Ceph Grafana should not be exposed by HAProxy as a public service

We need to set ceph_grafana_vip on a network which is routable and yet not the public network where the OpenStack APIs are exposed but the service is *not* public. Change-Id: I7d636c4513317162ec4b49aa12d88a959bf5c537
2019-11-14 18:02:20 +01:00 · 2019-11-14 18:02:20 +01:00 · 1fc65d1d1b
parent b66ee38e82
commit 1fc65d1d1b
1 changed files with 9 additions and 10 deletions
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@ -1019,16 +1019,15 @@ class tripleo::haproxy (

  if $ceph_grafana {
    ::tripleo::haproxy::endpoint { 'ceph_grafana':
-      public_virtual_ip => $controller_virtual_ip,
-      internal_ip       => hiera('ceph_grafana_vip', $controller_virtual_ip),
-      service_port      => $ports[ceph_grafana_port],
-      ip_addresses      => hiera('ceph_grafana_node_ips', $controller_hosts_real),
-      server_names      => hiera('ceph_grafana_node_names', $controller_hosts_names_real),
-      mode              => 'http',
-      public_ssl_port   => $ports[ceph_grafana_ssl_port],
-      listen_options    => merge($default_listen_options, { 'option' => [ 'httpchk HEAD /' ] }),
-      service_network   => $ceph_grafana_network,
-      member_options    => union($haproxy_member_options, $internal_tls_member_options),
+      internal_ip     => hiera('ceph_grafana_vip', $controller_virtual_ip),
+      service_port    => $ports[ceph_grafana_port],
+      ip_addresses    => hiera('ceph_grafana_node_ips', $controller_hosts_real),
+      server_names    => hiera('ceph_grafana_node_names', $controller_hosts_names_real),
+      mode            => 'http',
+      public_ssl_port => $ports[ceph_grafana_ssl_port],
+      listen_options  => merge($default_listen_options, { 'option' => [ 'httpchk HEAD /' ] }),
+      service_network => $ceph_grafana_network,
+      member_options  => union($haproxy_member_options, $internal_tls_member_options),
    }
  }