Browse Source

Add tcp-check connect port line to haproxy redis stanza

When https://bugzilla.redhat.com/show_bug.cgi?id=1677420 will be merged
in haproxy (via haproxy-1.5.18-9.el7.x86_64) our redis backend will stop
working because the fix around tcp-check is now more correct and
according to the haproxy doc a tcp-check sections *must* start with
tcp-check connect first. From
http://cbonte.github.io/haproxy-dconv/1.5/configuration.html#4-tcp-check%20connect
:
"""
When there are no TCP port configured on the server line neither server port
directive, then the 'tcp-check connect port <port>' must be the first step
of the sequence.
"""

Change-Id: I261eb30b52a3baee3b0e6d47e8f32f3c579930bf
Co-Authored-By: Luca Miccini <lmiccini@redhat.com>
Closes-Bug: #1837086
tags/8.5.1
Michele Baldessari 2 months ago
parent
commit
ab1ae917df
1 changed files with 2 additions and 2 deletions
  1. 2
    2
      manifests/haproxy.pp

+ 2
- 2
manifests/haproxy.pp View File

@@ -1397,10 +1397,10 @@ class tripleo::haproxy (
1397 1397
 
1398 1398
   if $redis {
1399 1399
     if $enable_internal_tls {
1400
-      $redis_tcp_check_ssl_options = ['connect ssl']
1400
+      $redis_tcp_check_ssl_options = ['connect port 6379 ssl']
1401 1401
       $redis_ssl_member_options = ['check-ssl', "ca-file ${ca_bundle}"]
1402 1402
     } else {
1403
-      $redis_tcp_check_ssl_options = []
1403
+      $redis_tcp_check_ssl_options = ['connect port 6379']
1404 1404
       $redis_ssl_member_options = []
1405 1405
     }
1406 1406
     if $redis_password {

Loading…
Cancel
Save