Merge "Fix SSL api for multiple services"

This commit is contained in:
Zuul 2018-04-27 08:55:48 +00:00 committed by Gerrit Code Review
commit 2b8bc555cb
19 changed files with 126 additions and 33 deletions

View File

@ -27,6 +27,9 @@ password = {{ aodh_keystone_password }}
auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
auth_type = password
[oslo_middleware]
enable_proxy_headers_parsing = True
{% if aodh_policy_file is defined %}
[oslo_policy]
policy_file = {{ aodh_policy_file }}

View File

@ -74,6 +74,9 @@ auth_type = password
[oslo_messaging_notifications]
transport_url = {{ notify_transport_url }}
[oslo_middleware]
enable_proxy_headers_parsing = True
{% if barbican_policy_file is defined %}
[oslo_policy]
policy_file = {{ barbican_policy_file }}

View File

@ -68,6 +68,9 @@ topics = notifications
driver = noop
{% endif %}
[oslo_middleware]
enable_proxy_headers_parsing = True
{% if cinder_policy_file is defined %}
[oslo_policy]
policy_file = {{ cinder_policy_file }}

View File

@ -50,5 +50,8 @@ transport_url = {{ notify_transport_url }}
policy_file = {{ congress_policy_file }}
{% endif %}
[oslo_middleware]
enable_proxy_headers_parsing = True
[congress]
url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ congress_api_port }}

View File

@ -15,6 +15,7 @@ listen = {{ api_interface_address }}:{{ designate_api_port }}
api_base_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ designate_api_port }}
enabled_extensions_v2 = 'quotas, reports'
workers = {{ openstack_service_workers }}
enable_host_header = True
[keystone_authtoken]
auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
@ -102,6 +103,9 @@ driver = messagingv2
[oslo_concurrency]
lock_path = /var/lib/designate/tmp
[oslo_middleware]
enable_proxy_headers_parsing = True
{% if designate_policy_file is defined %}
[oslo_policy]
policy_file = {{ designate_policy_file }}

View File

@ -40,6 +40,9 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi
policy_file = {{ freezer_policy_file }}
{% endif %}
[oslo_middleware]
enable_proxy_headers_parsing = True
[paste_deploy]
config_file = /etc/freezer/freezer-paste.ini

View File

@ -81,6 +81,9 @@ vmware_datastores = {{ vmware_vcenter_name }}:{{ vmware_datastore_name }}
vmware_insecure = True
{% endif %}
[oslo_middleware]
enable_proxy_headers_parsing = True
[oslo_messaging_notifications]
transport_url = {{ notify_transport_url }}
{% if glance_enabled_notification_topics %}

View File

@ -18,6 +18,8 @@ host = {{ api_interface_address }}
middlewares = keystonemiddleware.auth_token.AuthProtocol
auth_mode = keystone
[oslo_middleware]
enable_proxy_headers_parsing = True
[database]
connection = mysql+pymysql://{{ gnocchi_database_user }}:{{ gnocchi_database_password }}@{{ gnocchi_database_address }}/{{ gnocchi_database_name }}

