From 4061acd3e7fe8978cfb552a02d11ab586ab4690f Mon Sep 17 00:00:00 2001 From: Jeremy Stanley Date: Mon, 7 Mar 2022 17:22:44 +0000 Subject: [PATCH] Add check keyword to balance_zuul_https servers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Apparently the check-ssl option only modifies check behavior, but does not actually turn it on. The check option also needs to be set in order to activate checks of the server. See ยง5.2 of the haproxy docs for details: https://git.haproxy.org/?p=haproxy-2.5.git;a=blob;f=doc/configuration.txt;h=e3949d1eebe171920c451b4cad1d5fcd07d0bfb5;hb=HEAD#l14396 Turn it on for all of our balance_zuul_https server entries. Also set this on the gitea01 server entry in balance_git_https, so we can make sure it's still seen as "up" once this change takes effect. A follow-up change will turn it on for the other balance_git_https servers out of an abundance of caution around that service. Change-Id: I4018507f6e0ee1b5c30139de301e09b3ec6fc494 --- inventory/service/group_vars/gitea-lb.yaml | 2 +- inventory/service/group_vars/zuul-lb.yaml | 4 ++-- playbooks/zuul/templates/group_vars/gitea-lb.yaml.j2 | 2 +- playbooks/zuul/templates/group_vars/zuul-lb.yaml.j2 | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/inventory/service/group_vars/gitea-lb.yaml b/inventory/service/group_vars/gitea-lb.yaml index 6b9f3d8d91..f14aeb6282 100644 --- a/inventory/service/group_vars/gitea-lb.yaml +++ b/inventory/service/group_vars/gitea-lb.yaml @@ -33,7 +33,7 @@ gitea_lb_listeners: servers: - name: 'gitea01.opendev.org' address: '38.108.68.172:3081' - check_method: 'check-ssl verify none' + check_method: 'check check-ssl verify none' - name: 'gitea02.opendev.org' address: '38.108.68.23:3081' check_method: 'check-ssl verify none' diff --git a/inventory/service/group_vars/zuul-lb.yaml b/inventory/service/group_vars/zuul-lb.yaml index 82800405f5..e5be260804 100644 --- a/inventory/service/group_vars/zuul-lb.yaml +++ b/inventory/service/group_vars/zuul-lb.yaml @@ -17,10 +17,10 @@ zuul_lb_listeners: servers: - name: 'zuul01.opendev.org' address: '104.130.246.57:443' - check_method: 'check-ssl verify none' + check_method: 'check check-ssl verify none' - name: 'zuul02.opendev.org' address: '104.130.246.31:443' - check_method: 'check-ssl verify none' + check_method: 'check check-ssl verify none' - name: balance_zuul_finger bind: - ':::79' diff --git a/playbooks/zuul/templates/group_vars/gitea-lb.yaml.j2 b/playbooks/zuul/templates/group_vars/gitea-lb.yaml.j2 index 5b70eb3c8b..fc68fdfd03 100644 --- a/playbooks/zuul/templates/group_vars/gitea-lb.yaml.j2 +++ b/playbooks/zuul/templates/group_vars/gitea-lb.yaml.j2 @@ -12,4 +12,4 @@ gitea_lb_listeners: servers: - name: "gitea99.opendev.org" address: "{{ (hostvars['gitea99.opendev.org'] | default({})).get('nodepool', {}).get('public_ipv4', '') }}:3000" - check_method: "check-ssl verify none" + check_method: "check check-ssl verify none" diff --git a/playbooks/zuul/templates/group_vars/zuul-lb.yaml.j2 b/playbooks/zuul/templates/group_vars/zuul-lb.yaml.j2 index 5cc63fdd67..51cadd9d3f 100644 --- a/playbooks/zuul/templates/group_vars/zuul-lb.yaml.j2 +++ b/playbooks/zuul/templates/group_vars/zuul-lb.yaml.j2 @@ -14,7 +14,7 @@ zuul_lb_listeners: servers: - name: "zuul02.opendev.org" address: "{{ (hostvars['zuul02.opendev.org'] | default({})).get('nodepool', {}).get('public_ipv4', '') }}:443" - check_method: 'check-ssl verify none' + check_method: 'check check-ssl verify none' - name: balance_zuul_finger bind: - ":::79"