Merge pull request #338 from enovance/feature/337/emilien

Add SSL support for Horizon HAproxy pool
2014-03-05 15:21:05 +01:00
parent 3732b9edcf b629cc102f
commit d4315245be
3 changed files with 52 additions and 4 deletions
--- a/manifests/loadbalancer.pp
+++ b/manifests/loadbalancer.pp
@@ -31,6 +31,7 @@ class cloud::loadbalancer(
  $keystone_api_admin               = true,
  $keystone_api                     = true,
  $horizon                          = true,
+  $horizon_ssl                      = false,
  $spice                            = true,
  $haproxy_auth                     = $os_params::haproxy_auth,
  $keepalived_state                 = 'BACKUP',
@@ -199,10 +200,18 @@ class cloud::loadbalancer(
    }
  }
  if $horizon {
-    cloud::loadbalancer::listen_http{
-      'horizon_cluster':
-        ports     => $horizon_port,
-        listen_ip => $vip_public_ip;
+    if $horizon_ssl {
+      cloud::loadbalancer::listen_https{
+        'horizon_cluster':
+          ports     => $horizon_port,
+          listen_ip => $vip_public_ip;
+      }
+    } else {
+      cloud::loadbalancer::listen_http{
+        'horizon_cluster':
+          ports     => $horizon_port,
+          listen_ip => $vip_public_ip;
+      }
    }
  }

--- a/manifests/loadbalancer/listen_https.pp
+++ b/manifests/loadbalancer/listen_https.pp
@@ -0,0 +1,38 @@
+#
+# Copyright (C) 2014 eNovance SAS <licensing@enovance.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# Define::
+#
+# cloud::loadbalancer::listen_https
+#
+define cloud::loadbalancer::listen_https(
+  $ports     = 'unset',
+  $httpchk   = 'ssl-hello-chk',
+  $options   = {},
+  $listen_ip = '0.0.0.0') {
+
+  $options_basic = {'mode'       => 'tcp',
+                    'balance'    => 'roundrobin',
+                    'http-check' => 'expect ! rstatus ^5',
+                    'option'     => ['tcpka', 'tcplog', $httpchk] }
+
+  $options_custom = merge($options_basic, $options)
+
+  haproxy::listen { $name:
+    ipaddress => $listen_ip,
+    ports     => $ports,
+    options   => $options_custom,
+  }
+}
--- a/spec/classes/cloud_loadbalancer_spec.rb
+++ b/spec/classes/cloud_loadbalancer_spec.rb
@@ -37,6 +37,7 @@ describe 'cloud::loadbalancer' do
        :keystone_api_admin                => true,
        :keystone_api                      => true,
        :horizon                           => true,
+        :horizon_ssl                       => false,
        :spice                             => true,
        :haproxy_auth                      => 'root:secrete',
        :keepalived_state                  => 'BACKUP',