View File

@ -86,10 +86,10 @@ listen mongodb
{% if enable_keystone | bool %}
listen keystone_internal
bind {{ kolla_internal_vip_address }}:{{ keystone_public_port }}
http-request del-header X-Forwarded-Proto if { ssl_fc }
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
{% for host in groups['keystone'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ keystone_public_port }} check inter 2000 rise 2 fall 5
{% endfor %}
@ -97,7 +97,7 @@ listen keystone_internal
listen keystone_external
bind {{ kolla_external_vip_address }}:{{ keystone_public_port }} {{ tls_bind_info }}
http-request del-header X-Forwarded-Proto if { ssl_fc }
http-request del-header X-Forwarded-Proto
http-request set-header X-Forwarded-Proto https if { ssl_fc }
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
@ -109,10 +109,10 @@ listen keystone_external
listen keystone_admin
bind {{ kolla_internal_vip_address }}:{{ keystone_admin_port }}
http-request del-header X-Forwarded-Proto if { ssl_fc }
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
{% for host in groups['keystone'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ keystone_admin_port }} check inter 2000 rise 2 fall 5
{% endfor %}
@ -124,12 +124,14 @@ listen glance_registry
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
{% for host in groups['glance-registry'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ glance_registry_port }} check inter 2000 rise 2 fall 5
{% endfor %}
listen glance_api
bind {{ kolla_internal_vip_address }}:{{ glance_api_port }}
http-request del-header X-Forwarded-Proto
timeout client {{ haproxy_glance_api_client_timeout }}
timeout server {{ haproxy_glance_api_server_timeout }}
{% for http_option in haproxy_listen_http_extra %}
@ -147,6 +149,8 @@ listen glance_api_external
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
http-request set-header X-Forwarded-Proto https if { ssl_fc }
{% for host in groups['glance-api'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ glance_api_port }} check inter 2000 rise 2 fall 5
{% endfor %}
@ -170,30 +174,30 @@ listen influxdb_http
{% if enable_nova | bool %}
listen nova_api
bind {{ kolla_internal_vip_address }}:{{ nova_api_port }}
http-request del-header X-Forwarded-Proto if { ssl_fc }
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
{% for host in groups['nova-api'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_api_port }} check inter 2000 rise 2 fall 5
{% endfor %}
listen nova_metadata
bind {{ kolla_internal_vip_address }}:{{ nova_metadata_port }}
http-request del-header X-Forwarded-Proto if { ssl_fc }
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
{% for host in groups['nova-api'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_metadata_port }} check inter 2000 rise 2 fall 5
{% endfor %}
listen placement_api
bind {{ kolla_internal_vip_address }}:{{ placement_api_port }}
http-request del-header X-Forwarded-Proto if { ssl_fc }
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
{% for host in groups['placement-api'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ placement_api_port }} check inter 2000 rise 2 fall 5
{% endfor %}
@ -201,7 +205,7 @@ listen placement_api
{% if nova_console == 'novnc' %}
listen nova_novncproxy
bind {{ kolla_internal_vip_address }}:{{ nova_novncproxy_port }}
http-request del-header X-Forwarded-Proto if { ssl_fc }
http-request del-header X-Forwarded-Proto
http-request set-header X-Forwarded-Proto https if { ssl_fc }
timeout tunnel 1h
{% for http_option in haproxy_listen_http_extra %}
@ -216,6 +220,7 @@ listen nova_spicehtml5proxy
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
{% for host in groups['nova-spicehtml5proxy'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_spicehtml5proxy_port }} check inter 2000 rise 2 fall 5
{% endfor %}
@ -244,7 +249,7 @@ listen nova_serialconsole_proxy
listen nova_api_external
bind {{ kolla_external_vip_address }}:{{ nova_api_port }} {{ tls_bind_info }}
http-request del-header X-Forwarded-Proto if { ssl_fc }
http-request del-header X-Forwarded-Proto
http-request set-header X-Forwarded-Proto https if { ssl_fc }
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
@ -255,7 +260,7 @@ listen nova_api_external
listen nova_metadata_external
bind {{ kolla_external_vip_address }}:{{ nova_metadata_port }} {{ tls_bind_info }}
http-request del-header X-Forwarded-Proto if { ssl_fc }
http-request del-header X-Forwarded-Proto
http-request set-header X-Forwarded-Proto https if { ssl_fc }
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
@ -266,7 +271,7 @@ listen nova_metadata_external
listen placement_api_external
bind {{ kolla_external_vip_address }}:{{ placement_api_port }} {{ tls_bind_info }}
http-request del-header X-Forwarded-Proto if { ssl_fc }
http-request del-header X-Forwarded-Proto
http-request set-header X-Forwarded-Proto https if { ssl_fc }
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
@ -278,7 +283,7 @@ listen placement_api_external
{% if nova_console == 'novnc' %}
listen nova_novncproxy_external
bind {{ kolla_external_vip_address }}:{{ nova_novncproxy_port }} {{ tls_bind_info }}
