From c788a732ab299cb7109a8dd9895d4a4dff60fcf9 Mon Sep 17 00:00:00 2001 From: Olivier Bourdon Date: Fri, 21 Apr 2017 15:34:11 +0200 Subject: [PATCH] Fix access to Zabbix frontend Change-Id: I88bb645dc9a59d4ecbc3af2d2fc56b6a0d105539 --- .../modules/plugin_zabbix/manifests/ha/haproxy.pp | 15 +++++++++++++++ .../modules/plugin_zabbix/manifests/params.pp | 5 ++--- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/deployment_scripts/puppet/modules/plugin_zabbix/manifests/ha/haproxy.pp b/deployment_scripts/puppet/modules/plugin_zabbix/manifests/ha/haproxy.pp index f86e849..18caf2c 100644 --- a/deployment_scripts/puppet/modules/plugin_zabbix/manifests/ha/haproxy.pp +++ b/deployment_scripts/puppet/modules/plugin_zabbix/manifests/ha/haproxy.pp @@ -24,6 +24,7 @@ class plugin_zabbix::ha::haproxy { $public_vip = hiera('public_vip') $ssl = hiera('public_ssl') $zabbix_vip = $plugin_zabbix::params::server_ip + $mgmt_vip = $plugin_zabbix::params::mgmt_vip $network_metadata = hiera_hash('network_metadata') $primary_controller_nodes = get_nodes_hash_by_roles($network_metadata, ['primary-controller']) $controllers = get_nodes_hash_by_roles($network_metadata, ['primary-controller', 'controller']) @@ -76,6 +77,13 @@ class plugin_zabbix::ha::haproxy { line => " bind ${zabbix_vip}:443 ssl crt /var/lib/astute/haproxy/public_haproxy.pem", notify => Exec['haproxy-restart'] } + -> + file_line { 'add binding to management VIP for horizon and zabbix via ssl': + path => '/etc/haproxy/conf.d/017-horizon-ssl.cfg', + after => 'listen horizon-ssl', + line => " bind ${mgmt_vip}:443 ssl crt /var/lib/astute/haproxy/public_haproxy.pem", + notify => Exec['haproxy-restart'] + } }else{ openstack::ha::haproxy_service { 'zabbix-ui': order => '211', @@ -113,6 +121,13 @@ class plugin_zabbix::ha::haproxy { line => " bind ${zabbix_vip}:443 ssl crt /var/lib/astute/haproxy/public_haproxy.pem", notify => Exec['haproxy-restart'], } + -> + file_line { 'add binding to management VIP for zabbix via ssl': + path => '/etc/haproxy/conf.d/212-zabbix-ui-ssl.cfg', + after => 'listen zabbix-ui-ssl', + line => " bind ${mgmt_vip}:443 ssl crt /var/lib/astute/haproxy/public_haproxy.pem", + notify => Exec['haproxy-restart'], + } } }else{ if $horizon_is_here { diff --git a/deployment_scripts/puppet/modules/plugin_zabbix/manifests/params.pp b/deployment_scripts/puppet/modules/plugin_zabbix/manifests/params.pp index 102303a..c87e22f 100644 --- a/deployment_scripts/puppet/modules/plugin_zabbix/manifests/params.pp +++ b/deployment_scripts/puppet/modules/plugin_zabbix/manifests/params.pp @@ -116,7 +116,6 @@ class plugin_zabbix::params { #server parameters $vip_name = 'zbx_vip_mgmt' $server_ip = $network_metadata['vips'][$vip_name]['ipaddr'] - $server_public_ip = $network_metadata['vips']['public']['ipaddr'] $mgmt_vip = $network_metadata['vips']['management']['ipaddr'] $server_config = "${zabbix_base_conf_dir}/zabbix_server.conf" $server_config_template = 'plugin_zabbix/zabbix_server.conf.erb' @@ -175,9 +174,9 @@ class plugin_zabbix::params { #api if $ssl[horizon] == true { - $api_url = "https://${server_public_ip}${frontend_base}/api_jsonrpc.php" + $api_url = "https://${mgmt_vip}${frontend_base}/api_jsonrpc.php" }else{ - $api_url = "http://${server_public_ip}${frontend_base}/api_jsonrpc.php" + $api_url = "http://${mgmt_vip}${frontend_base}/api_jsonrpc.php" } $api_hash = { endpoint => $api_url,