1694b142bc
Several new features have been added to openstack-ansible which require special handling on port 80/443, such as support for LetsEncrypt and security.txt. This causes a confusing situation when several different features are served by the 'horizon' haproxy frontend/backend when horizon itself may not necessarily be deployed. This patch splits the haproxy config for port 80/443 into a 'base' frontend which is always deployed and is responsible for handling requests for LetsEncrypt and security.txt with all other traffic being handled by a default 'horizon' backend. The 'horizon' backend is only deployed when the horizon service is enabled, i.e. when the horizon_all ansible group has members. Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/876157 Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/876436 Change-Id: I7bdf71faa761897cc2a0e01d1af1ccb4946f10f5
18 lines
906 B
YAML
18 lines
906 B
YAML
---
|
|
features:
|
|
- |
|
|
The configuration for serving port 80/443 in haproxy was previously
|
|
associated with the Horizon service, but additional features such as
|
|
handling certificate issuance with certbot and serving security.txt
|
|
also need configuration in the same haproxy frontend. The existing
|
|
variable ``haproxy_horizon_service`` now only describes the haproxy
|
|
backend for horizon, and a new variable ``haproxy_base_service``
|
|
configures the haproxy frontend for any services using port 80/443.
|
|
upgrades:
|
|
- |
|
|
Any existing overrides of ``haproxy_horizon_service`` should be
|
|
adjusted to account for this variable now only describing the haproxy
|
|
backend for horizon, and any overrides for LetsEncrypt, security.txt
|
|
or other customisation of the haproxy frontend for port 80/443
|
|
should be moved to ``haproxy_base_service`` or ``haproxy_base_service_overrides``.
|