http-request del-header X-Forwarded-Proto if { ssl_fc }
http-request del-header X-Forwarded-Proto
http-request set-header X-Forwarded-Proto https if { ssl_fc }
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
@ -289,7 +294,7 @@ listen nova_novncproxy_external
{% elif nova_console == 'spice' %}
listen nova_spicehtml5proxy_external
bind {{ kolla_external_vip_address }}:{{ nova_spicehtml5proxy_port }} {{ tls_bind_info }}
http-request del-header X-Forwarded-Proto if { ssl_fc }
http-request del-header X-Forwarded-Proto
http-request set-header X-Forwarded-Proto https if { ssl_fc }
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
@ -332,6 +337,8 @@ listen neutron_server_external
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
http-request set-header X-Forwarded-Proto https if { ssl_fc }
{% for host in groups['neutron-server'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ neutron_server_port }} check inter 2000 rise 2 fall 5
{% endfor %}
@ -342,10 +349,10 @@ listen neutron_server_external
listen horizon
bind {{ kolla_internal_vip_address }}:{{ horizon_port }}
balance source
http-request del-header X-Forwarded-Proto if { ssl_fc }
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
{% for host in groups['horizon'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ horizon_port }} check inter 2000 rise 2 fall 5
{% endfor %}
@ -355,7 +362,7 @@ listen horizon
listen horizon_external
bind {{ kolla_external_vip_address }}:443 {{ tls_bind_info }}
balance source
http-request del-header X-Forwarded-Proto if { ssl_fc }
http-request del-header X-Forwarded-Proto
http-request set-header X-Forwarded-Proto https if { ssl_fc }
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
@ -383,10 +390,10 @@ listen horizon_external
{% if enable_cinder | bool %}
listen cinder_api
bind {{ kolla_internal_vip_address }}:{{ cinder_api_port }}
http-request del-header X-Forwarded-Proto if { ssl_fc }
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
{% for host in groups['cinder-api'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ cinder_api_port }} check inter 2000 rise 2 fall 5
{% endfor %}
@ -394,7 +401,7 @@ listen cinder_api
listen cinder_api_external
bind {{ kolla_external_vip_address }}:{{ cinder_api_port }} {{ tls_bind_info }}
http-request del-header X-Forwarded-Proto if { ssl_fc }
http-request del-header X-Forwarded-Proto
http-request set-header X-Forwarded-Proto https if { ssl_fc }
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
@ -408,10 +415,10 @@ listen cinder_api_external
{% if enable_cloudkitty | bool %}
listen cloudkitty_api
bind {{ kolla_internal_vip_address }}:{{ cloudkitty_api_port }}
http-request del-header X-Forwarded-Proto if { ssl_fc }
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
{% for host in groups['cloudkitty-api'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ cloudkitty_api_port }} check inter 2000 rise 2 fall 5
{% endfor %}
@ -419,7 +426,7 @@ listen cloudkitty_api
listen cloudkitty_api_external
bind {{ kolla_external_vip_address }}:{{ cloudkitty_api_port }} {{ tls_bind_info }}
http-request del-header X-Forwarded-Proto if { ssl_fc }
http-request del-header X-Forwarded-Proto
http-request set-header X-Forwarded-Proto https if { ssl_fc }
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
@ -483,20 +490,20 @@ listen panko_api_external
{% if enable_heat | bool %}
listen heat_api
bind {{ kolla_internal_vip_address }}:{{ heat_api_port }}
http-request del-header X-Forwarded-Proto if { ssl_fc }
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
{% for host in groups['heat-api'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ heat_api_port }} check inter 2000 rise 2 fall 5
{% endfor %}
listen heat_api_cfn
bind {{ kolla_internal_vip_address }}:{{ heat_api_cfn_port }}
http-request del-header X-Forwarded-Proto if { ssl_fc }
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
{% for host in groups['heat-api-cfn'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ heat_api_cfn_port }} check inter 2000 rise 2 fall 5
{% endfor %}
@ -504,7 +511,7 @@ listen heat_api_cfn
listen heat_api_external
bind {{ kolla_external_vip_address }}:{{ heat_api_port }} {{ tls_bind_info }}
http-request del-header X-Forwarded-Proto if { ssl_fc }
http-request del-header X-Forwarded-Proto
http-request set-header X-Forwarded-Proto https if { ssl_fc }
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
@ -515,7 +522,7 @@ listen heat_api_external
listen heat_api_cfn_external
bind {{ kolla_external_vip_address }}:{{ heat_api_cfn_port }} {{ tls_bind_info }}
http-request del-header X-Forwarded-Proto if { ssl_fc }
http-request del-header X-Forwarded-Proto
http-request set-header X-Forwarded-Proto https if { ssl_fc }
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
@ -529,7 +536,7 @@ listen heat_api_cfn_external
{% if enable_grafana | bool %}
listen grafana_server
bind {{ kolla_internal_vip_address }}:{{ grafana_server_port }}
http-request del-header X-Forwarded-Proto if { ssl_fc }
http-request del-header X-Forwarded-Proto
http-request set-header X-Forwarded-Proto https if { ssl_fc }
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
