From 1bc4088490d7e5c8433e2626e2c664039e68552d Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Wed, 5 Mar 2014 14:36:16 +0100 Subject: [PATCH 1/2] loadbalancer: add listen_https class Add a class to configure SSL on HAproxy pool feature #337 Signed-off-by: Emilien Macchi --- manifests/loadbalancer/listen_https.pp | 38 ++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 manifests/loadbalancer/listen_https.pp diff --git a/manifests/loadbalancer/listen_https.pp b/manifests/loadbalancer/listen_https.pp new file mode 100644 index 00000000..dc754d2d --- /dev/null +++ b/manifests/loadbalancer/listen_https.pp @@ -0,0 +1,38 @@ +# +# Copyright (C) 2014 eNovance SAS +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Define:: +# +# cloud::loadbalancer::listen_https +# +define cloud::loadbalancer::listen_https( + $ports = 'unset', + $httpchk = 'ssl-hello-chk', + $options = {}, + $listen_ip = '0.0.0.0') { + + $options_basic = {'mode' => 'tcp', + 'balance' => 'roundrobin', + 'http-check' => 'expect ! rstatus ^5', + 'option' => ['tcpka', 'tcplog', $httpchk] } + + $options_custom = merge($options_basic, $options) + + haproxy::listen { $name: + ipaddress => $listen_ip, + ports => $ports, + options => $options_custom, + } +} From b629cc102fe7e723d5dcce3498f8f74d498e9259 Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Wed, 5 Mar 2014 14:40:24 +0100 Subject: [PATCH 2/2] loadbalancer: add horizon ssl support Add a new param (false by default) to activate SSL on Horizon HAproxy pool. feature #337 Signed-off-by: Emilien Macchi --- manifests/loadbalancer.pp | 17 +++++++++++++---- spec/classes/cloud_loadbalancer_spec.rb | 1 + 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp index c0ae56d9..65d7b48c 100644 --- a/manifests/loadbalancer.pp +++ b/manifests/loadbalancer.pp @@ -31,6 +31,7 @@ class cloud::loadbalancer( $keystone_api_admin = true, $keystone_api = true, $horizon = true, + $horizon_ssl = false, $spice = true, $haproxy_auth = $os_params::haproxy_auth, $keepalived_state = 'BACKUP', @@ -199,10 +200,18 @@ class cloud::loadbalancer( } } if $horizon { - cloud::loadbalancer::listen_http{ - 'horizon_cluster': - ports => $horizon_port, - listen_ip => $vip_public_ip; + if $horizon_ssl { + cloud::loadbalancer::listen_https{ + 'horizon_cluster': + ports => $horizon_port, + listen_ip => $vip_public_ip; + } + } else { + cloud::loadbalancer::listen_http{ + 'horizon_cluster': + ports => $horizon_port, + listen_ip => $vip_public_ip; + } } } diff --git a/spec/classes/cloud_loadbalancer_spec.rb b/spec/classes/cloud_loadbalancer_spec.rb index 87b8363d..2d7c455d 100644 --- a/spec/classes/cloud_loadbalancer_spec.rb +++ b/spec/classes/cloud_loadbalancer_spec.rb @@ -37,6 +37,7 @@ describe 'cloud::loadbalancer' do :keystone_api_admin => true, :keystone_api => true, :horizon => true, + :horizon_ssl => false, :spice => true, :haproxy_auth => 'root:secrete', :keepalived_state => 'BACKUP',