Merge "Fix l7 haproxy check for opensearch-dashboards and prometheus-server"

2024-12-31 13:53:28 +00:00 · 2024-12-31 13:53:28 +00:00 · 59fc47999c
commit 59fc47999c
parent c5b2829492 4400e5fb92
5 changed files with 13 additions and 7 deletions
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@ -1325,6 +1325,7 @@ enable_prometheus_proxysql_exporter: "{{ enable_prometheus | bool and enable_pro
 prometheus_alertmanager_user: "admin"
 prometheus_ceph_exporter_interval: "{{ prometheus_scrape_interval }}"
 prometheus_grafana_user: "grafana"
 prometheus_haproxy_user: "haproxy"
 prometheus_skyline_user: "skyline"
 prometheus_scrape_interval: "60s"
 prometheus_openstack_exporter_interval: "{{ prometheus_scrape_interval }}"
--- a/ansible/roles/opensearch/defaults/main.yml
+++ b/ansible/roles/opensearch/defaults/main.yml
@ -39,8 +39,7 @@ opensearch_services:
        auth_user: "{{ opensearch_dashboards_user }}"
        auth_pass: "{{ opensearch_dashboards_password }}"
        backend_http_extra:
-          - "option httpchk"
+          - "option httpchk GET /api/status"
          - "http-check expect status 401"
      opensearch_dashboards_external:
        enabled: "{{ enable_opensearch_dashboards_external | bool }}"
        mode: "http"
@ -51,8 +50,7 @@ opensearch_services:
        auth_user: "{{ opensearch_dashboards_user }}"
        auth_pass: "{{ opensearch_dashboards_password }}"
        backend_http_extra:
-          - "option httpchk"
+          - "option httpchk  GET /api/status"
          - "http-check expect status 401"
 ####################
--- a/ansible/roles/prometheus/defaults/main.yml
+++ b/ansible/roles/prometheus/defaults/main.yml
@ -15,7 +15,8 @@ prometheus_services:
        port: "{{ prometheus_port }}"
        active_passive: "{{ prometheus_active_passive | bool }}"
        backend_http_extra:
-          - "option httpchk"
+          - "option httpchk GET /-/ready HTTP/1.0"
          - "http-check send hdr Authorization 'Basic {{ (prometheus_haproxy_user + ':' + prometheus_haproxy_password) | b64encode }}'"
      prometheus_server_external:
        enabled: "{{ enable_prometheus_server_external | bool }}"
        mode: "http"
@ -25,7 +26,8 @@ prometheus_services:
        listen_port: "{{ prometheus_listen_port }}"
        active_passive: "{{ prometheus_active_passive | bool }}"
        backend_http_extra:
-          - "option httpchk"
+          - "option httpchk GET /-/ready HTTP/1.0"
          - "http-check send hdr Authorization 'Basic {{ (prometheus_haproxy_user + ':' + prometheus_haproxy_password) | b64encode }}'"
  prometheus-node-exporter:
    container_name: prometheus_node_exporter
    group: prometheus-node-exporter
@ -156,12 +158,14 @@ prometheus_basic_auth_users_default:
  - username: "{{ prometheus_grafana_user }}"
    password: "{{ prometheus_grafana_password }}"
    enabled: "{{ enable_grafana }}"
  - username: "{{ prometheus_haproxy_user }}"
    password: "{{ prometheus_haproxy_password }}"
    enabled: "{{ enable_haproxy | bool }}"
  - username: "{{ prometheus_skyline_user }}"
    password: "{{ prometheus_skyline_password }}"
    enabled: "{{ enable_skyline }}"
 prometheus_basic_auth_users_extra: []
 ####################
 # Database
 ####################
--- a/etc/kolla/passwords.yml
+++ b/etc/kolla/passwords.yml
@ -228,6 +228,7 @@ prometheus_mysql_exporter_database_password:
 prometheus_alertmanager_password:
 prometheus_password:
 prometheus_grafana_password:
 prometheus_haproxy_password:
 prometheus_skyline_password:
 prometheus_bcrypt_salt:
--- a/releasenotes/notes/haproxy_healthchecks_to_l7-b05e8c7b177d1544.yaml
+++ b/releasenotes/notes/haproxy_healthchecks_to_l7-b05e8c7b177d1544.yaml
@ -3,3 +3,5 @@ features:
  - |
    Implement Layer 7 Healthchecks for HA Proxy.
    This should fix traffic being sent to unhealthy servers in some scenarios.
    Adds Prometheus ``haproxy`` user for handling authenticated l7
    healthchecks.