@ -541,7 +548,7 @@ listen grafana_server
listen grafana_server_external
bind {{ kolla_external_vip_address }}:{{ grafana_server_port }} {{ tls_bind_info }}
http-request del-header X-Forwarded-Proto if { ssl_fc }
http-request del-header X-Forwarded-Proto
http-request set-header X-Forwarded-Proto https if { ssl_fc }
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
@ -558,6 +565,7 @@ listen ironic_api
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
{% for host in groups['ironic-api'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ ironic_api_port }} check inter 2000 rise 2 fall 5
{% endfor %}
@ -566,6 +574,7 @@ listen ironic_inspector
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
{% for host in groups['ironic-inspector'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ ironic_inspector_port }} check inter 2000 rise 2 fall 5
{% endfor %}
@ -598,6 +607,7 @@ listen karbor_api
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
{% for host in groups['karbor-api'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ karbor_api_port }} check inter 2000 rise 2 fall 5
{% endfor %}
@ -608,6 +618,8 @@ listen karbor_api_external
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
http-request set-header X-Forwarded-Proto https if { ssl_fc }
{% for host in groups['karbor-api'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ karbor_api_port }} check inter 2000 rise 2 fall 5
{% endfor %}
@ -621,6 +633,7 @@ listen freezer_api
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
{% for host in groups['freezer-api'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ freezer_api_port }} check inter 2000 rise 2 fall 5
{% endfor %}
@ -631,6 +644,8 @@ listen freezer_api_external
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
http-request set-header X-Forwarded-Proto https if { ssl_fc }
{% for host in groups['freezer-api'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ freezer_api_port }} check inter 2000 rise 2 fall 5
{% endfor %}
@ -644,6 +659,7 @@ listen senlin_api
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
{% for host in groups['senlin-api'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ senlin_api_port }} check inter 2000 rise 2 fall 5
{% endfor %}
@ -654,6 +670,8 @@ listen senlin_api_external
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
http-request set-header X-Forwarded-Proto https if { ssl_fc }
{% for host in groups['senlin-api'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ senlin_api_port }} check inter 2000 rise 2 fall 5
{% endfor %}
@ -666,6 +684,7 @@ listen solum_application_deployment
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
{% for host in groups['solum-application-deployment'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ solum_application_deployment_port }} check inter 2000 rise 2 fall 5
{% endfor %}
@ -675,6 +694,7 @@ listen solum_image_builder
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
{% for host in groups['solum-image-builder'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ solum_image_builder_port }} check inter 2000 rise 2 fall 5
{% endfor %}
@ -694,6 +714,8 @@ listen solum_image_builder_external
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
http-request set-header X-Forwarded-Proto https if { ssl_fc }
{% for host in groups['solum-image-builder'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ solum_image_builder_port }} check inter 2000 rise 2 fall 5
{% endfor %}
@ -706,6 +728,7 @@ listen swift_api
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
{% for host in groups['swift-proxy-server'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ swift_proxy_server_port }} check inter 2000 rise 2 fall 5
{% endfor %}
@ -716,6 +739,8 @@ listen swift_api_external
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
http-request set-header X-Forwarded-Proto https if { ssl_fc }
{% for host in groups['swift-proxy-server'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ swift_proxy_server_port }} check inter 2000 rise 2 fall 5
{% endfor %}
@ -728,6 +753,7 @@ listen murano_api
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
{% for host in groups['murano-api'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ murano_api_port }} check inter 2000 rise 2 fall 5
{% endfor %}
@ -738,6 +764,8 @@ listen murano_api_external
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
http-request set-header X-Forwarded-Proto https if { ssl_fc }
{% for host in groups['murano-api'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ murano_api_port }} check inter 2000 rise 2 fall 5
{% endfor %}
@ -750,6 +778,7 @@ listen manila_api
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
{% for host in groups['manila-api'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ manila_api_port }} check inter 2000 rise 2 fall 5
{% endfor %}
@ -760,6 +789,8 @@ listen manila_api_external
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
http-request set-header X-Forwarded-Proto https if { ssl_fc }
{% for host in groups['manila-api'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ manila_api_port }} check inter 2000 rise 2 fall 5
