stackforge/puppet-openstack-cloud
Code Issues Proposed changes

loadbalancer: implement X-Forwarded-Proto for Heat

Browse Source 
Heat APIs support X-Forwarded-Proto in HTTP headers. It's mandatory when
using SSL termination in HAproxy.
This commit is contained in:
Emilien Macchi
2014-06-30 09:52:28 +02:00
parent da4bae48cf
commit c663793036
2 changed files with 40 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
manifests/loadbalancer.pp
View File

@@ -399,20 +399,41 @@ class cloud::loadbalancer(
port => $ks_ceilometer_public_port, port => $ks_ceilometer_public_port,
bind_options => $ceilometer_bind_options, bind_options => $ceilometer_bind_options,
} }
if 'ssl' in $heat_api_bind_options {
$heat_api_options = {
'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }' }
} else {
$heat_api_options = {}
}
cloud::loadbalancer::binding { 'heat_api_cluster': cloud::loadbalancer::binding { 'heat_api_cluster':
ip => $heat_api, ip => $heat_api,
port => $ks_heat_public_port, port => $ks_heat_public_port,
bind_options => $heat_api_bind_options, bind_options => $heat_api_bind_options,
options => $heat_api_options
}
if 'ssl' in $heat_cfn_bind_options {
$heat_cfn_options = {
'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }' }
} else {
$heat_cfn_options = { }
} }
cloud::loadbalancer::binding { 'heat_cfn_api_cluster': cloud::loadbalancer::binding { 'heat_cfn_api_cluster':
ip => $heat_cfn_api, ip => $heat_cfn_api,
port => $ks_heat_cfn_public_port, port => $ks_heat_cfn_public_port,
bind_options => $heat_cfn_bind_options, bind_options => $heat_cfn_bind_options,
options => $heat_cfn_options
}
if 'ssl' in $heat_cloudwatch_bind_options {
$heat_cloudwatch_options = {
'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }' }
} else {
$heat_cloudwatch_options = { }
} }
cloud::loadbalancer::binding { 'heat_cloudwatch_api_cluster': cloud::loadbalancer::binding { 'heat_cloudwatch_api_cluster':
ip => $heat_cloudwatch_api, ip => $heat_cloudwatch_api,
port => $ks_heat_cloudwatch_public_port, port => $ks_heat_cloudwatch_public_port,
bind_options => $heat_cloudwatch_bind_options, bind_options => $heat_cloudwatch_bind_options,
options => $heat_cloudwatch_options
} }
if $::operatingsystem == 'RedHat' { if $::operatingsystem == 'RedHat' {

19
spec/classes/cloud_loadbalancer_spec.rb
View File

@@ -399,6 +399,25 @@ describe 'cloud::loadbalancer' do
)} )}
end end
context 'configure OpenStack Heat API SSL binding' do
before do
params.merge!(
:heat_api_bind_options => ['ssl', 'crt']
)
end
it { should contain_haproxy__listen('heat_api_cluster').with(
:ipaddress => [params[:vip_public_ip]],
:ports => '8004',
:options => {
'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }',
'mode' => 'http',
'option' => ['tcpka','forwardfor','tcplog', 'httpchk'],
'http-check' => 'expect ! rstatus ^5',
'balance' => 'roundrobin'
},
:bind_options => ['ssl', 'crt']
)}
end
end # shared:: openstack loadbalancer end # shared:: openstack loadbalancer
context 'on Debian platforms' do context 'on Debian platforms' do