Amp driver support sni option to send the hostname to backend

If the Tls option of Pool is True, we default configure a sni option in the associated members configuration, which is "sni ssl_fc_sni". Story: 2003858 Task: 26684 Change-Id: Id61e0302dac3a5471b4fcb526b4edec50ec1a6fc
2018-11-01 14:24:31 +08:00 · 2018-11-01 14:24:31 +08:00 · acf6c36633
parent e0e9af3b51
commit acf6c36633
2 changed files with 6 additions and 4 deletions
--- a/octavia/common/jinja/haproxy/templates/macros.j2
+++ b/octavia/common/jinja/haproxy/templates/macros.j2
@ -212,8 +212,10 @@ frontend {{ listener.id }}
    {% endif %}
    {% if pool.tls_enabled %}
        {% set def_opt_prefix = " ssl" %}
+        {% set def_sni_opt = " sni ssl_fc_sni" %}
    {% else %}
        {% set def_opt_prefix = "" %}
+        {% set def_sni_opt = "" %}
    {% endif %}
    {% if pool.client_cert and pool.tls_enabled %}
        {% set def_crt_opt = " crt %s"|format(pool.client_cert) %}
@ -231,11 +233,11 @@ frontend {{ listener.id }}
    {% elif pool.tls_enabled %}
        {% set def_verify_opt = " verify none" %}
    {% endif %}
-    {{ "server %s %s:%d weight %s%s%s%s%s%s%s%s%s%s%s"|e|format(
+    {{ "server %s %s:%d weight %s%s%s%s%s%s%s%s%s%s%s%s"|e|format(
        member.id, member.address, member.protocol_port, member.weight,
        hm_opt, persistence_opt, proxy_protocol_opt, member_backup_opt,
        member_enabled_opt, def_opt_prefix, def_crt_opt, ca_opt, crl_opt,
-        def_verify_opt)|trim() }}
+        def_verify_opt, def_sni_opt)|trim() }}
 {% endmacro %}


--- a/octavia/tests/unit/common/jinja/haproxy/test_jinja_cfg.py
+++ b/octavia/tests/unit/common/jinja/haproxy/test_jinja_cfg.py
@ -768,7 +768,7 @@ class TestHaproxyCfg(base.TestCase):
              "check inter 30s fall 3 rise 2 cookie sample_member_id_2 "
              "{opts}\n\n").format(
            maxconn=constants.HAPROXY_MAX_MAXCONN,
-            opts="ssl crt %s verify none" % cert_file_path)
+            opts="ssl crt %s verify none sni ssl_fc_sni" % cert_file_path)
        rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
            sample_configs.sample_amphora_tuple(),
            sample_configs.sample_listener_tuple(
@ -807,7 +807,7 @@ class TestHaproxyCfg(base.TestCase):
                "ssl", "crt", pool_client_cert,
                "ca-file %s" % pool_ca_cert,
                "crl-file %s" % pool_crl,
-                "verify required"))
+                "verify required sni ssl_fc_sni"))
        rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
            sample_configs.sample_amphora_tuple(),
            sample_configs.sample_listener_tuple(