{% endfor %}
@ -772,6 +803,7 @@ listen magnum_api
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
{% for host in groups['magnum-api'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ magnum_api_port }} check inter 2000 rise 2 fall 5
{% endfor %}
@ -782,6 +814,8 @@ listen magnum_api_external
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
http-request set-header X-Forwarded-Proto https if { ssl_fc }
{% for host in groups['magnum-api'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ magnum_api_port }} check inter 2000 rise 2 fall 5
{% endfor %}
@ -794,6 +828,7 @@ listen watcher_api
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
{% for host in groups['watcher-api'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ watcher_api_port }} check inter 2000 rise 2 fall 5
{% endfor %}
@ -804,6 +839,8 @@ listen watcher_api_external
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
http-request set-header X-Forwarded-Proto https if { ssl_fc }
{% for host in groups['watcher-api'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ watcher_api_port }} check inter 2000 rise 2 fall 5
{% endfor %}
@ -816,6 +853,7 @@ listen sahara_api
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
{% for host in groups['sahara-api'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ sahara_api_port }} check inter 2000 rise 2 fall 5
{% endfor %}
@ -895,7 +933,7 @@ listen kibana
listen kibana_external
bind {{ kolla_external_vip_address }}:{{ kibana_server_port }} {{ tls_bind_info }}
http-request del-header X-Forwarded-Proto if { ssl_fc }
http-request del-header X-Forwarded-Proto
http-request set-header X-Forwarded-Proto https if { ssl_fc }
acl auth_acl http_auth(kibanauser)
http-request auth realm basicauth unless auth_acl
@ -924,6 +962,8 @@ listen gnocchi_api_external
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
http-request set-header X-Forwarded-Proto https if { ssl_fc }
{% for host in groups['gnocchi-api'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ gnocchi_api_port }} check inter 2000 rise 2 fall 5
{% endfor %}
@ -980,6 +1020,8 @@ listen aodh_api_external
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
http-request set-header X-Forwarded-Proto https if { ssl_fc }
{% for host in groups['aodh-api'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ aodh_api_port }} check inter 2000 rise 2 fall 5
{% endfor %}
@ -1011,10 +1053,10 @@ listen trove_api_external
{% if enable_congress | bool %}
listen congress_api
bind {{ kolla_internal_vip_address }}:{{ congress_api_port }}
http-request del-header X-Forwarded-Proto if { ssl_fc }
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
{% for host in groups['congress-api'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ congress_api_port }} check inter 2000 rise 2 fall 5
{% endfor %}
@ -1022,7 +1064,7 @@ listen congress_api
listen congress_api_external
bind {{ kolla_external_vip_address }}:{{ congress_api_port }} {{ tls_bind_info }}
http-request del-header X-Forwarded-Proto if { ssl_fc }
http-request del-header X-Forwarded-Proto
http-request set-header X-Forwarded-Proto https if { ssl_fc }
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
@ -1049,6 +1091,8 @@ listen designate_api_external
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
http-request set-header X-Forwarded-Proto https if { ssl_fc }
{% for host in groups['designate-api'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ designate_api_port }} check inter 2000 rise 2 fall 5
{% endfor %}
@ -1102,10 +1146,10 @@ listen tacker_server_external
{% if enable_zun | bool %}
listen zun_api
bind {{ kolla_internal_vip_address }}:{{ zun_api_port }}
http-request del-header X-Forwarded-Proto if { ssl_fc }
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
{% for host in groups['zun-api'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ zun_api_port }} check inter 2000 rise 2 fall 5
{% endfor %}
@ -1113,7 +1157,7 @@ listen zun_api
listen zun_api_external
bind {{ kolla_external_vip_address }}:{{ zun_api_port }} {{ tls_bind_info }}
http-request del-header X-Forwarded-Proto if { ssl_fc }
http-request del-header X-Forwarded-Proto
http-request set-header X-Forwarded-Proto https if { ssl_fc }
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
@ -1174,10 +1218,10 @@ listen vitrage_api_external
{% if enable_blazar | bool %}
listen blazar_api
bind {{ kolla_internal_vip_address }}:{{ blazar_api_port }}
http-request del-header X-Forwarded-Proto if { ssl_fc }
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}
{% endfor %}
http-request del-header X-Forwarded-Proto
{% for host in groups['blazar-api'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ blazar_api_port }} check inter 2000 rise 2 fall 5
{% endfor %}
@ -1185,7 +1229,7 @@ listen blazar_api
listen blazar_api_external
bind {{ kolla_external_vip_address }}:{{ blazar_api_port }} {{ tls_bind_info }}
http-request del-header X-Forwarded-Proto if { ssl_fc }
http-request del-header X-Forwarded-Proto
http-request set-header X-Forwarded-Proto https if { ssl_fc }
{% for http_option in haproxy_listen_http_extra %}
{{ http_option }}

