From 6a276938e75137255478aab014f8765c7405cc50 Mon Sep 17 00:00:00 2001
From: Dmitriy Rabotyagov <dmitriy.rabotyagov@cleura.com>
Date: Tue, 12 Dec 2023 12:19:48 +0100
Subject: [PATCH] Fix http-check ordering for services

Despite not being documented, order of http-check options are important

Defining `expect` before `check` leads to configuration error. In order to
avoid that we fix some defenitions of haproxy_services variable.

Related-Bug: #2046223

Needed-By: https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/903463
Change-Id: I6153e1ba5a4c45e2ed78d69da73e6524e3911db0
---
 inventory/group_vars/blazar_all/haproxy_service.yml | 1 -
 inventory/group_vars/murano_all/haproxy_service.yml | 1 -
 inventory/group_vars/nova_all/haproxy_service.yml   | 6 +++---
 inventory/group_vars/zun_all/haproxy_service.yml    | 2 +-
 4 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/inventory/group_vars/blazar_all/haproxy_service.yml b/inventory/group_vars/blazar_all/haproxy_service.yml
index 44a654262d..d550382352 100644
--- a/inventory/group_vars/blazar_all/haproxy_service.yml
+++ b/inventory/group_vars/blazar_all/haproxy_service.yml
@@ -22,7 +22,6 @@ haproxy_blazar_api_service:
   haproxy_balance_type: http
   haproxy_backend_httpcheck_options:
     - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD'
-  haproxy_backend_httpcheck_options:
     - 'expect rstatus (200|401)'
   haproxy_backend_ssl: "{{ blazar_backend_ssl | default(openstack_service_backend_ssl) }}"
   haproxy_backend_ca: "{{ openstack_haproxy_backend_ca | default(True) }}"
diff --git a/inventory/group_vars/murano_all/haproxy_service.yml b/inventory/group_vars/murano_all/haproxy_service.yml
index 293a12d82b..f1bc1b1ff2 100644
--- a/inventory/group_vars/murano_all/haproxy_service.yml
+++ b/inventory/group_vars/murano_all/haproxy_service.yml
@@ -22,7 +22,6 @@ haproxy_murano_service:
   haproxy_balance_type: http
   haproxy_backend_httpcheck_options:
     - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET'
-  haproxy_backend_httpcheck_options:
     - "expect status 401"
   haproxy_backend_ssl: "{{ murano_backend_ssl | default(openstack_service_backend_ssl) }}"
   haproxy_backend_ca: "{{ murano_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
diff --git a/inventory/group_vars/nova_all/haproxy_service.yml b/inventory/group_vars/nova_all/haproxy_service.yml
index 520cc7e14c..b5d4f4b84f 100644
--- a/inventory/group_vars/nova_all/haproxy_service.yml
+++ b/inventory/group_vars/nova_all/haproxy_service.yml
@@ -66,7 +66,7 @@ haproxy_nova_spice_console_service:
   haproxy_timeout_client: 60m
   haproxy_timeout_server: 60m
   haproxy_balance_alg: source
-  haproxy_backend_httpcheck_options: "{{ haproxy_nova_console_http_mode | ternary(['expect status 200', 'send ' ~ haproxy_nova_healthcheck_hdr ~ 'meth HEAD uri /spice_auto.html'], []) }}"
+  haproxy_backend_httpcheck_options: "{{ haproxy_nova_console_http_mode | ternary(['send ' ~ haproxy_nova_healthcheck_hdr ~ 'meth HEAD uri /spice_auto.html', 'expect status 200'], []) }}"
   haproxy_backend_ssl: "{{ nova_backend_ssl | default(openstack_service_backend_ssl) }}"
   haproxy_backend_ca: "{{ nova_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
   haproxy_accept_both_protocols: "{{ nova_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"
@@ -82,7 +82,7 @@ haproxy_nova_serial_console_service:
   haproxy_timeout_client: 60m
   haproxy_timeout_server: 60m
   haproxy_balance_alg: source
-  haproxy_backend_httpcheck_options: "{{ haproxy_nova_console_http_mode | ternary(['expect status 405', 'send ' ~ haproxy_nova_healthcheck_hdr ~ ' meth HEAD'], []) }}"
+  haproxy_backend_httpcheck_options: "{{ haproxy_nova_console_http_mode | ternary(['send ' ~ haproxy_nova_healthcheck_hdr ~ ' meth HEAD', 'expect status 405'], []) }}"
   haproxy_backend_ssl: "{{ nova_backend_ssl | default(openstack_service_backend_ssl) }}"
   haproxy_backend_ca: "{{ nova_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
   haproxy_accept_both_protocols: "{{ nova_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"
@@ -99,7 +99,7 @@ haproxy_nova_novnc_console_service:
   haproxy_timeout_client: 60m
   haproxy_timeout_server: 60m
   haproxy_balance_alg: source
-  haproxy_backend_httpcheck_options: "{{ haproxy_nova_console_http_mode | ternary(['expect status 200', 'send ' ~ haproxy_nova_healthcheck_hdr ~ ' meth HEAD uri /vnc.html'], []) }}"
+  haproxy_backend_httpcheck_options: "{{ haproxy_nova_console_http_mode | ternary(['send ' ~ haproxy_nova_healthcheck_hdr ~ ' meth HEAD uri /vnc.html', 'expect status 200'], []) }}"
   haproxy_backend_ssl: "{{ nova_backend_ssl | default(openstack_service_backend_ssl) }}"
   haproxy_backend_ca: "{{ nova_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"
   haproxy_accept_both_protocols: "{{ nova_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"
diff --git a/inventory/group_vars/zun_all/haproxy_service.yml b/inventory/group_vars/zun_all/haproxy_service.yml
index b8f8fbf526..da905d1cbf 100644
--- a/inventory/group_vars/zun_all/haproxy_service.yml
+++ b/inventory/group_vars/zun_all/haproxy_service.yml
@@ -37,8 +37,8 @@ haproxy_zun_console_service:
   haproxy_timeout_server: 60m
   haproxy_balance_alg: source
   haproxy_backend_httpcheck_options:
-    - "expect status 405"
     - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD'
+    - "expect status 405"
 
   # haproxy_backend_ssl disabled due to: https://bugs.launchpad.net/zun/+bug/2016917
   haproxy_backend_ssl: False