Merge "Fix SSL api for multiple services"
This commit is contained in:
Zuul
Gerrit Code Review
commit
2b8bc555cb
ansible/roles
aodh/templates
barbican/templates
cinder/templates
congress/templates
designate/templates
freezer/templates
glance/templates
gnocchi/templates
haproxy/templates
heat/templates
ironic/templates
karbor/templates
magnum/templates
manila/templates
murano/templates
neutron/templates
nova/templates
panko/templates
vitrage/templates
@ -27,6 +27,9 @@ password = {{ aodh_keystone_password }}
|
||||
auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
|
||||
auth_type = password
|
||||
|
||||
[oslo_middleware]
|
||||
enable_proxy_headers_parsing = True
|
||||
|
||||
{% if aodh_policy_file is defined %}
|
||||
[oslo_policy]
|
||||
policy_file = {{ aodh_policy_file }}
|
||||
|
||||
@ -74,6 +74,9 @@ auth_type = password
|
||||
[oslo_messaging_notifications]
|
||||
transport_url = {{ notify_transport_url }}
|
||||
|
||||
[oslo_middleware]
|
||||
enable_proxy_headers_parsing = True
|
||||
|
||||
{% if barbican_policy_file is defined %}
|
||||
[oslo_policy]
|
||||
policy_file = {{ barbican_policy_file }}
|
||||
|
||||
@ -68,6 +68,9 @@ topics = notifications
|
||||
driver = noop
|
||||
{% endif %}
|
||||
|
||||
[oslo_middleware]
|
||||
enable_proxy_headers_parsing = True
|
||||
|
||||
{% if cinder_policy_file is defined %}
|
||||
[oslo_policy]
|
||||
policy_file = {{ cinder_policy_file }}
|
||||
|
||||
@ -50,5 +50,8 @@ transport_url = {{ notify_transport_url }}
|
||||
policy_file = {{ congress_policy_file }}
|
||||
{% endif %}
|
||||
|
||||
[oslo_middleware]
|
||||
enable_proxy_headers_parsing = True
|
||||
|
||||
[congress]
|
||||
url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ congress_api_port }}
|
||||
|
||||
@ -15,6 +15,7 @@ listen = {{ api_interface_address }}:{{ designate_api_port }}
|
||||
api_base_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ designate_api_port }}
|
||||
enabled_extensions_v2 = 'quotas, reports'
|
||||
workers = {{ openstack_service_workers }}
|
||||
enable_host_header = True
|
||||
|
||||
[keystone_authtoken]
|
||||
auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
|
||||
@ -102,6 +103,9 @@ driver = messagingv2
|
||||
[oslo_concurrency]
|
||||
lock_path = /var/lib/designate/tmp
|
||||
|
||||
[oslo_middleware]
|
||||
enable_proxy_headers_parsing = True
|
||||
|
||||
{% if designate_policy_file is defined %}
|
||||
[oslo_policy]
|
||||
policy_file = {{ designate_policy_file }}
|
||||
|
||||
@ -40,6 +40,9 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi
|
||||
policy_file = {{ freezer_policy_file }}
|
||||
{% endif %}
|
||||
|
||||
[oslo_middleware]
|
||||
enable_proxy_headers_parsing = True
|
||||
|
||||
[paste_deploy]
|
||||
config_file = /etc/freezer/freezer-paste.ini
|
||||
|
||||
|
||||
@ -81,6 +81,9 @@ vmware_datastores = {{ vmware_vcenter_name }}:{{ vmware_datastore_name }}
|
||||
vmware_insecure = True
|
||||
{% endif %}
|
||||
|
||||
[oslo_middleware]
|
||||
enable_proxy_headers_parsing = True
|
||||
|
||||
[oslo_messaging_notifications]
|
||||
transport_url = {{ notify_transport_url }}
|
||||
{% if glance_enabled_notification_topics %}
|
||||
|
||||
@ -18,6 +18,8 @@ host = {{ api_interface_address }}
|
||||
middlewares = keystonemiddleware.auth_token.AuthProtocol
|
||||
auth_mode = keystone
|
||||
|
||||
[oslo_middleware]
|
||||
enable_proxy_headers_parsing = True
|
||||
|
||||
[database]
|
||||
connection = mysql+pymysql://{{ gnocchi_database_user }}:{{ gnocchi_database_password }}@{{ gnocchi_database_address }}/{{ gnocchi_database_name }}
|
||||
|
||||
@ -86,10 +86,10 @@ listen mongodb
|
||||
{% if enable_keystone | bool %}
|
||||
listen keystone_internal
|
||||
bind {{ kolla_internal_vip_address }}:{{ keystone_public_port }}
|
||||
http-request del-header X-Forwarded-Proto if { ssl_fc }
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
{% for host in groups['keystone'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ keystone_public_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
@ -97,7 +97,7 @@ listen keystone_internal
|
||||
|
||||
listen keystone_external
|
||||
bind {{ kolla_external_vip_address }}:{{ keystone_public_port }} {{ tls_bind_info }}
|
||||
http-request del-header X-Forwarded-Proto if { ssl_fc }
|
||||
http-request del-header X-Forwarded-Proto
|
||||
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
@ -109,10 +109,10 @@ listen keystone_external
|
||||
|
||||
listen keystone_admin