View File

@ -95,10 +95,8 @@ endpoint_type = internalURL
[clients_heat]
endpoint_type = publicURL
{% if public_protocol != internal_protocol and kolla_external_fqdn != kolla_internal_fqdn %}
[oslo_middleware]
enable_proxy_headers_parsing = True
{% endif %}
{% if enable_osprofiler | bool %}
[profiler]

View File

@ -97,3 +97,6 @@ deploy_logs_collect = always
[pxe]
pxe_append_params = nofb nomodeset vga=normal console=tty0 console=ttyS0,{{ ironic_console_serial_speed }}
[oslo_middleware]
enable_proxy_headers_parsing = True

View File

@ -45,3 +45,6 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi
[oslo_messaging_notifications]
transport_url = {{ notify_transport_url }}
[oslo_middleware]
enable_proxy_headers_parsing = True

View File

@ -74,6 +74,9 @@ cluster_user_trust = {{ enable_cluster_user_trust }}
[oslo_concurrency]
lock_path = /var/lib/magnum/tmp
[oslo_middleware]
enable_proxy_headers_parsing = True
[certificates]
{% if enable_barbican | bool %}
cert_manager_type = barbican

View File

@ -45,6 +45,9 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi
[oslo_messaging_notifications]
transport_url = {{ notify_transport_url }}
[oslo_middleware]
enable_proxy_headers_parsing = True
{% if manila_policy_file is defined %}
[oslo_policy]
policy_file = {{ manila_policy_file }}

View File

@ -49,6 +49,9 @@ api_workers = {{ openstack_service_workers }}
transport_url = {{ notify_transport_url }}
driver = messagingv2
[oslo_middleware]
enable_proxy_headers_parsing = True
{% if murano_policy_file is defined %}
[oslo_policy]
policy_file = {{ murano_policy_file }}

View File

@ -79,6 +79,9 @@ username = {{ nova_keystone_user }}
password = {{ nova_keystone_password }}
endpoint_type = internal
[oslo_middleware]
enable_proxy_headers_parsing = True
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

View File

@ -121,6 +121,9 @@ project_domain_name = {{ default_project_domain_name }}
api_endpoint = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ ironic_api_port }}/v1
{% endif %}
[oslo_middleware]
enable_proxy_headers_parsing = True
[oslo_concurrency]
lock_path = /var/lib/nova/tmp

View File

@ -34,3 +34,6 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi
[oslo_policy]
policy_file = {{ panko_policy_file }}
{% endif %}
[oslo_middleware]
enable_proxy_headers_parsing = True

View File

@ -61,6 +61,9 @@ driver = messagingv2
[oslo_concurrency]
lock_path = /var/lib/vitrage/tmp
[oslo_middleware]
enable_proxy_headers_parsing = True
{% if vitrage_policy_file is defined %}
[oslo_policy]
policy_file = {{ vitrage_policy_file }}