Fix deployment errors when security options disabled
Closes-Bug: #1693208 Change-Id: I3f8a3f9b02e9ce0854c6992ae94a101be372de97
This commit is contained in:
parent
6fa6a8f811
commit
6e27b4b0f6
|
@ -70,21 +70,38 @@ class plugin_zabbix::ha::haproxy {
|
|||
|
||||
if $use_ssl {
|
||||
if $horizon_is_here {
|
||||
# Update Horizon configuration to be able to use HTTPS port
|
||||
file_line { 'add binding to Zabbix VIP for horizon and zabbix via ssl':
|
||||
path => '/etc/haproxy/conf.d/017-horizon-ssl.cfg',
|
||||
after => 'listen horizon-ssl',
|
||||
line => " bind ${zabbix_vip}:443 ssl crt /var/lib/astute/haproxy/public_haproxy.pem",
|
||||
notify => Exec['haproxy-restart']
|
||||
if $ssl[horizon] {
|
||||
# Update Horizon configuration to be able to use HTTPS port
|
||||
file_line { 'add binding to Zabbix VIP for horizon and zabbix via ssl':
|
||||
path => '/etc/haproxy/conf.d/017-horizon-ssl.cfg',
|
||||
after => 'listen horizon-ssl',
|
||||
line => " bind ${zabbix_vip}:443 ssl crt /var/lib/astute/haproxy/public_haproxy.pem",
|
||||
notify => Exec['haproxy-restart']
|
||||
}
|
||||
->
|
||||
file_line { 'add binding to management VIP for horizon and zabbix via ssl':
|
||||
path => '/etc/haproxy/conf.d/017-horizon-ssl.cfg',
|
||||
after => 'listen horizon-ssl',
|
||||
line => " bind ${mgmt_vip}:443 ssl crt /var/lib/astute/haproxy/public_haproxy.pem",
|
||||
notify => Exec['haproxy-restart']
|
||||
}
|
||||
} else {
|
||||
# Update Horizon configuration to be able to use HTTP port
|
||||
file_line { 'add binding to Zabbix VIP for horizon and zabbix':
|
||||
path => '/etc/haproxy/conf.d/015-horizon.cfg',
|
||||
after => 'listen horizon',
|
||||
line => " bind ${zabbix_vip}:80",
|
||||
notify => Exec['haproxy-restart']
|
||||
}
|
||||
->
|
||||
file_line { 'add binding to management VIP for horizon and zabbix':
|
||||
path => '/etc/haproxy/conf.d/015-horizon.cfg',
|
||||
after => 'listen horizon',
|
||||
line => " bind ${mgmt_vip}:80",
|
||||
notify => Exec['haproxy-restart']
|
||||
}
|
||||
}
|
||||
->
|
||||
file_line { 'add binding to management VIP for horizon and zabbix via ssl':
|
||||
path => '/etc/haproxy/conf.d/017-horizon-ssl.cfg',
|
||||
after => 'listen horizon-ssl',
|
||||
line => " bind ${mgmt_vip}:443 ssl crt /var/lib/astute/haproxy/public_haproxy.pem",
|
||||
notify => Exec['haproxy-restart']
|
||||
}
|
||||
}else{
|
||||
} else {
|
||||
openstack::ha::haproxy_service { 'zabbix-ui':
|
||||
order => '211',
|
||||
listen_port => 80,
|
||||
|
@ -94,7 +111,6 @@ class plugin_zabbix::ha::haproxy {
|
|||
'redirect' => 'scheme https if !{ ssl_fc }'
|
||||
},
|
||||
}
|
||||
|
||||
openstack::ha::haproxy_service { 'zabbix-ui-ssl':
|
||||
order => '212',
|
||||
listen_port => 443,
|
||||
|
@ -130,7 +146,7 @@ class plugin_zabbix::ha::haproxy {
|
|||
notify => Exec['haproxy-restart'],
|
||||
}
|
||||
}
|
||||
}else{
|
||||
} else {
|
||||
if $horizon_is_here {
|
||||
# Update Horizon configuration to be able to use HTTP port
|
||||
file_line { 'add binding to Zabbix VIP for horizon and zabbix':
|
||||
|
@ -139,7 +155,7 @@ class plugin_zabbix::ha::haproxy {
|
|||
line => " bind ${zabbix_vip}:80",
|
||||
notify => Exec['haproxy-restart']
|
||||
}
|
||||
}else{
|
||||
} else {
|
||||
openstack::ha::haproxy_service { 'zabbix-ui':
|
||||
order => '211',
|
||||
listen_port => 80,
|
||||
|
|
|
@ -125,6 +125,7 @@ class plugin_zabbix::params {
|
|||
#server parameters
|
||||
$vip_name = 'zbx_vip_mgmt'
|
||||
$server_ip = $network_metadata['vips'][$vip_name]['ipaddr']
|
||||
$server_public_ip = $network_metadata['vips']['public']['ipaddr']
|
||||
$mgmt_vip = $network_metadata['vips']['management']['ipaddr']
|
||||
$server_config = "${zabbix_base_conf_dir}/zabbix_server.conf"
|
||||
$server_config_template = 'plugin_zabbix/zabbix_server.conf.erb'
|
||||
|
@ -184,9 +185,13 @@ class plugin_zabbix::params {
|
|||
#api
|
||||
$use_ssl = $ssl[horizon] or $ssl[services]
|
||||
if $use_ssl {
|
||||
$api_url = "https://${mgmt_vip}${frontend_base}/api_jsonrpc.php"
|
||||
}else{
|
||||
$api_url = "http://${mgmt_vip}${frontend_base}/api_jsonrpc.php"
|
||||
if $ssl[horizon] {
|
||||
$api_url = "https://${server_public_ip}${frontend_base}/api_jsonrpc.php"
|
||||
} else {
|
||||
$api_url = "http://${server_public_ip}${frontend_base}/api_jsonrpc.php"
|
||||
}
|
||||
} else {
|
||||
$api_url = "http://${server_public_ip}${frontend_base}/api_jsonrpc.php"
|
||||
}
|
||||
|
||||
$api_hash = { endpoint => $api_url,
|
||||
|
|
|
@ -15,9 +15,15 @@
|
|||
- id: zbx-primary-services
|
||||
type: puppet
|
||||
version: 2.0.0
|
||||
requires: [post_deployment_start, zbx-configure-apt]
|
||||
requires: [post_deployment_start, zbx-configure-apt, cluster-haproxy]
|
||||
required_for: [post_deployment_end]
|
||||
role: [primary-controller]
|
||||
# The primary crontroller configuration shouldn't start before haproxy is finished
|
||||
# hence the cross-depends parameter that is required when running in
|
||||
# a task-based deployment mode.
|
||||
cross-depends:
|
||||
- name: cluster-haproxy
|
||||
role: [primary-controller]
|
||||
parameters:
|
||||
puppet_manifest: puppet/manifests/primary_controller.pp
|
||||
puppet_modules: puppet/modules:/etc/puppet/modules
|
||||
|
|
Loading…
Reference in New Issue