|
||||
bind {{ kolla_internal_vip_address }}:{{ keystone_admin_port }}
|
||||
http-request del-header X-Forwarded-Proto if { ssl_fc }
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
{% for host in groups['keystone'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ keystone_admin_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
@ -124,12 +124,14 @@ listen glance_registry
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
{% for host in groups['glance-registry'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ glance_registry_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
|
||||
listen glance_api
|
||||
bind {{ kolla_internal_vip_address }}:{{ glance_api_port }}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
timeout client {{ haproxy_glance_api_client_timeout }}
|
||||
timeout server {{ haproxy_glance_api_server_timeout }}
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
@ -147,6 +149,8 @@ listen glance_api_external
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||||
{% for host in groups['glance-api'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ glance_api_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
@ -170,30 +174,30 @@ listen influxdb_http
|
||||
{% if enable_nova | bool %}
|
||||
listen nova_api
|
||||
bind {{ kolla_internal_vip_address }}:{{ nova_api_port }}
|
||||
http-request del-header X-Forwarded-Proto if { ssl_fc }
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
{% for host in groups['nova-api'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_api_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
|
||||
listen nova_metadata
|
||||
bind {{ kolla_internal_vip_address }}:{{ nova_metadata_port }}
|
||||
http-request del-header X-Forwarded-Proto if { ssl_fc }
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
{% for host in groups['nova-api'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_metadata_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
|
||||
listen placement_api
|
||||
bind {{ kolla_internal_vip_address }}:{{ placement_api_port }}
|
||||
http-request del-header X-Forwarded-Proto if { ssl_fc }
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
{% for host in groups['placement-api'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ placement_api_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
@ -201,7 +205,7 @@ listen placement_api
|
||||
{% if nova_console == 'novnc' %}
|
||||
listen nova_novncproxy
|
||||
bind {{ kolla_internal_vip_address }}:{{ nova_novncproxy_port }}
|
||||
http-request del-header X-Forwarded-Proto if { ssl_fc }
|
||||
http-request del-header X-Forwarded-Proto
|
||||
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||||
timeout tunnel 1h
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
@ -216,6 +220,7 @@ listen nova_spicehtml5proxy
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
{% for host in groups['nova-spicehtml5proxy'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_spicehtml5proxy_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
@ -244,7 +249,7 @@ listen nova_serialconsole_proxy
|
||||
|
||||
listen nova_api_external
|
||||
bind {{ kolla_external_vip_address }}:{{ nova_api_port }} {{ tls_bind_info }}
|
||||
http-request del-header X-Forwarded-Proto if { ssl_fc }
|
||||
http-request del-header X-Forwarded-Proto
|
||||
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
@ -255,7 +260,7 @@ listen nova_api_external
|
||||
|
||||
listen nova_metadata_external
|
||||
bind {{ kolla_external_vip_address }}:{{ nova_metadata_port }} {{ tls_bind_info }}
|
||||
http-request del-header X-Forwarded-Proto if { ssl_fc }
|
||||
http-request del-header X-Forwarded-Proto
|
||||
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
@ -266,7 +271,7 @@ listen nova_metadata_external
|
||||
|
||||
listen placement_api_external
|
||||
bind {{ kolla_external_vip_address }}:{{ placement_api_port }} {{ tls_bind_info }}
|
||||
http-request del-header X-Forwarded-Proto if { ssl_fc }
|
||||
http-request del-header X-Forwarded-Proto
|
||||
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
@ -278,7 +283,7 @@ listen placement_api_external
|
||||
{% if nova_console == 'novnc' %}
|
||||
listen nova_novncproxy_external
|
||||
bind {{ kolla_external_vip_address }}:{{ nova_novncproxy_port }} {{ tls_bind_info }}
|
||||
http-request del-header X-Forwarded-Proto if { ssl_fc }
|
||||
http-request del-header X-Forwarded-Proto
|
||||
