From c987557c0de34ceecef1411db0133d9d8d759bb0 Mon Sep 17 00:00:00 2001 From: Jonathan Rosser Date: Thu, 29 Jun 2023 14:53:04 +0100 Subject: [PATCH] Update haproxy healthcheck options Modern haproxy allows the http check options to be specified directly in the "http-check send" directive. This change will reduce log noise created by the original code mixing the user agent string into the HTTP version setting. See https://www.haproxy.com/documentation/hapee/latest/onepage/#4-http-check%20send Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/887592 Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/886517 Change-Id: I7fa08758fbbb0f08595a95811e8270ac3c065a97 --- .../adjutant_all/haproxy_service.yml | 4 ++-- .../group_vars/aodh_all/haproxy_service.yml | 4 ++-- .../barbican_all/haproxy_service.yml | 4 ++-- .../group_vars/blazar_all/haproxy_service.yml | 4 ++-- .../group_vars/cinder_all/haproxy_service.yml | 4 ++-- .../cloudkitty_all/haproxy_service.yml | 4 ++-- .../designate_all/haproxy_service.yml | 3 ++- inventory/group_vars/galera_all.yml | 4 ++-- .../group_vars/glance_all/haproxy_service.yml | 4 ++-- .../gnocchi_all/haproxy_services.yml | 4 ++-- .../group_vars/heat_all/haproxy_service.yml | 8 ++++---- .../horizon_all/haproxy_service.yml | 4 ++-- .../group_vars/ironic_all/haproxy_service.yml | 8 ++++---- .../keystone_all/haproxy_service.yml | 4 ++-- .../group_vars/magnum_all/haproxy_service.yml | 4 ++-- .../group_vars/manila_all/haproxy_service.yml | 4 ++-- .../masakari_all/haproxy_service.yml | 4 ++-- .../mistral_all/haproxy_service.yml | 4 ++-- .../group_vars/murano_all/haproxy_service.yml | 4 ++-- .../neutron_all/haproxy_service.yml | 4 ++-- .../group_vars/nova_all/haproxy_service.yml | 19 +++++++++---------- .../octavia_all/haproxy_service.yml | 4 ++-- .../placement_all/haproxy_service.yml | 4 ++-- inventory/group_vars/rabbitmq_all.yml | 4 ++-- inventory/group_vars/repo_all.yml | 5 ++--- .../group_vars/sahara_all/haproxy_service.yml | 4 ++-- .../group_vars/senlin_all/haproxy_service.yml | 4 ++-- .../group_vars/swift_all/haproxy_service.yml | 4 ++-- .../group_vars/tacker_all/haproxy_service.yml | 3 ++- .../group_vars/trove_all/haproxy_service.yml | 4 ++-- .../group_vars/zun_all/haproxy_service.yml | 8 ++++---- 31 files changed, 75 insertions(+), 75 deletions(-) diff --git a/inventory/group_vars/adjutant_all/haproxy_service.yml b/inventory/group_vars/adjutant_all/haproxy_service.yml index a384a64925..3c9fd8d241 100644 --- a/inventory/group_vars/adjutant_all/haproxy_service.yml +++ b/inventory/group_vars/adjutant_all/haproxy_service.yml @@ -21,8 +21,8 @@ haproxy_adjutant_api_service: haproxy_port: 5050 haproxy_balance_type: http haproxy_balance_alg: source - haproxy_backend_options: - - "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_backend_httpcheck_options: + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' haproxy_backend_ssl: "{{ adjutant_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ adjutant_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_accept_both_protocols: "{{ adjutant_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" diff --git a/inventory/group_vars/aodh_all/haproxy_service.yml b/inventory/group_vars/aodh_all/haproxy_service.yml index 1892f636a9..9cbc755500 100644 --- a/inventory/group_vars/aodh_all/haproxy_service.yml +++ b/inventory/group_vars/aodh_all/haproxy_service.yml @@ -20,8 +20,8 @@ haproxy_aodh_api_service: haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" haproxy_port: 8042 haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_backend_httpcheck_options: + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD' haproxy_backend_ssl: "{{ aodh_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ aodh_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_accept_both_protocols: "{{ aodh_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" diff --git a/inventory/group_vars/barbican_all/haproxy_service.yml b/inventory/group_vars/barbican_all/haproxy_service.yml index e9416161a0..f0b9275d16 100644 --- a/inventory/group_vars/barbican_all/haproxy_service.yml +++ b/inventory/group_vars/barbican_all/haproxy_service.yml @@ -20,8 +20,8 @@ haproxy_barbican_service: haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" haproxy_port: 9311 haproxy_balance_type: http - haproxy_backend_options: - - "httpchk GET /healthcheck HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_backend_httpcheck_options: + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' haproxy_backend_ssl: "{{ barbican_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ barbican_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_accept_both_protocols: "{{ barbican_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" diff --git a/inventory/group_vars/blazar_all/haproxy_service.yml b/inventory/group_vars/blazar_all/haproxy_service.yml index 605abda966..44a654262d 100644 --- a/inventory/group_vars/blazar_all/haproxy_service.yml +++ b/inventory/group_vars/blazar_all/haproxy_service.yml @@ -20,8 +20,8 @@ haproxy_blazar_api_service: haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" haproxy_port: 1234 haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_backend_httpcheck_options: + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD' haproxy_backend_httpcheck_options: - 'expect rstatus (200|401)' haproxy_backend_ssl: "{{ blazar_backend_ssl | default(openstack_service_backend_ssl) }}" diff --git a/inventory/group_vars/cinder_all/haproxy_service.yml b/inventory/group_vars/cinder_all/haproxy_service.yml index d9e6ea30a2..00ced16009 100644 --- a/inventory/group_vars/cinder_all/haproxy_service.yml +++ b/inventory/group_vars/cinder_all/haproxy_service.yml @@ -20,8 +20,8 @@ haproxy_cinder_api_service: haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" haproxy_port: 8776 haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD /healthcheck HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_backend_httpcheck_options: + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD' haproxy_backend_ssl: "{{ cinder_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ cinder_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_accept_both_protocols: "{{ cinder_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" diff --git a/inventory/group_vars/cloudkitty_all/haproxy_service.yml b/inventory/group_vars/cloudkitty_all/haproxy_service.yml index 83f9ca8411..fc11f0b9cf 100644 --- a/inventory/group_vars/cloudkitty_all/haproxy_service.yml +++ b/inventory/group_vars/cloudkitty_all/haproxy_service.yml @@ -21,8 +21,8 @@ haproxy_cloudkitty_api_service: haproxy_port: 8089 haproxy_balance_type: http haproxy_balance_alg: source - haproxy_backend_options: - - "httpchk GET /healthcheck HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_backend_httpcheck_options: + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' haproxy_backend_ssl: "{{ cloudkitty_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ cloudkitty_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_accept_both_protocols: "{{ cloudkitty_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" diff --git a/inventory/group_vars/designate_all/haproxy_service.yml b/inventory/group_vars/designate_all/haproxy_service.yml index 136e081cb4..13b2fc6feb 100644 --- a/inventory/group_vars/designate_all/haproxy_service.yml +++ b/inventory/group_vars/designate_all/haproxy_service.yml @@ -22,8 +22,9 @@ haproxy_designate_api_service: haproxy_balance_type: http haproxy_backend_options: - "forwardfor" - - "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" - "httplog" + haproxy_backend_httpcheck_options: + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' haproxy_backend_ssl: "{{ designate_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ designate_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_accept_both_protocols: "{{ designate_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" diff --git a/inventory/group_vars/galera_all.yml b/inventory/group_vars/galera_all.yml index 1349203313..77a8c4cb9b 100644 --- a/inventory/group_vars/galera_all.yml +++ b/inventory/group_vars/galera_all.yml @@ -65,8 +65,8 @@ haproxy_galera_service: haproxy_stick_table_enabled: False haproxy_timeout_client: 5000s haproxy_timeout_server: 5000s - haproxy_backend_options: - - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_backend_httpcheck_options: + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD' haproxy_backend_server_options: - "send-proxy-v2" haproxy_allowlist_networks: "{{ haproxy_galera_allowlist_networks }}" diff --git a/inventory/group_vars/glance_all/haproxy_service.yml b/inventory/group_vars/glance_all/haproxy_service.yml index 7fc8bc69e5..33d192138b 100644 --- a/inventory/group_vars/glance_all/haproxy_service.yml +++ b/inventory/group_vars/glance_all/haproxy_service.yml @@ -21,8 +21,8 @@ haproxy_glance_api_service: haproxy_port: 9292 haproxy_balance_type: http haproxy_balance_alg: source - haproxy_backend_options: - - "httpchk GET /healthcheck HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_backend_httpcheck_options: + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' haproxy_backend_ssl: "{{ (glance_use_uwsgi | default(True)) | ternary((glance_backend_ssl | default(openstack_service_backend_ssl)), False) }}" haproxy_backend_ca: "{{ glance_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_accept_both_protocols: "{{ glance_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" diff --git a/inventory/group_vars/gnocchi_all/haproxy_services.yml b/inventory/group_vars/gnocchi_all/haproxy_services.yml index 8cfde6f36d..38a8f61400 100644 --- a/inventory/group_vars/gnocchi_all/haproxy_services.yml +++ b/inventory/group_vars/gnocchi_all/haproxy_services.yml @@ -20,8 +20,8 @@ haproxy_gnocchi_service: haproxy_ssl: "{{ haproxy_ssl }}" haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" haproxy_balance_type: http - haproxy_backend_options: - - "httpchk GET /healthcheck HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_backend_httpcheck_options: + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' haproxy_backend_ssl: "{{ gnocchi_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ gnocchi_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_service_enabled: "{{ groups['gnocchi_all'] is defined and groups['gnocchi_all'] | length > 0 }}" diff --git a/inventory/group_vars/heat_all/haproxy_service.yml b/inventory/group_vars/heat_all/haproxy_service.yml index d37b82554a..957df73e4d 100644 --- a/inventory/group_vars/heat_all/haproxy_service.yml +++ b/inventory/group_vars/heat_all/haproxy_service.yml @@ -20,8 +20,8 @@ haproxy_heat_api_service: haproxy_ssl: "{{ haproxy_ssl }}" haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD /healthcheck HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_backend_httpcheck_options: + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD' haproxy_backend_ssl: "{{ heat_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ heat_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_accept_both_protocols: "{{ heat_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" @@ -34,8 +34,8 @@ haproxy_heat_api_cfn_service: haproxy_ssl: "{{ haproxy_ssl }}" haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD /healthcheck HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_backend_httpcheck_options: + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD' haproxy_backend_ssl: "{{ heat_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ heat_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_accept_both_protocols: "{{ heat_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" diff --git a/inventory/group_vars/horizon_all/haproxy_service.yml b/inventory/group_vars/horizon_all/haproxy_service.yml index aa1bfbb86b..18f55057d7 100644 --- a/inventory/group_vars/horizon_all/haproxy_service.yml +++ b/inventory/group_vars/horizon_all/haproxy_service.yml @@ -30,8 +30,8 @@ haproxy_horizon_service: haproxy_backend_port: "{{ (horizon_backend_ssl | default(openstack_service_backend_ssl)) | ternary(443, 80) }}" haproxy_balance_type: http haproxy_balance_alg: source - haproxy_backend_options: - - "httpchk HEAD /auth/login/ HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_backend_httpcheck_options: + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD' haproxy_service_enabled: "{{ groups['horizon_all'] is defined and groups['horizon_all'] | length > 0 }}" haproxy_backend_ssl: "{{ horizon_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ horizon_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" diff --git a/inventory/group_vars/ironic_all/haproxy_service.yml b/inventory/group_vars/ironic_all/haproxy_service.yml index cf503ff90b..47c00c4d4b 100644 --- a/inventory/group_vars/ironic_all/haproxy_service.yml +++ b/inventory/group_vars/ironic_all/haproxy_service.yml @@ -23,8 +23,8 @@ haproxy_ironic_api_service: haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" haproxy_port: 6385 haproxy_balance_type: http - haproxy_backend_options: - - "httpchk GET /healthcheck HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_backend_httpcheck_options: + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' haproxy_backend_arguments: - "http-request deny if { path_beg /v1/lookup } !{ src {{ haproxy_ironic_allowlist_networks | join(' } !{ src ') }} }" - "http-request deny if { path_beg /v1/heartbeat } !{ src {{ haproxy_ironic_allowlist_networks | join(' } !{ src ') }} }" @@ -40,8 +40,8 @@ haproxy_ironic_inspector_service: haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" haproxy_port: 5050 haproxy_balance_type: http - haproxy_backend_options: - - "httpchk GET /healthcheck HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_backend_httpcheck_options: + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' haproxy_backend_arguments: - "http-request deny if { path_beg /v1/continue } !{ src {{ haproxy_ironic_inspector_allowlist_networks | join(' } !