Fix l7 haproxy check for opensearch-dashboards and prometheus-server

After I839f7f1051182fe797394e5436571d64d5c5b5a4 prometheus-opensearch
jobs are broken - this patch fixes that.

opensearch-dashboards will respond to "OPTIONS /" with 404 and
prometheus will respond with 400

Change-Id: I41fb046b85509b56611ffd575f15088834187ba8
This commit is contained in:
Michal Nasiadka 2024-12-30 09:31:52 +01:00
parent 6d553b3d79
commit 4400e5fb92
5 changed files with 13 additions and 7 deletions

View File

@ -1325,6 +1325,7 @@ enable_prometheus_proxysql_exporter: "{{ enable_prometheus | bool and enable_pro
prometheus_alertmanager_user: "admin"
prometheus_ceph_exporter_interval: "{{ prometheus_scrape_interval }}"
prometheus_grafana_user: "grafana"
prometheus_haproxy_user: "haproxy"
prometheus_skyline_user: "skyline"
prometheus_scrape_interval: "60s"
prometheus_openstack_exporter_interval: "{{ prometheus_scrape_interval }}"

View File

@ -39,8 +39,7 @@ opensearch_services:
auth_user: "{{ opensearch_dashboards_user }}"
auth_pass: "{{ opensearch_dashboards_password }}"
backend_http_extra:
- "option httpchk"
- "http-check expect status 401"
- "option httpchk GET /api/status"
opensearch_dashboards_external:
enabled: "{{ enable_opensearch_dashboards_external | bool }}"
mode: "http"
@ -51,8 +50,7 @@ opensearch_services:
auth_user: "{{ opensearch_dashboards_user }}"
auth_pass: "{{ opensearch_dashboards_password }}"
backend_http_extra:
- "option httpchk"
- "http-check expect status 401"
- "option httpchk GET /api/status"
####################

View File

@ -15,7 +15,8 @@ prometheus_services:
port: "{{ prometheus_port }}"
active_passive: "{{ prometheus_active_passive | bool }}"
backend_http_extra:
- "option httpchk"
- "option httpchk GET /-/ready HTTP/1.0"
- "http-check send hdr Authorization 'Basic {{ (prometheus_haproxy_user + ':' + prometheus_haproxy_password) | b64encode }}'"
prometheus_server_external:
enabled: "{{ enable_prometheus_server_external | bool }}"
mode: "http"
@ -25,7 +26,8 @@ prometheus_services:
listen_port: "{{ prometheus_listen_port }}"
active_passive: "{{ prometheus_active_passive | bool }}"
backend_http_extra:
- "option httpchk"
- "option httpchk GET /-/ready HTTP/1.0"
- "http-check send hdr Authorization 'Basic {{ (prometheus_haproxy_user + ':' + prometheus_haproxy_password) | b64encode }}'"
prometheus-node-exporter:
container_name: prometheus_node_exporter
group: prometheus-node-exporter
@ -156,12 +158,14 @@ prometheus_basic_auth_users_default:
- username: "{{ prometheus_grafana_user }}"
password: "{{ prometheus_grafana_password }}"
enabled: "{{ enable_grafana }}"
- username: "{{ prometheus_haproxy_user }}"
password: "{{ prometheus_haproxy_password }}"
enabled: "{{ enable_haproxy | bool }}"
- username: "{{ prometheus_skyline_user }}"
password: "{{ prometheus_skyline_password }}"
enabled: "{{ enable_skyline }}"
prometheus_basic_auth_users_extra: []
####################
# Database
####################

View File

@ -228,6 +228,7 @@ prometheus_mysql_exporter_database_password:
prometheus_alertmanager_password:
prometheus_password:
prometheus_grafana_password:
prometheus_haproxy_password:
prometheus_skyline_password:
prometheus_bcrypt_salt:

View File

@ -3,3 +3,5 @@ features:
- |
Implement Layer 7 Healthchecks for HA Proxy.
This should fix traffic being sent to unhealthy servers in some scenarios.
Adds Prometheus ``haproxy`` user for handling authenticated l7
healthchecks.