'] is defined and groups['gnocchi_all'] | length > 0 }}"

View File

@ -21,7 +21,7 @@ haproxy_heat_api_service:
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
haproxy_balance_type: http haproxy_balance_type: http
haproxy_backend_httpcheck_options: haproxy_backend_httpcheck_options:
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD' - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD uri /healthcheck'
haproxy_backend_ssl: "{{ heat_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ssl: "{{ heat_backend_ssl | default(openstack_service_backend_ssl) }}"
haproxy_backend_ca: "{{ heat_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_backend_ca: "{{ heat_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
haproxy_accept_both_protocols: "{{ heat_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" haproxy_accept_both_protocols: "{{ heat_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"
@ -35,7 +35,7 @@ haproxy_heat_api_cfn_service:
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
haproxy_balance_type: http haproxy_balance_type: http
haproxy_backend_httpcheck_options: haproxy_backend_httpcheck_options:
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD' - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD uri /healthcheck'
haproxy_backend_ssl: "{{ heat_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ssl: "{{ heat_backend_ssl | default(openstack_service_backend_ssl) }}"
haproxy_backend_ca: "{{ heat_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_backend_ca: "{{ heat_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
haproxy_accept_both_protocols: "{{ heat_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" haproxy_accept_both_protocols: "{{ heat_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"

View File

@ -31,7 +31,7 @@ haproxy_horizon_service:
haproxy_balance_type: http haproxy_balance_type: http
haproxy_balance_alg: source haproxy_balance_alg: source
haproxy_backend_httpcheck_options: haproxy_backend_httpcheck_options:
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD' - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD uri /auth/login/'
haproxy_service_enabled: "{{ groups['horizon_all'] is defined and groups['horizon_all'] | length > 0 }}" haproxy_service_enabled: "{{ groups['horizon_all'] is defined and groups['horizon_all'] | length > 0 }}"
haproxy_backend_ssl: "{{ horizon_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ssl: "{{ horizon_backend_ssl | default(openstack_service_backend_ssl) }}"
haproxy_backend_ca: "{{ horizon_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_backend_ca: "{{ horizon_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"

View File

@ -24,7 +24,7 @@ haproxy_ironic_api_service:
haproxy_port: 6385 haproxy_port: 6385
haproxy_balance_type: http haproxy_balance_type: http
haproxy_backend_httpcheck_options: haproxy_backend_httpcheck_options:
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck'
haproxy_backend_arguments: haproxy_backend_arguments:
- "http-request deny if { path_beg /v1/lookup } !{ src {{ haproxy_ironic_allowlist_networks | join(' } !{ src ') }} }" - "http-request deny if { path_beg /v1/lookup } !{ src {{ haproxy_ironic_allowlist_networks | join(' } !{ src ') }} }"
- "http-request deny if { path_beg /v1/heartbeat } !{ src {{ haproxy_ironic_allowlist_networks | join(' } !{ src ') }} }" - "http-request deny if { path_beg /v1/heartbeat } !{ src {{ haproxy_ironic_allowlist_networks | join(' } !{ src ') }} }"
@ -41,7 +41,7 @@ haproxy_ironic_inspector_service:
haproxy_port: 5050 haproxy_port: 5050
haproxy_balance_type: http haproxy_balance_type: http
haproxy_backend_httpcheck_options: haproxy_backend_httpcheck_options:
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck'
haproxy_backend_arguments: haproxy_backend_arguments:
- "http-request deny if { path_beg /v1/continue } !{ src {{ haproxy_ironic_inspector_allowlist_networks | join(' } !{ src ') }} }" - "http-request deny if { path_beg /v1/continue } !{ src {{ haproxy_ironic_inspector_allowlist_networks | join(' } !{ src ') }} }"
haproxy_backend_ssl: "{{ ironic_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ssl: "{{ ironic_backend_ssl | default(openstack_service_backend_ssl) }}"

View File

@ -21,7 +21,7 @@ haproxy_keystone_service:
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
haproxy_balance_type: "http" haproxy_balance_type: "http"
haproxy_backend_httpcheck_options: haproxy_backend_httpcheck_options:
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD' - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD uri /healthcheck'
haproxy_backend_ssl: "{{ keystone_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ssl: "{{ keystone_backend_ssl | default(openstack_service_backend_ssl) }}"
haproxy_backend_ca: "{{ keystone_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_backend_ca: "{{ keystone_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
haproxy_accept_both_protocols: "{{ keystone_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" haproxy_accept_both_protocols: "{{ keystone_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"

