diff --git a/playbooks/inventory/group_vars/all.yml b/playbooks/inventory/group_vars/all.yml index 144fed3fcf..6a0f7a6471 100644 --- a/playbooks/inventory/group_vars/all.yml +++ b/playbooks/inventory/group_vars/all.yml @@ -36,7 +36,7 @@ pip_links: # URL for the frozen internal openstack repo. repo_server_port: 8181 openstack_repo_url: "http://{{ internal_lb_vip_address }}:{{ repo_server_port }}" -openstack_repo_git_url: "http://{{ internal_lb_vip_address }}:{{ repo_server_port }}/openstackgit" +openstack_repo_git_url: "git://{{ internal_lb_vip_address }}" ## kernel modules for specific group hosts # :param name: name of the kernel module diff --git a/playbooks/vars/configs/haproxy_config.yml b/playbooks/vars/configs/haproxy_config.yml index 315fab0750..13f93daf7e 100644 --- a/playbooks/vars/configs/haproxy_config.yml +++ b/playbooks/vars/configs/haproxy_config.yml @@ -27,6 +27,18 @@ haproxy_default_services: - 192.168.0.0/16 - 172.16.0.0/12 - 10.0.0.0/8 + - service: + haproxy_service_name: repo_git + haproxy_backend_nodes: "{{ groups['repo_all'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_port: 9418 + haproxy_balance_type: tcp + haproxy_backend_options: + - tcp-check + haproxy_whitelist_networks: + - 192.168.0.0/16 + - 172.16.0.0/12 + - 10.0.0.0/8 - service: haproxy_service_name: repo_all haproxy_backend_nodes: "{{ groups['repo_all'] | default([]) }}" diff --git a/releasenotes/notes/haproxy-git-server-backend-862e004e61a43292.yaml b/releasenotes/notes/haproxy-git-server-backend-862e004e61a43292.yaml new file mode 100644 index 0000000000..9fcf639781 --- /dev/null +++ b/releasenotes/notes/haproxy-git-server-backend-862e004e61a43292.yaml @@ -0,0 +1,8 @@ +--- +upgrade: + - Haproxy has a new backend to support using the repo + server nodes as a git server. The new backend + is called "repo_git" and uses port "9418". + Default ACLs have been created to lock down the port's + availability to only internal networks originating from + an RFC1918 address.