Fix deployment errors when security options disabled

Closes-Bug: #1693208 Change-Id: I3f8a3f9b02e9ce0854c6992ae94a101be372de97
2017-05-25 08:29:07 +02:00 · 2017-05-25 08:29:07 +02:00 · 6e27b4b0f6
parent 6fa6a8f811
commit 6e27b4b0f6
3 changed files with 48 additions and 21 deletions
--- a/deployment_scripts/puppet/modules/plugin_zabbix/manifests/ha/haproxy.pp
+++ b/deployment_scripts/puppet/modules/plugin_zabbix/manifests/ha/haproxy.pp
@ -70,21 +70,38 @@ class plugin_zabbix::ha::haproxy {

  if $use_ssl {
    if $horizon_is_here {
-      # Update Horizon configuration to be able to use HTTPS port
-      file_line { 'add binding to Zabbix VIP for horizon and zabbix via ssl':
-        path   => '/etc/haproxy/conf.d/017-horizon-ssl.cfg',
-        after  => 'listen horizon-ssl',
-        line   => "  bind ${zabbix_vip}:443 ssl crt /var/lib/astute/haproxy/public_haproxy.pem",
-        notify => Exec['haproxy-restart']
+      if $ssl[horizon] {
+        # Update Horizon configuration to be able to use HTTPS port
+        file_line { 'add binding to Zabbix VIP for horizon and zabbix via ssl':
+          path   => '/etc/haproxy/conf.d/017-horizon-ssl.cfg',
+          after  => 'listen horizon-ssl',
+          line   => "  bind ${zabbix_vip}:443 ssl crt /var/lib/astute/haproxy/public_haproxy.pem",
+          notify => Exec['haproxy-restart']
+        }
+        ->
+        file_line { 'add binding to management VIP for horizon and zabbix via ssl':
+          path   => '/etc/haproxy/conf.d/017-horizon-ssl.cfg',
+          after  => 'listen horizon-ssl',
+          line   => "  bind ${mgmt_vip}:443 ssl crt /var/lib/astute/haproxy/public_haproxy.pem",
+          notify => Exec['haproxy-restart']
+        }
+      } else {
+        # Update Horizon configuration to be able to use HTTP port
+        file_line { 'add binding to Zabbix VIP for horizon and zabbix':
+          path   => '/etc/haproxy/conf.d/015-horizon.cfg',
+          after  => 'listen horizon',
+          line   => "  bind ${zabbix_vip}:80",
+          notify => Exec['haproxy-restart']
+        }
+        ->
+        file_line { 'add binding to management VIP for horizon and zabbix':
+          path   => '/etc/haproxy/conf.d/015-horizon.cfg',
+          after  => 'listen horizon',
+          line   => "  bind ${mgmt_vip}:80",
+          notify => Exec['haproxy-restart']
+        }
      }
-      ->
-      file_line { 'add binding to management VIP for horizon and zabbix via ssl':
-        path   => '/etc/haproxy/conf.d/017-horizon-ssl.cfg',
-        after  => 'listen horizon-ssl',
-        line   => "  bind ${mgmt_vip}:443 ssl crt /var/lib/astute/haproxy/public_haproxy.pem",
-        notify => Exec['haproxy-restart']
-      }
-    }else{
+    } else {
      openstack::ha::haproxy_service { 'zabbix-ui':
        order                  => '211',
        listen_port            => 80,
@ -94,7 +111,6 @@ class plugin_zabbix::ha::haproxy {
          'redirect' => 'scheme https if !{ ssl_fc }'
        },
      }
-
      openstack::ha::haproxy_service { 'zabbix-ui-ssl':
        order                  => '212',
        listen_port            => 443,
@ -130,7 +146,7 @@ class plugin_zabbix::ha::haproxy {
        notify => Exec['haproxy-restart'],
      }
    }
-  }else{
+  } else {
    if $horizon_is_here {
      # Update Horizon configuration to be able to use HTTP port
      file_line { 'add binding to Zabbix VIP for horizon and zabbix':
@ -139,7 +155,7 @@ class plugin_zabbix::ha::haproxy {
        line   => "  bind ${zabbix_vip}:80",
        notify => Exec['haproxy-restart']
      }
-    }else{
+    } else {
      openstack::ha::haproxy_service { 'zabbix-ui':
        order                  => '211',
        listen_port            => 80,
--- a/deployment_scripts/puppet/modules/plugin_zabbix/manifests/params.pp
+++ b/deployment_scripts/puppet/modules/plugin_zabbix/manifests/params.pp
@ -125,6 +125,7 @@ class plugin_zabbix::params {
  #server parameters
  $vip_name                          = 'zbx_vip_mgmt'
  $server_ip                         = $network_metadata['vips'][$vip_name]['ipaddr']
+  $server_public_ip                  = $network_metadata['vips']['public']['ipaddr']
  $mgmt_vip                          = $network_metadata['vips']['management']['ipaddr']
  $server_config                     = "${zabbix_base_conf_dir}/zabbix_server.conf"
  $server_config_template            = 'plugin_zabbix/zabbix_server.conf.erb'
@ -184,9 +185,13 @@ class plugin_zabbix::params {
  #api
  $use_ssl = $ssl[horizon] or $ssl[services]
  if $use_ssl {
-    $api_url = "https://${mgmt_vip}${frontend_base}/api_jsonrpc.php"
-  }else{
-    $api_url = "http://${mgmt_vip}${frontend_base}/api_jsonrpc.php"
+    if $ssl[horizon] {
+      $api_url = "https://${server_public_ip}${frontend_base}/api_jsonrpc.php"
+    } else {
+      $api_url = "http://${server_public_ip}${frontend_base}/api_jsonrpc.php"
+    }
+  } else {
+    $api_url = "http://${server_public_ip}${frontend_base}/api_jsonrpc.php"
  }

  $api_hash = { endpoint => $api_url,
--- a/deployment_tasks.yaml
+++ b/deployment_tasks.yaml
@ -15,9 +15,15 @@
 - id: zbx-primary-services
  type: puppet
  version: 2.0.0
-  requires: [post_deployment_start, zbx-configure-apt]
+  requires: [post_deployment_start, zbx-configure-apt, cluster-haproxy]
  required_for: [post_deployment_end]
  role: [primary-controller]
+  # The primary crontroller configuration shouldn't start before haproxy is finished
+  # hence the cross-depends parameter that is required when running in
+  # a task-based deployment mode.
+  cross-depends:
+    - name: cluster-haproxy
+      role: [primary-controller]
  parameters:
    puppet_manifest: puppet/manifests/primary_controller.pp
    puppet_modules: puppet/modules:/etc/puppet/modules