View File

@ -21,7 +21,7 @@ haproxy_magnum_service:
haproxy_port: 9511 haproxy_port: 9511
haproxy_balance_type: http haproxy_balance_type: http
haproxy_backend_httpcheck_options: haproxy_backend_httpcheck_options:
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck'
haproxy_backend_ssl: "{{ magnum_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ssl: "{{ magnum_backend_ssl | default(openstack_service_backend_ssl) }}"
haproxy_backend_ca: "{{ magnum_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_backend_ca: "{{ magnum_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
haproxy_accept_both_protocols: "{{ magnum_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" haproxy_accept_both_protocols: "{{ magnum_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"

View File

@ -21,7 +21,7 @@ haproxy_manila_service:
haproxy_port: 8786 haproxy_port: 8786
haproxy_balance_type: http haproxy_balance_type: http
haproxy_backend_httpcheck_options: haproxy_backend_httpcheck_options:
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD' - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD uri /healthcheck'
haproxy_backend_ssl: "{{ manila_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ssl: "{{ manila_backend_ssl | default(openstack_service_backend_ssl) }}"
haproxy_backend_ca: "{{ manila_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_backend_ca: "{{ manila_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
haproxy_accept_both_protocols: "{{ manila_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" haproxy_accept_both_protocols: "{{ manila_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"

View File

@ -21,7 +21,7 @@ haproxy_murano_service:
haproxy_port: 8082 haproxy_port: 8082
haproxy_balance_type: http haproxy_balance_type: http
haproxy_backend_httpcheck_options: haproxy_backend_httpcheck_options:
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /v1'
- "expect status 401" - "expect status 401"
haproxy_backend_ssl: "{{ murano_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ssl: "{{ murano_backend_ssl | default(openstack_service_backend_ssl) }}"
haproxy_backend_ca: "{{ murano_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_backend_ca: "{{ murano_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"

View File

@ -21,7 +21,7 @@ haproxy_neutron_server_service:
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
haproxy_balance_type: http haproxy_balance_type: http
haproxy_backend_httpcheck_options: haproxy_backend_httpcheck_options:
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck'
haproxy_backend_ssl: "{{ neutron_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ssl: "{{ neutron_backend_ssl | default(openstack_service_backend_ssl) }}"
haproxy_backend_ca: "{{ neutron_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_backend_ca: "{{ neutron_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
haproxy_accept_both_protocols: "{{ neutron_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" haproxy_accept_both_protocols: "{{ neutron_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"

View File

@ -21,7 +21,7 @@ haproxy_octavia_service:
haproxy_port: 9876 haproxy_port: 9876
haproxy_balance_type: http haproxy_balance_type: http
haproxy_backend_httpcheck_options: haproxy_backend_httpcheck_options:
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck'
haproxy_backend_ssl: "{{ octavia_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ssl: "{{ octavia_backend_ssl | default(openstack_service_backend_ssl) }}"
haproxy_backend_ca: "{{ octavia_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_backend_ca: "{{ octavia_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
haproxy_accept_both_protocols: "{{ octavia_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" haproxy_accept_both_protocols: "{{ octavia_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"

View File

@ -22,7 +22,7 @@ haproxy_swift_proxy_service:
haproxy_port: 8080 haproxy_port: 8080
haproxy_balance_type: http haproxy_balance_type: http
haproxy_backend_httpcheck_options: haproxy_backend_httpcheck_options:
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck'
# `openstack_service_backend_ssl` is not taken into account # `openstack_service_backend_ssl` is not taken into account
# because TLS in swift-proxy is only for testing purposes: # because TLS in swift-proxy is only for testing purposes:
# https://opendev.org/openstack/swift/src/commit/c78a5962b5f6c9e75f154cac924a226815236e98/etc/proxy-server.conf-sample # https://opendev.org/openstack/swift/src/commit/c78a5962b5f6c9e75f154cac924a226815236e98/etc/proxy-server.conf-sample

View File

@ -21,7 +21,7 @@ haproxy_zun_api_service:
haproxy_port: 9517 haproxy_port: 9517
haproxy_balance_type: http haproxy_balance_type: http
haproxy_backend_httpcheck_options: haproxy_backend_httpcheck_options:
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthcheck'
haproxy_backend_ssl: "{{ zun_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ssl: "{{ zun_backend_ssl | default(openstack_service_backend_ssl) }}"
haproxy_backend_ca: "{{ zun_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_backend_ca: "{{ zun_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
haproxy_service_enabled: "{{ groups['zun_api'] is defined and groups['zun_api'] | length > 0 }}" haproxy_service_enabled: "{{ groups['zun_api'] is defined and groups['zun_api'] | length > 0 }}"