Use proxy protocol v2 to send client info to galera backend servers

This configures HAProxy to transmit client info to galera backend servers and also configures the HAProxy IP address as trusted sources in order for galera to accept this info. Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/854787 Change-Id: Ib445b3847aa4a48a9ebc6aafd97a73f41a1f68dd
2022-08-26 17:19:28 +02:00 · 2022-08-26 17:19:28 +02:00 · d3bb90e050
commit d3bb90e050
parent 1736491007
2 changed files with 12 additions and 0 deletions
--- a/inventory/group_vars/galera_all.yml
+++ b/inventory/group_vars/galera_all.yml
@ -38,6 +38,16 @@ galera_monitoring_allowed_source: >-
      | join(' ') ~ ' 127.0.0.1'
  }}

+# Accept PROXY protocol information from the load balancers
+# See https://mariadb.com/kb/en/proxy-protocol-support for details
+galera_server_proxy_protocol_networks: >-
+  {{
+    groups['haproxy']
+      | map('extract', hostvars, 'ansible_host')
+      | list
+      | join(',') ~ ', localhost, ::1'
+  }}
+
 # Galera sessions are long lived, so if we do endpoint maintenance we will
 # force kill the sessions to force a failover to the active endpoint.
 haproxy_shutdown_sessions: yes
--- a/inventory/group_vars/haproxy/haproxy.yml
+++ b/inventory/group_vars/haproxy/haproxy.yml
@ -168,6 +168,8 @@ haproxy_galera_service:
  haproxy_timeout_server: 5000s
  haproxy_backend_options:
    - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
+  haproxy_backend_server_options:
+    - "send-proxy-v2"
  haproxy_allowlist_networks: "{{ haproxy_galera_allowlist_networks }}"
  haproxy_service_enabled: "{{ groups['galera_all'] is defined and groups['galera_all'] | length > 0 }}"