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
@ -289,7 +294,7 @@ listen nova_novncproxy_external
|
||||
{% elif nova_console == 'spice' %}
|
||||
listen nova_spicehtml5proxy_external
|
||||
bind {{ kolla_external_vip_address }}:{{ nova_spicehtml5proxy_port }} {{ tls_bind_info }}
|
||||
http-request del-header X-Forwarded-Proto if { ssl_fc }
|
||||
http-request del-header X-Forwarded-Proto
|
||||
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
@ -332,6 +337,8 @@ listen neutron_server_external
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||||
{% for host in groups['neutron-server'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ neutron_server_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
@ -342,10 +349,10 @@ listen neutron_server_external
|
||||
listen horizon
|
||||
bind {{ kolla_internal_vip_address }}:{{ horizon_port }}
|
||||
balance source
|
||||
http-request del-header X-Forwarded-Proto if { ssl_fc }
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
{% for host in groups['horizon'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ horizon_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
@ -355,7 +362,7 @@ listen horizon
|
||||
listen horizon_external
|
||||
bind {{ kolla_external_vip_address }}:443 {{ tls_bind_info }}
|
||||
balance source
|
||||
http-request del-header X-Forwarded-Proto if { ssl_fc }
|
||||
http-request del-header X-Forwarded-Proto
|
||||
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
@ -383,10 +390,10 @@ listen horizon_external
|
||||
{% if enable_cinder | bool %}
|
||||
listen cinder_api
|
||||
bind {{ kolla_internal_vip_address }}:{{ cinder_api_port }}
|
||||
http-request del-header X-Forwarded-Proto if { ssl_fc }
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
{% for host in groups['cinder-api'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ cinder_api_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
@ -394,7 +401,7 @@ listen cinder_api
|
||||
|
||||
listen cinder_api_external
|
||||
bind {{ kolla_external_vip_address }}:{{ cinder_api_port }} {{ tls_bind_info }}
|
||||
http-request del-header X-Forwarded-Proto if { ssl_fc }
|
||||
http-request del-header X-Forwarded-Proto
|
||||
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
@ -408,10 +415,10 @@ listen cinder_api_external
|
||||
{% if enable_cloudkitty | bool %}
|
||||
listen cloudkitty_api
|
||||
bind {{ kolla_internal_vip_address }}:{{ cloudkitty_api_port }}
|
||||
http-request del-header X-Forwarded-Proto if { ssl_fc }
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
{% for host in groups['cloudkitty-api'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ cloudkitty_api_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
@ -419,7 +426,7 @@ listen cloudkitty_api
|
||||
|
||||
listen cloudkitty_api_external
|
||||
bind {{ kolla_external_vip_address }}:{{ cloudkitty_api_port }} {{ tls_bind_info }}
|
||||
http-request del-header X-Forwarded-Proto if { ssl_fc }
|
||||
http-request del-header X-Forwarded-Proto
|
||||
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
@ -483,20 +490,20 @@ listen panko_api_external
|
||||
{% if enable_heat | bool %}
|
||||
listen heat_api
|
||||
bind {{ kolla_internal_vip_address }}:{{ heat_api_port }}
|
||||
http-request del-header X-Forwarded-Proto if { ssl_fc }
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
{% for host in groups['heat-api'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ heat_api_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
|
||||
listen heat_api_cfn
|
||||
bind {{ kolla_internal_vip_address }}:{{ heat_api_cfn_port }}
|
||||
http-request del-header X-Forwarded-Proto if { ssl_fc }
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
{% for host in groups['heat-api-cfn'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ heat_api_cfn_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
@ -504,7 +511,7 @@ listen heat_api_cfn
|
||||
|
||||
listen heat_api_external
|
||||
bind {{ kolla_external_vip_address }}:{{ heat_api_port }} {{ tls_bind_info }}
|
||||
http-request del-header X-Forwarded-Proto if { ssl_fc }
|
||||
http-request del-header X-Forwarded-Proto
|
||||
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
@ -515,7 +522,7 @@ listen heat_api_external
|
||||
|
||||
listen heat_api_cfn_external
|
||||
bind {{ kolla_external_vip_address }}:{{ heat_api_cfn_port }} {{ tls_bind_info }}
|
||||
http-request del-header X-Forwarded-Proto if { ssl_fc }
|
||||
