Browse Source

Fix deployment errors when security options disabled

Closes-Bug: #1693208

Change-Id: I3f8a3f9b02e9ce0854c6992ae94a101be372de97
Olivier Bourdon 1 year ago
parent
commit
6e27b4b0f6

+ 33
- 17
deployment_scripts/puppet/modules/plugin_zabbix/manifests/ha/haproxy.pp View File

@@ -70,21 +70,38 @@ class plugin_zabbix::ha::haproxy {
70 70
 
71 71
   if $use_ssl {
72 72
     if $horizon_is_here {
73
-      # Update Horizon configuration to be able to use HTTPS port
74
-      file_line { 'add binding to Zabbix VIP for horizon and zabbix via ssl':
75
-        path   => '/etc/haproxy/conf.d/017-horizon-ssl.cfg',
76
-        after  => 'listen horizon-ssl',
77
-        line   => "  bind ${zabbix_vip}:443 ssl crt /var/lib/astute/haproxy/public_haproxy.pem",
78
-        notify => Exec['haproxy-restart']
73
+      if $ssl[horizon] {
74
+        # Update Horizon configuration to be able to use HTTPS port
75
+        file_line { 'add binding to Zabbix VIP for horizon and zabbix via ssl':
76
+          path   => '/etc/haproxy/conf.d/017-horizon-ssl.cfg',
77
+          after  => 'listen horizon-ssl',
78
+          line   => "  bind ${zabbix_vip}:443 ssl crt /var/lib/astute/haproxy/public_haproxy.pem",
79
+          notify => Exec['haproxy-restart']
80
+        }
81
+        ->
82
+        file_line { 'add binding to management VIP for horizon and zabbix via ssl':
83
+          path   => '/etc/haproxy/conf.d/017-horizon-ssl.cfg',
84
+          after  => 'listen horizon-ssl',
85
+          line   => "  bind ${mgmt_vip}:443 ssl crt /var/lib/astute/haproxy/public_haproxy.pem",
86
+          notify => Exec['haproxy-restart']
87
+        }
88
+      } else {
89
+        # Update Horizon configuration to be able to use HTTP port
90
+        file_line { 'add binding to Zabbix VIP for horizon and zabbix':
91
+          path   => '/etc/haproxy/conf.d/015-horizon.cfg',
92
+          after  => 'listen horizon',
93
+          line   => "  bind ${zabbix_vip}:80",
94
+          notify => Exec['haproxy-restart']
95
+        }
96
+        ->
97
+        file_line { 'add binding to management VIP for horizon and zabbix':
98
+          path   => '/etc/haproxy/conf.d/015-horizon.cfg',
99
+          after  => 'listen horizon',
100
+          line   => "  bind ${mgmt_vip}:80",
101
+          notify => Exec['haproxy-restart']
102
+        }
79 103
       }
80
-      ->
81
-      file_line { 'add binding to management VIP for horizon and zabbix via ssl':
82
-        path   => '/etc/haproxy/conf.d/017-horizon-ssl.cfg',
83
-        after  => 'listen horizon-ssl',
84
-        line   => "  bind ${mgmt_vip}:443 ssl crt /var/lib/astute/haproxy/public_haproxy.pem",
85
-        notify => Exec['haproxy-restart']
86
-      }
87
-    }else{
104
+    } else {
88 105
       openstack::ha::haproxy_service { 'zabbix-ui':
89 106
         order                  => '211',
90 107
         listen_port            => 80,
@@ -94,7 +111,6 @@ class plugin_zabbix::ha::haproxy {
94 111
           'redirect' => 'scheme https if !{ ssl_fc }'
95 112
         },
96 113
       }
97
-
98 114
       openstack::ha::haproxy_service { 'zabbix-ui-ssl':
99 115
         order                  => '212',
100 116
         listen_port            => 443,
@@ -130,7 +146,7 @@ class plugin_zabbix::ha::haproxy {
130 146
         notify => Exec['haproxy-restart'],
131 147
       }
132 148
     }
133
-  }else{
149
+  } else {
134 150
     if $horizon_is_here {
135 151
       # Update Horizon configuration to be able to use HTTP port
136 152
       file_line { 'add binding to Zabbix VIP for horizon and zabbix':
@@ -139,7 +155,7 @@ class plugin_zabbix::ha::haproxy {
139 155
         line   => "  bind ${zabbix_vip}:80",
140 156
         notify => Exec['haproxy-restart']
141 157
       }
142
-    }else{
158
+    } else {
143 159
       openstack::ha::haproxy_service { 'zabbix-ui':
144 160
         order                  => '211',
145 161
         listen_port            => 80,

+ 8
- 3
deployment_scripts/puppet/modules/plugin_zabbix/manifests/params.pp View File

@@ -125,6 +125,7 @@ class plugin_zabbix::params {
125 125
   #server parameters
126 126
   $vip_name                          = 'zbx_vip_mgmt'
127 127
   $server_ip                         = $network_metadata['vips'][$vip_name]['ipaddr']
128
+  $server_public_ip                  = $network_metadata['vips']['public']['ipaddr']
128 129
   $mgmt_vip                          = $network_metadata['vips']['management']['ipaddr']
129 130
   $server_config                     = "${zabbix_base_conf_dir}/zabbix_server.conf"
130 131
   $server_config_template            = 'plugin_zabbix/zabbix_server.conf.erb'
@@ -184,9 +185,13 @@ class plugin_zabbix::params {
184 185
   #api
185 186
   $use_ssl = $ssl[horizon] or $ssl[services]
186 187
   if $use_ssl {
187
-    $api_url = "https://${mgmt_vip}${frontend_base}/api_jsonrpc.php"
188
-  }else{
189
-    $api_url = "http://${mgmt_vip}${frontend_base}/api_jsonrpc.php"
188
+    if $ssl[horizon] {
189
+      $api_url = "https://${server_public_ip}${frontend_base}/api_jsonrpc.php"
190
+    } else {
191
+      $api_url = "http://${server_public_ip}${frontend_base}/api_jsonrpc.php"
192
+    }
193
+  } else {
194
+    $api_url = "http://${server_public_ip}${frontend_base}/api_jsonrpc.php"
190 195
   }
191 196
 
192 197
   $api_hash = { endpoint => $api_url,

+ 7
- 1
deployment_tasks.yaml View File

@@ -15,9 +15,15 @@
15 15
 - id: zbx-primary-services
16 16
   type: puppet
17 17
   version: 2.0.0
18
-  requires: [post_deployment_start, zbx-configure-apt]
18
+  requires: [post_deployment_start, zbx-configure-apt, cluster-haproxy]
19 19
   required_for: [post_deployment_end]
20 20
   role: [primary-controller]
21
+  # The primary crontroller configuration shouldn't start before haproxy is finished
22
+  # hence the cross-depends parameter that is required when running in
23
+  # a task-based deployment mode.
24
+  cross-depends:
25
+    - name: cluster-haproxy
26
+      role: [primary-controller]
21 27
   parameters:
22 28
     puppet_manifest: puppet/manifests/primary_controller.pp
23 29
     puppet_modules: puppet/modules:/etc/puppet/modules

Loading…
Cancel
Save