openstack
/
puppet-tripleo
Code Issues Proposed changes

Fix tripleo::haproxy::stats to be more correct and flexible 

In this change we do three things:
1) We make the class parameter 'ip' also be a list so that multiple
   bind addresses are possible
2) We remove the hard coded 1993 and move it to a parameter
3) Instead of passing only the controller_virtual_ip as the only bind
   address on all controllers which makes no sense (see linked LP)
   we also bind to the IP specified in the hiera key
   'tripleo::haproxy::haproxy_stats_bind_address'.

Tested this change with the accompanying THT patch and correctly
got the haproxy stats on a custom network (internal_api and the
controller vip):

listen haproxy.stats
  bind fd00:fd00:fd00:2000::16:1993 transparent
  bind 192.168.24.15:1993 transparent
  mode http
  stats enable
  stats uri /
  stats auth admin:password

I did not remove the controller_virtual_ip binding as that might be
a breaking change for operators. We could think about deprecating it
and removing it eventually.

Related-Bug: #1830334
Change-Id: Iab5f11c3065ff34a3543621554e7f05161d069f2
(cherry picked from commit e76519d2c8)
(cherry picked from commit ef577909d6)
(cherry picked from commit 73fdcc0d62)
This commit is contained in:
Michele Baldessari 2019-05-24 14:28:02 +02:00
parent 1647bd087c
commit 87744ef329
2 changed files with 22 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
manifests/haproxy.pp
View File

@ -113,6 +113,12 @@
# A string.
# Defaults to undef
#
# [*haproxy_stats_bind_address*]
# Bind address for where the haproxy stats web interface should listen on in addition
# to the controller_virtual_ip
# A string.or an array
# Defaults to undef
#
# [*service_certificate*]
# Filename of an HAProxy-compatible certificate and key file
# When set, enables SSL on the public API endpoints using the specified file.
@ -593,6 +599,7 @@ class tripleo::haproxy (
$haproxy_socket_access_level = 'user',
$haproxy_stats_user = 'admin',
$haproxy_stats_password = undef,
$haproxy_stats_bind_address = undef,
$manage_firewall = hiera('tripleo::firewall::manage_firewall', true),
$controller_hosts = hiera('controller_node_ips'),
$controller_hosts_names = hiera('controller_node_names', undef),
@ -874,9 +881,12 @@ class tripleo::haproxy (
} else {
$haproxy_stats_certificate_real = undef
}
$haproxy_stats_ips_raw = union(any2array($controller_virtual_ip), any2array($haproxy_stats_bind_address))
$haproxy_stats_ips = delete_undef_values($haproxy_stats_ips_raw)
class { '::tripleo::haproxy::stats':
haproxy_listen_bind_param => $haproxy_listen_bind_param,
ip => $controller_virtual_ip,
ip => $haproxy_stats_ips,
password => $haproxy_stats_password,
certificate => $haproxy_stats_certificate_real,
user => $haproxy_stats_user,

19
manifests/haproxy/stats.pp
View File

@ -21,8 +21,12 @@
# A list of params to be added to the HAProxy listener bind directive.
#
# [*ip*]
# IP Address on which the stats interface is listening on. This right now
# assumes that it's in the ctlplane network.
# IP Address(es) on which the stats interface is listening on.
# Can be a string or a list of ip addresses
#
# [*port*]
# Port on which to listen to for haproxy stats web interface
# Defaults to '1993'
#
# [*password*]
# Password for haproxy stats authentication. When set, authentication is
@ -43,20 +47,19 @@
class tripleo::haproxy::stats (
$haproxy_listen_bind_param,
$ip,
$port = '1993',
$password = undef,
$certificate = undef,
$user = 'admin'
) {
if $certificate {
$haproxy_stats_bind_opts = {
"${ip}:1993" => union($haproxy_listen_bind_param, ['ssl', 'crt', $certificate]),
}
$opts = union($haproxy_listen_bind_param, ['ssl', 'crt', $certificate])
} else {
$haproxy_stats_bind_opts = {
"${ip}:1993" => $haproxy_listen_bind_param,
}
$opts = $haproxy_listen_bind_param
}
$haproxy_stats_bind_opts = list_to_hash(suffix(any2array($ip), ":${port}"), $opts)
$stats_base = ['enable', 'uri /']
if $password {
$stats_config = union($stats_base, ["auth ${user}:${password}"])