http-request del-header X-Forwarded-Proto
|
||||
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
@ -529,7 +536,7 @@ listen heat_api_cfn_external
|
||||
{% if enable_grafana | bool %}
|
||||
listen grafana_server
|
||||
bind {{ kolla_internal_vip_address }}:{{ grafana_server_port }}
|
||||
http-request del-header X-Forwarded-Proto if { ssl_fc }
|
||||
http-request del-header X-Forwarded-Proto
|
||||
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
@ -541,7 +548,7 @@ listen grafana_server
|
||||
|
||||
listen grafana_server_external
|
||||
bind {{ kolla_external_vip_address }}:{{ grafana_server_port }} {{ tls_bind_info }}
|
||||
http-request del-header X-Forwarded-Proto if { ssl_fc }
|
||||
http-request del-header X-Forwarded-Proto
|
||||
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
@ -558,6 +565,7 @@ listen ironic_api
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
{% for host in groups['ironic-api'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ ironic_api_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
@ -566,6 +574,7 @@ listen ironic_inspector
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
{% for host in groups['ironic-inspector'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ ironic_inspector_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
@ -598,6 +607,7 @@ listen karbor_api
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
{% for host in groups['karbor-api'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ karbor_api_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
@ -608,6 +618,8 @@ listen karbor_api_external
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||||
{% for host in groups['karbor-api'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ karbor_api_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
@ -621,6 +633,7 @@ listen freezer_api
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
{% for host in groups['freezer-api'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ freezer_api_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
@ -631,6 +644,8 @@ listen freezer_api_external
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||||
{% for host in groups['freezer-api'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ freezer_api_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
@ -644,6 +659,7 @@ listen senlin_api
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
{% for host in groups['senlin-api'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ senlin_api_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
@ -654,6 +670,8 @@ listen senlin_api_external
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||||
{% for host in groups['senlin-api'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ senlin_api_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
@ -666,6 +684,7 @@ listen solum_application_deployment
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
{% for host in groups['solum-application-deployment'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ solum_application_deployment_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
@ -675,6 +694,7 @@ listen solum_image_builder
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
{% for host in groups['solum-image-builder'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ solum_image_builder_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
@ -694,6 +714,8 @@ listen solum_image_builder_external
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||||
{% for host in groups['solum-image-builder'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ solum_image_builder_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
@ -706,6 +728,7 @@ listen swift_api
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
{% for host in groups['swift-proxy-server'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ swift_proxy_server_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
@ -716,6 +739,8 @@ listen swift_api_external
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||||
{% for host in groups['swift-proxy-server'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ swift_proxy_server_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
@ -728,6 +753,7 @@ listen murano_api
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
{% for host in groups['murano-api'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ murano_api_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
@ -738,6 +764,8 @@ listen murano_api_external
