openstack
/
puppet-tripleo
Code Issues Proposed changes

Add tcp-check connect port line to haproxy redis stanza 

When https://bugzilla.redhat.com/show_bug.cgi?id=1677420 will be merged
in haproxy (via haproxy-1.5.18-9.el7.x86_64) our redis backend will stop
working because the fix around tcp-check is now more correct and
according to the haproxy doc a tcp-check sections *must* start with
tcp-check connect first. From
http://cbonte.github.io/haproxy-dconv/1.5/configuration.html#4-tcp-check%20connect
:
"""
When there are no TCP port configured on the server line neither server port
directive, then the 'tcp-check connect port <port>' must be the first step
of the sequence.
"""

Change-Id: I261eb30b52a3baee3b0e6d47e8f32f3c579930bf
Co-Authored-By: Luca Miccini <lmiccini@redhat.com>
Closes-Bug: #1837086
This commit is contained in:
Michele Baldessari 2019-07-18 19:09:17 +02:00
parent 9f6cbedae6
commit ab1ae917df
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
manifests/haproxy.pp
View File

@ -1397,10 +1397,10 @@ class tripleo::haproxy (
if $redis { if $redis {
if $enable_internal_tls { if $enable_internal_tls {
$redis_tcp_check_ssl_options = ['connect ssl'] $redis_tcp_check_ssl_options = ['connect port 6379 ssl']
$redis_ssl_member_options = ['check-ssl', "ca-file ${ca_bundle}"] $redis_ssl_member_options = ['check-ssl', "ca-file ${ca_bundle}"]
} else { } else {
$redis_tcp_check_ssl_options = [] $redis_tcp_check_ssl_options = ['connect port 6379']
$redis_ssl_member_options = [] $redis_ssl_member_options = []
} }
if $redis_password { if $redis_password {