ea2ce7da21
There are situations where it would be advantageous to let
an operator specify custom per-service options.
One such use case seen in the wild is to extend the timeout of the cinder
because due to the specific storage backend these cinder operations
sometimes take a bit longer. Letting the user tweak the
haproxy_default_timeout is likely not what we want as for the case
above we only want to tweak a single service.
We explored another approach to fix this by adding a bunch of
<service>_options class parameters in the tripleo::haproxy class but it
made it extremely bloated and confusing, so we opted for this approach
which is much less invasive both code-wise and complexity-wise
Tested by deploying with:
ExtraConfig:
tripleo::haproxy::cinder::options:
"timeout client": '90m'
'timeout server': '90m'
And observing the following cinder haproxy stanza:
listen cinder
bind 10.0.0.4:8776 transparent
bind 172.16.2.9:8776 transparent
mode http
http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
option httpchk
option httplog
timeout client 90m
timeout server 90m
server overcloud-controller-0.internalapi.localdomain 172.16.2.7:8776 check fall 5 inter 2000 rise 2
server overcloud-controller-1.internalapi.localdomain 172.16.2.16:8776 check fall 5 inter 2000 rise 2
server overcloud-controller-2.internalapi.localdomain 172.16.2.13:8776 check fall 5 inter 2000 rise 2
Closes-Bug: #1755711
Change-Id: Icb7f026190b310d34c47dc059e2fdb22031b0963
(cherry picked from commit ce4576375d
)
94 lines
2.7 KiB
Ruby
94 lines
2.7 KiB
Ruby
require 'spec_helper'
|
|
|
|
describe 'tripleo::haproxy::endpoint' do
|
|
|
|
let(:title) { 'neutron' }
|
|
|
|
let :pre_condition do
|
|
'include ::haproxy'
|
|
end
|
|
|
|
let :params do {
|
|
:public_virtual_ip => '192.168.0.1',
|
|
:internal_ip => '10.0.0.1',
|
|
:service_port => 9696,
|
|
:ip_addresses => ['10.0.0.2', '10.0.0.3', '10.0.0.4'],
|
|
:server_names => ['controller1', 'controller2', 'controller3'],
|
|
:public_ssl_port => 19696,
|
|
:member_options => [ 'check', 'inter 2000', 'rise 2', 'fall 5' ],
|
|
:haproxy_listen_bind_param => ['transparent'],
|
|
}
|
|
end
|
|
|
|
shared_examples_for 'tripleo haproxy endpoint' do
|
|
context 'with basic parameters to configure neutron binding' do
|
|
it 'should configure haproxy' do
|
|
is_expected.to contain_haproxy__listen('neutron').with(
|
|
:collect_exported => false,
|
|
:bind => [
|
|
['10.0.0.1:9696', ['transparent']],
|
|
['192.168.0.1:9696', ['transparent']]
|
|
],
|
|
:options => {'option' => [],
|
|
'timeout client' => '90m',
|
|
'timeout server' => '90m',
|
|
},
|
|
)
|
|
end
|
|
end
|
|
|
|
context 'with dual-stack' do
|
|
before :each do
|
|
params.merge!({
|
|
:public_virtual_ip => ['fd00:fd00:fd00:2000::14', '192.168.0.1'],
|
|
})
|
|
end
|
|
it 'should configure haproxy' do
|
|
is_expected.to contain_haproxy__listen('neutron').with(
|
|
:collect_exported => false,
|
|
:bind => [
|
|
['10.0.0.1:9696', ['transparent']],
|
|
['fd00:fd00:fd00:2000::14:9696', ['transparent']],
|
|
['192.168.0.1:9696', ['transparent']]
|
|
]
|
|
)
|
|
end
|
|
end
|
|
|
|
context 'with userlist' do
|
|
before :each do
|
|
params.merge!({
|
|
:authorized_userlist => 'starwars',
|
|
})
|
|
end
|
|
let :pre_condition do
|
|
'include ::haproxy
|
|
::tripleo::haproxy::userlist {"starwars": users => ["leia password sister"]}
|
|
'
|
|
end
|
|
it 'should configure an ACL' do
|
|
is_expected.to compile.with_all_deps
|
|
is_expected.to contain_haproxy__listen('neutron').with(
|
|
:options => {
|
|
'option' => [],
|
|
'timeout client' => '90m',
|
|
'timeout server' => '90m',
|
|
'acl' => 'acl Authneutron http_auth(starwars)',
|
|
'http-request' => 'auth realm neutron if !Authneutron',
|
|
}
|
|
)
|
|
end
|
|
end
|
|
end
|
|
|
|
on_supported_os.each do |os, facts|
|
|
context "on #{os}" do
|
|
let(:facts) do
|
|
facts.merge({})
|
|
end
|
|
|
|
it_behaves_like 'tripleo haproxy endpoint'
|
|
end
|
|
end
|
|
end
|