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||||
{% for host in groups['murano-api'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ murano_api_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
@ -750,6 +778,7 @@ listen manila_api
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
{% for host in groups['manila-api'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ manila_api_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
@ -760,6 +789,8 @@ listen manila_api_external
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||||
{% for host in groups['manila-api'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ manila_api_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
@ -772,6 +803,7 @@ listen magnum_api
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
{% for host in groups['magnum-api'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ magnum_api_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
@ -782,6 +814,8 @@ listen magnum_api_external
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||||
{% for host in groups['magnum-api'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ magnum_api_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
@ -794,6 +828,7 @@ listen watcher_api
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
{% for host in groups['watcher-api'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ watcher_api_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
@ -804,6 +839,8 @@ listen watcher_api_external
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||||
{% for host in groups['watcher-api'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ watcher_api_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
@ -816,6 +853,7 @@ listen sahara_api
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
{% for host in groups['sahara-api'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ sahara_api_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
@ -895,7 +933,7 @@ listen kibana
|
||||
|
||||
listen kibana_external
|
||||
bind {{ kolla_external_vip_address }}:{{ kibana_server_port }} {{ tls_bind_info }}
|
||||
http-request del-header X-Forwarded-Proto if { ssl_fc }
|
||||
http-request del-header X-Forwarded-Proto
|
||||
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||||
acl auth_acl http_auth(kibanauser)
|
||||
http-request auth realm basicauth unless auth_acl
|
||||
@ -924,6 +962,8 @@ listen gnocchi_api_external
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||||
{% for host in groups['gnocchi-api'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ gnocchi_api_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
@ -980,6 +1020,8 @@ listen aodh_api_external
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||||
{% for host in groups['aodh-api'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ aodh_api_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
@ -1011,10 +1053,10 @@ listen trove_api_external
|
||||
{% if enable_congress | bool %}
|
||||
listen congress_api
|
||||
bind {{ kolla_internal_vip_address }}:{{ congress_api_port }}
|
||||
http-request del-header X-Forwarded-Proto if { ssl_fc }
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
{% for host in groups['congress-api'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ congress_api_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
@ -1022,7 +1064,7 @@ listen congress_api
|
||||
|
||||
listen congress_api_external
|
||||
bind {{ kolla_external_vip_address }}:{{ congress_api_port }} {{ tls_bind_info }}
|
||||
http-request del-header X-Forwarded-Proto if { ssl_fc }
|
||||
http-request del-header X-Forwarded-Proto
|
||||
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
@ -1049,6 +1091,8 @@ listen designate_api_external
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||||
{% for host in groups['designate-api'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ designate_api_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
@ -1102,10 +1146,10 @@ listen tacker_server_external
|
||||
{% if enable_zun | bool %}
|
||||
listen zun_api
|
||||
bind {{ kolla_internal_vip_address }}:{{ zun_api_port }}
|
||||
http-request del-header X-Forwarded-Proto if { ssl_fc }
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
{% for host in groups['zun-api'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ zun_api_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
@ -1113,7 +1157,7 @@ listen zun_api