{ src ') }} }" haproxy_backend_ssl: "{{ ironic_backend_ssl | default(openstack_service_backend_ssl) }}" diff --git a/inventory/group_vars/keystone_all/haproxy_service.yml b/inventory/group_vars/keystone_all/haproxy_service.yml index a10f7ce5aa..c887489235 100644 --- a/inventory/group_vars/keystone_all/haproxy_service.yml +++ b/inventory/group_vars/keystone_all/haproxy_service.yml @@ -20,8 +20,8 @@ haproxy_keystone_service: haproxy_ssl: "{{ haproxy_ssl }}" haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" haproxy_balance_type: "http" - haproxy_backend_options: - - "httpchk HEAD /healthcheck HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_backend_httpcheck_options: + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD' haproxy_backend_ssl: "{{ keystone_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ keystone_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_accept_both_protocols: "{{ keystone_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" diff --git a/inventory/group_vars/magnum_all/haproxy_service.yml b/inventory/group_vars/magnum_all/haproxy_service.yml index 6ccb9027b1..f80d4d0a00 100644 --- a/inventory/group_vars/magnum_all/haproxy_service.yml +++ b/inventory/group_vars/magnum_all/haproxy_service.yml @@ -20,8 +20,8 @@ haproxy_magnum_service: haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" haproxy_port: 9511 haproxy_balance_type: http - haproxy_backend_options: - - "httpchk GET /healthcheck HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_backend_httpcheck_options: + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' haproxy_backend_ssl: "{{ magnum_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ magnum_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_accept_both_protocols: "{{ magnum_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" diff --git a/inventory/group_vars/manila_all/haproxy_service.yml b/inventory/group_vars/manila_all/haproxy_service.yml index 0ff1942526..b30ce3a8b6 100644 --- a/inventory/group_vars/manila_all/haproxy_service.yml +++ b/inventory/group_vars/manila_all/haproxy_service.yml @@ -20,8 +20,8 @@ haproxy_manila_service: haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" haproxy_port: 8786 haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD /healthcheck HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_backend_httpcheck_options: + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD' haproxy_backend_ssl: "{{ manila_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ manila_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_accept_both_protocols: "{{ manila_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" diff --git a/inventory/group_vars/masakari_all/haproxy_service.yml b/inventory/group_vars/masakari_all/haproxy_service.yml index 66738357ee..b67b02065c 100644 --- a/inventory/group_vars/masakari_all/haproxy_service.yml +++ b/inventory/group_vars/masakari_all/haproxy_service.yml @@ -20,8 +20,8 @@ haproxy_masakari_api_service: haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" haproxy_port: 15868 haproxy_balance_type: http - haproxy_backend_options: - - "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_backend_httpcheck_options: + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' haproxy_backend_ssl: "{{ masakari_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ masakari_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_accept_both_protocols: "{{ masakari_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" diff --git a/inventory/group_vars/mistral_all/haproxy_service.yml b/inventory/group_vars/mistral_all/haproxy_service.yml index 6a59f14695..c5bcfe5073 100644 --- a/inventory/group_vars/mistral_all/haproxy_service.yml +++ b/inventory/group_vars/mistral_all/haproxy_service.yml @@ -20,8 +20,8 @@ haproxy_mistral_service: haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" haproxy_port: 8989 haproxy_balance_type: http - haproxy_backend_options: - - "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_backend_httpcheck_options: + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' haproxy_backend_ssl: "{{ mistral_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ mistral_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_accept_both_protocols: "{{ mistral_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" diff --git a/inventory/group_vars/murano_all/haproxy_service.yml b/inventory/group_vars/murano_all/haproxy_service.yml index f5b2545062..293a12d82b 100644 --- a/inventory/group_vars/murano_all/haproxy_service.yml +++ b/inventory/group_vars/murano_all/haproxy_service.yml @@ -20,8 +20,8 @@ haproxy_murano_service: haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" haproxy_port: 8082 haproxy_balance_type: http - haproxy_backend_options: - - "httpchk