Browse Source

Fix tls - zaqar wss default port

In https://review.opendev.org/746671 we updated the
endpoint map. It seems this broke the undercloud as
haproxy still listen on port 9000.

Update the default zaqar wss port in puppet as well.

Also set the request header Host to use the service
port so that handshake does not fail on port missmatch.

Change-Id: I0c9dd4e9457c7cfa8cd54b5eaa167bf4e8e6bcc1
Closes-Bug: #1893621
Related-Bug: #1832168
Related-RHBZ: #1868910
(cherry picked from commit 4a52809a96)
changes/61/749161/1
Harald Jensås 3 weeks ago
parent
commit
e8dfd034c5
1 changed files with 4 additions and 3 deletions
  1. +4
    -3
      manifests/haproxy.pp

+ 4
- 3
manifests/haproxy.pp View File

@@ -556,7 +556,7 @@
# 'ceph_dashboard_port' (Defaults to 8444)
# 'ceph_dashboard_ssl_port' (Defaults to 8444)
# 'zaqar_ws_port' (Defaults to 9000)
# 'zaqar_ws_ssl_port' (Defaults to 9000)
# 'zaqar_ws_ssl_port' (Defaults to 3000)
# * Note that for zaqar's websockets we don't support having a different
# port for SSL, because it ignores the handshake.
# Defaults to {}
@@ -733,7 +733,7 @@ class tripleo::haproxy (
ceph_rgw_port => 8080,
ceph_rgw_ssl_port => 13808,
zaqar_ws_port => 9000,
zaqar_ws_ssl_port => 9000,
zaqar_ws_ssl_port => 3000,
ceph_grafana_port => 3100,
ceph_grafana_ssl_port => 3100,
ceph_dashboard_port => 8444,
@@ -1561,7 +1561,8 @@ class tripleo::haproxy (
# timeouts get overridden by others at certain times of the connection.
# The following values were taken from the following site:
# http://blog.haproxy.com/2012/11/07/websockets-load-balancing-with-haproxy/
'timeout' => ['connect 5s', 'client 25s', 'server 25s', regsubst('tunnel Xs', 'X', $zaqar_ws_timeout_tunnel)],
'timeout' => ['connect 5s', 'client 25s', 'server 25s', regsubst('tunnel Xs', 'X', $zaqar_ws_timeout_tunnel)],
'http-request' => [join(['set-header Host %[dst]:', $ports[zaqar_ws_port]])],
},
public_ssl_port => $ports[zaqar_ws_ssl_port],
service_network => $zaqar_api_network,


Loading…
Cancel
Save