Merge pull request #338 from enovance/feature/337/emilien
Add SSL support for Horizon HAproxy pool
This commit is contained in:
Gonéri Le Bouder
@@ -31,6 +31,7 @@ class cloud::loadbalancer(
|
|||||||
$keystone_api_admin = true,
|
$keystone_api_admin = true,
|
||||||
$keystone_api = true,
|
$keystone_api = true,
|
||||||
$horizon = true,
|
$horizon = true,
|
||||||
|
$horizon_ssl = false,
|
||||||
$spice = true,
|
$spice = true,
|
||||||
$haproxy_auth = $os_params::haproxy_auth,
|
$haproxy_auth = $os_params::haproxy_auth,
|
||||||
$keepalived_state = 'BACKUP',
|
$keepalived_state = 'BACKUP',
|
||||||
@@ -199,12 +200,20 @@ class cloud::loadbalancer(
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
if $horizon {
|
if $horizon {
|
||||||
|
if $horizon_ssl {
|
||||||
|
cloud::loadbalancer::listen_https{
|
||||||
|
'horizon_cluster':
|
||||||
|
ports => $horizon_port,
|
||||||
|
listen_ip => $vip_public_ip;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
cloud::loadbalancer::listen_http{
|
cloud::loadbalancer::listen_http{
|
||||||
'horizon_cluster':
|
'horizon_cluster':
|
||||||
ports => $horizon_port,
|
ports => $horizon_port,
|
||||||
listen_ip => $vip_public_ip;
|
listen_ip => $vip_public_ip;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
haproxy::listen { 'galera_cluster':
|
haproxy::listen { 'galera_cluster':
|
||||||
ipaddress => $galera_ip,
|
ipaddress => $galera_ip,
|
||||||
|
|||||||
38
manifests/loadbalancer/listen_https.pp
Normal file
38
manifests/loadbalancer/listen_https.pp
Normal file
@@ -0,0 +1,38 @@
|
|||||||
|
#
|
||||||
|
# Copyright (C) 2014 eNovance SAS <licensing@enovance.com>
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
#
|
||||||
|
# Define::
|
||||||
|
#
|
||||||
|
# cloud::loadbalancer::listen_https
|
||||||
|
#
|
||||||
|
define cloud::loadbalancer::listen_https(
|
||||||
|
$ports = 'unset',
|
||||||
|
$httpchk = 'ssl-hello-chk',
|
||||||
|
$options = {},
|
||||||
|
$listen_ip = '0.0.0.0') {
|
||||||
|
|
||||||
|
$options_basic = {'mode' => 'tcp',
|
||||||
|
'balance' => 'roundrobin',
|
||||||
|
'http-check' => 'expect ! rstatus ^5',
|
||||||
|
'option' => ['tcpka', 'tcplog', $httpchk] }
|
||||||
|
|
||||||
|
$options_custom = merge($options_basic, $options)
|
||||||
|
|
||||||
|
haproxy::listen { $name:
|
||||||
|
ipaddress => $listen_ip,
|
||||||
|
ports => $ports,
|
||||||
|
options => $options_custom,
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -37,6 +37,7 @@ describe 'cloud::loadbalancer' do
|
|||||||
:keystone_api_admin => true,
|
:keystone_api_admin => true,
|
||||||
:keystone_api => true,
|
:keystone_api => true,
|
||||||
:horizon => true,
|
:horizon => true,
|
||||||
|
:horizon_ssl => false,
|
||||||
:spice => true,
|
:spice => true,
|
||||||
:haproxy_auth => 'root:secrete',
|
:haproxy_auth => 'root:secrete',
|
||||||
:keepalived_state => 'BACKUP',
|
:keepalived_state => 'BACKUP',
|
||||||
|
|||||||
Reference in New Issue
Block a user