Replace rsprep directive with http-response replace-header

Haproxy 2.4.x errors out when using rsprep directive: <13>Sep 4 08:07:09 puppet-user: [NOTICE] (34) : path to executable is /usr/sbin/haproxy <13>Sep 4 08:07:09 puppet-user: [ALERT] (34) : parsing [/etc/haproxy/haproxy.cfg20210904-13-18ckjh5:44] : The 'rsprep' directive is not supported anymore since HAProxy 2.1. Use 'http-response replace-header' instead. <13>Sep 4 08:07:09 puppet-user: [ALERT] (34) : parsing [/etc/haproxy/haproxy.cfg20210904-13-18ckjh5:58] : The 'rsprep' directive is not supported anymore since HAProxy 2.1. Use 'http-response replace-header' instead. <13>Sep 4 08:07:09 puppet-user: [ALERT] (34) : parsing [/etc/haproxy/haproxy.cfg20210904-13-18ckjh5:81] : The 'rsprep' directive is not supported Tested with haproxy 2.4 and now the config is accepted by haproxy -c. The rsprep directive has been removed in 2.1: https://www.haproxy.com/blog/haproxy-2-1/#deprecated-configuration-options Tested this by deploying an overcloud with tls-e and this patch and verifying that tempest still works. The config lines now look like the following: http-response replace-header Location http://(.*) https://\1 http-response replace-header Location http://10.0.0.5(.*) https://10.0.0.5\1 Tested the horizon redirect is still working: [stack@undercloud-0 ~]$ curl -v -L http://overcloud.localdomain:80/ * Trying 10.0.0.5:80... * Connected to overcloud.localdomain (10.0.0.5) port 80 (#0) > GET / HTTP/1.1 > Host: overcloud.localdomain > User-Agent: curl/7.76.1 > Accept: */* > * Mark bundle as not supporting multiuse < HTTP/1.1 301 Moved Permanently < content-length: 0 < location: https://overcloud.localdomain/ Closes-Bug: #1942675 Change-Id: Ie29a03affbbf8d6d47a5c50ef1c17bab9847f460 (cherry picked from commit 5a9b957a7e)
2021-09-04 10:52:56 +02:00 · 2021-09-04 10:52:56 +02:00 · e83c472149
parent 00f205b36f
commit e83c472149
3 changed files with 8 additions and 8 deletions
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@ -1302,7 +1302,7 @@ class tripleo::haproxy (
  }
  if $service_certificate {
    $heat_ssl_options = {
-      'rsprep' => "^Location:\\ http://${public_virtual_ip}(.*) Location:\\ https://${public_virtual_ip}\\1",
+      'http-response' => "replace-header Location http://${public_virtual_ip}(.*) https://${public_virtual_ip}\\1",
    }
    $heat_listen_options = merge($default_listen_options, $heat_ssl_options, $heat_timeout_options)
    $heat_frontend_options = merge($default_frontend_options, $heat_ssl_options, $heat_timeout_options)
--- a/manifests/haproxy/endpoint.pp
+++ b/manifests/haproxy/endpoint.pp
@ -190,9 +190,9 @@ define tripleo::haproxy::endpoint (
    if $public_certificate {
      if $mode == 'http' {
        $tls_listen_options = {
-          'rsprep'       => '^Location:\ http://(.*) Location:\ https://\1',
-          'redirect'     => "scheme https code 301 if { hdr(host) -i ${public_virtual_ip} } !{ ssl_fc }",
-          'option'       => 'forwardfor',
+          'http-response' => 'replace-header Location http://(.*) https://\\1',
+          'redirect'      => "scheme https code 301 if { hdr(host) -i ${public_virtual_ip} } !{ ssl_fc }",
+          'option'        => 'forwardfor',
        }
        $listen_options_precookie = merge($tls_listen_options, $listen_options, $custom_options)
        $frontend_options_precookie = merge($tls_listen_options, $frontend_options, $custom_frontend_options)
--- a/manifests/haproxy/horizon_endpoint.pp
+++ b/manifests/haproxy/horizon_endpoint.pp
@ -129,11 +129,11 @@ class tripleo::haproxy::horizon_endpoint (
      "${public_virtual_ip}:443" => union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate], $custom_bind_options_public),
    }
    $horizon_frontend_options = {
-      'rsprep'       => '^Location:\ http://(.*) Location:\ https://\1',
+      'http-response' => 'replace-header Location http://(.*) https://\\1',
      # NOTE(jaosorior): We always redirect to https for the public_virtual_ip.
-      'redirect'     => 'scheme https code 301 if !{ ssl_fc }',
-      'option'       => [ 'forwardfor' ],
-      'http-request' => [
+      'redirect'      => 'scheme https code 301 if !{ ssl_fc }',
+      'option'        => [ 'forwardfor' ],
+      'http-request'  => [
          'set-header X-Forwarded-Proto https if { ssl_fc }',
          'set-header X-Forwarded-Proto http if !{ ssl_fc }'],
    }