From d3bb90e0506b1812f06766fec874f93f80d4346e Mon Sep 17 00:00:00 2001 From: Christian Rohmann Date: Fri, 26 Aug 2022 17:19:28 +0200 Subject: [PATCH] Use proxy protocol v2 to send client info to galera backend servers This configures HAProxy to transmit client info to galera backend servers and also configures the HAProxy IP address as trusted sources in order for galera to accept this info. Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/854787 Change-Id: Ib445b3847aa4a48a9ebc6aafd97a73f41a1f68dd --- inventory/group_vars/galera_all.yml | 10 ++++++++++ inventory/group_vars/haproxy/haproxy.yml | 2 ++ 2 files changed, 12 insertions(+) diff --git a/inventory/group_vars/galera_all.yml b/inventory/group_vars/galera_all.yml index d944a821f1..394bb9f730 100644 --- a/inventory/group_vars/galera_all.yml +++ b/inventory/group_vars/galera_all.yml @@ -38,6 +38,16 @@ galera_monitoring_allowed_source: >- | join(' ') ~ ' 127.0.0.1' }} +# Accept PROXY protocol information from the load balancers +# See https://mariadb.com/kb/en/proxy-protocol-support for details +galera_server_proxy_protocol_networks: >- + {{ + groups['haproxy'] + | map('extract', hostvars, 'ansible_host') + | list + | join(',') ~ ', localhost, ::1' + }} + # Galera sessions are long lived, so if we do endpoint maintenance we will # force kill the sessions to force a failover to the active endpoint. haproxy_shutdown_sessions: yes diff --git a/inventory/group_vars/haproxy/haproxy.yml b/inventory/group_vars/haproxy/haproxy.yml index e658fe109c..d1001a4fd8 100644 --- a/inventory/group_vars/haproxy/haproxy.yml +++ b/inventory/group_vars/haproxy/haproxy.yml @@ -168,6 +168,8 @@ haproxy_galera_service: haproxy_timeout_server: 5000s haproxy_backend_options: - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" + haproxy_backend_server_options: + - "send-proxy-v2" haproxy_allowlist_networks: "{{ haproxy_galera_allowlist_networks }}" haproxy_service_enabled: "{{ groups['galera_all'] is defined and groups['galera_all'] | length > 0 }}"