GET /v1 HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_backend_httpcheck_options: + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' haproxy_backend_httpcheck_options: - "expect status 401" haproxy_backend_ssl: "{{ murano_backend_ssl | default(openstack_service_backend_ssl) }}" diff --git a/inventory/group_vars/neutron_all/haproxy_service.yml b/inventory/group_vars/neutron_all/haproxy_service.yml index 7dc094eaae..47131d3885 100644 --- a/inventory/group_vars/neutron_all/haproxy_service.yml +++ b/inventory/group_vars/neutron_all/haproxy_service.yml @@ -22,8 +22,8 @@ haproxy_neutron_server_service: haproxy_ssl: "{{ haproxy_ssl }}" haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" haproxy_balance_type: http - haproxy_backend_options: - - "httpchk GET /healthcheck HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_backend_httpcheck_options: + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' haproxy_backend_ssl: "{{ neutron_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ neutron_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_accept_both_protocols: "{{ neutron_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" diff --git a/inventory/group_vars/nova_all/haproxy_service.yml b/inventory/group_vars/nova_all/haproxy_service.yml index 339dab2831..c705b42df7 100644 --- a/inventory/group_vars/nova_all/haproxy_service.yml +++ b/inventory/group_vars/nova_all/haproxy_service.yml @@ -21,6 +21,8 @@ haproxy_nova_console_http_mode: "{{ not (nova_console_user_ssl_cert is defined haproxy_nova_metadata_allowlist_networks: "{{ haproxy_allowlist_networks }}" +haproxy_nova_healthcheck_hdr: 'hdr User-Agent "osa-proxy-healthcheck"' + haproxy_nova_api_metadata_service: haproxy_service_name: nova_api_metadata haproxy_backend_nodes: "{{ groups['nova_api_metadata'] | default([]) }}" @@ -28,8 +30,8 @@ haproxy_nova_api_metadata_service: haproxy_port: 8775 haproxy_ssl: "{{ haproxy_ssl_all_vips }}" haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_backend_httpcheck_options: + - "{{ 'send ' ~ haproxy_nova_healthcheck_hdr ~ ' meth HEAD' }}" haproxy_allowlist_networks: "{{ haproxy_nova_metadata_allowlist_networks }}" haproxy_backend_ssl: "{{ nova_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ nova_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" @@ -43,8 +45,8 @@ haproxy_nova_api_compute_service: haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" haproxy_port: 8774 haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_backend_httpcheck_options: + - "{{ 'send ' ~ haproxy_nova_healthcheck_hdr ~ ' meth HEAD' }}" haproxy_backend_ssl: "{{ nova_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ nova_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_accept_both_protocols: "{{ nova_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" @@ -60,8 +62,7 @@ haproxy_nova_spice_console_service: haproxy_timeout_client: 60m haproxy_timeout_server: 60m haproxy_balance_alg: source - haproxy_backend_options: "{{ haproxy_nova_console_http_mode | ternary(['httpchk HEAD /spice_auto.html HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck'], []) }}" - haproxy_backend_httpcheck_options: "{{ haproxy_nova_console_http_mode | ternary(['expect status 200'], []) }}" + haproxy_backend_httpcheck_options: "{{ haproxy_nova_console_http_mode | ternary(['expect status 200', 'send ' ~ haproxy_nova_healthcheck_hdr ~ 'meth HEAD uri /spice_auto.html'], []) }}" haproxy_backend_ssl: "{{ nova_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ nova_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_accept_both_protocols: "{{ nova_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" @@ -77,8 +78,7 @@ haproxy_nova_serial_console_service: haproxy_timeout_client: 60m haproxy_timeout_server: 60m haproxy_balance_alg: source - haproxy_backend_options: "{{ haproxy_nova_console_http_mode | ternary(['httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck'], []) }}" - haproxy_backend_httpcheck_options: "{{ haproxy_nova_console_http_mode | ternary(['expect status 405'], []) }}" + haproxy_backend_httpcheck_options: "{{ haproxy_nova_console_http_mode | ternary(['expect status 405', 'send ' ~ haproxy_nova_healthcheck_hdr ~ ' meth HEAD'], []) }}" haproxy_backend_ssl: "{{ nova_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ nova_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_accept_both_protocols: "{{ nova_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" @@ -95,8 +95,7 @@ haproxy_nova_novnc_console_service: haproxy_timeout_client: 60m haproxy_timeout_server: 60m haproxy_balance_alg: source - haproxy_backend_options: "{{ haproxy_nova_console_http_mode | ternary(['httpchk HEAD /vnc.html HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck'], []) }}" - haproxy_backend_httpcheck_options: "{{ haproxy_nova_console_http_mode | ternary(['expect status 200'], []) }}" + haproxy_backend_httpcheck_options: "{{ haproxy_nova_console_http_mode | ternary(['expect status 200', 'send ' ~ haproxy_nova_healthcheck_hdr ~ ' meth HEAD uri /vnc.html'], []) }}" haproxy_backend_ssl: "{{ nova_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ nova_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_accept_both_protocols: "{{ nova_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" diff --git a/inventory/group_vars/octavia_all/haproxy_service.yml b/inventory/group_vars/octavia_all/haproxy_service.yml index 15da69063a..ce8a534c9d 100644 --- a/inventory/group_vars/octavia_all/haproxy_service.yml +++ b/inventory/group_vars/octavia_all/haproxy_service.yml @@ -20,8 +20,8 @@ haproxy_octavia_service: haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" haproxy_port: 9876 haproxy_balance_type: http - haproxy_backend_options: - - "httpchk GET /healthcheck HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_backend_httpcheck_options: + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' haproxy_backend_ssl: "{{ octavia_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ octavia_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_accept_both_protocols: "{{ octavia_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" diff --git a/inventory/group_vars/placement_all/haproxy_service.yml b/inventory/group_vars/placement_all/haproxy_service.yml index 2c344816a4..4bee478af6 100644 --- a/inventory/group_vars/placement_all/haproxy_service.yml +++ b/inventory/group_vars/placement_all/haproxy_service.yml @@ -20,8 +20,8 @@ haproxy_placement_service: haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" haproxy_port: 8780 haproxy_balance_type: http - haproxy_backend_options: - - "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_backend_httpcheck_options: + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' haproxy_backend_ssl: "{{ placement_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ placement_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_accept_both_protocols: "{{ placement_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" diff --git a/inventory/group_vars/rabbitmq_all.yml b/inventory/group_vars/rabbitmq_all.yml index 5611c3ca8b..76fefc6804 100644 --- a/inventory/group_vars/rabbitmq_all.yml +++ b/inventory/group_vars/rabbitmq_all.yml @@ -44,8 +44,8 @@ haproxy_rabbitmq_service: haproxy_bind: "{{ [haproxy_bind_internal_lb_vip_address | default(internal_lb_vip_address)] }}" haproxy_port: "{{ (rabbitmq_management_ssl | bool) | ternary(15671, 15672) }}" haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_backend_httpcheck_options: + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD' haproxy_allowlist_networks: "{{ haproxy_rabbitmq_management_allowlist_networks }}" haproxy_service_enabled: "{{ groups['rabbitmq'] is defined and groups['rabbitmq'] | length > 0 }}" diff --git a/inventory/group_vars/repo_all.yml b/inventory/group_vars/repo_all.yml index cb2c34c037..35a9ff23c8 100644 --- a/inventory/group_vars/repo_all.yml +++ b/inventory/group_vars/repo_all.yml @@ -38,10 +38,9 @@ haproxy_repo_service: haproxy_port: 8181 haproxy_ssl: "{{ haproxy_ssl_all_vips }}" haproxy_balance_type: http - haproxy_backend_options: - - "httpchk GET /constraints/upper_constraints_cached.txt HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" haproxy_backend_httpcheck_options: - - "expect status 200" + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD uri /constraints/upper_constraints_cached.txt' + - expect status 200 haproxy_backend_ssl: "{{ repo_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ repo_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_service_enabled: "{{ groups['repo_all'] is defined and groups['repo_all'] | length > 0 }}" diff --git a/inventory/group_vars/sahara_all/haproxy_service.yml b/inventory/group_vars/sahara_all/haproxy_service.yml index 935776c081..b59a873b34 100644 --- a/inventory/group_vars/sahara_all/haproxy_service.yml +++ b/inventory/group_vars/sahara_all/haproxy_service.yml @@ -21,8 +21,8 @@ haproxy_sahara_api_service: haproxy_balance_alg: source haproxy_port: 8386 haproxy_balance_type: http - haproxy_backend_options: - - "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_backend_httpcheck_options: + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' haproxy_backend_ssl: "{{ sahara_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ sahara_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_accept_both_protocols: "{{ sahara_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" diff --git a/inventory/group_vars/senlin_all/haproxy_service.yml b/inventory/group_vars/senlin_all/haproxy_service.yml index d79a221abb..f1015db8e5 100644 --- a/inventory/group_vars/senlin_all/haproxy_service.yml +++ b/inventory/group_vars/senlin_all/haproxy_service.yml @@ -20,8 +20,8 @@ haproxy_senlin_api_service: haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" haproxy_port: 8778 haproxy_balance_type: http - haproxy_backend_options: - - "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_backend_httpcheck_options: + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' haproxy_backend_ssl: "{{ senlin_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ senlin_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_accept_both_protocols: "{{ senlin_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" diff --git a/inventory/group_vars/swift_all/haproxy_service.yml b/inventory/group_vars/swift_all/haproxy_service.yml index 18c93d792b..f7581b7451 100644 --- a/inventory/group_vars/swift_all/haproxy_service.yml +++ b/inventory/group_vars/swift_all/haproxy_service.yml @@ -21,8 +21,8 @@ haproxy_swift_proxy_service: haproxy_balance_alg: source haproxy_port: 8080 haproxy_balance_type: http - haproxy_backend_options: - - "httpchk GET /healthcheck HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_backend_httpcheck_options: + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' # `openstack_service_backend_ssl` is not taken into account # because TLS in swift-proxy is only for testing purposes: # https://opendev.org/openstack/swift/src/commit/c78a5962b5f6c9e75f154cac924a226815236e98/etc/proxy-server.conf-sample diff --git a/inventory/group_vars/tacker_all/haproxy_service.yml b/inventory/group_vars/tacker_all/haproxy_service.yml index 1991de6270..8ce9137d3a 100644 --- a/inventory/group_vars/tacker_all/haproxy_service.yml +++ b/inventory/group_vars/tacker_all/haproxy_service.yml @@ -22,8 +22,9 @@ haproxy_tacker_service: haproxy_balance_type: http haproxy_backend_options: - "forwardfor" - - "httpchk GET / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" - "httplog" + haproxy_backend_httpcheck_options: + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' haproxy_backend_ssl: "{{ tacker_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ tacker_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_accept_both_protocols: "{{ tacker_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" diff --git a/inventory/group_vars/trove_all/haproxy_service.yml b/inventory/group_vars/trove_all/haproxy_service.yml index 5e9decc8e7..cc7eec4ed6 100644 --- a/inventory/group_vars/trove_all/haproxy_service.yml +++ b/inventory/group_vars/trove_all/haproxy_service.yml @@ -20,8 +20,8 @@ haproxy_trove_service: haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" haproxy_port: 8779 haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_backend_httpcheck_options: + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD' haproxy_backend_ssl: "{{ trove_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ trove_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_accept_both_protocols: "{{ trove_accept_both_protocols | default(openstack_service_accept_both_protocols) }}" diff --git a/inventory/group_vars/zun_all/haproxy_service.yml b/inventory/group_vars/zun_all/haproxy_service.yml index 14e378c107..b8f8fbf526 100644 --- a/inventory/group_vars/zun_all/haproxy_service.yml +++ b/inventory/group_vars/zun_all/haproxy_service.yml @@ -20,8 +20,8 @@ haproxy_zun_api_service: haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}" haproxy_port: 9517 haproxy_balance_type: http - haproxy_backend_options: - - "httpchk GET /healthcheck HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_backend_httpcheck_options: + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET' haproxy_backend_ssl: "{{ zun_backend_ssl | default(openstack_service_backend_ssl) }}" haproxy_backend_ca: "{{ zun_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}" haproxy_service_enabled: "{{ groups['zun_api'] is defined and groups['zun_api'] | length > 0 }}" @@ -36,10 +36,10 @@ haproxy_zun_console_service: haproxy_timeout_client: 60m haproxy_timeout_server: 60m haproxy_balance_alg: source - haproxy_backend_options: - - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" haproxy_backend_httpcheck_options: - "expect status 405" + - 'send hdr User-Agent "osa-haproxy-healthcheck" meth HEAD' + # haproxy_backend_ssl disabled due to: https://bugs.launchpad.net/zun/+bug/2016917 haproxy_backend_ssl: False haproxy_backend_ca: "{{ zun_haproxy_backend_ca | default(openstack_haproxy_backend_ca) }}"