|
||||
|
||||
listen zun_api_external
|
||||
bind {{ kolla_external_vip_address }}:{{ zun_api_port }} {{ tls_bind_info }}
|
||||
http-request del-header X-Forwarded-Proto if { ssl_fc }
|
||||
http-request del-header X-Forwarded-Proto
|
||||
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
@ -1174,10 +1218,10 @@ listen vitrage_api_external
|
||||
{% if enable_blazar | bool %}
|
||||
listen blazar_api
|
||||
bind {{ kolla_internal_vip_address }}:{{ blazar_api_port }}
|
||||
http-request del-header X-Forwarded-Proto if { ssl_fc }
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
{% endfor %}
|
||||
http-request del-header X-Forwarded-Proto
|
||||
{% for host in groups['blazar-api'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ blazar_api_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
@ -1185,7 +1229,7 @@ listen blazar_api
|
||||
|
||||
listen blazar_api_external
|
||||
bind {{ kolla_external_vip_address }}:{{ blazar_api_port }} {{ tls_bind_info }}
|
||||
http-request del-header X-Forwarded-Proto if { ssl_fc }
|
||||
http-request del-header X-Forwarded-Proto
|
||||
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||||
{% for http_option in haproxy_listen_http_extra %}
|
||||
{{ http_option }}
|
||||
|
||||
@ -95,10 +95,8 @@ endpoint_type = internalURL
|
||||
[clients_heat]
|
||||
endpoint_type = publicURL
|
||||
|
||||
{% if public_protocol != internal_protocol and kolla_external_fqdn != kolla_internal_fqdn %}
|
||||
[oslo_middleware]
|
||||
enable_proxy_headers_parsing = True
|
||||
{% endif %}
|
||||
|
||||
{% if enable_osprofiler | bool %}
|
||||
[profiler]
|
||||
|
||||
@ -97,3 +97,6 @@ deploy_logs_collect = always
|
||||
|
||||
[pxe]
|
||||
pxe_append_params = nofb nomodeset vga=normal console=tty0 console=ttyS0,{{ ironic_console_serial_speed }}
|
||||
|
||||
[oslo_middleware]
|
||||
enable_proxy_headers_parsing = True
|
||||
|
||||
@ -45,3 +45,6 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi
|
||||
|
||||
[oslo_messaging_notifications]
|
||||
transport_url = {{ notify_transport_url }}
|
||||
|
||||
[oslo_middleware]
|
||||
enable_proxy_headers_parsing = True
|
||||
|
||||
@ -74,6 +74,9 @@ cluster_user_trust = {{ enable_cluster_user_trust }}
|
||||
[oslo_concurrency]
|
||||
lock_path = /var/lib/magnum/tmp
|
||||
|
||||
[oslo_middleware]
|
||||
enable_proxy_headers_parsing = True
|
||||
|
||||
[certificates]
|
||||
{% if enable_barbican | bool %}
|
||||
cert_manager_type = barbican
|
||||
|
||||
@ -45,6 +45,9 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi
|
||||
[oslo_messaging_notifications]
|
||||
transport_url = {{ notify_transport_url }}
|
||||
|
||||
[oslo_middleware]
|
||||
enable_proxy_headers_parsing = True
|
||||
|
||||
{% if manila_policy_file is defined %}
|
||||
[oslo_policy]
|
||||
policy_file = {{ manila_policy_file }}
|
||||
|
||||
@ -49,6 +49,9 @@ api_workers = {{ openstack_service_workers }}
|
||||
transport_url = {{ notify_transport_url }}
|
||||
driver = messagingv2
|
||||
|
||||
[oslo_middleware]
|
||||
enable_proxy_headers_parsing = True
|
||||
|
||||
{% if murano_policy_file is defined %}
|
||||
[oslo_policy]
|
||||
policy_file = {{ murano_policy_file }}
|
||||
|
||||
@ -79,6 +79,9 @@ username = {{ nova_keystone_user }}
|
||||
password = {{ nova_keystone_password }}
|
||||
endpoint_type = internal
|
||||
|
||||
[oslo_middleware]
|
||||
enable_proxy_headers_parsing = True
|
||||
|
||||
[oslo_concurrency]
|
||||
lock_path = /var/lib/neutron/tmp
|
||||
|
||||
|
||||
@ -121,6 +121,9 @@ project_domain_name = {{ default_project_domain_name }}
|
||||
api_endpoint = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ ironic_api_port }}/v1
|
||||
{% endif %}
|
||||
|
||||
[oslo_middleware]
|
||||
enable_proxy_headers_parsing = True
|
||||
|
||||
[oslo_concurrency]
|
||||
lock_path = /var/lib/nova/tmp
|
||||
|
||||
|
||||
@ -34,3 +34,6 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi
|
||||
[oslo_policy]
|
||||
policy_file = {{ panko_policy_file }}
|
||||
{% endif %}
|
||||
|
||||
[oslo_middleware]
|
||||
enable_proxy_headers_parsing = True
|
||||
|
||||
@ -61,6 +61,9 @@ driver = messagingv2
|
||||
[oslo_concurrency]
|
||||
lock_path = /var/lib/vitrage/tmp
|
||||
|
||||
[oslo_middleware]
|
||||
enable_proxy_headers_parsing = True
|
||||
|
||||
{% if vitrage_policy_file is defined %}
|
||||
[oslo_policy]
|
||||
policy_file = {{ vitrage_policy_file }}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user