Browse Source

Ceph Grafana should not be exposed by HAProxy as a public service

We need to set ceph_grafana_vip on a network which is routable
and yet not the public network where the OpenStack APIs are exposed
but the service is *not* public.

Change-Id: I7d636c4513317162ec4b49aa12d88a959bf5c537
tags/12.0.0
Giulio Fidente 3 weeks ago
parent
commit
1fc65d1d1b
1 changed files with 9 additions and 10 deletions
  1. +9
    -10
      manifests/haproxy.pp

+ 9
- 10
manifests/haproxy.pp View File

@@ -1019,16 +1019,15 @@ class tripleo::haproxy (

if $ceph_grafana {
::tripleo::haproxy::endpoint { 'ceph_grafana':
public_virtual_ip => $controller_virtual_ip,
internal_ip => hiera('ceph_grafana_vip', $controller_virtual_ip),
service_port => $ports[ceph_grafana_port],
ip_addresses => hiera('ceph_grafana_node_ips', $controller_hosts_real),
server_names => hiera('ceph_grafana_node_names', $controller_hosts_names_real),
mode => 'http',
public_ssl_port => $ports[ceph_grafana_ssl_port],
listen_options => merge($default_listen_options, { 'option' => [ 'httpchk HEAD /' ] }),
service_network => $ceph_grafana_network,
member_options => union($haproxy_member_options, $internal_tls_member_options),
internal_ip => hiera('ceph_grafana_vip', $controller_virtual_ip),
service_port => $ports[ceph_grafana_port],
ip_addresses => hiera('ceph_grafana_node_ips', $controller_hosts_real),
server_names => hiera('ceph_grafana_node_names', $controller_hosts_names_real),
mode => 'http',
public_ssl_port => $ports[ceph_grafana_ssl_port],
listen_options => merge($default_listen_options, { 'option' => [ 'httpchk HEAD /' ] }),
service_network => $ceph_grafana_network,
member_options => union($haproxy_member_options, $internal_tls_member_options),
}
}


Loading…
Cancel
Save